Cisco Networking Academy TCS - Mountain Sky School Project

  

Requirements

Wiring
map

MDF/IDF
details

VLANs

IP
addressing

Cable
runs

Router
config.

Security
(ACLs)

Equipment
list
 Access Control Lists configuration for Mountain Sky Router
 

MOUNTAIN SKY ACCESS CONTROL LISTS CONFIGURATION

  - Access Control Lists are used to allow administrators to provide additional security for their networks. Access lists are used to filter traffic based upon ip address, ranges of ip addresses, and tcp and udp port numbers.
  - For the Mountain Sky IP addressing scheme the Access Control Lists would look like the following:

Access list on Router's Ethernet 0 for VLAN1 (enterprise and administrative servers)

#permit access from VLAN2 (teachers, administration and staff network) to VLAN1
MtnSky(config)#access-list 101 permit ip 10.64.0.0.0.0.255.255 any

#permit access from VLAN3 (curriculum computers network) to VLAN1 -
#E-mail/DNS server on port 25 (SMTP)
MtnSky(config)#access-list 101 permit tcp 192.168.0.0.0.0.255.255 host 10.32.0.1 eq 25

#permit access from VLAN 3 to VLAN1 - E-mail/DNS server on tcp port 53(DNS)
MtnSky(config)#access-list 101 permit tcp 192.168.0.0.0.0.255.255 host 10.32.0.1 53

#permit access from VLAN 3 to VLAN1 - E-mail/DNS server on udp port 53(DNS)
MtnSky(config)#access-list 101 permit udp 192.168.0.0.0.0.255.255 host 10.32.0.1 53

#permit access from VLAN 3 to VLAN1 - E-mail/DNS server on tcp port 110(POP3)
MtnSky(config)#access-list 101 permit tcp 192.168.0.0.0.0.255.255 host 10.32.0.1 110

#permit access from VLAN3 to VLAN1 - Application server on any port
MtnSky(config)#access-list 101 permit ip 192.168.0.0.0.0.255.255 host 10.32.0.2

#deny any other traffic (this rule is implicit though but it's OK to insert it)
MtnSky(config)#access-list 101 deny ip any any

To apply this ACL to interface Ethernet 0 (on VLAN1):
MtnSky(config)#interface Ethernet0
MtnSky(config-if)#ip access-group 101 in

 

Access list on Router's interface Ethernet1 for VLAN2 (teachers, administration and staff computers network)

#permit access from VLAN1 to VLAN2
MtnSky(config)#access-list 102 permit ip 10.32.0.0.0.0.255.255 any

#deny any other traffic (this rule is implicit though but it's OK to insert it)
MtnSky(config)#access-list 102 deny ip any any

To apply this ACL to interface Ethernet1 (on VLAN2):
MtnSky(config)#interface Ethernet1
MtnSky(config-if)#ip access-group 102 in

 

Access list on Router's interface Ethernet 2 for VLAN3 - VLAN48 (curriculum network computers)

#deny acces from VLAN3 to VLAN2
MtnSky(config)#access-list 103 deny ip 192.168.0.0.0.0.255.255 10.64.0.0.0.0.255.255

#permit access from VLAN1 to VLAN3
MtnSky(config)#access-list 103 permit ip 10.32.0.0.0.0.255.255 any

#permit access from VLAN2 to VLAN3
MtnSky(config)#access-list 103 permit ip 10.64.0.0.0.0.255.255 any

#deny any other traffic (this rule is implicit though but it's OK to insert it)
MtnSky(config)#access-list 103 deny ip any any

To apply this ACL to interface Ethernet2 (on VLAN3):
MtnSky(config)#interface Ethernet2
MtnSky(config-if)#ip access-group 103 out

  - All the above explained access control lists should be implemented only after MountainSky Router has been configured (like we explained in other section)

  

| Main Page | Requirements | Wiring map | MDF/IDF details |
| VLANs | IP addressing scheme | Cutsheets | Router config |
| Security configuration | Details about the equipment used |
| Cisco TCS Mountain Sky Project - Semester 4 Configuration |