Friday, April 8, 2016

CCNAv2 Completed Packet Tracer 9.3.2.11

Greetings, and welcome to Seeseenayy.
Below you will find our ACL download for Packet Tracer 9.3.2.11

Packet Tracer Details: This packet tracer asks us to essentially create extended ACLs so that the devices on the LAN are allowed to remotely access (tunnel/ssh) the devices from the other attached LAN. In the PT is details that all traffic from each other network is denied except for ICMP, so we must correct this by allowing more packets using Extended ACLs. This PT is easy, much like the other ones, but instead of hand-feeding us the commands, we have to figure it out manually, which is more or less checking IP Addresses and subtracting (for wildcard addresses). Overall, quick and easy. 



Download(s)


Alternatively, you may use the commands from the following tutorial.
Straight-forward configuration of access lists, extended (Permits or denies packets based on source and destination IP address and also based on IP protocol information. Extended ACL IDs are a number from 100 – 199 (or 2000 - 2699) or a string). 

This packet tracer makes us have two ACLs. The first is an extended access-list with an ID/Name of '199', which permits all TCP packets followed by address arguments (and 'telnet' at the end), as well as a ping (icmp) allow for any and all networks either in or out. 

Then it is applied to the interface, configuring the ACL to be outbound. 

RTA Configuration
RTA>en
RTA#conf t
RTA(config)#access-list 199 permit tcp 10.101.117.32 0.0.0.15 10.101.117.0 0.0.0.31 eq telnet
RTA(config)#access-list 199 permit icmp any any
RTA(config)#int g0/2
RTA(config-if)#ip access-group 199 out

A tutorial online uses "100" instead of "199"; this is wrong-- you cannot use values that do not match the range of an extended ACL for an Extended ACL-- even though 100 is apart of the ACL Extended range, it is incorrect in this Packet Tracer.
Note: You have to use 'eq telnet' on your access list command argument, as 'eq telnet' allows any traffic with a destination TCP port which is equal to protocol-port you specified. 


PDF Tutorial
This is for the questions within the provided PDF File. 

The first questions Step 1 7 ("What is the ACL statement") and Step 1 B ("ICMP is allowed and a second ACL statement is needed...") are simple, they are the commands we used earlier, which if you look now, are marked in blue (blue for Step 1 7; Magenta for Step 1 B).
These are easy to respond to, but if you need the answers:
Step 1 Q7:  access-list 199 permit tcp 10.101.117.32 0.0.0.15 10.101.117.0 0.0.0.31 eq telnet
Step 1 QB: access-list 199 permit icmp any any

The last two questions are more or less asking you about the configuration for your ACLs. So, question one states:
"How was PCA able to bypass access list 199 and Telnet to SWC?" 
Part 2 Q1:  Simple. PC-A used Telnet to access SWB (freely). Telnetting was allowed to SWC, and was not blocked from the path of PC-A to SWB.

The second question asks, "What could have been done to prevent PCA from accessing SWC indirectly, while allowing PCB Telnet access to SWC?":
Part 2 Q2: A simple reconfiguration. Access List 199 could have been configured to deny Telnet traffic from 10.101.117.49/29's Network (PC-A), while permitting ICMP. The said ACL should have been placed on G0/0.


1 comment:

Feel free to comment if you have a question, commendation, or concern. We love to hear your feedback!

Please do not share links to external websites if it not relevant to discussion. We reserve our right to remove any content we deem advertising.