to save time, End devices IP settings Configured!!!
_____________________________________________
hostname Switch1
interface Vlan1
ip address 10.10.0.2 255.255.252.0
no shutdown
username admin password admin
ip domain-name cisco.com
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 60
line vty 0 4
transport input ssh
ip default-gateway 10.10.0.1
int range fas0/1 -24
spanning-tree portfast
crypto key generate rsa
_____________________________________________
hostname Austin_TX
username admin password admin
ip domain-name cisco.com
ip ssh version 2
ip ssh authentication-retries 2
ip ssh time-out 60
line vty 0 4
transport input ssh
interface FastEthernet0/1
ip address 10.10.0.1 255.255.252.0
no shutdown
interface FastEthernet0/0
ip address 10.10.4.1 255.255.254.0
no shutdown
_____________________________________________
hostname Switch0
interface Vlan1
ip address 10.10.4.2 255.255.254.0
no shutdown
ip default-gateway 10.10.4.1
int range fas0/1 -24
spanning-tree portfast
_____________________________________________
Test all services from PC1 to Server-PT
_____________________________________________
Test pint PC0 to Server0
Extended ACL
Allow one host IP to ping the Server-PT
Allow one host IP to SSH into the router Switch
Allow any sources to http server
Allow any sources to https server
**Server 10.10.0.254 /22
_____________________________________________
**Create ACL Statements
ip access-list extended firewall_acl
100 deny ip any any
**Apply Statements to an Interface in/out
int fas0/1
ip access-group firewall_acl out
test pint PC1 To Server
_____________________________________________
**Allow one host IP to ping the Server-PT
ip access-list extended firewall_acl
10 permit icmp host 10.10.4.100 host 10.10.0.254
**Test ping PC1 to Server-PT
do sh acc firewall_acl
_____________________________________________
**Allow one host IP to SSH into the router Switch
ip access-list extended firewall_acl
20 permit tcp host 10.10.4.100 host 10.10.0.2 eq 22
**Test ssh -l admin 10.10.0.2
do sh acc firewall_acl
_____________________________________________
Allow any sources to http server
ip access-list extended firewall_acl
30 permit tcp any 10.10.0.254 0.0.0.0 eq 80
**Test PC1 open web browswer enter IP: 10.10.0.254
0 Comments