1/2/2011
CCNA Training » CCNA Access List Sim 2
Type text to search here... Ads by Google
CCNA Practice Exam
Cisco CCNA 640 802 Exam
CCNA
Get CCNA Certified
Home > CCNA Access List Sim 2
CCNA Access List Sim 2 October 26th, 2010 Go to comments Question A network associate is adding security to the configuration of the Corp1 router. The user on host C should be able to use a web browser to access financial information from the Finance Web Server. No other hosts from the LAN nor the Core should be able to use a web browser to access this server. Since there are multiple resources for the corporation at this location including other resources on the Finance Web Server, all other traffic should be allowed. The task is to create and apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted. Access to the router CLI can be gained by clicking on the appropriate host. All passwords have been temporarily set to “cisco”. The Core connection uses an IP address of 198.18.196.65 The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254 Host A 192.168.33.1 Host B 192.168.33.2 Host C 192.168.33.3 Host D 192.168.33.4 The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30 The Finance Web Server is assigned an IP address of 172.22.242.23.
Answer and Explanation Cisco Video Conference Guide to your telepresence solution Download it for Free Here!
Cisco.com/Cisco_Telepresence
I passed the CCIE R&S Lab on my first attempt! Steve Clarkin - CCIE #25821 www.INE.com/CCIE Pass ACCA Exams 1st Time Career Service, LSBF ACCA Tutors Team+ Fully funded MBA/MSc Degree www.CA-MB
Corp1>enable (you may enter “cisco” as it passwords here) We should create an access-list and apply it to the interface which is connected to the Server LAN because it can filter out traffic from both Sw-2 and Core networks. The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so we can guess the interface connected to them has an IP address of 172.22.242.30 (.30 is the number shown in the figure). Use the “show running-config” command to check which interface has the IP address of 172.22.242.30. Corp1#show running-config
www.9tut.com/78-ccna-access-list-sim-2
1/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. It is the interface we will apply our access-list (for outbound direction). Corp1#configure terminal Our access-list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23 via web (port 80) Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 Deny other hosts access to the Finance Web Server via web Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80 All other traffic is permitted Corp1(config)#access-list 100 permit ip any any Apply this access-list to Fa0/1 interface (outbound direction) Corp1(config)#interface fa0/1 Corp1(config-if)#ip access-group 100 out Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from the Core network. In the real exam, just click on host C and open its web browser. In the address box type http://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it. Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Server from these hosts. Finally, save the configuration Corp1(config-if)#end Corp1#copy running-config startup-config (This configuration only prevents hosts from accessing Finance Web Server via web but if this server supports other traffic – like FTP, SMTP… then other hosts can access it, too.) Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the Finance Web Server so please read the requirement carefully. I created this sim in Packet Tracer v5.2.1 so you can practice with it. You will need new version of Packet Tracer to open it (v5.1+).
Download this sim here
www.9tut.com/78-ccna-access-list-sim-2
2/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
Notice: After typing the commands above, if you make a “ping” from other hosts (PC0, PC1, PC3) then PC4 (Finance Web Server) can still reply because we just filter HTTP traffic, not ICMP traffic. To generate HTTP traffic, select “Web Browser” in the “Desktop” tab of these PCs. When a web browser opens, type the IP address of Finance Web Server and you can see how traffic flows in Simulation Mode.
And notice that in the initial configuration of this sim the Core network can ping Finance Web Server. We have to create an access-list that can filter this traffic too. E2M Simulation systems 2 to 6 DOF motion simulation advanced cueing and control force www.e2mtechnologies.eu Official Cisco Training CCNA, CCDA, CCNP, CCSP, CCVP, CCIP, CCDP, CCIE www.koenig-solutions.com Rack Rental / Network Lab $79/mo for up to 360 hours - Over 20 modern Cisco / Juniper devices lab.ghoudakis.com
Other lab-sims on this site: CCNA NAT SIM Question 1 CCNA NAT SIM Question 2 CCNA Frame Relay Sim CCNA Configuration SIM Question (RIPv2 SIM) CCNA VTP SIM CCNA EIGRP LAB CCNA Drag and Drop SIM CCNA Implementation SIM Comments 1. fatah December 2nd, 2010 hi friend how are you all ,i wont know what is egirp did it come for us today and which acl2 thank you all 2. Mo December 2nd, 2010 @ Fatah: There will be a question about EGRIP and ACL too. The ACL question i had was this: http://www.9tut.com/ccna-lab-sim/78-ccna-access-list-sim-2 and this one for egrip: http://www.9tut.com/ccna-eigrp-questions 3. win December 2nd, 2010 pc-pt(pc4) does not provide http connection,replace with server or give ip address(172.22.242.29 )to public web server and provide accesslist to this ip as same as previously done .check
www.9tut.com/78-ccna-access-list-sim-2
3/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
please correct me if i am wrong 4. ccna December 7th, 2010 PLEASE CORRECT ME IF IM WRONG !!! in/out interface could be determined by source and packets flow direction. in my case i have applied on interface fa0/0 which facing 192.168.0.0 subnet. this acl does exactly same – just wonder if theres problems with going my way on this… 5. ccna December 7th, 2010 sorry forgot to be exact, i have applied : interface fast0/0 ip access-group 100 in 6. fatah December 7th, 2010 i have problem in acl2 i did everything ,but i have Packet Tracer 5.0 so i can’t make practice tel me how i solf this problem thnx 7. mohsin soudagar December 7th, 2010 @you should download PT 5.1…. or give me your ID i’ll mail you its topology..so that you can practice it more efficiently 8. hi December 8th, 2010 whr it s dwnd acl sim 2 ……..plz giv me tht link packet tracer 9. mohsin soudagar December 8th, 2010 @hi.. dear just see below the topology…you find a “Download this sim here” just click on here,, u’ll have it… tc 10. fatah December 8th, 2010 hi all and thinx mohsin for your re ably my email
[email protected] i wait you ,i will be thinkful for you. 11. fatah December 8th, 2010 if baspol send me eigrb and vtp also 12. tomek December 8th, 2010 404 Not Found The resource requested could not be found on this server! Powered By LiteSpeed Web Server LiteSpeed Technologies is not responsible for administration and contents of this web site! 13. mohsin soudagar December 8th, 2010 @fatah…. dear i had send you 11 labs..which include ACL2, EIGRP,RIP, VTP…… and all other…. take care..and share your exam experience with us..we are waiting..for it 14. mohsin soudagar December 8th, 2010 @fatah.. you can download packet tracer v5.3.1 which is latest..to open ACL2 lab..
www.9tut.com/78-ccna-access-list-sim-2
4/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
http://hotfile.com/dl/81150708/025d779/PacketTracer531_setup_no_tutorials.exe.html 15. Muhammad Imran December 8th, 2010 Hi Friends learn how to connect virtual machine with gns3 and test internet connectivity in virtual machine very easy and interesting lab http://www.youtube.com/watch?v=MWi2S1wQWCo Thanks Muhammad Imran!!!!!! 16. Muhammad Imran December 8th, 2010 Hi Friends learn how to connect make this same lab in gns3 and get 100% results http://www.youtube.com/watch?v=qJVuCFHdoDk Thanks Muhammad Imran!!!!!! 17. fatah December 9th, 2010 hi mohsin soudaga i will do insh alaah 18. fatah December 9th, 2010 thnx mohsin acl2 it’s work in 5.3 thank you all friend in 9tut 19. Sagar December 9th, 2010 show run command is not supported in ccna sim,so any alternative to this? Plz reply…………. 20. cizmo December 9th, 2010 try sh ip interfaces (brief) 21. al December 11th, 2010 My suggestion (I had this question on the exam) try “do show run”, do not exit global config mode. 22. E December 11th, 2010 show run did work on the exam. 23. Inc December 11th, 2010 http 404 not found guys i want these sims i need to practice im writing monday 24. Inc December 11th, 2010 plz 25. Hassan December 11th, 2010 @mohsin soudagar Could you please send me the 11 labs too? My exam is on dec 16.
[email protected] Thanks !! Hassan 26. hasy December 12th, 2010
www.9tut.com/78-ccna-access-list-sim-2
5/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
i got my exam yesterday and passed with 974. especial thanks for the 9tut. pass4sure & testinside dumps are still valid. sims are eigrp,vtp & access-list only the ip addresses are changed. in access-list the the pc also changed. again thanks for the 9tut and all of the contributors if any one need help from me pls email to
[email protected] 27. mohsin soudagar December 12th, 2010 @Hassan yes dear..i had mailed you….. all the 12 labs topologies.. 28. Hassan December 12th, 2010 @mohsin soudagar Thank you so much my friend! I’ve just did 1 simulation, only 11 to go ! :) We gonna do it !! Hassan 29. Saleck December 12th, 2010 hi there, could you send me the 12 lab topologies as well? I’m to take the exam the week of the December 20th. Thank you.
[email protected] and the latest dumps if at all possible 30. kapil December 13th, 2010 hello mohsin soudagar If you can also send me the 11 labs i am planning to do my exam first week of jan
[email protected] 31. nathan December 13th, 2010 hi friend can u please send me the 12 lab topologies . examin this friday. cheers brad_gemini at hotmail dot com 32. rayan December 13th, 2010 hi, plz send me all lab topologies , my exam on this Thursday , mail id is
[email protected], thanks .. 33. Muzzammil December 13th, 2010 hello, can u lz send me the topologies. mail:
[email protected] Thnx 34. ABBAS December 13th, 2010 hello Anyone Plz forward me all topologies @
[email protected]. Thank u so much…… looking forward……… Cheers 35. ptrck December 13th, 2010 Hey all can one send me lab topologies, exam this week. (
[email protected]) This site has been most excellent with exam prep. Thanks so much!! 36. Peter Cole December 13th, 2010 Please add me to the list for the 12 labs.
[email protected]
www.9tut.com/78-ccna-access-list-sim-2
6/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
Thanks 37. rob December 13th, 2010 please could someone please send me the packet tracer version of this please, got my exam this week many thanks 38. harish December 14th, 2010 hi iam harish iam having exam this week can anyone send me all lab topologies my add is harisrexgmail.com 39. Marko December 14th, 2010 Hi, I see that someone already asked the same question above but wasn’t answered yet. Instead of applying ACL on Fa0/1 as outbound, shouldn’t we apply it on Fa0/0 as inbount? As per CBT Nuggests, extended ACLs should be applied as close as you can to the source that should be filtered. On the other hand, standard ACLs should be applied as close as you can to the destination (to avoid redundant permission denial). And since the ACL above is extended, I expected that it will be applied on Fa0/0 as inbound one. What do you think about this? Thanks, Marko 40. 9tut December 14th, 2010 @Marko: I agree that standard ACLs should be applied as close as you can to the destination but in this case we must apply it to Fa0/1 (outbound), not Fa0/0 (inbound) because we also need to prevent Core network from accessing the Finance Web Server. If we apply access-list to Fa0/0, only packets from hosts A B C D will be filtered. 41. Marko December 14th, 2010 You’re absolutely right! Thank you very much for this clarification and pointing me to the part of the text that I overseen. In the 3rd sentence of the text, it says: “No other hosts from the LAN nor the Core should be able to use a web browser to access this server.”, just like you said. My suggestion would affect only “hosts from the LAN”, while “the Core” could still access the Web server. Thanks, Marko 42. rayan December 14th, 2010 thanku 9tut. packet trcr for access list 2 is working fine.. 43. 9tut.com.rocks December 14th, 2010 hi guys, where can i get the packet tracer? this is what i need like a router simulation program ,right? can somebody email me where to find it and how i could use it for this type of labs? my email address is
[email protected]. i would like to practice the labs before writing the exam next week. thanks in advance. much appreciated. 44. Owolowo olayinka December 15th, 2010 Hi, can u pls send me d 12 labs as i’ve been lookin 4 what to practice with. Thanks 4 d gud work.
[email protected] 45. farhad December 15th, 2010 @mohsin soudagar Could you please send me the 12 labs, my exam is on dec 21. my emai address is
[email protected] thnx 46. fatah December 15th, 2010 today i pass ccan exam ,acl2,vtp,eigrp vce dumps it’s valid thank you 9tut and exam collatio
www.9tut.com/78-ccna-access-list-sim-2
7/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
i wont thank my friend mohsen coz he is help me also 47. Fabulous December 15th, 2010 Hi, engineers and potential engineers, i wrote my exam on 12 December and scored 1000/1000, it is possible, please don’t panic. Sims were: VTP, Eigrp as no. 23, with wrong as no. of 22, Access-list sim 2 with different addresses. All questions from Acme, Mashti and i also used the pass4sure frm certuniverse.blogspot.com with 473Qs. Be careful, there are many wrong questions on Acme’s dump. I am excited but i have a problem at the same time, my name was misspelled and when i went to the certification tracking system on the “update personal info” i can’t edit my name, anyone help!!!!!!!!!!!!!! 48. Peter December 15th, 2010 I wouldn’t recommend creating additional statements. The question says to do it in 3 statements. 49. mohsin soudagar December 15th, 2010 @fatah i am really happy that u passed it.. its absolutely my pleasure to help you.. may god always bless you :) :) 50. Lois December 16th, 2010 On the Lab acl lab sim 2 how do you ping from the pc? I get host name unresolved when I ping. Also on router rip instead of 172.16.0.0 it should be 172.22.0.0. Very nice job on packet tracer. Thank you I appreciate it. 51. Jihan December 22nd, 2010 Hi I have my exam on the 30th! I would appreciate it if anyone kind enough to send me all the labs! my email is
[email protected]. Congrats to those who have passed and good luck to those with the upcoming tests!! 52. Gaurav December 22nd, 2010 hi, i am new here and find it quite interesting. Well would anyone be kind enough to send me the lab sims available. i am having my exam on the 24th of this month. 53. Karthik T December 22nd, 2010 Hi Friends, I am having exam on 27 th, can u pls share the latest Simulation dumps, Pls share the documents @
[email protected] waiting for ur inputs Thanks in Advance :-) 54. Deen December 23rd, 2010 Dear All, I have scheduled my CCNA exam in within 48hrs. If there is any changes in SIM please let me know. Thanks for folks. 55. Karthik’s father December 23rd, 2010 Guys, please don’t send Karthik any dumps. 56. Mansoor December 26th, 2010 Hi I have planned to do CCNA exam on jan 2011. can anyone send me all the lab simulation for practise. I would be very thankful
[email protected] 57. Azhar Malghani
www.9tut.com/78-ccna-access-list-sim-2
8/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
December 26th, 2010 Hi everyone, I have to appear for CCNA in next 24 hours, If any one can help me to send Latest dumps of testinside. PLEASE HELP I HAVE TO PASS THIS EXAM INSHALLAH Kindly send any helping stuff at………….(
[email protected]) WISH ME BEST OF LUCK AND CONGRATS TO ALL PASSED CANDIDATES.I LUV U ALL. 58. Rafaqat December 27th, 2010 hello dears i have dumps of testinside v17.14 and i has 356 question.plz do inform me that is it valid or not .plz plz if not so plz send me dumps on my e mail rafaqat_edu@yahoo .com i have exam on 15 jan 59. TiredEyes December 27th, 2010 In the exam are the questions totally random or do they come in section, such as, say for example, 10 question on switching, then 10 questions on routing protocols, etc, etc. Thanks on advance, got my CCNA exam in Jan 2011, hope they don’t change the sims for 2011. 60. Allan December 28th, 2010 @mohsin soudagar I am planning to take the exam this coming jan 2011, please send me the 12 labs. My email add is
[email protected] Thanks =) 61. salz December 28th, 2010 @ fabulous and everyone ….i studied Acme Dumps and 9tut labs… am gonna write exam tomorrow.. r u all sure that in ACME dumps all the questions are correct and valid.. plzzzz reply me fast.. 62. teeka December 28th, 2010 got this 2day in ma exam , host A , thxx 9tut 63. eason December 28th, 2010 CCNA 640-802 study guide 64. Riya December 29th, 2010 Can anybody pleasssse tel me in the question it is given “No other hosts from the LAN nor the Core should be able to use a web browser to access this server”. But thos answer given here allows the core network to access the Finance Server. Are we suppose 2 configure only tht much in the CCNA exam or more configuration r needed. Please help me…i hve my exam 2mrw.Pleaaasssee.. 65. Stephen December 30th, 2010 I have a simulation to this question if u want it get to me via mail at
[email protected] 66. RR December 30th, 2010 Hi everybody, Today I scored 949/1000 in CCNA 640-802 exam Heartly Thanks to 9tut they have explained very well all the simulators here just do that perfectly Sims are ACL2, EIGRP and VTP But make sure about IP addresses and PCs Eigrp sim I got 192.168.66.0 and 192.168.36.0 Network IDs for Regional2 router and the AS number was 122 It was not misconfigured with 22 number, so I didn’t say no router eigrp 22 in configuration ACL2
www.9tut.com/78-ccna-access-list-sim-2
9/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
There were PC1 insteed of PC3 should be access finance server IP was different Finance server IP address was 172.22.173.28 Take care about VTP sim I lost some points in there you have to understand and find the correct answers I studied from Todd Lammle’s 6th edition book and prepared from acme 17.14 356qs are pretty valid I am not sure about Jan 2011 For acme 17.14 vce 356qs just go through this link http://www.examcollection.com/cisco/Cisco.TestInside.640-802.v17.11.by.Acme.310q.vce.file.html to open all questions you have to get VCE cert exam designer and manager as well as exam formater Wish you all the best And HAPPY NEW YEAR 2011 67. ARQ: January 1st, 2011 How can you verify your results i know 9tut u say in real exam i shld oopen browser of host c but currently can i verify this from topology because when i type the address of f inance browser either nothing happens or either some hsot restart error messgae commands are correct have tried many times And i cant verify difference in host c and others in accessing just one question from u? FROM TOPOLOGY WHICH u have given us, i cant verify my connectivity by typing finance browser from host c. right? i can only do it in real exam or can i also do it in this topology please do reply many thanks in advance 68. 9tut January 2nd, 2011 You can do it in this topology by using the “Real-Time” simulation function in Packet Tracer. You will see the packets from other hosts (than host C) being denied and dropped at the router. 69. 9tut January 2nd, 2011 @Riya: The Core network can’t access the Finance Web Server too because we apply the access list at the outbound interface (Fa0/1). 1. No trackbacks yet. Add a Comment Name Website (not required)
Submit Comment
Subscribe to comments feed CCNA VTP SIM Question Contact Me
CCNA 640-802 CCNA Lab Sim CCNA – Access List Questions CCNA – WAN CCNA – OSPF Questions CCNA – EIGRP Questions DHCP Group of Four Questions CCNA – Drag and Drop 1 CCNA – Drag and Drop 2
www.9tut.com/78-ccna-access-list-sim-2
10/11
1/2/2011
CCNA Training » CCNA Access List Sim 2
CCNA – Drag and Drop 3 CCNA – Drag and Drop 4 CCNA – Hotspot CCNA – IPv6 Questions CCNA – Subnetting CCNA – Operations 1 CCNA – Operations 2 CCNA – Operations 3 CCNA – Troubleshooting 1 CCNA – Troubleshooting 2 Share your CCNA Experience
CCNA Self-Study Practice CCNA GNS3 Labs CCNA Knowledge
Network Resources CCNA FAQs & Tips Free Router Simulators ICND1/ICND2 Website CCNP - ROUTE Website CCNP - SWITCH Website CCNP - TSHOOT Website CCNA Voice Website CCNA Security Website CCDA Website CCIE Written Website
Support 9tut
Your contribution will help keep this site updated!
Ads by Google CCNA Video Training CCNA ICND 1 Cisco CCNA Courses Online CCNA Cert
Top Copyright © 2010 CCNA Training Privacy Policy. Valid XHTML 1.1 and CSS 3.
www.9tut.com/78-ccna-access-list-sim-2
11/11
