Sunday, February 17, 2013

Lab 215 - Extended ACL Established

Prerequisites: CCNP level skills.

NOTE!
Initial configuration for this lab can be downloaded here.

Topology

Pic 1. Topology Diagram.

Task 1
On BB1 enable static routing towards 172.16.0.0 subnets using R3 as the gateway. Create Loopback0 address on BB2 with the address of 10.101.101.254/24. Ensure R3 is the gateway of last resort for EIGRP AS 1. You can use a static route to accomplish the task.

Task 2
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.

Solution


Task 1
On BB1 enable static routing towards 172.16.0.0 subnets using R3 as the gateway. Create Loopback0 address on BB2 with the address of 10.101.101.254/24. Ensure R3 is the gateway of last resort for EIGRP AS 1. You can use a static route to accomplish the task.

BB1 Config:
!
interface Loopback0
 ip address 10.101.101.254 255.255.255.0
!

ip route 172.16.0.0 255.255.0.0 203.0.113.3
!

R3 Config:
!
ip route 0.0.0.0 0.0.0.0 203.0.113.254
!
router eigrp 1
 redistribute static metric 1 1 1 1 1
 network 10.0.3.3 0.0.0.0
 network 172.16.123.3 0.0.0.0
 no auto-summary
!



Verification:
Pic. 2 - Ping/Traceroute Test.
 
Task 2
Configure an extended ACL on R3 allowing all TCP traffic from EIGRP AS 1 reach 10.100.100.0/24 only if it was originated from EIGRP AS 1.

R3 Config:
!
access-list 100 permit tcp any 172.16.0.0 0.0.255.255 established
!
interface FastEthernet0/0
 ip address 203.0.113.3 255.255.255.0
 ip access-group 100 in
 speed 100
 full-duplex
!


Verification:
Pic. 3 - TCP Traffic Originated From EIGRP AS 1.

Pic. 4 - Traffic Originated Outside EIGRP AS 1.

REMOVE the ACL configured in Task 2.