foto

foto
foto

Selasa, 28 Desember 2010

CCNA discovery 3 chapter 8


Lab 8.3.3 Configuring and Verifying Standard ACLs

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the host with IP address, subnet mask, and default gateway
Step 6: Configure RIP routing and verify end-to-end connectivity in the network

Were the pings from Host 1 successful? Jawab : ya

Step 7: Configure and test a standard ACL

Are there any matches for either ACL statement? Jawab:
Mungkin tidak baik untuk saat ini. Jika cukup waktu telah berlalu, akan ada beberapa pertandingan untuk menyangkal pernyataan yang dihasilkan dari update RIP diblokir dari R1.

Does the output of the show access-lists command display the ACL that was created? Jawab: ya

Does the output of the show access-lists command display how the ACL is applied? Jawab :tidak

Use the show ip interface s0/0/0 command to display the application of the ACL. What does the output of the show ip interface command tell you about the ACL? Jawab: Bahwa diterapkan dan ke arah mana.


Step 8: Test the ACL

a.     From Host 1, ping the 192.168.1.1 loopback address.
Is the ping successful? Jawab : tidak

b.    From Host 1, ping the 192.168.2.1 loopback address.
Is the ping successful? Jawab : tidak

c.     Issue the show access-list command again.
How many matches are there for the first ACL statement (permit)? Jawab :8
           
R2#show access-lists
Standard IP access list 1
permit 192.168.200.10 (16 matches)
deny any

How many matches are there for the second ACL statement (deny)? Jawab : 8
                What route is missing from the routing table? Jawab: Sebuah rute ke jaringan 192.168.200.0
Are the pings now successful? Jawab : ya

Again ping 192.168.1.1 and 192.168.2.1 from Host 1. Are the pings successful? Jawab : tidak
            Are there matches for the 192.168.100.1 ACL statement?

Step 9: Reflection

a.     Why is careful planning and testing of access control lists required?  Jawab:
Untuk memverifikasi bahwa lalu lintas yang dimaksudkan - dan HANYA dimaksud - lalu lintas diijinkan.

b.      What is the main limitation of standard ACLs? Jawab: Mereka hanya dapat menyaring berdasarkan alamat sumber.


Lab 8.3.4 Planning, Configuring and Verifying Extended ACLs

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
Step 6: Configure RIP routing and verify end to end connectivity in the network

Were the pings successful? Jawab: ya

Step 7: Configure Extended ACLs to control traffic


Does the output of the show access-lists command display the ACL that was created? Jawab: ya
Does the output of the show access-lists command display how the ACL is applied? Jawab: tidak
What does the output of the show ip interface command tell you about the ACL? Jawab: Bahwa diterapkan dan ke arah mana.


Step 8: Test the ACL

a.     Ping Host 3 from both Hosts 1 and 2.
Can Host 1 ping Host 3?  Jawab : ya
Can Host 2 ping Host 3? Jawab : tidak

b.    To verify that other addresses can ping Host 3, ping Host 3 from R1.
Is the ping successful?  Jawab : ya
c.     Display the access control list again with the show access-lists command.
What additional information is displayed beyond just the access list statements? Jawab: Berapa kali setiap pernyataan ACL disesuaikan.
d.    Remove this access control list before continuing.

Step 9: Configure and test the ACL for the next requirement

Can you telnet to R1 from any of these devices? If yes, which one(s)? jawab : ya, hanya dari host 3

Does the output of the show access-lists command display that the statements are being matched? Jawab: ya

Step 11: Reflection

a.        Why is careful planning and testing of access control lists required? Jawab : Untuk memverifikasi bahwa lalu lintas yang dimaksudkan - dan HANYA dimaksud - lalu lintas diijinkan.
b.       What is an advantage of using Extended ACLs over Standard ACLs?  Jawab : Extended ACL memungkinkan Anda untuk memfilter berdasarkan informasi lebih yang hanya alamat sumber.


Lab 8.3.5 Configuring and Verifying Extended Named ACLs

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
Step 6: Verify that the network is functioning

a.     From the attached hosts, ping the FastEthernet interface of the default gateway router.
Was the ping from Host 1 successful?  Jawab: ya
Was the ping from Host 2 successful? Jawab : ya
If the answer is no for either question, troubleshoot the router and host configurations to find the error. Ping again until they are both successful.

b.    Use the command show ip interface brief and check the status of each interface.
What is the state of the interfaces on each router?
R1:
FastEthernet 0/0: jawab : Up
Serial 0/0/0: jawab : Up
Serial 0/0/1: jawab : administratively down
R2:
FastEthernet 0/0: jawab : administratively down
Serial 0/0/0: jawab :Up
Serial 0/0/1: jawab: administratively down

c.     Ping from the Serial 0/0/0 interface of Router 1 to the Serial 0/0/0 interface of Router 2.
Was the ping successful? Jawab : ya

Step 7: Configure static and default routing on the routers.


From one of the host PCs on R1, ping R2. Why is the ping unsuccessful? Jawab:
Tidak ada rute kembali dikonfigurasi pada R2 untuk mencapai jaringan 192.168.15.0.

From one of the host PCs on R1, ping R2. Did the ping succeed? Jawab: ya

Step 8: Configure and test a simple Named Standard ACL

Why do you need the third statement? Jawab:
Untuk mengizinkan lalu lintas IP lainnya yang tidak tercakup oleh ACL.

Describe how you should test this ACL: jawab:
Ping dari H2 ke H1 untuk memverifikasi bahwa H2 dapat mencapai host di jaringan lokal, ping dari H2 ke R1 dan R2. Mereka ping gagal. Ping dari H1 ke R1 atau R2 harus berhasil.


Step 9: Create and test a Named Extended ACL

Describe how you would test this ACL: jawab:
Ping berhasil dari H1 ke H2; ping gagal untuk R2, tapi ping berhasil ke R1

Step 10: Edit a Named Standard ACL

If you added a new PC to the topology, attached it to S1, and gave it the IP address 192.168.15.4/24, would it be able to reach R1? Jawab: ya

Step 11: Reflection

a.     Why is it good practice to perform basic configurations and verify connectivity before adding ACLs to routers? Jawab:
ACL menambahkan sebanyak mungkin "titik kesalahan" atau tempat di mana hasil kesalahan dalam lalu lintas yang terganggu. Ini  lebih mudah untuk memecahkan masalah jika anda dapat memverifikasi bahwa konfigurasi dasar kerja sebelum Anda menambahkan ACL. Jika konfigurasi dasar gagal setelah menambahkan ACL, memecahkan masalah ACL.

b.    What advantages do Named ACLs offer? Jawab:
Kemampuan untuk memberikan ACL logis, mudah-untuk-mengingat nama, nomor tak terbatas, bukannya terbatas pada rentang tertentu angka.


Lab 8.3.6 Configuring and Verifying VTY Restrictions

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1 and Switch 2
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
Step 6: Configure dynamic routing on the routers
Step 7: Verify connectivity

If the network has converged, list four destinations that H1 should be able to ping: jawab : R1, R2, H2, H3, H4
How many routes should appear? Jawab: 3

Step 8: Configure and test an ACL that will limit Telnet access

Which PCs should be able to Telnet to R1 and which should not? Jawab: PC 1 dan 2 harus mampu Telnet R1. PC 3 dan 4 tidak seharusnya.

Step 9: Create vty restrictions for R2
Step 10: Reflection

Why is the vty restriction ACL a good practice when configuring a router? Jawab:
jika host asing dapat telnet ke router, mereka memiliki kemampuan untuk
melihat dan memodifikasi konfigurasi. Keamanan yang menuntut Telnet dibatasi. Karena ACL vty adalah
diterapkan pada garis vty dan tidak interface fisik, ini kontrol akses Telnet ke router terlepas dari dari mana host (s) mencoba untuk terhubung pada jaringan.


Lab 8.4.3 Configuring an ACL with NAT

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the hosts with IP address, subnet mask, and default gateway
Step 6: Configure static and default routes on the routers
Step 7: Verify that the network is functioning

From the attached hosts, ping the FastEthernet interface of the default gateway router.
Was the ping from Host 1 successful? Jawab : ya
Was the ping from Host 2 successful? Jawab : ya

Step 8: Configure NAT and PAT on R1

Where will the private IP address of a host be translated? Jawab : At R1’s serial 0/0/0 interface

Step 9: Test and verify the configuration

Ping PC2 from PC1.
Was it successful? Jawab : ya
Ping the serial interface on R2 from PC1 and PC2.
Was it successful? Jawab : ya
How does the output indicate that PAT is being used? Jawab Nomor Port berlaku untuk terjemahan masing-masing.

Step 10: Configure and apply an ACL designed to filter traffic from one host
Step 11: Test the effects of the ACL on network traffic

Ping from PC1 to PC2, and from PC1 to its default gateway.
Were the pings successful? Jawab : ya

            Ping from PC1 to the serial interface of R2.
Was the ping successful? Jawab : ya

            Ping from PC2 to the serial interface of R2.
Was the ping successful? Jawab : ya
Is the ACL producing the desired results? Jawab : tidak
What would you expect to see if you viewed the NAT translation table? Jawab :
Alamat sumber di kedua paket host sedang diterjemahkan ke serial 0/0/0 R1 didalam IP global
alamat dan R2 mencapai.

Step 12: Move the ACL and retest

Is the ACL producing the desired results? Jawab: PC2 is able to reach R2, but PC1 cannot

Step 13: Reflection

a.     What is the role of the serial interface IP of R1 in NAT and PAT? (Refer back to the output shown in Step 9.) jawab:
Alamat IP interface yang adalah alamat global dalam digunakan dalam setiap terjemahan NAT.

b.    List, in the order in which they occurred, the changes that happened to the PC1 IP address when the ACL was placed on the R1 serial interface. Jawab:
NAT ACL terkait diizinkan alamat IP host ke R1 pada Fa0 dalam / 0 interface. NAT diterjemahkan ke alamat publik PAT ketika beralih ke interface serial. Alamat PAT telah diteruskan keluar interface serial dan tidak terhalang oleh ACL.
c.    Why did moving the ACL to the FastEthernet interface produce the desired results? Jawab: Alamat IP disaring begitu memasuki interface FastEthernet, dan tidak diterjemahkan


Lab 8.4.5 Configuring and Verifying ACLs to filter Inter-VLAN Traffic

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Configure R1 to support inter-VLAN traffic

Why is the no shutdown command performed only on interface FastEthernet 0/0? Jawab:
Itulah satu-satunya interface fisik.
Why is it necessary to specify the encapsulation type on each subinterface? Jawab :
Tergantung pada router, lebih dari satu jenis enkapsulasi bisa didukung.

Step 4: Perform basic configuration on Switch 1
Step 5: Create, name, and assign ports to three VLANs on S1

Why is it good practice to place the server farm in a separate VLAN? Jawab;
Lebih mudah untuk mengelola hak keamanan dan akses

Step 6: Create the trunk on S1

Why is it not necessary to specify which trunking protocol (dot1q, ISL) will be used? Jawab: Pada 2950 dan 2960 Catalyst switch, dot1q adalah enkapsulasi hanya didukung.

Step 7: Configure the hosts

Predict: If the configurations are correct, to which devices should a user at PC1 be able to ping successfully?jawab :
Kedua PC lain dan masing-masing alamat IP interface router.


Step 8: Verify that the network is functioning

a.     From each attached host, ping the other two hosts and each of the router sub-interface IP addresses.
Were the pings successful?  Jawab : ya
If the answer is no, troubleshoot the router, switch and host configurations to find the error.

b.    From the switch S1, ping the router default gateway 192.168.1.1.
Were the pings successful? Jawab : ya

c.     Use the command show ip interfaces brief and check the status of each interface or sub-interface.
What is the state of the interfaces?


R1:
FastEthernet 0/0: up
FastEthernet 0/0.1: up
FastEthernet 0/0.2: up
FastEthernet 0/0.3: up
FastEthernet 0/0.4: up
S1:
Interface VLAN1: up

Step 9: Configure, apply, and test an Extended ACL to filter inter-VLAN traffic


R1 has a FastEthernet 0/0 interface and four subinterfaces. Where should this ACL be placed, and in which direction? Why? Jawab:
Interface Fa0/0.3, akan masuk itu adalah tempat lalu lintas dari VLAN Users1 memasuki router dan diproses. Hanya lalu lintas dari Users1 pergi ke server akan ditolak sana.

Step 10: Reflection

a.     Why is it good practice to perform and verify basic and VLAN-related configurations before creating and applying an ACL? Jawab :
Masalah dapat ditelusuri untuk sintaks dan penempatan ACL

b.    What results would have been produced if the ACL had been placed on subinterface FastEthernet 0/0.3 going out and PC2 pinged PC3? Jawab:
Karena paket ping pertama akan beralih ke FastEthernet 0/0.4 dan kemudian diteruskan ke PC3 tersebut, ACL akan tidak berpengaruh. Ping dari PC2 ke server akan berhasil.

Lab 8.5.1 Configuring ACLs and Verifying with Console Logging

Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
Step 6: Configure and apply ACLs

Is the web connection from Host 1 successful? Jawab : ya

Is the FTP connection from Host 1 successful? Jawab : ya

Are you able to connect from Host 2? Jawab : tidak

Is the Telnet connection from Host 1 successful? Jawab : tidak
Is the Telnet connection from Host 2 successful? Jawab: ya

What information can be obtained from the command output? Jawab:
Garis daftar akses dan perintah serta berapa kali setiap baris disesuaikan.

Is a log message created each time a connection is attempted? Jawab: ya


Do the console messages indicate which packets are allowed by the ACL as well as those that are denied? Jawab : ya

Step 7: Reflection


a.     What is an advantage of using the logging option on an ACL versus the information provided by the show access-lists command? Jawab
Opsi logging memberi Anda informasi lebih rinci tentang apa daftar akses melakukan

b.    What is a major concern of enabling the logging feature of an access control list? Jawab:
Jumlah sumber daya router yang akan digunakan untuk menampilkan pesan konsol

c.     Would you normally log more than one line? Why or why not? Jawab: bisa karena tergantung pada ACL
d.    If the network is not performing as expected (e.g. routing updates not occurring, name resolution not occurring) which ACL statement would you log? Jawab:
Dalam hal ini, log ip menyangkal pernyataan apapun untuk melihat apa paket yang sedang diblokir yang tidak boleh. Mungkin perlu untuk mengubah laporan ACL untuk mengakomodasi lalu lintas ini

Lab 8.5.2 Configuring ACLs and Recording Activity to a Syslog Server
Step 1: Connect the equipment
Step 2: Perform basic configuration on Router 1
Step 3: Perform basic configuration on Router 2
Step 4: Perform basic configuration on Switch 1
Step 5: Configure the hosts with the proper IP address, subnet mask, and default gateway
Step 6: Configure and apply ACLs


From Host 1, open a web browser and attempt to connect to the web and FTP services on the server. In the web browser address textbox, enter http://172.17.1.1.
Is the web connection from Host 1 successful? Jawab ya

In the web browser address textbox, enter ftp://172.17.1.1.
Is the FTP connection from Host 1 successful? Jawab : ya

Attempt to connect to the web and FTP services on the server from Host 2.
Are you able to connect from Host 2? Jawab : tidak

 Attempt to telnet to the server from Host 1 and Host 2.
Is the Telnet connection from Host 1 successful? Jawab : tidak
Is the Telnet connection from Host 2 successful? Jawab : ya

Step 7: Configure the syslog service on Host 2
Step 8: Configure the router to properly use the syslog service
Step 9: Reflection

a.     State the advantages of using a syslog server instead of console logging.
What factor determines the maximum number of messages stored on the syslog server? Jawab:
Jumlah ruang hard disk tersedia

Tidak ada komentar:

Posting Komentar