OSPF With Access List
OSPF With Access List
OSPF With Access List
net
Router A is to block ICMP from Router C, and Router C is to deny any traffic on port 80.
Please feel free to try the lab without following the lab walk-through section.
Text written in monospaced type indicates commands that can be entered on the router.
Purpose
A three-router lab is the typical scenario you will face in the CCNA exam. You must be comfortable
with configuring three routers with a basic config and then applying a routing protocol
and access-list.
Lab objectives
1. Use the IP-addressing scheme depicted in Figure 19–2.
2. Set telnet access for the router to use the local login permissions of username “banbury”
6. Add an access-list on the serial interfaces of both routers A and C. Router A is to block
all ping traffic from network 192.168.2.0. Router C is to block all http traffic from
any network.
Lab walk-through
1. Follow the configuration from the previous lab.
2. Configure the access-lists on both Routers A and C and apply them to the serial interfaces.
RouterA(config)#
RouterA(config)#interface serial 0
RouterC(config)#interface serial 0
3. Telnet from Router A to Router C. A normal telnet will work. However, a telnet on port
RouterA#telnet 192.168.2.2
RouterA#
RouterA#telnet 192.168.2.2 80
exit
Content-type: text/html
4. Now ping Router A from Router C. The ping from the serial interface (the blocked network)
RouterC#ping 192.168.1.1
U.U.U
RouterC#ping
Protocol [ip]:
!!!!!
RouterC#
Show runs
RouterA#show run
Building configuration...
Current configuration : 900 bytes
version 12.1
no service single-slot-reload-enable
no service password-encryption
hostname RouterA
ip subnet-zero
interface Loopback0
interface Loopback1
interface Ethernet0
no ip address
shutdown
interface Serial0
ip access-group 100 in
interface Serial1
no ip address
shutdown
!
router ospf 20
log-adjacency-changes
ip classless
no ip http server
line con 0
password letmein
login
line 1 8
line aux 0
line vty 0 4
login local
end
---
RouterB#show run
Building configuration...
version 12.1
no service single-slot-reload-enable
no service password-encryption
hostname RouterB
!
ip subnet-zero
interface Loopback0
interface Loopback1
interface Ethernet0
no ip address
shutdown
interface Serial0
clockrate 64000
interface Serial1
clockrate 64000
router ospf 20
log-adjacency-changes
ip classless
no ip http server
line con 0
password letmein
login
line aux 0
line vty 0 4
login local
end
RouterB#
---
RouterC#show run
Building configuration...
Current configuration:
version 11.3
no service password-encryption
hostname RouterC
ip subnet-zero
interface Loopback0
interface Ethernet0
no ip address
shutdown
!
interface Serial0
ip access-group 100 in
no ip mroute-cache
interface Serial1
no ip address
shutdown
router ospf 20
ip classless
line con 0
line 1 16
line aux 0
line vty 0 4
login local
end
RouterC#