Help with Cisco ACL - University Network Emulation

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

royfake

Thread Starter
Joined
Apr 10, 2008
Messages
2
Hi,

I am trying to build a basic ACL according to some specs my prof posted:
Code:
DCeNeca College has acquired a class B address of 142.204.0.0. The IT planners at the college have determined that they need to create a network with the following subnets:

    * 15 subnets, one for each lab, with up to 40 hosts per lab
    * one non-lab classroom subnet for 40 classrooms with one host per classroom (the podium machine)
    * one faculty subnet to support 75 instructors hosts
    * one admin subnet for 8 administrative hosts (for Chairs and Deans)
    * one admin support subnet for 30 administrative support hosts (front office staff)
    * one computer support subnet for 15 hosts (ACS)
    * a gateway
He also asked to keep the design in PacketTracer to minimal (only 1 PC from each subnet).


I attached the screenshot to this thread so you can understand the ACLs.
Here are my ACLs:
Code:
! blocking labs from accessing admin/faculty on Fa0/0
access-list 111 deny ip 142.204.0.0 0.0.7.255 142.204.24.0 0.0.7.255
access-list 111 deny ip 142.204.0.0 0.0.7.255 142.204.16.0 0.0.7.255
access-list 111 permit ip any any

! blocking class from accessing admin/faculty on Fa1/0
access-list 112 deny ip 142.204.8.0 0.0.7.255 142.204.24.0 0.0.7.255
access-list 112 deny ip 142.204.8.0 0.0.7.255 142.204.16.0 0.0.7.255
access-list 112 permit ip any any

! blocking faculty from accessing admin on Fa2/0
access-list 113 deny ip 142.204.16.0 0.0.7.255 142.204.24.0 0.0.7.255
access-list 113 permit ip any any

! blocking admin from accessing labs/class/faculty on Fa3/0
access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.0.0 0.0.7.255
access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.8.0 0.0.7.255
access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.16.0 0.0.7.255
access-list 114 permit ip any any
 

Attachments

royfake

Thread Starter
Joined
Apr 10, 2008
Messages
2
I also tried before the posted ACL above a simple one. Here is my router config output:
(should make the screenshot much clearer)

Code:
!

version 12.2

no service password-encryption

!

hostname gateway

!

!

!

! Labs

interface FastEthernet0/0

 ip address 142.204.0.1 255.255.248.0
 
 ip access-group 1 out

 duplex auto

 speed auto

!
! Class

interface FastEthernet1/0

 ip address 142.204.8.1 255.255.248.0
 ip access-group 2 out

 duplex auto

 speed auto

!
! Faculty

interface FastEthernet2/0

 ip address 142.204.16.1 255.255.248.0
 ip access-group 3 out

 duplex auto

 speed auto

!
! Admin

interface FastEthernet3/0

 ip address 142.204.24.1 255.255.248.0
 ip access-group 4 out

 duplex auto

 speed auto

!
! Office

interface FastEthernet4/0

 ip address 142.204.32.1 255.255.248.0

 duplex auto

 speed auto

!
! ACS

interface FastEthernet5/0

 ip address 142.204.40.1 255.255.248.0

 duplex auto

 speed auto

!
! Internet

interface FastEthernet9/0

 no ip address

 duplex auto

 speed auto

 shutdown

!

router rip

 network 142.204.0.0

!

ip classless

!

access-list 1 deny 142.204.24.0 0.0.7.255
access-list 1 deny 142.204.16.0 0.0.7.255

access-list 1 permit any
access-list 2 deny 142.204.24.0 0.0.7.255
access-list 2 deny 142.204.16.0 0.0.7.255
access-list 2 permit any

access-list 3 deny 142.204.24.0 0.0.7.255

access-list 3 permit any

access-list 4 deny 142.204.0.0 0.0.7.255

access-list 4 deny 142.204.8.0 0.0.7.255

access-list 4 deny 142.204.16.0 0.0.7.255

access-list 4 permit any
access-list 11 deny 142.204.24.0 0.0.7.255
access-list 11 permit any
access-list 12 deny 142.204.24.0 0.0.7.255
access-list 12 permit any
access-list 13 deny 142.204.0.0 0.0.7.255
access-list 13 dent 142.204.8.0 0.0.7.255
access-list 13 deny 142.204.24.0 0.0.7.255
access-list 13 permit any
access-list 14 deny 142.204.0.0 0.0.7.255
access-list 14 dent 142.204.8.0 0.0.7.255
access-list 14 deny 142.204.16.0 0.0.7.255
access-list 14 permit any

!

!

!

line con 0

line vty 0 4

 login

!

!

end
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,649
Could you put up a network diagram of how you have your network laid out? It's a bit hard to follow what you think the design is and it's too late for me to draw out the layout.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top