1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with Cisco ACL - University Network Emulation

Discussion in 'Networking' started by royfake, Apr 10, 2008.

Thread Status:
Not open for further replies.
  1. royfake

    royfake Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    2
    Hi,

    I am trying to build a basic ACL according to some specs my prof posted:
    Code:
    DCeNeca College has acquired a class B address of 142.204.0.0. The IT planners at the college have determined that they need to create a network with the following subnets:
    
        * 15 subnets, one for each lab, with up to 40 hosts per lab
        * one non-lab classroom subnet for 40 classrooms with one host per classroom (the podium machine)
        * one faculty subnet to support 75 instructors hosts
        * one admin subnet for 8 administrative hosts (for Chairs and Deans)
        * one admin support subnet for 30 administrative support hosts (front office staff)
        * one computer support subnet for 15 hosts (ACS)
        * a gateway
    
    He also asked to keep the design in PacketTracer to minimal (only 1 PC from each subnet).


    I attached the screenshot to this thread so you can understand the ACLs.
    Here are my ACLs:
    Code:
    ! blocking labs from accessing admin/faculty on Fa0/0
    access-list 111 deny ip 142.204.0.0 0.0.7.255 142.204.24.0 0.0.7.255
    access-list 111 deny ip 142.204.0.0 0.0.7.255 142.204.16.0 0.0.7.255
    access-list 111 permit ip any any
    
    ! blocking class from accessing admin/faculty on Fa1/0
    access-list 112 deny ip 142.204.8.0 0.0.7.255 142.204.24.0 0.0.7.255
    access-list 112 deny ip 142.204.8.0 0.0.7.255 142.204.16.0 0.0.7.255
    access-list 112 permit ip any any
    
    ! blocking faculty from accessing admin on Fa2/0
    access-list 113 deny ip 142.204.16.0 0.0.7.255 142.204.24.0 0.0.7.255
    access-list 113 permit ip any any
    
    ! blocking admin from accessing labs/class/faculty on Fa3/0
    access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.0.0 0.0.7.255
    access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.8.0 0.0.7.255
    access-list 114 deny ip 142.204.24.0 0.0.7.255 142.204.16.0 0.0.7.255
    access-list 114 permit ip any any
    
     

    Attached Files:

  2. royfake

    royfake Thread Starter

    Joined:
    Apr 10, 2008
    Messages:
    2
    I also tried before the posted ACL above a simple one. Here is my router config output:
    (should make the screenshot much clearer)

    Code:
    !
    
    version 12.2
    
    no service password-encryption
    
    !
    
    hostname gateway
    
    !
    
    !
    
    !
    
    ! Labs
    
    interface FastEthernet0/0
    
     ip address 142.204.0.1 255.255.248.0
     
     ip access-group 1 out
    
     duplex auto
    
     speed auto
    
    !
    ! Class
    
    interface FastEthernet1/0
    
     ip address 142.204.8.1 255.255.248.0
     ip access-group 2 out
    
     duplex auto
    
     speed auto
    
    !
    ! Faculty
    
    interface FastEthernet2/0
    
     ip address 142.204.16.1 255.255.248.0
     ip access-group 3 out
    
     duplex auto
    
     speed auto
    
    !
    ! Admin
    
    interface FastEthernet3/0
    
     ip address 142.204.24.1 255.255.248.0
     ip access-group 4 out
    
     duplex auto
    
     speed auto
    
    !
    ! Office
    
    interface FastEthernet4/0
    
     ip address 142.204.32.1 255.255.248.0
    
     duplex auto
    
     speed auto
    
    !
    ! ACS
    
    interface FastEthernet5/0
    
     ip address 142.204.40.1 255.255.248.0
    
     duplex auto
    
     speed auto
    
    !
    ! Internet
    
    interface FastEthernet9/0
    
     no ip address
    
     duplex auto
    
     speed auto
    
     shutdown
    
    !
    
    router rip
    
     network 142.204.0.0
    
    !
    
    ip classless
    
    !
    
    access-list 1 deny 142.204.24.0 0.0.7.255
    access-list 1 deny 142.204.16.0 0.0.7.255
    
    access-list 1 permit any
    access-list 2 deny 142.204.24.0 0.0.7.255
    access-list 2 deny 142.204.16.0 0.0.7.255
    access-list 2 permit any
    
    access-list 3 deny 142.204.24.0 0.0.7.255
    
    access-list 3 permit any
    
    access-list 4 deny 142.204.0.0 0.0.7.255
    
    access-list 4 deny 142.204.8.0 0.0.7.255
    
    access-list 4 deny 142.204.16.0 0.0.7.255
    
    access-list 4 permit any
    access-list 11 deny 142.204.24.0 0.0.7.255
    access-list 11 permit any
    access-list 12 deny 142.204.24.0 0.0.7.255
    access-list 12 permit any
    access-list 13 deny 142.204.0.0 0.0.7.255
    access-list 13 dent 142.204.8.0 0.0.7.255
    access-list 13 deny 142.204.24.0 0.0.7.255
    access-list 13 permit any
    access-list 14 deny 142.204.0.0 0.0.7.255
    access-list 14 dent 142.204.8.0 0.0.7.255
    access-list 14 deny 142.204.16.0 0.0.7.255
    access-list 14 permit any
    
    !
    
    !
    
    !
    
    line con 0
    
    line vty 0 4
    
     login
    
    !
    
    !
    
    end
    
    
     
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,271
    Could you put up a network diagram of how you have your network laid out? It's a bit hard to follow what you think the design is and it's too late for me to draw out the layout.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702499

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice