Wednesday, 30 March 2011

Denying TELNET using standard Access-Lists

Topology





This lab configures access control list on R1, to PCB from telnetting to router R1. To best experience how this works, begin by configuring all the devices interfaces with their IP addresses and apply EIGRP on the routers. Leave the access-list to the end. Make sure you can ping between PCA and PCB, and telnet from PCB to R1.

Objectives


- Configuring Standard access-lists
- denying telnet cession using access-list

R1 Configuration

Router#configure terminal
Router(config)#hostname R1
R1(config)#line con 0
R1(config-line)#pass cisco
R1(config-line)#login

R1(config-line)#line vty 0 4
R1(config-line)#pass cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable password cisco

R1(config)#int f1/0
R1(config-if)#ip add 148.1.1.254 255.255.0.0
R1(config-if)#no shut

R1(config-if)#exit
R1(config)#int f0/0
R1(config-if)#ip add 1.1.1.1 255.0.0.0
R1(config-if)#no shut

Configure EIGRP or any protocol of your choice

R1(config-if)#exit
R1(config)#router eigrp 100
R1(config-router)#network 1.0.0.0 0.255.255.255

R1(config-router)#net 148.1.0.0 0.0.255.255
R1(config-router)#no auto-summary
R1(config-router)#exit

Configure your access-lists

R1(config)#access-list 99 deny 142.2.1.1 0.0.0.0
R1(config)#access-list 99 permit any

Apply your access list, as close to the line vty


R1(config-if)#exit
R1(config)#line vty 0 4
R1(config-line)#access-class 99 in
R1(config-line)#


R2 Configuration

Router#configure terminal
Router(config)#hostname R2

R2(config)#int f0/0
R2(config-if)#ip add 1.1.1.2 255.0.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#int f1/0
R2(config-if)#ip add 148.2.1.254 255.255.0.0
R2(config-if)#no shut
R2(config-if)#exit

R2(config)#line con 0
R2(config-line)#pass cisco
R2(config-line)#login
R2(config-line)#exit

R2(config)#line vty 0 4
R2(config-line)#pass cisco
R2(config-line)#login
R2(config-line)#exit

R2(config)#router eigrp 100
R2(config-router)#network 148.2.0.0 0.0.255.255
R2(config-router)#network 1.0.0.0 0.255.255.255
R2(config-router)#no auto-summary
R2(config-router)#

Now try to telnet to R1 s0/0 interface, can you?

Clear your routers for the next Lab.
at

No comments:

Post a Comment