7/27/2019 CCNA (ACL Solution)

1/2

Task 1: Configure PPP with CHAP Authent icationConfi gure the link between HQ and B1 to use PPP encapsulation with CHAPauthentication.HQ( conf i g) #username B1 password cisco123HQ( conf i g) #interface s0/0/0

HQ( conf i g- i f ) #encapsulation ppp

HQ( conf i g- i f ) #ppp authentication chapB1(conf i g) #username HQ password cisco123

B1(conf i g) #in terface s0/0/0B1( conf i g- i f ) #encapsulation ppp

B1( conf i g- i f ) #ppp authentication chap

Confi gure the link between HQ and B2 to use PPP encapsulation with CHAPauthentication.HQ( conf i g) #username B2 password cisco123

HQ( conf i g) #in terface s0/0/1HQ( conf i g- i f ) #encapsulation ppp

HQ( conf i g- i f ) #ppp authentication chapB2(conf i g) #username HQ password cisco123

B2(conf i g) #in terface s0/0/0B2( conf i g- i f ) #encapsulation ppp

Task 2: Configure Default Routing

Configure default routing from HQ to ISP.HQ( conf i g) #ip route 0.0.0.0 0.0.0.0 s0/1/0Test connectivity to Web Server.HQ should be able to successfully ping Web Server at 209.165.202.130 as long as the ping is sourcedfrom the Serial0/1/0 interface.

Task 3: Configure OSPF RoutingConfigure OSPF on HQ.

HQ( conf i g) #router ospf 1

HQ( conf i g- r out er ) #network 10.1.1.0 0.0.0.3 area 0HQ( conf i g- r out er ) #network 10.1.1.4 0.0.0.3 area 0

HQ( conf i g- r out er ) #network 10.1.40.0 0.0.0.255 area 0HQ( conf i g- r out er ) #network 10.1.50.0 0.0.0.255 area 0

HQ( conf i g- r out er ) #default-information originateHQ( conf i g- r out er ) #passive-interface fa0/0

HQ( conf i g- r out er ) #passive-interface fa0/1HQ( conf i g- r out er ) #passive-interface s0/1/0

Configure OSPF on B1 and B2.

B1(conf i g) #router ospf 1

B1(conf i g- rout er ) #network 10.1.1.0 0.0.0.3 area 0B1(conf i g- rout er ) #network 10.1.10.0 0.0.0.255 area 0

B1(conf i g- rout er ) #network 10.1.20.0 0.0.0.255 area 0B1(conf i g- rout er ) #passive-interface fa0/0

B1(conf i g- rout er ) #passive-interface fa0/1B1(conf i g) #router ospf 1

B1(conf i g- rout er ) #network 10.1.1.4 0.0.0.3 area 0B1(conf i g- rout er ) #network 10.1.70.0 0.0.0.255 area 0

B1(conf i g- rout er ) #network 10.1.80.0 0.0.0.255 area 0B1(conf i g- rout er ) #passive-interface fa0/0

B1(conf i g- rout er ) #passive-interface fa0/1

7/27/2019 CCNA (ACL Solution)

2/2

Task 4: Implement Multiple ACL Security Policies

Implement security policy number 1.

HQ( conf i g) #access-li st 10 deny 10.1.10.0 0.0.0.255

HQ( conf i g) #access-list 10 permit anyHQ( conf i g) #int fa0/1

HQ( conf i g- i f ) #ip access-group 10 out

Implement security policy number 2.

B1(conf i g) #access-list 115 deny ip host 10.1.10.5 host 10.1.50.7B1(conf i g) #access-list 115 permit ip any any

B1(conf i g) #int fa0/0B1( conf i g- i f ) #ip access-group 115 in

Implement security policy number 3.

HQ( conf i g) #access-list 101 deny tcp 10.1.50.0 0.0.0.63 host 10.1.80.16 eq wwwHQ( conf i g) #access-list 101 permit ip any any

HQ( conf i g) #interface fa0/0HQ( conf i g- i f ) #ip access-group 101 in

Implement security policy number 4.

B2(conf i g) #ip access-li st ex tended NO_FTP

B2(c onf i g- ext - nacl ) #deny tcp 10.1.70.0 0.0.0.255 host 10.1.10.2 eq ftpB2(c onf i g- ext - nacl ) #permit i p any any

B2(c onf i g- ext - nacl ) #interface fa0/1B2(c onf i g- i f ) #ip access-group NO_FTP in

Implement security policy number 5.

HQ( conf i ) #ip access-l ist extended FIREWALL

HQ( conf i g- ext - nacl ) #permit icmp any any echo-replyHQ( conf i g- ext - nacl ) #permit tcp any any established

HQ( conf i g- ext - nacl ) #deny i p any anyHQ( conf i g- ext - nacl ) #in terface s0/1/0

HQ( conf i g- i f ) #ip access-group FIREWALL in