Lab 218 - Dynamic ACL (Lock-and-Key) - Learn Cisco

Post Top Ad

Lab 218 - Dynamic ACL (Lock-and-Key)

Prerequisites: CCNP level skills.

Topology

Pic 1. Topology Diagram.

Task 1
On R2 configure ACL which allows the user Jimmy with the password CISCO123, to access web server on R1 (or any other web server behind R2) if the authentication is initiated from VLAN 27. R2 should use telnet access as the authenticating method. All other traffic should be allowed.

Solution

Task 1
On R2 configure ACL which allows the user Jimmy with the password CISCO123, to access web server on R1 (or any other web server behind R2) if the authentication is initiated from VLAN 27. R2 should use telnet access as the authenticating method. All other traffic should be allowed.
R1 Config:
!
ip http server
!

R2 Config:
!
username Jimmy password CISCO123
!
access-list 100 permit tcp 172.16.27.0 0.0.0.255 host 172.16.27.2 eq 23
access-list 100 dynamic DYN_ACL permit tcp any any eq 80
access-list 100 deny tcp any any eq 80
access-list 100 permit ip any any
!
int f0/0
 ip access-group 100 in
!
line vty 0 4
 login local
 autocommand  access-enable
!

Verification:

Pic. 2 - Accessing Web Server on R1 without Authentication (ACL applied).

Pic. 3 - Accessing Web Server on R1 with Authentication (ACL applied)

Pic. 4 - Dynamic ACL Entry Created Above Deny DPORT 80.
  
Remove the configuration created in this lab.

Post Top Ad