Firewall - Dynamic Access List Lab Scenario

Dynamic, or "lock-and-key," access lists are one of the IOS features commonly used to tighten security on a router. They allow the network administrator to grant temporary access to a network or service when a user gives a valid ID and password. Dynamic access list statements have several advantages over static ACL entries: access can be granted for only a short time, and access can be based on the user, rather than on the IP address of the workstation. | CertificationZone Page 1 of 3 Date of Issue 08-01-2000 Dynamic Access List Lab Scenario by Katherine Tallis Introduction Required Equipment Lab Objectives Equipment Configuration Solution Testing the Dynamic Access List Introduction Dynamic or lock-and-key access lists are one of the IOS features commonly used to tighten security on a router. They allow the network administrator to grant temporary access to a network or service when a user gives a valid ID and password. Dynamic access list statements have several advantages over static ACL entries access can be granted for only a short time and access can be based on the user rather than on the IP address of the workstation. In this lab we will be using a dynamic access list statement to allow one router to ping another. Though this is probably not the type of thing you would do on a production network it does illustrate how dynamic ACLs work. Required Equipment You will need Two Cisco routers each with an Ethernet port One Ethernet hub One workstation with Terminal Emulation Software and an available serial port for a console connection to the routers Cables o Two Ethernet cables to connect the routers to the hub or o One crossover cable to connect the routers directly to one another and o One console cable to connect the workstation to each router s console port . Lab Objectives 1. Configure RouterA to deny access to any traffic except telnet traffic from RouterB across its Ethernet port. Include a dynamic statement in the access list to allow ICMP traffic from RouterB if an appropriate user ID and password are given. Set up the user ID and password in the router and configure the VTY line for local login. 2. Confirm that RouterB cannot ping RouterA s Ethernet interface. 3. Telnet from RouterB to RouterA giving the appropriate ID and password. This will invoke the dynamic statement to allow ICMP traffic. 4. Ping RouterA s Ethernet port to show that the dynamic statement was invoked and that ICMP traffic is .

Bấm vào đây để xem trước nội dung
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.