EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 1 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 2 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 3 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 4 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 5 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user on

host C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will have

web access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 6 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this location

including other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2

Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)

Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.

In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.

Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the

Finance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 7 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 8 / 9

EXAMTUT

Newer Post

CCNA Access List Control (ACL) SimulationPosted on

A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.

Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17

The Adobe Flash Player or an HTML5 supported browser is

required for video playback.

Get the latest Flash Player

Learn more about upgrading to an HTML5 browser

Corp1>enable

Password: cisco

We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.33.254 YES manual up up

FastEthernet0/1 172.22.242.30 YES manual up up

Serial0/0 198.18.196.65 YES manual up up

We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal

Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host

172.22.242.23 eq 80

Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

All other traffic is permittedCorp1(config)#access-list 100 permit ip any any

Apply this access-list to Fa0/1 interface (outbound direction)

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end

Corp1#copy running-config startup-config

This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.

Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23

access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

access-list 100 permit ip any any

Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.

The task is to create and apply a numbered access-list with no more than three statements

that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance

Web Server. Other types of access from host D to the Finance Web Server should be

blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be

blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq

80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

Download LAB file (need packet tracer to open)

https://app.box.com/s/yizuzzbkagp4v0j52a50

Mirror:

http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?

Download Video file

https://app.box.com/s/uri1xwy29gw0qc0smlk0

This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.

Opera browser download Moneys Mutual Money Money Managers Confused

Internet advertising agency Microsoft Word Will work from home

23 Responses so far.

A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM

what commands have you used for ACL?

- Host D should be able to use a web browser(HTTP)to access the Finance Web Server

- Other types of access from host D to the Finance Web Server should be blocked

– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked

- All hosts in the Core and local LAN should be able to access the Public Web Server

Answer 1:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 deny ip any host 172.22.242.23

Access-list 100 permit ip any any

Answer 2:

Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

Access-List 100 permit ip any host 172.22.242.17

Access-list 100 deny ip any any

When asked – all can access to public server should I use answer 2 or answer 1?

i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is

said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?

Please help me out to understand…

farah med amine says:September 14, 2013 at 1:29 AM

@ACME PLEASE:command 2 use eq 80????

Modification #3

The user on host C should be able to access the Finance Web Server

Other access from host C to Finance Web Server should be denied

No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic

should be allowed:

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))

access-list 100 permit ip any any

farah med amine says:September 14, 2013 at 1:45 AM

@acme i understand you ;)

Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN

nor the Core should be able to use a web browser to access this server .

Nirates says:September 15, 2013 at 3:26 PM

@mostapha

both answers would not answer the question fully.

From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last

statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server

has a different ip address. so the correct command would be:

Access-list 100 permit ip any host 172.22.242.17

From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the

question. Remember that the question says 'Other types of access from host D to the Finance Web Server should

be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is

stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right

command should be:

Access-list 100 deny ip any host 172.22.242.23

...I hope this helps

Nirates says:September 15, 2013 at 3:32 PM

@Farah,

the question did not ask that you deny WEB access to the financial web server. it is only when web access is

involved that you can add eq 80 to the command.

...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm

which works. ;)

Ahmed Badubyan says:September 25, 2013 at 5:14 PM

This comment has been removed by the author.

Anonymous says:October 6, 2013 at 2:07 AM

Just passed This Friday Oct 4. SIM Is valid. Thank you.

Adi says:October 10, 2013 at 4:06 AM

Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)

Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher

cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

m0bi says:October 30, 2013 at 2:41 PM

Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside

Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.

200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at Mubasher95@Gmail.com

Good Luck!

Anonymous says:November 26, 2013 at 9:11 AM

This comment has been removed by a blog administrator.

Anonymous says:November 27, 2013 at 7:32 PM

can I add command: "no ip domain-lookup"

to prevent stupid annoying translate.. error message?

Anonymous says:December 1, 2013 at 6:00 PM

I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from

9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu

got ACL1, ACL2, EIGRP..... same sim with slight modifications....

Anonymous says:December 15, 2013 at 12:15 PM

I confused about command answer Modification #3 and #4, why same command?

In Modification #4, I think Host D ip address is 192.168.33.4.

Rajiv Widyaratne says:December 31, 2013 at 6:34 AM

Why "Request Timeout" when using the Web Browser of "D"????

(Modification 4)

Anonymous says:January 5, 2014 at 10:02 AM

@ Rajiv Widyaratne

the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple

mistake

try

access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80

access-list 100 deny ip any host 172.22.242.23

access-list 100 permit ip any any

it will work ;)

Anonymous says:January 8, 2014 at 11:44 PM

MODIFICATION #4

How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a

fourth statement?

Thanks!!

Beso says:January 10, 2014 at 8:45 PM

Modification #4

access-list 100 permit ip any any

will allow all hosts to public and others so there is no problem i think !!

and cuz in this ques it requires only 3 statements ..

Anonymous says:January 30, 2014 at 8:32 PM

MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list

BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.

Corp1#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23

Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15

Corp1(config)#access-list 100 permit ip any any

Corp1(config)#interface fa0/1

Corp1(config-if)#ip access-group 100 out

Corp1(config-if)#end

Corp1#

%SYS-5-CONFIG_I: Configured from console by console

Corp1#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Corp1#show access-list

Extended IP access list 100

permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))

deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))

permit ip any any

Corp1#

Adi says:February 6, 2014 at 2:45 AM

Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now

New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you

purchase. Each voucher cost 70USD.

Details Required For CCNA Voucher For Discount Processing:

1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)

2-Country.

3-City.

4-State.

5-Pin Code (or Area Code)

6-Residential Address (or where you can collect your Certificate or further correspondence

can be received)

7-Date of birth

Add me on Skype through this information which is written below:

Skype Name: rockon660

you can also email me at this email address which is written below:

madeelqaiser@gmail.com

If you have any Questions feel free to contact me.

Thanks,

Best regards,

Adeel

Anonymous says:February 13, 2014 at 1:26 AM

i had passed my ccna exam with 972/1000 score on 12 feb.

the labs were acl1,acl2 and eigrp

acl 1 (same as it is)

eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and

default network )

acl 2 (with bit modification)

"The task is to create and apply a numbered access-list with no more than three statements that

-> will allow ONLY host A web access to the Finance Web Server.

->All other traffic from A to finance server is denied.

->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.

-> All other traffic is permitted to public server.

Anonymous says:February 25, 2014 at 9:06 AM

MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.

Anonymous says:March 21, 2014 at 3:21 PM

In the second modification which is HOST B. which said that to ALLOW only host B to access finance

server and deny host B from other servers.

I tired many times but It's possible to access finance server and public web server through all hosts. I copied the

commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts

access whole servers ?

Anonymous says:March 22, 2014 at 3:55 PM

MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.

Leave a Reply

Enter your comment...

Comment as: Google Account

PublishPublish PreviewPreview

Popular Posts

New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)

The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14

th October 2013 Download the La...

CCNA EIGRP Simulation (NEW)

After adding Interior router, no routing updates are being exchanged between Perimeter and the

new location. All other inter connectivity...

CCNA Access List Control (ACL) Simulation

A network associate is adding security to the configuration of the Corp1 router. The user on host

C should be able to use a web...

Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce

Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated

on 9/27/2013 ...

Access Control List (ACL) Simlet

An administrator is trying to ping and telnet from Switch to Router with the results shown below:

For this ...

CCNA VLAN Simulation

This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This

does not require any configura...

CCNA RIPv2 Simulation

Central Florida Widgets recently installed a new router in their Apopka office. Complete the

network installation by performing the ini...

CCNA NAT Simulation

A network associate is configuring a router for the Weaver company to provide internet access.

The ISP has provided the company six public I...

CCNA NAT Simulation

A network associate is configuring a router for the weaver company to provide internet access.

The ISP has provided the company six pu...

CCNA Routing and Switching (200-120)

CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco

CCNA Routing and Switching certification. Candida...

Links

CCNA Simulation

CCNP ROUTE Simulations

Popular Posts

New Questions in

CCNA 200-120

(HSRP, VRRP,

NetFlow, SNMP)

The below are mock questions that

were about to appear in exam

CCNA 200-120. Updated : 14 th

October 2013 Download the La...

CCNA EIGRP

Simulation (NEW)

After adding

Interior router, no

routing updates are being

exchanged between Perimeter and

the new location. All other inter

connectivity...

CCNA Access List

Control (ACL)

Simulation

A network

associate is adding security to the

configuration of the Corp1 router.

The user on host C should be able to

use a web...

Incorrect

Questions in

Cisco.Acme.640-

802.v2013-08-

06.by.Acme.649q.vce

Download the new version :

http://www.4shared.com/file/7JUsXd3b/640

802v2.html? updated on 9/27/2013

...

Access Control List

(ACL) Simlet

An administrator is

trying to ping and

telnet from Switch to Router with

the results shown below: For this ...

CCNA VLAN

Simulation

This task requires

you to use the CLI

of Sw-AC3 to answer five multiple-

choice questions. This does not

require any configura...

CCNA RIPv2

Simulation

Central Florida

Widgets recently

installed a new router in their

Apopka office. Complete the

network installation by performing

the ini...

CCNA NAT

Simulation

A network

associate is

configuring a router for the Weaver

company to provide internet access.

The ISP has provided the company

six public I...

CCNA NAT

Simulation

A network

associate is

configuring a router for the weaver

company to provide internet access.

The ISP has provided the company

six pu...

CCNA Routing and

Switching (200-

120)

CCNA Composite

Exam: The 200-120 CCNAX is the

composite exam associated with the

Cisco CCNA Routing and Switching

certification. Candida...

Category List

CCNA (37)

CCNA Basic (4)

CCNA Cisco IOS (3)

CCNA Drag & Drop (3)

CCNA Frame Relay (2)

CCNA RIP Route (2)

CCNA Routing (4)

CCNA Simulation (7)

CCNA STP (1)

CCNA Subnetting (4)

CCNA Switching (2)

CCNA VLAN (1)

CCNP (2)

CCNP Simulation (2)

ICND1 (1)

ICND1 Simulation (1)

Blog Archive

▼  2013 (42)

►  November (2)

►  October (3)

►  September (21)

▼  August (16)

VLSM Short-cut

IPv4 Address Calculation for

beginners

Which of the following is a

characteristic of full...

What will Switch-1 do with

this data?

Which switch provides the

spanning-tree

designated...

CCNA VLAN Simulation

RouterA is unable to reach

RouterB. What is the mo...

The network administrator

needs to address seven L...

What is the most likely cause

of the problem?

What are two things that

could be attempted that

w...

What is preventing the

router from pinging

remote ...

On the network

131.1.123.0/27, what is

the last IP...

Drag & Drop (IP Address)

CCNA EIGRP Simulation

(NEW)

CCNAX 2.0 Syllabus

CCNA Access List Control

(ACL) Simulation

© 2013 Examtut | Privacy Policy

Find us on Facebook

Acme Infotek

672 people like Acme Infotek.

Facebook social plugin

LikeLike

Generated with www.html-to-pdf.net Page 9 / 9