acl1 sim
DESCRIPTION
ssTRANSCRIPT
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 1 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 2 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 3 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 4 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 5 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user on
host C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will have
web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 6 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this location
including other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2
Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.
In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.
Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access the
Finance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 7 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 8 / 9
EXAMTUT
Newer Post
CCNA Access List Control (ACL) SimulationPosted on
A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. No other hosts from the LAN nor the Core should be able to use a web browserto access this server. Since there are multiple resources for the corporation at this locationincluding other resources on the Finance Web Server, all other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. No other hosts will haveweb access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.All passwords have been temporarily set to “cisco”.The Core connection uses an IP address of 198.18.196.65The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 –192.168.33.254Host A 192.168.33.1Host B 192.168.33.2Host C 192.168.33.3Host D 192.168.33.4The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30The Finance Web Server is assigned an IP address of 172.22.242.23.The Public Web Server is assigned an IP address of 172.22.242.17
The Adobe Flash Player or an HTML5 supported browser is
required for video playback.
Get the latest Flash Player
Learn more about upgrading to an HTML5 browser
Corp1>enable
Password: cisco
We should create an access-list and apply it to the interface which is connected to theServers LAN interface, because it can filter out traffic from both Sw-Hosts and Core networks.The Server LAN network has been assigned addresses of 172.22.242.17 – 172.22.242.30 so wecan guess the interface connected to them has an IP address of 172.22.242.30 (.30 is thenumber shown in the figure). Use the “show ip interface brief” command to check whichinterface has the IP address of 172.22.242.30.Corp1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.33.254 YES manual up up
FastEthernet0/1 172.22.242.30 YES manual up up
Serial0/0 198.18.196.65 YES manual up up
We learn that interface FastEthernet0/1 is the interface connected to Server LAN network. Itis the interface we will apply our access-list (for outbound direction).Corp1#configure terminal
Our access‐list needs to allow host C – 192.168.33.3 to the Finance Web Server 172.22.242.23via web (port 80)Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host
172.22.242.23 eq 80
Deny other hosts access to the Finance Web Server via webCorp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
All other traffic is permittedCorp1(config)#access-list 100 permit ip any any
Apply this access-list to Fa0/1 interface (outbound direction)
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that theaccess-list can filter traffic coming from both the LAN and the Core networks. If we applyaccess list to the inbound interface we can only filter traffic from the LAN network.In the real exam, just click on host C and open its web browser. In the address box typehttp://172.22.242.23 to check if you are allowed to access Finance Web Server or not. If yourconfiguration is correct then you can access it.Click on other hosts (A, B and D) and check to make sure you can’t access Finance Web Serverfrom these hosts.Finally, save the configurationCorp1(config-if)#end
Corp1#copy running-config startup-config
This configuration only prevents hosts from accessing Finance Web Server via web but if thisserver supports other traffic – like FTP, SMTP… then other hosts can access it, too.Notice: In the real exam, you might be asked to allow other host (A, B or D) to access theFinance Web Server so please read the requirement carefully.
Modification #1A network associate is adding security to the configuration of the Corp router. The user onhost B should be able to access the Finance Web Server. Host B should be denied to accessother server on S1-SRVS network. Since there are multiple resources for the corporation atthis location including other resources on the Finance Web Server, all other traffic should beallowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host B access to the Finance Web Server. Deny host B from accessing theother servers. All other traffic is permitted.access-list 100 permit ip host 192.168.33.2 host 172.22.242.23
access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
access-list 100 permit ip any any
Modification #2A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to access the Finance Web Server. No other hosts from the LAN nor theCore should be able access this server. All other traffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C access the Finance Web Server. No other hosts will have access tothe Finance Web Server. All other traffic is permitted.access-list 100 permit ip host 192.168.33.3 host 172.22.242.23
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #3A network associate is adding security to the configuration of the Corp1 router. The user onhost C should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All othertraffic should be allowed.The task is to create and apply a numbered access-list with no more than three statementsthat will allow ONLY host C web access to the Finance Web Server. Also host C should bedenied to access any other services of Finance Web Server. No other hosts will access to theFinance Web Server. All other traffic is permitted.access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Modification #4A network associate is adding security to the configuration of the Corp1 router. The user onhost D should be able to use a web browser to access financial information from the FinanceWeb Server. Other access from host C to Finance Web Server should be denied. No otherhosts from the LAN nor the Core should be able to access the Finance Web Server. All hostsfrom the LAN nor the Core should able to access public web server.
The task is to create and apply a numbered access-list with no more than three statements
that will allow ONLY h ost D should be able to use a web browser(HTTP)to access the Finance
Web Server. Other types of access from host D to the Finance Web Server should be
blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be
blocked. All hosts in the Core and local LAN should be able to access the Public Web Server.
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq
80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
Download LAB file (need packet tracer to open)
https://app.box.com/s/yizuzzbkagp4v0j52a50
Mirror:
http://www.4shared.com/file/heZzTLiH/ACL_Sim.html?
Download Video file
https://app.box.com/s/uri1xwy29gw0qc0smlk0
This entry was posted in CCNA, CCNA Simulation . Bookmark the permalink.
Opera browser download Moneys Mutual Money Money Managers Confused
Internet advertising agency Microsoft Word Will work from home
23 Responses so far.
A.H.Mostofa Kalam says:September 2, 2013 at 1:07 PM
what commands have you used for ACL?
- Host D should be able to use a web browser(HTTP)to access the Finance Web Server
- Other types of access from host D to the Finance Web Server should be blocked
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked
- All hosts in the Core and local LAN should be able to access the Public Web Server
Answer 1:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 deny ip any host 172.22.242.23
Access-list 100 permit ip any any
Answer 2:
Access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
Access-List 100 permit ip any host 172.22.242.17
Access-list 100 deny ip any any
When asked – all can access to public server should I use answer 2 or answer 1?
i know if only said all other traffic is permitted I can use answer 1 without doubt. I am having confusion when it is
said all can access to public server…both is correct for that may be and answer 2 fully satisfies the need, right?
Please help me out to understand…
farah med amine says:September 14, 2013 at 1:29 AM
@ACME PLEASE:command 2 use eq 80????
Modification #3
The user on host C should be able to access the Finance Web Server
Other access from host C to Finance Web Server should be denied
No other hosts from the LAN nor the Core should be able to access the Finance Web Server. All other traffic
should be allowed:
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23 use ((((( eq 80))))
access-list 100 permit ip any any
farah med amine says:September 14, 2013 at 1:45 AM
@acme i understand you ;)
Other access from host C to Finance Web Server should be denied ########## No other hosts from the LAN
nor the Core should be able to use a web browser to access this server .
Nirates says:September 15, 2013 at 3:26 PM
@mostapha
both answers would not answer the question fully.
From your Answer 1, line 1 and 2 answer only the first two statements of the question. Remember that the last
statement of the question was 'specifically' to allow Core and LAN access to Public Server, and the Public server
has a different ip address. so the correct command would be:
Access-list 100 permit ip any host 172.22.242.17
From your Answer 2, line 1 answers the first part of the question, while line 2 answers the last part of the
question. Remember that the question says 'Other types of access from host D to the Finance Web Server should
be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked'. It is
stated SPECIFICALLY, to block all access to ONLY the Finance server and not to other servers. So the right
command should be:
Access-list 100 deny ip any host 172.22.242.23
...I hope this helps
Nirates says:September 15, 2013 at 3:32 PM
@Farah,
the question did not ask that you deny WEB access to the financial web server. it is only when web access is
involved that you can add eq 80 to the command.
...I'd suggest you read the question carefully. Besides, try out the commands on your packet tracer and confirm
which works. ;)
Ahmed Badubyan says:September 25, 2013 at 5:14 PM
This comment has been removed by the author.
Anonymous says:October 6, 2013 at 2:07 AM
Just passed This Friday Oct 4. SIM Is valid. Thank you.
Adi says:October 10, 2013 at 4:06 AM
Hello Guys I hope you will be fine there.Now New CCNA (200-120) and CCNA security (640-554)
Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher
cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
m0bi says:October 30, 2013 at 2:41 PM
Passed 200-120 exam Today with 958/1000. Do not waste time and money guys only testinside
Purchased 100% valid dumps Lab was ACL2 Modifications & EIGRP with few but Same.
200-120 dumps Testindie Q307 with secondary Key # in cheap price contact me at [email protected]
Good Luck!
Anonymous says:November 26, 2013 at 9:11 AM
This comment has been removed by a blog administrator.
Anonymous says:November 27, 2013 at 7:32 PM
can I add command: "no ip domain-lookup"
to prevent stupid annoying translate.. error message?
Anonymous says:December 1, 2013 at 6:00 PM
I just finished my ccna exam... scored 958 in second attempt .... almost all the questions from
9tut,examtut, acme spintry...... I could have passed if I knew this excellent site before.... thank youuuuuu
got ACL1, ACL2, EIGRP..... same sim with slight modifications....
Anonymous says:December 15, 2013 at 12:15 PM
I confused about command answer Modification #3 and #4, why same command?
In Modification #4, I think Host D ip address is 192.168.33.4.
Rajiv Widyaratne says:December 31, 2013 at 6:34 AM
Why "Request Timeout" when using the Web Browser of "D"????
(Modification 4)
Anonymous says:January 5, 2014 at 10:02 AM
@ Rajiv Widyaratne
the ip of host D in the answer is wrong ... it should be 192.168.33.4 ... not 192.168.33.3 , a copy paste simple
mistake
try
access-list 100 permit tcp host 192.168.33.4 host 172.22.242.23 eq 80
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
it will work ;)
Anonymous says:January 8, 2014 at 11:44 PM
MODIFICATION #4
How can you complete all of the tasks without adding a "Access-list 100 permit ip any host 172.22.242.17" as a
fourth statement?
Thanks!!
Beso says:January 10, 2014 at 8:45 PM
Modification #4
access-list 100 permit ip any any
will allow all hosts to public and others so there is no problem i think !!
and cuz in this ques it requires only 3 statements ..
Anonymous says:January 30, 2014 at 8:32 PM
MODIFICATION #1:If this correct way to do things MINUS that I should have checked the access list
BEFORE I copied it? I am still a newbie at this but trying hard. Thanks.
Corp1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Corp1(config)#access-list 100 permit tcp host 192.168.33.2 host 172.22.242.23
Corp1(config)#access-list 100 deny ip host 192.168.33.2 172.22.242.16 0.0.0.15
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#
%SYS-5-CONFIG_I: Configured from console by console
Corp1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Corp1#show access-list
Extended IP access list 100
permit tcp host 192.168.33.2 host 172.22.242.23 (6 match(es))
deny ip host 192.168.33.2 172.22.242.16 0.0.0.15 (30 match(es))
permit ip any any
Corp1#
Adi says:February 6, 2014 at 2:45 AM
Hello Guys good news for you that CCNA discounted and Microsoft vouchers are now available. Now
New CCNA (200-120) vouchers on special discount of 58% for World wide, with six months expiry date till you
purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Anonymous says:February 13, 2014 at 1:26 AM
i had passed my ccna exam with 972/1000 score on 12 feb.
the labs were acl1,acl2 and eigrp
acl 1 (same as it is)
eigrp (just change od AS and advertising a network (same as it is) with NO issue about passive interfaces and
default network )
acl 2 (with bit modification)
"The task is to create and apply a numbered access-list with no more than three statements that
-> will allow ONLY host A web access to the Finance Web Server.
->All other traffic from A to finance server is denied.
->All traffic from lan servers(B,C,D) and core to the Finance Web Server is denied.
-> All other traffic is permitted to public server.
Anonymous says:February 25, 2014 at 9:06 AM
MODIFICATION 1 CAN´T BE DONE IN 3 SENTENCES,the question need to be wrong.
Anonymous says:March 21, 2014 at 3:21 PM
In the second modification which is HOST B. which said that to ALLOW only host B to access finance
server and deny host B from other servers.
I tired many times but It's possible to access finance server and public web server through all hosts. I copied the
commands as it's mentioned there and I got the same problem. is it a bug in SIM or it's all right when other hosts
access whole servers ?
Anonymous says:March 22, 2014 at 3:55 PM
MODIFICATION 1 GUYS ISN'T CORRECT. SOME ONE HELP PLEASE.
Leave a Reply
Enter your comment...
Comment as: Google Account
PublishPublish PreviewPreview
Popular Posts
New Questions in CCNA 200-120 (HSRP, VRRP, NetFlow, SNMP)
The below are mock questions that were about to appear in exam CCNA 200-120. Updated : 14
th October 2013 Download the La...
CCNA EIGRP Simulation (NEW)
After adding Interior router, no routing updates are being exchanged between Perimeter and the
new location. All other inter connectivity...
CCNA Access List Control (ACL) Simulation
A network associate is adding security to the configuration of the Corp1 router. The user on host
C should be able to use a web...
Incorrect Questions in Cisco.Acme.640-802.v2013-08-06.by.Acme.649q.vce
Download the new version : http://www.4shared.com/file/7JUsXd3b/640-802v2.html? updated
on 9/27/2013 ...
Access Control List (ACL) Simlet
An administrator is trying to ping and telnet from Switch to Router with the results shown below:
For this ...
CCNA VLAN Simulation
This task requires you to use the CLI of Sw-AC3 to answer five multiple-choice questions. This
does not require any configura...
CCNA RIPv2 Simulation
Central Florida Widgets recently installed a new router in their Apopka office. Complete the
network installation by performing the ini...
CCNA NAT Simulation
A network associate is configuring a router for the Weaver company to provide internet access.
The ISP has provided the company six public I...
CCNA NAT Simulation
A network associate is configuring a router for the weaver company to provide internet access.
The ISP has provided the company six pu...
CCNA Routing and Switching (200-120)
CCNA Composite Exam: The 200-120 CCNAX is the composite exam associated with the Cisco
CCNA Routing and Switching certification. Candida...
Links
CCNA Simulation
CCNP ROUTE Simulations
Popular Posts
New Questions in
CCNA 200-120
(HSRP, VRRP,
NetFlow, SNMP)
The below are mock questions that
were about to appear in exam
CCNA 200-120. Updated : 14 th
October 2013 Download the La...
CCNA EIGRP
Simulation (NEW)
After adding
Interior router, no
routing updates are being
exchanged between Perimeter and
the new location. All other inter
connectivity...
CCNA Access List
Control (ACL)
Simulation
A network
associate is adding security to the
configuration of the Corp1 router.
The user on host C should be able to
use a web...
Incorrect
Questions in
Cisco.Acme.640-
802.v2013-08-
06.by.Acme.649q.vce
Download the new version :
http://www.4shared.com/file/7JUsXd3b/640
802v2.html? updated on 9/27/2013
...
Access Control List
(ACL) Simlet
An administrator is
trying to ping and
telnet from Switch to Router with
the results shown below: For this ...
CCNA VLAN
Simulation
This task requires
you to use the CLI
of Sw-AC3 to answer five multiple-
choice questions. This does not
require any configura...
CCNA RIPv2
Simulation
Central Florida
Widgets recently
installed a new router in their
Apopka office. Complete the
network installation by performing
the ini...
CCNA NAT
Simulation
A network
associate is
configuring a router for the Weaver
company to provide internet access.
The ISP has provided the company
six public I...
CCNA NAT
Simulation
A network
associate is
configuring a router for the weaver
company to provide internet access.
The ISP has provided the company
six pu...
CCNA Routing and
Switching (200-
120)
CCNA Composite
Exam: The 200-120 CCNAX is the
composite exam associated with the
Cisco CCNA Routing and Switching
certification. Candida...
Category List
CCNA (37)
CCNA Basic (4)
CCNA Cisco IOS (3)
CCNA Drag & Drop (3)
CCNA Frame Relay (2)
CCNA RIP Route (2)
CCNA Routing (4)
CCNA Simulation (7)
CCNA STP (1)
CCNA Subnetting (4)
CCNA Switching (2)
CCNA VLAN (1)
CCNP (2)
CCNP Simulation (2)
ICND1 (1)
ICND1 Simulation (1)
Blog Archive
▼ 2013 (42)
► November (2)
► October (3)
► September (21)
▼ August (16)
VLSM Short-cut
IPv4 Address Calculation for
beginners
Which of the following is a
characteristic of full...
What will Switch-1 do with
this data?
Which switch provides the
spanning-tree
designated...
CCNA VLAN Simulation
RouterA is unable to reach
RouterB. What is the mo...
The network administrator
needs to address seven L...
What is the most likely cause
of the problem?
What are two things that
could be attempted that
w...
What is preventing the
router from pinging
remote ...
On the network
131.1.123.0/27, what is
the last IP...
Drag & Drop (IP Address)
CCNA EIGRP Simulation
(NEW)
CCNAX 2.0 Syllabus
CCNA Access List Control
(ACL) Simulation
© 2013 Examtut | Privacy Policy
Find us on Facebook
Acme Infotek
672 people like Acme Infotek.
Facebook social plugin
LikeLike
Generated with www.html-to-pdf.net Page 9 / 9