CCNA access list Exam Lab with GNS3 Downloadable Configuration files

CCNA ACL Exam Lab with GNS3:

If you are preparing to attempt the CCNA (200-120) Exam, then you must prepare for access-list, because in every exam there is a lab related to assess-list where you have to complete the configuration in order to make the access-list working. I have created the similar lab in GNS3 so that you can practice it before going into the real Exam.


Lab Question:
A network-Engineer is making the security configuration of the Corp1 router. You have to perform the following task for completing these configurations:

  1. The user on host C must be able to use a web browser to access financial information from the Finance Web Server.
  2. No other hosts from the LAN nor the Core should be able to use a web browser to access this server.
  3. YOU ARE required to apply an access-list with no more than three statements that will allow ONLY host C web access to the Finance Web Server. No other hosts will have web from Finance Web Server.
  4. All other traffic is permitted.



Other Information:
The Core user have the IP-address of 198.18.196.65.
LAN PCs have been assigned with IP addresses range from 192.168.33.1 - 192.168.33.254.
The servers in the Server LAN have been assigned addresses of 172.22.242.17 - 172.22.242.30.
The Finance Web-Server has been assigned with IP address of 172.22.242.23.
Image Courtesy: actualtests.com 


Solution / Required Configurations
You can achieve these required task by following /configuration / commands on router Crop1:
Corp1>enable
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
This command will allow the web traffic to finance web server, Where 192.168.33.3 is the IP address of host C.
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80
This command will block the web access of any other host to finance web server
Corp1(config)#access-list 100 permit ip any host 172.22.242.23
Above command will allow the any other traffic.
.
Apply the ACL to interface near to destination:
Corp1(config)#interface fa 0/1
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config

Verification of Configuration:
You can access the web only from 192.168.33.3 to Finance Web Server.

CCNA Access-list Exam lab In GNS3:


If you have some extra time you can configure this lab in GNS3… J You can also configure it with packet-tracer which is easy as compare to GNs3 But I have configured the same lab in Gns3, you can download these configuration files from here and can complete it with above configurations. Simply download the files (link are given at the end of post), create the topology same like shown in the figure and then upload these files on every router one by one. This will provide the initial practice before going into the real exam.

IN GNS3 For making the communications between Corp1, Lan Hosts (A,B,C,D) and finance servers I have configured the EIGRP AS 100, while in the real lab you have the by default communication between these devices.
For host-C and finance web server and other servers I have used the VMs of VirtualBox. I have used internet NIC with them With following IP configurations:
Host-C
192.168.33.3\24
Gateway=192.168.33.254
Host-B
192.168.33.2\24
Gateway=192.168.33.254
Finance-web-server
172.22.242.23\24
Gateway=172.22.242.30

For creating the web service on finance server I simply install the IIS and hosted a web-page named index.html. You can install the IIS on windows XP from control panel\add & remove feautures\add&remove windows components and the select the IIS and click on next and complete the wizard.
I have created a web-page (index.html) for test and place it on c:\inetpub\wwwroot of finance web-server. After completing the above configuration you can test the configuration with the followiway.
  1. open the internet explorer and access the shared web page with URL “172.22.242.23\index.html”, it will be successful from host-c as shown in figure.

  • Now try the same from Host-b page will be inaccessible.


CCNA EIGRP Exam Lab | Addition of new Router in EIGRP Process

Practice EIGRP LAB for CCNA:

Burtaqtech has a small network running with EIGRP as IGP protocol. EIGRP  has the AS number of 12 on all routers. Router MGT is also running static routing to the ISP. Burtaqtech has recently added the ENG router, currently which do ‘not have connectivity to the ISP-router. You have to perform the following tasks for completing the configurations:

Find the faults and correct the router configurations to provide full connectivity between the routers.
Following are the IP-address schemes of all the routers in the following network.

MGT
Fa0/0 – 192.168.77.33
S1/0 – 198.0.18.6
S0/0 – 192.168.27.9
S0/1 – 192.168.50.21

Parts2
Fa0/0 – 192.168.12.65
Fa0/1 – 192.168.12.81
S0/1 – 192.168.50.22

Parts1
Fa0/0 – 192.168.12.33
Fa0/1 – 192.168.12.49
S0/0 – 192.168.27.10

ENG
Fa0/0 – 192.168.77.34
Fa1/0 – 192.168.12.17
Fa0/1 – 192.168.12.1
Image Courtesy: actualtests.com 



Solution:
This the very simple Lab to configure in the CCNA Exam, all you have to do to advertise the EIGRP network of new added router “ENG” on MGT router. As MGT is the main router which is connecting all the routers to ISP. In our scenario on ENG the interface which is connected to MGT have the IP address of 192.168.77.x, so we will advertise this network on MGT router in EIGRP 12.

So you are required the following configuration for compleing the above EIGRP lab.
On the MGT Router:
Config t
Router eigrp 12

Network 192.168.77.0
UA-23728446-1