ACL Implementation

1. The purpose of the ACL's are to - control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router). 2. The router commands sequence required to implement the ACL on the schools router is - DesertView#config t DesertView(config)#access-list 101 permit tcp 130.12.16.0 0.0.0.1 130.12.8.0 0.0.0.1 eq smtp DesertView(config)#access-list 101 permit udp 130.12.16.0 0.0.0.1 130.12.8.0 0.0.0.1 eq dns DesertView(config)#access-list 101 deny ip 130.12.16.0 0.0.0.1 130.12.8.0 0.0.0.1 DesertView(config)#int e0 DesertView(config-int)#ip access-group 101 out DesertView(config-int)#exit DesertView(config)#access-list 102 deny tcp any 130.12.56.0 0.0.0.1 eq telnet DesertView(config)#access-list 102 permit tcp any 130.12.56.0 0.0.0.1 DesertView(config)#access-list 102 permit udp any 130.12.56.0 0.0.0.1 eq dns DesertView(config)#access-list 102 deny ip any 130.12.156.0 0.0.0.1 DesertView(config)#int s1 DesertView(config-int)#ip access-group 102 out DesertView(config-int)#exit DesertView(config)#exit DesertView# 3. The effect of the ACL as it relates to traffic flow across the schools LAN and the overall district network is - all connectivity initiated to the internal district server shall be prohibited via access control lists on the routers that make up the double firewall architecture. All connectivity initiated from the district server to the internet will not be prohibited. All traffic from the curriculum LANs to the Administration LANs, however, will be prohibited. Exceptions will be made to such applications as email and DNS.