CCNA 4 Chapter 5 SIC Access Control List and SNMP Configuration PT Skills Assessment
CCNA Routing and Switching
Connecting Networks 6.0 – Chapter 5 Skills Integration Challenge
Chapter 5 SIC: Access Control List and SNMP Configuration
FORM 0
SOLUTION – HQ Router config script (ANON)
EN conf ter snmp-server community hq-monitor ro snmp-server community hq-inside rw access-list 1 permit 192.168.10.0 0.0.0.255 access-list 12 permit host 192.168.10.5 line vty 0 1 access-class 12 in exit ip access-list extended SNMPACCESS Permit udp host 192.168.10.5 host 192.168.10.1 eq 161 deny udp any host 192.168.10.1 eq 161 permit ip any any interface g0/0 ip access-group SNMPACCESS in exit ip access-list extended SNMPDENY deny udp any host 172.16.10.1 eq 161 permit ip any any interface g0/1 ip access-group SNMPDENY IN exit ip access-list extended INTOHQ permit tcp any host 172.16.10.5 eq 53 permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp any any established interface s0/0/0 ip access-group INTOHQ IN exit ip access-list extended IN-DMZ permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp host 192.168.10.5 host 172.16.10.10 eq 20 permit tcp host 192.168.10.5 host 172.16.10.10 eq 21 interface g0/1 ip access-group IN-DMZ out exit ipv6 access-list DMZFTP deny udp any host 2001:DB8:ABCD:E::1 eq 161 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 20 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 21 permit tcp 2001:DB8:ABCD:B::/64 host 2001:DB8:ABCD:A::10 eq 80 int s0/0/1 ipv6 traffic-filter DMZFTP IN
SOLUTION – HQ Router config script (ANON)
EN conf ter snmp-server community hq-monitor ro snmp-server community hq-inside rw access-list 1 permit 192.168.10.0 0.0.0.255 access-list 12 permit host 192.168.10.5 line vty 0 1 access-class 12 in exit ip access-list extended SNMPACCESS Permit udp host 192.168.10.5 host 192.168.10.1 eq 161 deny udp any host 192.168.10.1 eq 161 permit ip any any interface g0/0 ip access-group SNMPACCESS in exit ip access-list extended SNMPDENY deny udp any host 172.16.10.1 eq 161 permit ip any any interface g0/1 ip access-group SNMPDENY IN exit ip access-list extended INTOHQ permit tcp any host 172.16.10.5 eq 53 permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp any any established interface s0/0/0 ip access-group INTOHQ IN exit ip access-list extended IN-DMZ permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp host 192.168.10.5 host 172.16.10.10 eq 20 permit tcp host 192.168.10.5 host 172.16.10.10 eq 21 interface g0/1 ip access-group IN-DMZ out exit ipv6 access-list DMZFTP deny udp any host 2001:DB8:ABCD:E::1 eq 161 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 20 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 21 permit tcp 2001:DB8:ABCD:B::/64 host 2001:DB8:ABCD:A::10 eq 80 int s0/0/1 ipv6 traffic-filter DMZFTP IN
SOLUTION – HQ Router config script (ANON)
EN conf ter snmp-server community hq-monitor ro snmp-server community hq-inside rw access-list 1 permit 192.168.10.0 0.0.0.255 access-list 12 permit host 192.168.10.5 line vty 0 1 access-class 12 in exit ip access-list extended SNMPACCESS Permit udp host 192.168.10.5 host 192.168.10.1 eq 161 deny udp any host 192.168.10.1 eq 161 permit ip any any interface g0/0 ip access-group SNMPACCESS in exit ip access-list extended SNMPDENY deny udp any host 172.16.10.1 eq 161 permit ip any any interface g0/1 ip access-group SNMPDENY IN exit ip access-list extended INTOHQ permit tcp any host 172.16.10.5 eq 53 permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp any any established interface s0/0/0 ip access-group INTOHQ IN exit ip access-list extended IN-DMZ permit udp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.5 eq 53 permit tcp any host 172.16.10.10 eq 80 permit tcp host 192.168.10.5 host 172.16.10.10 eq 20 permit tcp host 192.168.10.5 host 172.16.10.10 eq 21 interface g0/1 ip access-group IN-DMZ out exit ipv6 access-list DMZFTP deny udp any host 2001:DB8:ABCD:E::1 eq 161 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 20 permit tcp host 2001:DB8:ABCD:B::5 host 2001:DB8:ABCD:A::10 eq 21 permit tcp 2001:DB8:ABCD:B::/64 host 2001:DB8:ABCD:A::10 eq 80 int s0/0/1 ipv6 traffic-filter DMZFTP IN