MT Sky TCS - ACL's

Site hosted by Angelfire.com: Build your free website today!

undefined

Cisco Semester 3 Threaded Case Study

ACL's

The ACLs will manage traffic originating from and destined to our two
LANs; Administrative and Curriculum, and also the District WAN.

Administrative
--------------

o Only traffic destined to specified ports on certain Administrative
servers (Proxy, [addmore]) may enter the Administrative LAN.
o All traffic originating from the 10.49.2.0 - 10.49.6.0*** IP range
may leave the Administrative LAN.
o Everything else is denied.

Curriculum
----------

o Traffic originating from the Administrative LAN may freely enter
the Curriculum LAN.
o Traffic destined to specific ports on certain Curriculum servers
(Proxy, Mail, DNS) may enter Curriculum LAN.
o Traffic leaving these servers, destined for certain ports, may
leave the Curriculum LAN.
o Everything else is denied.

District
--------

o Only traffic originating from and/or destined to Administrative and
Curriculum servers may pass through.
o Everything else is denied.

interface serial 0
ip address 1.2.3.4 4.3.2.1
ip access-group 101 in
ip access-group 102 out
!
access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.50.0.5 0.0.0.0 eq 25
access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.50.0.5 0.0.0.0 eq 53
access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.50.0.6 0.0.0.0 eq 7000
access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.50.0.8 0.0.0.0 eq 80
access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.49.0.7 0.0.0.0 eq 80
access-list 101 deny any
!
access-list 102 permit tcp 10.50.0.5 0.0.0.0 0.0.0.0 255.255.255.255 eq 25
access-list 102 permit tcp 10.50.0.5 0.0.0.0 0.0.0.0 255.255.255.255 eq 53
access-list 102 permit tcp 10.50.0.6 0.0.0.0 0.0.0.0 255.255.255.255 eq 7000
access-list 102 permit tcp 10.50.0.8 0.0.0.0 0.0.0.0 255.255.255.255 eq 80
access-list 102 permit tcp 10.49.0.7 0.0.0.0 0.0.0.0 255.255.255.255 eq 80
access-list 102 deny any
!

interface ethernet 0
ip address 10.49.0.1 255.255.0.0
ip access-group 3 in
ip access-group 4 out
ip access-group 103 in
ip access-group 104 out
!
access-list 3 deny any
!
access-list 4 permit 10.49.2.0 255.205.248.255
access-list 4 deny any
!
access-list 103 permit tcp 0.0.0.0 255.255.255.255 10.49.0.4 0.0.0.0 eq 80
access-list 103 deny any
!
access-list 104 permit tcp 10.49.0.4 0.0.0.0 0.0.0.0 255.255.255.255 eq 80
access-list 104 deny any
!

interface ethernet 1
ip addess 10.50.0.1 255.255.0.0
ip access-group 5 in
ip access-group 6 out
ip access-group 105 in
ip access-group 106 out
!
access-list 5 permit 10.49.2.0 255.205.248.255
access-list 5 deny any
!
access-list 6 deny any
!
access-list 105 permit tcp 0.0.0.0 255.255.255.255 10.50.0.5 0.0.0.0 eq 25
access-list 105 permit tcp 0.0.0.0 255.255.255.255 10.50.0.5 0.0.0.0 eq 110
access-list 105 permit tcp 0.0.0.0 255.255.255.255 10.50.0.5 0.0.0.0 eq 53
access-list 105 permit tcp 0.0.0.0 255.255.255.255 10.50.0.8 0.0.0.0 eq 80
access-list 105 permit tcp 0.0.0.0 255.255.255.255 10.50.0.6 0.0.0.0 eq 7000
access-list 105 deny any
!
access-list 106 permit tcp 10.50.0.5 0.0.0.0 0.0.0.0 255.255.255.255 eq 25
access-list 106 permit tcp 10.50.0.5 0.0.0.0 0.0.0.0 255.255.255.255 eq 53
access-list 106 permit tcp 10.50.0.6 0.0.0.0 0.0.0.0 255.255.255.255 eq 7000
access-list 106 permit tcp 10.50.0.8 0.0.0.0 0.0.0.0 255.255.255.255 eq 80
access-list 106 deny any
!