950, 1/48 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   sayhung
   CCNA ´ýÇÁÁß ¸í·ÉÇؼ®¹®Àǵ帳´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=498 [º¹»ç]


¹®Á¦------------------------------------------------------------
you hav been tasked to create and apply a numberd access list to a single oubound interface in not more than three statements

1.Host c should be able to use a web brower (HTTP) to access the finance web server.

2.Other types of access from host C to the finance web server should be blocked.

3.All access from hosts in the core or local LAN to the finace web server should be blocked.

4.All hosts in the core and on local lan should be able to access the public web server.

you hav been tasked to create and apply a numberd access list to a single oubound interface in not more than three statements

All passwords have been temporarily set to ¡°cisco¡±.

The Core connection uses an IP address of 198.18.196.65

The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 ? 192.168.33.254

Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4

The servers in the Server LAN have been assigned addresses of 172.22.242.17 ~ 172.22.242.30

The Finance Web Server is assigned an IP address of 172.22.242.23.
----------------------------------------------------------------------------------------------------------------
ÀÌ ¹®Á¦¿¡°üÇÑ ´äÀ» ¾´ ¸í·ÉÀä

access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 (¿©±â¿¡ »ý·«µÇ¾îÀִ°ÔÀִٴµ¥...)
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
!
interface fastether 0/1            
ip access-group 100 out    -> ÀÌ°Å´Â ±× ¶ó¿ìÅÍ¿¡¼­ ³ª°¡´Â°É ¸·´Â´Ù´Â ¶æÀΰ¡¿ä ?
À̸í·Éµé Çؼ®À»¸ð¸£°Ú½À´Ï´Ù..
  Hit : 3634     Date : 2011/12/29 10:36


    
akrwosla Á¦°¡ ¹è¿îÁö Á»µÇ¼­ ..»ì¦ ±â¾ï³ª´Â°É·Î´Â..Àú Àû¿ë³»¿ëÀ».. 0/1·Î ³ª°¥¶§ Àû¿ë½ÃÅ°´Â°Ô ¾Æ´Ï¿´³ª Çϴµ¥.. È®½ÇÇÑ ´äº¯¸øÇص帮°Ú³×¿ä..¤Ð¤Ð 2011/12/30  
akrwosla Ã¥ÀÚ Ã£¾Æº¸°í °Ë»öÇغ»°á°ú.. ÀÌ´õ³ÝÀ¸·Î ³ª°¡´Â°Å¿¡¼­ ¸·´Â´Ù´Â ¶æÀÌ³×¿ä ¤¾
 2011/12/30  
gorani access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 (¿©±â¿¡ »ý·«µÇ¾îÀִ°ÔÀִٴµ¥...)
access-list 100 deny ip any host 172.22.242.23
access-list 100 permit ip any any
!
interface fastether 0/1
ip access-group 100 out


;;; ¸·´Â´Ù´Â ¶æÀÌ ¾Æ´Õ´Ï´Ù.

¿©±â¼­ ÆÐŶÀÌ µé¾î¿À°í ³ª°£´Ù´Â °³³äÀÌ »ó´ëÀûÀ̶ó óÀ½¿¡´Â ¸¹ÀÌ Çì±ò·Á ÇϽʴϴÙ.

¿ÜºÎ¿¡¼­ serial Æ÷Æ®·Î ÆÐŶÀÌ µé¾î¿Í¼­ faÂÊÀ¸·Î ³ª°¡´Â °ÍÀ̹ǷÎ

serialÀÎÅÍÆäÀ̽º·Î µé¾î¿Í¼­ fa0/1 ÀÎÅÍÆäÀ̽º·Î ³ª°¡´Â ÆÐŶ¿¡

ACL 100¹ø ¼³Á¤À» Àû¿ëÇÏ°Ú´Ù´Â ¶æÀ̳׿ä.



host -> sever(°¡Á¤) À¸·Î ÆÐŶÀ» º¸³»´Â°ÍÀ̶ó°í »ý°¢Çϸé

sever ÀÔÀå¿¡¼­´Â ¶ó¿ìÅÍ¿¡¼­ ÆÐŶÀÌ ºüÁ®³ª¿Í¼­ Àڽſ¡°Ô ¿À´Â°ÍÀ̹ǷΠout ÀÌ ¸Â½À´Ï´Ù.

severÀÇ ¶ó¿ìÅÍ ÀÔÀå¿¡¼­ serial ÀÎÅÍÆäÀ̽º¿¡ ACL100À» Àû¿ëÇÑ´Ù¸é in À¸·Î ÇÏ´Â°Ô ¸Â°ÚÁö¿ä

¿ÜºÎ¿¡¼­ ¶ó¿ìÅÍ·Î ÆÐŶÀÌ µé¾î¿À´Â°Å´Ï±î¿ä
 2012/01/02  
sayhung ¾Æ Çؼ®ÇØÁÖ½ÅºÐµé °¨»çÇÕ´Ï´Ù¤Ì¤Ì 2012/01/04