Lab 10.3.2 Access-Class

Objectives:

  • Demonstrate the use of the access-class and line commands to control vty access.

Equipment Requirements:

  • Two Routers
  • One Switch with two VLANS set or two switches or two hubs
  • Two workstations

Scenario:

We want to create a standard access-list that will permit users on network 172.32.4.0 to telnet to Router-B. The access-list should be applied to the vty lines so that users on network 172.32.4.0 will be able to telnet to Router-B.

Step 1

Construct the above circuit, using IGRP as your routing protocol. Use the network address 172.32.3.0/24 on the serial link between the two routers.

Upon completion of the configuration, telnet from the two workstations to both routers.

Telnet from Router A to Router B and vice versa.

Step 2

On Router B issue the following commands:

router-b(config)#access-list 2 permit 172.32.4.0 0.0.0.255
router-b(config)#line vty 0 4
router-b(config-line)#access-class 2 in
router-b(config-line)#^Z

Step 3

On Router B, attempt to telnet to Router A

Was the telnet successful?

Step 4

On Router A, attempt to telnet to Router B.

Was the telnet successful?

Step 5

On the workstation with IP address 172.32.4.2, attempt to telnet to Router B

Was the telnet successful?

Step 6

On the workstation with IP address 172.32.2.2, attempt to telnet to 172.32.3.2 and 172.32.2.1

Was the telnet successful?