Tutorial requirements :
The basic knowledge of designing simple networks using packet tracer 3.2
If you did not use the packet tracer before do not panic I will describe the program soon in my Blog .
To download the project click here Router1-1 project
Notes:
*Every access-list is connected with the next ip access-group
* I mean that :
Suppose I created this access list
Access-list 1 deny any
The this access-list is connected with the next ip access-group
Ex:
Ip access-group 1 in
So the full ex like this :
access-list deny any
int fast 0/0
ip access-group 1 in
*This example deny the network that connected on port 0/0 to send any message to the out side world .
***
Router commands wee need :
1-enable
2-config
3-int fast [port number]
4-ip address [default gateway] [mask]
***
Access-list commands :
# access-list [1/99] [permit/deny] host [ip] or any
1 To create access list :
a-enable
b-config
c- access-list 1 deny any
Ip access-group commands :
#ip access-group 1 [in/out]
* first you should determine the port of the router that you want to control
2-To create ip access-group:
a-[determine the port]
int fast 0/0
b-ip access-group 1 in
Examples :
Ex1: Suppose you have the following :
Mask = 255.255.224.0
a-Network ID = 190.0.32.0 /19
b-default gateway = 190.0.32.1
c - Hosts :
Host1=190.0.32.2 /19
Host2=190.0.32.3 /19
2-Network 2 connected to 1/0 router port :
a-Network ID = 190.0.64.0 /19
b-Default gateway = 190.0.64.1
c- Hosts :
Host3=190.0.64.2 /19
Host4=190.0.64.3 /19
3- AdminsNetwork connected to 2/0 router port:
a-Network ID = 190.0.128.0 / 19
b-default gateway = 190.0.128.1
c-Hosts :
Admin1=190.0.128.2
* Suppose your manger 'ME :)' asked you that :
1-I do not want any host to send messages from network 1 to out side world .
2-The host 4 in Network2 can not send messages but others can .
3-The Network2 should not receive messages from any network.
In outher words :
Network1 can not send messages But can receive .
Network2 host 2 can not send messages but others can
Netwoek2 can not receive messages
Ex1 Solution :
I will suppose that you did not programmed your router yet so we will begin together from the scratch :
Let us go :
Solution tips :
1-programe the router default gate ways .
2-create the access-list & ip access-group.
***
Section 1 Router programming :
Step 1 : double click on the router then press enter .
Step 2 : write 'enable' then press enter.
Step3: write 'config' then press enter.
Step4: press enter.
Else reread the previous steps to know where is the error occurred .
Step5: int fast 0/0 [ 0/0 is the port that Network1 connected to] .
Step6: ip address 190.0.32.1 255.255.224.0 [then press enter].
The previous step tells the router that :
Every message from the Network1 will pass to the router through the port 0/0 using the default gate way 190.0.32.1
Now we programmed the port 0/0 to use the default gateway 190.0.32.1 .
I recommend that you test the connection between the Network1 and the router by send a packet to the router .
If the packet sent successfully go to Step7 else re reread steps 5 and 6 to know where the error occurred .
Remember :
Network2 connected to port 1/0 using 190.0.64.1 default gateway.
Step8: type int fast 1/0 then press enter [ to access port 1/0].
Step9: type ip address 190.0.64.1 255.255.224.0
Know we going to program the third gateway.
Remember :
AdminsNetwork connected to port 2/0 using 190.0.128.1 default gateway.
Step10: type exit [to exit from 1/0 port].
Step11: type int fast 2/0 then press enter [ to access port 2/0].
Step12: type ip address 190.0.128.1 255.255.224.0
Congratulations now you finished programming the router ports and default gateways now it is very important to test your networks,
I recommend to do that send packet from Host1 to Host4 then
send packet from Host 4 to Host 1.
Then send packet from Admin1 to Host1 then to Host2.
Do not go to the next section if you did not tested your network successfully .
Section 2 creating access-list & ip access-group :
Remember your manger says that :
1-I do not want any host to send messages from network 1 to out side world .
Solution 2-1 :
If your command line looks like this [Router0(config-if)#] type exit then press enter to become like this [Router0(config)#]
Creating access-list 1 :
Step 1 : type access-list 1 deny any then press enter [prevent any host to send messages]
This step to create an ip access-group
Remember every access list is connected with next access group
Step 2 : type int fast 0/0 [to determine access-list 1 controls witch port ]
The steps from 1 to 3 means that :
Crate access-list in name 1 and this access list prevent any host to send massages and connect the ip access-group 1 with access list 1 .
In in 'ip access-group 1 in' means that this access-group controls the flow of data comes from the Network1 throw port 0/0 to the router.
Creating access list 1 & ip access-group 1 full code :
access-list 1 deny any 'enter'
type int fast 0/0 'enter'
ip access-group 1 in 'enter'
Solution 2-2 :
Remember your manger :
2-The host 4 in Network2 can not send messages but others can .
Hint : host 4 ip =190.0.64.3
Step 1 : type exit [if your command line looks like this 'Router0(config-if)#'.
Strp 2 : type access-list 2 deny 190.0.64.3 then press enter
Then type access-list 2 permit any [other host can send messages]
Creating ip access-group 2
Step 3 : int fast 1/0
Creating access-list 2 & access-group 2 full code :
Exit 'enter'
access-list 2 deny 190.0.64.3 'enter'
access-list 2 deny 190.0.64.3 'enter'
access-list 2 permit any 'enter'
int fast 1/0 'enter'
ip access-group 2 in 'enter'
I recommend to test your work before continue .
Solution 2-3 :
Remember your manager :
3-The Network2 should not to receive messages from any network
Remember :
In ip access-group
In = send
Out = receive
Creating access-list 3 :
Step 1 : exit then enter [your command line should look like this Router0(config)#]
Step 2 : access-list 3 deny any then enter [ Network2 can not receive messages ]
Step 3: int fast 1/0 then enter [Network 2 is connected with router using 1/0 port]
Step 4 : ip access-group 3 out [ out=receive]
Now it is time to some simulation :
Remember the manger :
1-I do not want any host to send messages from network 1 to out side world .
Send packet from Host 1 to Admin1 to check that [ will blocked].
Then send packet from Amin1 to Host 1 .[Will allowed].
2-The host 4 in Network2 can not send messages but others can .
Send packet from Host 4 to Admin1 to check that.[will blocked]
Then Send packet from Host 3 to Admin1 [will allowed]
3-The Network2 should not receive messages from any network.
Send packet from Admin1 to Host4 to check that.
I Hope you get benefit's from my tutorial and I hope you provide me with your feed back this is my first tutorial so your opinion and notes about my style of learning is very important to me .
Thanks to :
Dr Mohammad Al Maany : My networks instructor.
Mrs Sanaa Al Omosh : My network lab supervisor .
My friend Mr Tamer Al Magableh
Ex1 is finished i will post alot of packet tracer 3.2 tutorials soon .
Best wishes
Hamzeh AL-Darawsheh.
