Exercise 1: Study the network diagram carefully and write ACLs for each of the given specifications (requirements). You must use extended ACLs only when necessary. The ACL must be complete (that is, indicate the router and the interface that you will put it on) and correct (syntactically and must meet the security requirement).
Exercise 2: Write two programs (one for standard and one for extended) that simulate the processing of an ACL at a router’s interface. Each program should read two text files, one containing ACL statements, and another containing a list of IP addresses that represent packets coming into the interface. The input to the standard ACL program will be just a list of source IP addresses while the input to the extended ACL program will be a list of source IP address, destination IP address and port number. The program should process each packet according to the ACL statements and decide to permit or deny each packet. You may assume that the program is simulating the ACL (either in or out) at just one interface. Here’s an example for how the standard ACL program should work: Read Input text file 1 access-list 3 deny 172.16.4.0 0.0.0.255 access-list 3 permit 172.16.0.0 0.0.255.255 interface EO ip access-group 3 out Read Input text file 2 (consists of a list of source IP addresses) 172.16.4.1 172.16.3.5 201.15.3.4 Display the following output: Packet from 172.16.4.1 denied Packet from 172.16.3.5 permitted Packet from 201.15.3.4 denied As you can notice, the three packets in the second text file test all the boundary conditions. Here’s an example for how the extended ACL program should work: Read Input text file 1 access-list 101 deny tcp 172.16.0.0 0.0.255.255 172.16.3.0 0.0.0.255 range 20-21 access-list 101 permit ip 172.16.0.0 0.0.255.255 172.16.3.0 0.0.0.255 interface EO ip access-group 101 out Read Input text file 2 (consists of a list of source IP, destination IP addresses and port numbers) 172.16.4.4 172.16.3.1 20 172.16.4.4 172.16.3.5 22 172.25.3.1 172.16.3.4 22 Display the following output: Packet from 172.16.4.4 to 172.16.3.1 on port 20 denied Packet from 172.16.4.4 to 172.16.3.5 on port 22 permitted Packet from 172.25.3.1 to 172.16.3.4 on port 22 denied You can develop the programs in Java, C, C++ or Python. Make necessary assumptions regarding the spacing of characters in the input text files. Test your program for at least three different standard ACLs and three different extended ACLs, each for several different packets.
