ACL On Main Branch,

Please stick it with following rules before you start writing rules

1.Internet access, all vlans are permitted access unless specifically denied rules. – which means you
will only write permit rules but deny rule should be written at last

2.VLAN to VLAN, is denied unless specifically permitted below – which means you will only write
denied rules but permit rule should be written at last

I am going to write the rules as text for your main branch, the rest should be done by yourself as I
did below(remember I didn’t say it is compulsory but it would be grade if u tried). As you have not
sent the updated VLSM, I am going to use the VLSM that I got from you earlier. While you checking
the rules written below if u feel that network address is wrong, please do correct it nicely.

Montreal

ii. ACL rules for Server Farm

server Farm– VLAN number(99 – it may be varied with your vlan number)

any means any ip from vlan 99(don’t get confused)

ip extended0-list ACLVLAN99

deny ip any 100.32.9.224 0.0.0.31(block all swtich management )

deny ip any 100.32.10.0 0.0.0.31

deny ip any 100.32.10.32 0.0.0.31

deny ip any 100.32.10.64 0.0.0.31

permit ip any any

iii.

sales and hire – VLAN number(101 – it may be varied with your vlan number)

extended list ACLVLAN101

(shit he didn’t add the hire only group at Ottawa so, VLSM is completely wrong… so here I put
sample network address so correct it)

Hire only network address – 31.80.0.0 /22

deny ip any 31.80.0.0 0.0.3.255(block hire only group)

deny ip any 100.32.0.0 0.0.3.255(block sales only group)

deny ip any 100.32.6.0 0.0.0.255

deny ip any 100.32.8.192 0.0.0.63(block vehicle maintenance group)

deny ip any 100.32.9.0 0.0.0.63

deny ip any 100.32.9.64 0.0.0.63

deny ip any 100.32.8.128 0.0.0.63

deny ip any 100.32.9.224 0.0.0.31(block all swtich management )

deny ip any 100.32.10.0 0.0.0.31

deny ip any 100.32.10.32 0.0.0.31

deny ip any 100.32.10.64 0.0.0.31

deny ip any 100.32.7.0 0.0.0.127(block marketing group)

permit ip any any(permit business admin, site security (as per ix.) , technical Support(as per x.))

when u write the rules in ACL, rules should be written from most specific to less specific(which
means ascending order of ip addresses ) but I couldnot write like that as I don’t have the correct
VLSM.

iv. hire only group is in the different city but same as iii.

v. marketing vlan permitted access to business admin and hire only vlan

marketing – VLAN number(102 – it may be varied with your vlan number)

extended list ACLVLAN102

deny ip any 100.32.4.0 0.0.1.255(block sales and hire)

deny ip any 100.32.8.192 0.0.0.63(block vehicle maintenance group)

deny ip any 100.32.9.0 0.0.0.63

deny ip any 100.32.9.64 0.0.0.63

deny ip any 100.32.8.128 0.0.0.63

deny ip any 100.32.9.224 0.0.0.31(block all swtich management )

deny ip any 100.32.10.0 0.0.0.31

deny ip any 100.32.10.32 0.0.0.31

deny ip any 100.32.10.64 0.0.0.31

permit any any (permit business admin and hire only,sales only (as per vii.) site security (as per ix.) ,
technical Support(as per x.))

xi. its very big so I will do it and send it you so that you can copy paste it to other city

that’s it, I remind you again do the labs because apart from the case study, you are in week number
9.still, I cant force you to do as I have given the wrong table. It was completely my fault that simply
sent the table without checking.