Place at interface to administrative network. Prevents access to admin network from student network |
r(config)# access-list 1 deny 10.51.4.0 0.0.0.255
r(config)# access-list 1 permit any
r(config)# int e 0
r(config-if)# ip access-group 1 in
|
Place at interface to administrative server. Prevents access to admin server from student network |
r(config)# access-list 2 deny 10.51.4.0 0.0.0.255
r(config)# access-list 2 permit any
r(config)# int e 1
r(config-if)# ip access-group 2 in
|
The district office will supply all internet connectivity because it is the single point of contact for all schools and organizations in the district. The connectivity initiated from the Internet to the internal district network will be protected by ACL’s placed on router interfaces including student servers. However all communication from district to Internet will be permitted in both directions because they are of no threat to the network. These will prevent unauthorized access from the student network into the administrative network.