Design of Assignment Based on Flipping Classroom—Taking the Access Control List of “Network Devices Configuration and Management” Course as an Example ()
1. Introduction
The “Network Devices Configuration and Management” is the core course of computer network technology in Sichuan Staff University of Science and Technology. It is a practical and technical course. To learn the course, students need to use the knowledge learned in the pre-courses to systematically master the routing and exchange technology in the computer network. According to the characteristics of higher vocational education and combined with the actual teaching experience, the teaching and research section carefully prepares the self-learning assignments of the students before the course and organizes the classroom teaching activities according to the students’ feedbacks, which improves the students’ practical ability and professional ability, achieving good results.
2. Course Introduction
This course is a core course in computer network technology. Through the thorough investigation and analysis of the computer network related jobs, the members of the teaching and research section jointly developed the computer network technology professional talent training program with the experts of many cooperative enterprises and determined the training objectives of this course. First, the knowledge goal: familiar with the standards and specifications of common network devices; skillfully plan and design the network according to the requirements of small and medium-sized networks; master the configuration methods of switches and routers; familiar with the working principle and basic configuration of the router; configure the router’s various routes (default route, static route, RIP protocol, OSPF protocol); master the advanced configuration of the router (NAT, DHCP, DNS, ACL, etc.); master the basic configuration of the switch; master the VLAN, STP Configuration method; master the daily management and maintenance of switches and routers. Second, the ability goal: can carry out IP planning; can set up the configuration environment of network devices; can manage small and medium-sized enterprise network devices; can configure LAN to access the Internet; can configure various protocols of router according to network environment; can manage wireless network devices; Optimize the configuration of network devices; monitor network device performance and troubleshoot. Third, the quality objectives: the ability to standardize and optimize the network topology map; honest, trustworthy, tenacious personality; independent, open learning ability; good self-expression, communication skills; good teamwork spirits.
3. Organization of the Teaching Contents
The teaching and research section take a medium-sized enterprise’s actual networking solution as a teaching case and decomposes it into eight typical tasks. It is aimed at CCNA (Cisco Certified Network Associate) standards and national occupational skill standards (network technology). See Table 1 for details.
4. Virtual Experiment Platform of Access Control List Packet Filtering
According to the teaching progress, we selected the Access Control List Packet
Filtering in the “Network Security Configuration” module to implement flipped classroom teaching.
Network security involves both technical issues and management issues. The two aspects complement each other and cannot be separated [1] . In terms of technology, the key technologies of network security include: Access Control List (ACL) Packet Filtering, Network Address Translation (NAT), Authentication, Authorization and Accounting (AAA), switch port security, Virtual Private Network (VPN), Terminal access control (End user Admission Domination, EAD) technology. ACL packet filtering technology uses ACL to identify data to determine whether to forward or discard some packets. This technology can be applied to the in-direction and out-direction of each interface of the switch or router, that is, for the packets received or forwarded on the interface of the router or switch, we first obtain packet header information, then compare with the set rules, and process the packet according to the comparison [2] .
In the case of limited laboratory conditions, computer network experiment teaching with the aid of simulation platform can reduce the cost of experiment, and it has become a trend to use simulation software for experiment teaching [3] [4] . At present, network simulation software widely used for academic and educational use includes the following: object-oriented network simulator NS2 (version2) developed by UCBerkeley, assisted learning Simulation tool Cisco Packet Tracer released by Cisco, and graphical network simulation tool platform eNSP (Enterprise Networks Simulation Platform) developed by Huawei technology co., LTD. [5] [6] [7] , and GNS3 virtual experiment platform. Packet Tracer is a pure simulation software with simple operation and limited functions. GNS3 not only fully supports Cisco devices but supports Juniper manufacturers, providing the simulation of higher equipment such as routers and switches. For all kinds of network experiments, it shows better applicability [8] . In this course, GNS3 is taken as the online virtual teaching experiment platform, and students are required to master the use of GNS3 and eNSP virtual experiment platform at the same time.
5. Preparation
1) Get to know the basic information of students and their expectation of this course in detail through questionnaire survey and conversations. Teachers first design the questionnaire, carry on the thorough investigation before the lecture, and start the conversation with some individual students, understand the student’s actual level and their request for the curriculum study, laying the foundation for the following teaching.
2) Timely update the contents according to the survey, adjust the difficulty, and try to meet the students’ level.
3) Adopt group learning mode, organizing 6 members in each group. The group leader is fully responsible for the study and discussion of the group and the implementation of the project arrangement. Each group is equipped with corresponding network devices to meet the requirements of setting up the experimental network. The grouping is based on the students’ academic performance, knowledge structure, learning ability, personality characteristics, gender, etc. For complementation, the collocation of good grades and poor grades, the collocation of introversion and extroversion, and the collocation of boys and girls are advocated.
6. Flipped Classroom Students Independently Learn Task List Design
1) The teaching materials are published to the network teaching platform before the class. The website is http://sckzd.fanya.chaoxing.com/portal and resource content is shown in Table 2.
2) According to the teaching content and learning feedback, students’ independent learning assignment list is designed according to the principles of concentration, hierarchy and orientation.
Basic learning content includes standard ACL, extended ACL, named ACL. Advanced content includes fixed time access ACL, reflexive access Lists, dynamic ACL. Also, students are required to watch PPT and video to master relevant concepts, working principles and key configuration steps.
Assignment 1. Build the network topology as shown in Figure 1. IP address planning of each device interface is shown in Table 3.
Requirements:
1) Configure the router R1, R2 and R3 for network interworking.
2) Allow 192.168.1.0/24 access to the server.
3) PC1 is only allowed to access 1.1.1.1/24 via Telnet.
![]()
![]()
Table 3. IP address planning table for assignment 1.
4) PC2 is only allowed to access server’s FTP service from 8:00 to 10:00 each day.
5) Allow 192.168.1.0/24 access to 192.168.2.0/24 and forbid 192.168.2.0/24 access to 192.168.1.0/24. Consider and summarize the role of this ACL configuration principle in network security.
6) If PC5 wants to access WEB or FTP services on the server, it must first successfully log in to the router R3 by Telnet. Students need to think about and summarize the advantages of dynamic ACL in network security.
7) The above experiments can be carried out in one project or implemented separately. Complete the experiment report in groups, summarize the configuration principles, and explain the problems encountered in the configuration and the solution process in detail.
Assignment 2. Build the network topology as shown in Figure 2. IP address planning of each device interface is shown in Table 4.
Requirements:
1) Configure switches and routers to interoperate with the whole network. R1 simulated external network.
2) Engineering department VLAN3 can access all VLANs, while other VLANs cannot access VLAN1 and VLAN3.
3) Only VLAN3 can log in to Server1, Server2, and Server3 via Telnet, SSH, and remote desktop.
4) R0 can log into R1 remotely, and R1 is not allowed to initiate any connection to R0.
5) VLAN1 can only access Server1’s WWW service and Server2’s 9000 port.
6) VLAN1 can only access Server3’s FTP service on weekends.
7) VLAN2 must be authenticated to access Server1.
8) Submit configuration instructions and configuration results on a team basis.
Task 3. Implement the assignment 2 on eNSP platform.
Task 4. Refer to relevant literature and give more examples or ideas of ACL packet filtering technology in network security.
![]()
Table 4. IP address planning for assignment 2.
7. Concluding Remarks
ACL packet filtering technology plays an important role in computer network teaching. It involves the knowledge of network planning, network protocol and routing configuration, and is a difficult technology to master. The above design assignment list has been constantly adjusted during implementation for better application. In the teaching process, designing various teaching cases according to the teaching content and requirements can better help students understand abstract theoretical knowledge, enrich the practical teaching content, and stimulate students’ interest in learning network knowledge.
Supported
This work is supported by the teaching reform project of Sichuan Staff University of Science and Technology (Project Number: kzd2018007).