Instructions

Important Notes

• NOTE: There is a Typo in the Activity File - PC5's IP starts with 192.168 (there is a typo that says 192.169...)

  • Enable password is: cisco
  • Skip Step 4 (VTY line)
  • ISP network is 200.200.200.0/24

Lab Goals:

1. Ping the various PCs and Servers to ensure connectivity

2. Block the 192.168.11.0/24 network from entering (inbound serial 0/0/0) on Router 3 using a Standard ACL

• Rr is a typo - should be R2
• PC3 (192.168.11.10) should not be able to ping PC5 (192.168.30.10
• PC1 should be able to ping PC5

3. Block network 192.168.10.0/24 from reaching the Internet.

• On Router 2 serial 0/0/0, use an Extended ACL to prevent outbound packets from 192.168.10.0/24 from reaching the ISP address 200.200.200.1
• PC1 should not be able to ping 200.200.200.1
• PC1 should be able to ping everything else

4. Skip VTY exercise

5. Complete 2 out of 3 Additional Configurations (listed as Bonus Tasks in .pka) using Extended Access Lists on the appropriate router

• ISP Network is 200.200.200.0/24
• Web is TCP port 80
  • ping should fail to browser from PC's
  • To test Web, you can use the PC Desktop "Web Browser" and go to 192.168.20.201
• Mail is TCP port 25
  • To test Mail access from a PC:
    • go to the PC command line
    • Telnet 192.168.20.200 25
    • Will show "Trying 192.168.20.200...Open" if port is open
    • Ctrl and the "]" key will cancel telnet

---

Execution

Router 3

   enable
   conf t
   ip access-list standard STND-1
   deny 192.168.11.0 0.0.0.255
   permit any
   interface Serial0/0/0
   ip access-group STND-1 in

Router 2

   enable
   conf t
   ip access-list extended EXTEND-1
   deny ip 192.168.10.0 0.0.0.255 200.200.200.1 0.0.0.0
   permit ip any any
   interface Serial0/0/0
   ip access-group EXTEND-1 out

Additional Configurations

Router 1

   enable
   conf t
   ip access-list extended MAIL-WEB
   permit tcp any 192.168.20.200 0.0.0.0 eq 25
   permit tcp any 192.168.20.201 0.0.0.0 eq 80
   interface fa 0/0
   ip access-group MAIL-WEB out