Lab 10‐1 - LPouliot/Junior-Spring-NET-330-01-Network-Design GitHub Wiki

Homework Lab 11-1 Cisco Access-List Assignment

CISCO ACL Lab

In this lab, we will be using the guided Packet Tracer Activity to practice using standard and extended named access lists.

The Activity in the above file will provided guidance and some walkthrough instructions. Below are the specific goals for our class lab.

Important Notes

NOTE: There is a Typo in the Activity File - PC5's IP starts with 192.168 (there is a typo that says 192.169...)

Enable password is: cisco

Skip Step 4 (VTY line)

ISP network is 200.200.200.0/24

Lab Goals:

Ping the various PCs and Servers to ensure connectivity

image

Block the 192.168.11.0/24 network from entering (inbound serial 0/0/0) on Router 3 using a Standard ACL

image

enable

config t

Creating ACL on Router R3 and deny any packets from 192.168.11.0/24, permit all other traffic

device(config)# ip access-list standard STND-1
device(config-std-nacl)# deny 192.168.11.0 0.0.0.255
device(config-std-nacl)# permit any

Apply the ACL as a filter on packets entering R3 through Serial Interface 0/0/0

device(config)# int Serial 0/0/0
device(config-if)# ip access-group STND-1 in

exit all the way

copy run start

PC3 (192.168.11.10) should not be able to ping PC5 (192.168.30.10 BUT PC1 should be able to ping PC5

image

Block network 192.168.10.0/24 from reaching the Internet.

image

Create the extended ACL on R2 called EXTEND-1, block all traffic from the 192.168.10.0/24 network to the host, permit all other traffic

enable
config t

(config)# ip access-list extended EXTEND-1
(config-nacl-myacl)# deny ip 192.168.10.0 0.0.0.255 host 200.200.200.1 
(config-nacl-myacl)# permit ip any any

Apply the ACL EXTEND-1 as a filter of outbound packets leaving R2 through Serial interface 0/0/0.

(config)# interface serial 0/0/0
(config-if)# ip access-group EXTEND-1 out

exit all the way

copy run start

PC1 should not be able to ping 200.200.200.1 BUT PC1 should be able to ping everything else

image

Skip VTY exercise

Configure only Web access to the Web Server (192.168.20.201)

This is done on Router 1

enable
config t

(config)# ip access-list extended WEB-1
(config-nacl-myacl)# permit tcp any host 192.168.20.201 eq www

(config)# interface FastEthernet 0/0
(config-if)# ip access-group WEB-1 out

Configure the network to deny all access from the ISP to the File Server (192.168.20.210). Allow access from any other device.

This is done on Router 1

enable
config t

(config)# ip access-list extended FILESERVER-1
(config-nacl-myacl)# deny ip 200.200.200.0 0.0.0.3 host 192.168.20.210
(config-nacl-myacl)# permit ip any any

(config)# interface serial 0/2/0
(config-if)# ip access-group FILESERVER-1 in

Submission:

Showing results from "Check Results", You should have green check marks for everything except the VTY settings

image

Config of R1 showing the Bonus ACLs

image image