Cisco ACL Activity - Zacham17/my-tech-journal GitHub Wiki

Access Control Lists

Access control lists provide basic firewall capabilities on a router. An access control list can define which traffic is allowed to pass through a router, and which traffic is blocked. In this lab I configured access control lists on three routers. The configurations for each router are below. The packet tracer file being used is below: ! image

Router 3 Config

On Router 3, I set an access control list to block traffic from the 192.168.11.0/24 network from accessing any local networks on router 3. The commands I used to do this are shown below:

Commands to Add the ACL

device(config)# ip access-list standard STND-1
device(config-std-nacl-Net1)# deny 192.168.11.0 0.0.0.255
device(config-std-nacl-Net1)# permit any

Commands to Apply the ACL

device(config)# int serial 0/0/0
device(config-if)# ip access-group STND-1 in

Router 2 Config:

On Router 2, I configured an extended ACL to block any traffic from the 192.168.10.0/24 network going to he IP address, 200.200.200.1.

Commands to Add the Extended ACL

(config)# ip access-list extended EXTEND-1
(config-nacl-myacl)# deny ip 192.168.10.0 0.0.0.255 host 200.200.200.1 
(config-nacl-myacl)# permit ip any any

Commands to Apply the ACL

(config)# interface serial 0/0/0
(config-if)# ip access-group EXTEND-1 out

Router 1 Config

On Router 1, I set two ACLs. One of the ACLs denies access to any traffic from the ISP to the File server. The other ACL allows only Web Access(ports 80 and 443) to the web server and denies all traffic.

Deny Access from the ISP to the File Serer:

Commands to Add the Extended ACL on Router 1

(config)# ip access-list extended NOISP
(config-nacl-myacl)# deny ip host 200.200.200.2 host 192.168.20.210 
(config-nacl-myacl)# permit ip any any

Commands to Apply the ACL on Router 1

(config)# interface serial 0/2/0
(config-if)# ip access-group NOISP in

Part 3 Configure only Web Access to the Web Server:

Commands to Add the Extended ACL on Router 1

(config)# ip access-list extended WEB
(config-nacl-myacl)# permit tcp any host 192.168.20.201 eq 80
(config-nacl-myacl)# permit tcp any host 192.168.20.201 eq 443
(config-nacl-myacl)# deny ip any any

Commands to Apply the ACL on Router 1:

(config)# interface fastEthernet 0/0
(config-if)# ip access-group WEB out