Lab 10.1 Cisco Access List Assignment - squatchulator/Tech-Journal GitHub Wiki

Cisco ACL Lab

In this lab, we used a guided Packet Tracer Activity to practice using standard and extended named access lists.

Submission (See bottom of page for R1 Configs)

image

Block the 192.168.11.0/24 network from entering (inbound serial 0/0/0) on Router 3 using a Standard ACL

  • PC3 (192.168.11.10) should not be able to ping PC5 (192.168.30.10
  • PC1 should be able to ping PC5
Router 3
--------
enable
<password is cisco>
conf t
ip access-list standard STND-1
deny 192.168.11.0 0.0.0.255
permit any
ip access-group STND-1 in

Block network 192.168.10.0/24 from reaching the Internet.

  • On Router 2 serial 0/0/0, use an Extended ACL to prevent outbound packets from 192.168.10.0/24 from reaching the ISP address 200.200.200.1
  • PC1 should not be able to ping 200.200.200.1
  • PC1 should be able to ping everything else
Router 2
--------
enable
<password is cisco>![](https://drive.google.com/file/d/1Rrmig7Sch9trj9SFixDvPbLPFNVag5Ya/view?usp=sharing)
conf t
ip access-list extended EXTEND-1
deny ip 192.168.10.0 0.0.0.255 200.200.200.1 0.0.0.0
permit ip any any
interface serial0/0/0
ip access-group EXTEND-1 out

Bonus Tasks

  • Configure only Mail access to the Mail Server (192.168.20.200)
  • Configure only Web access to the Web Server (192.168.20.201)
Router 1
--------
enable
<password is cisco>
conf t
ip access-list extended MAIL-WEB
permit tcp any 192.168.20.200 0.0.0.0 eq 25
permit tcp any 192.168.20.201 0.0.0.0 eq 80
interface fastethernet0/0
ip access-group MAIL-WEB out