Di Posting Oleh : Simple Learning
Kategori : Basics CCNA Configuration Emulator Exercises ICND1 LearnByDoing PacketTracer
Previous Lab | Exercises | Next Lab
- Packet Filtering Using Standard ACL.
- Standard ACL Examples.
- Packet Filtering with Extended ACL.
- Extended ACL Examples.
Lab 3-3 Packet Tracer Topology Download.
Topology Diagram
This is continuation of the previous lab related to basic security.
Task 1: Configuring an ACL (Access Control List).
In this exercise assumptions have been made:
PC1 (IP Address: 10.1.1.100/24) is allowed to to access Server (172.16.1.100) using any protocol.
PC2 (IP Address: 10.1.1.101/24) CANNOT use telnet Server. All other traffic is allowed.
There are few ways of constructing ACL. Here's one of them:
Step 1
Configure ACL statements:
Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#access-list 100 deny tcp host 10.1.1.101 host 172.16.1.100 eq telnet
Branch(config)#access-list 100 permit ip any any
Branch(config)#
Step 2
Apply the ACL on Fas0/0 interface blocking incoming packets.
Branch(config-if)#ip access-group 100 in
Branch(config-if)#
Branch#show access-list 100
Extended IP access list 100
deny tcp host 10.1.1.101 host 172.16.1.100 eq telnet
permit ip any any
Branch#
Notice
Packet Tracer does not provide us with index number next the ACL statements (on real equipment they are present and can be used to remove statements using 'named' acl syntax.
Notice
Packet Tracer does not have 'show ip int f0/0' command implemented properly. This command normally displays whether incoming and/or outgoing ACL is applied on the interface.
Notice
Packet Tracer is somewhat limited here. We cannot enable http server (ip http server) on HQ router in order to properly test the ACL.
Also 'named' ACLs are not working in the version of Packet Tracer I am using. This does not allow me to show you how to re-sequence statements, remove statements, and squeeze statements between other ones.
Verification:
Notice
I have tested ACL using PC2 and telnet is NOT being blocked as expected. This proves that version of Packet Tracer I use is NOT working properly.
0 Response to "Lab 3-3: Using ACLs to filter IP based traffic"
Post a Comment