Extended Numbered ACL 1

Wendell
By Wendell June 23, 2016 13:05

Ready to review how to match subnets with extended ACLs? And how to match well-known ports? Today’s lab lets you do just that. Along the way, you get to think about where to place the ACL to most efficiently filter packets. Jump in and create your own config.

Requirements

Configure an extended access list to control that traffic as detailed in the following rules.

The specific rules for this lab are:

  • Create an extended numbered (101) ACL which performs the following functions:
    • Block all traffic from the 20.0.1.0/24 subnet to the http, ftp (data and control) and tftp ports of the 10.0.3.0/24 subnet displayed in the figure
    • Permit all other traffic
  • Apply the ACL on the appropriate device
  • Assume all router interfaces shown in the lab are up, working and have correct IP addresses assigned
  • Assume routing between all devices is configured and operational

 

Figure 1: Topology Used in Extended ACL Lab

 

Initial Configuration

Examples 1, 2, 3 and 4 shows the beginning configuration state of R1, R2, SW1 and SW2.

 

Example 1: R1 Config

 

Example 2: R2 Config

 

Example 3: SW1 Config

Example 4: SW2 Config

 

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solutions, if you happen to try it with VIRL or real gear, you can check by verifying it with the show ip access-lists and show ip interfaces commands. If possible you could also configure hosts to the topology to ensure the access-list is working as expected.

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The virl topology matches this lab topology exactly.

 

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address User/password
S1 10.0.1.11 cisco/cisco
S2 10.0.2.12 cisco/cisco
S3 10.0.3.13 cisco/cisco
S4 20.0.1.14 cisco/cisco
S5 20.0.2.15 cisco/cisco
S6 20.0.3.16 cisco/cisco

 

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node within the topology: telnet 10.1.1.1

 

Answers: Basic SNMP Config 1
Answers: Extended Numbered ACL 1
Wendell
By Wendell June 23, 2016 13:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories