Extended IPv4 ACL Drill 1

certskills
By certskills May 3, 2017 09:05

Extended Access Control Lists (ACLs) can be a challenge for many reasons. In the first few posts in this series, these ACL exercises will focus on just a few of those issues. In particular:

  • The concept and syntax to match TCP and UDP port numbers
  • When you need to make the ACL match and permit some kinds of overhead traffic

Today’s post gives you a set of requirements, and then a few variations on that set of requirements. Your job: Create an ACL that meets those requirements. Simple enough!

Ground Rules

First off, a quick note about some rules for this exercise. First:

These exercises are NOT intended to be about tricky wording. The requirements are intended to be plain.

Instead, the goal of these exercises is to give you repetition in thinking about:

  • The location and direction of the ACL
  • The matching of different applications
  • The matching of some overhead protocols

So, read the requirements, think of them as being plain, create ACL statements to match each requirement, and practice choosing the correct config while thinking about the location of the ACL!

 

The Requirements

Configure an ACL to meet the following requirements.

First, the exercise uses the topology in Figure 1:

Figure 1: Topology Used in the ACL Drill

 

Use the following requirements to decide how to configure a named IPv4 ACL to permit and deny specific applications:

  1. Use the ACL location shown with the circled 1, that is, outbound on router R2’s G0/2 interface.
  2. Deny any TCP and UDP traffic that is not otherwise noted to be permitted per these requirements, while allowing all other IP packets.
  3. For any ACL statements that could use either a number or a keyword (for instance, for a TCP port number), use the number, not the keyword.
  4. Permit the following applications to work correctly between hosts in the subnet where host A resides and hosts in the subnet where server S resides:
    • Telnet
    • World Wide Web
    • SMTP

Additionally, make sure that your ACL meets the following requirements for overhead protocols. Configure ACL statements only if necessary to meet these requirements:

  1. To allow IPv4 ARP to work correctly
  2. To allow IPv4 OSPF to work correctly

You should be able to extrapolate the necessary IPv4 addressing details from the following router address/mask reference table:

Device Interface Address/Mask
R1 G0/1 172.16.1.1/25
R1 S0/0/0 172.16.12.1/30
R2 G0/1 172.16.2.2/26
R2 S0/0/1 172.16.12.2/30
R2 G0/2 172.16.23.2/29
R3 G0/1 172.16.3.3/27
R3 G0/2 172.16.23.3/29

Router Interfaces and Their Address/Mask Settings

 

Answers: Next Post!

I’ll post in the answers within the next few days. Once posted, the answer post should be linked at the bottom of this post, as the next post in chronological order. Thanks for playing!

Advice After 17 Trips to CLUS
Extended IPv4 ACL Drill 1 - Answers
certskills
By certskills May 3, 2017 09:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories