7.3.2.4 Packet Tracer Troubleshooting Standard IPv4 ACLs Instructions

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 3

Download7.3.2.4 Packet Tracer - Troubleshooting Standard IPv4 ACLs Instructions
Open PDF In BrowserView PDF
Packet Tracer – Troubleshooting Standard IPv4
Topology

Addressing Table
Device

Interface

IP Address

Subnet Mask

Default Gateway

G0/0

10.0.0.1

255.0.0.0

N/A

G0/1

172.16.0.1

255.255.0.0

N/A

G0/2

192.168.0.1

255.255.255.0

N/A

Server1

NIC

172.16.255.254

255.255.0.0

172.16.0.1

Server2

NIC

192.168.0.254

255.255.255.0

192.168.0.1

Server3

NIC

10.255.255.254

255.0.0.0

10.0.0.1

L1

NIC

172.16.0.2

255.255.0.0

172.16.0.1

L2

NIC

192.168.0.2

255.255.255.0

192.168.0.1

L3

NIC

10.0.0.2

255.0.0.0

10.0.0.1

R1

Objectives
Part 1: Troubleshoot ACL Issue 1
Part 2: Troubleshoot ACL Issue 2
Part 3: Troubleshoot ACL Issue 3

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 1 of 3

Packet Tracer - Troubleshooting ACLs

Scenario
This network is meant to have the following three policies implemented:
1. Do not allow hosts from the LAN1 (10.0.0.0/8) network access to the LAN2 (172.16.0.0/16) network.
Permit all other access.
2. Do not allow host L2 in LAN2 (172.16.0.0/16) network access to the LAN3 (192.168.0.0/24). Permit
all other access.
3. Only permit host L3 in LAN3 (192.168.0.0/24) network access to the LAN1 (10.0.0.0/8).
No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working
correctly. Your task is to find and fix the errors related to the access lists on R1.
Note: To attain full marks in this lab, it is best to remove and re-enter ACLs. It is also best to remove and reenter any invalid ip access-group command.

Part 1: Troubleshoot ACL Issue 1
Do not allow hosts from the LAN1 (10.0.0.0/8) network access to LAN2 (172.16.0.0/16) network. Permit all
other access. This is not currently the case.

Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to what you would expect from the ACL.
a. Using L1, open the Command Prompt and ping Server2 using the ping –t 172.16.255.254 command. As
expected, the pings should not be successful. However, hosts in LAN3 should be able to access LAN2.
b. Using L3, open the Command Prompt and ping Server2. The pings should be successful.
c.

View the running configuration on R1. Examine access list DENY-LAN1 ACL and its placement on the
interfaces. Is there any statement in the list that permits or denies traffic to other networks? Are the
statements in the correct order? Is the access list configured on the correct interface and in the correct
direction?

d. Perform other tests, as necessary.

Step 2: Implement a solution.
Make the necessary adjustments to the DENY-LAN1 ACL or to its placement, to fix the problem.

Step 3: Verify that the problem is resolved and document the solution.
If the problem is resolved, document the solution; otherwise return to Step 1.

Part 2: Troubleshoot ACL Issue 2
Do not allow host L2 in LAN2 (172.16.0.0/16) network access to the LAN3 (192.168.0.0/24). Permit all other
access. This is not currently the case.

Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to what you would expect from the ACL.
a. Using L2, open the Command Prompt and ping Server3 using the ping –t 192.168.0.254 command. The
pings should not be successful. However, other hosts in LAN2 should be able to access LAN3.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 2 of 3

Packet Tracer - Troubleshooting ACLs
b. Using Server2, open the Command Prompt and ping Server3. The pings should be successful.
c.

View the running configuration on R1. Examine access list DENY-L2 ACL and its placement on the
interfaces. Is there any statement in the list that permits or denies traffic to other networks? Are the
statements in the correct order? Is the access list configured on the correct interface and in the correct
direction?

d. Perform other tests, as necessary.

Step 2: Implement a solution.
Make the necessary adjustments to the DENY-L2 ACL or to its placement, to fix the problem.

Step 3: Verify that the problem is resolved and document the solution.
If the problem is resolved, document the solution; otherwise return to Step 1.

Part 3: Troubleshoot ACL Issue 3
Only permit host L3 in LAN3 (192.168.0.0/24) network access to the LAN1 (10.0.0.0/8). This is not currently
the case.

Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to what you would expect from the ACL.
a. Using L3, open the Command Prompt and ping L1 using the ping –t 10.0.0.2 command. The pings
should be successful.
b. Using Server3, open the Command Prompt and ping L1. The pings should not be successful.
c.

View the running configuration on R1. Examine access list PERMIT-L3 ACL and its placement on the
interfaces. Is there any statement in the list that permits or denies traffic to other networks? Are the
statements in the correct order? Is the access list configured on the correct interface and in the correct
direction?

d. Perform other tests, as necessary.

Step 2: Implement a solution.
Make the necessary adjustments to the PERMIT-L3 ACL or to its placement, to fix the problem.

Step 3: Verify that the problem is resolved and document the solution.
If the problem is resolved, document the solution; otherwise return to Step 1.

Part 4: Reflection
Access-lists pose a logical problem which often has more than one solution. Can you think of a different set of
rules or placements that would yield the same required access filtering?

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 3 of 3
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : Yes
Author                          : Betty Staerk
Create Date                     : 2018:08:17 13:58:17-07:00
Modify Date                     : 2018:08:17 14:00:02-07:00
Has XFA                         : No
Language                        : en-US
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 5.6-c015 84.159810, 2016/09/10-02:41:30
Creator Tool                    : Microsoft® Word 2016
Metadata Date                   : 2018:08:17 14:00:02-07:00
Producer                        : Microsoft® Word 2016
Format                          : application/pdf
Creator                         : Betty Staerk
State                           : 1
Version                         : 1.1
Document ID                     : uuid:d9af8dd2-5b6f-471c-acfb-404e1d3cfb67
Instance ID                     : uuid:1ba71632-9412-4eed-82e1-01e2c7072a4b
Page Count                      : 3
EXIF Metadata provided by EXIF.tools

Navigation menu