7.2.1.6 Packet Tracer Configuring Numbered Standard IPv4 ACLs Instructions

7.2.1.6%20Packet%20Tracer%20Configuring%20Numbered%20Standard%20IPv4%20ACLs%20Instructions

User Manual: Pdf

Open the PDF directly: View PDF PDF.
Page Count: 4

Download7.2.1.6 Packet Tracer Configuring Numbered Standard IPv4 ACLs Instructions
Open PDF In BrowserView PDF
Packet Tracer - Configuring Numbered Standard IPv4 ACLs
Topology

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 1 of 4

Packet Tracer - Configuring Standard ACLs

Addressing Table
Device

Interface

IP Address

Subnet Mask

Default Gateway

G0/0

192.168.10.1

255.255.255.0

N/A

G0/1

192.168.11.1

255.255.255.0

N/A

S0/0/0

10.1.1.1

255.255.255.252

N/A

S0/0/1

10.3.3.1

255.255.255.252

N/A

G0/0

192.168.20.1

255.255.255.0

N/A

S0/0/0

10.1.1.2

255.255.255.252

N/A

S0/0/1

10.2.2.1

255.255.255.252

N/A

G0/0

192.168.30.1

255.255.255.0

N/A

S0/0/0

10.3.3.2

255.255.255.252

N/A

S0/0/1

10.2.2.2

255.255.255.252

N/A

PC1

NIC

192.168.10.10

255.255.255.0

192.168.10.1

PC2

NIC

192.168.11.10

255.255.255.0

192.168.11.1

PC3

NIC

192.168.30.10

255.255.255.0

192.168.30.1

WebServer

NIC

192.168.20.254

255.255.255.0

192.168.20.1

R1

R2

R3

Objectives
Part 1: Plan an ACL Implementation
Part 2: Configure, Apply, and Verify a Standard ACL

Background / Scenario
Standard access control lists (ACLs) are router configuration scripts that control whether a router permits or
denies packets based on the source address. This activity focuses on defining filtering criteria, configuring
standard ACLs, applying ACLs to router interfaces, and verifying and testing the ACL implementation. The routers
are already configured, including IP addresses and Enhanced Interior Gateway Routing Protocol (EIGRP) routing.

Part 1: Plan an ACL Implementation
Step 1: Investigate the current network configuration.
Before applying any ACLs to a network, it is important to confirm that you have full connectivity. Verify that the
network has full connectivity by choosing a PC and pinging other devices on the network. You should be able
to successfully ping every device.

Step 2: Evaluate two network policies and plan ACL implementations.
a. The following network policies are implemented on R2:
•

The 192.168.11.0/24 network is not allowed access to the WebServer on the 192.168.20.0/24
network.

•

All other access is permitted.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 2 of 4

Packet Tracer - Configuring Standard ACLs
To restrict access from the 192.168.11.0/24 network to the WebServer at 192.168.20.254 without
interfering with other traffic, an ACL must be created on R2. The access list must be placed on the
outbound interface to the WebServer. A second rule must be created on R2 to permit all other traffic.
b. The following network policies are implemented on R3:
•

The 192.168.10.0/24 network is not allowed to communicate with the 192.168.30.0/24 network.

•

All other access is permitted.

To restrict access from the 192.168.10.0/24 network to the 192.168.30/24 network without interfering with
other traffic, an access list will need to be created on R3. The ACL must be placed on the outbound
interface to PC3. A second rule must be created on R3 to permit all other traffic.

Part 2: Configure, Apply, and Verify a Standard ACL
Step 1: Configure and apply a numbered standard ACL on R2.
a. Create an ACL using the number 1 on R2 with a statement that denies access to the 192.168.20.0/24
network from the 192.168.11.0/24 network.
R2(config)# access-list 1 deny 192.168.11.0 0.0.0.255
b. By default, an access list denies all traffic that does not match any rules. To permit all other traffic,
configure the following statement:
R2(config)# access-list 1 permit any
c.

For the ACL to actually filter traffic, it must be applied to some router operation. Apply the ACL by placing
it for outbound traffic on the Gigabit Ethernet 0/0 interface.
R2(config)# interface GigabitEthernet0/0
R2(config-if)# ip access-group 1 out

Step 2: Configure and apply a numbered standard ACL on R3.
a. Create an ACL using the number 1 on R3 with a statement that denies access to the 192.168.30.0/24
network from the PC1 (192.168.10.0/24) network.
R3(config)# access-list 1 deny 192.168.10.0 0.0.0.255
b. By default, an ACL denies all traffic that does not match any rules. To permit all other traffic, create a
second rule for ACL 1.
R3(config)# access-list 1 permit any
c.

Apply the ACL by placing it for outbound traffic on the Gigabit Ethernet 0/0 interface.
R3(config)# interface GigabitEthernet0/0
R3(config-if)# ip access-group 1 out

Step 3: Verify ACL configuration and functionality.
a. On R2 and R3, enter the show access-list command to verify the ACL configurations. Enter the show
run or show ip interface gigabitethernet 0/0 command to verify the ACL placements.
b. With the two ACLs in place, network traffic is restricted according to the policies detailed in Part 1. Use
the following tests to verify the ACL implementations:
•

A ping from 192.168.10.10 to 192.168.11.10 succeeds.

•

A ping from 192.168.10.10 to 192.168.20.254 succeeds.

•

A ping from 192.168.11.10 to 192.168.20.254 fails.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 3 of 4

Packet Tracer - Configuring Standard ACLs
•

A ping from 192.168.10.10 to 192.168.30.10 fails.

•

A ping from 192.168.11.10 to 192.168.30.10 succeeds.

•

A ping from 192.168.30.10 to 192.168.20.254 succeeds.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Page 4 of 4
Source Exif Data: 
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : Yes
Author                          : Allan Johnson
Company                         : Microsoft
Create Date                     : 2016:06:21 15:12:17-07:00
Modify Date                     : 2016:06:21 15:12:18-07:00
Source Modified                 : D:20160620224508
Language                        : EN-US
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 5.4-c005 78.147326, 2012/08/23-13:03:03
Metadata Date                   : 2016:06:21 15:12:18-07:00
Creator Tool                    : Acrobat PDFMaker 11 for Word
Document ID                     : uuid:5ca5e100-007a-43ee-ad5c-8da067059beb
Instance ID                     : uuid:774da85e-a0b7-44ac-bb9b-17a0b85ba671
Subject                         : 2
Format                          : application/pdf
Creator                         : Allan Johnson
Producer                        : Adobe PDF Library 11.0
Page Layout                     : OneColumn
Page Count                      : 4
EXIF Metadata provided by EXIF.tools

Navigation menu