Scribd
Upload
32 views

ACL Lab

The document describes steps to configure an access control list (ACL) on a Corp1 router to control traffic. It involves: 1) Creating an ACL to allow host C access to a finance web server on port 80, deny all other access, and allow all hosts access to a public web server. 2) Applying the ACL outbound on interface Fa0/1 to filter traffic from the LAN and core networks. 3) Verifying host C can access the finance server while other hosts cannot, and that all hosts can reach the public server.

Uploaded by

lavanya sekharamahanti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
32 views

ACL Lab

The document describes steps to configure an access control list (ACL) on a Corp1 router to control traffic. It involves: 1) Creating an ACL to allow host C access to a finance web server on port 80, deny all other access, and allow all hosts access to a public web server. 2) Applying the ACL outbound on interface Fa0/1 to filter traffic from the LAN and core networks. 3) Verifying host C can access the finance server while other hosts cannot, and that all hosts can reach the public server.

Uploaded by

lavanya sekharamahanti
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

ACL Lab

Answer

Step 1: select the console on Corp1 router:

Step 2: configuring ACL on Corp1 router:


Password: cisco
Corp1>enable
Password: cisco
Corp1#configure terminal
Corp1(config)#

First command: allow host C (192.168.125.3) to the Finance Web Server 172.22.109.17 via HTTP (port
80):
Corp1(config)# access-list 100 permit tcp host 192.168.125.3 host 172.22.109.17 eq 80

Second command: blocking all other access to the finance web server:
Corp1(config)#access-list 100 deny ip any host 172.22.109.17

Third command: allow all hosts in the Core and on the local LAN access to the Public Web Server
(172.22.109.18): Corp1(config)#access-list 100 permit ip any any
Step 3: apply this access-list to Fa0/1 interface (outbound direction):
Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can
filter traffic coming from both the LAN and the Core networks.

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out
Step 4: to verify, just click on host C to open its web browser. In the address box type http://172.22.109.17
to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you
can access it.
Click on other hosts (A, B and D) and check to make sure you cannot access Finance Web Server from these
hosts. Then, repeat to make sure they can reach the public server at 172.22.109.18.

Step 5: Finally, save the configuration


Corp1(config-if)#end
Corp1#copy running-config startup-config

You might also like