Scribd
Upload
6 views4 pages

Lab 4 Cisco - Extended - Access - List - Lab

The lab focuses on configuring and applying extended access control lists (ACLs) on Cisco routers to manage network traffic based on IP addresses, protocols, and port numbers. Students will set up a network topology with routers, PCs, and a server, and learn to create and verify ACLs to restrict specific traffic. The lab includes tasks for establishing basic connectivity, configuring ACLs to block certain traffic, and verifying the ACL setup through testing and troubleshooting commands.

Uploaded by

noorfatimacs819
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
6 views4 pages

Lab 4 Cisco - Extended - Access - List - Lab

The lab focuses on configuring and applying extended access control lists (ACLs) on Cisco routers to manage network traffic based on IP addresses, protocols, and port numbers. Students will set up a network topology with routers, PCs, and a server, and learn to create and verify ACLs to restrict specific traffic. The lab includes tasks for establishing basic connectivity, configuring ACLs to block certain traffic, and verifying the ACL setup through testing and troubleshooting commands.

Uploaded by

noorfatimacs819
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab Objective:

Students will configure and apply extended access control lists (ACLs) on routers to control
traffic based on specific IP addresses, protocols, and port numbers.

Implicit deny:
The last statement of an ACL is always an implicit deny. This statement is automatically
inserted at the end of each ACL even though it is not physically present. The implicit deny
blocks all traffic. Because of this implicit deny, an ACL that does not have at least one permit
statement will block all traffic.

Objective:
Students will learn how to configure and apply Cisco Standard Access Control Lists (ACLs)
to control traffic flow through a network. By the end of this lab, students should understand
how to create, apply, and verify extended ACLs on Cisco routers.

IPv4 ACLs include the use of wildcard masks which are a string of 32 binary digits used by
the router to determine which bits of the address to examine for a match.

Lab Setup

Network Topology:
Devices:
- 2 Routers (R1, R2)
- 3 PCs (PC1, PC2, PC3)

-1 Server
- 2 Switches (S1, S2)
Connectivity:
PC1 -> S1 -> R1 (Fa0/0)
PC2 ->S1
R1(Fa0/1)->R2(Fa0/1)
PC3 -> Switch2 -> R2 (Fa0/1)
Server 0 -> Switch2 -> R2 (Fa0/2)

IP Addressing Scheme:
PC1: 192.168.10.2 SUBNET:255.255.255.0 GW: 192.168.10.1
PC2: 192.168.10.20 SUBNET:255.255.255.0 GW: 192.168.10.1
PC3: 192.168.30.2 SUBNET:255.255.255.0 GW: 192.168.30.1

R1 (Fa0/0): 192.168.10.1/24
R2 (Fa0/0): 192.168.30.1/24

R1 (Fa0/1): 10.10.10.1/24
R2 (Fa0/1): 10.10.10.2/24

Routing Configuration:

R1: ip route 192.168.30.0 255.255.255.0 10.10.10.2

R2: ip route 192.168.10.0 255.255.255.0 10.10.10.1

Steps
1. Connect the routers using a crossover cable between Fa0/1 of R1 and R2.
2. Assign IP addresses to the router interfaces.
On R1:
enable
configure terminal
interface FastEthernet 0/0
ip address 192.168.10.1 255.255.255.0
no shutdown
exit
interface FastEthernet 0/1
ip address 10.10.10.1 255.255.255.0
no shutdown
exit
write

To ensure all interfaces are up, check


router#show ip interface brief
On R2:
enable
configure terminal
interface FastEthernet 0/0
ip address 192.168.30.1 255.255.255.0
no shutdown
exit
interface FastEthernet 0/1
ip address 10.10.10.2 255.255.255.0
no shutdown
exit
write

To ensure all interfaces are up, check


router# show ip interface brief
3. Enable communication between R1 and R2:
Use Static Routing (shorter method).
On R1:
configure terminal
ip route 192.168.30.0 255.255.255.0 10.10.10.2
write
On R2:
configure terminal
ip route 192.168.10.0 255.255.255.0 10.10.10.1
write
4. Test connectivity:
o From R1, ping R2:
ping 10.10.10.2
o From R2, ping R1:
ping 10.10.10.1
✅ Done! Now, R1 and R2 can communicate.

Lab Tasks

Task 1: Configure Basic Connectivity


1. Configure IP addresses on PCs and routers as per the IP addressing scheme.
2. Verify connectivity using the ping command between all PCs.

Expected Outcome:
All PCs should be able to ping each other successfully.

Task 2: Extended ACL Configuration:


a. Objective: Restrict traffic based on IP addresses, protocols (TCP/UDP), and
ports.
b. Create an extended access list on R1 to achieve the following:
i. Block PC1 to access server0 for HTTP (TCP port 80).
ii. Block PC2 to access Server 0 for FTP (TCP port 21 ).

Steps:
- Access R1's command-line interface.
- Create an access list that denies http traffic from PC1:

R1(config)# access-list 100 deny tcp 192.168.10.2 0.0.0.0 192.168.30.100 0.0.0.0 eq 80

R1(config)# access-list 100 permit icmp 192.168.10.2 0.0.0.0 192.168.30.100 0.0.0.0

R1(config)# access-list 100 permit ip any any

- Apply the access list to the appropriate interface (R1’s Fa0/0 inbound):

```bash
R1(config)# interface fa0/0
R1(config-if)# ip access-group 100 in
```

2. Test the ACL:

-From PC1, attempt to ping server (192.168.30.100).

From PC1, attempt to access server (192.168.30.100).


- From PC1, attempt to ping PC3 (192.168.30.2).

- From PC2, attempt to access server (192.168.30.100)..


-From PC2, attempt to ping server (192.168.30.100).

Expected Outcome:
PC1 should be able to ping Server0.
PC2 should be able to ping PC3.

Task 3: Verify and Troubleshoot the ACL


1. View the ACL Configuration:
- Use the following command on R1 to view the applied access list:

R1# show access-lists

You might also like