Named Extended ACL Configuration Lab

Topology

Named Extended ACL Configuration Lab

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3 routers.

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#no auto-summary

R1(config-rotuer)#network 10.0.0.0

R1(config-rotuer)#network 172.16.0.0

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#no auto-summary

R2(config-rotuer)#network 10.0.0.0

R3(config)#router rip

R3(config-router)#version 2

R3(config-router)#no auto-summary

R3(config-rotuer)#network 10.0.0.0

R3(config-router)#network 192.168.1.0

Step 2: Create an named extended ACL on R3 to deny traffic from network 192.168.1.0

R3(config)#ip access-list extended deny_icmp

R3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 any

R3(config-ext-nacl)#permit ip any any

R3(config)#int e0

R3(config-if)#ip access-group deny_icmp in

Step 3: Create an named extended ACL on R1 to allow only pc1 to access the FTP server.

Tips´╝Ünormally FTP server is using tcp port 20 and 21 to communicate with FTP clients.

R1(config)#ip access-list extended deny_ftp

R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2 0.0.0.0 eq 20

R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2 0.0.0.0 eq 21

R1(config)#int s0

R1(config-if)#ip access-group deny_ftp in

By www.ccieuniversity.com

Follow And Share
    CCIE University Free CCNA CCNP CCIE Lab Guide(Worth 199$)


    Enter to Download Our Free CCNA CCNP CCIE Lab Guide(Worth 199$)


    Powered by WPSubscribers
    Your privacy will never be compromised

    Comments are closed.