Named Extended ACL Configuration Lab

Topology

Named Extended ACL Configuration Lab

Lab Purpose: Master basic extended ACL configuration

Lab Requirement: Deny icmp traffic from network 192.168.1.0, only pc1 can access FTP server.

Lab Steps:

Step 1: finish basic ip configuration and enable RIPV2 on the 3 routers.

R1(config)#router rip

R1(config-router)#version 2

R1(config-router)#no auto-summary

R1(config-rotuer)#network 10.0.0.0

R1(config-rotuer)#network 172.16.0.0

R2(config)#router rip

R2(config-router)#version 2

R2(config-router)#no auto-summary

R2(config-rotuer)#network 10.0.0.0

R3(config)#router rip

R3(config-router)#version 2

R3(config-router)#no auto-summary

R3(config-rotuer)#network 10.0.0.0

R3(config-router)#network 192.168.1.0

Step 2: Create an named extended ACL on R3 to deny traffic from network 192.168.1.0

R3(config)#ip access-list extended deny_icmp

R3(config-ext-nacl)#deny icmp 192.168.1.0 0.0.0.255 any

R3(config-ext-nacl)#permit ip any any

R3(config)#int e0

R3(config-if)#ip access-group deny_icmp in

Step 3: Create an named extended ACL on R1 to allow only pc1 to access the FTP server.

Tips:normally FTP server is using tcp port 20 and 21 to communicate with FTP clients.

R1(config)#ip access-list extended deny_ftp

R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2 0.0.0.0 eq 20

R1(config-ext-nacl)#permit tcp 192.168.1.1 0.0.0.0 172.16.1.2 0.0.0.0 eq 21

R1(config)#int s0

R1(config-if)#ip access-group deny_ftp in

By www.ccieuniversity.com

Follow And Share
    Subscribe to our perfect study guide for free download !!!
    Also With The Below News
    • Latest CCNA CCNP CCIE Exam information.
    • Latest CCNA CCNP CCIE Course information.
    • Latest Cisco Product (software and hardware) information.
    • Free Advice For Any Cisco Exam。
    • Free Email support.
    • Free Tips On How To Go From A CCNA To CCIE.(With our clients' successful story)


    Powered by WPSubscribers
    Your privacy will never be compromised

    Comments are closed.