[go: up one dir, main page]
Scribd
Upload
417 views6 pages

Configuring Standard ACL for Router Access

The document describes configuring a basic network with two routers and several PCs. It includes tasks to prepare the network, configure basic router settings, and configure a standard access control list (ACL) on Router 0 to deny access from two specific PCs on the 192.168.2.0/24 network to other networks. The final task documents the configuration of both routers, including the ACL configuration on Router 0.

Uploaded by

sovannly
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
417 views6 pages

Configuring Standard ACL for Router Access

The document describes configuring a basic network with two routers and several PCs. It includes tasks to prepare the network, configure basic router settings, and configure a standard access control list (ACL) on Router 0 to deny access from two specific PCs on the 192.168.2.0/24 network to other networks. The final task documents the configuration of both routers, including the ACL configuration on Router 0.

Uploaded by

sovannly
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Access Control List

 Topology Diagram

Default
Device Interface IP Address Subnet Mask Gateway
Fa0/0 [Link] [Link] N/A
R0
Fa0/1 [Link] [Link] N/A
Fa0/0 [Link] [Link] N/A
R1
Fa0/1 [Link] [Link] N/A
PC1 NIC [Link] [Link] [Link]
PC2 NIC [Link] [Link] [Link]
PC3 NIC [Link] [Link] [Link]
PC4 NIC [Link] [Link] [Link]

 Learning Objectives

Upon completion of this Lab, you will be able to:

 Design named standard or named extended ACLs.


 Apply named standard or named extended ACLs.
 Test named standard or named extended ACLs.
 Troubleshoot named standard or named extended ACLs.
 Scenario

System: In this lab, you will learn how to configure basic network security using Access Control
Lists. You will apply standard or extended ACLs.
Task 1: Prepare the Network

Step 1: Cable a network that is similar to the one in the topology diagram.

Step 2: Clear any existing configurations on the routers is those already have any configuration.

Task 2: Perform Basic Router Configurations

Configure the R0, R1 routers according to the following guidelines:

 Configure the router hostname to match the topology diagram.


 Configure IP address and masks on all devices.
 Enable RIP on all routers for all networks.
 Determine IP Address and subnet mask on all PCs.
 Verify full IP connectivity using the ping command.

Task 3: Configuring a Standard ACL

Standard ACLs can filter traffic based on source IP address only. A typical best practice is to
configure a standard ACL as close to the destination as possible. In the task, you are configuring
a standard ACL. The ACL is designed to block traffic from the [Link]/24 network located
in a student lab from accessing any local networks on R0.

This ACL will be applied outbound on the R0 Fastethernet interface. Remember that every ACL
has an implicit “deny all” that causes all traffic that has not matched a statement in the ACL to
be blocked. For this reason, add the “permit any” statement to the end of the ACL. Before
configuring and applying

Step 1: Create the ACL on router R0


R0(config)#access-list 99 deny [Link]

R0(config)#access-list 99 deny [Link]

//Permit all trafics

R0(config)#access-list 99 permit any

Step 2: Apply the ACL


R0(config)#interface f0/0

R0(config-if)#ip access-group 99 out

Step 3: Test the ACL

Before testing the ACL, make sure that the console of R0 is visible. This will allow you to see the access
list log messages when the packet is denied. Test the ACL by pinging from PC1 to PC2 and PC3. Since the
ACL is designed to block traffic with source addresses from the [Link]/24 network, PC2
([Link]) and PC3 ([Link]) should not be able to ping PC1.
Task 6: Document the router configuration

+ Router0:
R0#show run

Building configuration...

Current configuration : 815 bytes

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname R0

interface FastEthernet0/0

ip address [Link] [Link]

duplex auto

speed auto

interface FastEthernet0/1

ip address [Link] [Link]

ip access-group 99 out

duplex auto

speed auto

interface Serial0/0

no ip address

shutdown

interface Serial0/1

no ip address

shutdown

interface Serial0/2

no ip address

shutdown
!

interface Serial0/3

no ip address

shutdown

router rip

network [Link]

network [Link]

ip classless

access-list 99 deny host [Link]

access-list 99 deny host [Link]

access-list 99 permit any

line con 0

line aux 0

line vty 0 4

login

+ Router1:
R1#show run

Building configuration...

Current configuration : 687 bytes

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

hostname R1
!

interface FastEthernet0/0

ip address [Link] [Link]

duplex auto

speed auto

interface FastEthernet0/1

ip address [Link] [Link]

duplex auto

speed auto

interface Serial0/0

no ip address

shutdown

interface Serial0/1

no ip address

shutdown

interface Serial0/2

no ip address

shutdown

interface Serial0/3

no ip address

shutdown

router rip

network [Link]

network [Link]

ip classless

line con 0

!
line aux 0

line vty 0 4

login

 Notification:
 Standard ACL (1-99): Applied closest to the destination “denies or permits source
IP Address”.
 Extend ACL (100-199): Applies closest to the source “denies or permits IP
Address, denies or permits destination IP Address, denies or permits port
(Service)”.

You might also like