Friday, March 18, 2016

Lab 3-3: Using ACLs to filter IP based traffic

Previous Lab | Exercises | Next Lab

Lab pre-requisites:

Lab 2-1 Packet Tracer Topology Download.

Topology Diagram

This is continuation of the previous lab related to basic security.
Task 1: Configuring an ACL (Access Control List).

In this exercise assumptions have been made:

PC1 (IP Address: is allowed to to access Server ( using any protocol.

PC2 (IP Address: CANNOT use telnet Server. All other traffic is allowed.

There are few ways of constructing ACL. Here's one of them:

Step 1
Configure ACL statements:

Branch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Branch(config)#access-list 100 deny tcp host host eq telnet

Branch(config)#access-list 100 permit ip any any


Step 2
Apply the ACL on Fas0/0 interface blocking incoming packets.

Branch(config)#int f0/0

Branch(config-if)#ip access-group 100 in


Branch#show access-list 100
Extended IP access list 100
deny tcp host host eq telnet
permit ip any any

Packet Tracer does not provide us with index number next the ACL statements (on real equipment they are present and can be used to remove statements using 'named' acl syntax. 

Packet Tracer does not have 'show ip int f0/0' command implemented properly. This command normally displays whether incoming and/or outgoing ACL is applied on the interface.
Packet Tracer is somewhat limited here. We cannot enable http server (ip http server) on HQ router in order to properly test the ACL.

Also 'named' ACLs are not working in the version of Packet Tracer I am using. This does not allow me to show you how to re-sequence statements, remove statements, and squeeze statements between other ones.


I have tested ACL using PC2 and telnet is NOT being blocked as expected. This proves that version of Packet Tracer I use is NOT working properly.


Previous Lab | Exercises | Next Lab

Cisco: Beginner Level

Main Page |  CCNA Exercises   |   CCNP Labs | Contact Lesson Labs: Lesson 2 - Lab . CCNA Lessons: 01 - Connecting to Ci...