Configuring and Applying Extended Named ACLs Outbound
The objective of this lab exercise is for you to learn and understand how to create and apply extended numbered Access Control Lists.
Configuring and applying extended ACLs is a fundamental skill. Extended ACLs filter based on source and destination address, as well as Layer 4 protocols TCP and UDP. Extended ACLs and should be applied as close to the source as possible. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to create and apply extended ACLs in the outbound direction.
This lab is suitable for CCNA certification exam preparation
This lab has a difficulty rating of 10/10
When you are ready for your certification exam, you should complete this lab in no more than 20 minutes
Please use the following topology to complete this lab exercise:
Configure the hostnames on routers R1, R3 and Sw1 as illustrated in the topology.
Configure R1 S0/0 which is a DCE to provide a clock rate of 768Kbps to R3. Configure the IP addresses on the Serial interfaces of R1 and R3 as illustrated in the topology.
Configure a static default route on R1 pointing to R3 over the Serial connection between the two routers. Also configure a static default route on R3 pointing to R1 via the Serial connection between the two routers.
Configure VLAN 50 on Sw1 and assign it the name ACL-VLAN. Assign port FastEthernet0/2 to this VLAN. Configure interface VLAN50 with the IP address 10.50.50.130/25 and configure a default gateway on the switch to 10.50.50.129. Also, configure interface F0/0 on R3 with the IP address 10.50.50.129 and enable this interface.
Create an extended named ACL called SWITCH-ACL on R3. This ACL should:
- Permit all ICMP traffic from 10.50.50.128/25 to the interface address of R1 S0/0 (172.16.1.1)
- Deny all WWW traffic from 10.50.50.128/25 to the 172.16.1.0/26 subnet
- Permit all TELNET traffic from the interface address of Sw1 (10.50.50.130 to the interface address of R1 S0/0
- Permit all IP traffic from 10.50.50.128/25 to the interface address of R1 S0/0
- Deny all IP traffic from the interface address of Sw1 to the 172.16.1.0/26 subnet
Apply this ACL outbound on R3 S0/0.
To test your ACL configuration by performing ping and Telnet exercises as we done in previous labs and verify matches against your ACL using the show ip access-list SWITCH-ACL command.
|This lab is just one of over 100 labs
designed to help you prepare for your Cisco CCNA and CCENT exams. You
can view the labs for free at
www.howtonetwork.net or buy your own copy of the lab book, solution
guide and CDs from the howtonetwork.net shop.
Platinum members of www.howtonetwork.net can access all the labs and videos online for free.