website pop up marketing Lab 060: Configuring and Applying Extended Named ACLs Outbound
Cisco CCNA | CCNP Certification Training Site. Cisco tips and tools for exam success. logo video

Lab 060: Configuring and Applying Extended Named ACLs Outbound

Printer-Friendly Format

Lab 60:

Configuring and Applying Extended Named ACLs Outbound

Lab Objective:

The objective of this lab exercise is for you to learn and understand how to create and apply extended numbered Access Control Lists.

Lab Purpose:

Configuring and applying extended ACLs is a fundamental skill. Extended ACLs filter based on source and destination address, as well as Layer 4 protocols TCP and UDP. Extended ACLs and should be applied as close to the source as possible. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to create and apply extended ACLs in the outbound direction.

Certification Level:

This lab is suitable for CCNA certification exam preparation

Lab Difficulty:

This lab has a difficulty rating of 10/10

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 20 minutes

Lab Topology:

Please use the following topology to complete this lab exercise:

 

Task 1:

Configure the hostnames on routers R1, R3 and Sw1 as illustrated in the topology.

Task 2:

Configure R1 S0/0 which is a DCE to provide a clock rate of 768Kbps to R3. Configure the IP addresses on the Serial interfaces of R1 and R3 as illustrated in the topology.

Task 3:

Configure a static default route on R1 pointing to R3 over the Serial connection between the two routers. Also configure a static default route on R3 pointing to R1 via the Serial connection between the two routers.

Task 4:

Configure VLAN 50 on Sw1 and assign it the name ACL-VLAN. Assign port FastEthernet0/2 to this VLAN. Configure interface VLAN50 with the IP address 10.50.50.130/25 and configure a default gateway on the switch to 10.50.50.129. Also, configure interface F0/0 on R3 with the IP address 10.50.50.129 and enable this interface.

Task 5:

Create an extended named ACL called SWITCH-ACL on R3. This ACL should:

  • Permit all ICMP traffic from 10.50.50.128/25 to the interface address of R1 S0/0 (172.16.1.1)
  • Deny all WWW traffic from 10.50.50.128/25 to the 172.16.1.0/26 subnet
  • Permit all TELNET traffic from the interface address of Sw1 (10.50.50.130 to the interface address of R1 S0/0
  • Permit all IP traffic from 10.50.50.128/25 to the interface address of R1 S0/0
  • Deny all IP traffic from the interface address of Sw1 to the 172.16.1.0/26 subnet

Apply this ACL outbound on R3 S0/0.

Task 6:

To test your ACL configuration by performing ping and Telnet exercises as we done in previous labs and verify matches against your ACL using the show ip access-list SWITCH-ACL command.

This lab is just one of over 100 labs designed to help you prepare for your Cisco CCNA and CCENT exams. You can view the labs for free at www.howtonetwork.net or buy your own copy of the lab book, solution guide and CDs from the howtonetwork.net shop.

Platinum members of www.howtonetwork.net can access all the labs and videos online for free.




Printer-Friendly Format

This site and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc. and/or its affiliates. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, or CCSI™ are trademarks or registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

Home | Search | Contact Us | Tell a Friend | Text Size

2006-2013 HowtoNetwork.net All Rights Reserved. Reproduction without permission prohibited.
Reality Press, Midsummer Court, 314 Midsummer Blvd.,Milton Keynes, MK92UB, UK

This site is powered by MemberGate Membership Site Software