Cisco CCNA Packet Tracer Ultimate labs: ACL Lab 1 (access lists): Answers to the lab (Part 1)

Cisco CCNA Packet Tracer Ultimate labs: ACL Lab 1 (access lists): Answers to the lab (Part 1)

Packet Tracer file: https://goo.gl/Z4uMKk
Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN
Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course).

This one of multiple access list labs, Can you complete this CCNA Exam Lab?

Labs! Labs! And more Labs! Get the hands on experience to pass your CCNA exam!

Make sure you are ready to pass the CCNA exam! Prepare practically for the Cisco CCNA certification which is the most in-demand networking certification in the world today! Make sure you can pass the Cisco CCNA Routing and Switch 200-125 exam!

This course tests your knowledge of CCNA topics with practical, hands on labs. Labs include both configuration as well as troubleshooting labs.

Ask yourself these questions:
– Are you ready and prepared for the labs in the CCNA exam?
– Are you able to troubleshoot Cisco networks?
– Are you confident with your ability to configure networks as required by Cisco to pass the CCNA?

Answer:
This course helps you prepare for the exam and gain the confidence to pass the exam!

There are many topologies and many labs in this course!

Transcription:

This is an ACL or Access Control List lab.

We’ve been told that we need to restrict traffic internally using Router 1 as follows.
One of the big decisions to make is where are you going to bind the access list. We’ve been told to bind it in the most efficient place on Router 1.

In these examples, we are restricting traffic from the user PCs. The most efficient place to bind the access list would be here gigabit 0/0/0

That’s because we don’t want other router to have to process the traffic and then simply drop it on the outbound interface. Extended access lists allow us to be very granular and we are able to specify individual traffic types and port numbers when permitting or denying traffic.

So this is where we’re going to bind the access list. We generally want to bind extended access lists as close to the source as possible to stop a devices having to process the traffic and then simply drop it.

Now firstly we need to permit traffic from PC1 to HTTP server 1 using HTTP.
So here’s our router.

show ip interface brief

We can see the IP addresses on the router. The router has been configured with IP addresses already. This PC has an IP address of 10.1.2.101
Now for the real world and for the exam, don’t forget the command ipconfig that also shows you the IP address of the PC.

So it has an IP address of 10.1.2.101
This server has an IP address of 10.1.1.100
So we want to permit traffic from this IP address to this IP address but only permit HTTP. We’ve been told which access list number to use so that makes it simple.

Remember, extended access lists have this range.
Standard IP access lists have this range.
Now if you check with us on the real device, you’ll notice that there are actually additional numbers.

So in this example, I’ll telnet to a real physical router that I have and if I type access-list?
Notice standard access list in the range 1 to 99 but there’s also this range which is called the expanded range.

IP extended access list are in this range. But there’s also this expanded range of extended IP access list for the exam. Those are the two most important ranges to know and that’s what we have in packet tracer.

So on the router access list 100 and we are going to permit specific traffic. First we’re using TCP here because HTTP resides on top of TCP. Now the source address is going to be a host 10.1.2.101
so, 10.1.2.101

Now we could use greater than but we’re not going to do that here. The destination is our server 10.1.1.100 so 10.1.1.100

We need to specify the port number which in our example is going to be 80 HTTP.

So now, do show run pipe include access.
Notice this line access list 100 permit TCP host 10.1. 2.101 host 10.1.1.100 equal www.

So the router has automatically converted to port number to a word which is fine, so that’s the first access list entry.

subscribe