Home >Network Simulator Labs>Configuring and Implementing Extended Access List

Available labs  |   Supported Commands  |   Product Help

CertExams.com Simulator Lab Exercises Answers

Configuring and Implementing Extended Access List

Console Based  |  GUI Based 

Console Based : 

Description : This lab exercise demonstrates configuring and implementing Extended Access-Lists.


IP Address Assignment Table

Device Interface IP Address Mask
R1 E0
S0

192.168.200.1
192.168.200.17

255.255.255.240
255.255.255.240
R2 E0 192.168.200.2 255.255.255.240
R3 S0 192.168.200.18 255.255.255.240


Instructions:

1. Connect to R1 and set the IP Address of Ethernet and Serial interfaces as given in the table and enable the interfaces

2. To facilitate communication between R2 and R3, enable RIP Routing Protocol on R1 and add the network for Ethernet 0 and serial 0 interfaces

3. Connect to R2 and set the IP Address of Ethernet interface as given in the table and enable the interface

4. On R2, enable RIP and add the network for Ethernet 0

5. From R2, ping R1s Ethernet 0 interface to ensure that the connection exists

6. Connect to R3 and set the IP Address of Serial interface as given in the table and enable the interface and ping R1s Serial 0 interface

7. Also verify that you can ping R2s Ethernet interface from R3

8. Enter into global configuration mode of R1

9. Now create Extended Access List that accomplishes two things.

i. Allow only telnet traffic from the subnet off of R1s Serial 0 interface to come into R1.

ii. Next, allow any traffic from R1s Ethernet 0 subnet to travel anywhere

10. Create access list 101 to allow only telnet traffic from the 192.168.200.16 subnet. Use the keyword log to display output to the router every time this line on the access list is invoked.

11. Create access list 102 to permit all traffic from 192.168.200.0 subnet and use the keyword log.

12. To apply these access lists on the interfaces, enter into interface configuration mode for Serial 0 interface of R1 and apply access list 101 inbound and 101 outbound and access list 102 inbound for Ethernet 0 interface

Note: Please refer to the CertExams.com Network Simulator software for complete lab with commands. 

GUI Based : 

Description: This lab exercise demonstrates configuring and implementing Extended Access-Lists.

Instructions:

1. Configure the ip address of all the devices as per the table.
2. To facilitate communication between R2 and R3, enable RIP Routing Protocol on R1 and add the network for Ethernet 0 and serial 0 interfaces using Router > Dynamic routing and select RIP protocol and click Edit button. Edit IP Dynamic Routing window appears click Add button to add a network.
3. Repeat the step 2 for configuring router R2 and R3.
4. Now create Extended Access List that accomplishes two things.
i. Allow only telnet traffic from the subnet off of R1s Serial 0 interface to come into R1.
ii. Next, allow any traffic from R1s Ethernet 0 subnet to travel anywhere
5. Create access list 101 to allow only telnet traffic from the 192.168.200.16 subnet. Using Router > ACL > ACL Editor > click Add button.
6. Set Access-List number 101 and select Extended Rule from Type drop down box and click Add
7. In Add an Extended Rule Entry select permit from select an action drop down box.
8. Select A Network from Source Host/Network and type 192.168.200.16 in IP address field and 0.0.0.15 in wildcard mask field.
9. Select Any IP address from Destination Host/Network. Select tcp from Protocol and Service options. Select Destination Port = and telnet and click OK button.
10. To apply access list 102 in Add a Rule window change the access list number 102 in Name/Number field. Select Extended Rule from Type drop down box and click Add button.
11. In Add an Extended Rule Entry permit from select an action drop down box.
12. Select A Network from Source Host/Network and type 192.168.200.0 in IP address field and 0.0.0.15 in wildcard mask field.
13. Select Any IP address from Destination Host/Network. Select ip from Protocol and Service options and click OK button.
14. In Add a Rule window click Associate button.
15. Associate with an interface screen appears select S0 interface and direction as inbound and click OK button.
16. Click Associate button again and in Associate with an interface screen select S0 interface and direction as outbound and click OK button.
17. In add a Rule screen change access-list number 102 and click associate button.
18. In Associate with an interface screen select E0 interface and direction as inbound and click OK button.
19. Verify the access-list applied using Utilities > Ping and Traceroute

Note: Please refer to the CertExams.com Network Simulator software for complete lab with GUI Interface.

 

Real Time Web Analytics

Clicky