SlideShare uma empresa Scribd logo

4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf

S
ssuserf7cd2b

erererer

Internet
1 de 4
Baixar para ler offline
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4 Packet Tracer - Configuring Extended ACLs - Scenario 1 Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 G0/0 172.22.34.65 255.255.255.224 N/A G0/1 172.22.34.97 255.255.255.240 N/A G0/2 172.22.34.1 255.255.255.192 N/A Server NIC 172.22.34.62 255.255.255.192 172.22.34.1 PC1 NIC 172.22.34.66 255.255.255.224 172.22.34.65 PC2 NIC 172.22.34.98 255.255.255.240 172.22.34.97 Objectives Part 1: Configure, Apply and Verify an Extended Numbered ACL Part 2: Configure, Apply and Verify an Extended Named ACL Background / Scenario Two employees need access to services provided by the server. PC1 needs only FTP access while PC2 needs only web access. Both computers are able to ping the server, but not each other. Part 1: Configure, Apply and Verify an Extended Numbered ACL Step 1: Configure an ACL to permit FTP and ICMP. a. From global configuration mode on R1, enter the following command to determine the first valid number for an extended access list. R1(config)# access-list ? <1-99> IP standard access list
Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4 <100-199> IP extended access list b. Add 100 to the command, followed by a question mark. R1(config)# access-list 100 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment c. To permit FTP traffic, enter permit, followed by a question mark. R1(config)# access-list 100 permit ? ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol d. This ACL permits FTP and ICMP. ICMP is listed above, but FTP is not, because FTP uses TCP. Therefore,enter tcp to further refine the ACL help. R1(config)# access-list 100 permit tcp ? A.B.C.D Source address any Any source host host A single source host e. Notice that we could filter just for PC1 by using the host keyword or we could allow any host. In this case, any device is allowed that has an address belonging to the 172.22.34.64/27 network. Enter the network address, followed by a question mark. R1(config)# access-list 100 permit tcp 172.22.34.64 ? A.B.C.D Source wildcard bits f. Calculate the wildcard mask determining the binary opposite of a subnet mask. 11111111.11111111.11111111.11100000 = 255.255.255.224 00000000.00000000.00000000.00011111 = 0.0.0.31 g. Enter the wildcard mask, followed by a question mark. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers h. Configure the destination address. In this scenario, we are filtering traffic for a single destination, which is the server. Enter the host keyword followed by the server’s IP address. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 ?
Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4 dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers <cr> i. Notice that one of the options is <cr> (carriage return). In other words, you can press Enter and the statement would permit all TCP traffic. However, we are only permitting FTP traffic; therefore, enter the eq keyword, followed by a question mark to display the available options. Then, enter ftp and press Enter. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp j. Create a second access list statement to permit ICMP (ping, etc.) traffic from PC1 to Server. Note that the access list number remains the same and no particular type of ICMP traffic needs to be specified. R1(config)# access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62 k. All other traffic is denied, by default. Step 2: Apply the ACL on the correct interface to filter traffic. From R1’s perspective, the traffic that ACL 100 applies to is inbound from the network connected to Gigabit Ethernet 0/0 interface. Enter interface configuration mode and apply the ACL. R1(config)# interface gigabitEthernet 0/0 R1(config-if)# ip access-group 100 in Step 3: Verify the ACL implementation. a. Ping from PC1 to Server. If the pings are unsuccessful, verify the IP addresses before continuing. b. FTP from PC1 to Server. The username and password are both cisco. PC> ftp 172.22.34.62 c. Exit the FTP service of the Server. ftp> quit d. Ping from PC1 to PC2. The destination host should be unreachable, because the traffic was not explicitly permitted.
Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4 Part 2: Configure, Apply and Verify an Extended Named ACL Step 1: Configure an ACL to permit HTTP access and ICMP. a. Named ACLs start with the ip keyword. From global configuration mode of R1, enter the following command, followed by a question mark. R1(config)# ip access-list ? extended Extended Access List standard Standard Access List b. You can configure named standard and extended ACLs. This access list filters both source and destination IP addresses; therefore, it must be extended. Enter HTTP_ONLY as the name. (For Packet Tracer scoring, the name is case-sensitive.) R1(config)# ip access-list extended HTTP_ONLY c. The prompt changes. You are now in extended named ACL configuration mode. All devices on the PC2 LAN need TCP access. Enter the network address, followed by a question mark. R1(config-ext-nacl)# permit tcp 172.22.34.96 ? A.B.C.D Source wildcard bits d. An alternative way to calculate a wildcard is to subtract the subnet mask from 255.255.255.255. 255.255.255.255 - 255.255.255.240 ----------------- = 0. 0. 0. 15 R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 ? e. Finish the statement by specifying the server address as you did in Part 1 and filtering www traffic. R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www f. Create a second access list statement to permit ICMP (ping, etc.) traffic from PC2 to Server. Note: The prompt remains the same and a specific type of ICMP traffic does not need to be specified. R1(config-ext-nacl)# permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62 g. All other traffic is denied, by default. Exit out of extended named ACL configuration mode. Step 2: Apply the ACL on the correct interface to filter traffic. From R1’s perspective, the traffic that access list HTTP_ONLY applies to is inbound from the network connected to Gigabit Ethernet 0/1 interface. Enter the interface configuration mode and apply the ACL. R1(config)# interface gigabitEthernet 0/1 R1(config-if)# ip access-group HTTP_ONLY in Step 3: Verify the ACL implementation. a. Ping from PC2 to Server. The ping should be successful, if the ping is unsuccessful, verify the IP addresses before continuing. b. FTP from PC2 to Server. The connection should fail. c. Open the web browser on PC2 and enter the IP address of Server as the URL. The connection should be successful.

Recomendados

26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...rediani
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfAsgarAlam6
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptxkarthikvcyber
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environmentscooby_doo
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Gabriela Martínez
 

Recomendados

26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...
26.2.1 Packet Tracer - Configure Extended IPv4 ACLs - Scenario 1 - ITExamAnsw...rediani
 
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructor
4.4.1.2 packet tracer configure ip ac ls to mitigate attacks-instructorSalem Trabelsi
 
BACIK CISCO SKILLS
BACIK CISCO SKILLSBACIK CISCO SKILLS
BACIK CISCO SKILLSPeťko Z Chochoľova
 
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfcisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdf
cisco-ewan-nat-acl-pt-practice-sba-with-solution-110516171316-phpapp02.pdfAsgarAlam6
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptxkarthikvcyber
 
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxCCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docx
CCNA Connecting NetworksSA ExamLab 13 CCNA Connecting Netwo.docxketurahhazelhurst
 
managing your network environment
managing your network environmentmanaging your network environment
managing your network environmentscooby_doo
 
Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Ccna 4 chapter 2 2011 v4
Ccna 4 chapter 2 2011 v4Gabriela Martínez
 
ENSA_Module_10.pptx
ENSA_Module_10.pptxENSA_Module_10.pptx
ENSA_Module_10.pptxSkyBlue659156
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornmentAsif
 
200-301-demo.pdf
200-301-demo.pdf200-301-demo.pdf
200-301-demo.pdfCiscoExamDumpsarticl1
 
Cisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCiscoExamDumpsarticl2
 
Cisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCiscoExamDumpsarticl
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
 
Ccnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examCcnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examĐồng Quốc Vương
 
Cisco 200-301 Exam Dumps.pdf
Cisco 200-301 Exam Dumps.pdfCisco 200-301 Exam Dumps.pdf
Cisco 200-301 Exam Dumps.pdfCiscoExamDumpsarticl3
 
Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.igede tirtanata
 
Firewall
FirewallFirewall
FirewallManikyala Rao
 
Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-junkut3
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제Munkyeonggu
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)iman darabi
 
acn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdfacn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdfQual4
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsEng. Emad Al-Atoum
 
English Communication (AEC-01).pdf
English Communication (AEC-01).pdfEnglish Communication (AEC-01).pdf
English Communication (AEC-01).pdfssuserf7cd2b
 
The Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdfThe Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdfssuserf7cd2b
 

Mais conteúdo relacionado

Semelhante a 4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf

05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornmentAsif
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2Kris Mofu
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1stigerj
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration3Anetwork com
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.igede tirtanata
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfadityacommunication1
 
Ccnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examCcnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examĐồng Quốc Vương
 
Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.igede tirtanata
 
Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-junkut3
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제Munkyeonggu
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)iman darabi
 
acn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdfacn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdfQual4
 

Semelhante a 4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf (20)

ENSA_Module_10.pptx
ENSA_Module_10.pptxENSA_Module_10.pptx
ENSA_Module_10.pptx
 
05 module managing your network enviornment
05 module managing your network enviornment05 module managing your network enviornment
05 module managing your network enviornment
 
200-301-demo.pdf
200-301-demo.pdf200-301-demo.pdf
200-301-demo.pdf
 
Cisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCisco 200-301 Exam Dumps
Cisco 200-301 Exam Dumps
 
Cisco 200-301 Exam Dumps
Cisco 200-301 Exam DumpsCisco 200-301 Exam Dumps
Cisco 200-301 Exam Dumps
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
Practice exam #2
Practice exam #2Practice exam #2
Practice exam #2
 
Ccna 2 Final V4 1
Ccna 2 Final V4 1Ccna 2 Final V4 1
Ccna 2 Final V4 1
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.Cisco discovery drs ent module 8 - v.4 in english.
Cisco discovery drs ent module 8 - v.4 in english.
 
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdfLab8 Controlling traffic using Extended ACL Objectives Per.pdf
Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
 
Ccnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_examCcnav5.org ccna 4-v50_practice_final_exam
Ccnav5.org ccna 4-v50_practice_final_exam
 
Cisco 200-301 Exam Dumps.pdf
Cisco 200-301 Exam Dumps.pdfCisco 200-301 Exam Dumps.pdf
Cisco 200-301 Exam Dumps.pdf
 
Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.Cisco discovery drs ent module 10 - v.4 in english.
Cisco discovery drs ent module 10 - v.4 in english.
 
Firewall
FirewallFirewall
Firewall
 
Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-Ccna 3-discovery-4-0-module-8-100-
Ccna 3-discovery-4-0-module-8-100-
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제
 
packet traveling (pre cloud)
packet traveling (pre cloud)packet traveling (pre cloud)
packet traveling (pre cloud)
 
acn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdfacn-practical_manual-19-20-1 final.pdf
acn-practical_manual-19-20-1 final.pdf
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 Questions
 

Mais de ssuserf7cd2b

English Communication (AEC-01).pdf
English Communication (AEC-01).pdfEnglish Communication (AEC-01).pdf
English Communication (AEC-01).pdfssuserf7cd2b
 
The Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdfThe Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdfssuserf7cd2b
 
Attachment_0 (2).pdf
Attachment_0 (2).pdfAttachment_0 (2).pdf
Attachment_0 (2).pdfssuserf7cd2b
 
Attachment_0 (1).pdf
Attachment_0 (1).pdfAttachment_0 (1).pdf
Attachment_0 (1).pdfssuserf7cd2b
 
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdfThe Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdfssuserf7cd2b
 
AdvancedSkillsforComm.-BookI.doc
AdvancedSkillsforComm.-BookI.docAdvancedSkillsforComm.-BookI.doc
AdvancedSkillsforComm.-BookI.docssuserf7cd2b
 
VA118-15-N-0042-001.docx
VA118-15-N-0042-001.docxVA118-15-N-0042-001.docx
VA118-15-N-0042-001.docxssuserf7cd2b
 
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdf
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdfNoor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdf
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdfssuserf7cd2b
 
StandardIPinSpace.pdf
StandardIPinSpace.pdfStandardIPinSpace.pdf
StandardIPinSpace.pdfssuserf7cd2b
 
04 - Networking Technologies.ppt
04 - Networking Technologies.ppt04 - Networking Technologies.ppt
04 - Networking Technologies.pptssuserf7cd2b
 
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...ssuserf7cd2b
 
Protocol_specification_testing_and_verif.pdf
Protocol_specification_testing_and_verif.pdfProtocol_specification_testing_and_verif.pdf
Protocol_specification_testing_and_verif.pdfssuserf7cd2b
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptxssuserf7cd2b
 
03 - Cabling Standards, Media, and Connectors.ppt
03 - Cabling Standards, Media, and Connectors.ppt03 - Cabling Standards, Media, and Connectors.ppt
03 - Cabling Standards, Media, and Connectors.pptssuserf7cd2b
 
02 - LANs, WANs, MANs.ppt
02 - LANs, WANs, MANs.ppt02 - LANs, WANs, MANs.ppt
02 - LANs, WANs, MANs.pptssuserf7cd2b
 

Mais de ssuserf7cd2b (20)

English Communication (AEC-01).pdf
English Communication (AEC-01).pdfEnglish Communication (AEC-01).pdf
English Communication (AEC-01).pdf
 
The Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdfThe Oxford Dictionary of English Grammar ( PDFDrive ).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ).pdf
 
Attachment_0 (2).pdf
Attachment_0 (2).pdfAttachment_0 (2).pdf
Attachment_0 (2).pdf
 
Attachment_0.pdf
Attachment_0.pdfAttachment_0.pdf
Attachment_0.pdf
 
Attachment_0 (1).pdf
Attachment_0 (1).pdfAttachment_0 (1).pdf
Attachment_0 (1).pdf
 
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdfThe Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdf
The Oxford Dictionary of English Grammar ( PDFDrive ) (1).pdf
 
AdvancedSkillsforComm.-BookI.doc
AdvancedSkillsforComm.-BookI.docAdvancedSkillsforComm.-BookI.doc
AdvancedSkillsforComm.-BookI.doc
 
VA118-15-N-0042-001.docx
VA118-15-N-0042-001.docxVA118-15-N-0042-001.docx
VA118-15-N-0042-001.docx
 
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdf
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdfNoor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdf
Noor-Book.com دليلك الكامل لمهارات الإتصال بالانجليزية.pdf
 
Applications.docx
Applications.docxApplications.docx
Applications.docx
 
Chapter-04.pdf
Chapter-04.pdfChapter-04.pdf
Chapter-04.pdf
 
Chapter 2.pdf
Chapter 2.pdfChapter 2.pdf
Chapter 2.pdf
 
StandardIPinSpace.pdf
StandardIPinSpace.pdfStandardIPinSpace.pdf
StandardIPinSpace.pdf
 
04 - Networking Technologies.ppt
04 - Networking Technologies.ppt04 - Networking Technologies.ppt
04 - Networking Technologies.ppt
 
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...
NZISM-Infrastructure-Network_Design,_Architecture_and_IP_Address_Management-V...
 
Chapter-3.pdf
Chapter-3.pdfChapter-3.pdf
Chapter-3.pdf
 
Protocol_specification_testing_and_verif.pdf
Protocol_specification_testing_and_verif.pdfProtocol_specification_testing_and_verif.pdf
Protocol_specification_testing_and_verif.pdf
 
ITN_Module_17.pptx
ITN_Module_17.pptxITN_Module_17.pptx
ITN_Module_17.pptx
 
03 - Cabling Standards, Media, and Connectors.ppt
03 - Cabling Standards, Media, and Connectors.ppt03 - Cabling Standards, Media, and Connectors.ppt
03 - Cabling Standards, Media, and Connectors.ppt
 
02 - LANs, WANs, MANs.ppt
02 - LANs, WANs, MANs.ppt02 - LANs, WANs, MANs.ppt
02 - LANs, WANs, MANs.ppt
 

Último

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...nirzagarg
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋nirzagarg
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 

Último (20)

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 

4.1.1.10 Packet Tracer - Configuring Extended ACLs Scenario 1.pdf

  • 1. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4 Packet Tracer - Configuring Extended ACLs - Scenario 1 Topology Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1 G0/0 172.22.34.65 255.255.255.224 N/A G0/1 172.22.34.97 255.255.255.240 N/A G0/2 172.22.34.1 255.255.255.192 N/A Server NIC 172.22.34.62 255.255.255.192 172.22.34.1 PC1 NIC 172.22.34.66 255.255.255.224 172.22.34.65 PC2 NIC 172.22.34.98 255.255.255.240 172.22.34.97 Objectives Part 1: Configure, Apply and Verify an Extended Numbered ACL Part 2: Configure, Apply and Verify an Extended Named ACL Background / Scenario Two employees need access to services provided by the server. PC1 needs only FTP access while PC2 needs only web access. Both computers are able to ping the server, but not each other. Part 1: Configure, Apply and Verify an Extended Numbered ACL Step 1: Configure an ACL to permit FTP and ICMP. a. From global configuration mode on R1, enter the following command to determine the first valid number for an extended access list. R1(config)# access-list ? <1-99> IP standard access list
  • 2. Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4 <100-199> IP extended access list b. Add 100 to the command, followed by a question mark. R1(config)# access-list 100 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment c. To permit FTP traffic, enter permit, followed by a question mark. R1(config)# access-list 100 permit ? ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol ip Any Internet Protocol ospf OSPF routing protocol tcp Transmission Control Protocol udp User Datagram Protocol d. This ACL permits FTP and ICMP. ICMP is listed above, but FTP is not, because FTP uses TCP. Therefore,enter tcp to further refine the ACL help. R1(config)# access-list 100 permit tcp ? A.B.C.D Source address any Any source host host A single source host e. Notice that we could filter just for PC1 by using the host keyword or we could allow any host. In this case, any device is allowed that has an address belonging to the 172.22.34.64/27 network. Enter the network address, followed by a question mark. R1(config)# access-list 100 permit tcp 172.22.34.64 ? A.B.C.D Source wildcard bits f. Calculate the wildcard mask determining the binary opposite of a subnet mask. 11111111.11111111.11111111.11100000 = 255.255.255.224 00000000.00000000.00000000.00011111 = 0.0.0.31 g. Enter the wildcard mask, followed by a question mark. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers h. Configure the destination address. In this scenario, we are filtering traffic for a single destination, which is the server. Enter the host keyword followed by the server’s IP address. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 ?
  • 3. Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4 dscp Match packets with given dscp value eq Match only packets on a given port number established established gt Match only packets with a greater port number lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value range Match only packets in the range of port numbers <cr> i. Notice that one of the options is <cr> (carriage return). In other words, you can press Enter and the statement would permit all TCP traffic. However, we are only permitting FTP traffic; therefore, enter the eq keyword, followed by a question mark to display the available options. Then, enter ftp and press Enter. R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ? <0-65535> Port number ftp File Transfer Protocol (21) pop3 Post Office Protocol v3 (110) smtp Simple Mail Transport Protocol (25) telnet Telnet (23) www World Wide Web (HTTP, 80) R1(config)# access-list 100 permit tcp 172.22.34.64 0.0.0.31 host 172.22.34.62 eq ftp j. Create a second access list statement to permit ICMP (ping, etc.) traffic from PC1 to Server. Note that the access list number remains the same and no particular type of ICMP traffic needs to be specified. R1(config)# access-list 100 permit icmp 172.22.34.64 0.0.0.31 host 172.22.34.62 k. All other traffic is denied, by default. Step 2: Apply the ACL on the correct interface to filter traffic. From R1’s perspective, the traffic that ACL 100 applies to is inbound from the network connected to Gigabit Ethernet 0/0 interface. Enter interface configuration mode and apply the ACL. R1(config)# interface gigabitEthernet 0/0 R1(config-if)# ip access-group 100 in Step 3: Verify the ACL implementation. a. Ping from PC1 to Server. If the pings are unsuccessful, verify the IP addresses before continuing. b. FTP from PC1 to Server. The username and password are both cisco. PC> ftp 172.22.34.62 c. Exit the FTP service of the Server. ftp> quit d. Ping from PC1 to PC2. The destination host should be unreachable, because the traffic was not explicitly permitted.
  • 4. Packet Tracer - Configuring Extended ACLs - Scenario 1 © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4 Part 2: Configure, Apply and Verify an Extended Named ACL Step 1: Configure an ACL to permit HTTP access and ICMP. a. Named ACLs start with the ip keyword. From global configuration mode of R1, enter the following command, followed by a question mark. R1(config)# ip access-list ? extended Extended Access List standard Standard Access List b. You can configure named standard and extended ACLs. This access list filters both source and destination IP addresses; therefore, it must be extended. Enter HTTP_ONLY as the name. (For Packet Tracer scoring, the name is case-sensitive.) R1(config)# ip access-list extended HTTP_ONLY c. The prompt changes. You are now in extended named ACL configuration mode. All devices on the PC2 LAN need TCP access. Enter the network address, followed by a question mark. R1(config-ext-nacl)# permit tcp 172.22.34.96 ? A.B.C.D Source wildcard bits d. An alternative way to calculate a wildcard is to subtract the subnet mask from 255.255.255.255. 255.255.255.255 - 255.255.255.240 ----------------- = 0. 0. 0. 15 R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 ? e. Finish the statement by specifying the server address as you did in Part 1 and filtering www traffic. R1(config-ext-nacl)# permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq www f. Create a second access list statement to permit ICMP (ping, etc.) traffic from PC2 to Server. Note: The prompt remains the same and a specific type of ICMP traffic does not need to be specified. R1(config-ext-nacl)# permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62 g. All other traffic is denied, by default. Exit out of extended named ACL configuration mode. Step 2: Apply the ACL on the correct interface to filter traffic. From R1’s perspective, the traffic that access list HTTP_ONLY applies to is inbound from the network connected to Gigabit Ethernet 0/1 interface. Enter the interface configuration mode and apply the ACL. R1(config)# interface gigabitEthernet 0/1 R1(config-if)# ip access-group HTTP_ONLY in Step 3: Verify the ACL implementation. a. Ping from PC2 to Server. The ping should be successful, if the ping is unsuccessful, verify the IP addresses before continuing. b. FTP from PC2 to Server. The connection should fail. c. Open the web browser on PC2 and enter the IP address of Server as the URL. The connection should be successful.