7.2.1.7 Packet Tracer – Configuring Named Standard IPv4 ACLs

Last Updated on March 19, 2018 by Admin

7.2.1.7 Packet Tracer – Configuring Named Standard IPv4 ACLs

Packet Tracer – Configuring Named Standard IPv4 ACLs (Answer Version)

Answer Note: Red font color or Gray highlights indicate text that appears in the Answer copy only.

Topology

7.2.1.7 Packet Tracer – Configuring Named Standard IPv4 ACLs

7.2.1.7 Packet Tracer – Configuring Named Standard IPv4 ACLs

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway
R1 F0/0 192.168.10.1 255.255.255.0 N/A
F0/1 192.168.20.1 255.255.255.0 N/A
E0/0/0 192.168.100.1 255.255.255.0 N/A
E0/1/0 192.168.200.1 255.255.255.0 N/A
File Server NIC 192.168.200.100 255.255.255.0 192.168.200.1
Web Server NIC 192.168.100.100 255.255.255.0 192.168.100.1
PC0 NIC 192.168.20.3 255.255.255.0 192.168.20.1
PC1 NIC 192.168.20.4 255.255.255.0 192.168.20.1
PC2 NIC 192.168.10.3 255.255.255.0 192.168.10.1

Objectives

Part 1: Configure and Apply a Named Standard ACL

Part 2: Verify the ACL Implementation

Background / Scenario

The senior network administrator has tasked you to create a standard named ACL to prevent access to a file server. All clients from one network and one specific workstation from a different network should be denied access.

Part 1: Configure and Apply a Named Standard ACL

Step 1: Verify connectivity before the ACL is configured and applied.

All three workstations should be able to ping both the Web Server and File Server.

Step 2: Configure a named standard ACL.

Configure the following named ACL on R1.

R1(config)# ip access-list standard File_Server_Restrictions

R1(config-std-nacl)# permit host 192.168.20.4

R1(config-std-nacl)# deny any

Note: For scoring purposes, the ACL name is case-sensitive.

Step 3: Apply the named ACL.

  1. Apply the ACL outbound on the interface Fast Ethernet 0/1.
    • R1(config-if)# ip access-group File_Server_Restrictions out
  2. Save the configuration.

Part 2: Verify the ACL Implementation

Step 1: Verify the ACL configuration and application to the interface.

Use the show access-lists command to verify the ACL configuration. Use the show run or show ip interface fastethernet 0/1 command to verify that the ACL is applied correctly to the interface.

Step 2: Verify that the ACL is working properly.

All three workstations should be able to ping the Web Server, but only PC1 should be able to ping the File Server.