Professional Documents
Culture Documents
Access List Solution Access Lists Workbook Teachers Edition
Access List Solution Access Lists Workbook Teachers Edition
ACL
Any
Access
0.0.0.0
Lists
Workbook
Version 1.0
Instructors Edition
permit
deny
access-list
Standard
access-group
Wildcard Mask
Access-List Numbers
IP Standard
IP Extended
Ethernet Type Code
Ethernet Address
DECnet and Extended DECnet
XNS
Extended XNS
Appletalk
48-bit MAC Addresses
IPX Standard
IPX Extended
IPX SAP (service advertisement protocol)
IPX SAP SPX
Extended 48-bit MAC Addresses
IPX NLSP
IP Standard, expanded range
IP Extended, expanded range
SS7 (voice)
Standard Vines
Extended Vines
Simple Vines
Transparent bridging (protocol type)
Transparent bridging (vender type)
Extended Transparent bridging
Source-route bridging (protocol type)
Source-route bridging (vender type)
1
100
200
700
300
400
500
600
700
800
900
1000
1000
1100
1200
1300
2000
2700
1
101
201
200
700
1100
200
700
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
to
99
199
299
799
399
499
599
699
799
899
999
1099
1099
1199
1299
1999
2699
2999
100
200
300
299
799
1199
299
799
Router A
Router B
S0
S1
E0
S0
Router C
S1
E0
S0
E0
Janets
Computer
Matts
Computer
Juans
Computer
Jimmys
Computer
Router D
S1
E0
FA1
Router A
Jans
Computer
Juans
Computer
E0
S0
Router A
Lisas
Computer
E1
S1
Router B
Pauls
Computer
Rickys
Computer
FA1
S1
Router C
Jennys
Computer
Amandas
Computer
Carrols
Computer
Georges
Computer
Kathys
Computer
S1
Router D
E0
Jeffs
Computer
S0
Jims
Computer
S1
E0
S0
Router E
Lindas
Computer
Sarahs
Computer
FA1
S1
Router F
Jackies
Computer
Melvins
Computer
Router D
Router Name_________________
Interface ____________________
E0
Router A
Router Name_________________
Interface ____________________
E0
Router C
Router Name_________________
Interface ____________________
FA1
Router D
Router Name_________________
Interface ____________________
E0
Router D
Router Name_________________
Interface ____________________
E0
Router E
Router Name_________________
Interface ____________________
E0
Router C
Router Name_________________
Interface ____________________
FA1
Router A
Router Name_________________
Interface ____________________
E0
Router E
Router Name_________________
Interface ____________________
E0
Router C
Router Name_________________
Interface ____________________
FA1
Router E
Router Name_________________
Interface ____________________
E0
Router F
Router Name_________________
Interface ____________________
FA1
5
source address
destination address
protocol
port number
Router A
E0
FA0
S0
Router C
S1
S0
E0
Janets
Computer
Matts
Computer
Juans
Computer
Router D
S1
E0
Jimmys
Computer
E1
Router A
Jans
Computer
Juans
Computer
FA0
S0
Router A
Lisas
Computer
FA1
S1
Router B
Pauls
Computer
S0
S1
Rickys
Computer
E1
S1
Router C
Jennys
Computer
Amandas
Computer
Carrols
Computer
Georges
Computer
Kathys
Computer
S1
Router D
FA0
Jeffs
Computer
S0
Jims
Computer
S1
FA0
S0
Router E
Lindas
Computer
Sarahs
Computer
FA1
S1
Router F
Jackies
Computer
Melvins
Computer
Router D
Router Name_________________
Interface ____________________
FA0
Router F
Router Name_________________
Interface ____________________
FA1
Router A
Router Name_________________
Interface ____________________
FA0
Router F
Router Name_________________
Interface ____________________
FA1
Router C
Router Name_________________
Interface ____________________
E1
Router F
Router Name_________________
Interface ____________________
FA1
Router C
Router Name_________________
Interface ____________________
E1
Router D
Router Name_________________
Interface ____________________
FA0
Router E
Router Name_________________
Interface ____________________
FA0
Router E
Router Name_________________
Interface ____________________
FA0
Router C
Router Name_________________
Interface ____________________
E1
Router E
Router Name_________________
Interface ____________________
FA0
9
wildcard
mask
source
address
permit or deny
source
address
10
indicates a
specific host
address
(Optional)
generates a log
entry on the
router for each
packet that
matches this
statement
autonomous
number
100 to 199
protocol
icp,
icmp,
tcp, udp,
ip,
etc.
source
wildcard
mask
destination
wildcard
mask
autonomous
number
100 to 199
protocol
icp,
icmp,
tcp, udp,
ip,
etc.
source
address
destination
address
port
number
(23 = telnet)
indicates a
specific
host
destination
address
source
address
Protocols Include:
IP
IGMP
TCP
GRE
UDP
IGRP
ICMP
EIGRP
indicates a
specific
host
IPINIP
OSPF
NOS
Integer 0-255
operator
eq for =
gt for >
lt for <
neg for =
(Optional)
generates a log
entry on the
router for each
packet that
matches this
statement
11
12
Write a named extended access list on Router A, Interface E0 called Gracie to deny HTTP traffic intended for web
server 192.168.207.27, but will permit all other HTTP traffic to reach the only the 192.168.207.0 network. Deny all other
IP traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
13
Example 2
Address Range: 192.168.16.0 to 192.168.16.127
Wildcard:
Wildcard:
15
204.100.100.0 255.255.255.0
204.100.100.0 0.0.0.255
All zeros (or 0.0.0.0) means the address must match exactly.
Example #2:
10.10.150.95 0.0.0.0
192.170.25.30 255.255.255.224
192.170.25.30 0.0.0.31
(Subtract the subnet mask from
255.255.255.255 to create the wildcard)
(This is the inverse of the subnet mask.)
172.24.128.0 255.255.128.0
172.24.128.0 0.0.127.255
16
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
192.168.150.50
Answer: __________________________________________________________________
2. access-list 5 permit any
Any address
Answer: __________________________________________________________________
3. access-list 125 deny tcp 195.223.50.0 0.0.0.63 host 172.168.10.1 fragments
195.223.50.1 to 195.223.50.63
Answer: __________________________________________________________________
4. access-list 11 deny 210.10.10.0 0.0.0.255
210.10.10.1 to 210.10.10.254
Answer: __________________________________________________________________
5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255
192.220.10.1 to 192.220.10.15
Answer: __________________________________________________________________
6. access-list 171 deny any host 175.18.24.10 fragments
Any Address
Answer: __________________________________________________________________
7. access-list 105 permit 192.168.15.0 0.0.0.255 any
192.168.15.1 to 192.168.15.254
Answer: __________________________________________________________________
8. access-list 109 permit tcp 172.16.10.0 0.0.0.255 host 192.168.10.1 eq 80
172.16.10.1 to 172.16.10.254
Answer: __________________________________________________________________
9. access-list 111 permit ip any any
Any Address
Answer: __________________________________________________________________
10. access-list 195 permit udp 172.30.12.0 0.0.0.127 172.50.10.0 0.0.0.255
172.30.12.1 to 172.30.12.127
Answer: __________________________________________________________________
18
192.168.15.1 to 192.168.15.3
Answer: _________________________________________________________________
12. access-list 120 permit ip 192.168.15.0 0.0.0.7 192.168.30.10 0.0.0.0
192.168.15.1 to 192.168.15.7
Answer: _________________________________________________________________
13. access-list 130 permit ip 192.168.15.0 0.0.0.15 192.168.30.10 0.0.0.0
192.168.15.1 to 192.168.15.15
Answer: _________________________________________________________________
14. access-list 140 permit ip 192.168.15.0 0.0.0.31 192.168.30.10 0.0.0.0
192.168.15.1 to 192.168.15.31
Answer: _________________________________________________________________
15. access-list 150 permit ip 192.168.15.0 0.0.0.63 192.168.30.10 0.0.0.0
192.168.15.1 to 192.168.15.63
Answer: _________________________________________________________________
16. access-list 101 Permit ip 192.168.15.0 0.0.0.127 192.168.30.10 0.0.0.0
192.168.15.1 to 192.168.15.127
Answer:__________________________________________________________________
17. access-list 185 permit ip 192.168.15.0 0.0.0.255 192.168.30.0 0.0.0.255
192.168.15.1 to 192.168.15.254
Answer: _________________________________________________________________
18. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 gt 22
172.16.0.1 to 172.16.1.254
Answer: _________________________________________________________________
19. access-list 195 permit icmp 172.85.0.0 0.0.15.255 172.50.10.0 0.0.0.255
172.85.0.1 to 172.85.15.254
Answer: _________________________________________________________________
20. access-list 10 permit 175.15.120.0 0.0.0.255
175.15.120.1 to 175.15.120.254
Answer: _________________________________________________________________
21. access-list 190 permit tcp 172.15.0.0 0.0.15.31 any
172.15.0.1 to 172.15.15.31
Answer: _________________________________________________________________
22. access-list 100 permit ip 10.0.0.0 0.255.255.255 172.50.10.0 0.0.0.255
10.0.0.1 to 10.255.255.254
Answer: _________________________________________________________________
19
172.168.10.1
Answer: __________________________________________________________________
2. access-list 5 permit any any
Any address
Answer: __________________________________________________________________
3. access-list 150 permit ip 192.168.30.10 0.0.0.0 192.168.15.0 0.0.0.63
195.168.50.1 to 195.223.50.63
Answer: __________________________________________________________________
4. access-list 120 deny tcp 172.32.4.0 0.0.0.255 192.220.10.0 0.0.0.15
192.220.10.1 to 192.220.10.15
Answer: __________________________________________________________________
5. access-list 108 deny ip 192.220.10.0 0.0.0.15 172.32.4.0 0.0.0.255
172.32.4.1 to 172.32.4.254
Answer: __________________________________________________________________
6. access-list 101 deny ip 140.130.110.100 0.0.0.0 0.0.0.0 255.255.255.255
Any Address
Answer: __________________________________________________________________
7. access-list 105 permit any 192.168.15.0 0.0.0.255
192.168.15.1 to 192.168.15.254
Answer: __________________________________________________________________
8. access-list 120 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.7
192.168.30.1 to 192.168.30.7
Answer: __________________________________________________________________
9. access-list 160 deny udp 172.16.0.0 0.0.1.255 172.18.10.18 0.0.0.0 eq 21
172.18.10.18
Answer: __________________________________________________________________
10. access-list 150 permit ip 192.168.15.10 0.0.0.0 192.168.30.0 0.0.0.63
192.168.30.1 to 192.168.30.63
Answer: __________________________________________________________________
20
Writing
Standard Access Lists...
Router A
192.168.90.2
172.16.70.1
E1
E0
S0
Jims
210.30.28.0
Computer
192.168.90.36
172.16.70.32
Franks
Computer
Melvins
Computer
Kathys
Computer
192.168.90.38
172.16.70.35
22
[Disabling ACLs]
Router# configure terminal
Router(config)# interface e0
Router(config-if)# no ip access-group 28 out
Router(config-if)# exit
Router(config)# exit
[Removing an ACL]
Router# configure terminal
Router(config)# interface e0
Router(config-if)# no ip access-group 28 out
Router(config-if)# exit
Router(config)# no access-list 28
Router(config)# exit
23
FA0
S0
224.190.32.1
Router A
Router B
E1 192.16.32.94
S1
FA0
172.16.28.36
Michaels
Computer
224.190.32.16
Debbies
Computer
192.16.32.95
FA0
Router(config)# interface ________
35
Router(config-if)# ip access-group ________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
24
FA0
Router(config)# interface ________
40
Router(config-if)# ip access-group ________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
25
Router A
204.90.30.124 E0
S0
10.250.30.35
Carols
Computer
Rodneys
Computer
Router B
S1
10.250.30.36
Jims
Computer
FA1
192.168.88.4
192.168.88.5
204.90.30.125
204.90.30.126
or
or
or
or
FA1
Router(config)# interface ________
45 in or out (circle one)
Router(config-if)# ip access-group ________
Router(config-if)# exit
Router(config)# exit
26
FA1
Router(config)# interface ________
Ralph in or out (circle one)
Router(config-if)# ip access-group ________
Router(config-if)# exit
Router(config)# exit
27
Router B
S0
S1
Router A
172.30.225.1 E0
S0
S1
E1 212.180.10.5
S1
Router C
212.180.10.6
172.30.225.2
172.30.225.3
212.180.10.2
E1
Router(config)# interface ________
55 in or out (circle one)
Router(config-if)# ip access-group ________
Router(config-if)# exit
Router(config)# exit
28
E0
Router(config)# interface ________
60 in or out (circle one)
Router(config-if)# ip access-group ________
Router(config-if)# exit
Router(config)# exit
29
Router C
Router A
S0
S1
FA0
S1
198.32.10.25
Router B
S0
192.168.15.172
210.140.15.1
FA0
FA1
192.168.15.3
210.140.15.8
198.32.10.25
FA1
Router(config)# interface ________
65 in or out (circle one)
Router(config-if)# ip access-group ________
Router(config-if)# exit
Router(config)# exit
30
FA0
Router(config)# interface ________
Cisco_Lab_A
or
or
access-list 75 deny 10.250.1.1 0.0.0.0
________________________________________________________
or
or
Writing
Extended Access Lists...
34
172.16.70.32
192.168.90.38
Celestes
Computer
192.168.90.36
Mikes
Computer
or
access-list 110 deny ip host 172.16.70.35 host 192.168.90.36
Router(config)# access-list 110 permit ip any any
or
access-list 110 permit ip 0.0.0.0 255.255.255.2550.0.0.0 255.255.255.255
Router(config)# interface fa0
Router(config-if)# ip access-group 110 in [Viewing information about existing ACLs]
Router(config-if)# exit
Router# show configuration
(This will show which access groups
are associated with particular interfaces)
Router(config)# exit
Write an extended access list to prevent Johns computer from sending information to Mikes computer; but will allow all other
traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
172.16.70.35
Johns
Computer
Gails
Computer
Router A
192.168.90.2
172.16.70.1
FA1
FA0
35
[Removing an ACL]
Router# configure terminal
Router(config)# interface e1
Router(config-if)# no ip access-group 135 out
Router(config-if)# exit
Router(config)# no access-list 135
Router(config)# exit
[Disabling ACLs]
Write an extended access list to block the 172.16.70.0 network from receiving information from Mikes computer at 192.168.90.36.
Block the lower half of the ip addresses from 192.168.90.0 network from reaching Gails computer at 172.16.70.32. Permit all other
traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
172.20.70.89
172.20.70.80
Bobs
Computer
Cindys
Computer
172.20.70.15
Router A
S0
FA0
192.168.122.129
Jackies
Computer
192.168.122.128
Jays
Computer
Router B
FA1
S1
192.168.122.52
______________________________________________________________________________________
______________________________________________________________________________________
access-list 105 deny ip 172.30.225.2 0.0.0.0 192.168.122.128 0.0.0.0
FA0
Router(config)# interface __________
105 in or out (circle one)
Router(config-if)# ip access-group _________
Router(config-if)# exit
Router(config)# exit
Router# copy run start
or
Router(config)#
Write an extended access list to prevent Jays computer from receiving information from Cindys computer. Permit all other traffic.
Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
36
37
E1
Router(config)# interface __________
105 in or out (circle one)
Router(config-if)# ip access-group _________
Router(config-if)# exit
Router(config)# exit
Router# copy run start
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
access-list
110 permit ip any any
_____________________________________________________________________________________
access-list 110 deny ip 192.168.122.0 0.0.0.127 172.20.70.89 0.0.0.0
or
_____________________________________________________________________________________
access-list 110 deny ip 192.168.122.129 0.0.0.0 172.20.70.0 0.0.0.255
or
Write an extended access list to block the 172.20.70.0 255.255.255.0 network from receiving information from Jackies computer at
192.168.122.129. Block the lower half of the ip addresses from 192.168.122.0 network from reaching Cindys computer at
172.20.70.89. Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can
be written.
38
Router B
S0
FA1
172.59.2.1
172.59.2.15
Rebeccas
Computer
172.59.2.18
Rachaels
Computer
S1
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list
permit ip 172.59.2.18 0.0.0.0 218.35.50.10 0.0.0.0
or
Router(config)#_____________________________________________________________________________________
access-list extended Lab_166
Write a named extended access list called Lab_166 to permit Jans computer at 218.35.50.10 to receive packets from Rachaels
computer at 172.59.2.18; but not Rebeccas computer at 172.59.2.15. Deny all other packets. Keep in mind that there may be
multiple ways many of the individual statements in an ACL can be written.
218.35.50.10
Jans
Computer
218.35.50.12
Juans
Computer
E0
218.35.50.1
Router A
39
FA1
Router(config)# interface __________
115
Router(config-if)# ip access-group _________
in or out (circle one)
Router((config-if)# exit
Router(config)# exit
Router# copy run start
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list 120 permit ip any any
Write an extended access list to allow Juans computer at 218.35.50.12 to send information to Rebeccas computer at 172.59.2.15;
but not Rachaels computer at 172.59.2.18. Permit all other traffic. Keep in mind that there may be multiple ways many of the
individual statements in an ACL can be written.
40
192.16.20.7
192.16.20.5
E0
192.18.50.11
Bobs
Computer
192.18.50.10
E1
Router B
S1
192.18.50.12
Barbras
Computer
Write an extended access list to permit the 192.16.20.0 network to receive packets from the 192.18.50.0 network. Deny all other
traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
192.16.20.6
Cindys
Computer
Ralphs
Computer
Router A
S0
41
[Removing an ACL]
Router# configure terminal
Router(config)# interface e0
Router(config-if)# no ip access-group 188 out
Router(config-if)# exit
Router(config)# no access-list 188
Router(config)# exit
[Disabling ACLs]
Write an extended access list to block the 192.18.50.0 network from receiving information from the 192.16.20.0 network. Permit all
other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
42
204.95.150.12
S1
FA1
172.59.2.1
S0
210.250.10.0
172.59.2.15
Rebeccas
Computer
172.59.2.18
Davids
Computer
FA0
Router(config)# interface ____________
125
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
access-list
125 permit ip any any
Router(config)#______________________________________________________________________________________
access-list 125 deny ip 204.95.150.0 0.0.0.255 210.250.10.0 0.0.0.255
Write an extended access list to permit network 204.95.150.0 to send packets to network 172.59.0.0, but not the 210.250.10.0
network. Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be
written.
Router B
204.95.150.10
Rachels
Computer
Todds
Computer
204.95.150.11
Router A
S0
FA0
43
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list 130 permit any any
_____________________________________________________________________________________
access-list 130 deny ip 172.59.0.0 0.0.255.255 204.95.150.0 0.0.0255
_____________________________________________________________________________________
access-list 130 permit ip 172.59.0.0 0.0.255.255 204.95.150.10 0.0.0.0
FA1
Router(config)# interface __________
130
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
or
Write an extended access list to allow Rachels computer at 204.95.150.10 to receive information from the 172.59.0.0 network.
Deny all other hosts on the 204.95.150.0 network access from the 172.59.2.0 network. Permit all other traffic. Keep in mind that
there may be multiple ways many of the individual statements in an ACL can be written.
44
172.120.170.45
210.168.70.0
E1
10.250.1.0
192.168.50.3
Tims
Computer
S1
E1
192.168.50.2
S0
Router B
192.168.50.4
Denises
Computer
E0
Router(config)# interface ____________
Router(config-if)# ip access-group Godzilla
_________ in or out (circle one)
Router(config-if)# exit
Router(config)# exit
access-list
permit ip any any
____________________________________________________________________________________
access-list
deny ip 172.120.0.0 0.0.255.255 10.250.1.0 0.0.0.255
____________________________________________________________________________________
____________________________________________________________________________________
access-list
deny ip 172120.0.0 0.0.255.255 210.168.70.0 0.0.0.255
Router(config)#access-list
_____________________________________________________________________________________
extended Godzilla
Write a named extended access list called Godzilla to prevent the 172.120.0.0 network from sending information to the
210.168.70.0 , and 10.250.1.0 255.255.255.0 networks; but will permit traffic to the 192.168.50.0 network. Permit all other traffic.
Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
172.120.170.45
Phylliss
Computer
Tommys
Computer
172.120.170.45
Router A
S0
E0
45
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
_____________________________________________________________________________________
access-list 140 permit ip 172.120.170.45 0.0.0.0 192.168.50.0 0.0.0.255
_____________________________________________________________________________________
access-list 140 permit ip 172.120.0.0 0.0.255.255 192.168.50.3 0.0.0.0
E0
Router(config)# interface __________
140
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
or
or
Assuming default subnet masks write an extended access list to permit Tim at 192.168.50.3 to receive data from the 172.120.0.0
network. Allow the 192.168.50.0 network to receive information from Phylliss computer at 172.120.170.45. Deny all other traffic.
Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
46
192.168.15.43
E1
172.21.50.95
Router B
172.21.50.96
Carols
Computer
172.21.50.97
Franks
Computer
S1
Write an extended access list to deny the first 15 usable addresses of the 192.168.15.0 network from reaching the 172.21.0.0
network. Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be
written.
192.168.15.44
Rodneys
Computer
Jims
Computer
Router A
S0
FA0
192.168.15.20
47
[Removing an ACL]
Router# configure terminal
Router(config)# interface fa0
Router(config-if)# no ip access-group 121 in
Router(config-if)# exit
Router(config)# no access-list 121
Router(config)# exit
[Disabling ACLs]
Write an extended access list which will allow the lower half of 192.168.15.0 network access to the 172.21.50.0 network. Deny all
other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
192.168.195.145
S0
Mikes
Computer
192.168.125.108
Celestes
Computer
192.168.125.17
192.168.125.254
E1
172.31.195.0
192.168.195.88
Johns
Computer
Gails
Computer
192.168.195.90
E0
Router A
E1
Router(config)# interface ____________
145
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
access-list
145 permit ip any any
Router(config)#______________________________________________________________________________________
access-list 145 deny ip 192.168.125.0 0.0.0.31 192.168.195.0 0.0.0.255
Write an extended access list to prevent the first 31 usable addresses in the 192.168.125.0 network from reaching the
192.168.195.0 network. Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an
ACL can be written.
48
49
S0
Router(config)# interface __________
Router(config-if)# ip access-group Media_Center
________________ in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list permit ip 172.31.195.0 0.0.0.7 192.168.125.0 0.0.0.255
Write a named extended access list called Media_Center to permit the range of addresses from 172.31.195.1 through
172.31.195.7 to send date to the 192.168.125.0 network. Deny all other traffic. Keep in mind that there may be multiple ways many
of the individual statements in an ACL can be written.
50
192.16.20.7
S1
S0
S0
E1
172.22.75.8
Router B
Router A
Barbras
Computer
172.18.50.12
172.22.75.10
Brads
Computer
FA1
172.18.50.10
Bobs
172.22.75.9
Computer
172.18.50.11
Jills
Computer
S1
Router C
FA0
Router(config)# interface ____________
155 in or out (circle one)
Router(config-if)# ip access-group _________
Router(config-if)# exit
______________________________________________________________________________________
______________________________________________________________________________________
access-list
155 permit ip any any
______________________________________________________________________________________
access-list
155 deny ip 192.16.2.0 0.0.0.31 172.22.75.0 0.0.0.255
Router(config)#______________________________________________________________________________________
access-list 155 permit ip 192.16.20.0 0.0.0.3 172.22.75.0 0.0.0.255
Write an extended access list to permit the first 3 usable addresses in the 192.16.20.0 network to reach the 172.22.75.0 network.
Deny the addresses from 192.16.20.4 through 192.16.20.31 from reaching the 172.22.75.0 network. Permit all other traffic. Keep in
mind that there are multiple ways this ACL can be written.
192.16.20.6
Cindys
Computer
Ralphs
Computer
192.16.20.5
FA0
51
E1
Router(config)# interface __________
160
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list 160 permit ip any any
_____________________________________________________________________________________
access-list 160 deny ip 172.22.75.0 0.0.0.127 172.18.50.0 0.0.0.255
Write an extended access list to deny the addresses from 172.22.75.8 through 172.22.75.127 from sending data to the 172.18.50.0
network. Deny the first half of the addresses from the 172.22.75.0 network from reaching the 192.16.20.0 network. Permit all other
traffic. Keep in mind that there are multiple ways this ACL can be written.
52
172.16.70.155
10.250.1.0
FA1
Peggys
Computer
Denises
Computer
192.168.88.204
10.250.4.0
192.168.88.200
Router B
FA1
S1
192.168.88.1
FA0
FA1
Router(config)# interface ____________
165 in or out (circle one)
Router(config-if)# ip access-group _________
Router(config-if)# exit
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
Router(config)#______________________________________________________________________________________
access-list 165 permit ip 192.168.88.0 0.0.0.63 172.16.70.0 0.0.0.127
Write an extended access list to permit the first 63 usable addresses in the 192.168.88.0 network to reach the lower half of the
addresses in the 172.16.70.0 network; but not the upper half. Deny all other traffic. Keep in mind that there may be multiple ways
many of the individual statements in an ACL can be written.
172.16.70.145
Celestes
Computer
Bobs
Computer
172.16.70.1
Router A
S0
FA0
53
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
access-list 170 permit ip any any
or
_____________________________________________________________________________________
access-list 170 deny ip 10.250.1.0 0.0.0.63 192.168.88.204 0.0.0.0
Write an extended access list to deny the addresses from 10.250.1.0 through 10.250.1.63 from sending data to Denises computer.
Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
54
210.128.50.12
210.128.50.11
Web Server
Router B
S1
E1
210.128.50.10
Write an extended access list to deny HTTP traffic intended for web server 192.168.207.27, but will permit all other HTTP traffic to
reach the only the 192.168.207.0 network. Deny all other IP traffic. Keep in mind that there may be multiple ways many of the
individual statements in an ACL can be written.
192.168.207.26
Router A
S0
E0
192.168.207.25
Web Server
192.168.207.27
[Removing an ACL]
Router# configure terminal
Router(config)# interface e0
Router(config-if)# no ip access-group 134 out
Router(config-if)# exit
Router(config)# no access-list 134
Router(config)# exit
[Disabling ACLs]
Write an extended access list to permit pings in either direction between hosts on the 210.128.50.0 and 192.168.207.0 networks.
Deny all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
55
56
192.30.76.155
10.250.4.0
E1
Peggys
Computer
Deny/Permit Telnet
172.16.16.0
192.168.33.210
Router B
E1
S1
192.168.33.1
E0
192.168.33.214
Denises
Computer
Write an extended access list to permit Denises and Bobs computers to telnet into Router B. Deny all other telnet traffic Keep in
mind that there may be multiple ways many of the individual statements in an ACL can be written.
192.30.76.145
Celestes
Computer
Bobs
Computer
172.20.70.1
Router A
S0
E0
57
[Removing an ACL]
Router# configure terminal
Router(config)# interface e0
Router(config-if)# no ip access-group 155 out
Router(config-if)# exit
Router(config)# no access-list 155
Router(config)# exit
[Disabling ACLs]
Write an extended access list to deny FTP to ip addresses 192.30.76.0 through 192.30.76.13.
Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
58
E0
172.16.70.1
S0
10.250.8.0
192.128.45.33
Bills
Computer
192.128.45.35
Jennifers
Computer
FA1
Router(config)# interface ____________
175 in or out (circle one)
Router(config-if)# ip access-group _________
Router(config-if)# exit
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
access-list
175 permit icmp 192.128.45.0 0.0.0.255 10.250.2.0 0.0.0.255
Router(config)#______________________________________________________________________________________
access-list 175 permit icmp 192.128.45.0 0.0.0.255 172.16.125.0 0.0.0.255
Write an extended access list to permit ICMP traffic from the 192.128.45.0 network to reach the 172.16.125.0 255.255.255.0 and
10.250.2.0 255.255.255.0 networks. Deny all other traffic. Keep in mind that there may be multiple ways many of the individual
statements in an ACL can be written.
Router A
172.16.125.1
Jackies
Computer
E1
10.250.2.0
Router B
FA1
S1
192.128.45.8
FA0
59
FA0
Router(config)# interface __________
Peggys_Lab
Router(config-if)# ip access-group _________________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
____________________________________________________________________________________
_____________________________________________________________________________________
Write a named extended access list called Peggys_Lab to deny telnet from 10.250.8.0 through 10.250.8.127 from reaching the
192.128.45.0 network. Permit all other traffic. Keep in mind that there may be multiple ways many of the individual statements in an
ACL can be written.
60
203.194.100.102
Beckys
Computer
172.60.18.140
FA1
172.60.18.1
S0
Router B
S1
204.250.10.0
172.60.18.142
Marys
Computer
vty 04
Router(config)# interface line
____________
50
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Write an access list to permit Becky and Marys computer to telnet into Router B. Deny all other telnet traffic from the 172.60.18.0
network. Keep in mind that there may be multiple ways many of the individual statements in an ACL can be written.
203.194.100.101
Web Server #2
Web Server #1
203.194.100.1
Router A
S0
FA0
61
FA0
Router(config)# interface __________
185
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Write an extended access list to deny all HTTP traffic intended for the web server at 203.194.100.102. Permit HTTP traffic to any
other web servers. Deny all other IP traffic to the 203.194.100.0 network. Keep in mind that there may be multiple ways many of the
individual statements in an ACL can be written.
62
192.168.15.82
192.172.10.0
Router B
E1
Web Server #2
172.23.50.195 172.23.50.196
S1
172.23.50.197
Gails
Computer
E0
Router(config)# interface ____________
190
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
______________________________________________________________________________________
______________________________________________________________________________________
______________________________________________________________________________________
Router(config)#______________________________________________________________________________________
access-list 175 permit tcp any 192.168.15.0 0.0.0.255 eq ftp
Write an access list to permit TFTP traffic to all hosts on the 192.168.15.0 network. Deny all other TFTP traffic. Keep in mind that
there may be multiple ways many of the individual statements in an ACL can be written.
192.168.15.125
Web Server #1
Bobbies
Computer
Router A
S0
E0
E1
192.168.15.25
63
E1
Router(config)# interface __________
195
Router(config-if)# ip access-group _________
in or out (circle one)
Router(config-if)# exit
Router(config)# exit
Router# copy run start
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Write an extended access list that permits web traffic from web server #2 at 172.23.50.196 to reach everyone on the 192.168.15.0
network. Deny all other IP traffic going to the 192.172.10.0, and 192.168.15.0 networks. Keep in mind that there may be multiple
ways many of the individual statements in an ACL can be written.
64
65
Port Numbers
Port numbers are now assigned by the ICANN (Internet Corporation for
Assigned Names and Numbers). Commonly used TCP and UDP
applications are assigned a port number; such as: HTTP - 80, POP3 - 110,
FTP - 20. When an application communicates with another application on
another node on the internet, it specifies that application in each data
transmission by using its port number. You can also type the name (ie. Telnet)
instead of the port number (ie. 23). Port numbers range from 0 to 65536 and
are divided into three ranges:
Well Known Ports
Registered Ports
Dynamic and/or Private Ports
0 to 1,023
1,024 to 49,151
49,152 to 65,535
Below is a short list of some commonly used ports. For a complete list of
port numbers go to http://www.iana.org/assignments/port-numbers.
Reserved
TCPMUX
RJE
ECHO
DISCARD
SYSTAT
DAYTIME
QUOTE
MSP
CHARGEN
FTP-DATA
FTP
SSH
Telnet
SMTP
MSG ICP
TIME
RLP
NAMESERV
(Active users)
(Quote of the day)
(Message Send Protocol)
(Character generator)
(File Transfer Protocol - Data)
(File Transfer Protocol - Control)
(Remote Login Protocol)
(Terminal Connection)
(Simple Mail Transfer Protocol)
43
49
53
67
68
69
70
75
79
80
95
101
108
109
110
113
115
117
118
119
123
137
139
143
150
156
161
179
190
194
197
389
396
443
444
445
458
546
547
563
569
NICNAME
LOGIN
DNS
BOOTP
BOOTPS
TFTP
GOPHER
(Who Is)
(Login Host Protocol)
(Domain Name Server)
(Bootstrap Protocol Server)
(Bootstrap Protocol Client)
(Trivial File Transfer Protocol)
(Gopher Services )
(Any Privite Dial-out Service)
FINGER
HTTP
(Hypertext Transfer Protocol)
SUPDUP
(SUPDUP Protocol)
HOSTNAME
(NIC Host Name Server)
SNAGAS
(SNA Gateway Access Server)
POP2
(Post Office Protocol - Version 2)
POP3
(Post Office Protocol - Version 3)
AUTH
(Authentication Service)
SFTP
(Simple File Transfer Protocol)
UUCP-PATH
(UUCP Path Service)
SQLSERV
(SQL Services)
NNTP
(Newsgroup)
NTP
(Network Tim Protocol)
NetBIOS-NS
(NetBIOS Name Service)
NetBIOS-SSN (NetBIOS Session Service )
IMAP
(Interim Mail Access Protocol)
SQL-NET
(NetBIOS Session Service)
SQLSRV
(SQL Service)
SNMP
(Simple Network Management Protocol)
BGP
(Border Gateway Protocol)
GACP
(Gateway Access Control Protocol)
IRC
(Internet Relay Chat)
DLS
(Directory Location Service)
LDAP
(Lightweight Directory Access Protocol)
NETWARE-IP (Novell Netware over IP )
HTTPS
(HTTP MCom)
SNPP
(Simple Network Paging Protocol)
Microsoft-DS
Apple QuickTime
DHCP Client
DHCP Server
SNEWS
MSN
Inside Cover