Scribd Logo
Upload

Welcome to Scribd!

  • Networkplus Training Center: Hcia Lab

    Uploaded by

    tomscott
    9 views5 pages
    cvb

    Original Title

    HCIA-Lab 6

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    cvb

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views5 pages

    Networkplus Training Center: Hcia Lab

    Uploaded by

    tomscott
    cvb

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    NetworkPlus Training Center

    HCIA Lab
    Version 1.0

    By: Ismail Ibrahim


    Access Control List
    Lab# 6
    Access Control List
    Objective
    As a result of this lab section, you should achieve the
    following tasks:
    • Establishment of a basic ACL to implement source based filtering.
    • Establishment of an advanced ACL to implement enhanced filtering.
    Tasks
    Topology:

    Step 1 Configuring a Basic ACL on AR2 denies any traffic sourced from
    10.0.0.0/8 network.

    [AR2]acl 2000

    [AR2-acl-basic-2000]rule 1 deny source 10.0.0.0 0.255.255.255

    [AR2-acl-basic-2000]quit

    [AR2]interface g0/0/0

    [AR2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000

    Step 1 Configuring a Basic ACL on AR2 denies any traffic sourced from PC1.

    [AR2-GigabitEthernet0/0/0]undo traffic-filter inbound

    [AR2-GigabitEthernet0/0/0]quit

    [AR2]undo acl 2000

    [AR2-acl-basic-2000]rule 1 deny source 10.0.0.2 0

    [AR2-acl-basic-2000]quit

    [AR2]interface g0/0/0

    [AR2-GigabitEthernet0/0/0]traffic-filter inbound acl 2000


    Step 2 On AR1 configure an advanced ACL deny ICMP traffic sourced from
    (10.0.0.2) destined to the server and permit other traffic.

    [AR1]acl 3000

    [AR1-acl-adv-3000]rule 1 deny icmp source 10.0.0.2 0 destination 20.0.0.2 0

    [AR1]interface g0/0/1

    [AR1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

    Step 3 On AR1 configure an advanced ACL deny ICMP traffic sourced from
    (10.0.0.2) destined to the server and permit other traffic.

    [AR1]undo acl 3000

    [AR1]acl 3000

    [AR2-acl-adv-3000]rule 1 deny tcp source 10.0.0.2 0 destination 20.0.0.2 0


    destination-port eq 80

    [AR1]interface g0/0/1

    [AR1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

    Step 4 On AR1 configure an advanced ACL deny ICMP echo type send from
    (10.0.0.0/8) to any destination.

    [AR1]undo acl 3000

    [AR1]acl 3000

    [AR2-acl-adv-3000]rule 1 deny icmp source 10.0.0.0 0.255.255.255


    destination any icmp-type echo

    [AR1]interface g0/0/1

    [AR1-GigabitEthernet0/0/1]traffic-filter inbound acl 3000

    You might also like