Professional Documents
Culture Documents
Lab Report: 13
ACCESS CONTROL LISTS (ACL)
Objective
In this lab we shall work on access control lists. It means that we
provide or restrict access to a certain network or to a certain network in a certain pc as desired.
Introduction
In this section, we shall work on access control lists. ACL define rules that can be used to
restrict packets from travelling across networks according to our choice. There are two types.
Standard ACL (1-99) which are only used to block or permit networks whereas other type is
extended ACL (99-100) which is used to block or permit hosts from communication with other
hosts or network.
PROCEDURE
STEP 1: First of all copy three routers, nine pc and three switches on software. Assign IP
address to pc then assign gateway to pc as done in previous labs. All commands are shown
below. We have to do settings for restriction in router 0 so that 192.168.30.3 host cannot
communicate with entire 192.168.60.0 network, after that choose inbound or outbound interface
from that specific router.
FOR ROUTER 0:
Router>enable
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int se 0/0/0
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#int fa 0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/0
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/0
Router(config-if)#ip address 192.168.10.1 255.255.255.0
Router(config-if)#ip address 192.168.20.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/0
Router(config-if)#no shutdown
Router(config-if)#
Router(config-if)#exit
Router(config)#
Router(config)#exit
Router>enable
Router#conf t
Router(config)#router rip
Router(config-router)#network 192.168.10.0
Router(config-router)#network 192.168.20.0
Router(config-router)#
Router(config-router)#exit
Router(config)#exit
Router#show ip route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, FastEthernet0/0
C 192.168.20.0/24 is directly connected, Serial0/0/0
R 192.168.30.0/24 [120/1] via 192.168.20.2, 00:00:22, Serial0/0/0
R 192.168.40.0/24 [120/1] via 192.168.20.2, 00:00:22, Serial0/0/0
R 192.168.60.0/24 [120/2] via 192.168.20.2, 00:00:22, Serial0/0/0
Router>ENABLE
Router#CONF T
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 10 deny 192.168.60.0 0.0.0.255
Router(config)#access-list 10 deny 192.168.30.3
Router(config)#access-list 10 permit any
Router(config)#int fa 0/0
Router(config-if)#ip access-group 10 out
Router(config-if)#
FOR ROUTER 1:
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa 0/0
Router(config-if)#ip address 192.168.30.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/1
Router(config-if)#ip address 192.168.20.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/1
Router(config-if)#ip address 192.168.40.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int se 0/0/0
Router(config-if)#ip address 192.168.20.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#
Router(config)#int se 0/0/0
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#
Router(config)#
Router>enable
Router#conf t
Router(config)#router rip
Router(config-router)#network 192.168.20.0
Router(config-router)#network 192.168.30.0
Router(config-router)#network 192.168.40.0
Router(config-router)#exit
Router(config)#
Router(config)#exit
Router#show ip route
Gateway of last resort is not set
R 192.168.10.0/24 [120/1] via 192.168.20.1, 00:00:04, Serial0/0/0
C 192.168.20.0/24 is directly connected, Serial0/0/0
C 192.168.30.0/24 is directly connected, FastEthernet0/0
C 192.168.40.0/24 is directly connected, Serial0/0/1
R 192.168.60.0/24 [120/1] via 192.168.40.2, 00:00:26, Serial0/0/1
FOR ROUTER 2:
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int se 0/0/0
Router(config-if)#ip address 192.168.40.2 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#int fa 0/0
Router(config-if)#ip address 192.168.60.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int se 0/0/0
Router(config-if)#clock rate 64000
Router(config-if)#exit
Router(config)#exit
Router>enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router rip
Router(config-router)#network 192.168.40.0
Router(config-router)#network 192.168.60.0
Router(config-router)#exit
Router(config)#
Router(config)#exit
Router#show ip route
Gateway of last resort is not set
R 192.168.10.0/24 [120/2] via 192.168.40.1, 00:00:20, Serial0/0/0
R 192.168.20.0/24 [120/1] via 192.168.40.1, 00:00:20, Serial0/0/0
R 192.168.30.0/24 [120/1] via 192.168.40.1, 00:00:20, Serial0/0/0
C 192.168.40.0/24 is directly connected, Serial0/0/0
C 192.168.60.0/24 is directly connected, FastEthernet0/0
Step 2: Now send a message to observe whether access control list has been successfully
implemented across networks or not. Figure shows host is restricted from that network.
Step 3: Now in the same network we remove the previous configured access list by using
command no access-list 10 and then we shall restrict 192.168.30.0 network from 192.168.60.0
network and we shall give access to host 192.168.60.2 to network 192.168.30.0 in router 1 CLI.
After that we shall restrict 192.168.10.4 from 192.168.60.0 network and we shall give access to
192.168.10.4 to only 192.168.60.3 in that network. All commands are same till configuring clock
as we did in previous labs. Just new commands for list are shown below.
FOR ROUTER 0
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no access-list 10
Router(config)#exit
Router#
FOR ROUTER 2
Router(config)#access-list 100 permit ip 192.168.30.0 0.0.0.255 host 192.168.60.2
Learning Outcomes
This lab simply explains the use and implementation of access control lists. In this lab we
observed that by setting access control lists in routers the specific network or host can be
accessed or restricted from other network or host as desired. The implementation in this lab was
successful.