Lab 60

Lab 60:

Configuring and Applying Extended Named ACLs Outbound

Lab Objective:

The objective of this lab exercise is for you to learn and understand how to create and apply extended numbered Access Control Lists.

Lab Purpose:

Configuring and applying extended ACLs is a fundamental skill. Extended ACLs filter based on source and destination address, as well as Layer 4 protocols TCP and UDP. Extended ACLs and should be applied as close to the source as possible. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to create and apply extended ACLs in the outbound direction.

Certification Level:

This lab is suitable for CCNA certification exam preparation

Lab Difficulty:

This lab has a difficulty rating of 10/10

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 20 minutes

Lab Topology:

Please use the following topology to complete this lab exercise:

Task 1:

Configure the hostnames on routers R1, R3 and Sw1 as illustrated in the topology.

Task 2:

Configure R1 S0/0 which is a DCE to provide a clock rate of 768Kbps to R3. Configure the IP addresses on the Serial interfaces of R1 and R3 as illustrated in the topology.

Task 3:

Configure a static default route on R1 pointing to R3 over the Serial connection between the two routers. Also configure a static default route on R3 pointing to R1 via the Serial connection between the two routers.

Task 4:

Configure VLAN 50 on Sw1 and assign it the name ACL-VLAN. Assign port FastEthernet0/2 to this VLAN. Configure interface VLAN50 with the IP address 10.50.50.130/25 and configure a default gateway on the switch to 10.50.50.129. Also, configure interface F0/0 on R3 with the IP address 10.50.50.129 and enable this interface.

Task 5:

Create an extended named ACL called SWITCH-ACL on R3. This ACL should:

• Permit all ICMP traffic from 10.50.50.128/25 to the interface address of R1 S0/0 (172.16.1.1)

• Deny all WWW traffic from 10.50.50.128/25 to the 172.16.1.0/26 subnet

• Permit all TELNET traffic from the interface address of Sw1 (10.50.50.130 to the interface address of R1 S0/0

• Permit all IP traffic from 10.50.50.128/25 to the interface address of R1 S0/0

• Deny all IP traffic from the interface address of Sw1 to the 172.16.1.0/26 subnet

Apply this ACL outbound on R3 S0/0.

Task 6:

To test your ACL configuration by performing ping and Telnet exercises as we done in previous labs and verify matches against your ACL using the show ip access-list SWITCH-ACL command.