Cisco-Discussion wk6 Access Control Lists (ACLs)

Access Control Lists (ACLs) (Required/Graded)
Previous Next
Up to this point in the course, you have seen the use of access control lists (ACLs) in many applications. For
example, ACLs have been used for distribute lists with OSPF, configuring NAT, and with site-to-site generic
routing encapsulation (GRE) over IPsec. Now it is your turn to engage with your classmates. Your task has two
parts:
You will create a requirements statement that needs to be solved using an ACL where traffic will either be
permitted or denied (or a combination of both). This part of the discussion must be created by Sunday
evening of this week in order to give others an opportunity to solve it by Tuesday evening. You must include
the following in your scenario:
Identify the source you want to permit or deny
Identify the destination
Indicate either the ACL name or number to be used
Using what you have learned about ACLs and what you already know from your CCNA studies (or using
Chapter 26 as a refresher), reply to one of your classmates’ posts and provide them with the following:
An ACL, created by you, using your classmates’ prompts to formulate your answer. include:
The device on which the ACL will be placed
The interface on which the ACL will be placed
The direction in which the ACL would be applied
If you can create a different ACL that satisfies the requirements, a second “reply” may be made to the original
post, but only if it differs from the first solution. Otherwise, there should only be one posted solution per
question.
Finally, try to provide an alternative solution, along with resources to support your claims, if you believe that
the original ACL scenario posed might be better crafted based on its requested placement in the topology.
The topology below will be used for this activity:
Diagram of a topology for discussion. At top left, Server 1 (192.168.20.254) is connected with an Ethernet
cable moving down and right to S2 (192.168.20.0/24), which is also connected with an Ethernet cable
extending down and right to R2 in the center, into port GigabitEthernet0/1 and the IP address of this port is
192.168.20.1. At lower left, Ethernet cables run from PC 1 (192.168.10.10) and PC 2 (192.168.10.11) extending
to another switch, S1 (192.168.10.0/24). An Ethernet cable runs from S1 to the right to R1 on port
GigabitEthernet0/0 and the IP address of this port is 192.168.10.1. A serial cable then exits from R1 on port
Serial0/0/0 and is directly connected to R2 on port Serial0/0/0. The IP address of R1 Serial0/0/0 is 10.1.1.1/30
and the IP address of the Serial0/0/0 interface on R2 is 10.1.1.1/30. At upper right, two Ethernet cables extend
from Outside PC and Server 2 and terminate into an Internet cloud. The IP address of the Outside PC is
209.165.201.14 and the IP address of Server 2 is 209.165.201.30. The Internet cloud has a single serial
connection into R2 on port Serial0/1/0 and the R2 serial interface IP address is 209.165.200.225. The transit
segment between R2’s Serial0/1/0 interface and the Internet cloud is 209.165.200.224. At lower right, an
Ethernet cable runs from PC3 (192.168.30.10) to switch S3 (192.168.30.0/24). Switch S3 then connects via a
single Ethernet cable to R3 on port GigabitEthernet0/2. R3’s GigabitEthernet0/2 IP address is
192.168.30.1/24. R3 then connects via a serial interface, Serial0/0/1, to R2 on port s0/0/1. The IP address of
R3 interface Serial0/0/1 is 10.2.2.2/30 and the IP address of R2 interface Serial0/0/1 is 10.2.2.1/30.
Source: UMGC
Here is an example to help you get started:
Requirement Statement from Learner A: Using a standard ACL with the number 99, deny all traffic from PC1
from getting to PC3, but allow all other traffic from PC1 to get anywhere else.
Response from Learner B: My ACL will be placed on R3 and applied on interface gi0/2 in the outbound
direction. Here is my ACL:
R3(config)# access-list 99 deny host 192.168.10.10
R3(config)# access-list 99 permit any
R3(config)# interface gi0/2
R3(config-if)# ip access-group 99 out