Lab8 Controlling traffic using Extended ACL Objectives Per.pdf
- 1. Lab8 Controlling traffic using Extended ACL Objectives Perform basic configuration tasks on a router. Applying Static routes and default route. Exploring the routing table entry. Applying Extended (named) access control lists (ACLs). Testing the access control lists (ACLs). Required Resources 2 Cisco Routers (1841) 2 Cisco Switches (2950-24) 3 Computers UTP (straight through and cross over) cables Tasks: A. Build up the topology. B. Perform Basic Router Configurations Steps: 1. Connect the components as shown in Fig 1. 2. Configure the router hostname to match the topology diagram. 3. Configure IP addresses and masks on all devices. 4. Configure a loopback interface (loopback 0) on R2 to simulate the ISP. (search on the internet how to configure loopback interface) C. Enable Static route for all networks. Steps: 1. For Router 1 R1(config)# ip route 192.168.20.0 255.255.255.0 serial 0/0/0 Default root can be configured as: R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.2 2. For Router 2 R2(config)# ip route 192.168.10.0 255.255.255.0 serial 0/0/1 R2(config)# ip route 192.168.11.0 255.255.255.0 serial 0/0/1 D. Verify full IP connectivity using the ping command and the routing table of routers. Step#1: For R1 and R2, use the command show ip route, take a snapshot for the resulting routing table, and discuss the outputs: *Routing table of R1(Screenshoot) *Routing table of R2 (Screenshot) Step#2: Make sure that the whole network nodes can ping each other. Before configuring and applying this ACL, be sure to test connectivity from Laptop1 to the loopback interface (ISP - 209.165.200.225) E. Configuring an Extended ACL In this section, you are configuring an extended ACL on R1 that blocks traffic originating from any
- 2. device on the 192.168.10.0/24 network to access the 209.165.200.255 host (the simulated ISP). This ACL will be applied outbound on the R1 Serial 0/0/0 interface. Steps: 1. Configure a named extended ACL. R1(config)#ip access-list extended EXTEND-1 R1(config-ext-nacl)#deny ip 192.168.10.0 0.0.0.255 host 209.165.200.225 2. Apply the ACL. With standard ACLs, the best practice is to place the ACL as close to the destination as possible. Extended ACLs are typically placed close to the source. R1(config)#interface serial 0/0/0 R1(config-if)#ip access-group EXTEND-1 out 3. Test the ACL. From Laptop1; ping the loopback interface on R2. R1(config-ext-nacl)#permit ip any any **Please provide full code and screenshoots from Cisco packet tracer. Table -1 begin{tabular}{|c|ccc|} hline Device & Interface & IP Address & Default Gateway & & & R1 & Fa0/0 & 192.168.10.1/24 & N/A & Fa0/1 & 192.168.11.1/24 & N/A & So/0/0 & 10.1.1.1/24 & N/A & Fa0/1 & 192.168.20.1/24 & N/A R2 & So/0/1 & 10.1.1.2/24 & N/A & loopback 0 & 209.165.200.225/8 & N/A & & & & & 192.168.10.10/24 & 192.168 .10 .1 hline Laptop1 & NIC & 192.168.11.10/24 & 192.168 .11 .1 hline Laptop2 & NIC & 192.168.20.254/24 & 192.168 .20 .1 hline hline PC3 & NIC & & hline end{tabular}