Question: Packet Tracer - IPv4 ACL Implementation Challenge Addressing Table Device Interface IP Address Branch G0/0/0 192.168.1.1/26 Branch G0/0/1 192.168.1.65/29 Branch S0/1/0 192.0.2.1/30 Branch S0/1/1 192.168.3.1/30
Packet Tracer - IPv4 ACL Implementation Challenge
Addressing Table Device
Interface
IP Address
Branch
G0/0/0
192.168.1.1/26
Branch
G0/0/1
192.168.1.65/29
Branch
S0/1/0
192.0.2.1/30
Branch
S0/1/1
192.168.3.1/30
HQ
G0/0/0
192.168.2.1/27
HQ
G0/0/1
192.168.2.33/28
HQ
S0/1/1
192.168.3.2/30
PC-1
NIC
192.168.1.10/26
PC-2
NIC
192.168.1.20/26
PC-3
NIC
192.168.1.30/26
Admin
NIC
192.168.1.67/29
Enterprise Web Server
NIC
192.168.1.70/29
Branch PC
NIC
192.168.2.17/27
Branch Server
NIC
192.168.2.45/28
Internet User
NIC
198.51.100.218/24
External Web Server
NIC
203.0.113.73/24
Objectives Configure a router with standard named ACLs.
Configure a router with extended named ACLs.
Configure a router with extended ACLs to meet specific communication requirements.
Configure an ACL to control access to network device terminal lines.
Configure the appropriate router interfaces with ACLs in the appropriate direction.
Verify the operation of the configured ACLs.
Background / Scenario In this activity you will configure extended, standard named, and extended named ACLs to meet specified communication requirements.
Instructions Step 1: Verify Connectivity in the New Company Network First, test connectivity on the network as it is before configuring the ACLs. All hosts should be able to ping all other hosts.
Step 2: Configure Standard and Extended ACLs per Requirements. Configure ACLs to meet the following requirements:
Important guidelines:
o Do not use explicit deny any statements at the end of your ACLs.
o Use shorthand (host and any) whenever possible.
o Write your ACL statements to address the requirements in the order that they are specified here.
o Place your ACLs in the most efficient location and direction.
ACL 1 Requirements
o Create ACL 101.
o Explicitly block FTP access to the Enterprise Web Server from the internet.
o No ICMP traffic from the internet should be allowed to any hosts on HQ LAN 1
o Allow all other traffic.
ACL 2 Requirements
o Use ACL number 111
o No hosts on HQ LAN 1 should be able to access the Branch Server.
o All other traffic should be permitted.
ACL 3: Requirements
o Create a named standard ACL. Use the name vty_block. The name of your ACL must match this name exactly.
o Only addresses from the HQ LAN 2 network should be able to access the VTY lines of the HQ router.
ACL 4: Requirements
o Create a named extended ACL called branch_to_hq. The name of your ACL must match this name exactly.
o No hosts on either of the Branch LANs should be allowed to access HQ LAN 1. Use one access list statement for each of the Branch LANs.
o All other traffic should be allowed.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help