Scribd
Upload
15 views9 pages

Computer Network

The document outlines the steps for configuring Extended Access Control Lists (ACLs) on a router, including assigning IP addresses and verifying connectivity through ping tests. It details the creation of both numbered and named ACLs to control traffic between PCs and a server, specifying access for FTP and web protocols. The configuration ensures that PC1 can only access FTP and ping the server, while PC2 can access the web and ping the server but not PC1.

Uploaded by

khanw532267
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
15 views9 pages

Computer Network

The document outlines the steps for configuring Extended Access Control Lists (ACLs) on a router, including assigning IP addresses and verifying connectivity through ping tests. It details the creation of both numbered and named ACLs to control traffic between PCs and a server, specifying access for FTP and web protocols. The configuration ensures that PC1 can only access FTP and ping the server, while PC2 can access the web and ping the server but not PC1.

Uploaded by

khanw532267
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Practical No 3(A).

Aim: Configuring Extended ACL.

Topology Diagram:-

Assign IP Addresses:-
Router>en
Router#conf t
Router(config)#host R1
R1(config)#interface GigabitEthernet0/0
R1(config-if)#ip address 172.22.34.65 255.255.255.224
R1(config-if)#no shut
R1(config)#interface GigabitEthernet0/1
R1(config-if)#ip address 172.22.34.97 255.255.255.240
R1(config-if)#no shut
R1(config)#interface GigabitEthernet0/2
R1(config-if)#ip address 172.22.34.1 255.255.255.192
R1(config-if)#no shut
R1(config-if)#^Z
R1#exit

Displaying IP Address Details of R1:-

R1>show ip interface brief


Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 172.22.34.65 YES manual up up
GigabitEthernet0/1 172.22.34.97 YES manual up up
GigabitEthernet0/2 172.22.34.1 YES manual up up
Performing Ping from PC1 to Server and PC2:-
Performing Ping from PC2 to Server and PC1:-
(a) Configure, Apply and Verify an Extended Numbered ACL:-
(PC1 needs only FTP access and should be able to ping the server, but not
PC2)
R1>en
R1#conf t
R1(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
R1(config)#access-list 100 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R1(config)#access-list 100 permit ?
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
ip Any Internet Protocol
ospf OSPF routing protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
R1(config)#access-list 100 permit tcp ?
A.B.C.D Source address
anyAny source host
host A single source host
R1(config)#access-list 100 permit tcp 172.22.34.64 ?
A.B.C.D Source wildcard bits
R1(config)#access-list 100 permit tcp 172.22.34.64 0.0.0.31 ?
A.B.C.D Destination address
anyAny destination host
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
R1(config)#access-list 100 permit tcp 172.22.34.64 0.0.0.31 host ?
A.B.C.D Destination address
R1(config)#access-list 100 permit tcp 172.22.34.64 0.0.0.31 host
172.22.34.62 ?
dscp Match packets with given dscp value
eq Match only packets on a given port number
establishedestablished
gt Match only packets with a greater port number
lt Match only packets with a lower port number
neq Match only packets not on a given port number
precedence Match packets with given precedence value
range Match only packets in the range of port numbers
<cr>
R1(config)#access-list 100 permit tcp 172.22.34.64 0.0.0.31 host
172.22.34.62 eq ?
<0-65535> Port number
ftp File Transfer Protocol (21)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
telnetTelnet (23)
www World Wide Web (HTTP, 80)
R1(config)#access-list 100 permit tcp 172.22.34.64 0.0.0.31 host
172.22.34.62 eq ftp
R1(config)#access-list 100 permit icmp 172.22.34.64 0.0.0.31 host
172.22.34.62
R1(config)#interface GigabitEthernet0/0
R1(config-if)#ip access-group 100 in
R1(config-if)#^Z
R1#exit

Performing Ping from PC1 to Server and PC2 to check the working
of ACL:-

Configure, Apply and Verify an Extended Named ACL:-


(PC2 needs only web access and should be able to ping the server, but not
PC1)

R1>en
R1#conf t
R1(config)#ip access-list ?
extendedExtended Access List
standardStandard Access List
R1(config)#ip access-list extended ?
<100-199> Extended IP access-list number
WORD name
R1(config)#ip access-list extended HTTP_ACL
R1(config-ext-nacl)#permit tcp 172.22.34.96 ?
A.B.C.D Source wildcard bits
R1(config-ext-nacl)#permit tcp 172.22.34.96 0.0.0.15 ?
A.B.C.D Destination address
anyAny destination host
eq Match only packets on a given port number
gt Match only packets with a greater port number
host A single destination host
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
R1(config-ext-nacl)#permit tcp 172.22.34.96 0.0.0.15 host ?
A.B.C.D Destination address
R1(config-ext-nacl)#permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 ?
eq Match only packets on a given port number
establishedestablished
gt Match only packets with a greater port number
lt Match only packets with a lower port number
neq Match only packets not on a given port number
range Match only packets in the range of port numbers
<cr>
R1(config-ext-nacl)#permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62
eq ?
<0-65535> Port number
domainDomain Name Service (DNS, 53)
ftp File Transfer Protocol (21)
pop3 Post Office Protocol v3 (110)
smtp Simple Mail Transport Protocol (25)
telnetTelnet (23)
www World Wide Web (HTTP, 80)
R1(config-ext-nacl)#permit tcp 172.22.34.96 0.0.0.15 host 172.22.34.62 eq
www
R1(config-ext-nacl)#permit icmp 172.22.34.96 0.0.0.15 host 172.22.34.62
R1(config)#interface GigabitEthernet0/1
R1(config-if)#ip access-group HTTP_ACL in
R1(config-if)#^Z
R1#exit

Performing Ping from PC2 to Server and PC1 to check the working
of ACL:-

Checking http connection from PC2:-

You might also like