Do you like this site? Remember to share it to all your friends on Facebook and Twitter!

Sunday, May 31, 2009

Using Access Control List (ACL) to restrict inbound Internet access (CNA-04-004)

CCNA Exploration 4.0, Semester 4, "Using Access Control List (ACL) to restrict inbound Internet access" Packet Tracer 5.0 practice file (CNA-04-004).




In this example, I design on purpose to ask you: you must allow PING (that is, ICMP) and disallow TELNET (that is, TCP port 23) at the same time. So that you will be forced to use "Extended" ACL. This is because we have to us one ACL to allow and disallow packets in different services from the same source IP address, which is not possible in "Standard" ACL.

A sample content of ACL and its application could be like this:

interface Serial0/0/0
 ip address 10.1.1.1 255.255.255.0
 ip access-group 100 in
 clock rate 64000
!
access-list 100 deny tcp any 192.168.0.0 0.0.255.255 eq telnet
access-list 100 permit ip any any

The above sample assumes you apply it on the inbound direction of "Serial0/0/0". We can also apply the same ACL on the outbound direction of "FastEthernet0/0" and "FastEthernet0/1" to achieve the same protection.

Also remember: the question in a test about ACL always have been framed into one possible answer. In daily life, there is often more than one possible answer to your asked requirements. Be creative about the possible outcome answer for ACL!
Do you like this post? You really should consider Subscribing by Email!


Related Posts with Thumbnails

No comments:

Post a Comment

Tip: you can also anonymously comment here.

Popular Posts