ACL Drill Set 1

certskills
By certskills July 16, 2015 11:00

Here’s the first ACL drill set. What’s that? Check out this post that explains the details. No stopwatch, no speed requirement for these, unlike the subnetting speed practice. Just focus on getting the right answer. Questions are below the fold!

First, use this figure as the backdrop:

Here are the questions. Your job for this drill: Treat each requirement as a completely separate problem. For each, create a 1 line ACL, with either a “permit” or “deny” action, to do what the requirement asks.

1) Host A (10.1.1.1/24) attempts to connect to Telnet server S3 (192.168.2.254/27). Your ACL will be applied outbound on R1’s S0/0/0 interface. Permit traffic from host A to telnet services on S3, as well as telnet services on all servers in that same subnet.

2) Host C (10.1.101.145/22) attempts to connect to web server S4 (192.168.3.250/28). Your ACL will be applied outbound on R3’s F0/0 interface. Deny hosts in host C’s subnet from communicating with web services on web server S4.

3) Repeat #2, but for an ACL that will be placed on R1’s F0/1 as an outbound ACL.

Enjoy! Answers in a few days.

ACL Practice Drills
Question: STP and Choosing a Root Port
certskills
By certskills July 16, 2015 11:00
Write a comment

8 Comments

  1. Dexter July 16, 13:19

    permit tcp host 10.1.1.1 192.168.2.224 0 0.0.0.31 eq 23

    Reply to this comment
  2. Dexter July 16, 13:40

    2) deny tcp 10.1.100.0 0.0.3.255 host 192.168.3.250 eq www

    Reply to this comment
  3. Samir July 18, 07:01

    1)access-list 101 permit tcp host 10.1.1.1 192.168.2.224 0.0.0.31 eq telnet
    2)access-list 101 deny tcp 10.1.100.0 0.0.3.255 host 192.168.3.250 eq www
    3)access-list 101 deny tcp host 192.168.3.250 eq www 10.1.100.0 0.0.3.255

    Reply to this comment
  4. CCENTSkills July 21, 17:06

    Hi Dexter and Samir. The answer post is up! Should be the next post in chronological sequence, linked near where you see this post. But I like your answers! 🙂
    Wendell

    Reply to this comment
  5. Starter October 24, 17:12

    if I whrite like this woud it be correct answer to :

    permit tcp host 10.1.1.1 192.168.2.254 0.0.0.31 eq 23

    deny tcp 10.1.101.145 0.0.3.255 host 192.168.3.250 eq 80

    deny tcp host 192.168.3.250 eq 80 10.1.101.145 0.0.3.255
    Or i need to use subnet address as destination!! thanks for Reply

    Reply to this comment
    • CCENTSkills October 27, 20:02

      Hi Starter,
      Thanks for the post.
      Your logic is pretty good. The one issue with your answers is that when you match a subnet, you’re still using the specific IP address along with the wildcard masks. You picked the correct wildcard masks, but you also need to use the subnet ID rather than the specific IP address.

      EG, on your first command:
      permit tcp host 10.1.1.1 192.168.2.224 0.0.0.31 eq 23

      Note the link at the bottom of the post to the post that lists the answers as well. 🙂
      Wendell

      Reply to this comment
  6. Jayson September 26, 15:53

    Question #3 is confusing to me. Looking at other people’s take on the question, it is filtering mostly the return/reverse message from S1. After looking at it that way, I understand how the ACL command would be configured but I did not get to that conclusion from the question alone. Must just be me.

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Search

Categories