ACL Drill Set 2

 In 200-301 V2 Ch02: Standard ACLs, 200-301 V2 Part 1: IP ACLs, ACL Drill, CCENT-OLD

Here’s another ACL drill set. What’s that? Check out this post that explains the details. No stopwatch, no speed requirement for these, unlike the subnetting speed practice. Just focus on getting the right answer. For this post, you will create a small but complete ACL, with one or more ACEs (commands) per ACL. This post has three such exercises. Questions are below the fold!

First, use this same figure as the backdrop:

Here are the requirements. Your job: create a numbered ACL, with one or more lines, and enabled on the correct interface, to implement the requirements.

1) Host C (172.16.55.55/27) attempts to connect to Telnet server S3 (192.168.2.199/26). Your ACL will be applied outbound on R2’s S0/0/1 interface. Permit traffic from host C to telnet services on S3. However, also prevent access from Host C to Telnet server S4 (192.168.2.189/26), as well as telnet services on all servers in that same subnet. Permit all other traffic.

2) Host B (10.100.0.1/17) pings the four servers in the network: S1 (10.100.100.100/17), S2 (172.16.5.5/24), S3 (192.168.1.141/26), and S4 (10.255.255.254/17). The configuration will enabled an ACL on R1’s F0/0 interface, inbound. Configure an ACL so that host B can still successfully ping servers in the same subnets as S1 and S4, but filter so that the pings to servers in the same subnet as S2 and S3 fail.

3) Repeat #1, but for an ACL that will be placed on R1’s F0/1 as an inbound ACL, and match all packets in Host C’s subnet and in servers S3’s subnet.

Answer to an Earlier STP Question
Answers: ACL Drill Set 2
Subscribe
Notify of
guest

4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
RN

Hi Wendell,

Aren’t B and S1 suppose to be on the same subnet?

Thanks,

RN

lyjo

RN,
They are indeed! 🙂 There’s no need to permit traffic going to the subnet where B and S1 reside, because the router doesn’t process those packets.
Wendell

Mauricio

Hi Mr. Wendell,

Readind the stem of this question, I’ve understood that the ACL must allow Host B’s ping to S1 (that’s in the same subnetwork), S2, S3, and S4 IP address and deny Host B’s ping to the others servers in S2 and S3 subnetwork. So I’ve included these two ACEs

access-list 112 permit icmp host 10.100.0.1 host 172.16.5.5
access-list 112 permit icmp host 10.100.0.1 host 192.168.1.141

to the ACL before the ACE that allow Host B ping to S4 IP address and all other servers in the same subnetwork,

access-list 112 permit icmp host 10.100.0.1 10.255.128.0 0.0.127.255

as the answer that you’ve posted. Is that correct or I didn’t understand the question?

Thank you,

Mauricio.

4
0
Would love your thoughts, please comment.x
()
x