Access Control Lists (ACLs) may be one of the most uncomfortable topics to learn during your first few hours reading about the topic. Getting into lab early in your reading can help, so take advantage of this post and re-live the examples in the CCNA 200-301 Volume 2 Cert Guide, Chapter 2, which introduces standard IP ACLs.
CCNA Packet Tracer Labs – CCNA Vol 2, Chapter 2
By certskills
Confused? New to “Packet Tracer Labs for OCGs”?
The big idea is pretty simple: Repeat the Examples in the Official Cert Guide as part of your lab practice for CCNA using Packet Tracer.
The details require some reading. To get your head around what kind of content is here in the blog for these labs, read:
Book: CCNA 200-301 OCG, Volume 2
Chapter: 2
Title: Basic IPv4 Access Control Lists
Part: 1
What’s in This Post
Chapter Intro: A brief description of the topics in that chapter of the book.
Download Link: Links to a ZIP; the ZIP holds all the .PKT files for this chapter.
Table of PKT files, by Example: A table that lists each example in the chapter, with the files supplied for each. Also lists a note about whether the PKT topology matches the book example exactly or not.
Tips: When we build the files, we come across items that we think might confuse you when trying the examples with PT. We write those notes in this section!
Chapter Intro
Cisco routers and switches include a variety of tools that match messages during the process of moving that message from entering an interface to exiting an interface. Once matched, the device can perform various actions, like Quality of Service (QoS) to change the performance of the forwarding of the packet, or to even redirect the choice of where to forward the message. However, the most common action happens to be to choose to discard some packets, based on different matching criteria.
Access Control Lists (ACLs) serve as the primary means to define the fields and values to match in a message, along with the logic, so a router or switch can match and filter packets. Cisco has included router-based IPv4 ACLs in the CCNA exam since the very first CCNA exam back in 1998. Chapter 2 of the CCNA 200-301 Cert Guide, Volume 2 introduces these IPv4 ACLs, including:
- How the simplest type of IPv4 ACL – a standard ACL – works
- How to match the source IP address of an IP packet using a wildcard mask
- First match and match any logic
As always in this series, the goal is to help you re-create the examples from the book. Enjoy!
One .PKT File – But Maybe Two (Duplicate) Toplogies
When building the content for this post, we review the examples in the book and decide whether it makes sense to supply a Packet Tracer (.pkt) file to match the example. If we choose to support an example by supplying a matching .pkt file, the .pkt file includes a topology that matches the example as much as possible. It also includes the device configurations as they should exist at the beginning of the example.
In some cases, the .pkt file shows two instances of the lab topology – one above and one below. We include two such topologies when the book example includes configuration commands, for these purposes:
- Top/Initial: The topology at the top has the configuration state at the beginning of the example.
- Bottom/Ending: The topology at the bottom adds the configuration per the example, so that it mimics the configuration at the end of the example.
Table of .PKT Files, by Example
|
Example |
.PKT Includes Initial State of Example? | .PKT Also Includes Ending State of Example? | Exact Match of Interface IDs? |
| 02-1 | Yes | Yes | No |
| 02-2 | Yes | No | No |
| 02-3 | Yes | Yes | No |
| 02-4 | No | No | N/A |
| 02-5 | Yes | No | No |
Tips
Note that the examples in this chapter use different interface types and interface IDs as compared to the supplied PT files. Comparing the values:
R1 interfaces:
- Book F0/0 = PT G0/0
- Book F0/1 = PT G0/1
R2 interfaces:
- Book F0/0 = PT G0/0
To test to prove the ACL works, consider doing these tests:
- From host A, ping S1 (10.2.2.1). It should work.
- From host B, ping S1. it should fail.
- From host C, ping S1. it should work.
Also, after testing, use the show ip access-list to see updated counters for matched packets.
We do not supply a .pkt file for this example because PT does not support the log option on the access-list command.
By certskills
Write a comment
6 Comments
View comments
which version of packet tracer are you using for the volume 2 labs?
Hi Aron,
PT 7.3 for the entire series.
Wendell
Hi Wendell,
Is PT 8 compatible with those examples or need to downgrade to 7.3?
Best regards,
Panos.
Hi Panagiotis,
No need to downgrade. PT supports current and older files. The issue comes when say you save a .pkt file when using V8.0 and then share it with someone who has an older version – they can’t open your V8.0 file until they upgrade to at least 8.0.
W
Im getting asked about password when i tried to practice on any packet tracert lab. Any idea please
If you’re saying that you can’t reach the blog post, then no, I don’t know what’s happening.
If you’re saying that you can reach the post, download the .pkt file, but when you get into the CLI of a router or switch, it asks for a password: the password is cisco.
Wendell