CCNA Packet Tracer Labs – CCNA Vol 2, Chapter 2

certskills
By certskills May 5, 2020 09:05

Access Control Lists (ACLs) may be one of the most uncomfortable topics to learn during your first few hours reading about the topic. Getting into lab early in your reading can help, so take advantage of this post and re-live the examples in the CCNA 200-301 Volume 2 Cert Guide, Chapter 2, which introduces standard IP ACLs.

Confused? New to “Packet Tracer Labs for OCGs”?

The big idea is pretty simple: Repeat the Examples in the Official Cert Guide as part of your lab practice for CCNA using Packet Tracer.

The details require some reading. To get your head around what kind of content is here in the blog for these labs, read:

 

Book: CCNA 200-301 OCG, Volume 2
Chapter: 2
Title: Basic IPv4 Access Control Lists
Part: 1

What’s in This Post

Chapter Intro: A brief description of the topics in that chapter of the book.

Download Link: Links to a ZIP; the ZIP holds all the .PKT files for this chapter.

Table of PKT files, by Example: A table that lists each example in the chapter, with the files supplied for each. Also lists a note about whether the PKT topology matches the book example exactly or not.

Tips: When we build the files, we come across items that we think might confuse you when trying the examples with PT. We write those notes in this section!

Chapter Intro

Cisco routers and switches include a variety of tools that match messages during the process of moving that message from entering an interface to exiting an interface. Once matched, the device can perform various actions, like Quality of Service (QoS) to change the performance of the forwarding of the packet, or to even redirect the choice of where to forward the message. However, the most common action happens to be to choose to discard some packets, based on different matching criteria.

Access Control Lists (ACLs) serve as the primary means to define the fields and values to match in a message, along with the logic, so a router or switch can match and filter packets. Cisco has included router-based IPv4 ACLs in the CCNA exam since the very first CCNA exam back in 1998. Chapter 2 of the CCNA 200-301 Cert Guide, Volume 2 introduces these IPv4 ACLs, including:

  • How the simplest type of IPv4 ACL – a standard ACL – works
  • How to match the source IP address of an IP packet using a wildcard mask
  • First match and match any logic

As always in this series, the goal is to help you re-create the examples from the book. Enjoy!

Download the Packet Tracer ZIP File

One .PKT File – But Maybe Two (Duplicate) Toplogies

When building the content for this post, we review the examples in the book and decide whether it makes sense to supply a Packet Tracer (.pkt) file to match the example. If we choose to support an example by supplying a matching .pkt file, the .pkt file includes a topology that matches the example as much as possible. It also includes the device configurations as they should exist at the beginning of the example.

In some cases, the .pkt file shows two instances of the lab topology – one above and one below. We include two such topologies when the book example includes configuration commands, for these purposes:

  • Top/Initial: The topology at the top has the configuration state at the beginning of the example.
  • Bottom/Ending: The topology at the bottom adds the configuration per the example, so that it mimics the configuration at the end of the example.

Table of .PKT Files, by Example

 

Example

.PKT Includes Initial State of Example? .PKT Also Includes Ending State of Example?
Exact Match of Interface IDs?
02-1 Yes Yes No
02-2 Yes No No
02-3 Yes Yes No
02-4 No No N/A
02-5 Yes No No

Tips

Note that the examples in this chapter use different interface types and interface IDs as compared to the supplied PT files. Comparing the values:

R1 interfaces:

  • Book F0/0 = PT G0/0
  • Book F0/1 = PT G0/1

R2 interfaces:

  • Book F0/0 = PT G0/0

To test to prove the ACL works, consider doing these tests:

  1. From host A, ping S1 (10.2.2.1). It should work.
  2. From host B, ping S1. it should fail.
  3. From host C, ping S1. it should work.

Also, after testing, use the show ip access-list to see updated counters for matched packets.

We do not supply a .pkt file for this example because PT does not support the log option on the access-list command.

Announcing: CCNA Deep Dive Lab Courses, May - July 2020
CCNA Packet Tracer Labs - CCNA Vol 2, Chapter 3
certskills
By certskills May 5, 2020 09:05
Write a comment

2 Comments

  1. Aron Rackara May 16, 01:30

    which version of packet tracer are you using for the volume 2 labs?

    Reply to this comment
View comments

Write a comment

Leave a Reply to Aron Rackara Cancel reply

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories