Scribd
Upload
419 views

Configuring Extended ACLs Scenario2

An extended numbered ACL is configured on router RTA to permit ICMP traffic from any source to any destination and deny all other traffic by default. The ACL is then applied to interface G0/1 of RTA. The ACL is verified to allow pings and SSH connections from host PCB but deny the same from host PCA, as the ACL is applied on the interface connecting PCA to RTA.

Uploaded by

kaw birthday
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
419 views

Configuring Extended ACLs Scenario2

An extended numbered ACL is configured on router RTA to permit ICMP traffic from any source to any destination and deny all other traffic by default. The ACL is then applied to interface G0/1 of RTA. The ACL is verified to allow pings and SSH connections from host PCB but deny the same from host PCA, as the ACL is applied on the interface connecting PCA to RTA.

Uploaded by

kaw birthday
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Scenario 2

Configuring Extended ACLs

Réalisé par :

Kaouther Messaoudi 3 DNI 2

Année universitaire : 2023/2024


Topologie :
Part 1: Configure, Apply and Verify an Extended Numbered ACL
Step 1: Configure the extended ACL.
a. From the appropriate configuration mode on RTA, use the last valid extended access
list number to configure the ACL. Use the following steps to construct the first ACL
statement:

b. ICMP is allowed, and a second ACL statement is needed. Use the same access list
number to permit all ICMP traffic, regardless of the source or destination address.
What is the second ACL statement? (Hint: Use the any keywords)
c. All other IP traffic is denied, by default.

Step 2: Apply the extended ACL.


Step 3: Verify the extended ACL implementation.
a. Ping from PCB to all of the other IP addresses in the network. If the pings are
unsuccessful, verify the IP addresses before continuing.
b. SSH from PCB to SWC. The username is Admin, and the password is Adminpa55. PC>
ssh -l Admin 10.101.117.2

c. Exit the SSH session to SWC.


d. Ping from PCA to all of the other IP addresses in the network. If the pings are
unsuccessful, verify the IP addresses before continuing.

e. SSH from PCA to SWC. The access list causes the router to reject the connection.
f. SSH from PCA to SWB. The access list is placed on G0/2 and does not affect this
connection. The username is Admin, and the password is Adminpa55.

g. After logging into SWB, do not log out. SSH to SWC in privileged EXEC mode. SWB# ssh
-l Admin 10.101.117.2

You might also like