ICND1 Labs

Lab 3-3: Using ACLs to filter IP based traffic

Visual Topology

Command Line

Command Description
Interface loopback0 Creates an internal interface
ip access-group acl name [in/out] Binds an access control list to an interface
ip access-list extended acl name Creates and enters the ACL configuration mode
{permit | deny} {test conditions} Creates control statements within an ACL
show access-lists acl name Displays any ACL located on the device
show ip interface type/slot/number Displays any ACL bound to an interface

Task 1: Configuring an ACL (Access Control List).

Step 1: Access the CLI on your router

Step 2: Create a loopback interface using the following commands.

R1 only...
R1(config)#interface loopback0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#no shut

Note we are using a 32 bit mask.

R2 only...
R2(config)#interface loopback0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#no shut

Step 3: From your PC check that you can ping the IP address of the loopback interface you have just created and also your default gateway.

If two network cards are fitted you will need to type in the following commands.
PC1 only....
c:\>router -p add 1.1.1.1 mask 255.255.255.255 10.1.1.1
PC2 only.....
c:\>router -p add 2.2.2.2 mask 255.255.255.255 10.1.1.2

If the ping fails check the following.

Does your PC have the correct IP address ? hint… ipconfig
Can you ping your default gateway ? If not check that the router interface is up/up

Step 4: Create an extended ACL named PING that will prevent your PC from successfully pinging the default gateway, however you should be allowed to ping the loopback interface and all other IP traffic should be permitted through the router.

Step 5: Test your ACL and use the appropriate show commands to display the content of the configured ACL and write down your results below.

Rx#show access-list PING

Are access-list names case sensitive ?

Step 6: Once you have proved that the ACL works correctly then remove it from your configuration.

Step 7: Save your configuration

Lab Answer Keys:

[Locker] The locker [id=4139] doesn't exist or the default lockers were deleted.

Related Articles

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Back to top button