Extended ACL lab using packet tracer step by step guide


Extended ACL lab using packet tracer


In this article we will  learn about what is extended Aclconfiguration of extended acl and verify the configuration  using packet tracer.


What is Extended ACL


 In extended acl  network admin permits or deny the network  traffic using 
several criteria which includes source and destination ip address,protocol and source and destination port no.This acl must be placed closest to the source. Range of extended  acl is <100-199>.

Lab Diagram


Extended ACL lab using packet tracer
Extended ACL lab using packet tracer





In the above diagram we have done a simple lab setup.
Agenda of the lab are:
  • ·         Pc0 can access the both servers.
  • ·         Pc1 can not access both webservers.

We will do these configuration using extended acl through packet tracer.







  

Configuration of Extended acl


Ip address of the inside network 192.168.1.0/24  and ip address of the outside network  172.16.0.0/24. After assign the ip address of the devices which is located at inside and outside premises, we will configure extended acl on router. For configuration extended acl we need to follow the below steps. 


Router(config)#access-list 101 deny ip host 192.168.1.2 host 172.16.0.2

Router(config)#access-list 101 deny ip host 192.168.1.2 host 172.16.0.3 
Router(config)#access-list 101 deny ip host 192.168.1.3 host 172.16.0.2
Router(config)#access-list 101 deny ip host 192.168.1.3 host 172.16.0.3
Router(config)#int gigabitEthernet 0/0
Router(config-if)#ip access-group 101 in





Verify Configuration of Extended acl


Before doing the  configuration pc1 can access both servers. When we ping webserver1 and webserver2 from pc1we found the below output.

C:\>ping 172.16.0.2

Pinging 172.16.0.2 with 32 bytes of data:

Request timed out.
Reply from 172.16.0.2: bytes=32 time=17ms TTL=127
Reply from 172.16.0.2: bytes=32 time=17ms TTL=127
Reply from 172.16.0.2: bytes=32 time=15ms TTL=127

Ping statistics for 172.16.0.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 17ms, Average = 16ms

C:\>ping 172.16.0.3

Pinging 172.16.0.3 with 32 bytes of data:

Request timed out.
Reply from 172.16.0.3: bytes=32 time=16ms TTL=127
Reply from 172.16.0.3: bytes=32 time=15ms TTL=127
Reply from 172.16.0.3: bytes=32 time=29ms TTL=127

Ping statistics for 172.16.0.3:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 15ms, Maximum = 29ms, Average = 20ms

After the configuration of extended acl on router when we going to communicate servers form pc1 we got the following output.

C:\>ping 172.16.0.3

Pinging 172.16.0.3 with 32 bytes of data:

Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.
Reply from 192.168.1.1: Destination host unreachable.

Ping statistics for 172.16.0.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Conclusion


In this article we have  learned about what is extended Acl , configuration of extended acl and verify the configuration  using packet tracer.


SHARE

Admin

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment