Access Control List

Objective

Understanding the Packet Filtering capabilities of Router. Router can pass or filter the ip traffic as per required.

The demonstrations include:

Standard Access List
Extended Access List

I. STANDARD ACL

Standard IP lists (1-99) test conditions of all IP packets from source addresses.

In this lab scenario, initially both the Hosts ’A’ & ‘B’ are accessing the Web & Ftp services but then apply the Standard ACL so that the Host ‘A’ could not access the Web & Ftp Services.

It is recommended that place the Standard ACL near the destination.

Diagram

Procedure

Configuring & Assigning the IP addresses on the routers R1 & R2.
Check the routing table on both the routers.
Enable the routing protocol on both routers so that hosts on the both routers can communicate with each other.
Check the routing table on both the routers after enabling the routing protocol on both sides.
Make a web server & ftp server to the hosts C & D respectively.
Verifying the access of web server & ftp server by the hosts A & B respectively.
Make Apply the Standard ACL on the router R2, so that Host A can not access these services.
Verifying the Standard ACL by accessing the web & ftp server from Host A.

Configuration

Step 1(A): Assigning the IP addresses on the Router R1.

R1(config)#interface serial 0

R1(config-if)#ip address 15.0.0.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#clock rate 64000 (Clock Rate will set only DCE Interface)

R1(config-if)#exit

R1(config)#interface ethernet 0

R1(config-if)#ip address 10.0.0.20 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#end

Step 1(B): Assigning the IP addresses on the Router R2.

R2(config)#interface serial 0

R2(config-if)#ip address 15.0.0.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#end

R2(config)#interface ethernet 0

R2(config-if)#ip address 20.0.0.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

Step 2(A): Check the Routing table of the Router R1.

RA#sh ip route

C 10.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 2(B): Check the Routing table of the Router R2.

RB#sh ip route

C 20.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 3(A): Enable the RIP protocol on the Router R1.

RA(config)#router rip

RA(config-router)#network 10.0.0.0 (Networks to be advertised)

RA(config-router)#network 15.0.0.0 (Networks to be advertised)

Step 3(B): Enable the RIP protocol on the Router R2.

RB(config)#router rip 10

RB(config-router)#network 20.0.0.0 (Networks to be advertised)

RB(config-router)#network 15.0.0.0 (Networks to be advertised)

Step 4(A): Check the Routing table of the Router R2 after enabling RIP.

RA#sh ip route

R 20.0.0.0/8 [120/1] via 15.0.0.2, 00:04:42, Serial0

C 10.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 4(B): Check the Routing table of the Router R2 after enabling RIP.

RB#sh ip route

C 20.0.0.0/8 is directly connected, Ethernet0

R 20.0.0.0/8 [120/1] via 15.0.0.1, 00:01:12, Serial0

C 15.0.0.0/8 is directly connected, Serial0

Step 5(A): Make a Web Server to the Host C.

Make a Web Page & Save it on Desktop.
Go to Start Button > All Programs > Administrative Tool > Internet Service Manager
Right Click on the Computer name & goes to New tab > Web Site.
Follow the wizard and make the Web Server.

Step 5(B): Make a Ftp Server to the Host D.

Make a Web Page & Save it on Desktop.
Go to Start Button > All Programs > Administrative Tool > Internet Service Manager
Right Click on the Computer name & goes to New tab > FTP Site.
Follow the wizard and make the FTP Server.

Step 6(A): Verifying the Access of Web Server by the Host ‘A’.