Always Read for Knowledge: CCNA LAB Practice

II. EXTENDED ACL

Extended IP lists (100-199) test conditions of source and destination addresses, specific TCP/IP protocols, and destination ports.

In this lab scenario, initially both the Hosts ’A’ & ‘B’ are accessing the Web & Ftp services but then apply the Extended ACL in this way that Host ‘A’ can be access only the web services & and Host ‘B’ could be access the Ftp Services only.

It is recommended that place the Extended ACL near the source.

Diagram

Procedure

Configuring & Assigning the IP addresses on the routers R1 & R2.
Check the routing table on both the routers.
Enable the routing protocol on both routers so that hosts on the both routers can communicate with each other.
Check the routing table on both the routers after enabling the routing protocol on both sides.
Make a web server & ftp server to the hosts C & D respectively.
Verifying the access of web server & ftp server by the hosts A & B respectively.
Make & Apply the Extended ACL on the router R1, so that Host ‘A’ can not access the Web services & Host ‘B’ can not access the Ftp services.
Verifying the Standard ACL by accessing the Web & Ftp services from Host A & Host ‘B’.

Configuration

Step 1(A): Assigning the IP addresses on the Router R1.

R1(config)#interface serial 0

R1(config-if)#ip address 15.0.0.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#clock rate 64000 (Clock Rate will set only DCE Interface)

R1(config-if)#exit

R1(config)#interface ethernet 0

R1(config-if)#ip address 10.0.0.20 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#end

Step 1(B): Assigning the IP addresses on the Router R2.

R2(config)#interface serial 0

R2(config-if)#ip address 15.0.0.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#end

R2(config)#interface ethernet 0

R2(config-if)#ip address 20.0.0.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

Step 2(A): Check the Routing table of the Router R1.

RA#sh ip route

C 10.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 2(B): Check the Routing table of the Router R2.

RB#sh ip route

C 20.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 3(A): Enable the RIP protocol on the Router R1.

RA(config)#router rip

RA(config-router)#network 10.0.0.0 (Networks to be advertised)

RA(config-router)#network 15.0.0.0 (Networks to be advertised)

Step 3(B): Enable the RIP protocol on the Router R2.

RB(config)#router rip 10

RB(config-router)#network 20.0.0.0 (Networks to be advertised)

RB(config-router)#network 15.0.0.0 (Networks to be advertised)

Step 4(A): Check the Routing table of the Router R2 after enabling RIP.

RA#sh ip route

R 20.0.0.0/8 [120/1] via 15.0.0.2, 00:04:42, Serial0

C 10.0.0.0/8 is directly connected, Ethernet0

C 15.0.0.0/8 is directly connected, Serial0

Step 4(B): Check the Routing table of the Router R2 after enabling RIP.

RB#sh ip route

C 20.0.0.0/8 is directly connected, Ethernet0

R 20.0.0.0/8 [120/1] via 15.0.0.1, 00:01:12, Serial0

C 15.0.0.0/8 is directly connected, Serial0

Step 5(A): Make a Web Server to the Host C.

Make a Web Page & Save it on Desktop.
Go to Start Button > All Programs > Administrative Tool > Internet Service Manager
Right Click on the Computer name & goes to New tab > Web Site.
Follow the wizard and make the Web Server.

Step 5(B): Make a Ftp Server to the Host D.

Make a Web Page & Save it on Desktop.
Go to Start Button > All Programs > Administrative Tool > Internet Service Manager
Right Click on the Computer name & goes to New tab > FTP Site.
Follow the wizard and make the FTP Server.

Step 6(A): Verifying the Access of Web Server by the Host ‘A’.