6.3a Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

This article is deprecated. New version here.
Now this topic is probably what got me a fail. The only simlet I did was a silly standard access sim. All the auto-complete functions were disabled and the hardware felt like it was from the 90s in the lab.
I will make sure I really get these IP access list for the next exam.
6.3.a Standard
So I made a simple lab:
6.3 lab
Standard ACLs only match on the source IP address. In the lab I wrote the required rules so I could keep focused.
BTW the monitor in the LAB was ridiculously small. I couldn’t fit it all on the damn screen.
Anyway it’s pretty easy to configure the ACL’s check page 605 in the CCENT book.
rule 1rule 2rule 3
Don’t forget the IMPLICIT DENY at the end of the ACL!
Using the implicit deny I was able to satisfy all requirement with only 3 ACL entries:
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.0.0.100 255.255.255.0
ip access-group 1 out
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.0.1.100 255.255.255.0
ip access-group 2 out
!
access-list 1 permit 1.1.1.1
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 2 permit 10.0.0.0 0.0.0.255
FULL LAB HERE.

Leave a comment

Your email address will not be published. Required fields are marked *