Lab 10.4.4 Extended Access Control Lists

Objective: 

Demonstrate the use of extended access control lists. 

Equipment Requirements: 

Two Routers One Switch with two VLANS set or two switches or two hubs Two workstations 

Scenario: 

We want to create an extended access control list which will prevent telnet access from network 172.32.4.0 to Router-B. The access list should allow all other traffic including TELNET traffic destined to any other host on the network.

Step 1

Construct the above circuit, using IGRP as your routing protocol. 

Use the network address 172.32.3.0/24 on the serial link between the two routers. 

Upon completion of the configuration can the two workstations communicate?

Step 2

Determine an extended access list which will prevent TELNET traffic originating from subnetwork 172.32.4.0 destined for Router-B. 

The access list should allow all other traffic including TELNET traffic destined to any other host on the network. What is the required access list?

Hint: Remember that Router-B has two addresses, E0 has an IP address and S1 has an IP address. Both addresses must be accounted for in the access list.

Step 3

Apply the access list accordingly so that the users on subnet 172.32.4.0 will not have TELNET access to Router-B.

 Which router did you apply the access list to?

Why did you apply the access list to this router instead of the other one?

Step 4

Once you have the access list on the router, what command do you use to apply it to a specific port on the router?

On which port did you apply the access list?

Was the access list applied coming in to the port or going out of the port?

Explain your reasons for applying the access list at the location previously specified.

Step 5

Test the access list by TELNETing Router-B as well as to other devices on the different subnetworks.

Are hosts on subnetwork 172.32.4.0 be able to TELNET any host on subnet 172.32.2.0?

Are hosts on subnetwork 172.32.4.0 able to TELNET to Router-B?

Reflection:

Answer the following questions.

  1. Why is it important to choose the correct wildcard mask for access lists? 


  1. Can you selectively add or remove lines from numbered access lists?


  1. Typically where should extended access lists be placed on a network?