Lab 10.2.7 Standard Access Control Lists

Objective:

Demonstrate the use of standard access control lists.

Equipment Requirements:

  • Two Routers
  • One Switch with two VLANS set or two switches or two hubs
  • Two workstations

Scenario:

We want to create a standard access-list which will prevent network traffic from users on network 172.32.2.0. The access-list should be applied to the correct router and on the correct interface so that users on network 172.32.2.0 will not be able to access network 172.32.4.0.

Step 1

Construct the above circuit, using IGRP as your routing protocol.  Use the network address 172.32.3.0/24 on the serial link between the two routers.

Upon completion of the configuration will the two workstations be able to communicate?

List the entries in the routing table

Step 2

Determine a standard access list which will prevent access from any user on subnet 172.32.2.0.

What is the required access list?

Step 3

Apply the access list accordingly so that the users on subnet 172.32.2.0 will not have access to subnet 172.32.4.0.

Which router did you apply the access list to?

On which port did you apply the access list?

Was the access list applied coming in to the port or going out of the port?

Explain your reasons for placing the access list at the location previously specified.

Step 4

Issue several ping commands to test this access list.

Are hosts on subnetwork 172.32.2.0 be able to ping any host on subnet 172.32.4.0?

Is router-b able to ping any host on subnetwork 172.32.4.0? Is router-a able to ping any host on subnetwork 172.32.4.0?

Reflection:

Answer the following questions.

  1. Why is it important to choose the correct wildcard mask for access lists?

  1. Can you alter the information on a particular line of an access list that exists in the middle of the list?

  1. Typically where should standard access lists be placed on a network?