ACL Packet tracer exercise
Bolton07
Member Posts: 87 ■■□□□□□□□□
in CCNA & CCENT
I am having problems completing an ACL Packet tracer exercise.
Can anyone please help me? Don't think you can attatch packet tracer files on this forum.
But if you give me your email I could foward it to you.
Regards
Adam
Can anyone please help me? Don't think you can attatch packet tracer files on this forum.
But if you give me your email I could foward it to you.
Regards
Adam
Comments
-
Monkerz Member Posts: 842Why don't you explain the problem and we can try to help you? You can include a screenshot and configs if you like.
The different version of PT act differently. A problem you may be having, may not show up if we open it with a newer version of the software. -
Bolton07 Member Posts: 87 ■■□□□□□□□□I am on Packet tracer 5.1 if that helps.
I am not too good on the basics so its hard for me to explain
Find attached the table for the ACLs config
Doesn't seem to paste on here -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Okay, what exactly are you having trouble with? I understand what you need to do but are you confused about how to configure an ACL on an interface or what?Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
Bolton07 Member Posts: 87 ■■□□□□□□□□Think I might be close to understanding
Should you just enter the permit ACL statements and not enter the deny ACLs as they are done by the impicit deny?
Do i put the first two rows on the table to ACL 150 ,and the row 4 and 5 to ACL 160?
Thanks
Adam -
Monkerz Member Posts: 842Can you post the the topology? There is nothing in the directions that tell us what goal to associate with each ACL. I am assuming this is setup as RoaS with the "resources" downstream of Fa0/1 and the clients coming in on a different interface.
-
Bolton07 Member Posts: 87 ■■□□□□□□□□Tried attatching the Packet tracer topology but the file is too big.
Will try and put the ACL configs on here tommorow so people can advise me.
Are you sure you can't work out the configs from the earlier attatchment? -
Bolton07 Member Posts: 87 ■■□□□□□□□□I seem to be stuggling with th ACL configs on interfaces on packet tracer.
I got 75% but must have gone wrong somewhere.
The first three rows of the first table (Step 2) are for interface fast Ethernet 0/1.1
And last three rows of the first table (Step 2) are for interface Fast Ethernet 0/1.2
Can anyone please help with the ACL configs. There is an attachment on one of the above replies.
THanks
Adam -
Bolton07 Member Posts: 87 ■■□□□□□□□□Then Step 3 ACL is meant to be applied to s0/0/0 interface of the London router
-
Monkerz Member Posts: 842So what exactly are you having problems with? Does this not work for what you need? Is this your home work?
Step 2:access-list 150 permit ip 172.16.100.0 0.0.0.255 172.16.20.0 0.0.0.255 access-list 150 permit tcp 172.16.10.0 0.0.0.255 host 172.16.20.100 eq www access-list 160 permit ip 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 access-list 160 permit tcp 172.16.100.0 0.0.0.255 host 172.16.30.100 eq www interface FastEthernet 0/1.1 ip access-group 150 out interface FastEthernet 0/1.2 ip access-group 160 out
Step 3:ip access-list extended ICMP permit icmp 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255 interface serial 0/0/0 ip access-group ICMP in
-
Bolton07 Member Posts: 87 ■■□□□□□□□□Forgot to put the host command in step 2.
Will try again and see if i am successful -
Bolton07 Member Posts: 87 ■■□□□□□□□□Still stuck on 75%. Maybe its an error with packet tracer.
Suppose i could have got Step 1 wrong but i don't think so.
Find attatched for Step 1 -
Monkerz Member Posts: 842Ok, if you can't complete step 1, something is wrong. They tell you exactly how to do it...
access-list 10 permit 172.16.50.0 0.0.0.255 line vty 0 4 access-class 10 in
-
Eildor Member Posts: 444There's an error in the ACL, the IP address he put down is 72. instead of 172.
Bolton07 I have tried the exercise myself and I too scored 75%, however I do believe that everything is working as it should be (on my configuration, that is). -
Eildor Member Posts: 444Although I have got everything to work (at least I think I have) that is one messed up PT exercise -- where did you get it from? Even after resetting the exercise if you take a look at interface 0/1.2 you will notice there's already an access list set up on the interface... one which doesn't exist and should never exist on that router.
-
Eildor Member Posts: 444Ok, looks like this exercise can be done after all. I'm on 83% so far, I'll let you know when I'm done.
-
Bolton07 Member Posts: 87 ■■□□□□□□□□Did you have to delete that access list that shouldn't be there
Got the packets tracer files off a website called
http://classroom.easyictsolutions.co.uk/ -
Eildor Member Posts: 444I had configured the ICMP ACL as shown by Monkerz, however I don't believe that is the complete configuration.
I think the correct ACL configuration would be:
Extended IP access list ICMP
permit icmp 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255
deny ip 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255
permit ip any any
but I'm not certain... that brings the score up to 83%. The exercise just isn't clear at all, so it's easy to get it wrong. -
Eildor Member Posts: 444You know what, don't bother with this exercise, it's only going to waste your time. Learn how to configure ACL's, and learn how they work; trying to figure out how to configure a terribly worded specification can wait.
-
Eildor Member Posts: 444Thanks for all the help though
No problem; sorry I couldn't have been of more help. -
Ltat42a Member Posts: 587 ■■■□□□□□□□In your lab, if you're only getting to 75 or 83%, click on the "Check Results" button in the PT Activity window, then click "Check Results". If it's not locked, it will display what items have been completed and what items have not.
Also....there are lots of ACL tutorials for PT on Youtube
hth