ACL Packet tracer exercise

Why don't you explain the problem and we can try to help you? You can include a screenshot and configs if you like.

The different version of PT act differently. A problem you may be having, may not show up if we open it with a newer version of the software.

I am on Packet tracer 5.1 if that helps.

I am not too good on the basics so its hard for me to explain

Find attached the table for the ACLs config

Doesn't seem to paste on here

ACLS.doc

jamesleecoleman

Okay, what exactly are you having trouble with? I understand what you need to do but are you confused about how to configure an ACL on an interface or what?

Think I might be close to understanding

Should you just enter the permit ACL statements and not enter the deny ACLs as they are done by the impicit deny?

Do i put the first two rows on the table to ACL 150 ,and the row 4 and 5 to ACL 160?

Thanks

Adam

Can you post the the topology? There is nothing in the directions that tell us what goal to associate with each ACL. I am assuming this is setup as RoaS with the "resources" downstream of Fa0/1 and the clients coming in on a different interface.

Tried attatching the Packet tracer topology but the file is too big.

Will try and put the ACL configs on here tommorow so people can advise me.

Are you sure you can't work out the configs from the earlier attatchment?

I seem to be stuggling with th ACL configs on interfaces on packet tracer.

I got 75% but must have gone wrong somewhere.

The first three rows of the first table (Step 2) are for interface fast Ethernet 0/1.1

And last three rows of the first table (Step 2) are for interface Fast Ethernet 0/1.2

Can anyone please help with the ACL configs. There is an attachment on one of the above replies.

THanks

Adam

Then Step 3 ACL is meant to be applied to s0/0/0 interface of the London router

So what exactly are you having problems with? Does this not work for what you need? Is this your home work?

Step 2:

access-list 150 permit ip 172.16.100.0 0.0.0.255 172.16.20.0 0.0.0.255
access-list 150 permit tcp 172.16.10.0 0.0.0.255 host 172.16.20.100 eq www

access-list 160 permit ip 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255
access-list 160 permit tcp 172.16.100.0 0.0.0.255 host 172.16.30.100 eq www

interface FastEthernet 0/1.1
    ip access-group 150 out

interface FastEthernet 0/1.2
    ip access-group 160 out

Step 3:

ip access-list extended ICMP
    permit icmp 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255

interface serial 0/0/0
    ip access-group ICMP in

Forgot to put the host command in step 2.

Will try again and see if i am successful

Still stuck on 75%. Maybe its an error with packet tracer.

Suppose i could have got Step 1 wrong but i don't think so.

Find attatched for Step 1

step 1.doc

Ok, if you can't complete step 1, something is wrong. They tell you exactly how to do it...

access-list 10 permit 172.16.50.0 0.0.0.255

line vty 0 4
    access-class 10 in

eildor@hotmail.co.uk

Have you noticed something wrong with ACL 150?

Eildor wrote: »

Have you noticed something wrong with ACL 150?

What's wrong?

There's an error in the ACL, the IP address he put down is 72. instead of 172.

Bolton07 I have tried the exercise myself and I too scored 75%, however I do believe that everything is working as it should be (on my configuration, that is).

Although I have got everything to work (at least I think I have) that is one messed up PT exercise -- where did you get it from? Even after resetting the exercise if you take a look at interface 0/1.2 you will notice there's already an access list set up on the interface... one which doesn't exist and should never exist on that router.

Ok, looks like this exercise can be done after all. I'm on 83% so far, I'll let you know when I'm done.

Did you have to delete that access list that shouldn't be there

Got the packets tracer files off a website called

http://classroom.easyictsolutions.co.uk/

I had configured the ICMP ACL as shown by Monkerz, however I don't believe that is the complete configuration.

I think the correct ACL configuration would be:

Extended IP access list ICMP
permit icmp 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255
deny ip 172.16.10.0 0.0.0.255 172.16.100.0 0.0.0.255
permit ip any any

but I'm not certain... that brings the score up to 83%. The exercise just isn't clear at all, so it's easy to get it wrong.

You know what, don't bother with this exercise, it's only going to waste your time. Learn how to configure ACL's, and learn how they work; trying to figure out how to configure a terribly worded specification can wait.

Thanks for all the help though