ACL configuration practice

hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
Do anyone knows a couple of good links that I can practice sharpen my ACL configuration commands kind of like this link?

I like what I found except that I am following Odom's ICND2 book, and I am only halfway through the book. I haven't begun Part 3, which is routing protocol theory stuff. So apparently, I can't do the OSPF thing yet. Would someone recommend me to get back to ACL later after I finish the whole book, especially after learning the NAT/ACL configuration? Or should I start practicing now with the ACL?

I stopped studying for a month after I got stuck on the ACL, because I was not sure if I should continue to use PT or GNS3 since I heard ACL doesn't work very well in PT. I wanted to go on GNS3 route, but it takes up more time and resources since I was trying to figure out how I filter out as much services (web, dhcp, dns, ftp, and so forth) as I can since my resources are limited. I don't have enough processing power or memory to run GNS3, VMs, and services.

I also have another thing in mind. I was not sure if I should practice the old and the new ACL commands. I was thinking about interconnecting routers containing the older IOS version with routers containing the newer IOS version. I was also not sure if I should only practice with named ACL or should I include numbered ACL as well.

If you guys think I am better off waiting until the end, then I would love to get started again on studying right now.

Comments

  • Chris_Chris_ Member Posts: 326
    For CCNA level, I've heard that PT is actually quite good for ACLs! Because it has built in servers with a range of services to hand so you can practice a good mix of ACLs.
    Regarding the type of ACL to practice - simple, all of them.

    Get ACLs mastered now, no point moving on then coming back to it. So many other topics require the use of ACLs - nat, dhcp, route maps, qos, vpns, isdn dialers..... and on and on. They are a fundamental subject, so get practising on all the flavours.

    In my lab I use a tool called netcat which allows me to generate different traffic types to test my ACLs, it's really good but obviously requires 'real' network devices or GNS3 to interact with the hosts.
    Going all out for Voice. Don't worry Data; I'll never forget you
    :study: CVoice [X] CIPT 1 [ ] CIPT 2 [ ] CAPPS [ ] TVOICE [ ]
  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    Chris_ wrote: »
    For CCNA level, I've heard that PT is actually quite good for ACLs! Because it has built in servers with a range of services to hand so you can practice a good mix of ACLs.
    Regarding the type of ACL to practice - simple, all of them.

    Get ACLs mastered now, no point moving on then coming back to it. So many other topics require the use of ACLs - nat, dhcp, route maps, qos, vpns, isdn dialers..... and on and on. They are a fundamental subject, so get practising on all the flavours.

    In my lab I use a tool called netcat which allows me to generate different traffic types to test my ACLs, it's really good but obviously requires 'real' network devices or GNS3 to interact with the hosts.

    Great. I guess I should get started on PT. However, the problem is that I can't do the sequenced ACL, because I know I won't actually see the numberical list of permit/deny rules under an ACL. This was the issue that prevented me from continuing my PT study. Do you think it's irrevelant as long as I still know what a real sequenced ACL looks like? I know I can't use the "no 20" command to remove a line from the ACL. Can this be ignored for now, and I should start concentrating on how to create certain rules to allow legitmate traffic and filter out illegimate traffic? I can't help not leaving out everything I want to know unless I was advised to icon_lol.gif
  • Chris_Chris_ Member Posts: 326
    I don't really use PT so didn't realise it had this limitation; even so, it's a fairly minor letdown in what seems to be a fantastic learning tool.

    I would really advise you to get GNS3 - it's not that resource hungry, especially if you run it under Linux. And it's the next best thing to real kit. Is your home PC really that bad a spec?
    Going all out for Voice. Don't worry Data; I'll never forget you
    :study: CVoice [X] CIPT 1 [ ] CIPT 2 [ ] CAPPS [ ] TVOICE [ ]
  • hiddenknight821hiddenknight821 Member Posts: 1,209 ■■■■■■□□□□
    Chris_ wrote: »
    I don't really use PT so didn't realise it had this limitation; even so, it's a fairly minor letdown in what seems to be a fantastic learning tool.

    I would really advise you to get GNS3 - it's not that resource hungry, especially if you run it under Linux. And it's the next best thing to real kit. Is your home PC really that bad a spec?

    What I have is Intel Core 2 Duo E7400, which runs at 2.8GHz without OC (not using overclock as of right now), and I only have 2GB of RAM. I'm still using the "old" DDR2. I doubt that I can run many routers with advanced IOS along with 5 or more VMs. You may think it's quick and easy to set this up, but for me it takes up a lot of my time, and I wanted a portable solution. I have an EeePC netbook with N550 dual-core processor, and I want to run GNS3 on it under Linux, but it's is probably not a good idea since my netbook gets hot quickly while running linux in idle mode. It would reach around 70 degree Celisus. I gave up and stick with PT under Windows on my netbook. If you think my desktop spec can handle it, then I would give it a try sometime this week. By the way, I do have the actual labs, but I only have three routers, and I don't think it's enough for ACL practice I want to do.
Sign In or Register to comment.