6.3a Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

This article is deprecated. New version here.

Now this topic is probably what got me a fail. The only simlet I did was a silly standard access sim. All the auto-complete functions were disabled and the hardware felt like it was from the 90s in the lab.

I will make sure I really get these IP access list for the next exam.

6.3.a Standard
So I made a simple lab:
6.3 lab

Standard ACLs only match on the source IP address. In the lab I wrote the required rules so I could keep focused.

BTW the monitor in the LAB was ridiculously small. I couldn’t fit it all on the damn screen.

Anyway it’s pretty easy to configure the ACL’s check page 605 in the CCENT book.
rule 1rule 2rule 3

Don’t forget the IMPLICIT DENY at the end of the ACL!

Using the implicit deny I was able to satisfy all requirement with only 3 ACL entries:
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 10.0.0.100 255.255.255.0
ip access-group 1 out
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.0.1.100 255.255.255.0
ip access-group 2 out
!
access-list 1 permit 1.1.1.1
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 2 permit 10.0.0.0 0.0.0.255

FULL LAB HERE.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s