E-Lab 11.2.2a - Configuring an Extended Access List
Plan, configure, and apply an extended ACL to permit or deny specific traffic.
When finished, test the ACL to determine if the desired results were achieved.
Sarajevo wants to prevent any workstations on the 192.168.14.0 subnet from telnetting to anywhere outside the subnet.
All other traffic should be allowed.
Step 1
Test the connectivity from WorkstationA to the router Sarajevo.
The IP address of the interface is 192.168.14.1.
Sarajevo wants to prevent Workstation A from telnetting to anywhere outside its own subnet.
All other traffic should be allowed.
Step 2
Telnet into Sarajevo (192.168.14.1) to check that the telnet function is active.
Step 3.1
Now you are on the terminal window of Workstation A connected to the console port on Sarajevo.
Enter into privileged EXEC mode.
Step 3.2
Enter into global configuration mode.
Step 4.1
Create an extended access-list 101 that will deny traffic from the 192.168.14.0 /24 network with a TCP destination port of 23.
Step 4.2
By default, all access-lists end with an implicit deny any.
Any traffic that is not specifically permitted will be denied.
So to allow all other traffic, put a permit any statement at the end of the access-list.
Add a statement to permit all IP traffic to access-list 101.
Step 5
Enter into interface configuration mode on fastethernet 0/0.
Step 6
Apply the access-list 101 to the fastethernet interface for incoming traffic.
Step 7
Test the connectivity from WorkstationA to the router Sarajevo again.
Step 8
Did the ping succeed?
Now try to telnet into Sarajevo.
Did you succeed?