E-Lab 11.2.1a - Configuring a Standard Access List
The purpose of this exercise is to create and apply a standard ACL to filter traffic, and to test the ACL to determine if the desired results were achieved.
Assume that the FastEthernet 0/0 interface on the Zagreb router has been configured.
It is decided that Workstation A must be prevented from reaching Tirane.
A CCNA student suggests trying a standard access list inbound on Zagreb's Fast Ethernet port and blocking the entire subnet.
Step 1
Ping the Zagreb 192.168.14.1 router from Workstation A to test Layer 3 connectivity.
Step 2
Telnet to the router Zagreb 192.168.14.1.
Step 3.1
Enter into privileged EXEC mode on the Zagreb router.
Step 3.2
Enter into global configuration mode.
Step 4.1
Create a standard access-list statement that will deny all traffic from the network 192.168.14.0 /24 on access-list number 1.
Step 4.2
All access-lists end with an implicit deny any.
So to allow all other traffic that has not matched any access-list statements, add an explicit permit any at the end to allow all traffic.
Step 5
Enter into interface configuration mode for fastethernet 0/0.
Step 6
Apply the access-list 1 for incoming traffic to this interface.
Step 7
Issue a ping to the fastethernet 0/0 interface (192.168.14.1) on Zagreb.
Is the ping successful?
Why or why not?
How would you write the wildcard mask to block only workstation A?
Do you agree with the placement of the access list?