Cisco certified professional with years of industry-proven experience both as
an instructor and a practicing engineer with a leading internet service
provider in West Africa, I get asked a lot of questions by young and
experienced engineers. One of the areas I have discovered that students at the
CCNA level find difficult is access control list, informally referred to as
ACL. So I have chosen to address the most dreaded question in the CCNA
simulation. The question goes thus:
of statements do the followings:
to server 1 should be denied
users in the LAN or internet to server 1 should be denied
available on the internet, other forms of access should be permit for users in
deep and have the following in mind
server 1. PC0’s IP is 192.168.2.2 while server1 is 192.168.11.2 and http port
is 80. SO lets implement that.
101 permit tcp host 192.168.2.2 host 192.168.11.2 eq 80
access to server1, but look carefully, you will see that the third requirement
says that other forms access from the LAN to server1 should also be denied. Giving
that we are asked not to use more than three lines of statements, we can use a
line to accomplish these two tasks. Here is how .
deny ip any host 192.168.11.2
forms of access within the network. This will allow users access the internet
and other available resources.
any any ( this line is needed because of the implicit deny at the end of every
ACL. The chosen interface will determine if it’s going to be in or out.
from users in the LAN and over the internet, the best interface for the ACL is
the interface leading to the servers. This is because both users from the LAN
and internet will pass through this interface to get to the servers.
server through that interface is exiting the router. Let’s see output clips from the test.