Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

RT$1$ G$0/0172\mathrm{.}31\mathrm{.}1\mathrm{.}126255\mathrm{.}255\mathrm{.}255\mathrm{.}224$ N$/$A

RT$1$ S$0/0/0209\mathrm{.}165\mathrm{.}1\mathrm{.}2255\mathrm{.}255\mathrm{.}255\mathrm{.}252$ N$/$A

PC$1$ NIC $172\mathrm{.}31\mathrm{.}1\mathrm{.}101255\mathrm{.}255\mathrm{.}255\mathrm{.}224172\mathrm{.}31\mathrm{.}1\mathrm{.}126$

PC$2$ NIC $172\mathrm{.}31\mathrm{.}1\mathrm{.}102255\mathrm{.}255\mathrm{.}255\mathrm{.}224172\mathrm{.}31\mathrm{.}1\mathrm{.}126$

PC$3$ NIC $172\mathrm{.}31\mathrm{.}1\mathrm{.}103255\mathrm{.}255\mathrm{.}255\mathrm{.}224172\mathrm{.}31\mathrm{.}1\mathrm{.}126$

Server$1$ NIC $64\mathrm{.}101\mathrm{.}255\mathrm{.}254$ Blank Blank

Server$2$ NIC $64\mathrm{.}103\mathrm{.}255\mathrm{.}254$ Blank blank

Objectives

Part $1$: Configure a Named Extended ACL

Part $2$: Apply and Verify the Extended ACL

Instructions

Part $1$: Configure a Named Extended ACL

Configure one named ACL to implement the following policy:

$$ Block HTTP and HTTPS access from PC$1$ to Server$1$ and Server$2.$ The servers are inside the cloud

and you only know their IP addresses.

$$ Block FTP access from PC$2$ to Server$1$ and Server$2.$

$$ Block ICMP access from PC$3$ to Server$1$ and Server$2.$

Note: For scoring purposes, you must configure the statements in the order specified in the following steps.

Step $1$: Deny PC$1$ access to HTTP and HTTPS services on Server$1$ and Server$2.$

a$.$ Create a named extended IP access list on router RT$1$ which will deny PC$1$ access to the HTTP and

HTTPS services of Server$1$ and Server$2.$ Four access control statements are required. Use LimitedAccess as the name of the named access list in this activity.

Question:

What is the command to begin the configuration of an extended access list with the name LimitedAccess?

b$.$ Begin the ACL configuration with a statement that denies access from PC$1$ to Server$1,$ only for HTTP $($port $80).$

c$.$Refer to the addressing table for the IP address of PC$1$ and Server$1.$

RT$1($config$-$ext$-$nacl$)$# deny tcp host $172\mathrm{.}31\mathrm{.}1\mathrm{.}101$ host $64\mathrm{.}101\mathrm{.}255\mathrm{.}254$ eq $80.$ Next, enter the statement that denies access from PC$1$ to Server$1,$ only for HTTPS $($port $443).$

RT$1($config$-$ext$-$nacl$)$# deny tcp host $172\mathrm{.}31\mathrm{.}1\mathrm{.}101$ host $64\mathrm{.}101\mathrm{.}255\mathrm{.}254$ eq $443$