Access lists

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Guys,

would any of you happen to know any more scenarios, labs etc to practice access lists apart from examples from icnd and sybex...?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

If you like, I could make up some practice access-list questions, and post them in this thread.

Spice_Weasel

 

That's what practice exam companies are for.

 

That will be great..if its not too much trouble..It will help lots of guys like me who are relatively new...

Thanks Spice_weasel

Yeah !! by scenarios I actually meant those that can be implemented on Home Labs...most of the practice questions on exam preps have (what ifs...)

 

That's what companies who develop labs and router simulators are for.

 

Im after some access-list practise questions as well. I found them hard during my ccna bootcamp weekend. Remembering the port numbers for the different services is a big help.

If you can post some questions then that would be great. Thanks.

 

Hi purplejade,

Here are a couple of sample access-list questions. Note that as BosonMicheal said, there are plenty of companies producing various practice and training materials; these questions of mine are just to give a bit of practice.

Question #1
Internal lan 192.168.100.0 /23
Create an inbound access-list for the internal (lan) interface of a gateway router to meet the following requirements:
- block outbound smtp, except to hosts 192.168.100.32 and 192.168.100.40
- block outbound pop3
- block outbound packets with destination ports of tcp and udp from 2300 to 2400 and udp 6073 and tcp 47624, except from host 192.168.100.137
- permit only packets from the internal lan; block all other source ip addresses

Question #2
An access-list is needed for the Internet interface of a router (ip add 2.2.2.2). This access-list will be applied - inbound and must meet the following requirements:
- permit http, https inbound
- permit ldap, smtp inbound only from host 1.1.1.1
- permit citrix-ica inbound only from host 1.1.1.2
- permit ntp inbound only from host 1.1.1.3
- permit ssh inbound only from host 1.1.1.4
- deny and log all inbound telnet packets
- deny and log all packets sourced from private address ranges
- deny all other ip packets

That should give you a bit of practice - have fun!

Spice_Weasel

 

Thanks Spice_weasel,

I'll crack on with these..and see how I get on....