ACL Help please

Discussion in 'General Cisco Certifications' started by zimbo, Nov 1, 2008.

Page 2 of 2
  1. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Nov 2, 2008 #21
    Remove Advertisement - Premium Membership
    You can ad more lines in either extended or standard ACLs mate.
    Depending where you must place the ACL you may have to create two separate ACLs one for IN (inbound) other for OUT (outbound).
    You can have an extended ACL for the inbound traffic and a standard ACL for the outbound traffic.

    Hope it answers your question mate.

    Best of luck.

    Albert, C
     
    Certifications: CCNA
    WIP: 220-701 - A+
  2. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Nov 3, 2008 #22
    Remove Advertisement - Premium Membership
    Two: one in, one out.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  3. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    Nov 3, 2008 #23
    Given these requirements:
    1 - Students can reach PC2 and PC3 in Admin network
    2 - Students should not be able to reach any other hosts in Admin network
    3 - Any Admin host should be able to reach any Student host

    Strictly speaking, none of the access-lists shown will work properly. You will need to use the "established" keyword, or a reflexive access-list. Requirement 2, above, will prevent any Admin host from establishing a connection to a Student host because it will prevent any traffic from Student to Admin networks. Admin hosts (except PC2 and PC3) will be unable to get a response to ping or establish a tcp connection to any Student host (although Admin hosts could spam icmp and udp, assuming they don't mind not getting a response back).

    Established or reflexive access-lists might be a bit more advanced topic than the intention of the design exercise, in which case ignore it, but it is good to know that tcp will not work, assuming I have the requirements correct! :)

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE
  4. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Nov 3, 2008 #24
    You are right kevicho but I was told at college to place it manually just to be on the safe side so force of habit I'd say.

    spice-wisel got to read about those reflexive access-list, thanks for spreading the sead in my mind lol
     
    Certifications: CCNA
    WIP: 220-701 - A+
Page 2 of 2

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...