Up to this point in the course, you have seen the use of access control lists (ACLs) in many applications. For example, ACLs have been used for distribute lists with OSPF, configuring NAT, and with site-to-site generic routing encapsulation (GRE) over IPsec. Now it is your turn to engage with your classmates. Your task has two parts:
You will create a requirements statement that needs to be solved using an ACL where traffic will either be permitted or denied (or a combination of both). This part of the discussion must be created by Sunday evening of this week in order to give others an opportunity to solve it by Tuesday evening. You must include the following in your scenario:
Identify the source you want to permit or deny
Identify the destination
Indicate either the ACL name or number to be used
Using what you have learned about ACLs and what you already know from your CCNA studies (or using Chapter 26 as a refresher), reply to one of your classmates’ posts and provide them with the following:
An ACL, created by you, using your classmates’ prompts to formulate your answer. include:
The device on which the ACL will be placed
The interface on which the ACL will be placed
The direction in which the ACL would be applied
If you can create a different ACL that satisfies the requirements, a second “reply” may be made to the original post, but only if it differs from the first solution. Otherwise, there should only be one posted solution per question.
Finally, try to provide an alternative solution, along with resources to support your claims, if you believe that the original ACL scenario posed might be better crafted based on its requested placement in the topology.
Here is an example to help you get started:
Requirement Statement from Learner A: Using a standard ACL with the number 99, deny all traffic from PC1 from getting to PC3, but allow all other traffic from PC1 to get anywhere else.
Response from Learner B: My ACL will be placed on R3 and applied on interface gi0/2 in the outbound direction. Here is my ACL:
R3(config)# access-list 99 deny host 192.168.10.10
R3(config)# access-list 99 permit any
R3(config)# interface gi0/2
R3(config-if)# ip access-group 99 out