Hands-on Labs
487
4.
Choose to permit host 172.16.30.2 which is Host B's address:
2501A(config)#access-list 10 permit 172.16.30.2 ?
A.B.C.D Wildcard bits
<cr>
To specify only host 172.16.30.2, use the wildcards 0.0.0.0:
RouterA(config)#access-list 10 permit 172.16.30.2
0.0.0.0
5.
Now that the access list is created, you must apply it to an interface to
make it work:
2501A(config)#int e0
2501A(config-if)#ip access-group 10 out
6.
Verify your access lists with the following commands:
RouterA#sh access-list
Standard IP access list 10
permit 172.16.30.2
RouterA#sh run
[output cut]
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
ip access-group 10 out
ipx network 10A
7.
Test your access list by pinging from Host B (172.16.30.2) to Host A
(172.16.10.2).
8.
Ping from 2501B and 2501C to Host A (172.16.10.2); this should fail
if your access list is correct.
Hands-on Lab 9.2: Extended IP Access Lists
In this lab, you will use an extended IP access list to stop host 172.16.10.2
from creating a Telnet session to router 2501B (172.16.20.2). However, the
host still should be able to ping the 2501B router. IP extended lists should
be placed closest to the source, so add the extended list on router 2501A.
1.
Remove any access lists on 2501A and add an extended list to 2501A.
2.
Choose a number to create an extended IP list. The IP extended lists
use 100199.
Copyright ©2002 SYBEX, Inc., Alameda, CA
www.sybex.com