Lab Simulation Question – ACL-5

Lab Simulation Question – ACL-5
A corporation wants to add security to its network. The requirements are:
– Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
– Other types of access from host C to the Finance Web Server should be blocked.
Server should be blocked.
– All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to a single outbound interface.
This access list can contain no more than three statements that meet these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
– All passwords have been temporarily set to “cisco”.
– The Core connection uses an IP address of 198.18.209.65.
– The computers in the Hosts LAN have been assigned addresses of
192.168.78.1 – 192.168.78.254.
– host A 192.168.78.1
– host B 192.168.78.2
– host C 192.168.78.3
– host D 192.168.78.4
– The Finance Web Server has been assigned an address of 172.22.146.17.
– The Public Web Server in the Server LAN has been assigned an address of 172.22.146.18.

200-125-cisco-certified-network-associate_img_385

Pass Cisco CCNA 200-301 Exam in First Attempt

FULL Printable PDF and Software. VALID exam to help you pass.

cisco-exams

2 thoughts on “Lab Simulation Question – ACL-5

  1. The task is to create the following:
    – Allow host C (192.168.78.3) to communicate with the Finance web server (172.22.146.17) via HTTP (port 80).
    – Prohibit all the rest from accessing the Finance web server (172.22.146.17) in any way.
    – All hosts in both LANs should be able to access the Public web server (172.22.146.18).
    – Unlike other questions I’ve seen on this exam, in this one, there is no limit to the number of statements in your access-group (there’s an other similar task where you’re limited to 3 statements).

    The commands would then be:

    enable
    conf t
    access-list 100 permit tcp host 192.168.78.3 host 172.22.146.17 eq 80
    access-list 100 deny ip any host 172.22.146.17
    access-list 100 permit tcp any host 172.22.146.18 eq 80
    interface – since we don’t have the interface name
    ip access-group 100 out
    end
    copy run start

    Then check HTTP access from the hosts using a web browser.

  2. To allow all hosts in the Core and on the local LAN access to the Public Web Server (172.22.109.18): the command should be :

    Corp1(config)#access-list 100 permit ip any host 172.22.109.18
    Not: Corp1(config)#access-list 100 permit ip host 172.22.109.18 any

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.