06-17-2019 11:00 AM
I am preparing for the ICND1 exam and working with ACL's using three actual Cisco 1841 routers, 3 Cisco switches, and two laptops and one server.
I made sure both laptops on separate routers and networks could both access a website on the server on the third router and separate network. I then created an ACL on the INPUT to the router interface for the server. This ACL allows one laptop to be permitted by IP address. This does appear to block the other laptop.
'
I am following the "Cisco Official Cert Guide for the CCENT/CCNA ICND1 100-105" exam pages 596 - 607 but am not seeing at all the results the books says I should see.
R1#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 15.1(4)M7, RELEASE SOFTWARE (fc2)
R1#show access-lists
Standard IP access list 20
10 permit 10.1.1.5 log
R1#show ip int s0/0/0
Serial0/0/0 is up, line protocol is up
Internet address is 189.24.132.50/30
Outgoing access list is not set
Inbound access list is 20
I have attached a document using Cisco Academy's packet tracer to show how my actual hardware network is set up.
Thank you for your help.
David Adams, Mobile, AL
06-17-2019 01:18 PM - edited 06-17-2019 01:19 PM
Hello,
looking at your document, the IP address allowed in the access list is 10.1.1.5, which is the IP address of the server ?
What do you want to accomplish, allow one laptop to access the server, and deny the other access to the server ?
If this is a Packet Tracer project, post the (zipped) project (.pkt) file...
06-17-2019 03:33 PM
Ok, I went back and started over - it now appears to be working.
R1#configure t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 1 permit 10.2.2.5
R1(config)#int s0/0/0
R1(config-if)#ip access-group 1 in
R1(config-if)#end
R1#
*Jun 17 22:00:53.931: %SYS-5-CONFIG_I: Configured from console by console
R1#wr
Building configuration...
[OK]
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#no access-list 1 permit 10.2.2.5
R1(config)#int s0/0/0
R1(config-if)#no ip access-group 1 in
R1(config-if)#end
R1#w
*Jun 17 22:02:53.887: %SYS-5-CONFIG_I: Configured from console by console
R1#wr
Building configuration...
[OK]
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 12 permit 10.2.2.5 log
R1(config)#int s0/0/0
R1(config-if)#ip access-group 12 in
R1(config-if)#end
R1#w
*Jun 17 22:04:04.311: %SYS-5-CONFIG_I: Configured from console by console
R1#wr
Building configuration...
[OK]
R1#
*Jun 17 22:04:24.451: %SEC-6-IPACCESSLOGNP: list 12 permitted 0 10.2.2.5 -> 10.1.1.5, 1 packet
R1#
06-17-2019 07:54 PM
Hello,
that looks a lot better. You needed the IP address of the laptop and not the server in the access list...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide