- Computers & electronics
- Software
- Networking software
- Network monitoring software
- Cisco
- Packet Tracer
- Instructions
- 3 Pages
Cisco Packet Tracer Instructions
Below you will find brief information for Packet Tracer. This document provides instructions for troubleshooting access control lists (ACLs) on Cisco routers. You will learn how to diagnose and fix common ACL issues. The Packet Tracer software is a network simulation tool that allows you to build and test network configurations in a safe and controlled environment, making it ideal for learning and practicing troubleshooting skills.
advertisement
Assistant Bot
Need help? Our chatbot has already read the manual and is ready to assist you. Feel free to ask any questions about the device, but providing details will make the conversation more productive.
Packet Tracer - Troubleshooting ACLs
Topology
Addressing Table
Device
R1
Server1
Server2
Server3
L1
L2
L3
Interface
NIC
NIC
NIC
NIC
NIC
G0/0
G0/1
G0/2
NIC
IP Address
10.0.0.1
172.16.0.1
192.168.0.1
172.16.255.254
192.168.0.254
10.255.255.254
172.16.0.2
192.168.0.2
10.0.0.2
Objectives
Part 1: Troubleshoot ACL Issue 1
Part 2: Troubleshoot ACL Issue 2
Part 3: Troubleshoot ACL Issue 3
Subnet Mask
255.0.0.0
255.255.0.0
255.255.255.0
255.255.0.0
255.255.255.0
255.0.0.0
255.255.0.0
255.255.255.0
255.0.0.0
Default Gateway
N/A
N/A
N/A
172.16.0.1
192.168.0.1
10.0.0.1
172.16.0.1
192.168.0.1
10.0.0.1
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 3
Packet Tracer - Troubleshooting ACLs
Scenario
This network is meant to have the following three policies implemented:
Hosts from the 192.168.0.0/24 network are unable to access any TCP service of Server3.
Hosts from the 10.0.0.0/8 network are unable to access the HTTP service of Server1.
Hosts from the 172.16.0.0/16 network are unable to access the FTP service of Server2.
Note: A ll FTP usernames and passwords are “cisco”.
No other restrictions should be in place. Unfortunately, the rules that have been implemented are not working correctly. Your task is to find and fix the errors related to the access lists on R1.
Part 1: Troubleshoot ACL Issue 1
Hosts from the 192.168.0.0/24 network are intentionally unable to access any TCP service of Server3, but should not be otherwise restricted.
Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to what you would expect from the ACL. a. Using L2, attempt to access FTP and HTTP services of Server1, Server2, and Server3. b. Using L2, ping Server1, Server2, and Server3. c. Using L2, ping G0/2 of R1. d. View the running configuration on R1. Examine access list 192_to_10 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order? e. Perform other tests, as necessary.
Step 2: Implement a solution.
Make an adjustment to access list 192_to_10 to fix the problem.
Step 3: Verify that the problem is resolved and document the solution.
If the problem is resolved, document the solution: otherwise return to Step 1.
Part 2: Troubleshoot ACL Issue 2
Hosts from the 10.0.0.0/8 network are intentionally unable to access the HTTP service of Server1, but should not be otherwise restricted.
Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to what you would expect from the ACL. a. Using L3, attempt to access FTP and HTTP services of Server1, Server2, and Server3. b. Using L3, ping Server1, Server2, and Server3.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 3
Packet Tracer - Troubleshooting ACLs c. View the running configuration on R1. Examine access list 10_to_172 and its placement on the interfaces. Is the access list placed on the correct interface and in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order? d. Run other tests as necessary.
Step 2: Implement a solution.
Make an adjustment to access list 10_to_172 to fix the problem.
Step 3: Verify the problem is resolved and document the solution.
If the problem is resolved, document the solution; otherwise return to Step 1.
Part 3: Troubleshoot ACL Issue 3
Hosts from the 172.16.0.0/16 network are intentionally unable to access the FTP service of Server2, but should not be otherwise restricted.
Step 1: Determine the ACL problem.
As you perform the following tasks, compare the results to the expectations of the ACL. a. Using L1, attempt to access FTP and HTTP services of Server1, Server2, and Server3. b. Using L1, ping Server1, Server2, and Server3. c. View the running configuration on R1. Examine access list 172_to_192 and its placement on the interfaces. Is the access list placed on the correct port in the correct direction? Is there any statement in the list that permits or denies traffic to other networks? Are the statements in the correct order? d. Run other tests as necessary.
Step 2: Implement a solution.
Make an adjustment to access list 172_to_192 to fix the problem.
Step 3: Verify the problem is resolved and document the solution.
If the problem is resolved, document the solution; otherwise return to Step 1.
Suggested Scoring Rubric
Question Location
Documentation Score
Packet Tracer Score
Total Score
Possible
Points
10
90
100
Earned
Points
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 3
advertisement
Key Features
- Troubleshooting ACL issues
- Diagnosing network connectivity problems
- Implementing and verifying ACL rules
- Understanding ACL concepts and best practices
- Using Packet Tracer to simulate network scenarios