Sure, here are some hands-on lab exercises on configuring ACLs:
### Lab Exercise 1: Basic ACL Configuration
Objective: Configure a standard ACL to permit or deny specific traffic based on source IP addresses.
Topology: ``` [PC] —– [Router] —– [Server] ```
1. Configure the Router interface facing the PC:
``` Router(config)# interface <interface> Router(config-if)# ip address <ip_address> <subnet_mask> Router(config-if)# no shutdown ```
2. Configure a Standard ACL to permit or deny traffic:
```
Router(config)# access-list <number> {permit | deny} <source>
```
Example:
```
Router(config)# access-list 10 permit 192.168.1.0 0.0.0.255
```
3. Apply the ACL to the interface facing the Server:
```
Router(config)# interface <interface>
Router(config-if)# ip access-group <number> {in | out}
```
Example:
```
Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip access-group 10 in
```
4. Verify ACL configuration:
``` Router# show access-lists ```
### Lab Exercise 2: Extended ACL Configuration
Objective: Configure an extended ACL to permit or deny specific traffic based on source/destination IP addresses, port numbers, and protocols.
Topology: ``` [PC] —– [Router] —– [Server] ```
1. Configure the Router interface facing the PC and Server:
2. Configure an Extended ACL to permit or deny traffic:
```
Router(config)# access-list <number> {permit | deny} <protocol> <source> <source-wildcard> <destination> <destination-wildcard> [operator [port]]
```
Example:
```
Router(config)# access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
```
3. Apply the ACL to the interface facing the Server:
4. Verify ACL configuration:
### Lab Exercise 3: ACL Evaluation Order
Objective: Understand the order of ACL evaluation by configuring multiple ACLs with overlapping rules.
Topology: ``` [PC] —– [Router] —– [Server] ```
1. Configure multiple ACLs with overlapping rules.
2. Apply the ACLs to different interfaces or traffic directions (inbound/outbound).
3. Generate traffic from the PC to observe how ACL evaluation order impacts traffic filtering.
4. Verify ACL configuration and traffic behavior.
### Lab Exercise 4: Troubleshooting ACLs
Objective: Troubleshoot ACL-related issues by analyzing ACL configuration, placement, and traffic behavior.
Topology: ``` [PC] —– [Router] —– [Server] ```
1. Analyze ACL configuration to ensure correctness and consistency.
2. Verify ACL placement and directionality (inbound/outbound) on router interfaces.
3. Generate test traffic from the PC and observe how ACLs filter or permit traffic.
4. Use troubleshooting commands (`show access-lists`, `show ip interface`, `debug ip packet`) to identify and resolve ACL-related issues.
These lab exercises provide hands-on experience with configuring and troubleshooting ACLs in a network environment. Remember to follow best practices and document your configurations and observations for reference.