Now we already learned about Network ACL types, examples and commands so let’s see some practical Questions and Answers about ACLs:
Question 1: write commands to setup ACL on the Network using the following conditions:
- No one from Network 200.100.50.0 is allowed to FTP anywhere
- Only hosts from network 150.75.0.0 may telnet to network 50.0.0.0
- Subnetwork 100.100.100.0/24 is not allowed to surf the internet
Answer:
access-list 101 deny tcp 200.100.50.0 0.0.0.255 any eq 21 access-list 101 permit tcp 150.75.0.0 0.0.255.255 50.0.0.0 0.255.255.255 eq 23 access-list 101 deny tcp any any eq 23 access-list 101 deny tcp 100.100.100.0 0.0.0.255 any eq 80 access-list 101 permit ip any any
Question 2: Suppose you are the admin of network 200.100.50.0. You want to permit Email-only between your network and network 150.75.0.0. You wish to place no restriction on other protocols like web surfing, FTP, telnet, etc with the following conditions:
- Email server send/receive Protocol: SMTP, port 25
- User Check Email Protocol: POP3, port 110
- This example assumes your Email server is at addresses 200.100.50.25
Answer:
access-list 101 permit tcp 200.100.50.0 0.0.0.255 150.75.0.0 0.0.255.255 eq 25 access-list 101 permit tcp 150.75.0.0 0.0.255.255 200.100.50.0 0.0.0.255 eq 25 access-list 101 permit tcp 200.100.50.0 0.0.0.255 200.100.50.0 0.0.0.255 eq 110 access-list 101 deny tcp any any smtp access-list 101 deny tcp any any pop3 access-list 101 permit ip any any