ACL lab
Cisco IOS Technologies

ACL Cisco Exam lab 2017

A corporation wants to add security to its network. The requirements are:

  • Host C should be able to use a web browser (HTTP) to access the Finance Web Server.
  • Other types of access from host C to Finance Web Server should be blocked.
  • All access from host in the Core or local LAN to Finance Web Server should be blocked
  • All hosts in the Core and on local LAN should be able to access the Public Web Server.

You have been tasked to create and apply a numbered access list to a single outbound interface. This access list can contain no more than three statements that meet these requirements.

Access to the router CLI can be gained by clickng on the appropriate host.

All passwords have been temporarily set to “cisco”
The Core connection uses an IP address of
The computers in the Hosts LAN have been assigned addresses of –

  • host A
  • host B
  • host C
  • host D

The Finance Web Server has been assigned an address of
The Public Web Server in the Server LAN has been assigned an address of

Step 1: select the console on Corp1 router:

Step 2: configuring ACL on Corp1 router:
Password: cisco
Password: cisco
Corp1#configure terminal

First command: allow host C (192.168125.3) to the Finance Web Server via HTTP (port 80):

Corp1(config)# access-list 100 permit tcp host host eq 80

Second command: blocking all other access to the finance web server:

Corp1(config)#access-list 100 deny ip any host

Third command: allow all hosts in the Core and on the local LAN access to the Public Web Server (

Corp1(config)#access-list 100 permit ip any host

Step 3:

Apply this access-list to Fa0/1 interface (outbound direction):

Notice: We have to apply the access-list to Fa0/1 interface (not Fa0/0 interface) so that the access-list can filter traffic coming from both the LAN and the Core networks.

Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out ACL lab

Step 4:

To verify, just click on host C to open its web browser. In the address box type to check if you are allowed to access Finance Web Server or not. If your configuration is correct then you can access it. Click on other hosts (A, B and D) and check to make sure you cannot access Finance Web Server from these hosts. Then, repeat to make sure they can reach the public server at

Step 5:

Finally, save the configuration


Corp1#copy running-config startup-config