CCNA LAB43: ACL Sequence Numbers

小乔

Lab Objective:
The objective of this lab exercise is for you to learn and understand how to use ACL sequence numbers to add and remove (edit) a live access list.

Lab Purpose:
With IOS 12.4 onward, Cisco IOS adds sequence numbers to ACL entries, allowing you to add additional lines where you want and remove those no longer necessary.

Certification Level:
This lab is suitable for CCENT certification exam preparation.

Lab Difficulty:
This lab has a difficulty rating of 6/10.

Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 5 minutes.


Lab Topology:
Please use the following topology to complete this lab exercise:




Task 1:
Configure the hostname on router R1 as illustrated in the topology.

Task 2:
Add a standard named ACL with three lines of configuration. Use the relevant show command to display the lines.

Task 3:
Add an entry between entries 10 and 20. Remove line 30. Use the relevant show command to display the lines.


Task 4:
Resequence the ACL numbers to increment in 20s, starting from number 100. Use the relevant show command to display the lines.

Configuration and Verification
Task 1:
For reference information on configuring hostnames, please refer to earlier labs.

Task 2:
R1(config)#ip access-list standard sequence
R1(config-std-nacl)#permit 172.16.1.1
R1(config-std-nacl)#permit 172.20.1.1
R1(config-std-nacl)#permit 192.168.1.1
R1(config-std-nacl)#
R1(config-std-nacl)#end

R1#show ip access-lists
Standard IP access list sequence
   30 permit 192.168.1.1
   20 permit 172.20.1.1
   10 permit 172.16.1.1
Task 3:
R1(config)#
R1(config)#ip access-list standard sequence
R1(config-std-nacl)#15 permit 10.1.1.1
R1(config-std-nacl)#no 30
R1(config-std-nacl)#end
R1#show ip access-lists
Standard IP access list sequence
   15 permit 10.1.1.1
   20 permit 172.20.1.1
   10 permit 172.16.1.1

R1#show ip access-lists
Standard IP access list sequence
   15 permit 10.1.1.1
   20 permit 172.20.1.1
   10 permit 172.16.1.1
Task 4:
R1(config)#ip access-list resequence sequence 100 20
R1(config)#do show ip access-lists
Standard IP access list sequence
   100 permit 10.1.1.1
   120 permit 172.20.1.1
   140 permit 172.16.1.1


来源: CCNA LAB39: Configuring and Applying Extended Named ACLs Inbound
来源: CCNA LAB40: Configuring and Applying Extended Numbered ACLs
来源: CCNA LAB41: Restricting Inbound Telnet Access Using Extended ACLs
来源: CCNA LAB42: Debugging Network Traffic Using Extended ACLs