George McDucky and Sandy Badluck have a gigantic problem plaguing them. The access list they configured does the opposite of what was intended. The marketing department router is directly connected to the finance department router. They were tasked with denying the marketing department network 10.10.4.0/24 access to the finance department 10.10.2.0/24. After configuring it, marketing still has full access. It’s like Finance is attracting packets instead of repelling them.
Here is what they did:
- Configured an access-list as follows on Finance router:
- Access-list 2 deny 10.10.4.0 0.0.0.255
- Access-list 2 permit any
- Placed the access list 2 as follows on the Marketing department router’s serial interface as follows:
- IP access-group 2 out
- What did George and Sandy do incorrectly with the ACL? How would you rewrite this Standard ACL to an Extended ACL?
- After changing the ACL, update the list to exclude only specific packet types.
- Compare and contrast Standard vs. Extended ACLs.
- Where should you place a Standard ACL? Why? Where should you place an Extended ACL? Why?
- What other suggestions would you make to George and Sandy?
- Make sure you conduct research for your post — either using class content or from the Web — and make sure you cite your source(s).