Standard ACL: Permit Host & Subnet, Deny Others
Beginner CCNA ACL lab on a compact 5-node CML-Free topology. You will configure static routing end-to-end, implement source NAT (PAT) at the source edge, and then build a standard numbered ACL near the destination to allow a single NATed host and a specific subnet while denying all others. You will validate with pings from end hosts, observe ACL hit counters and NAT translations, and troubleshoot common mistakes such as ACL placement, wildcard masks, and pre-/post-NAT address matching.
Secure Router VTY with ACL: Only Management Host Allowed
Configure a standard IPv4 ACL and bind it to the VTY lines on the HQ router so only the dedicated management host can SSH to it. Confirm that regular routed traffic between sites is unaffected, and prove both a permitted and a denied management attempt.
CCNA: Named ACLs & Editing by Sequence Number
Hands-on ACL practice using named standard and extended ACLs, applied with correct placement and direction, edited by sequence number, and verified with counters and end-host tests. The lab adds a realistic NAT edge to expose order-of-operations pitfalls without obscuring data-plane ACL effects.
CCNA: ACL Placement – Std Near Dest, Ext Near Source
Dual-router Branch/HQ lab with a branch client and an HQ server. You will apply an extended IPv4 ACL inbound near the source on the Branch LAN to block specific traffic (TCP/80) while permitting others (ICMP), and a standard IPv4 ACL outbound near the destination on the HQ LAN to admit only the approved source. Validate from real hosts, confirm ACL hitcounts, and keep inter-site connectivity via static routes over a /30 transit.