CCNAbeginner-intermediate35 minfree
Standard ACL for Management Plane Restrictions
Restrict who can manage the device without touching data-plane forwarding yet.
Lab challenge
Protect the management plane with the simplest ACL that still does the job correctly.
Progression
Define the permitted source network, apply the ACL to the management path, then test both success and denial cases.
Catalog metadata
- Bundle
- CCNA 200-301 v1.1 Foundation Lab Catalog
- Blueprint domain
- Security Fundamentals
- Blueprint objective
- Configure and verify standard ACL placement for management access
- Focus
- acl • management security • vty
- Platform
- Packet Tracer-friendly • CML-friendly • platform-neutral
- Device count
- 3
- Reference source
- Cisco CCNA 200-301 v1.1 blueprint → Configure and verify standard ACL placement for management access
Prerequisites
- • SSH configuration
- • source network identification
Skills practiced
- • create standard ACLs
- • apply ACL to VTY or management plane
- • verify allowed and denied sources
Validation checklist
- • management subnet can log in
- • unauthorized subnet is denied
- • ACL match counters increment
Task sequence
- 1Create a standard ACL permitting only the management subnet.
- 2Apply the ACL to VTY access or equivalent management entry point.
- 3Test SSH from an allowed host.
- 4Test from a denied source.
- 5Inspect ACL counters and login behavior.
Free catalog + advanced practice
This lab is part of the free foundation catalog. When you want deeper repetition, paid plans add structured practice variations and additional account features.
- • Free catalog access remains available
- • Every lab includes a downloadable learner pack
- • Starter and Pro plans add extra generated practice
- • Account tools help you monitor plan and subscription status
Download this lab
Grab the learner pack for this lab with the workbook, task sequence, validation checklist, reflection template, metadata, and reusable planning assets.