Time
13 hours 57 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello. Welcome back to ice. Indy one interconnecting Cisco Networking devices are one. This is Module six Lab.
00:08
I am trending Daryl and I will be your instructor for this lab. In this video. I'm gonna show you some things that you should have already configured.
00:16
And then I'm gonna show you what we need to configure it. I'm just gonna let you go at it in the lab and when you're ready on positive video and we will walk through the lab together.
00:24
So our lab diagram. If you don't take a screenshot of this, we have P c one of PC to over any 10 11 slash 24 network plugged into Roger one. We have a serial link between Roger wanted to on the 10 13 slash 29 network.
00:38
And PC three is over on the 10 12 slash 24 network.
00:43
So if you want to
00:45
Cetus just get these all plugged in, we'll get out. The i P addresses set in the last set up.
00:54
So the first thing I wanna do is always wanna put a base. Could figure in device username, password enable password, holster. Name, domain name. We want to set all the I P addresses. So you're synchronous your log in local.
01:07
But your normal based config on that you want to d'oh
01:11
from there, we're gonna enable a writ V two routing. We want no auto summary. We want a passive interface on the land ports.
01:18
So once we get to step two once to two is complete, We should be able to ping across the network
01:26
from there. We're gonna create a standard A c l 10 that will not allow PC one to reach the 10 12 slash 24 network. So think about where that he's replaced for a standard A CEO
01:37
from there, we're gonna create an extended A CEO won 20 that will not allow pc to two s s h two router to Onley.
01:46
What about that one for a second here, Think about the most specific for what you need. What is it for? What it s asking and from there gonna create a named a C l for the 10 110 slash 24 network on router one with the name router. One land are one land.
02:01
Don't do anything with that yet from there We will have Roger one. Use net overload for the public address of the serial interface. It's a notional public because there's 10 13 network.
02:14
It is technically RFC 1918
02:16
but for now it's a notional public address.
02:20
Um, if your lab network isn't actually hooked up to the Internet, you could use a normal public interest if you wanted to go.
02:30
Um, I have a habit of randomly plugging in my lab network into my normal network, so I try not to do that
02:38
anyway. So we're gonna have another one who's not overload for that public address on the serial interface using the name day. See how that we created a step five, and from there we're gonna verify that net overload is working. So remember, you have to send some traffic crossed it to enable are not really enabled, but to prove that it's working,
02:57
and from there we're gonna test all of the pains, so I'll give you a few seconds going to pause the video, take your screen shots. I think about what you need to dio what you go at it, and when you're ready on positive video, we will walk through this.
03:13
All right. So hopefully you got it. Every hope, everything set up. If not, don't worry about it. We're gonna walk through this. So I have my party session up. I removed the,
03:23
uh, the Nat Translations from the net overload. Of course. And I'm gonna go ahead, and we should have a base configure on this thing.
03:31
So we should be able to Ping because that we have everything set up here.
03:38
So it was gonna shoot that one. Okay, we can paint match
03:42
2 50
03:45
Ah,
03:47
All right. So the next time, verify that you were I p addresses are correct. On your machines, I had 10 to 1 to 52.
03:55
That's why I was, like, managed. It could ping from the device. And I was like, What the heck?
04:00
Anyway, good troubleshooting experience. Uh, anyway, so you can pay across the network. We're going to go there,
04:06
So we're gonna go ahead and create that standard a c l 10. That is not going to a PC one to reach the 10 12 network. So from there, remember, it's a standard A C Also want a place near the destination to avoid, uh,
04:20
discarding any under or any necessary traffic.
04:25
So I'm gonna go ahead and plug in to router to real quick
04:29
way are in route or two.
04:32
So was going configure terminal. I weigh Just want to do a standard access list,
04:39
and we want to do access list. Huh?
04:42
We want to
04:44
deny
04:46
America because it's a standard list. We don't need to do the host parameter,
04:51
so we just do 10 11 50.
04:57
And we want to too.
05:00
Yeah, we don't need a welcome bit, so
05:03
we just want to deny that.
05:05
And from there we marry. We want to set this on the we're gonna set us on the closest interface towards that device. Little to interface. A phaser zero I p
05:16
access group.
05:20
Ah, 10. And that would be outbound. Should be going out the fastest in the interface going onto the land.
05:30
So if I
05:33
really candy box now way. Bring up my show. You guys, what I'm doing here.
05:40
So do a ping to 10. 111 Okay, we compare outer one.
05:46
Do a ping.
05:48
This is the serial interface to writer, too.
05:54
Okay?
05:56
And let's do a ping to the landside interface of water too.
06:01
It was working as well.
06:05
Okay,
06:06
there we go. So now we are blocking the packets going into it
06:14
so I won't minimize visual box.
06:17
All right, so we have a stern access list we have done Step three. We have set up the
06:24
position. It is now blocking that.
06:26
So now we're gonna create extended A CEO won 20. That is not going to allow PC to two s s h two router to on Lee. So now I'm gonna plug into Roger one because we're the extended we're gonna want to set on the closest edge
06:39
to the source.
06:42
All right, so we should be in rather one.
06:44
I just figured terminal
06:46
prices do excess list
06:50
1 20 deny dcp. And we're gonna use that host. Prouder since we are just doing with one host
07:00
and our destination is going to going to set the router serial interface first.
07:06
132
07:10
And I'm actually gonna do the host command with this as well.
07:17
And we want this to equal before 22.
07:23
So I'm gonna just sit thea perro, and we're gonna d'oh
07:28
the
07:29
landside interface for router to
07:33
and from there, let's go ahead and put it on interface. If a 00 which is the closest
07:39
to the source,
07:41
I'd be access group 1 20
07:45
and that would be inward.
07:46
And
07:49
so now our PC two would not be able to get sssh access onto router to.
07:57
So now, honest, if I So now we're gonna create a name, Dae Seo, for the 10 11 slash 24 network on Rather one with the name Roger. One land.
08:07
All right, so he's going to get figure terminal
08:11
stew. I P access list
08:16
I didn't do was create standard list.
08:20
You know where we're gonna call it, rather one land,
08:26
and that brings us in here. So let's go ahead and permit
08:28
the 10 110 match. The 1st 3 activists.
08:39
And so now we have number six. Done.
08:45
All right, so, no, If sorry, excuse me. Haven't ever find out who's going to number six. We're gonna use Writer one for the net overload for that serial interface using that named a seal.
08:56
So let's go into my p nat inside or doing source and adding
09:03
and really is the list
09:07
for the broader one land list
09:11
we want to use the interface because merrily pools for dynamic
09:16
your serial series. There's zero
09:18
and overload
09:20
overlaid overload.
09:22
And from there, remember not to do we need to set. The interface is inside and outside, So the interface F A 00
09:31
Mrs I. P and Nats Inside
09:35
Missile Hang is always will give it a second.
09:37
All right, so now what's going to cereal,
09:41
which is the outside or inside global side?
09:46
Happy nights outside
09:52
and show I pee in that translations Nothing. So let me bring up Virgil. Box was Shoot a ping
10:01
to 10. 11 10 132
10:07
like unfiltered.
10:09
That's not good,
10:11
All right, Hopefully, you guys caught that mistake as well.
10:16
So let's add a other lines of that extended I p access list because I realized we're matching the 1st 2 packets and then we have that implied deny any statement at the end.
10:28
So it was going to excess list 1 20
10:33
permits.
10:35
Ah, p
10:39
any
10:39
to any.
10:41
And I was trying.
10:46
There we go.
10:48
A man. That's better.
10:50
All right. So we don't have translation. Jax were wasn't network, so no, If we do a ping on 32
10:58
we should have a translation now.
11:01
All right, So, weaken, I'm gonna go ahead and shoot a ping from the other device. Make sure that we are shooting off the same inside global address.
11:11
All right,
11:13
Make sure she's not paying my nights.
11:16
You should have to.
11:20
Oh, each each ping is a separate thing.
11:24
Makes sense.
11:24
So my brain is out since I forgot about that. That, um
11:30
Anyway, so we have Let's go ahead and see what we have left here. So we have verified that net overload is properly working. So what's it gonna bring up the Cali box and we will ping across the network
11:41
goes Ping from the very start. 10 111
11:46
Theo was paying 10 13 That one.
11:50
And if you remember, we should get a packet filtered
11:56
for this one.
11:58
All right.
12:00
So should be working otherwise.
12:03
So I've been paying that site.
12:05
Certain things working. Probably as it is. Um, I will.
12:09
I'm gonna have these live commands in the proper four minute here. Essentially. So it should be the least live commands I'll be giving. You guys are gonna be in like, a copy paste for Matt. Um,
12:20
now, if you remember. Sometimes I I'm not good with keyboards. And I do fat finger stuff, miss type. So keep an eye out. If you do see said configuration, it's pride. Just a misspelled word. Hopefully, you guys caught those nat translation issues where you gotta have that permit. Any any statement? If you're only trying to deny stuff,
12:39
so go ahead and
12:41
pays up on the back if you got those.
12:43
Anyway,
12:46
I hope you guys enjoyed this lab. And if you have any questions, please shoot me. Message. Thank you.

Up Next

CCNA ICND1

This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.

Instructed By

Instructor Profile Image
Trenton Darrow
Network Engineer at NCI Information Systems, Inc
Instructor