Time
13 hours 57 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello and welcome back, Tyson. Do you want interconnecting Cisco networking devices? Part one
00:05
This episode 6 to 5. Editing in trouble. Shooting A A CEO.
00:11
I trained everyone. I'll be a structure for this course. In the last video, we would overhear to configure eight named a CEO in the concepts of what makes him different than a number. Dae Seo.
00:20
This is sort of recovered howto read it in a CEO after just created, and we'll look over some quick troubleshooting tips.
00:28
First, we're gonna edit Inacio, we're gonna remove rule. We're gonna move a rule in the list.
00:34
We'll just go in and then we will go ahead in trouble. Shoot a
00:38
A CEO's. Well, hundreds go over some troubleshooting tips.
00:42
So is quick pretty system here, which is the which of these commands will remove sequence Rule 20. I'll give you a few seconds.
00:53
All right. It is being see the B is for the extended named a CEO and see is the standard name A seal. Both will remove the rule
01:04
So lad diagram its thes same as we've been working with in this module in this lesson
01:11
review to enable passive interface on land no auto summary.
01:15
Oh, interfaces are set. You should build a ping from network to network.
01:21
Now, I still have our access list from the previous episode set up. I'll show you what that is here in a minute, just in case you removed it.
01:30
So at an ex seal, what we can do is, um,
01:36
so
01:37
editing a seal. If we look at a numbered list, right, we would normally have access list.
01:42
Um, 12. We would run all those global configuration commands here. We can run the I P access list standard 12. Um,
01:53
where 12 would normally be The name of the access list
01:57
you would put in the number still works the same way you would do the
02:01
all your permit. You know, deny statements. Permit TCP from this source address to this destination address equaling port. Whatever.
02:10
They would still all be the same. Except for you can actually going to say all man, I need to remove this one rule. You know you can do it. No. No. 10.
02:20
Ah was I did a sequence number. If you do remember the show I p access lists,
02:25
it will show the sequence numbers he could just quickly do it. No attempt.
02:30
Um,
02:30
and then let's say you get just drying it. Texas. Listen, man, I really need to add a rule
02:37
in between these two statements. May we have a new host on that work or new server? Some like that. You need to add that into the middle of the A. C L
02:45
we can do is when you get into the A C o configuration mode, you do the sequence number and then you do your perimeter. Deny statement. Meaning what? So you need to add something between 10 and 20
02:57
secrets numbers. You can do a 12 deny any meaning, deny
03:02
any sore sport,
03:06
because this example is a standard A C L not an extended A CEO. Now, if you didn't on extended a c l u could do 12. Deny i p Any meaning any source address
03:17
to this specific host port or this host? I pee on this specific port.
03:24
Um, before stan ratio Simple. Deny any 12 deny any,
03:30
um, name. Day seals are edited. The sand away. Meaning,
03:35
um,
03:36
you don't just be like to have 12. The standard 12. It's very top you could put in an I p access list standard.
03:44
Um, block. Callie. Shh.
03:47
You don't really know. I mean, you would be black s h, but, um,
03:53
it would be the same thing you could do. No, 10. You could do the you could add in a sequence number in the beginning, just like this one.
03:59
I'm gonna go ahead and bring up the putting session again here.
04:02
That is the current state that we have.
04:05
Um so your remark in there we had to deny in there?
04:11
Um, let's say we need to add in our statement in there, So if I say the so key access list
04:17
So here's that sequence numbers. So what I'm gonna do is I'm gonna get the configuration mode. Someone edit the current one that we have. So your i p access lists block would be extended, wouldn't it?
04:31
Extended block, Kelly. Sshh.
04:35
I'm here
04:40
is the amount of secrets numbers we could have.
04:43
Um,
04:44
this would be a very large a c l.
04:49
Anyway, let's throw one right in the middle here. So secrets 15. And then from there, it's just your normal,
04:56
um,
04:58
normal permit. Deny statements. So I'm gonna deny something
05:01
from my Kelly box again. Deny this
05:06
Deny I, p
05:11
uh, we're gonna do the host off 10 11 50
05:17
to the destination of time to do the entire network this time
05:24
of 10 12000.2 55.
05:30
And I'm gonna block port 80 this time.
05:33
Hey,
05:38
there we go. To use the equals for the port you get, you specify TCP or UDP we're gonna block TCP ports 80. Remember this one of you could do Debbie W W So I will just because
05:50
so now, if we do a show
05:57
show I p
05:59
access lists,
06:00
we now have that 15 in between that one now. Because if we were to just add that statement in there after this left already created that one, we're going as sequence number 30
06:10
meaning that it would match this first
06:14
before it ever would have hit this one below it.
06:16
Meaning this one never would have actually matched ever.
06:19
Um,
06:21
so now let's just say we bring up the virtual box here.
06:26
I'm going to go ahead and zoom in again. I realize you probably can't see that
06:31
it's a little better so no again weaken
06:36
paying this network.
06:40
But let's try. I will use my tell my trick again. 10 on two,
06:45
uh, one on port 80
06:49
being blocked. So if we're going here, we should have a match now,
06:54
because we both verbally and blocked on Fort 80.
06:57
Eso editing that simple. Say we were like, Oh, man, we need we need to access that. It's going here.
07:02
Uh, I p access access lists
07:08
extended.
07:11
Look carefully as speech was doing No. 15
07:15
and
07:16
show p
07:18
access lists. Now number times gone.
07:23
And we should be. Well, I don't have a six. I don't have a team to be server on,
07:29
but we would be connected.
07:31
Um,
07:33
simple there,
07:35
so we can have the number
07:40
do all that.
07:42
So if we look into trouble shooting now, um, the
07:46
big things we want to look at is is the extended a CEO place near the source I P network
07:53
is the standard I A CEO place near the destination I P Network.
07:58
Think about why I remember that the standard issue only matches on the source. I p. They extended. It will have source i p The protocol, the destination, the port number.
08:09
There is nothing. Dad
08:09
remember that ICMP is also
08:13
a protocol. It's remember Yeah. Besides, there's many other, but I see a p i p T c p u t p So it's your block in TCP something. And you're like, man, I can I can pin this device. Why is this not Why can't s s age to it? Remember that paying is not the same as using
08:33
TCP to port wine too
08:35
isn't ICMP packet.
08:37
So if you're looking at all this and like man, it should be working, you know, Look for matches start at the very top of the a c e o and say OK, does this I p match this source or this destination doesn't match this one to the match This one Work right down the list until you can find a match. If you cannot find a match, remember that there is a implied to deny any statement at the end.
08:58
Um And then if everything's bright, it matches properly. It's working. It's not working. Probably imagines properly. Check which interfaces enabled on check which direction it's enabled on. You know, if it's on a serial port and it's going inward
09:13
Ah, but it should be going outward,
09:15
then change that. You know,
09:18
uh, remember that you want to place that port number on the
09:22
destination port?
09:24
Not the sore sport.
09:28
Meaning so. I realize that kind of absolutely said so. Check of the source or check of the port is placed on the sore sport instead of destination port. Meaning that would be incorrect. You do not want the source ports to be on their cover. That is a randomly generated port number. The destination port is gonna be your well known numbers.
09:48
And then also, you want to check the ordering of the rules and lists that someone may have came in and said Okay, well, I just added this, uh, a C l to it,
09:56
but it's still not working. Remember that it's gonna go sequentially in order. So if it matches something before it gets to that rule,
10:03
then it's going to stop processing right there.
10:07
So go ahead, move into the process. Mint here should be an easy one. Now, where should a standard a C. L be placed
10:16
a few seconds.
10:18
All right. Hopefully you got near the destination. Remember the extenders air by the destination and the extended a seals are placed near the source.
10:26
And the next lesson we're gonna look ATT network address, translation or the savior of I P v four.
10:35
And as always, if you guys have questions, need help. Feel free to shoot me a message. Otherwise, for teaching the next lesson.

Up Next

CCNA ICND1

This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.

Instructed By

Instructor Profile Image
Trenton Darrow
Network Engineer at NCI Information Systems, Inc
Instructor