Hello and welcome back, Tyson. Do you want interconnecting Cisco networking devices? Part one
This episode 6 to 5. Editing in trouble. Shooting A A CEO.
I trained everyone. I'll be a structure for this course. In the last video, we would overhear to configure eight named a CEO in the concepts of what makes him different than a number. Dae Seo.
This is sort of recovered howto read it in a CEO after just created, and we'll look over some quick troubleshooting tips.
First, we're gonna edit Inacio, we're gonna remove rule. We're gonna move a rule in the list.
We'll just go in and then we will go ahead in trouble. Shoot a
A CEO's. Well, hundreds go over some troubleshooting tips.
So is quick pretty system here, which is the which of these commands will remove sequence Rule 20. I'll give you a few seconds.
All right. It is being see the B is for the extended named a CEO and see is the standard name A seal. Both will remove the rule
So lad diagram its thes same as we've been working with in this module in this lesson
review to enable passive interface on land no auto summary.
Oh, interfaces are set. You should build a ping from network to network.
Now, I still have our access list from the previous episode set up. I'll show you what that is here in a minute, just in case you removed it.
So at an ex seal, what we can do is, um,
editing a seal. If we look at a numbered list, right, we would normally have access list.
Um, 12. We would run all those global configuration commands here. We can run the I P access list standard 12. Um,
where 12 would normally be The name of the access list
you would put in the number still works the same way you would do the
all your permit. You know, deny statements. Permit TCP from this source address to this destination address equaling port. Whatever.
They would still all be the same. Except for you can actually going to say all man, I need to remove this one rule. You know you can do it. No. No. 10.
Ah was I did a sequence number. If you do remember the show I p access lists,
it will show the sequence numbers he could just quickly do it. No attempt.
and then let's say you get just drying it. Texas. Listen, man, I really need to add a rule
in between these two statements. May we have a new host on that work or new server? Some like that. You need to add that into the middle of the A. C L
we can do is when you get into the A C o configuration mode, you do the sequence number and then you do your perimeter. Deny statement. Meaning what? So you need to add something between 10 and 20
secrets numbers. You can do a 12 deny any meaning, deny
because this example is a standard A C L not an extended A CEO. Now, if you didn't on extended a c l u could do 12. Deny i p Any meaning any source address
to this specific host port or this host? I pee on this specific port.
Um, before stan ratio Simple. Deny any 12 deny any,
um, name. Day seals are edited. The sand away. Meaning,
you don't just be like to have 12. The standard 12. It's very top you could put in an I p access list standard.
Um, block. Callie. Shh.
You don't really know. I mean, you would be black s h, but, um,
it would be the same thing you could do. No, 10. You could do the you could add in a sequence number in the beginning, just like this one.
I'm gonna go ahead and bring up the putting session again here.
That is the current state that we have.
Um so your remark in there we had to deny in there?
Um, let's say we need to add in our statement in there, So if I say the so key access list
So here's that sequence numbers. So what I'm gonna do is I'm gonna get the configuration mode. Someone edit the current one that we have. So your i p access lists block would be extended, wouldn't it?
Extended block, Kelly. Sshh.
is the amount of secrets numbers we could have.
this would be a very large a c l.
Anyway, let's throw one right in the middle here. So secrets 15. And then from there, it's just your normal,
normal permit. Deny statements. So I'm gonna deny something
from my Kelly box again. Deny this
uh, we're gonna do the host off 10 11 50
to the destination of time to do the entire network this time
And I'm gonna block port 80 this time.
there we go. To use the equals for the port you get, you specify TCP or UDP we're gonna block TCP ports 80. Remember this one of you could do Debbie W W So I will just because
so now, if we do a show
we now have that 15 in between that one now. Because if we were to just add that statement in there after this left already created that one, we're going as sequence number 30
meaning that it would match this first
before it ever would have hit this one below it.
Meaning this one never would have actually matched ever.
so now let's just say we bring up the virtual box here.
I'm going to go ahead and zoom in again. I realize you probably can't see that
it's a little better so no again weaken
paying this network.
But let's try. I will use my tell my trick again. 10 on two,
being blocked. So if we're going here, we should have a match now,
because we both verbally and blocked on Fort 80.
Eso editing that simple. Say we were like, Oh, man, we need we need to access that. It's going here.
Uh, I p access access lists
Look carefully as speech was doing No. 15
access lists. Now number times gone.
And we should be. Well, I don't have a six. I don't have a team to be server on,
but we would be connected.
so we can have the number
So if we look into trouble shooting now, um, the
big things we want to look at is is the extended a CEO place near the source I P network
is the standard I A CEO place near the destination I P Network.
Think about why I remember that the standard issue only matches on the source. I p. They extended. It will have source i p The protocol, the destination, the port number.
There is nothing. Dad
remember that ICMP is also
a protocol. It's remember Yeah. Besides, there's many other, but I see a p i p T c p u t p So it's your block in TCP something. And you're like, man, I can I can pin this device. Why is this not Why can't s s age to it? Remember that paying is not the same as using
TCP to port wine too
So if you're looking at all this and like man, it should be working, you know, Look for matches start at the very top of the a c e o and say OK, does this I p match this source or this destination doesn't match this one to the match This one Work right down the list until you can find a match. If you cannot find a match, remember that there is a implied to deny any statement at the end.
Um And then if everything's bright, it matches properly. It's working. It's not working. Probably imagines properly. Check which interfaces enabled on check which direction it's enabled on. You know, if it's on a serial port and it's going inward
Ah, but it should be going outward,
then change that. You know,
uh, remember that you want to place that port number on the
Meaning so. I realize that kind of absolutely said so. Check of the source or check of the port is placed on the sore sport instead of destination port. Meaning that would be incorrect. You do not want the source ports to be on their cover. That is a randomly generated port number. The destination port is gonna be your well known numbers.
And then also, you want to check the ordering of the rules and lists that someone may have came in and said Okay, well, I just added this, uh, a C l to it,
but it's still not working. Remember that it's gonna go sequentially in order. So if it matches something before it gets to that rule,
then it's going to stop processing right there.
So go ahead, move into the process. Mint here should be an easy one. Now, where should a standard a C. L be placed
All right. Hopefully you got near the destination. Remember the extenders air by the destination and the extended a seals are placed near the source.
And the next lesson we're gonna look ATT network address, translation or the savior of I P v four.
And as always, if you guys have questions, need help. Feel free to shoot me a message. Otherwise, for teaching the next lesson.