Hello and welcome back to ice and you won Interconnecting Cisco Networking devices, Part one This episode 6 to 2 Extended A CEO Concepts
on Trend Aaron of your structure for this course the last video one over the Lesson 6.2 overview and did a few pre assessment questions
This absolute recovered the differences and similarities to the standard and extended A seals and network. And we're looking at the extended A seal concepts.
We're learning objectives for this. We're gonna look at the Senate, a sell concepts We're gonna look at how we can ratchet a rule to a port number instead of just a source i p address
and we're gonna have a brief introduction into the configuration.
It's a quick pre assessment here. Hopefully, you remember which of these would fall into the extender Dhe numbered list of a few seconds.
All right. It is 1 to 5
and 12 and 42 would be the standard numbered listing to 36. Would not fall into the stated or extent list.
Are those the sting did numbered a c p A seal's what it can do again. It's will get enabled on the interfaces and bounder out bone just like the standard. It's gonna go through that list of rules sequentially with the first match logic.
We also still have the global config commands, just like
the standard A seal's um
so in the extended A sales will require the use of the host keyword when specifying one I p address. Remember, where is the standard? A seal does not require the host key word, and I'll actually remove it in the newer I, alas, is when you put it in to the configuration
the extent of the seals. If you're going to specify one I P address requires that you have the host, he's work. He would
just kind of general. Could fig command you to access this 1 10? Remember, the range is 100 through 1 99
and 2000 through 2699
We have permit or denying weaken. Do the protocol being T c P U T P I P I C M P.
There's some other ones.
We'll hit the question Mark Command in the party session. I'll show you,
and you have source I p address and wild card. Or you could do host source I p.
And then you have the destination i p address and wild card. And you can also do host destination I p as well.
So this one, we're actually gonna want a place near the source of the source of the traffic, whereas the standard A C L. We want a place near the destination. We place this near the source. We can you can tell you no source. I p destination If he had this protocol on this port seeing it very specific. Therefore,
we don't have to religious packets through the entire network for it just to be dropped at the very end.
Um, and we can still use that any parameter as the source or destination. I p
meaning, you know, permits. Ah, this source i p any destination address or, you know, deny this source i p Any destination address if you only want them to be on the land.
Obviously, is that remark parameter to add a description to the access list again?
So here's where we can actually come to utilize that I p head or a little bit more. We have the source address. We have the destination dress with protocol.
Um, can utilize it a bit more.
So how we actually match port numbers will use this at the end of the like right after the wild card mask of unity source or the destination address.
But if you think about it, we on Lee want to do the destination address because what is a packet? The source addresses a randomly generated source A port where, as the destination is gonna be one of your well known ports.
Um, there's a small chart with a few of them.
No, most of them. Force isn't so. If we look at the different options you have for this you have e cure equals and eat is not equals. Lt is less than g t greater than that range you extra Why?
So if we look at access list 12 to deny TCP which would be the protocol the host 10 12 50
to the destination of 10 110 with the wild card mask of 0002 55
So what this is saying is that you wanted this is going to deny the host and 1 to 50 as this h access because Shh. Support 22
to the network. 10 110 slash 24.
It's as simple as that. And remember, we want a match on the destination, not the source. It will allow you to match on a sore sport, but
source Port 22 is not going to same as destination Port 22.
So we jump in the port assessment here. Which of these air denying TCP packet from 10. 23. 65. 59 to the 172.18 00 slash 16 network.
So I want you to do is go through this list. Think about what each one is saying. Think about it. Whether that I p matches that of nuts and then what I want you to do is figure out what would make that correct. Like what would make
the incorrect ones correct? I get a few seconds to do this here.
Hopefully you got B and D.
That one will hit the entire anything that matches tender
10. Anything that starts with 10 that you know anything? It's gonna match that and deny
is going to deny anything from the tent to anything that matches tend at 23. 65
So in the next episode, we're gonna look at the actual extended Asia configuration, so get ready to break out the live machines again.
And as always, if you have questions, you'd help. Feel free to shoot me. Message shall devise. Thank you for watching before this scene in export.