I wanna welcome back to ice. You need one interconnecting Cisco networking devices. Part one. There's subset of 6 to 3. Extended a CEO configuration on trend hero. I'll be instructor for this course.
No hospital. Whatever. The concepts of extend a CEO's, how they differ over the standard A c l's and how they could match on the port numbers
in this episode of recovered, how do you figure the extended A c l
And like I said, we're gonna set up a quick basic extended a seal using our lab network. But first, a quick pre assessment here,
which of these had fallen to the extended numbered list? I'll give you a few seconds.
All right, Hopefully you got 2112.
Contribute to rush. You guys know it.
Quick. Live diagram. We still had the same one as we did with the standard numbered lab. Huh?
We have really to enable passive interfaces. All the I P addresses should be set. So as the cyst you should be paying,
I would say from the county V m to the M s service. Whatever you guys have set up,
be a virtual machines or what,
or via other set of back a tracer. You should be leaping from one of the network to the other. You should have full interconnectivity right now,
so jump right in with the extended number. I p a c E o. There is the command that we had last time where we have the access this 1 10 which is in the numbered range perimeter. Deny statement which protocol we want to be a TCP UDP or I p
on. There's other ones, but that's we're hitting and see sent, or I see the one we're gonna have our source i p and wild card with the optional host Command if we're gonna use a actual host i p. And same thing with the destination of Pete and wild card with that host
parameter if we want to use it.
And if you want to go on the port number, we could do equal less than gooder than ranged, Not equals.
And the port number there is some other You know how to use a port number. There is some That's like www. Ah, there. I'll show you the less that you can actually use little actual words for the port numbers
So for now, we're gonna go ahead and set up a C L. That will block sshh from the Kelly VM to route or two. So I'm gonna go ahead and remove the Kelly VMRO quick
virtual box. Kelly. Okay,
so make sure we can ping the router to here.
Three toe one right snow, too.
All right. So we can ping router to.
So I'm gonna do is just doing sssh because we should have access
All right, so this is sure we have S h connection. Um,
you can use presenting my s h is not working. I don't know why, but you can use Tell nut you can have a port number to the end of it. You're trying to check your connectivity. You could do port 80. You know, if you're quickly to check your ports, So here we have S h.
You have kind of activity,
you know, curious If it'll take this. No. Okay.
so we have access. Is Ajax is currently so we'll go ahead and minimize. This will bring up the putty session,
but I get mine up here.
All right, so if we do a show I p interface brief.
All right, so we're out of water one because we want to set up this extended A c l closest to the source is gonna set this up in rather one.
So going to figure terminal
through the access list?
We want to do a 1 10 for extended one.
and we want to do t c p.
Was due a host of the Kelly B. M
and with the destination address was due a eight or host command of 10 132
And here's where we can start adding and the equals. So I'm gonna have an equal.
And here's what I mean by that we can put in a port number.
Uh, like I said, there's a few. There's ftp,
so it has the actual ports as well Have TP data.
Ariel um, telling That's
http 80. So there's a few that you can type in like that, or you can't go wrong with just typing in the port number
going. Add that access list and then I'm gonna set up a another one here
to a destination. Any source to a destination of
So, Mary, what's this gonna do? Being sequential is gonna go down that list If anyone else is gonna go through, they're gonna see. Are you this I p No. Okay, go down the next one. Okay, You're in the any group, so we'll go ahead and permit you.
Um, the only one who's gonna get denied is the Kelly VM,
because that is the I p. That it matches first thing. And it doesn't reach that I p any any because it matches that first rule,
so we should be set. Now, let's go ahead and add it to the closest interface interface F a 00
I'm gonna do I p access group
we want to do. Was it 1 10
and I want to do it in bound because it's on that interface.
which are that, tell that again
because being blocked.
But if we try and icmp or a ping
10 132 should go through, it's just blocking that s s age connection?
Um, no, we do not have told that enabled on this. Otherwise we could still telling it to it.
But we have a sage blocked right now, so if we do a show I p access was
we can see four matches. That would be the pink packets. And this was that one s S h back that we tried to send through.
So here we have the telling that connection being blocked. Now, here is a difference from here
But we can still shoot a ping across the network to that device is just that one
And I'd say we want to do a
I realize that sells telnet, but remember,
they could be utilized, So I'm gonna send this to the other device on the port 22.
now, that was going to refuse because they forgot that I don't have a s S h set up on that device.
All right, uh, server
with that one will not show up as a match. That one will still be allowed on the access list, but is being denied it. The host. Little just cause of the way it's set up but the A C l is only catching the S a ts matches
No. 10 matches down here under the any any.
Well, let's say we do the
tome. It's to the rotor.
We should go to three matches now,
the extended ratio is simple. Is that
remember? You want to match on the destination ports? You don't wanna have that source sports, and
they will try and trip. You'll put that in the exam, I'm guessing.
Anyway, we're gonna go to the post assessment here and, as always, think about which of these would match. Think about how
what would make it toe like what you need to do to get usedto work.
So which of these were prevented? TCP packet from 10. 23. That's 65 59
to the 1 17 18 slash 16 network.
So I could be a few seconds to try and figure it out. I remember the ones that are incorrect. Think about what you could do to make them correct. I give it a few seconds.
All right. Hopefully you got the excess list One or two permit TCP for the exact host to that network. that was
and the next up. So we're gonna look at the name J C L concepts and the configurations. And as always, if you guys have questions, need help. Feel free to shoot my such otherwise look forward a senior next lesson.