Time
13 hours 57 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
I wanna welcome back to ice. You need one interconnecting Cisco networking devices. Part one. There's subset of 6 to 3. Extended a CEO configuration on trend hero. I'll be instructor for this course.
00:12
No hospital. Whatever. The concepts of extend a CEO's, how they differ over the standard A c l's and how they could match on the port numbers
00:21
in this episode of recovered, how do you figure the extended A c l
00:25
And like I said, we're gonna set up a quick basic extended a seal using our lab network. But first, a quick pre assessment here,
00:33
which of these had fallen to the extended numbered list? I'll give you a few seconds.
00:40
All right, Hopefully you got 2112.
00:44
Contribute to rush. You guys know it.
00:47
Quick. Live diagram. We still had the same one as we did with the standard numbered lab. Huh?
00:54
We have really to enable passive interfaces. All the I P addresses should be set. So as the cyst you should be paying,
01:00
I would say from the county V m to the M s service. Whatever you guys have set up,
01:04
be a virtual machines or what,
01:07
or via other set of back a tracer. You should be leaping from one of the network to the other. You should have full interconnectivity right now,
01:15
so jump right in with the extended number. I p a c E o. There is the command that we had last time where we have the access this 1 10 which is in the numbered range perimeter. Deny statement which protocol we want to be a TCP UDP or I p
01:32
on. There's other ones, but that's we're hitting and see sent, or I see the one we're gonna have our source i p and wild card with the optional host Command if we're gonna use a actual host i p. And same thing with the destination of Pete and wild card with that host
01:49
parameter if we want to use it.
01:51
And if you want to go on the port number, we could do equal less than gooder than ranged, Not equals.
01:57
Um,
01:59
And the port number there is some other You know how to use a port number. There is some That's like www. Ah, there. I'll show you the less that you can actually use little actual words for the port numbers
02:12
So for now, we're gonna go ahead and set up a C L. That will block sshh from the Kelly VM to route or two. So I'm gonna go ahead and remove the Kelly VMRO quick
02:23
virtual box. Kelly. Okay,
02:28
so make sure we can ping the router to here.
02:31
What?
02:32
Three toe one right snow, too.
02:38
All right. So we can ping router to.
02:40
So I'm gonna do is just doing sssh because we should have access
02:46
at 10. 13.2.
02:50
Mmm.
02:52
Okay.
02:54
Tell much. 10. 132
03:00
22.
03:01
All right, so this is sure we have S h connection. Um,
03:06
you can use presenting my s h is not working. I don't know why, but you can use Tell nut you can have a port number to the end of it. You're trying to check your connectivity. You could do port 80. You know, if you're quickly to check your ports, So here we have S h.
03:20
You have kind of activity,
03:23
you know, curious If it'll take this. No. Okay.
03:27
Um,
03:29
so we have access. Is Ajax is currently so we'll go ahead and minimize. This will bring up the putty session,
03:36
but I get mine up here.
03:38
All right, so if we do a show I p interface brief.
03:45
All right, so we're out of water one because we want to set up this extended A c l closest to the source is gonna set this up in rather one.
03:54
So going to figure terminal
03:58
through the access list?
04:00
We want to do a 1 10 for extended one.
04:05
We want to deny
04:10
and we want to do t c p.
04:15
Was due a host of the Kelly B. M
04:18
1 50
04:23
and with the destination address was due a eight or host command of 10 132
04:32
And here's where we can start adding and the equals. So I'm gonna have an equal.
04:38
And here's what I mean by that we can put in a port number.
04:42
Uh, like I said, there's a few. There's ftp,
04:46
so it has the actual ports as well Have TP data.
04:50
You have
04:54
Ariel um, telling That's
04:57
http 80. So there's a few that you can type in like that, or you can't go wrong with just typing in the port number
05:04
going. Add that access list and then I'm gonna set up a another one here
05:11
We want to prevent.
05:15
Who are you? I p
05:16
any
05:18
to a destination. Any source to a destination of
05:23
any.
05:25
So, Mary, what's this gonna do? Being sequential is gonna go down that list If anyone else is gonna go through, they're gonna see. Are you this I p No. Okay, go down the next one. Okay, You're in the any group, so we'll go ahead and permit you.
05:35
Um, the only one who's gonna get denied is the Kelly VM,
05:39
because that is the I p. That it matches first thing. And it doesn't reach that I p any any because it matches that first rule,
05:48
so we should be set. Now, let's go ahead and add it to the closest interface interface F a 00
05:58
I'm gonna do I p access group
06:01
we want to do. Was it 1 10
06:05
and I want to do it in bound because it's on that interface.
06:11
So
06:13
now if we do,
06:14
which are that, tell that again
06:16
on it was connect
06:18
because being blocked.
06:19
But if we try and icmp or a ping
06:25
10 132 should go through, it's just blocking that s s age connection?
06:30
Um, no, we do not have told that enabled on this. Otherwise we could still telling it to it.
06:36
But we have a sage blocked right now, so if we do a show I p access was
06:44
we can see four matches. That would be the pink packets. And this was that one s S h back that we tried to send through.
06:51
So here we have the telling that connection being blocked. Now, here is a difference from here
06:59
to here.
07:01
But we can still shoot a ping across the network to that device is just that one
07:08
port being blocked,
07:10
right?
07:11
And I'd say we want to do a
07:14
I realize that sells telnet, but remember,
07:16
they could be utilized, So I'm gonna send this to the other device on the port 22.
07:21
Um,
07:26
now, that was going to refuse because they forgot that I don't have a s S h set up on that device.
07:32
All right, uh, server
07:38
with that one will not show up as a match. That one will still be allowed on the access list, but is being denied it. The host. Little just cause of the way it's set up but the A C l is only catching the S a ts matches
07:49
like I do this.
07:53
No. 10 matches down here under the any any.
07:56
Well, let's say we do the
07:59
tome. It's to the rotor.
08:01
We should go to three matches now,
08:05
so
08:05
the extended ratio is simple. Is that
08:09
remember? You want to match on the destination ports? You don't wanna have that source sports, and
08:18
they will try and trip. You'll put that in the exam, I'm guessing.
08:22
Anyway, we're gonna go to the post assessment here and, as always, think about which of these would match. Think about how
08:30
what would make it toe like what you need to do to get usedto work.
08:35
So which of these were prevented? TCP packet from 10. 23. That's 65 59
08:41
to the 1 17 18 slash 16 network.
08:46
So I could be a few seconds to try and figure it out. I remember the ones that are incorrect. Think about what you could do to make them correct. I give it a few seconds.
08:56
All right. Hopefully you got the excess list One or two permit TCP for the exact host to that network. that was
09:05
verbatim what it is
09:07
and the next up. So we're gonna look at the name J C L concepts and the configurations. And as always, if you guys have questions, need help. Feel free to shoot my such otherwise look forward a senior next lesson.

Up Next

CCNA ICND1

This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.

Instructed By

Instructor Profile Image
Trenton Darrow
Network Engineer at NCI Information Systems, Inc
Instructor