Time
15 hours 34 minutes
Difficulty
Intermediate
CEU/CPE
16

Video Description

Access Control Lists Our next lesson which ties into layer 4 is Access Control List. We cover how ACLs impact the flow of traffic to and from routing devices and the process with which that takes place. You'll learn about Standard vs. Extended ACL types, why locally generated traffic is unaffected by Access Control Lists and why the source address plays a critical part in the function of an Access Control List. We'll discuss why and where you are able to determine if Protocol, destination wildcards and other network specific components will be granted access and why that delineation is important.

Video Transcription

00:04
Our next topic of discussion, which ties into, therefore,
00:09
is access control lists,
00:12
access control list control, traffic passing through the router or to the router.
00:22
Locally generated traffic or traffic that you generate on the local router after creating an access control list is not affected by access control. List
00:32
access control less. Have the ability to either permit certain traffic or deny certain traffic
00:39
entries in the access control list. I read top to bottoms again sequentially, and the first matching entry is used.
00:48
An access control list once created has this last entry as an implicit deny any or deny all.
00:58
You should always remember this, even though this last deny any entry is not visible by default.
01:04
Now there are two types of access control lists,
01:08
standard and extended.
01:11
Let's go over standard First
01:15
standard access list can permit and deny traffic
01:19
Onley based on the source address
01:23
only based on the source address.
01:26
So once again, standard access list can permit traffic or deny traffic based on the source. I pee in the packet once it's matched against the access list entry
01:38
now with standard access Liz there to sub types, you have your old way of doing it, your standard access list and the new new way of doing it, which is the named standard access list
01:52
with the old way of doing and you simply typed in access list,
01:56
then a number between one and 99.
01:59
Then either the keyword permit or deny. Remember the straight line between permit and deny means, or
02:07
then the source network
02:09
and then the wild card for that network, which will work the same way as it did for E I, G R P and O SPF.
02:16
Or you could create a name the standard access list. Now the problem with regular standard access list was, What if I create an access? Well, let's say I couldn't access this access list. 10.
02:30
Deny
02:30
some network ends with some wild card, and then I create another entry in the same access this access list. 10. Permit or deny something,
02:38
and then, at some point I have 50 entries.
02:42
Now, let's say at some later date I wanted to delete entry number 49 so I went ahead and tighten no access list. 10. What would happen is I would blow away the whole access list. It would disappear. The router would read no access list 10
02:59
and not wait to read the rest of the entry and just get rid of that access list as a whole
03:02
so you would lose. All 50 entries
03:07
would named access list. If you type in I p access list standard and then give it a name, let's say See, CNN, you go into a sub configuration mood when your prom will change to configure named S C L O R N a. C l or sodium chloride. Now that's a joke.
03:28
Then you consider permit or deny a network,
03:30
then the source
03:32
address for that network and the wild card.
03:36
Now, under this sub
03:39
configuration mode, you can take away entries and add entries, and it won't delete the whole access list until and unless you goes, do the execute, the command No. I P access list standard and then the name.
03:55
Next, we have your extended access list, and you you can see the command for the extended access list is quite Lindy,
04:03
because extended access list can permit or deny traffic based on boots, the source address
04:11
and the destination address.
04:14
You create an extended access list. You see
04:16
in the old in the old fashioned In the old manner, you can simply say access list and then pick a number between 101 99 which tells the router that this is going to be an extended access list.
04:29
Then you either permit or deny your traffic.
04:31
Then there's the protocol field, where you even get to pick which protocol you're going to permit or deny.
04:39
Then the source Network
04:42
and the source wild card,
04:45
then the source port,
04:46
then the definition network and the destination while card and the destination port. So as you see extended access, this give you a lot more flexibility with what you can do
04:57
now. Extended access list also come in the named flavor of a ride.
05:02
You create a named extended access list.
05:06
You say I P access list extended and then give it a name. Let's say we say ccn again or Cisco.
05:15
Then it goes when you hit Enter your problem will change through the config and a C l prompt,
05:20
and from here you can add and delete entries without taking away the whole access list. So the rest of the fields are the same permit deny the protocol type source network, the source wild card and the sore sport than the destination network, the definition wild card and the destination port.
05:39
Now let's get our labs and see how this actually works before we get on our labs. One little tidbit left.
05:46
This is how you create access list.
05:49
To apply an access list, you actually have to go into an interface.
05:56
So on a router, I would love into our enter
06:00
an inter.
06:04
And then the interface
06:06
I d which would be fast Ethernet 00 or serial 010 whatever it is,
06:13
and from under the interface,
06:15
you would do the command. I be
06:17
access group,
06:20
then the name or number,
06:24
and then the key words
06:26
in or out kind of ran out of space here.
06:30
So you would say I p access group
06:34
and then the name of the access group if we had named at CCN, eh? You put in c CNN or if you had decided to do a numbered access list, let's say 10 and then either inbound or outbound,
06:47
whether this access this is gonna be applied for inbound traffic or outbound traffic.
06:54
Now, let's go ahead and see how this works on our lab

Up Next

Cisco CCNA

Our free, online, self-paced CCNA training teaches students to install, configure, troubleshoot and operate LAN, WAN and dial access services for medium-sized networks. You'll also learn how to describe the operation of data networks.

Instructed By

Instructor Profile Image
Junaid Memon
Instructor