13 hours 57 minutes
Hello and welcome back to Diced Cindy one. Interconnecting Cisco Networking Devices, Part one This episode 6 to 4 Named a CEO's concepts and configuration
Nintendo and I'll Be your Instructor for this course.
The Last Thing you Want over how to configure the extended A CEO in this episode that we're gonna be covering what the name Day Seals are and how to configure one.
The first winning over the name Dae Seo concepts how they'll work. And then we will actually get in and quickly configured one
so quick Pre assessment here. Think about it is always which of these would block Tell Met from 10 12.0 slash 24 to the 1 70 2152 server. I give you a few seconds here,
It would be these to deny statements. The
1st 1 would deny
the tone it on Lee
Be would deny only tell meant to that server and number D or letter D would deny all I P traffic to it. Therefore, it would block Tell meant it would just be a bit overkill for what you're doing.
The lab diagram has the same as the last few episodes here. We have rip enable passive interfaces. All the I P addresses. You should go ping across the network.
So and I have gone and removed the extended and standard A seal's from our router. So
So named is yells what this is These can be standard and extended a seal's, um
but you can actually put a name to it. So the name is a little more meaningful than a number, right? If you do, you know, access Lis 1 10
That doesn't really mean a whole lot, but if you do access list, you know, block this I p or block. Sshh. You know, from this no. You know, you can add in names that actually your meaningful toe what you're doing.
So you know how we've been placing the commands into the global configuration mode just with the i p access access list? 1 10 everything like that. So what's this Will actually do any sort of thing named a CEO.
This is gonna put us in that named a c l sub command group are configuration.
I'll see what I mean here when we go to
configure it. But these are These are nice, because we can we can edit the A c l rules. Uh, you know, the packets,
the way the matching works is exactly the same as the numbered list. It's exactly the same as how it matches.
But you know, the editors rules is awesome. So if you can see in the bottom we have I p access lis extended, blocked Kelly as S h.
And then we go into that extended named a C L
configuration mode where we can deny that exact host to that entire network.
If you want to deny all s S h access from that Kelly box to that network and then we want to permit anyone from the 10 11 slash zero,
it's a net,
and we're gonna go to an interface configuration, and we're just gonna add the i p access group name out
or in whatever Whichever interface you have it on,
they really wanna place these on the source,
um, air. If we do it on the serial one on the router one, then that will be after the routing decision has been made.
But if we do it on the
ah interface that is facing the land as before the routing decision is made.
So he had to be strategic a little bit about where you place these. So I wanna Ramsey. Callie, box hero. Quick.
I'm gonna verify I can. Paying the 10 1
2 £50 constitute out one.
So you work all the same, and I'm gonna set up that tell meant connect her the
I'm gonna do a telnet over Portis 22 for S H again.
Uh, one. We wanted a port 22.
So here you can see that we have s h again because you matter. This is what it looked like before
So let's go ahead and bring up the Yemeni. Minimized the box. Spring up, putty.
So it was gonna configuration terminal.
And this real quick
do I p access list
And we want to sit up extended
and you could do is with standard as well. I'll show you that in a little bit in the next episode.
Um, that way you can actually edit your standard. It works all the same way. Um, you set up the
the matching primers the same. Is it the standard list so you can have a name to him
anyway? So we're gonna go in here. Gonna do so. We want a word for it.
Let's do caps. Lock here,
Block. Callie. Sshh!
And what is the first thing that's gonna ask us?
So we want. So for once, we're gonna have a remark
block as this sage sage
Man, I can't kill a box to network.
Yeah, close enough.
Anyway, I was going to deny,
uh, t p
10 11 50
and very through the host.
And the destination address. Turn 1 to 0 with a wild card of sense.
And we wanted to equal
and we want to throw in a prevent statement so everyone else can get access is well, permits I p
10 1110 with a well card. Uh, that's
to weaken you any.
And we just hit it right there
so we can go ahead and hit Texas.
It's going to the interface cereals, ears. They're zero,
and we'll set it up the same way I p access group.
And here's where we're gonna put in that name, right? So when I do block Callie s S h and this would be outbound
since we would be on a serial port,
just a different way of doing it.
So it should be set up. So if you do a show I p access Lis,
we don't have any matches yet, so I'm gonna bring up to Kelly Box. We're going to Ping 10 12.1
So we can ping the far side of router to,
But if we go to do a telnet over it, we're being blocked.
So we should have a couple of matches here. Now,
you know, we have one match on our block and cup matches on the ping that we just sent.
So that's a simple is the cool thing. We will go over editing the actual A C l. Next,
we'll really be box here. Forgot I didn't.
So let me bring up Ping.
Well, let's just run here.
As you see,
we have a couple matches now
under the any
And if we trying to tell not to it, we're being blocked again.
Sorry, Billy. Tell Mitt or report 22
reader a tad don't get confused
anyway, So if you go back to the party session Sure. I p access lists. We have another match on the deny statement.
So show access.
Look at the show run of this. Now
I'll show you we have the I P. Access here.
Here's where the I P access list comes in.
So you had the remark blocked Kelly. So when you actually go to show, Rana actually is more meaningful now?
is it all makes sense?
Anyone ever go ahead and remove this and
we will go ahead and move on to the next thing here. So people assessment Here, think about it. Which of these would permit www access
from 10 122 52 The 17 to 20. Tow 1 55 server
on. I'll give you a few seconds.
All right. It was only the permit. I p 10 12
See, this one would have matched
this. One would have matched that they would have matched. Except for it's not for 23. It's ordered 80 and the mix up. So we're gonna edit those a c l's and troubleshoot. So if you want to, we can actually keep that current a CEO and we'll go ahead and edit it and we'll throw in some other rules.
And as always, if you guys have questions, need help. Feel free to shoot the message wise. Thank you for watching this episode. I look forward to seeing the next one.
This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.