Time
13 hours 57 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello and welcome back to Diced Cindy one. Interconnecting Cisco Networking Devices, Part one This episode 6 to 4 Named a CEO's concepts and configuration
00:11
Nintendo and I'll Be your Instructor for this course.
00:15
The Last Thing you Want over how to configure the extended A CEO in this episode that we're gonna be covering what the name Day Seals are and how to configure one.
00:24
The first winning over the name Dae Seo concepts how they'll work. And then we will actually get in and quickly configured one
00:32
so quick Pre assessment here. Think about it is always which of these would block Tell Met from 10 12.0 slash 24 to the 1 70 2152 server. I give you a few seconds here,
00:50
all right.
00:51
It would be these to deny statements. The
00:56
1st 1 would deny
00:59
the tone it on Lee
01:00
Be would deny only tell meant to that server and number D or letter D would deny all I P traffic to it. Therefore, it would block Tell meant it would just be a bit overkill for what you're doing.
01:15
The lab diagram has the same as the last few episodes here. We have rip enable passive interfaces. All the I P addresses. You should go ping across the network.
01:25
So and I have gone and removed the extended and standard A seal's from our router. So
01:34
So named is yells what this is These can be standard and extended a seal's, um
01:41
but you can actually put a name to it. So the name is a little more meaningful than a number, right? If you do, you know, access Lis 1 10
01:49
That doesn't really mean a whole lot, but if you do access list, you know, block this I p or block. Sshh. You know, from this no. You know, you can add in names that actually your meaningful toe what you're doing.
02:04
So you know how we've been placing the commands into the global configuration mode just with the i p access access list? 1 10 everything like that. So what's this Will actually do any sort of thing named a CEO.
02:16
This is gonna put us in that named a c l sub command group are configuration.
02:22
I'll see what I mean here when we go to
02:23
configure it. But these are These are nice, because we can we can edit the A c l rules. Uh, you know, the packets,
02:32
the way the matching works is exactly the same as the numbered list. It's exactly the same as how it matches.
02:40
But you know, the editors rules is awesome. So if you can see in the bottom we have I p access lis extended, blocked Kelly as S h.
02:50
And then we go into that extended named a C L
02:53
configuration mode where we can deny that exact host to that entire network.
03:00
If you want to deny all s S h access from that Kelly box to that network and then we want to permit anyone from the 10 11 slash zero,
03:09
it's a net,
03:12
and we're gonna go to an interface configuration, and we're just gonna add the i p access group name out
03:19
or in whatever Whichever interface you have it on,
03:22
um,
03:23
they really wanna place these on the source,
03:25
um, air. If we do it on the serial one on the router one, then that will be after the routing decision has been made.
03:32
But if we do it on the
03:36
ah interface that is facing the land as before the routing decision is made.
03:42
So he had to be strategic a little bit about where you place these. So I wanna Ramsey. Callie, box hero. Quick.
03:49
I'm gonna verify I can. Paying the 10 1
03:53
2 £50 constitute out one.
03:58
So you work all the same, and I'm gonna set up that tell meant connect her the
04:02
I'm gonna do a telnet over Portis 22 for S H again.
04:09
Uh, one. We wanted a port 22.
04:14
So here you can see that we have s h again because you matter. This is what it looked like before
04:20
this.
04:24
So let's go ahead and bring up the Yemeni. Minimized the box. Spring up, putty.
04:30
So it was gonna configuration terminal.
04:33
And this real quick
04:38
do I p access list
04:43
And we want to sit up extended
04:46
and you could do is with standard as well. I'll show you that in a little bit in the next episode.
04:49
Um, that way you can actually edit your standard. It works all the same way. Um, you set up the
04:59
the matching primers the same. Is it the standard list so you can have a name to him
05:04
anyway? So we're gonna go in here. Gonna do so. We want a word for it.
05:11
Let's do caps. Lock here,
05:14
Block. Callie. Sshh!
05:17
And what is the first thing that's gonna ask us?
05:23
So we want. So for once, we're gonna have a remark
05:26
block as this sage sage
05:30
from Kelly.
05:32
Man, I can't kill a box to network.
05:38
Yeah, close enough.
05:40
Anyway, I was going to deny,
05:42
uh, t p
05:45
10 11 50
05:46
and very through the host.
05:55
Come on.
05:58
And the destination address. Turn 1 to 0 with a wild card of sense.
06:05
And we wanted to equal
06:11
4 22
06:13
and we want to throw in a prevent statement so everyone else can get access is well, permits I p
06:18
10 1110 with a well card. Uh, that's
06:25
to weaken you any.
06:29
And we just hit it right there
06:31
so we can go ahead and hit Texas.
06:34
It's going to the interface cereals, ears. They're zero,
06:40
and we'll set it up the same way I p access group.
06:44
And here's where we're gonna put in that name, right? So when I do block Callie s S h and this would be outbound
06:50
since we would be on a serial port,
06:56
just a different way of doing it.
06:59
So it should be set up. So if you do a show I p access Lis,
07:03
we don't have any matches yet, so I'm gonna bring up to Kelly Box. We're going to Ping 10 12.1
07:12
So we can ping the far side of router to,
07:15
But if we go to do a telnet over it, we're being blocked.
07:21
So we should have a couple of matches here. Now,
07:25
you know, we have one match on our block and cup matches on the ping that we just sent.
07:31
So that's a simple is the cool thing. We will go over editing the actual A C l. Next,
07:38
we'll really be box here. Forgot I didn't.
07:42
So let me bring up Ping.
07:45
Ah,
07:46
Well, let's just run here.
07:48
As you see,
07:53
we have a couple matches now
07:55
under the any
07:57
statement.
08:00
And if we trying to tell not to it, we're being blocked again.
08:05
Sorry, Billy. Tell Mitt or report 22
08:07
reader a tad don't get confused
08:11
anyway, So if you go back to the party session Sure. I p access lists. We have another match on the deny statement.
08:22
So show access.
08:31
Show, Run.
08:33
Look at the show run of this. Now
08:37
I'll show you we have the I P. Access here.
08:41
Here's where the I P access list comes in.
08:45
So you had the remark blocked Kelly. So when you actually go to show, Rana actually is more meaningful now?
08:52
Um,
08:52
is it all makes sense?
08:56
Anyone ever go ahead and remove this and
08:58
we will go ahead and move on to the next thing here. So people assessment Here, think about it. Which of these would permit www access
09:07
from 10 122 52 The 17 to 20. Tow 1 55 server
09:15
on. I'll give you a few seconds.
09:20
All right. It was only the permit. I p 10 12
09:26
55.
09:26
See, this one would have matched
09:31
this. One would have matched that they would have matched. Except for it's not for 23. It's ordered 80 and the mix up. So we're gonna edit those a c l's and troubleshoot. So if you want to, we can actually keep that current a CEO and we'll go ahead and edit it and we'll throw in some other rules.
09:48
And as always, if you guys have questions, need help. Feel free to shoot the message wise. Thank you for watching this episode. I look forward to seeing the next one.

Up Next

CCNA ICND1

This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.

Instructed By

Instructor Profile Image
Trenton Darrow
Network Engineer at NCI Information Systems, Inc
Instructor