Hello and welcome back to I C D one interconnecting Cisco networking devices. Part one is 7613 Standard A CEO configuration. I am frightened Darren of your instructor for this course
and last video one over the basic A seal concepts how it matches the happy before packets
and a little bit about the wild card mass on how matches this episode actually covering how to implement a basic standard number A CEO on a Cisco router.
And like we said, we're gonna cover the standard numbered A CEO configuration.
Quick pre assessment here. Hopefully remember which of these would fall into the standard numbered list. Give me a few seconds.
It is 65 17 76 or one or two in 2112 would fall into the extended in numbered list
and quickly alive diagram. Here we have two routers to switches and three devices. We have the 10 110 24 network at the 10 13 slash 30 in between the routers and 10 12 slash 24 on the right side with the service device.
I set this up as you want with your devices, so go ahead and deposit. Give those devices the proper I p addresses. Ah, go ahead and put your interface commands on your router. You shouldn't have to touch the switch is because we're not dealing with the lions
and go ahead and enable Rip V to sew a murder. The version to commit. And we're gonna set up the passive interfaces on the Atlanta and faces. We want no auto summary, and then give it the proper network command and then ensure once you're done that you can ping across the network, make sure eking hit the left side to the right side and so on.
And what, you're ready? Go ahead and on. Positive video will move on to the actual A CEO configuration.
All right, we're gonna go and get into here. We have the school line by line. So, like I said, the standard number list is going to be the global configuration commands with sweet the access list. Number one, we're gonna permit the 10 11 55 I p address.
We're going to deny that rust of the early 10 10 10 0
slash 24. Sudden it remember the wild card mask is
the two pretty fired. Too beautiful, too beautiful to be five minus the subnet mask, which would leave a 000 to predict five.
And they were gonna put a actual explicit deny all any statements.
That way we can see actual matched packets when I get tonight. And from there you have to place the access list on an interface. And then you have to specify whether it's on the in or out, or ingress or egress
of this. We're gonna place it on the ingress of the land interfacing port
because we don't have any other networks hooked up to the router. Therefore, it would not matter if we put it. The only thing that would matter is if we put on the outbound,
then it would go through the routing process. It would waste CPU cycles.
So if we had another network hooked up to the road er than we would
put on the outbound of that way, you can make your own decision if it if it had two ago dealer network.
So remember you placed this as close to the destination as possible for the standard number less since we on Lee
get the source. I p So always aware that for the extended we're gonna place it as close to the source
because we can. It's think of it as opposites. The extended we placed near the source because weaken filter based on destination
on the standard numbered. We want a place near the destination because we
match on the source. I p
a little confusing, but
hopefully you remember why
And in a couple of show commands here l street the Dennison sh i p access list in the show access list, the show interfaces will actually show the inbound and outbound a c l's
None of you guys ever saw that when you're going through, but we'll look at it again. So there wasn't show I p access. Listen, show access list. That show I P access list is gonna show you all your I P four access list and I show access list will show you your poor access list. Your
you can you cure West is gonna show you all the different ones besides just the I pee before.
But for I sing the one just worry about I p or show I p access list.
You know, I'm gonna go ahead and bring a tea party system here
make sure we can ping a few of our devices. Make sure we have full network access here.
Okay, so we're on rudder to be camping across that.
Make sure you can hit 55. Let's make sure we can hit the
device here on our sub nets.
All right, so we're gonna go ahead and get into the configuration here.
And here's like I said, that host thing was a show. You host 10 1 Hey, I'll say what it wants.
So it was the host name. 10 11.55
and we don't want a lot of us. We don't want to log it yet.
So we have a first statement wanted to access list one only show you the difference wants here. You need to take a look through these, Remember, once or 99 be standard
and standard and extended. Those the ones we're gonna want to worry about for I see anyone. So you access this one.
And here's where we get inside. I'll show you. So we have permit and then we have the
implied deny all at the end. So theoretically,
Kelly VM now should not be allowed to communicate. I'm network once we set this on an interface. So, Mary, want to set this on the, uh,
We're gonna do it before it makes a routing decision. There's no other network should took to it. This is the destination one.
and let's do it inbound.
So now let's do a show
So you could put in a number here or you just enter and I will show you all of them.
So here's the top down sequencing you condone. You have 10. 20. That's just the secrets as going in.
You'll see where you can actually reorder those later on.
So we have it said it sze inbound. So if we want to verify that's on the interface
Shou id be interfaces. Serial 000
s O is missing. Okay, Inbound list access list is number one.
So we should be able to paying 10 11 55.
Remember, they're not going to come back because the excess list is blocking it right now.
So it's working properly, is what's happening. So again, if I bring out my Kelly box
and let's just do a ping to 10 12.50
So let me show you the
explicit deny statement here. So we have access list one denying any
and And if we tried again,
All right. See how we're getting matches now
on this. Whereas before we weren't where was it?
There was no explicit deny all statements.
So I keep getting packets filter Sophie running again? Yeah, we got 53 matches.
so that's why you want to do it? Cause if if you're like, dropping a lot of packages, can't figure out why he's drawing that deny any statement which is already there, then you can see if you're matching packets based on that,
in a way. Ah, the standard A CEO is
So I'm gonna go ahead and go to the post assessment here. Which of these would match and permit
Tenn dot to 0.0.35 where this is going to permit this. So give you three seconds.
It's gonna permit the actual full i p address, and that's gonna permit to that full sub net
and the next Listen, we look at the advanced I before a seal's looking at the extended ones.
And as always, if you have questions, you need help. Feel free to shoot the message. Otherwise, thank you for watching this lesson for to see me the next one.