Time
23 hours 18 minutes
Difficulty
Beginner
CEU/CPE
14

Video Transcription

00:00
Hello and welcome back to I C D one interconnecting Cisco networking devices. Part one is 7613 Standard A CEO configuration. I am frightened Darren of your instructor for this course
00:11
and last video one over the basic A seal concepts how it matches the happy before packets
00:17
and a little bit about the wild card mass on how matches this episode actually covering how to implement a basic standard number A CEO on a Cisco router.
00:27
And like we said, we're gonna cover the standard numbered A CEO configuration.
00:34
Quick pre assessment here. Hopefully remember which of these would fall into the standard numbered list. Give me a few seconds.
00:44
It is 65 17 76 or one or two in 2112 would fall into the extended in numbered list
00:53
and quickly alive diagram. Here we have two routers to switches and three devices. We have the 10 110 24 network at the 10 13 slash 30 in between the routers and 10 12 slash 24 on the right side with the service device.
01:08
I set this up as you want with your devices, so go ahead and deposit. Give those devices the proper I p addresses. Ah, go ahead and put your interface commands on your router. You shouldn't have to touch the switch is because we're not dealing with the lions
01:25
and go ahead and enable Rip V to sew a murder. The version to commit. And we're gonna set up the passive interfaces on the Atlanta and faces. We want no auto summary, and then give it the proper network command and then ensure once you're done that you can ping across the network, make sure eking hit the left side to the right side and so on.
01:44
And what, you're ready? Go ahead and on. Positive video will move on to the actual A CEO configuration.
01:53
All right, we're gonna go and get into here. We have the school line by line. So, like I said, the standard number list is going to be the global configuration commands with sweet the access list. Number one, we're gonna permit the 10 11 55 I p address.
02:08
We're going to deny that rust of the early 10 10 10 0
02:15
slash 24. Sudden it remember the wild card mask is
02:20
the two pretty fired. Too beautiful, too beautiful to be five minus the subnet mask, which would leave a 000 to predict five.
02:29
And they were gonna put a actual explicit deny all any statements.
02:35
That way we can see actual matched packets when I get tonight. And from there you have to place the access list on an interface. And then you have to specify whether it's on the in or out, or ingress or egress
02:50
of this. We're gonna place it on the ingress of the land interfacing port
02:55
because we don't have any other networks hooked up to the router. Therefore, it would not matter if we put it. The only thing that would matter is if we put on the outbound,
03:06
then it would go through the routing process. It would waste CPU cycles.
03:10
So if we had another network hooked up to the road er than we would
03:15
put on the outbound of that way, you can make your own decision if it if it had two ago dealer network.
03:21
So remember you placed this as close to the destination as possible for the standard number less since we on Lee
03:28
get the source. I p So always aware that for the extended we're gonna place it as close to the source
03:35
because we can. It's think of it as opposites. The extended we placed near the source because weaken filter based on destination
03:44
on the standard numbered. We want a place near the destination because we
03:50
match on the source. I p
03:52
a little confusing, but
03:53
hopefully you remember why
03:55
And in a couple of show commands here l street the Dennison sh i p access list in the show access list, the show interfaces will actually show the inbound and outbound a c l's
04:06
None of you guys ever saw that when you're going through, but we'll look at it again. So there wasn't show I p access. Listen, show access list. That show I P access list is gonna show you all your I P four access list and I show access list will show you your poor access list. Your
04:24
you can you cure West is gonna show you all the different ones besides just the I pee before.
04:29
But for I sing the one just worry about I p or show I p access list.
04:34
You know, I'm gonna go ahead and bring a tea party system here
04:38
and was
04:40
make sure we can ping a few of our devices. Make sure we have full network access here.
04:45
Okay, so we're on rudder to be camping across that.
04:49
Make sure you can hit 55. Let's make sure we can hit the
04:54
device here on our sub nets.
04:57
All right, so we're gonna go ahead and get into the configuration here.
05:01
Access list. One
05:04
we want to permit.
05:08
And here's like I said, that host thing was a show. You host 10 1 Hey, I'll say what it wants.
05:15
So it was the host name. 10 11.55
05:23
and we don't want a lot of us. We don't want to log it yet.
05:27
So we have a first statement wanted to access list one only show you the difference wants here. You need to take a look through these, Remember, once or 99 be standard
05:38
extended
05:40
and standard and extended. Those the ones we're gonna want to worry about for I see anyone. So you access this one.
05:47
We want to deny
05:49
10 10 10 0
05:53
and so
05:56
0.2. 55.
05:59
Should be in.
06:02
And here's where we get inside. I'll show you. So we have permit and then we have the
06:08
implied deny all at the end. So theoretically,
06:12
the
06:13
Kelly VM now should not be allowed to communicate. I'm network once we set this on an interface. So, Mary, want to set this on the, uh,
06:21
interface?
06:23
We're gonna do it before it makes a routing decision. There's no other network should took to it. This is the destination one.
06:32
You do.
06:34
So what do you do?
06:36
I p access
06:39
group.
06:41
We want a number
06:43
and let's do it inbound.
06:50
So now let's do a show
06:54
I p er
06:57
excess list.
07:00
So you could put in a number here or you just enter and I will show you all of them.
07:03
So here's the top down sequencing you condone. You have 10. 20. That's just the secrets as going in.
07:12
You'll see where you can actually reorder those later on.
07:15
So we have it said it sze inbound. So if we want to verify that's on the interface
07:20
Shou id be interfaces. Serial 000
07:29
s O is missing. Okay, Inbound list access list is number one.
07:34
So we should be able to paying 10 11 55.
07:45
Remember, they're not going to come back because the excess list is blocking it right now.
07:53
So it's working properly, is what's happening. So again, if I bring out my Kelly box
07:59
and let's just do a ping to 10 12.50
08:05
packet filtered,
08:07
it's gonna go
08:09
anyway.
08:11
So let me show you the
08:13
explicit deny statement here. So we have access list one denying any
08:20
and And if we tried again,
08:26
show I p
08:28
access list.
08:33
All right. See how we're getting matches now
08:35
on this. Whereas before we weren't where was it?
08:41
Right here.
08:43
There was no explicit deny all statements.
08:46
So I keep getting packets filter Sophie running again? Yeah, we got 53 matches.
08:52
Um,
08:54
so that's why you want to do it? Cause if if you're like, dropping a lot of packages, can't figure out why he's drawing that deny any statement which is already there, then you can see if you're matching packets based on that,
09:07
in a way. Ah, the standard A CEO is
09:11
really that simple.
09:13
So I'm gonna go ahead and go to the post assessment here. Which of these would match and permit
09:18
Tenn dot to 0.0.35 where this is going to permit this. So give you three seconds.
09:28
All right? Is
09:31
both of these.
09:31
It's gonna permit the actual full i p address, and that's gonna permit to that full sub net
09:39
and the next Listen, we look at the advanced I before a seal's looking at the extended ones.
09:43
And as always, if you have questions, you need help. Feel free to shoot the message. Otherwise, thank you for watching this lesson for to see me the next one.

Up Next

CCNA ICND1

This course will enable students to understand virtualization and cloud services, and network programmability related to LAN, access and core segments.

Instructed By

Instructor Profile Image
Trenton Darrow
Network Engineer at NCI Information Systems, Inc
Instructor