🔴Live Quiz: ACLs (Access Control Lists) | Cisco CCNA 200-301

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] and welcome everybody glad you're here [Music] go ahead and sign in when you are ready either using the smart app or the app on your smartphone or on a tablet or go to the website kahoot.it and use the pin in the top all right amazing wallaby you're first in congrats all right russia is in the house welcome welcome giannis is here brandon is here from iraq welcome ctns nc from hollywood california welcome welcome i grew up in southern california i worked at paramount pictures in 1994 and 1995 on their networks at 5555 melrose avenue good times good times that wasn't technology was still quite new i think we had token ring back then yeah 94.95 we're still running our networks on token ring if you haven't worked or heard of token ring congratulations that's awesome hopefully you'll never have to uh all right giannis is here shazam is here welcome bellahi always good to see you jay strix is here from michigan africa is in the house that's dks welcome via mall is here from india also uh let's see here astiva is here welcome oh right abdullah passed my ccna last week says abdullah oh that is so great congratulations i couldn't be happier what a great way to kick off my middle of the weekend i was so glad congratulations a lot of work and worth it just keep on studying and keep on enjoying the journey all right belgium's in the house nick003 oh an awesome rx i love it nick i love how you're just willing to put it out there your uh screen name for the event which is fantastic let me go ahead and maximize the screen as well get a little more real estate there we're gonna start here in about four minutes let me finish saying good morning to people who are uh chatting in lafayette is here good morning north carolina is in the house daniel's here my brother lives in raleigh he loves it raleigh so beautiful there um i know north carolina is a lot more than just raleigh i when i i used to teach for one of the cca training companies i did a few classes at uh research triangle park rtp cisco at least used to have a a cci lab there greenland's in the house nice hi tom peel hello nick welcome welcome and lafayette says i have a tea question i'm not sure i understand that please elaborate all right brandon's here nine days until the exam brandon check out the playlist here it's free on youtube uh my my uh practice is it the the quiz playlist is what it's called and if you just go through those and make sure you're comfortable with that level of knowledge on those topics and uh if you've been studying uh that can help you clarify any areas you need to all right splixy saying i am speedy yak that's great all right hi ronald welcome sasa is here lafayette has a real question about acls and quarantine vlans tell you what if you have a detailed question like that um right after the quiz i have a little i'm gonna hang out in the discord room or my discord server for like 15 to 30 minutes just come and visit me there i'll be in the ccna voice chat room right after and after the stream is done and we can chat about quarantine which is also going to involve a nice servers as a heads up all right video number 150 thank you esteva and daniel saying happy father's day to all the dads in the u.s they have a day today it's well once a year it's called father's day and uh in the us that's happening today so if you are in the us or anywhere in the world and you're a father happy father's day and i have uh seven children my youngest is 18 this year so mostly grown and uh on their way to doing their own things okay i've got a question from um if i'm all saying sir how old are you i'm gonna let you do the math on that volume all i was born in 1964. so march 1964 so you can just subtract that from 20 20 21 minus 1964. should be close to 57. all right quietly past his season yesterday i'm so pleased that's great thank you thank you thank you uh for uh putting in all the work and letting me know i'm so happy that's great hello monica hello zach and uh fred saying hello to everyone oh the net the red special is in the netherlands [Music] all right let's see here good good brandon awesome israel's here hello aviv welcome welcome uh rishba i've mispronounced that excuse me rishabh is in the house from india fantastic thank you [Music] and uh jay lightsabers is shouting out his screen name which is champion lemur all right i love it i love it oh popa's here for the first time welcome so glad to have you here know whether you're already a ccna or studying for it or maybe you're on past that this is a fun place to come back and refresh skills and also it's good to meet you so thanks for saying hello uh please enjoy the playlist here on youtube that i have for ccna and also to play this for the quizzes they're all free and my goal is to help you uh just just a little bit and getting towards those goals so good good to have you here all right minnesota's in the house poland is in the house great great great and um let's see here kenya's here hi keshi welcome from kenya hi international crew as always the world's a small place and it is connecting us all together and your skills you learn and ccda are going to help serve you for the rest of your it career they will they will these aren't skills they're like i never i'll never need to know what a vlan is yes you will uh great great great all right and uh puzzling grover says hello from russian good luck everybody and vmware's saying my question was how are you not how old are you i'm so sorry i'm doing great trevor's in the house trevor is one of our admins on discord putting in a lot of good effort and time and helping others uh my gratitude goes out to everybody on our discord server the admins the moderators the we have like i think for over 8 000 people now um people helping other people with the you know studying and with answering questions and having a community it's great uh thank you george oh blending thank you for the super sticker blending is wishing every sticker says good luck with the megaphone looks like a cat or a fox nice all right let's uh time to get this party started for everybody else portugal's here uh for everybody who's here welcome welcome welcome for those of you who are brand new uh today uh a special welcome to you as well we do these every sunday 11 a.m pacific time that's the times that i'm in so just your calendars respectively also 10 o'clock am every single saturday pacific time again i have my office hour it's a free it's free office hour an hour usually it goes an hour and a half to two but the first hour is definitely ccna focused you can just if you're studying something like spanning tree i don't quite get i don't want to get this sorry don't get that come see us in uh office hour every saturday it's a voice chat room on my discord server and i'm happy to take all the ccna questions that we can fit in and we have a great time yesterday i learned two new things two new things that i wasn't didn't know and based on the questions that came up we brought up uh emulated our simulator and answered the questions and was like yeah here's what i think is gonna happen is that true so i'm grateful for the discussion and the camaraderie and with that we are going to go ahead and start so good luck everybody also if you do me a favor if you have something to write with jot down that pin number which is at the top of the screen right here and if somebody comes in late and they say what's the pin number it should be near the bottom but if it gets covered up for some reason just kindly chat to them here's the pin number and um if anybody comes in and they insist on putting answers in the chats i will kindly urge them to um join the game just like you have all right here we go i hope you enjoy this i enjoyed putting it together cisco acls standard and extended including some show commands based on popular requests and here is question number one it is double points it is multiple select and the question is this which of the following can prevent ssh from the 10.2.0 subnet trying to make it over to r1 good luck everybody and again glad you're here [Music] [Music] so [Music] [Music] [Music] so [Music] so for this question if you haven't already submitted the answer yet you want to choose all the answers that are correct and then submit and the way this goes if you're new to this game this new environment the quicker you answer correctly the more points you get so it's not a competition or is it really the competitions with ourselves just making ourselves do a little bit better i heard somebody say uh recently they said uh not every day is going to be your best but every day you can do the best you can and if and if you do your best that's really all we can ask of ourselves all right a lot of great answers on the board let's talk about why these are uh why the correct answers are the correct answers uh first of all let's talk about preventing ssh over to a router so there's a router and if we want to prevent ssh access what we could do is we could have a filth either here at the inbound on the interface or somewhere in the path we could have an access control list and that's filtering traffic destined to the well-known port of tc ssh which is the destination port of tcp port 22. so we blocked that uh that would do it okay so if we applied an access control list to an interface like that inbound we would apply that with this command right here access dash group so you create the access list or somebody creates the access list and then it's applied inbound or outbound in this case it'd be inbound on this interface or outbound on this interface or inbound on this interface if we're trying to go somewhere in the path right between the user and this and the router and we use the access group to apply the access list to an interface not my fault uh if if somebody asked me 30 years ago or 25 years ago hey what is the command you know what command should we call this i wouldn't call it access group i but anyway that's what they did and that's how it's that's how it's applied um as far as what the access list is um it could be a named access list or a numbered access list and the two types are extended and standard and so this the common range for a standard is like 1 through 99 and the common range for extended is 100 through 199 but you could also use names for either one so you could use a named access control list that's standard or extended you just call it what you want call it call it frank call it uh you know call it blendinator call it something and then as far as this guy right here why is this true this had our least number of correct answers if we wanted to logically control access to this router we could also do it on the vty lines so when somebody so when anybody who is connecting with ssh or telnet as well and they're connecting from this pc over to this router logically logically in the mind of the router they're connecting on one of the vty lens so we have on many routers there's five v2y lines zero through four and if we wanted to take an access control list and say deny a certain source ip rest of the standard acl we could apply it to the vty lines and that would also stop the ssh chat from happening now the way you apply it to a vty line is access class so for filtering on an interface it's access group and to apply an access control list to a logical vty line it's access dash class all right i feel better i feel like i've been through therapy and it's really great it's great to have you here i'm having a good day i went swimming today earlier uh like an hour ago i got in the pool for a few minutes bumped my head not so smart anyways that was kind of groggy anyway um it's like 108 degrees out right now at what was like 10 o'clock in the morning so it gets kind of warm here in vegas but you know what it's cool inside we're all here together we're all over the world and this quiz so here is our second question good luck everybody this is question 2 of 11 multiple select double points which interfaces plural support the following command and that's the command in yellow just to be clear i p access dash group then the name of an access control list and then the direction either in or out of the interface so there's at least two answers that are correct possibly more choose all that apply and good luck [Music] so all right and kumaran let's see kumar yeah kumar is saying joining for the first time glad to have you let's make this a tradition a habit every sunday pacific time 11 a.m there will be a quiz here love to have you add it to your calendar [Music] [Music] all right these are all true uh the key is that if we're the command that we're looking for here is the ip access group which and again these questions i created them but they're presented in randomized order in this quiz because i asked the the engine to do that so iep access group is how we apply an access control list for filtering purposes to a an interface a layer 3 interface and furthermore all of these represent layer 3 interfaces like a typical router interface that's it given a layer a switch port if we have a switch a multi-layer switch and we go into interface configuration on port zero slash four right here that's zero zero zero one zero two zero four right here um one two zero one two three four i should have picked a lower number anyway that's three so if we go to this interface right here and we say no switch part that says oh bummer i don't get to be a switchboard i guess i'll be a layer 3 port so it's another layer 3 port just like a router port a switch virtual interface which had the least number of votes on it that's also a layer 3 interface on a multi-layer switch interface vlan 20 press enter and boom you're in interface configuration mode for a logical layer 3 interface that once it's configured with an ip address could be a default gateway for anybody who's sitting in vlan 20. and then an ip7 interface if we're doing like uh 802.1 q and layer 3 sub interfaces that would work too all right great job here we go moving on let's see who's in who's on the top we have legend fox with 12 818 points this is only after question number two you guys are crushing it witty pigeon melodic gazelle kind panda and the gentle rabbit all in the top five but there's a lot of room for growth here for everybody let's go ahead and continue here's question number three which acl entry blocks https which would be using like ssl or tls those kind of replies to hosts on both internal networks those internal networks are 10.1.0 and 10.2.0 good luck everybody oh george is from his hospital bed joining us so glad to have you george and hopefully uh speedy recovery with whatever causes you to be there i'm certainly glad to spend a few minutes with you today [Music] [Music] [Music] thank you blending for encouraging uh that contestant to answer in the queue or in the um in the game i just put them on a timeout for 300 seconds uh same thing for that next one so again if you're if you have a burning desire to answer the questions go ahead and please do it in the game interface [Music] all right which acl entry blocks https replies to both internal networks um let's just take a look at the media for just a moment and let's walk through this okay uh well first of all https let's just identify what https replies would look like so on the initial flow of traffic i'll go ahead and say this is client to server c to s client to server going this way like that the initial flow of traffic would be a source ip of the 10.1 or 10.2 as a source and let's put a source there and the destination would be whatever the server's address is and then the destination port would be tcp if it's https the well-known port for those four four three the source port here would be tcp who the heck knows because a client when it's going out to a website or doing a dns request or something else it's just going to identify a random currently not used port on that computer and then use that for that session so as far as the source port for many protocols they're just going to randomize take one that's free but the server is listing on port 443 so that's the initial connection that goes out now let's take a look at the reply back i'll put that in yellow the reply back the source is going to be coming from the server at a dot b dot c dot d whatever that ip address is the source port is going to be port 443 so if we went to that port on the initial request everything's flipped on the way back and so the source would be the server the source port would be 443 and the destination would be the device on 10.1 or 10.2 whatever that address is of who made the request and then the destination port would be whatever that client initiated that request with so that's the flow and the question is which acl entry blocks https replies coming back this one says deny tcp traffic this is extended acl entry deny tcp traffic if it sourced from anywhere that would cover the server address and the source port is 443 that would cover this part right here and the destination is on the 10 network and we don't care about the last three octets because the wild card bits say we don't care about last three so that would certainly do it and how many answers did we have correct here let me check let me check yeah just one correct answer that's the only one on the board that would do it so if you want to like have you elaborate on the other ones that are not correct you can right after in the uh discord server i'll be there for a few minutes and we can bring up any of these questions if you want we can elaborate on them and we can argue that's not really arguing that's one of the beautiful things about techno technical work it work is that there's not a whole bunch of room for uh subjectivity when it comes to what really is going to work or not work that's true all right moving on here we go uh we'll click on next to continue and legend fox is in the lead followed by witty pigeon melodic gazelle kind panda and giving ferret i love it oh here's question 4 of 11 we are on a roll multiple select also double points here it is which commands plural may be used to check to see if an access control list is actually being used somewhere on the config good luck everyone so [Music] all right george is in the in the hospital joining us i say we give george an extra 5 000 points at the end so george pay attention to your points and i'd like to give you a bonus 5 000 on top of it because if you can show up to this quiz from your hospital room or from the hospital man that is some commitment love it let's use the time whenever we have it to [Music] improve [Music] [Music] all right which commands may be used to check when acl is being used i think if we did show ip interface that would show us if we had a filtering acl that is a fancy way of saying an acl that's applied to a layer 3 interface that's being used for the purpose of filtering traffic with permits and denies if we did a show run section line that's going to show us our vty lines all our configs so 0 through 4 and the console and if you're on some gear maybe an auxiliary line as well and so that way if there was an access class which was using an acl we would see it with this guy this show run include line that's only going to show output that has literally the word line in it so sorry about that couldn't help myself um but so it's just gonna the output that's gonna say like line vty zero space four and it'll say maybe auxiliary and it'll say console but it won't have the contents it won't show you what's in the configuration of those vty lines but the word lines there and that's why it's showing up so green is not good for that reason and then show ipnot statistics not too many people jumped on that but that's literally how you could see whether or not an access control list is being used as part of a nat rule i'll put pat rule there as well so it'll show you things like is there which interfaces are in and inside and outside it'll show you which access control list is used as part of a net rule if you're using it as part of a net rule uh if you're doing pat and that uh well if you did a static nat you wouldn't need a producing dynamic nat and you want to identify who qualifies to be translated you definitely use an access control list for that all right well now we know good job and let's move forward here we go question 5 of 11 multiple select also double points which of the following are true regarding this access list called our underscore list if is a big if if it's applied outbound on a layer 3 [Music] interface [Music] [Music] yesterday in the office hour i was reminded of access control lists by dave and others i appreciate that and also had a request for more show commands so i included those as well [Music] so [Music] so [Music] all right well a lot of great a lot of great answers on the board let's see if we need to discuss any more of those further let's see if we apply the access list that showed outbound on layer 3 interface letter true oh well even without looking again at the diagram which we we can do that if we want to again an extended acl is going to have the the keywords regarding protocol in it like is it ip or in the ip which represents ipv version 4 by the way it is it something specific like at layer 4 like tcp is it udp is it gre is it osbf which is a layer four protocol is it eigrp also layer four protocol or is a number which you can also use a number there for the protocol if you want um well let's see here can you do that i'm going to scratch that off because packet tracer may not support that anyway so if it has the protocol specified in it and it includes source and destination information uh that is an extended acl because a standard acl only looks at source ip address information that's it so you don't have the keywords of ip or any protocols that's a giveaway so it's not a standard acl and uh denies ospf hellos how many did i get on that about 42 let's talk about that for a moment this is something that i i probably didn't learn for maybe many i didn't really appreciate i'll say that for many years after i got my ccna which was like in 1998 and then i got my first cci in 2001 and another one 2003. anyway um what i'd like to share with you now is the how this works if we have an access list called our list and we've applied it with the access group command and that's interface zero one and we applied it outbound on that interface that does not block even if there's deny statements in it it's not going to block any traffic that is sourced by this router that means that this router let's say we logged into this router and we tried to do a telnet session or ssh session out to another device any traffic that's sourced by this router itself doesn't give a hoot about any kind of denies or anything else regarding an access list that's applied outbound on the interface it just says well that that access control list that you put there with the access group command that applies to transit traffic traffic that came from somewhere else trying to go through the traffic i'm generating i'm never going to pay attention to that says the router and that's that's how it works so as far as this question right here if we have ospf hellos our ospf running and this guy's sending hellos every 10 seconds by default on an ethernet network those hellos are not going to be stopped by any outbound acl now the other side if it had an inbound acl we could deny it because it's inbound but as far as this router with an outbound acl it's not going to stop it and that's why blue is not correct and then not using default sequences about 54 of us said that was true let's take a look real quick at the output and as i look at this show access list command i can see here that it goes 10 20 25 30 40 50 60. so by default when you create an access control list it's going to automatically sequence every single entry by 10 10 20 30 et cetera so the benefit of that is you could go in later and you could say delete 10 or delete 20 or delete 60 or if you needed to add a new line which is what i did for this i did this in packet tracer by the way i just basically create your axis go back into axis go back into named extended axis configuration mode and just add that line that number first and that way it can tell it where you want in the sequence so if you put like oh i forgot to put this one entry i need to modify my acl you can do so just by looking at the acl and then picking a number between 10 and 20 if you want to put it here or between 20 and 30 to put it here so it's not using the default sequencing numbers because i added a line all right and that that's the the only one that's not a default a standard sequence is the 25 that i added all right let's go ahead and see who's on top here and zany koala followed by melodic gazelle melodic yak witty pigeon and majestic gekko all right and i'm just taking a look real quick melodic yak okay so no pressure but that's trevor right there that's the admin one of our admins on discord i'm not sure if kelvin's playing or not but uh that's that's i've got my eye on you so congratulations for everybody for participating and playing and having fun this is all meant to help reinforce concepts and maybe help identify oh i didn't realize that i learned something new today if that happens that's a great thing all right here we go question six of eleven oh kevin is not playing thank you kelvin which acl entry permits dns requests to google which is their dns server one of them one of the ip addresses is 8888 which acl permits dns requests to google from both internal networks that's 10.1 and 10.2 and jstrict is asking me am i going to post this video later i'm just going to leave it up i'm going to leave this one up so when it's done it'll remain as a persistent record i'll add it to the playlist of quiz and it'll be there for your review i also want to thank kelvin who is in the house but not playing the game i want to thank him and all of our admins for and all the moderators for all their work a lot of uh a lot of given going on i appreciate that [Music] [Music] so [Music] [Music] [Music] boom majority answers on the two right answers uh so if you are learning access control list one of the best ways of practicing this is to lab it up packet tracer is absolutely free and i i still i still vividly remember when i was learning this technology many years ago that some of these concepts didn't come easy for me but the more i practiced with them and lab them up and then looked at the results and said why doesn't that work or why does this work uh the better i got and that journey can continue for forever so again if you want to chat about the syntax or any of these uh please let me know in the discord server right after and i'll be happy to spend some more time elaborating if you'd like okay zany koala is still on top followed by melodic gazelle majestic gecko witty pigeon and dandy hen all right we are we are in we are more than halfway done this is this is multiple select and also double points acl's access control lists are intended to block ftp to the internet but they're not working what could cause that this is just a general question as opposed to interpreting syntax so [Applause] again great to have everybody here thank you for joining me today [Music] so [Music] [Music] all right they're all true i do that occasionally not well maybe i do it kind of often too probably at least once a quiz i may have all of them that are applicable and also sometimes i change them up and mix them up so just uh in a certification exam with cisco they are going to tell you how many to choose they're not going to say choose all that might apply in a good day if it's not raining but they're going to say choose one like a little radio button or they'll say choose two or choose you know they're not likely to say i mean they could change it that's true but they're gonna be very specific their goal is not to try to trick you if their goal is to say does this person understand the technology that we ask them to study based on the blueprint do they know it and if the answer is yes because you've studied and loved it up a lot of these questions are going to be easy for you so great job on this one for everybody here is our next question question 8 of 11 multiple select which acl entries that are applied in the path on r2 would deny ssh secure shell from pc1 which is at dot 51 to the server which is at 10.1.0.100. [Music] [Laughter] thank you blendinator [Music] [Applause] [Music] and chica is saying wow this is really hard you know um it's interesting how hard things at the beginning when we start to lean into them and get more familiar with them they can become our strengths and that will happen with people who continue studying like you guys if you just continue to lean in and study you'll get a little better and a little better and you look back in a year or two and say whoa i remember when i was first studying this and now those fundamentals piece of cake you got this it's a journey it's not a race it's a journey and one well worth taking [Music] [Applause] so [Music] sorry i see all right before i cover i i forgot i had to i wore this shirt intentionally today uh i have a dear friend who i've known for more than two decades anthony siquera he does work with uh many people but he's working with splunk right now and uh this shirt i love it so there's a pipe symbol in this shirt that i use the show run pipe section for line and uh anyway so little there we go a little shout out to anthony sakura if you're out there listening anthony love you brother all right here we go continuing on um these are the two correct answers based on the syntax of what would take to make that happen and here we go uh question 9 of 11 we're rounding the corner here towards the end multiple select which acl entries applied in the path deny internet http replies which will be coming back from the server to pc1 and pc2 [Music] and you might be thinking keith this is very similar to the question about https and you'd be very very correct very similar so i'd be looking for a source for the reply a source coming from port 80 if that helps anybody who hasn't answered already [Music] [Applause] [Music] all right so why are blue and red correct let's take a look real quick so the replies as they come back into these devices this direction um this one right here says deny ip so in an extended access control list that parameter right there is referring to the protocol so ip when it says ip that means any protocol in the ipv4 stack and it could be any layer 4 protocol it doesn't matter so ip says any ip packets that are ipv4 if they're sourced from any ip address we don't care what the source ip address is but they're destined to 10 2 0 that's what this means with this wild card mask then go ahead and just destroy it just boom drop that traffic and that's why that one's correct that would deny it if it was in the path either inbound on zero zero or outbound on zero one or out or inbound on zero two or outbound on zero three if it's applied in the path that would stop it the other one is right here which is let's take a look at what that is what does that say that says uh deny tcp traffic from any source address if that source port equals 80 going to any ip address and that would definitely kill it too with the source port being 80. all right and if you have questions on these come chat with me and discord right after and we'll be happy to i'll be happy to elaborate on them with you okay we've got just two more uh zany koala still in the lead uh melodic yak is still trevor's still in the mix majestic gecko melodic gazelle an inspired rhino top five there are two more plenty of time to change things how many online quizzes have you watched or participated in live i would like to know and there's no points for this but you have my undying gratitude for letting me know and i just want to get a feel for where we're at as a group and i would you know if i was studying ccna today and i had access to keith myself i would say i would schedule my 10 am saturdays pacific time and 11 a.m sunday specific time free of charge to join my office hour and also my kahoots my quizzes all right wow okay wow that's great great great great great great so welcome everybody glad you're here it's nice to be on this journey with you and in 10 years it's going to be amazing because we can look back on this time and think wow i remember 10 years ago when we were just studying ccna or just or sitting ccnp or just working on my cc whatever it was and uh how we've grown over the years because i grow too uh and it's just fun to stay in touch and uh over the years so congratulations for everybody for spending the time this is our final question and it is worth points and here it is this is question 11 it is multiple select which access control lists as part of a nat slash pat rule includes pc2 which is at the address of 10.2.0.50 [Music] all right alex so glad you're here thanks for letting me know and alex and rails i've got a full playlist of all these quizzes or most of the quizzes on my youtube channel if you need to catch up on any of them [Music] [Music] so [Music] all right krampy come see me in the discord server right after the live quiz the live stream i'd be happy to elaborate [Music] so [Music] [Applause] [Music] all right muhammad is here for the first time too welcome welcome everybody all right which acls is part of a nat source rule would include pc2 and uh they are all true and so let's just see why that is so the pc i think was at 10.2.0.50 that's its source address so to match that in a standard acl which these all are this this says match on 10.2 anything great that's a check and based on the wildcard amounts this says match on 10.20 anything that matches that's a check permit host 102050 that means that's the equivalent of doing this for a wildcard000 for the wildcard mask use the keyword host so that's a match that matches on that address and permit 10 and it says mesh on 10 anything based on this wild card mask and let me just back it up a bit based on this wildcard mask so that's a check all right um access control lists it's not it's not my fault that they call them access control lists what they really should call them i think is a tool to identify certain types of traffic but that takes too much to say right because access control lists aren't just used for filtering they can be we can apply them to an interface with access group we can apply them to a vty line with access class we can use them for quality of service we can use them as part of nat and pat rules and there's other uses as well but the primary thing in ccna a lot of times they focus on is you know filtering purposes and also with that but i want to make you aware of that learning this and learning the access control list you may never have a in production be applying these to interfaces for filtering but understanding how they work and then using them with ospf or with bgp or with prefix filtering and such it's going to come in handy trust me it's going to be worthwhile it's going to be important to know all right let's see who won and and in reality you all won because you're here and let's go and take a look at the podium congrats everybody and then we'll take a few questions [Music] [Applause] [Music] all right melodic yak and melodic gazelle got some melodies going on congrats and zany koala congratulations all right let's take a look at the hardest questions uh we had we had nine questions uh which were fairly difficult and this shows us the percentage correct on them so yeah a little room for improvement and i think this is just showing us anything under 35 so some room for improvement no problem no worries and let me also get some feedback from you as well so if you could on your if you're in the game interface on the like this smart device or smartphone or on the web uh there's an option to provide some feedback that'd be valuable for me as well and let me go ahead here and share this shirt one more time with you so again thanks to anthony sakura for sending me that i totally cracked up when i splunk has great shirts and they also they have a great uh product as well um but i really appreciate this shirt it has the pipe in it and very clever very clever stuff all right let me bring over let me make sure on the right camera from i am let me bring over the the q a and if you want to ask a question right now in the live q a just something that can be answered fairly quickly without diagramming it just do an at keith barker and what i will do is i will look for my name in that list and i'll go ahead and answer that real quick if you have a question just i'm going to look for them right now going forward and that way i can keep on top of it and then right after for those of you who are interested i'm going to jump over on the the discord server in the ccna voice chat room and it's just kind of an open forum so if you want to ask questions or follow up on any of these quiz questions for the first 10 or 15 minutes i'm happy to do it so if you're joining us for the first time welcome my name is keith barker i happen to be a ccie that's a cisco certified internet work expert i've got a couple of those one in routing switching one for security and i've been working with cisco since about 1998 1999 when i got my first cc and a and then my say cnp and then my ccies and there's still more to learn all right so let me see if there's oh nick is asking what are the two new things you learned about during office hours yesterday oh great question so thanks for asking good uh appreciate that so slack uh not slack like the collaboration tool slack but slac the automatic assignment for ipv6 addresses with eui 64. what it does it creates a host address an ipv6 host portion the last 64 bits and it takes the mac address on the interface which is 48 bits and it splits it down the middle and it stops in there 16 more bits f e in the middle i believe that's correct so it stuffs those 16 bits in the middle it also flips the seventh bit from the left just because it has just because it does that's all and so um the question was well what if we're using a serial interface which doesn't have a layer 2 mac address because it's not ethernet it's a serial interface what does it do and i said here's what i think it'll do and then we laughed it up in packet tracer and verified it did it it borrows a mac address from the lowest numbered ethernet interface on that same box and so i just pulled that mac address borrowed it stuffed in the the 16 bit slipped the bit seventh from the left and it was done so that was one of the things and what was the other thing i learned um the other thing i learned escapes me but it's something like oh yeah i didn't realize that but that was the major that was the major take oh the second thing was from um troubles that's the code that's the name that's the name he uses over on discord and it was about high availability with wireless lan controllers which i had never looked into and that was it was new to me so you know fault tolerance is great fault tolerance the essence of it is that you have a network and if you have a single fault you want the network to be able to tolerate that fault and keep on providing service and usually that involves two two of something like two controllers that work with each other or two firewalls or two routers so it seems like hsrp or firewalls with high availability aha for short and so that was another thing that i learned yesterday in the office hour so thank you for that follow-up question uh let's see here um strict is asking again if i could repost this quiz later um i think i answered that already but just as a confirmation i'm gonna just leave it up so off sometimes i'll record them locally i'll spend a few hours editing them down but what youtube does for us is since this is live uh once it's done it'll just automatically leave it on the site for me and that way i can add it to a playlist later the quiz playlist you'll have it available so thank you thank you thank you um vicky is singing we are the champions my friend except you pricing a better vicky than i do great great great um uh afraid i'm miss a-f-r-a-s-i-a-b a-f-r-a-s-i-y-a-b thank you is asking is there time limit when taking the ccna exam the answer is yes so it's going to depend a little bit on your native language and what language you're taking the exam in but all that information is available from the test the test provider which is vue in the states they may do it internationally as well but i seem to recall be like two hours or 90 minutes i forget what it is but it is a timed exam and there's approximately 100 questions maybe 100 203 questions so the easier ones you want to click through like um what's this you read the question that's the answer and then move on and try to forget that last one just like brush it off move forward and some of the questions may take two or three minutes for you to think about like my questions today most of that gave you um one and a half to two minutes on these questions because they took a little bit of thinking like what would this be would that be and others are very simple that you say oh uh this is the technology for that and this is how that works or something so it is timed um chica is saying that um what can i what what what should i study to improve here's what i tell everybody chica not just you um when studying the ccna from cisco i would go to cisco.com go to certifications and download what i call the blueprint it's not really a blueprint but it's really the exam topics they have six domains and what they want you to learn to know and i would download that and then i would purchase yeah i would purchase some kind of training material that covers every single or that claims to cover every single one of those maybe it's a book by wendell odom or a book by todd lamley those are great resources by the way that covers all the topics or of course if you're watching videos uh udemy has courses i work at cbt nuggets we have a great course jeremy chara network chuck and i and knox created the ccna training course over at cbt nuggets that's also not free but subscription based but get some course that's highly rated that covers all the topics and then tackle it yeah start start going through it and then just rank yourself how am i doing on this topic like uh ospf for example one to five five being great one being low and the first time i heard about ospf back in the 80s uh the first time i heard about ospf it was like i don't know what that is so for my case would be a one like i don't know what that is and then as you start to learn about it maybe a two and then i learned the concepts and the hellos and that was it tan ted i've got a video i did on remembering this neighbor states or um on all the things you have to match for a neighbor i think it was tan ted was the acronym i used or the student the yeah acronym anyway when you put the letters and the first words together anyway get some material that covers everything start studying it rank yourself track it and lab up everything that's how you get better there's no secret it's it's time i have seven children which i whom i love they're fantastic and they're all so different they're all so different and they're all wonderful and uh the key is that those seven kids um i used to have seven theories on raising kids and now i have seven kids and no theories because they're all so different but the secret is time i know this from my experience now and i didn't always do a perfect job of it but it can't be like quality time for 10 minutes a day and that's not because 10 minutes a day is even if it's like super quality time is not okay it's not enough and and i'm gonna apply that to learning and studying cisco you can't say i'm going to study uh 30 really good minutes a day or you know maybe that you could probably make thro good progress but i'm going to study 30 minutes a week really quality time you have to have quantity there's just no getting around it you need quantity of time dedicated to focus on your studies maybe that's an hour three or four days a week or something but so that's how you get better just give yourself the time and then commit to others and get it done and i i know drama because i'm a little bit dramatic sometimes but um when it comes to studying and getting stuff done you just need to shut up sorry this is live i shouldn't say that but you just need to shut up and do it don't tell people you're gonna do it like i mean it's committing to others is great but like i'm gonna do this is like take all that energy and just do it i i anyway okay i'm gonna relax a little bit relax my shoulders so um yeah just get it done and uh don't let anything stand in the way of you actually doing the work don't let social media get in the way don't let other things in life that are you know sometimes we have obligations i'm a father i'm a husband uh i have obligations right i got stuff i got to do i've got this community i want i'm happy to support and so i those are priorities and so i get those done and so is my study so all right i got a little bit off track there please forgive me good to see you okay um all right uh is there any difference on acl implementation juniper and cisco the answer is yes [Laughter] uh entertainment with a is saying hello from afghanistan fantastic is saying it's not good to apply acl on http rather than the entire ip protocol so with an access control list the the goal for ccna is to understand the syntax and what the access control us is matching on because that's the skill you're going to use going forward so as far as like how you'll use it or how you'll apply it we might have a whole wide range of things we need to do like oh we need to stop there's a new malware that's just been discovered it's using tcp port 6783 or something and we need to block on that specific port right now on all of our devices so if we're doing it the old-fashioned way you'd go to those devices and create the acl with the specific port and because you know the syntax you can apply it more realistically in a current environment you'd use some kind of controller tell the controller i need to block this port on everything switches firewalls routers everything and have the controller push it out for you but if you don't have the controller you just do it manually but you have to know what the syntax is to make that happen or the logic is anyway all right uh kranthi's asking uh how to organize things properly for learning um i you know uh i this community matters to me it does i want to help everybody by giving them the straight shot regarding getting stuff done and life is busy it is and so i'm going to share with you a secret that i have used in the past and i continue to use especially when things get really like tight time wise i have a sheet of paper this is a blank sheet of paper as this demo um and i have a list of all the stuff i gotta do let me put over here on this side all the stuff i have to do and then i have two columns to prioritize it this is the the keith barker methodology that i borrowed from somebody else like a deck many decades ago and i'll have two columns one is long-term importance like for my long-term importance like my life and my goals how important is this thing i have to do and three would be really high long term and one would be yeah not so much and then i have another column called short term urgency and for the short term urgency here's an example rent is due tomorrow that's pretty urgent i need to pay that right now i can't like well i'll do it next week because and so then i take the total of those two columns and you can make up your own scale but i use one two three low load high and then i would just add those add those up the short short-term urgency and the long-term importance and i would then identify what are my highest numbers sometimes i have sixes on there and i circle all the sixes and say that's all i'm going to do today is my sixes i'm not going to be able to do everything but i'm going to do these sixes they're my category a my highest priority and then if i finish all the sixes right then i can go to the fives and if i finish all the fives then i go to the fourth so you work on your and that way we're focusing on the high what i feel is a good balance between what's the most important thing for us to do right now yep so there's no really getting around that it's just a matter of quantifying it and then doing it okay all right all right let's see here um let's see here uh thank you trevor for that comment um let's see what else for me how do i george is asking how do i manage my time i just i just saw your questions so i think i covered that uh i also very i keep up to a pretty good routine i i get up in the morning and i do 15 to 30 minutes of cardio almost every day i do a little bit of strength training nothing nothing impressive but just to remind my muscles of why they're there and that usually gets me going in the morning and then um i go down my list of things i gotta do and then i try to psych myself out by saying these are what i get to do but you know what my life's pretty good i'm i'm so lucky i'm so lucky i am that's uh part of my goal is to help as many people as i can with their entry into the world of cisco networking and get it down right and learn the fundamentals so you two can progress and continue to grow forever and that's my goal for every one of you all right snare saying i learned something new today about outbound acls and traffic generated from the router you're very welcome yeah trevor saying just do it and shia said that also pneumonic thank you brandon that's the tan ted mnemonic for what has to match for ospf neighbors thank you i'm part of a team part of the crew all right i'll see what else oh yeah thanks brandon do it first then tell others vicky yeah and i i'm guilty of in my own life like if i commit to this channel and to everybody here that i'm going to do something there is positive pressure that i've just put on myself to get it done so that in that aspect i like that positive pressure like when i was going to get my new ccmp certifications after you know they cisco revdum and update my cci and so forth i committed and then i did it because i knew i had that commitment so that can help us as far as the big goals uh how do i say this gently um there are individuals in our lives generally speaking who that we are us that we are aware of or we had come in contact with that may not be too happy about us progressing now that's not most of them like your mom and dad and your children hopefully and your spouse and your friends who all love you uh they are behind you they want you succeed they want you to do well but there are you know some other people in our hemisphere our you know our world that may not want you to succeed and that's true so i just just take the naysayers and say uh i don't have time for that gently be kind to everybody and just get it done just do it and succeed like people will come to me and say i'm 57 and um when i was 16 years old i looked like i was 12. i got pulled over like seven times by the police in southern california where i grew up because i looked too young i look like i just took my dad's car for a joyride and i was five feet tall true story and so uh where was i going with that uh i have totally lost my train of thought i have no idea where i was going that it was gonna be something amazing but i got wrapped up in my own story and i forgot where i was going um so if it comes back i'll remember all right uh let's see here ali is asking should i should i focus on configuring rip and eigrp i saw some of the practice questions related to those protocols i wouldn't worry about rip too much i i would be in the blueprint it says you know how routes get in the routing table understand that so i would say know the administrative distances for each of the default ones for all the routing protocols do you take all the routing protocols yeah yeah i would uh bgp external internal eagrp just internal uh ospf just internal uh which is 110 anyway isis and rip i would be aware of those administrative distances and then i would lab up a few times i'd love up uh the eigrp because that's a little sneak attack there that you're gonna want to know a little bit more about and i've got some videos in the playlist on that too all right thanks glendonator um does uh ccna offer a second shot like microsoft there have been times when cisco does promotions for certifications where they'll like near the end of a life cycle for a certification before rather things they'll they've done that before in the past but um they don't do it regularly so beware let's see here any other questions from me uh somebody wants a syslog quiz uh syslog is a very small like one bullet thing on the cisco blueprint but i can certainly include that i think having a whole uh quiz on syslog i guess in the case of uh splunk you know splunk is an amazing company makes amazing tools to sift through mountains of data looking for that needle in the haystack and they do a great job of it and syslog and other sim siem security information event management systems are going to help with that um but i will consider that for future quizzes let's see if there's anything else uh okay um so sarah uh one of the comments that would be the last one is asking um i want to do ccna some of my friends advice to watch your videos will it be just fine to watch and practice at home online courses are too costly please suggest i would recommend this there are individuals who have come to me and said hey keith i just watched all of your videos which in my videos i mean i have like 30 or 40 packet tracer labs that i've written that you can have for free as well they're all linked in my videos the keithbarker.com you can download them and practice them and the quizzes are also free and i've had like last week somebody came and said i just i watched all your videos i was like all my videos it's like 130 plus hours of video anyway they watched all my videos on youtube they did all my i don't i think they did many of my labs they went through the entire quiz playlist and they passed now the reason they passed was because they practiced and they studied and they put in large amounts of time so if you're on a limited budget i would recommend at least a book or something that uh something that helps you know as a framework for covering all the topics and then my channel can certainly help but i don't think it's i wouldn't recommend it being enough for somebody to go out and take the exam and pass it i'm very i'm very nuts and bolts about a lot of things as far as the technology and cisco cc i've heard people say hey keith you're all business and it is true i do i get kind of focused on like right now i'm just kind of ranting but uh during like quizzes and when i'm talking about technology i'm pretty i'm pretty right to the point here's how it works here's what you need to watch out for and so forth so if you're on a limited budget i would get at least a book and wendell odom's books i think he has one or two that cover the entire ccna todd lamle has books i those two gentlemen are fantastic they do a great job of covering everything and let's see at a minimum i get those books or or the books that cover the ccna and then use the free resources on youtube to make up the difference and then lab it up okay jstrict is asking what is tanmat it's it's one of my videos that talks about ospf naverships and the mnemonic thank you earlier the mnemonic for remembering the six things that have to match for i don't have six fingers the six things they have to match for ospf neighbors to become fully adjacent and have it work all right fred's stating it seems like acl numbers are limited in packet tracer yeah so uh in on the live gear there are additional ranges of numbers that can be used for standard and extended but it doesn't matter so uh 1 through 99 for standard 101 or 100 through 199 for extended and or you can do named acls for standard or extended so the actual memorizing of a number what number is that that's not too critical but it's enough packet tracer has enough to do the job all right let's see if there's anything else so atro i i was asking if i could do a course on udemy there are some good courses on udemy udemy udemy see ubuntu has the ooh and front side something called sometimes called udemy udemy but udemy has some great courses on it uh on lots of different topics and so i don't my current full-time gig is at cbt they treat me super good and i'm super productive there and i'm making a difference there so i don't think i'll be doing udemy anytime soon but um my packet tracer labs are all free and this channel is all free and my quiz playlist is all free here on youtube so leverage those all right and poma is saying hello from russia awesome glad you're here and all right infested jones is saying i've been studying since 2012. well a lot of the technology hasn't changed too much module 6 is new but a lot of the nuts and bolts of networking are still the same and uh great to have you here all right and then vikki is pointing out thank you the video ospf fundamentals video where i talk about tanmat all right that's it i'm going to be in the ccna voice room on my discord server which is also free if you want to join us there for a minute if you have a question you want to go over one of the quiz questions i'll have the quiz engine up so we can look at it and um this is the wrong time probably for me to look down and verify i'm on the right camera with which i am the funny thing it's funny it can be funny if i'm like this the whole time and then when i look at the wrong camera so this is a camera one and this is camera two and a phone the wrong camera very embarrassing very very embarrassing but uh part of real life okay i'm gonna be in discord in a few minutes if you join me there that's great there's a link in this video if you're watching this after the fact uh like the recorded version the stored version of this and you want to catch a new uh quiz join us every sun sunday 11 a.m pacific time for another cisco related ccna related technical quiz on some topic from the ccna blueprint so i'm going to send you off if i can find the button there with some music and i'll see you in the next live event whenever that is bye for now [Music] [Music] [Music] [Music] [Music] so

Info

Channel: Keith Barker

Views: 3,129

Rating: 4.9652176 out of 5

Keywords: cbt nuggets, cbt training, ccna, ccna 200-301, ccna certification, ccna study, ccna training, cisco, cisco ccna, cisco certifications, cisco training, ccna fundamentals, cisco ccna 200-301, keith barker, ccna exam, 200-301 videos, 200-301 ccna, cisco ccna certification, cisco certification, acl, access control list

Id: 2Iz1yhvMNa8

Channel Id: undefined

Length: 77min 43sec (4663 seconds)

Published: Sun Jun 20 2021