4.1.4 Packet Tracer - ACL Demonstration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to world in this video we are going to solve this packet tracer activity access control list demonstration before coming to this activity friends if you like to get any ccna version 7 online classes or any technical support you can contact our team using our website link you will get from the description below and also if you like to get this type of technical videos in future consider subscribing and don't forget to enable that bell icon new to the subscribe button so that you will get notification message whenever we upload a new video okay here back to this activity objectives part one verify local connectivity and a test access control list then in part two remove access control list and repeat test okay here just we are going to see this acl demonstration we are not going to configure any access control list background in this activity we will observe how an access control list that is acl can be used to prevent a ping from a reaching house on remote networks after removing the acl from the configuration the pings will be successful here we can see our addressing table coming to the instructions part one verify local connectivity and a test access control list step one bring devices on the local network to verify connectivity from the command prompt of pc1 ping pc2 coming to our topology here we can see pc1 and pc2 they are in the same subnet we will ping from pc1 to pc2 you will get the iep address of pc2 it's your in the addressing table pc2 i will copy this address then coming to pc1 we will go to desktop command prompt okay i will increase the font size so here we will give font we'll go to pc1 command prompt yeah now it's visible ping to pc2 here is the ip address and we can see we get the replies next from the command prompt of pc1 ping pc3 that means we are going to ping from pc1 to this pc3 and we can see this pc3 is a note in the same subnet of pc1 but it is connected to r1 so we will ping to this pc3 here we can see its ip address i will copy that then coming to pc1 you go to command prompt ping to pc3 and we are waiting for the replies it's working so first we got one request timed out so it's due to convergence so we can try again i just press up arrow and we get the replies packets send for or receive the form why were the pings successful obviously here we can see uh pc1 pc2 they are in the uh same subnet and they configured you know all the iphones perfectly and we can see uh pc1 and pc3 they are connected to the same rotor urban so they communicate each other uh they configured all the details perfectly and they may not configure the success control list in this router or we can say they did not give any kind of restrictions to ping from pc1 to pc2 or pc1 to pc3 coming to step 2 ping services on remote networks to test acl functionality from the command prompt of pc1 ping pc4 here we can see we are going to ping from pc1 to this pc4 we will get the ip address of pc4 i will copy that then coming to pc1 we'll go to command prompt ping2pc4 and we can see it says destination host unreachable then from the command prompt of pc1 being the dns server we will get the iep address of dns server it's here we will ping from this one command prompt and it says the destination house unreachable why did the pings fail also given a hint use simulation mode or view the rotor configurations to investigate so we will investigate using this simulation mode or we can investigate using show command but before that there is no other mistakes like you know they configured all the iphs and even they configured you know dynamic routing may be using ospf and here we talk about acl demonstration right so obviously this thing failed because any one of this router may be configured with access control list that denies uh this ping packet just we will verify that we will go to r1 and we will verify the routing table enable show ip root and we can see they configured ospf here we can see networks 192.168.30.0 and 31.0 here we can see those networks 30.0 and 31.0 it's in the routing table then why it's not uh pinging from pc1 to these two networks 30.0 and 31.0 let me go to simulation mode and here we will edit these filters we'll click on show all none then we will click on edit filters we will have only icmp then we will close this simulation panel again we will try to ping from pc1 to either pc4 or dns server we'll go to pc1 command prompt okay we'll press up arrow from the keyboard and we can see it's a 31.12 that means we are pinging to dns server so here we can see our icmp packet now we will click on capture or forward and we can see it goes to this switch s1 okay again click on capture or forward we can see it goes to this rotor and we can see this packet is dropped in this rotor r1 and we have seen we have this root 2192.168.31.0 in the routing table and but still this r1 dropped this packet okay here we can see one more packet this is again icmp let me click on this and here we can see okay we'll click on this so it goes back it will go to pc1 and we will get the first reply so we can see it says you know destination housed unreachable right so it should it should send you know four packets again we can click on capture or forward we can see this icmp again will go to a switch and it will go to r1 and they may configure this acl access control list in this router r1 so we can see that packet is not processed and r1 is sending an acknowledgement back to this pc one here we can see again we got one more destination house unreachable i think i cannot say uh this icmp packet is not processed in this router r1 because it's processed and this r1 is not allowed to send this packet this icmp packet to its destination due to access control list we will verify the success control list in this router r1 and it is coming in this party too remove the acl and repeat the test okay we will go step by step uh just will go to real time step one use show commands to investigate the acl configuration navigate to r1 cli then use the show run and show access list commands to view the currently configured acls to quickly view the current acls use show access list enter the show access list command followed by a space and a question mark to view the available options show access list then protection mark we will go to this router r1 show access list space protect question mark and here we can see we can specify acl number or acl name or we can use this pipeline for output modifiers if you know the acl number or name you can filter the show output further however r1 only has one acl therefore uh the show access list command will suffice so just will give this a show access list and we'll press enter so here we can see that cr show access list that's enough and here we can see standard iep access list 11 and here we can see the access list created 10 deny and here we can see the network address it's a wild card bits also permit any so we have seen that they denied this network 192.168.10.0 24 correct okay that's fine the first line of the acl blocks any packet packets that originate in the 192.168.10.0624 network yes that's correct which includes internet control message protocol that is icmp echos then a ping request that is a icmp a course means ping request the second line of the acl allows all other iep traffic from any source to traverse the router but here we get a doubt from pc one we are able to ping to pc4 and dns server that's fine but we we ping from pc1 to pc3 uh it succeeded right how here we have to identify to which interface uh they implemented this access control list so if we able to ping from pc1 to pc3 but uh we're not able to ping from pc1 to uh to these two networks then obviously they implemented to uh this uh serial interface uh that is you know serial 0 0 0. anyways we will identify this for an acl to impact a rotor operation it must be applied to an interface in a specific direction yes this is just a we talk about now in this scenario the acl is used to filter traffic exiting an interface therefore all traffic leaving the specified interface of urban will be inspected against acl11 we can confirm that this acl is applied to this interface serial 0 0 0 in the out direction right although you can view iep information with the show iep interface command it may be more efficient in some situations to simply use the show run command to obtain a complete list of interfaces that the acl that may be applied to and the list of all acls that are configured use the following command show running config and then we are going to filter this include interface uh access we will give this a show command this router r1 enable show run then this line pipeline command include interface and again pipeline access let us try this and here we can see the result we can see interfaces g 0 0 g 0 1 and here we can see interface serial 0 0 0 and ip access group 11 out direction here we will give without a space here we'll press up arrow and i will remove this space here and here we can see the information access list 11 deny this network okay and permit other networks and here we can see the same uh output the second pipe symbol uh create an our condition that matches interface or access it is important that no spaces are included in the or condition yes actually we given a space first uh then we omitted that space that's correct use one or both of these commands to find information about the acl to which interface and in what direction is the acl applied so we have seen it's applied to this interface serial 0 0 0 in the out direction step 2 remove access list 11 from the configuration you can remove acls from the configuration by issuing the no access list then number of the acl command the no access list command when used without arguments deletes all acls configured on the router okay the no access list then this number of the acl if you specify the number of the acl command removes only a specific acl removing an acl from a router does not remove the acl from the interface the command that applies the acl to the interface must be removed separately that's fine under the serial 0 0 0 interface remove access list 11 which was previously applied to the interface as an outgoing filter we have to go to that interface serial 0 0 0 and we have to give this command no ip access group 11 out so we'll go to this router r1 and we will do this we will go to that interface serial 0 0 0 and here we will give that command no ip access group we have to give 11 that is out in global configuration mode remove the acl by entering the following command no access list then number that is 11. okay we can do that we have to go to global configuration mode give the command exit and here we will give no access list that is 11 let me put a question mark and we have to specify the number that is 11. finally verify that pc1 can now ping the dns server and pc4 okay we will ping from pc1 uh to this pc4 as well as dns server press up arrow okay here we can see the iep address of our dns server we may get to one request timed out yeah here we can see we get the replies once more we'll try it now we will ping to pc4 here we can see it's actress 192.168. you may get one request timed out okay then it's working once more we can try to ping to pc4 we get the replace okay that's all in this activity that is success control list demonstration now dear friends if you have any doubt any suggestions regarding this activity please comment below or you can contact our team using our website link you will get from the description below and if you like our video give a thumb and share with all your friends stay tuned we will meet again with the next video thank you

Info

Channel: Tech Acad

Views: 4,425

Rating: 4.9130435 out of 5

Keywords: CISCO, CCNA, CISCO Certification, CCNAv7, Packet Tracer, Access Control List, ACL, Routing and Switching, ENSA

Id: NqibHK5f930

Channel Id: undefined

Length: 19min 17sec (1157 seconds)

Published: Thu Sep 03 2020