4.1.4 Packet Tracer - ACL Demonstration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

access control lists demonstration a dressing table for this topology for lungs lantern lung 11 long 39-51 verify local connectivity and test access control list pingzhi biases on the local network to verify connectivity from pc1 big pc - okay go to pc one duck stop common prom pink pc to IP others sang that 11 when i to and 6811 and row success from pc1 p pc 3 from pc1 finish b c 3 c 3 IP address 11.10 11.10 success why were the Pink's successful because layer one through three are fully functional and there is no policy currently filtering ICMP messages between the two local networks okay these two local networks local network Tang and local network 11 peace devices on remote networks to test a CA and functionality from pc1 beach PC for from pc1 being PC for PC for IP address fear lead at 12:30 at 12 under destination host on Rachael from pc1 ping the DNS server from pc1 ping the DNS server demon server IP address 31 that was PC one till the 1.12 destination has unreachable why did the pings fail use the simulation mode or will the router configuration to investigate ok for example on reality you will use the you will review the router configuration ok you can review our one r2 or r3 start from r1 reveal the contents command-line interface and there enable show running countries and ER and you can see here there is an access list number eleven eleven belongs to a standard access list and the night the sole salary is 192 168 n 0 with this wildcard mask that belongs to 24 prefix deny this Network and permit any other but where we supply it here on interface here 0 0 0 IP access group 11 out ok here serial 0 0 0 out okay so consilience 0 0 0 out go in traffic old go in traffic our one is blocking one night 168 n 0 network this network 192 168 10 0 network and permit any other so that's why when you try to ping from pc1 to pc2 the NA server pin fails because the access list is apply it on CL 0 0 0 ok so the answer here is the pings failed because our 1 is configured with an access list that denies any big packets from exceeding the serial 0 0 0 interface remove the access list and repeat the test use show comments investigate the access list configuration okay show access list and question mark on our one okay so this question mark if you know the access list number or name you can filter the show output however our one only has one answer slist use only show accessories so access list better when you can see there only one absolutely is number 11 the first line of the access list blocks any buckets that originated in the 182 168 and 0 24 network this line which includes Internet control message protocol ICMP echoes ping requests the second line of the accessories allows all the IP traffic from any source to trust bars the router okay these are this entry this another line for an access list to impact router operation it must be applied through an interface in a specific direction in this scenario the access list is used to feed their traffic exceeding an interface therefore or traffic leaving the specified interface over one will be inspected against access list 11 you can use a sharpie interface comment so IB interface space a space space and you can be on CL 0 0 0 outgoing access list is 11 but also you can use show running config and pipe include interface by boxes show running config pipe include interface by no spaces access enter and you can see the result the keyword interface and the keyboard access on all shall running configuration only show the lines that includes the keyword interface and axes ok serial 0 0 0 IP access group 11 and this is the access list use the second pipe cyber creates an or condition that matches interface or axes okay so show all the running configuration with only the lines that includes the keyword interface or the keyword access it is important that no spaces are included in the or condition now spaces here use one or both of these comments to find information about the access list to which interface and in what direction is the accessory supply it the interface here and zero zero zero IP access group 11 outgoing traffic remove access list 11 okay you can remove access list from the configuration by issuing the notes at least commands the nutsert is common when use it without arguments the let's all accessory is configured on the rather the no access list and the number of accessories command removes only and specific access lists removing an ACL or accessories from a router does not remove the access list from the interface the köppen that applies the access list to the interface must be remove it separately okay and removed from global removed from the interface and remove the specific access list 11 from global configuration mode okay and remove first enter to CL 0 0 0 and remove this comment configure terminal interface CL 0 0 0 no and this common IP rule 11 out enter that's it on global configuration mode we note the access list 11 and we removed both lines no this is this 11 under very good finally verify PC one can now be DNS server and PC for ok go to PC 1 and pink busy for PC for IP address is 312 success Deana server 31 12 success thank you very much

Info

Channel: Christian Augusto Romero Goyzueta

Views: 1,938

Rating: undefined out of 5

Keywords: ensa, enterprise networking, security, automation, ccna, version 7, ccna 7, acl, access list, standard, standard access list

Id: ZRVmL_5B8IQ

Channel Id: undefined

Length: 12min 34sec (754 seconds)

Published: Sun May 17 2020