4.2.2.10 Packet Tracer - Configuring Extended ACLs Scenario 1

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi friends welcome tour in this video we are going to see the packet tracer activity conferring extended ACLs scenario 1 we will go through the objectives in part 2 1 configure a play and verify an extended numbered ACL in party to configure a play and to verify an extended named ACL also we will go through the background to employees and need access to services provided by the server PC one only needs FTP access while PC 2 only needs a web access both computers are able to ping the server but not each other coming to the topology here we can see the PCs and server so here according to our a background scenario this a PC one only needs FTP from this FTP access from the server and for this PC 2 needs web access from this server also both pcs that is pc1 & pc2 should able to pin to this server but not each other coming to part 1 configure a play and to verify an extended numbered ACL in that step 1 configure on ACL to permit FTP and ICMP from global configuration mode on r1 enter the following command to determine the first value the number for an extended access list so here we are going to give access list space then question mark coming to the router r1 enable configure terminal here we are going to give access list and we are going to get the question mark and here we can see IP standard access list is from 1 to 99 and IP extended access list from 100 to 199 coming to be add 100 to the command followed by a question mark so we are going to use this IP extended access list using the first number 100 right check that hunter and then question mark on here we can see the three options deny permit and remark coming to see to permit FTP traffic enter permit followed by a question mark right here we are going to use this parameter specified packets to forward right permit then we are going to give question mark and here we can see the commands coming to D this ACL permits FTP and ICMP ICMP is a listed above yes here we can see that ICMP but FTP is not because FTP uses TCP so here we can see that TCP is transmission control protocol so you enter TCP enter TCP to further refine the ACL help here we are going to give a TCP then question mark here we can see APCD so such as or we can give any command to any source host also we can see host a single source host coming to e notice that if we could filter or adjust for PC one by using the host keyword or we could allow any host in this case any device is allowed that has an address belonging to the one seven 2.2 2.3 for dot 64 / 27 it work and throw the network address followed by a question mark yes we are going to give this a truss and then question mark coming to the topology here we can see the network 170 2.20 2.34 dot 64 we'll be able to access the FTP from this server so here we are going to give the network a truss 172 door 20 2.34 dot 64 then question mark here we can see how to give the source of wild cat bits coming to F calculate the wildcard mask remaining the binary opposite of a subject to mask yes here we can see they're given the binary of certain to mask and here we can see the opposite of certain to mask so that we get this veil they got bits coming to G enter the wildcard mask followed by a question mark right we will do that so here we are going to give us 0 dot 0 dot 0 dot 31 and the space question mark here we can see the commands coming to each configure or the destination address in this scenario we are filtering traffic for a single destination exactly that's for the server so enter the host keyword followed by the server's IP address yes so here we can see the destination server so we are going to give this host IP address here we can see that host then 170 2.30 20 2.30 4.60 to the IP address of our server here we are going to give that host then we are going to give the address so that server or trust your sorority's then we are going to give the question mark now we will come to I notice that one of the options is CR that is carriage return here we can see that right so in other words you can press ENTER and the statement would permit all TCP traffic right so however we are only permitting FTP traffic therefore enter that EQ keyword is followed by a question mark to display the available options then enter FTP and press Enter coming to the configuration here we are going to give this EQ match only packets on a given port number right now we are going to give a question mark again and here we can see the protocols ftp pop3 SMTP telnet and www so here we are going to give F TP and now we are going to press Enter coming to J create a second access list statement to permit ICMP like pink traffic from pc-12 server note that the access list number remains the same and a specific type of ICMP traffic does not need to be specified so here we can see that access list hunter parameter ICMP 1 7 2.2 2.3 for dot 64 and over the wild-card bits 0 dot 0 dot 0 to 31 and the host 172 dot twenty 2.34 dot 62 that means from this network all the devices will be able to ping to this web server here we are going to give that access list same number that is hundred so you are going to give a parameter ICMP I know you are going to specify the network of trust that is 172 dot twenty 2.34 dot 64 and now we have to specify the wildcard bits that is 0 dot 0 dot 0 dot 3-1 now you are going to specify this single host destination host and it is a truss that is 170 220 2.34 dot or 62 coming to K all adult traffic is denied by default yes so this network will be only able to ping to this observer and to all other traffic will be denied coming to step to a play the ACL on the correct interface to filter traffic from Arvin's perspective the traffic that ACL hundred applies to is inbound from the network connected to Gigabit Ethernet 0/0 interface enter interface configuration mode and apply the ACL so we have to give it we have to go to this interface Gigabit Ethernet 0 star 0 and we have to give inbound here we can see the interface Gigabit Ethernet 0/0 on this device r1 coming to r1 now we have to go to the interface gigabit deterrent 0/0 and here we are going to give IP access group the number is hundred inbound coming to a step 3 verify the ACL implementation ping from pc1 to server if the pings are unsuccessful verify the IP addresses before continuing right so we will ping from this PC 1 to this server ping to our server yes we are getting the replay next is FTP from pc1 to server the username and password are both Cisco right we are going to get is command FTP and the server Atris then we have to exceed the FTP service of the server I using quit right we will come to PC one command prom to here we are going to give FTP and our server our trust that is 172 dot only to the thirty-four Lord 62 use remain Cisco password is also Cisco yes so be able to access FTP and now we will get from our FTP server right coming to Dee ping from pc1 to pc2 the destination house should be unreachable because the traffic was not explicitly permitted exactly so for this a pc1 & pc2 is not going to pink each other so we are going to get the IP address of PC 2 coming to PC one command prompt we are going to ping to PC 2 here is the UH truss and here we can see the destination host unreachable now we will come to party to configure a play and verify an extended named ACL in that step one configure on ICL to permit HTTP access and ICMP so coming to a named ACLs start with the IP key word right from global configuration mode of r1 enter the following command to followed by a question mark IP access list then question mark so we are going to get this extended and standard right we will check that coming to our router r1 you are going to exit from the interface mode and here we are going to give IP access list and question mark here we can see the options extended and standard coming to be you can configure unnamed standard and extended ACLs this access list filters both source and destination IP addresses therefore it must be extended enter HTTP underscore as the name for packet trace or scoring the name is case sensitive right so we have to view in key ops earlier this is for a scoring in this packet I solve activity coming to the configuration here we are going to give extend turd and to http underscore coming to see the prompt changes you are now in extended named ACL configuration mode old devices on the PC to land need TCP access enter the network address followed by a question mark here we can see that permit TCP 170 2.20 2.30 4.96 and we are going to give a question mark here we are going to permit this network to access the HTTP from this server so here we are going to give a permit we are going to permit the TCP and here we are aware we had to specify the actress source occurs then question mark source while the carb it's coming to D an alternative way to calculate a wild-card is to subscribe to the subnet to mask from 255 dot 255 dot 255 dot 255 yes here we can see that so here we get the wild-card to bits 0 dot 0 dot 0 dot 15 so we are going to give that here coming to our configuration 0 dot 0 dot 0 dot and then we will put question mark and here we can see the number of options coming to e finish the statement to by specifying the server actress as you did in part 1 and the filtering www traffic so here we are going to give this EQ and filtering with www traffic coming to our configuration now we are going to give here a host a single destination host then we are going to specify the server our trophy or the 172 door 20 2.30 4.60 - yes I know here we can see we are going to give a match only packets for that we are going to give an EQ then for the HTTP we have to give www then we are going to press Enter coming to EF create a second access list statement to permit ICMP like pink traffic from PC to - server not the prompt remains the same and a specific type of ICMP traffic does not need to be specified so this is the command be able to give a permit ICMP then we have to specify the network and it's a wildcard mask then the destination host and its IP address coming to the configuration on r1 here we are going to give a permit ICMP then we have to give the source a trust that is 172 door 222 door 230 4.96 and now we have to specify the wild it had bits that is 0 dot 0 dot 0 dot 15 now we have to give a single destination host so we had to give a host then destination access that is 172 though 22 door 34 dot or 62 this is address of our server coming to G or other traffic is denied by default exit out of extended named ACL configuration mode right so control is hurt now we will come to step to a play the ACL on the correct interface to filter traffic from our ones perspective the traffic that access list HTTP underscore a place - it is inbound from the network connected to gigabit authority / one interface enter the interface configuration mode and I play the ACL coming to the policy here we can see the interface a Gigabit Ethernet 0 / 1 & 2 we are going to apply this ACL on this interface coming to the configuration configured terminal we have to go to the interface a Gigabit Ethernet 0 / 1 and we are going to give an IP access group and we are to specify the access list name we created that is HTTP and to score early and we have to specify the inbound so that's in coming to our final step verify the ACL implementation ping from PC to to the server if the pings unsuccessful will verify the IP addresses before continuing right so from PC to to the server the ping shoot sucks ping should succeed coming to PC - command prompt we are going to ping to our server here is the actress yes we are getting the replay coming to be FTP from PC to to server the connection should fail right we are going to access FTP from this a PC - so we are going to give FTP and our server archers and here we can see trying to connect here we can see disconnecting from FTP server timed out and coming to see open the web browser on PC - and enter the IP address of server as the URL the connection should be successful coming to PC - web browser here we are going to give the IP address of our server yes we are getting the web page well that's all in this packet tracer activity configuring a standard AC else and here we can see the completion status hunted out of hundred friends if you have any doubt regarding this pie Kurtis or activity please comment below also if you liked my video give a thump and don't forget to subscribe the channel so that you will get the latest uploading video info in towards Gmail thank you
Info
Channel: Tech Acad
Views: 26,166
Rating: undefined out of 5
Keywords: Access Control List
Id: 4gjph5sgTs0
Channel Id: undefined
Length: 20min 2sec (1202 seconds)
Published: Fri Dec 22 2017
Related Videos
Vorstellung - Packet Tracer
Takiry
15K
4.2.2.11 Packet Tracer - Configuring Extended ACLs Scenario 2
Tech Acad
20K
5.5.1 Packet Tracer - IPv4 ACL Implementation Challenge
Tech Acad
12K
13.1.10 Packet Tracer - Configure a Wireless Network
Tech Acad
35K
Standard Access List (ACL) for the Cisco CCNA - Part 1
danscourses
571K
4.2.2.12 Packet Tracer - Configuring Extended ACLs Scenario 3
Tech Acad
17K
13.3.12 Packet Tracer - Configure a WPA2 Enterprise WLAN on the WLC
Tech Acad
21K
11.3.1.1 Packet Tracer - Skills Integration Challenge
Christian Augusto Romero Goyzueta
28K
4.5.2 Lab - Implement Inter-VLAN Routing
Tech Acad
12K
2.2.13 Packet Tracer - Point to Point Single Area OSPFv2 Configuration
Tech Acad
16K
4.1.2.5 Packet Tracer - Configure IP ACLs to Mitigate Attacks
Christian Augusto Romero Goyzueta II
29K
4.1.3.5 Packet Tracer - Configure Standard IPv4 ACLs
Tech Acad
26K
CCNA Security Lab 4.1.2.5: Configure IP ACLs to Mitigate Attacks
Cisco Packet Tracer Labs
31K
Extended Access List (ACL) for the Cisco CCNA - Part 1
danscourses
234K
4.3.2.6 Packet Tracer - Configuring IPv6 ACLs
Tech Acad
22K
4.1.1.11 Packet Tracer - Configuring Extended ACLs Scenario 2
Christian Augusto Romero Goyzueta II
12K
How to Configure OSPF Routing in Cisco Packet Tracer
Tech Acad
15K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.