4.2.2.12 Packet Tracer - Configuring Extended ACLs Scenario 3

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to all in this video we are going to see the packet tracer activity configuring exchange ICL's scenario 3 before coming to the configuration if you like to get my future uploading video info into our gmail you can subscribe this channel right now well her coming back to your packet tracer here we can see our oppressing table also we will go through the objectives of this packet tracer of activity in part 2 1 we will configure a named extented ACL in party to apply and verify the extended ACL also we will go through the scenario here in this scenario specific devices on the LAN are allowed to various services on servers located on the internet rate we will come to path to 1 configure and named extended ACL u--'s one named ACL to implement the following policy yes you are the policies block HTTP and HTTPS access from pc1 to server 1 and server to the servers are inside the cloud and you only know their IP addresses right here we can see that in our addressing table for the server 1 and server 2 they given the IP address but here we can see that it's update to mask and default gateway is not given right next is a block FTP access from PC to to server 1 and server to block ICMP access from PC 3 to server 1 and server 2 not for scoring purposes you must configure or the statements in the order specified in the following steps right we will do that coming to step 1 deny PC want to access HTTP and HTTPS services on a server 1 and server to coming to a create an extended IP access list named ACL right which will deny PC 1 access to the HTTP and HTTPS services of server 1 and server 2 because it is impossible to directly observe the subnet of servers on the internet for roles are required right what is the command to begin the named ACL yes obviously we have to use the command IP access list extended than the name that is of your specified ACL sure we can give that to coming to a router of t1 we have to enable configure terminal and here we can give IP access list then we have to give a hurry our were configuring external ACL so we have to give extented and then we have to specify the name here we are going to give the name as a CL now we will come to be record the statement that denies access from pc1 to server one only for HTTP right coming to a router RT one here we are going to deny TCP and here we are going to give a host actress that is a PC one here we can see that so we have to get the IP address of PC one coming to our trusting table here we can see that a truss I am going to copy this right and you know we are going to give her a single destination house - that is a server one here we are going to give a host then now we have to give the destination actress that is the IP address of our server one here is that right now we are going to give EQ match only packets on a given port number here we are going to give a HTTP that is 80 coming to see or record the statement that it denies access from pc1 to server one only for HTTP so we have seen the previous statement to be given for denying this HTTP so here only changes the port number with the previous statement right so we will get the previous statement with up arrow here we can see that it denied TCP host here we can see the IP address of PC one then the destination host the server one IP address equal to here we given eighty and now we are going to change to HTTP port that is a 443 here we can see that it is not not mentioned in our but here we can see port number right we are going to give that four four three now we will come to D record the statement that denies access from pc1 to server two only for HTTP here we can see from this be the difference it changes from server 1 to server 2 only we have to change this server - I mean this destination host actress we have to see this as a lot to atrazine or a crossing table here we can see that 64 dot it's 1 or 3 so here only we have to change from 1 not 1 to 1 or 3 so remaining everything same from this step of B right so we will come to our R 2 and we will get the previous command here is that DCP Horst it's from pc1 only the destination host it's a server - so we have to change this actress from 64 door to one not 3.2 to 5.25 or equal to 80 percenter coming to e or record the statement that denies access from pc1 to server - only for HTTP yes in the step see we have seen that for server 1 now we are going to do for a server - so here only we have to change the destination house to actress coming to our RT 1 you will see the previous command yes here we can see that deny a TCP host a PC 1 IP address than the destination host here we have to give a server to atras that is 60 4.1 not 3.25 5.25 4 equal to a 443 that is for port number for the HTTP now we will come to step to deny PC - to access FTP services on server 1 and server to record the statement that denies access from PC to to server 1 only for FTP that is port number 21 coming to our RT 1 here we are going to deny that is TCP then we have to give a host its IP address we have to see the IP address of PC 2 here we can see that I am going to copy this coming to our statement right here is the single a source host now we are going to give a destination host our truss that is a server one a truss so here is that I am going to copy this right EQ and here we are going to deny FTP services so the port number is 21 coming to be or record the statement in that denies access from PC to - silver - only for FTP port number 21 so here we have to change the destination host or trust so from server run to server - so here we can see the address it's a one not three right coming to our previous command and we can edit it and we can do that this nation host a 64 door to one not 3.25 5.25 for a high EQ 21 now we will come to step 3 Adonai pc3 - ping server 1 and server to a a recorded statement that denies ICMP access from PC three to server 1 right coming to our our t1 here we are going to deny ICMP be able to get the host etre sir that is PC through a truss here is that I am going to copy this address right now we have to specify the destination host single host so we have to give a host then the host a truss that is the IP address office server one here is the ultras right coming to be record the statement that denies ICMP access from PC through to server to so here only we have to change the destination house to a truss from server to server to so here we can see that a truss it's one node tree coming to our t1 and we will get the previous command check here we can see that here we are going to change the destination host actress to soar over to a truss that is a 64 door to one node 3 dot 255 dot 255 for me to all adore IP traffic by default and access listed denies all traffic that does not match any role in the list now what command permits all other traffic we have to give a parameter IP any space any so we will give that in our our t1 permit to IP any any that means we are permitting all other IP traffic from any source to any destination now we will come to party to a play and verify the extended ACL the traffic to be filtered is coming from the 170 2.30 100 296 last 27 network and this this time for remote networks appropriate ACL placement also a depends on the relationship of the traffic with respect to our t1 coming to step 1 apply the ACL to the correct interface and in the correct direction what are the commands you need to apply the ACL to the correct interface and in the correct direction coming to the topology here we can see the traffic to be filtered is the coming from this interface for this one a 12 and 7 2.31 Doe 296 last 27 that is so here we can see gigabit the third 0/0 so we have to apply the ACL to this interface a gigabit utterance 0/0 in this router our t1 in the direction in coming to the configuration in the router or our t1 so we have to exit we have to go to the interface we got with a third 0 so R 0 and here we have to give an IP access group and then we have to specify our access list name that is a CL and it's inbound packets now we will come to step to just access a for a to PC access the websites of server 1 and server 2 using the web browser of PC 1 and using both HTTP and HTTPS protocol so here we have we seen we given the policy block HTTP and HTTPS from pc1 so a PC 1 will not be able to access HTTP and HTTPS from both servers server 1 and server 2 we will check that coming to PC 1 web browser here is the IP address of our server 1 no we are not getting the web page request timed out now we'll try HTTPS here we will give HTTPS no we are not getting the webpage or it was timed out now you will try server to the IP our trust is a 64 dot one not 3.25 5.25 four go no we are not getting now we will try HTTP in server to HTTPS no we are not getting the webpage so from pc1 we cannot access the webpage on both servers servin server 1 and server - coming to be access FTP or for server 1 and server to using PC 1 the username and password is Cisco right we will see that coming to PC 1 command prompt here we are going to give a FTP target target Atris username is cisco password cisco yes we are getting now we will try server - you have TP server to a trust that is 64 door to one north 3.25 5.25 for username a cisco password is cisco yes we are getting server to also coming to see ping server 1 and server - from pc1 right coming to pc 1 command prompt here we are going to so we will quit from here now we will ping to server 1 yes we are getting the replay now we will pin to server to the tro c64 door - one not three yes we are getting the replay coming 2d repeat that step to a two step to see with the pc - and PC free also to verify proper access list operation right so we will do it on PC - coming to PC - web browser first of all we will try to access the web page of server one here is the actress yes we are getting the web page and now we will access with the help of HTTP salaries here we are going to give an HTTP yes we are getting the web page now we will try to access her the web page in a server to the IP address is a 64-bit one not three yes we are getting the web page now we will try HTTP right yes we are getting the web page now we will try to access our FTP of server 1 and server 2 from this PC 2 if TP here is the utterance of server 1 trying to connect no it's not connected timed out disconnecting from FTP server right so we will try to server to 64 door to one not three trying to connect no it's not able to connect to our FTP server both the server 1 and server 2 here we can see we denied a PC to to access FTP services on server 1 and server to that's why we are not getting this FTP service from this PC to to our server 1 and server 2 now we will pink from PC to to server 1 and server to ping to server 1 yes we are getting the replay now we will ping to server to the T so 64 door to one not three yes we are getting to replay no we will repeat these steps in our PC through a test hope of a browser we will try to access the web page from server one here is the actress yes so if you are getting the webpage now we will try to access so HTTP secure here will give HTTP yes yes we are getting the webpage now we will try to our server to webpage here we give an HTTP and server to a trusted 64 door to 1 or 3 yes we are getting the webpage now we will try HTTP in the server - yes we are getting the webpage now we will try to access FTP from our you know this PC tree to the server server one answer over to first of all we will let try to our server 1 yes it's prompted for a username cisco password is cisco yes here we can see be able to access FTP - server 1 now we will try to our server - FTP and so here we have to give a 64 door to one not three yes it's prompted for a username Cisco password Cisco yes we are getting the FTP from a server - also now we will ping from PC three to our servers over 1 and server - first of all we will ping to server 1 here is the actress here we can see destination host unreachable we unable to ping to server 1 we will try to server 2 also 6402 1 node 3 No sure we are getting this nation host unreachable here we can see our policy we denied pc3 to ping server 1 and server - that's way in this PC through our a-pink's well it was a quite interesting packet race or activity configuring extraterrestrials as scenario three here we can see our completion status one hundred out of hundred turns if you have any doubt in this packet trace or activity please comment below also if you liked my video give a thump and France if not at subscribe this channel you can subscribe it right now so that you will get latest uploading video info into our Gmail thank you

Info

Channel: Tech Acad

Views: 20,806

Rating: undefined out of 5

Keywords: Extended Named Access Control List

Id: hmbWLx2zBBA

Channel Id: undefined

Length: 21min 31sec (1291 seconds)

Published: Sat Jan 27 2018