5.1.8 Packet Tracer - Configure Numbered Standard IPv4 ACLs

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to world in this video we are going to solve this packet tracer activity configure a numpad standard ipv4 acls before coming to this activity friends if you like to get any ccna version 7 online classes or any technical support you can contact our team using our website link you will get from the description below and if you like to get this type of technical videos in future consider subscribing and don't forget to enable that bell icon near to the subscribe button so that you will get notification message whenever we upload a new video okay now back to our activity uh here we can see our addressing table coming to the objectives part one plan an acl implementation then in part two configure a play and verify a standard acl we will go through the scenario standard access control list that is acls are rotor configuration scripts that control whether a router permits or denies packets based on the source address this activity focuses on defining filtering criteria configuring standard acls applying acls to router interfaces and verify and testing the acl implementation the routers are already configured including ip addresses and enhanced interior gateway routing protocol that is eigrp routing that's fine they fully configured this topology with ip address also they configured eigrp so here we are going to plan and implement access control list we will do it one by one coming to the instructions part one plan an acl implementation step one investigate the current network configuration before applying any acls to a network it is important to confirm that you have full connectivity verify that the network has full connectivity by choosing a pc and pinging other devices on the network you should be able to successfully ping every device yes that is correct so before implementing access control list uh we must verify uh the network has full connectivity so we will verify here we will test end to end connectivity uh here we can see our addressing table i will ping from pc1 we will go to command prompt first of all we will ping to pc2 we will get its ip address ping to pc2 and we are waiting for the replies here we can see it's working now we will ping to a pc3 from pc1 we may get one request timed out and here we get the replies also we will ping to this web server here is the ip address ping to the server pinging okay yeah we get the replies it's working we verified this network and it has a full connectivity now in step 2 evaluate two network policies and plan acl implementations the following network policies are implemented on r2 the 192.168.11.0624 network is not allowed access to the web server on the 192.168.20.0 slash 24 network all other access is permitted here we are going to implement this acl on this router r2 and here we can see this network 192.168.11.0 slash twenty four pc two s2 and this uh interface that is a g zero slash one uh this network is not allowed to access to this web server that is 192.168.20.254 that is the iphone service web server and all other access is permitted okay to restrict access from the 192.168.11.0 24 network to the web server at 192.168.20.254. without interfering with other traffic an acl must be created on r2 okay the access list must be placed on the outbound interface to the web server a second rule must be created on r2 to permit all other traffic yes we have to create that access control list in this router r2 and we have to implement uh that acl uh in out direction so this is the first policy uh they specified here here we can see the second one the following network policies are implemented on r3 so the 192.168.10.0624 network is not allowed to communicate with 192.168. network all other access is permitted coming to our topology here we can see that network 192.168.10.0 network so this network is not allowed to communicate with this network that is 192.168.30.0024 so we have to create that access control list in this router r3 and we have to implement in outbound direction to restrict access from the 192.168.10.0624 network to the 192.168.3 oh your 3.0 okay uh 30.0024 network without interfering with other traffic and access list will need to be created on r3 exactly the acl must be placed on the outbound interface to pc3 that means we have to implement to this interface uh that is g00 a second rule must be created on r3 to permit all other traffic yes we will do that now we will go to part two configure a play and verify a standard acl step one configure and apply a numbered standard acl on r2 create an acl using the number one on r2 with a statement that denies access to the 192.168.20.0 slash 24 network from the nine two one six eight eleven dot zero slash 24 network here they given the command in global configuration mode we have to give access list one uh deny uh this network that is 192.168.11.0 uh with this while decado mask we will give that command in this router r2 enable conf t and here in this global configuration mode we will give access list then i will put a question mark here and we can see we have to specify the number here we are we are going to give this iep standard access list so we'll create we'll give one numbered access list okay then again a question mark we can give deny permit or remark here we are going to deny a particular network right so we can give deny then we can specify address to match so here we are going to deny this network 192.168.11.0 24. we will give that network here 192.168.11.0 then we'll put a question mark now we have to give its wild card bits it is 0.0.0.255 then press enter by default an access list denies all traffic that does not match any rules to permit all other traffic configure the following statement access list one permit any okay we have to give that two access list to one you are going to permit any before applying an access list to an interface to filter traffic it is a best practice to review the contents of the access list in order to verify that it will filter traffic as expected so we will verify using this show command show access list okay we will go to this r2 and we will give that command show access list so we are in global configuration mode uh we can give it a do command do show access list otherwise you can give in privileged exit mode and here we can see standard ip access list one deny this network then permit other traffic now for the acl to actually filter traffic it must be applied to some rotor operation apply the acl by placing it for outbound traffic on the gigabit ethernet zero zero interface so coming to our topology here we can see that interface uh g 0 slash 0 which is connecting to this network they given a node in an actual operational network it is not a good practice to apply uh an untested access list to an active interface okay so here we have to go to that interface gigabit third zero slash zero and we have to give this command ip access group uh we created this access list to one then outbound direction we'll go to r2 and we'll give that command here we'll go to that interface that is g 0 0 then we will give ip access group one out direction we'll put a question mark and here we can see inbound packets and outbound packets we will give out coming to step two configure and apply an unpaired standard acl on r3 create an acl using the number one on r3 with a statement that denies access to the 192.168.30.00 24 network from the pc one um that is 19192.168.10.0 24 network here we can see that command access list 1 we have to deny 192.168.10.0 and here they given the wildcard mask so we will give this a command in this rotor r3 enable then we will give a country here we will create that access list that is one and we are going to deny this network 192.168. then we have to specify its wildcard mask 0.0.0.255. by default an acl denies all traffic that does not match any rules to permit all other traffic create a second rule for acl1 yes we have to give this command access list one permit any we will give that here access list one permit any now we will verify that the access list is configured correctly using the show command show access list here we will give you the do command do show access list here we can see standard ip access list to one uh we denied this network then we permit all other traffic then apply the acl by placing it for outbound traffic on the gigabit ethernet 0 0 interface we have to go to this interface and we have to give ip access group 1 outbound so here we can see that interface g 0 0 which is connecting this network we will go to that interface g 0 0 and we will give that command ip access group it's a one outbound coming to the last step verify acl configuration and functionality enter the show run or show iep interface gigabit ethernet 000 command to verify the acl placements okay just we will try in this router r3 you will give end show running config coming to this interface g 0 0 here we can see i p access group 1 out also here we can see the accessories to be created okay also we can give this a show command show ip i think it's uh let me try with the show interfaces will give a gigabit ethernet 0 0 oh not this one we have to give it uh you know show ip interface g 0 0 let me try this okay and here we can see outgoing access list is 1 and we did not set any inbound access list that's correct in the same way we can verify in this router r2 also enable show running config okay and here we can see g 0 0 ip access group 1 out also here we can see the access list we created we will try with the show ip interface g 0 0 and here we can see outgoing access list is one with the two acls in place network traffic is restricted according to the policies detailed in part one use the following test to verify the acl implementations okay now we will test and verify uh this acl implementations uh here a ping from 192.160 to 192.168.11.10 uh succeeds that means we are going to ping from pc1 to pc2 i will get the iep address here we can see that we will ping from pc1 ok succeeded next is a ping from 192.168.10.10 that means from pc one uh to 192.168.20.254 succeeds uh that means from pc1 to this web server right so we will get the uh just i will copy this ip address coming to pc1 it will ping to the server and it succeeded a ping from one nine two one six eight eleven dot ten two one nine two one six eight twenty dot two fifty four fails that means we are going to ping from pc2 to this web server and here we set access control list this network is not allowed to communicate to this web server so we'll go to pc2 command prompt we will ping to the web server and it should fail we can see it says the destination house unreachable here we will see uh how it works using this simulation mode uh we will switch it to simulation and uh here we will give a show all or none we will keep only icmp we will close this window again we will go to pc2 then we will ping to our server okay and here we can see that icmp packet we will capture and forward it goes to this switch that goes to r1 and we can see it goes to r2 and this r2 is dropped this packet because we configured an access control list in this router r2 to deny this network nine two one six eight eleven dot zero uh to this web server that's why this rotor had dropped this icmp packet now this router will send an acknowledgement back to this pc2 and he says that packet is a dropped so we can see it goes back to r1 s2 and finally reaches to pc2 so here it says destination host unreachable we will go to real time then ping from 192.168.10.10 to 192.168.30.10 fails that means we are going to bring from this network 192.168.10.0 to this network we will ping from pc1 to pc3 and here they clearly specified it will fail because uh we created an acl in this router r3 that this network 192.168.10.0 is not allowed to access this network we will copy this iep address then coming to pc1 command prompt then we will ping through that pc and we can see destination hosts unreachable we can verify that using simulation mode here we have only this icmp visible event we will go to pc1 again we will give that a ping to the pc3 right and we can see that icmp is generated in this pc one it goes to s1 it goes to r1 then it goes to r3 but here we can see that packet is dropped by this router r3 because we created access control list in this router r3 uh this network 192.168.10.0 is not allowed to communicate to this network 30.0 and now we can see this r3 is sending an acknowledgement back to this pc one that it's a dropped it's failed here we can see that destination housed unreachable we will come back to real time then a ping from 192.168.11.10 to 1 9 2 1 6 8 30. uh 10 succeeds just i will copy this address then we will go to pc2 we will ping to this pc3 coming to pc2 command prompt pink to pc3 it should succeed okay and finally a ping from 192.168.30.10 to our web server you'll get this web server ip address we are going to ping from pc3 to this web server it's working next is issue the show access list command again on routers r2 and r3 you should see output that indicates the number of packets that have matched each line of the access list also they given a note the number of matches shown for your routers may be different due to the number of pings that are sent and received yes that's correct so we are going to give this a show command show access list in this router r2 and r3 uh coming to r2 show access list and here we can see eight matches we will go to r3 show access list here also we can see eight matches sure why we got these eight matches and obviously this depends on the number of pings we made here uh we made two pings from pc1 to web server uh i ping in real time also i ping in a simulation mode so twice a wee ping from pc1 to web server so one ping means four matches two pings it's eight matches yes so this matches uh depends on the number of packets sent and received okay that's all in this activity that is a configure an embedded standard ipv4 icls so here we planned an access control list then we configured a plate and finally we verified this standard numbered acl here we can see our completion status it's a hundred percent now dear friends if you get any doubt or if you have any suggestions regarding this packet tracer activity please comment below or even you can contact our team using our website link you will get from the description below and if you like our video give a thumb and share with all your friends stay tuned and we will meet again with the next packet tracer activity thank you

Info

Channel: Tech Acad

Views: 7,058

Rating: undefined out of 5

Keywords: CISCO, CISCO Certification, CCNA, CCNAv7, Packet Tracer, ACL, Access Control List, Standard ACL

Id: ZgXHYiX-W3I

Channel Id: undefined

Length: 24min 36sec (1476 seconds)

Published: Mon Sep 07 2020