5.1.9 Packet Tracer - Configure Named Standard IPv4 ACLs

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi friends welcome to world in this video we are going to solve this packet tracer activity configure a named standard ipv4 sells before coming to this activity friends if you like to get any ccna version 7 online classes or any other technical support you can contact our team using our website link you will get from the description below and also if you like to get this type of technical videos in future consider subscribing and don't forget to enable that bell icon new to the subscribe button so that you will get notification message whenever we upload a new video back to this activity uh that is a configure named standard ipv4 acls in the last video we have seen how to configure an embedded standard ipv for acls so here it is a named standard ipv for acls here we can see our addressing table coming to the objectives part one configure and apply a named standard sel then in part two verify the acl implementation we will go through the scenario the senior network administrator has asked you to create a chanted named acl to prevent access to a file server the file server contains the database for the web applications only the web manager workstation pc1 and the web server need to access the file server all other traffic to the file server should be denied so here we are going to prevent access to this file server and this pc one is pc1 as well as this web server is allowed to access this file server and other workstations should be denied this is the policy we are going to set in this router r1 so coming to the instructions part one configure and apply a named standard acl step one verify connectivity before the acl is configured and applied all three workstations should be able to ping both the web server and file server okay we will test the connectivity we will get the ip address of file server we will copy from this addressing table then we will ping from pc1 and we are waiting for the replies okay it's working now we will test from pc 0 desktop command prompt bring to the file server ok perfect then ping from pc2 okay it's a pinging now we will ping to this web server here is its ip address coming to pc1 command prompt ping to our web server we are waiting for the replies it's working now we will ping from pc 0 to a web server command prompt ping to our web server okay that's perfect then we'll go to pc2 command prompt here we will ping to web server okay it's working we verified the connectivity now coming to step two configure a named standard access control list configure the following named acl on r1 in a global configuration mode we have to give this command ip access list standard then we have to give a name for this success control list then we have to permit host that is 192.168. the ip address of this uh web manager that is a pc one then permit host 192.168.100.100 this is the iep address of our web server then we have to deny other devices deny any so with this access control list we permit only this web manager that is one and a web server is allowed to access this file server and other devices are not allowed to access this file server we will do this configuration coming to r1 enable conf t and here we will give the command ip access list we are going to configure a standard access control list so we have to give a standard then we will specify the name so i will copy from this instruction because scoring purpose we have to give the correct name otherwise we can set any meaningful name here okay that's fine now we will permit 192.168.20.4 also we will permit 192.168.100.100 then we will deny other pcs deny any in this access control list we permitted these two pcs pc one and web server to access this file server we can verify this iep address if you go to pc1 we will try to go to iep configuration and here we can see it's uh this pc one ip address one nine two one six eight twenty dot four and we permit that host also we can see this web server ip address 192 168 100 100 and we permit that host also they given a note for scoring purposes the acl name is case sensitive yes that's why we copied from here otherwise you have to give it correctly and these statements must be in the same order as shown here okay we done that now use the show access list command to verify the contents of the access list before applying it to an interface make sure you have not uh mistyped any ip addresses and that the statements are in the correct order we will give this a show access list command and here itself they're shown the output for this uh show command coming to r1 we will give end show access list access list and here we can see standard ip access list with this acl name 10 20 and 30 iep across everything correct here step three apply the named acl apply the acl outbound on the fast ethernet zero slash one interface also they given a node in an actual operational network applying an access list to an active interface is not a good practice and should be avoided if possible so we have to give this command iep access group then we have to specify that access control listing name then in outbound direction then i save the configuration we are going to apply the acl we created to this interface fa 0 1 which is connecting to this network so we will do that configuration we will go to r1 and we'll do that once more i will copy this acl name we will go to that interface conf t interface that interface is f a 0 1 correct and here we are going to give ip access group then we will give that acl name it's here okay then we will give the direction we'll put a question mark and in out we will give your out now we will save the configuration copy running config startup config now we will go to part two verify the acl implementation step one verify the acl configuration and application to the interface use the show access command to verify the acl configuration use the show or running config or show iep interface faster than zero slash one command to verify that the acl is applied correctly to the interface okay we will verify it coming to r1 enable here we will give the show command show running config and we will go to the interface f a 0 1 and we can see iep access group then acl name out okay it's correct also we can verify uh using show ip interface uh it's fa zero slash one and here we can see outgoing access list is we can see our acl name now in step two verify that the acl is working properly all three workstations should be able to ping the web server but only pc1 and the web server should be able to ping the file server repeat the show access list command to see the number of packets that matched each statement okay we will test the connectivity first of all we will ping from uh all these pcs to this web server we'll go to pc1 command prompt and we will ping to web server we can see we get the replies then we will go to pc 0 command prompt okay it's working now we will go to pc2 command prompt okay it's working just i will copy this command even we will ping from file server okay ping to our web server we get the replies now we will bring to this file server and we set access control list and unload only pc1 and web server this pc 0 pc2 is not allowed to ping to this file server or to access this file server we will try from pc2 we will ping to our this file server destination host unreachable here we can see packets sent before received 0 100 percent loss so we unable to access this file server from pc2 now we will try from pc 0 and here also we can see destination hosting reachable now we will try to ping from pc1 and it should succeed because pc one and web server is allowed to access this file server we'll go to pc1 command prompt and we'll ping to the file server it's working now we will go to web server command prompt we will ping to 192.168.200.100 and here we can see we get the replies now we will give this a show access list command in this router r1 show access list and here we can see the matches it matches sure these matches may differ depends on the number of things you given to the file server perfect so in this packet tracer we sold this activity configure named standard ipv for acls here we can see our completion status under percent now dear friends if you get any doubt or any suggestions you can comment below or you can contact our team using our website link you will get from the description below and also if you like your video give it thumb and share with all your friends stay tuned and we will meet again with the next video thank you
Info
Channel: Tech Acad
Views: 5,609
Rating: undefined out of 5
Keywords: CISCO, CISCO Certification, CCNA, Packet Tracer, Access Control List, IPv4 ACL, CCNAv7, Standard ACL, Named ACL
Id: zOXxDJogr2o
Channel Id: undefined
Length: 14min 14sec (854 seconds)
Published: Thu Sep 10 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.