ACL Introduction - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] okay now in this section we'll see how to configure access control lists and what is exactly access control lists and what exactly they do and different types of a seals some basic theory we'll try to see in this in this video so access control list is a set of rules which will allow or deny the traffic moving through the router the fix are like if you just take an example in the previous section what we have seen we have seen different routing options now in all our routing what we have seen is we have seen how to establish communication between 1 & 2 1 6 8 1 no networks to 192 one pick shake cool all network and trade on it was like all the different networks they are able to communicate with each other by using static default or any of the dynamic routing like our IP EHR piano SDA now now is ACL let's say what if I want a specific user one dot one should not communicate with two dot one I want to be neither topics some one dot one should not go to to daughter but one dot one can communicate with other devices like I can communicate with this but not with this specific device I want to be nice a specific topic or you can write a rule like I want to deny the to donate will should know DOCSIS 3.1 in web service now assume that in my company a house is figure out one computer which is my web server and I want to into that any of the users come to the network should not access a C dot one web service only their service but they can access other services from the same computer like APB or telnet kind of things or or you can write some routes like deny I want to deny a specific traffic from trade or network going to 1.2 FTP so now assume that there is an FTP server here somewhere here and I want to ensure that the three dot users all three or users should not access the one to FTP service but I want to ensure that all the remaining traffic should be mounted now this is what we can say a specific rule these are the set of rules I got a rule one again two third rule and a fourth rule and these are the set of rules and all this set of goals can be combined and referred as access control lists now access control lists is a set of rules I can be anything which will allow or deny now if I say deny it will be nine if I say permit it will vomit so it all depends upon how you write the rules a specific traffic a circuit traffic means directed host selected devices or selected submissions which is moving to the router now anything moving through the wrapper because we are going to implement ACL on the routers and the traffic has to be Y an outer it has to be going to the outer so we call it has a layer three security now while you quality is sick it is because it's going to filter this on your laser your services which controls the flow of traffic from one network to another network or from one doctor to another doctor it's also called as packet filtering files because it is going to filter your packets as they go through the router so it is not doing a complete job of a firewall but as ACM is a basic filtering which is this king can do on the routers where you can hello or deny a spirit selected services which are moving through the other or selected services or selected host something like that so these are some basic overview of the ACL we will be getting into more in detail on this left left side we understand what are the different types of issues we have now we have two two kinds of issues we have named issues and name bodacious named and nimble now the major difference between these two is both are same but the only difference is whatever the rules we have written will say deny 1.1 I wonder to deny a three-door networks permit all the remaining networks now whatever the rules we are writing now these rules can be identified by using a name or a number so either I can use some name like I can give a name like I can give a name called CCNA some name to identify disease heal on the router or I can use some ACL number 10 so if I do nimble for identification of these rules this is referred as it is Hilton or or or you can use some name like reasoning if I give numbers we called as an embrace field if I you name we call it as the name is it so there's only basic difference whereas there is one more major difference like in the name they feel there is something editing is possible which is not possible in a number is here about this editing I will be getting into more in detail in the layers all sessions but except that one difference they was a sense and the main specification between the agencies we have standard and extended Janet is a CEO is something like very basics kind of filtering or basics easier when I say extended it's more like advanced options we can use or advanced advanced filtering options we have in case of extradition again name standard action is so Canada sure is absolutely there is only one category in that it can be numbers or it can be made so let's try to understand what is the basic difference between the standard and X initial now this standardization can be either in name or it can be number it doesn't matter for us but it's just a standard ischial which is basic filtering here also it can be named honorable but the first difference is if I'm writing and numbers as I said whatever the rules you are writing and these rules can be referred with some nimble it's like you any number in between 1 to 99 that outer automatically understands that this is a standard ratio and if I give any number in between 100 to 199 that also understands the it is an external issue so by the seeing the number range then also the identify whether it is an extended or edited so which means we don't need to tell that this is standard this section is a new HTML bird test it will understand that it's the standard issue because of the range now what is the major difference now in case of Saturday seal we can allow the domestic network or a host like I can write a rule say that deny 192 158 1.1 where I am going to be nine one single host or I can write a rule where I can deny or just permit it can be buried also a complete network I can write 1 a 2 1 6 8 3 or 0 they don't ID so here I am going to deny it a specific host and again I am going to be 9 a specific network or it can be a submit submit means a sub network again it is a network only networker submit submit close means office subnetting whatever the network we get the small network we call the math solid now this something what's possible in the standard is here in case of exchange areas also we have the same features like we can in ordinary seek host symbolised standard submit or network same a standard but there is one thing exiled with how we can in load in a specific service so service means a selected services can be allowed or denied blocks or committed so that one one extra thing we can do in case of extended is here let's try to see the difference what is exactly this one let me take some white screen here now normally in case of a communication means let's say I am going to say deny the traffic from 1.1 we to 2.1 when I say deny means of Medina the communication means there are different types of communication happens between the two different devices like we can have FTP traffic going HTTP traffic going it can be attendant traffic it can be a synthetic traffic or it can be speaking messages now when I said deny between these two if I am using a standard is you them using a standard is here and if I'm using exchanges here now present in a 1.1 should not communicate with 2.1 means by default all the solutions will be denied in case of standard is here now when i say 1.1 1.1 will never communicate with 2.1 which means between these two these two devices no FTP traffic will go no HTTP no telnet no SMTP no paying nothing so they don't see each other so there's no traffic goes between these two devices because the standard seals cannot identify the service you note identify the service cannot recognize the services but when as exchanges here is capable of identifying a specific service where I can define a rule saying that 1.1 between 2.1 only FTP traffic should be denied and then I want to permit all the remaining traffic so when a minute when I define this rule it's going to only denies the traffic between these two 1.1 into got one only FTP traffic whereas is going to permit all the remaining traffic so because section daysius is capable of identifying a specific service based filtering or filtering can be done based on specific services where you can deny all or deny a specific service we can match a specific service which is not possible in case of exchange a standard easier so this is one of the major enhancement of the major major difference between the standard and extended where there is no service here we can delight the fixed service and apart from that there is one more major difference between these two is filtering filtering is done based on the soul shuttles whereas filtering is done based on the source destination protocol port number so which means this extended field is capable of doing some advanced filtering than standard easier so second example if it is more like a security guard of any organization normally so I got a router it is implemented a shield like a security guard of any company they say there is there is some example let's say security guards of any organization now this is my company gate and this is inside the building and then there are some users coming from outside now my manager or my HR says that we define some rules that if any user is coming coming from any source in the user can be coming from anywhere if he it is coming if he's entering into the destination address this nation is HR that's nothing but HR and we supposed to meet HR and the purpose is interview now that particular candidate should be allowed inside organization so that's the rule which is given by my company manager or someone um to the figure so just assume that it's like an easy only now what happens here is if a user is coming from any source if he is going to specific destination so whenever this particular user is coming here now if you want to enter is not a kittycat that is all is here is going to stop and and see the packet and it feels what is the source and the source is any so as for the rules any any source will be permitted and then it is going in case of standard is here it is not going to check the destination so which means a once this packet enters he is not checking rate is going which there is going to meet the manager which it is going to meet the Hedgehog or whether is going to meet some account managers or something like this what exactly is going to wave is going destination is not checked and then what is the purpose what the purpose is coming it's not going to check that also so the translation takes only the source somewhere the packet is coming so which means in case of sanitation it will do only some basic filtering of any compared with other extend is but in case of exchanges here in case of extended is here going to check the source it's going to check the destination it's going to take the protocol and port number so which means it's checks from various coming so as for the rule is coming from any source any source yes it will take a destination where you want to go you want to go to which are okay so what the purpose the purpose is it W now then it says purpose it's just like port numbers FTP FB it is going to identify specific service on the port number it says ok you are alone you can go inside but let's say if your packet is coming from any source any means any person is coming it's supposed to make the a charm and then the destination is also matching source is matching the page is matching and if the purpose is personal or if some of the purpose the eto says you're not going to go inside because as for the rules given to me I'm going to allow all these of people it matches a specific service like an example we can say like if a packet is coming from 1.1 if it is going to load 1 if it is equal to your PP permit so if it is coming from 1.1 going to 2.1 if it is HTTP traffic don't permit it's not match in the route so it's more similar to this one now similar way what I can do is I can write one more examples for understanding here let's say the packet is coming from any source if he is coming for interview it means my it is my purpose is matching that is my service is matching so this is matching but the destination is different it says I want to meet a manager the destination is it's not matching so this rule is not going to match so the major advantage we get with a COCs is going to match the source and also it's going to match the destination and also it will match the protocol like TCP UDP information more on this we'll see when we implement and then port number like number FTP port numbers or that one identifying the service on HTTP service or technically if all matches then if I say permit it's going to say permit if I say deny it going to simply from the packets so that is one of the major difference we have in the in the extended field and Saturdays so there is one more difference here implementation is turn produce to the destination and closer to the source at this point you will get a more clear understanding when we start implementing the lab so we'll see laughs anyways probably in my next video I am going to start with annotation lab so we will see some more some most critical concepts like some more logical things how they still are going to work how we implement how we contain more on that but these are major difference between candor and extra new skills and guess of genetic states and details we can allure denies the speak host but whereas one extra thing we can do in the X and easily service and then extra dish will support some advanced filtering light source destination protocol and port number whereas the standard is you'll only check those sources now these are the two major differences between standard and extended easier [Music]

Info

Channel: Sikandar Shaik

Views: 88,662

Rating: undefined out of 5

Keywords: acl, ccna acl, acl videos, ccna, noa, noa videos, ccna videos, ccnp, cisco, ccie, subnetting, ccna security, bgp, ospf, firewall, ccna subnetting, ipv6, bgp videos, stp, ccna vdieos, ccna free video, ccie certification, ios, iou, virtual, eigrp, cisco virtual lab, iosv, asav, gns3, routing, noa vdieos, noa solutions, zone based firewall, zone pair, zbf, flsm, cisco firewall, cisco security, cisco certifications, wan, ip addressing, netmetric, vlsm, eigrp configuration, vlan, ccna videos, ccnp, cisco

Id: DAzHYzy9vm0

Channel Id: undefined

Length: 16min 41sec (1001 seconds)

Published: Thu Jan 19 2017