Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,520 --> 00:00:03,580 In this practical lab we'll take a look to the access. 2 00:00:03,580 --> 00:00:11,640 This configuration we are two others two surveys and two pieces in our lab. 3 00:00:12,150 --> 00:00:20,900 In the first step let us saying that cover your piece you want a piece it too with proper default it 4 00:00:21,010 --> 00:00:33,620 pays OK and for the second step we need to call for you an extended access list and provide that. 5 00:00:33,630 --> 00:00:49,290 P.S. One can't reach the FTB talent and the DP Ports of P.S. 2 and we should also Ello for any other 6 00:00:49,770 --> 00:00:51,800 terrific. 7 00:00:51,920 --> 00:00:53,690 All right let's go. 8 00:00:56,870 --> 00:00:58,640 So what I need to do is 9 00:01:01,530 --> 00:01:06,680 first we need to configure P.S. 1 and P.S. 2 with proper default gateways. 10 00:01:06,750 --> 00:01:14,280 As you can see that in the year PCI wants default gateway is here. 11 00:01:14,470 --> 00:01:24,460 So I should use this IP address for PCI once Gateway and I should use to that one as the default courtesy 12 00:01:24,480 --> 00:01:32,490 of the P.C. to that's got to the packet tracer packet res or Tor. 13 00:01:32,800 --> 00:01:33,610 Oh you go 14 00:01:39,290 --> 00:01:43,750 I need to close this so you can focus better. 15 00:01:43,870 --> 00:01:44,460 OK 16 00:01:48,150 --> 00:02:00,420 I'm going to the first P.S. And checking the IP configuration and my default gateway will be one that 17 00:02:00,430 --> 00:02:04,780 one and I'm going to the second 18 00:02:08,070 --> 00:02:10,820 desktop IP config 19 00:02:13,710 --> 00:02:14,510 true that one 20 00:02:17,450 --> 00:02:18,840 Oh to the 6. 21 00:02:19,340 --> 00:02:22,140 Now do that one. 22 00:02:22,470 --> 00:02:30,940 All right I accomplished my first step and let's take a look to the second step now. 23 00:02:35,540 --> 00:02:44,150 In the second step I need to call for you and extend the access list and provide that. 24 00:02:44,170 --> 00:02:58,510 P.S. one can reach the NDP telnet and A.S.A.P. ports of P.C. to so P.S. 1 is my source. 25 00:03:00,680 --> 00:03:15,220 P.S. 2 is my destination as you can remember from our sessions extended access lists are written to 26 00:03:15,220 --> 00:03:20,290 the closest rather to our source. 27 00:03:24,610 --> 00:03:26,370 So I'm going to use them. 28 00:03:27,670 --> 00:03:43,290 I'm going to configure an ACL on rather one which blocks the traffic for FTB telnet and H2 to prepare 29 00:03:43,310 --> 00:03:52,400 the course coming from P.S. 1 and destined to P.S. To All right. 30 00:03:52,830 --> 00:03:54,190 Let's go 31 00:03:59,350 --> 00:04:01,150 I'm going into the rather one 32 00:04:07,930 --> 00:04:10,790 enable first right. 33 00:04:14,340 --> 00:04:15,140 Quality 34 00:04:18,580 --> 00:04:22,400 and let's configure our access list access list. 35 00:04:22,420 --> 00:04:30,830 I'm going to use a question mark as you can see that we have different grants that we can use for standard 36 00:04:30,830 --> 00:04:37,220 or X extended access list because of I'm going to use extended access lists. 37 00:04:37,340 --> 00:04:53,300 I'll use this range and this number right but I'm gonna do is I'm gonna deny some traffics right. 38 00:04:54,840 --> 00:04:55,420 Deny 39 00:05:00,630 --> 00:05:13,700 my protocols are working DCP so I'm gonna deny the TCB traffic now a question mark so the first thing 40 00:05:14,120 --> 00:05:22,750 is I need to write my host address for source address. 41 00:05:22,760 --> 00:05:25,910 OK I'm defining my source address. 42 00:05:25,930 --> 00:05:33,550 I can use the IP address of my P.C. and be the wild card of 0 0 0 0. 43 00:05:34,210 --> 00:05:39,800 But instead of this I can use just host command features easier. 44 00:05:39,890 --> 00:05:54,940 Okay DCP host what is the IP address of my source term for the 1 1 5 down for the 1 1 5. 45 00:05:55,020 --> 00:05:55,930 Okay. 46 00:05:56,100 --> 00:06:10,950 And another question mark I need to define my destination address to my destination IP address is a 47 00:06:10,950 --> 00:06:12,270 single host again. 48 00:06:13,900 --> 00:06:16,600 10 for the 1 2 6 49 00:06:20,810 --> 00:06:38,270 host 10 4 2 1 2 6 Politico and I'm going to match a given port number using the E 2 Q L and command 50 00:06:39,450 --> 00:06:53,190 e q and I have another question mark I can't define the port numbers by using these numbers are I can 51 00:06:53,190 --> 00:06:57,740 use the names of the protocols as well. 52 00:06:57,980 --> 00:07:08,100 For simplicity I'm going to use the typing the port and search protocol names. 53 00:07:08,350 --> 00:07:20,780 I'm going to deny if DP I'm gonna deny tell that and I'm gonna deny H to DP which means w w w 54 00:07:24,290 --> 00:07:26,190 o k pretty cool. 55 00:07:26,190 --> 00:07:30,530 The next step is I need the permit. 56 00:07:31,980 --> 00:07:36,840 Any other traffic OK because my ACL. 57 00:07:36,840 --> 00:07:54,490 I should write at least one permit statement please remember that OK access lists 100 permit IP any 58 00:07:54,760 --> 00:07:59,000 any permit and IP traffic. 59 00:07:59,080 --> 00:08:03,750 Okay I'm permitting anything other than I denied. 60 00:08:05,370 --> 00:08:08,470 Above OK. 61 00:08:08,480 --> 00:08:22,270 That's cool but mission is not accomplished I created my access list correctly but I need to implement 62 00:08:22,300 --> 00:08:26,670 my access list to the related interface. 63 00:08:27,710 --> 00:08:39,500 From inbound or outbound in here underlying the traffic of P.S. 1 so I can implement my ACL to this 64 00:08:39,500 --> 00:08:54,500 interface inbound while packets coming from this P.C. to the these interface first and so one I block 65 00:08:54,500 --> 00:08:57,460 this traffic OK. 66 00:08:57,700 --> 00:09:00,010 No I need to go through the fast designs that one 67 00:09:04,420 --> 00:09:08,530 first 01 interface first. 68 00:09:08,550 --> 00:09:25,550 0 1 and I'm using IP access group the number of my ACL and in or out in this scenario I'm going to use 69 00:09:25,730 --> 00:09:28,160 an inbound 70 00:09:31,940 --> 00:09:32,460 OK. 71 00:09:32,460 --> 00:09:37,350 Pretty cool I can refine my configuration using show axis. 72 00:09:37,380 --> 00:09:45,780 This command and I can take a brief look to what I'm denying and what I am permitting for and that's 73 00:09:45,990 --> 00:09:46,440 it. 74 00:09:48,260 --> 00:09:48,540 OK. 75 00:09:48,560 --> 00:09:55,720 We have completed our configuration lap and everything was fine thanks for weaving. 76 00:09:55,730 --> 00:09:58,160 See you in the next session guys. 7013