Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,439 --> 00:00:06,320 Welcome to Jeremy’s IT Lab. This is\xa0\n 2 00:00:07,040 --> 00:00:11,440 If you like these videos, please subscribe\xa0\n 3 00:00:11,439 --> 00:00:16,239 please like and leave a comment, and share the\xa0\n 4 00:00:16,239 --> 00:00:20,799 Thanks for your help. Also, remember to\xa0\n 5 00:00:20,800 --> 00:00:25,200 to get all of the lab files for this course, so\xa0\n 6 00:00:26,480 --> 00:00:31,920 If you want more labs like these, I highly\xa0\n 7 00:00:31,920 --> 00:00:36,320 click the link in the video description to\xa0\n 8 00:00:36,320 --> 00:00:40,000 packet tracer, but it’s even better,\xa0\n 9 00:00:40,000 --> 00:00:44,159 labs to not only help you get hands-on\xa0\n 10 00:00:44,159 --> 00:00:49,519 but also deepen your understanding of the exam\xa0\n 11 00:00:49,520 --> 00:00:53,359 certifications, so I feel confident\xa0\n 12 00:00:54,159 --> 00:00:58,399 If you want to get your own copy of NetSim,\xa0\n 13 00:01:00,399 --> 00:01:05,679 In this lab we will configure a couple extended\xa0\n 14 00:01:06,799 --> 00:01:16,879 Hosts in 172.16.2.0/24 can’t communicate with\xa0\n 15 00:01:16,879 --> 00:01:22,239 DNS service on SRV1. DNS is something we\xa0\n 16 00:01:22,239 --> 00:01:26,560 if you don’t totally understand the protocol\xa0\n 17 00:01:27,680 --> 00:01:34,640 The third requirement is that hosts in\xa0\n 18 00:01:34,640 --> 00:01:43,439 HTTPS services on SRV2. As you probably know by\xa0\n 19 00:01:45,599 --> 00:01:50,159 As I have said a few times, ACL configuration\xa0\n 20 00:01:50,159 --> 00:01:57,359 valid solutions. In this video I’ll show you my\xa0\n 21 00:01:57,359 --> 00:02:02,400 to fulfill the first and third requirements, and\xa0\n 22 00:02:04,319 --> 00:02:07,839 I’ll start with the second\xa0\n 23 00:02:09,599 --> 00:02:16,799 can’t access the DNS service on SRV1. First, let\xa0\n 24 00:02:18,319 --> 00:02:24,400 Then open the config tab, and you can\xa0\n 25 00:02:24,400 --> 00:02:32,319 SRV1, as PC1’s DNS server. DNS, Domain Name\xa0\n 26 00:02:32,319 --> 00:02:40,000 addresses as destinations. Let me show an example.\xa0\n 27 00:02:40,000 --> 00:02:48,319 ping to PC2. However, instead of pinging PC2’s\xa0\n 28 00:02:49,599 --> 00:02:54,560 Now, this ping will take a little longer\xa0\n 29 00:02:54,560 --> 00:03:01,439 to learn what the IP address of PC2 is. Although\xa0\n 30 00:03:01,439 --> 00:03:06,800 is easier than remembering IP addresses for us\xa0\n 31 00:03:06,800 --> 00:03:13,760 know the IP address. That’s what DNS is for. DNS\xa0\n 32 00:03:14,879 --> 00:03:20,960 As you can see, although I specified\xa0\n 33 00:03:20,960 --> 00:03:27,200 address of PC2 is and learned that it\xa0\n 34 00:03:29,520 --> 00:03:33,840 Okay, we’ll cover DNS later, now\xa0\n 35 00:03:36,479 --> 00:03:44,159 ENABLE. CONF T. I’ll configure a numbered\xa0\n 36 00:03:45,039 --> 00:03:51,599 So, let’s deny DNS. DENY, now which protocol\xa0\n 37 00:03:51,599 --> 00:03:59,359 DNS uses both TCP and UDP. Usually UDP is used,\xa0\n 38 00:03:59,360 --> 00:04:09,120 so let’s block both, I’ll create an entry for UDP\xa0\n 39 00:04:09,919 --> 00:04:16,959 We don’t need to specify the source port, so\xa0\n 40 00:04:17,519 --> 00:04:25,039 And finally the port number. Do you remember\xa0\n 41 00:04:26,240 --> 00:04:33,199 Okay, now I’ll use the up arrow, and just change\xa0\n 42 00:04:33,199 --> 00:04:39,120 I’ll configure PERMIT IP ANY ANY to allow\xa0\n 43 00:04:40,000 --> 00:04:44,879 Following the rule of applying it close to\xa0\n 44 00:04:45,839 --> 00:04:54,399 INTERFACE G0/0. IP ACCESS-GROUP 100 IN. Okay, we\xa0\n 45 00:04:54,399 --> 00:05:01,519 works. I’ll return to PC1. Let’s try to ping\xa0\n 46 00:05:02,399 --> 00:05:09,120 PING SRV2. Now, PC1 shouldn’t be able to\xa0\n 47 00:05:09,120 --> 00:05:14,800 arrow to skip forward 30 seconds in packet\xa0\n 48 00:05:14,800 --> 00:05:21,920 see that it could not find host SRV2. So, PC1\xa0\n 49 00:05:21,920 --> 00:05:31,199 to learn SRV2’s IP address. How about if I just\xa0\n 50 00:05:32,639 --> 00:05:38,159 As usual the first one or two might fail because\xa0\n 51 00:05:38,160 --> 00:05:43,120 but then the ping succeeds. Okay, so we\xa0\n 52 00:05:45,120 --> 00:05:50,240 Now let’s make an ACL for the first and third\xa0\n 53 00:05:50,240 --> 00:05:59,600 172.16.2.0/24, so I’ll combine them into\xa0\n 54 00:06:01,279 --> 00:06:05,199 So, that first requirement is a\xa0\n 55 00:06:05,199 --> 00:06:19,439 PC1. DENY IP 172.16.2.0 0.0.0.255 host 172.16.1.1.\xa0\n 56 00:06:19,439 --> 00:06:26,639 as the protocol. Now let’s prevent this subnet\xa0\n 57 00:06:27,839 --> 00:06:34,000 First, let me go on PC3 and show you a website.\xa0\n 58 00:06:34,000 --> 00:06:40,319 DNS server, SRV1, so if I use the web\xa0\n 59 00:06:40,319 --> 00:06:47,519 ‘cisco.com’, PC3 should learn SRV2’s IP address\xa0\n 60 00:06:47,519 --> 00:06:53,279 a sample web page which is in Packet Tracer by\xa0\n 61 00:06:53,279 --> 00:07:00,239 we shouldn’t be able to access this web\xa0\n 62 00:07:00,240 --> 00:07:14,720 and HTTPS. DENY TCP, because both HTTP and HTTPS\xa0\n 63 00:07:15,439 --> 00:07:25,759 Then the destination IP. HOST 192.168.2.100.\xa0\n 64 00:07:25,759 --> 00:07:32,719 another entry and change the port number to 443,\xa0\n 65 00:07:33,279 --> 00:07:41,679 PERMIT IP ANY ANY. Now let’s apply it close to\xa0\n 66 00:07:41,680 --> 00:07:51,280 G0/1. IP ACCESS-GROUP 101 in. Okay, let’s try to\xa0\n 67 00:07:52,959 --> 00:07:58,479 First I’ll close the web browser and open\xa0\n 68 00:08:00,319 --> 00:08:05,599 No webpage appears, PC3 is being\xa0\n 69 00:08:05,600 --> 00:08:09,840 and the request times out. Now,\xa0\n 70 00:08:10,399 --> 00:08:16,639 Let’s go to the command prompt here on PC3\xa0\n 71 00:08:16,639 --> 00:08:25,360 able to use the DNS service on SRV1, so I’ll\xa0\n 72 00:08:25,360 --> 00:08:33,759 the ACL we just configured on R1 prevents PC3 from\xa0\n 73 00:08:33,759 --> 00:08:41,519 PC2. Wait a bit for PC3 to learn PC2’s IP address\xa0\n 74 00:08:43,519 --> 00:08:48,960 So, we have satisfied all requirements.\xa0\n 75 00:08:50,879 --> 00:08:57,200 Let me return to R1. And I’ll\xa0\n 76 00:08:58,799 --> 00:09:02,000 There they are, and you can see the\xa0\n 77 00:09:02,000 --> 00:09:09,440 of each ACL. That’s all for this lab. Next let’s\xa0\n 78 00:09:11,840 --> 00:09:17,920 Okay here's today's Boson NetSim lab preview. As\xa0\n 79 00:09:17,919 --> 00:09:22,639 NetSim. So if you want lots of practice\xa0\n 80 00:09:22,639 --> 00:09:31,679 NetSim is a great tool. Here is the lab topology.\xa0\n 81 00:09:31,679 --> 00:09:36,559 with Router1 and Router2, and then\xa0\n 82 00:09:38,879 --> 00:09:44,320 This time the command summary shows us the\xa0\n 83 00:09:44,320 --> 00:09:51,600 these are extended ACLs, not standard ACLs.\xa0\n 84 00:09:52,799 --> 00:09:58,240 Notice that Router2 is using router-on-a-stick\xa0\n 85 00:09:59,679 --> 00:10:05,199 because there are two VLANs here, two subnets,\xa0\n 86 00:10:05,200 --> 00:10:07,200 And that will be important\xa0\nlater, so remember that.\xa0\xa0 87 00:10:10,480 --> 00:10:14,000 Okay, and there is just a single\xa0\n 88 00:10:15,039 --> 00:10:20,879 So, for today's demo we will just complete up to\xa0\n 89 00:10:21,519 --> 00:10:25,840 apply extended ACL 101 to the correct\xa0\n 90 00:10:25,840 --> 00:10:35,120 we will create this ACL in step 6 and apply it in\xa0\n 91 00:10:35,120 --> 00:10:40,399 task you will configure multiple extended ACls\xa0\n 92 00:10:40,399 --> 00:10:45,840 and sources across the topology. You should use\xa0\n 93 00:10:46,720 --> 00:10:53,279 such as applying the ACL as close to the source\xa0\n 94 00:10:53,279 --> 00:10:59,279 each PC should remain able to ping the address of\xa0\n 95 00:10:59,279 --> 00:11:03,839 as I said before, we are not going to\xa0\n 96 00:11:05,440 --> 00:11:09,120 Pings to other destinations should succeed\xa0\n 97 00:11:10,799 --> 00:11:15,919 Okay, so let's get started. First, from each PC\xa0\n 98 00:11:15,919 --> 00:11:21,919 of both Router1 and Router2. So I will open\xa0\n 99 00:11:24,559 --> 00:11:27,839 And let's try those pings from PC1.\xa0\xa0 100 00:11:33,360 --> 00:11:36,159 Okay it works. And I'll try to ping Router2.\xa0\xa0 101 00:11:39,679 --> 00:11:42,879 Okay, and just for the sake of time I'll skip PC2.\xa0\xa0 102 00:11:42,879 --> 00:11:49,360 I know you don't want to watch me do a bunch of\xa0\n 103 00:11:53,440 --> 00:11:59,600 And Router2. I'm using Ctrl+C, that's what\xa0\n 104 00:12:00,320 --> 00:12:05,280 After I get a reply, that means the ping\xa0\n 105 00:12:08,879 --> 00:12:13,360 Okay, next. From each PC, verify that you\xa0\n 106 00:12:14,559 --> 00:12:28,079 Okay, from PC1. I'll ping PC2. And it works.\xa0\n 107 00:12:29,279 --> 00:12:33,919 So, because we were able to ping and get a\xa0\n 108 00:12:33,919 --> 00:12:42,079 between PC1 and PC2, and PC1 and PC3. So the\xa0\n 109 00:12:46,080 --> 00:12:51,840 Okay, and we get a reply, so we have also\xa0\n 110 00:12:53,919 --> 00:12:59,759 Next up, in steps 3, 4, and 5, we are going to\xa0\n 111 00:12:59,759 --> 00:13:06,799 different PCs. I showed you Telnet briefly in the\xa0\n 112 00:13:06,799 --> 00:13:16,879 in-depth later in the course. So, first from PC1\xa0\n 113 00:13:18,080 --> 00:13:23,360 Okay, and because I get this password prompt to\xa0\n 114 00:13:23,360 --> 00:13:28,480 I was able to connect to Router2 with Telnet.\xa0\n 115 00:13:29,840 --> 00:13:33,759 And it works. It says up here, all\xa0\n 116 00:13:33,759 --> 00:13:40,559 boson. Okay, and the prompt is now\xa0\n 117 00:13:41,360 --> 00:13:53,600 and then from PC2 and PC3, Telnet to\xa0\n 118 00:13:58,639 --> 00:14:05,360 Okay, great. So, step 6. On the appropriate\xa0\n 119 00:14:06,399 --> 00:14:13,279 The ACL should permit Telnet traffic from\xa0\n 120 00:14:14,559 --> 00:14:21,359 Limit the ACL you create to a single rule.\xa0\n 121 00:14:21,360 --> 00:14:28,000 and destination wildcard mask. Okay, so a\xa0\n 122 00:14:28,879 --> 00:14:35,919 which allows both PC2 and PC3 to\xa0\n 123 00:14:38,080 --> 00:14:44,000 So, where should I create the ACL, what is the\xa0\n 124 00:14:44,000 --> 00:14:49,279 ACLs we're making, so we should create and\xa0\n 125 00:14:50,159 --> 00:14:57,839 In this case, the source is PC2 and PC3, so\xa0\n 126 00:15:03,120 --> 00:15:09,440 Okay, I'll configure it right here from\xa0\n 127 00:15:10,480 --> 00:15:16,960 now next is the protocol. Telnet\xa0\n 128 00:15:17,919 --> 00:15:28,719 TCP. And next up the source IP address. 10.10.,\xa0\n 129 00:15:29,679 --> 00:15:40,479 so both of these subnets, 10.10.2.102/24 and\xa0\n 130 00:15:43,759 --> 00:15:56,799 10.10.2.0, and a /23 subnet mask should work,\xa0\n 131 00:15:56,799 --> 00:16:05,199 source port number. So next is the destination\xa0\n 132 00:16:06,240 --> 00:16:13,039 Finally, the destination port. This is where we\xa0\n 133 00:16:14,480 --> 00:16:19,920 And now I can either specify the keyword,\xa0\n 134 00:16:20,960 --> 00:16:28,560 I'll use the keyword, TELNET. There we go.\xa0\n 135 00:16:28,559 --> 00:16:32,639 have to apply it to the correct interface\xa0\n 136 00:16:33,840 --> 00:16:38,080 Apply extended ACL 101 to the correct\xa0\n 137 00:16:40,240 --> 00:16:46,879 So, the interface that is connected to\xa0\n 138 00:16:48,559 --> 00:16:54,639 this one here, FastEthernet1/0. However, we\xa0\n 139 00:16:54,639 --> 00:17:01,199 that will not work. So, we can either apply\xa0\n 140 00:17:01,200 --> 00:17:09,360 FastEthernet1/0.2, 1/0.3. Or instead of doing that\xa0\n 141 00:17:10,000 --> 00:17:18,000 we could also outbound on this interface\xa0\n 142 00:17:18,000 --> 00:17:21,519 Let's do that, since it's simpler. We just\xa0\n 143 00:17:22,079 --> 00:17:31,119 So I will apply it outbound on FastEthernet0/0.\xa0\n 144 00:17:31,119 --> 00:17:36,799 the ACL will be checked when Router2 forwards\xa0\n 145 00:17:36,799 --> 00:17:42,960 which is here. It won't check it when it receives\xa0\n 146 00:17:45,200 --> 00:18:02,080 Or sorry, not 0/1, 1/0. Okay, so INTERFACE F0/0.\xa0\n 147 00:18:02,079 --> 00:18:18,480 ping from PC2 to Router1's loopback0 interface.\xa0\n 148 00:18:19,279 --> 00:18:27,680 our ACL only permits Telnet from PC2 and PC3 to\xa0\n 149 00:18:27,680 --> 00:18:33,840 just a single line. That means any traffic that\xa0\n 150 00:18:33,839 --> 00:18:41,039 implicit deny at the end of the ACL. So currently\xa0\n 151 00:18:43,279 --> 00:18:48,559 The task description here said that each PC should\xa0\n 152 00:18:48,559 --> 00:18:53,679 interface on each router, so I assume later,\xa0\n 153 00:18:55,680 --> 00:19:00,480 But let me just check that PC3 also\xa0\n 154 00:19:04,000 --> 00:19:10,960 Okay, it also doesn't work. How about Telnet?\xa0\n 155 00:19:10,960 --> 00:19:25,039 to Router1's loopback interface. And it works,\xa0\n 156 00:19:27,599 --> 00:19:31,279 And let's just take a look at that\xa0\n 157 00:19:36,400 --> 00:19:44,080 There it is, so we are permitting TCP traffic\xa0\n 158 00:19:44,960 --> 00:19:52,960 to host 1.1.1.1, destination port of 23, Telnet.\xa0\n 159 00:19:52,960 --> 00:20:00,160 the implicit deny at the end of the ACL. Okay,\xa0\n 160 00:20:00,799 --> 00:20:10,079 but we'll end today's lab demo here. And I will\xa0\n 161 00:20:10,079 --> 00:20:13,359 aren't done with the lab it says you missed one\xa0\n 162 00:20:14,240 --> 00:20:21,680 I just want to check Router2's configuration,\xa0\n 163 00:20:21,680 --> 00:20:29,279 we did get that entry correct, permitting the\xa0\n 164 00:20:29,279 --> 00:20:35,519 in one of the later steps, looks like we add a\xa0\n 165 00:20:38,400 --> 00:20:43,600 Okay, so that's Boson NetSim for CCNA. If you\xa0\n 166 00:20:43,599 --> 00:20:48,319 in the video description. As you can see here,\xa0\n 167 00:20:48,880 --> 00:20:53,520 all very in-depth, very good for testing\xa0\n 168 00:20:53,519 --> 00:20:57,599 configuring and troubleshooting. Once again,\xa0\n 169 00:21:01,039 --> 00:21:05,279 Before finishing today’s video I want\xa0\n 170 00:21:05,920 --> 00:21:12,000 To join, please click the ‘Join’ button under\xa0\n 171 00:21:12,640 --> 00:21:19,120 Njabulo, Benjamin, Tshepiso, Justin, Prakaash,\xa0\n 172 00:21:19,119 --> 00:21:23,919 Jhilmar, Ed, Value, John, Funnydart,\xa0\n 173 00:21:23,920 --> 00:21:27,200 Boson Software, Devin, Lito, Yonatan, and Vance.\xa0\xa0 174 00:21:28,079 --> 00:21:32,079 Sorry if I pronounced your name incorrectly,\xa0\n 175 00:21:32,799 --> 00:21:38,319 This is the list of JCNP-level members at the\xa0\n 176 00:21:38,880 --> 00:21:43,840 if you signed up recently and your name isn’t\xa0\n 177 00:21:45,839 --> 00:21:48,879 Thank you for watching. Please\xa0\n 178 00:21:48,880 --> 00:21:53,600 like the video, leave a comment, and share the\xa0\n 179 00:21:54,720 --> 00:22:00,319 If you want to leave a tip, check the links in the\xa0\n 180 00:22:00,319 --> 00:22:06,879 and accept BAT, or Basic Attention Token, tips\xa0\n 15308