Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,040 --> 00:00:06,080 Welcome to Jeremy’s IT Lab. This is\xa0\n 2 00:00:06,879 --> 00:00:10,400 If you like these videos, please\xa0\n 3 00:00:11,119 --> 00:00:15,599 Also, please like and leave a comment, and share\xa0\n 4 00:00:15,599 --> 00:00:20,640 videos. Thanks for your help. Also, remember\xa0\n 5 00:00:20,640 --> 00:00:25,359 get all of the lab files for this course, so\xa0\n 6 00:00:26,960 --> 00:00:30,000 If you want more labs like these,\xa0\n 7 00:00:30,000 --> 00:00:35,200 Boson’s NetSim for the CCNA, click the link\xa0\n 8 00:00:35,920 --> 00:00:40,560 It’s a network simulator like packet tracer, but\xa0\n 9 00:00:40,560 --> 00:00:45,359 guided labs to not only help you get hands-on\xa0\n 10 00:00:45,359 --> 00:00:50,719 but also deepen your understanding of the exam\xa0\n 11 00:00:50,719 --> 00:00:54,560 certifications, so I feel confident\xa0\n 12 00:00:55,359 --> 00:00:59,679 If you want to get your own copy of NetSim,\xa0\n 13 00:01:01,439 --> 00:01:06,879 In today’s video we’ll practice configuring\xa0\n 14 00:01:06,879 --> 00:01:13,759 little OSPF also. Standard ACLs can be used to\xa0\n 15 00:01:13,760 --> 00:01:20,080 of the packet, and then either permit or deny\xa0\n 16 00:01:20,079 --> 00:01:25,840 standard numbered ACLs and standard named\xa0\n 17 00:01:27,359 --> 00:01:33,120 So let’s get right into it. Step 1 says to\xa0\n 18 00:01:33,120 --> 00:01:39,200 connectivity between the devices. We don’t\xa0\n 19 00:01:39,200 --> 00:01:43,200 let’s just simply enable it on\xa0\n 20 00:01:45,359 --> 00:01:52,799 ENABLE. CONF T. ROUTER OSPF 1. I’ll enable\xa0\n 21 00:01:53,519 --> 00:02:07,359 NETWORK 172.16.0.0 0.0.255.255 AREA 0. And now\xa0\n 22 00:02:07,359 --> 00:02:15,439 AREA 0. Let’s see if it was enabled on\xa0\n 23 00:02:17,199 --> 00:02:25,119 Okay, we can see gigabitethernet 0/0, 0/1, and\xa0\n 24 00:02:26,960 --> 00:02:28,560 Let’s do the same on R2.\xa0\xa0 25 00:02:32,000 --> 00:02:40,560 ENABLE. CONF T. ROUTER OSPF 1. Again, I’ll enable\xa0\n 26 00:02:41,520 --> 00:02:55,200 NETWORK 192.168.0.0 0.0.255.255 AREA 0. And then\xa0\n 27 00:02:55,759 --> 00:03:06,319 AREA 0. And let’s check. DO SHOW IP OSPF\xa0\n 28 00:03:06,319 --> 00:03:14,479 and serial 0/0/0. Let’s make sure they are\xa0\n 29 00:03:16,159 --> 00:03:22,560 There’s R1, in the full state. Notice the dash\xa0\n 30 00:03:22,560 --> 00:03:30,800 the OSPF network type is point-to-point, so no DR\xa0\n 31 00:03:30,800 --> 00:03:42,080 table. DO SHOW IP ROUTE. R2 learned routes\xa0\n 32 00:03:43,520 --> 00:03:55,840 How about on R1? DO SHOW IP ROUTE. R1 learned\xa0\n 33 00:03:56,639 --> 00:04:01,919 So, our OSPF configuration is working and we\xa0\n 34 00:04:03,520 --> 00:04:07,520 Now let’s restrict some of that traffic\xa0\n 35 00:04:08,639 --> 00:04:13,839 Four requirements are listed, and in this case\xa0\n 36 00:04:15,280 --> 00:04:21,439 To get practice with both numbered and named\xa0\n 37 00:04:21,439 --> 00:04:29,120 named ACLs on R2. As I said in the lecture video,\xa0\n 38 00:04:29,120 --> 00:04:33,920 your configurations don’t have to be exactly\xa0\n 39 00:04:35,680 --> 00:04:45,120 The first two requirements are about restricting\xa0\n 40 00:04:45,120 --> 00:04:50,560 should be configured as close to the destination\xa0\n 41 00:04:50,560 --> 00:05:01,839 R2. So let’s return to R2 and configure that first\xa0\n 42 00:05:01,839 --> 00:05:08,479 So, I can make two permit entries, one each\xa0\n 43 00:05:09,439 --> 00:05:16,959 The command to enter standard named ACL config\xa0\n 44 00:05:17,547 --> 00:05:34,879 TO_192.168.1.0/24. Now I’ll permit PC1 . PERMIT\xa0\n 45 00:05:36,079 --> 00:05:41,519 So, PC1 and PC3 are both permitted, and all\xa0\n 46 00:05:41,519 --> 00:05:48,159 ‘implicit deny’ at the end of all ACLs. However,\xa0\n 47 00:05:48,160 --> 00:05:53,439 at the end anyway, just to make it clear. It’s\xa0\n 48 00:05:55,759 --> 00:06:00,959 Okay, so the ACL has been created, but it’s not\xa0\n 49 00:06:00,959 --> 00:06:10,000 an interface. We want to restrict traffic entering\xa0\n 50 00:06:11,439 --> 00:06:24,319 INTERFACE G0/0. IP ACCESS-GROUP TO_192.168.1.0/24\xa0\n 51 00:06:24,319 --> 00:06:30,639 to an interface uses ACCESS-GROUP, not\xa0\n 52 00:06:30,639 --> 00:06:36,319 working. For the sake of time in this video I\xa0\n 53 00:06:36,319 --> 00:06:41,519 but I still want to demonstrate a little.\xa0\n 54 00:06:45,920 --> 00:06:54,319 PING 192.168.1.100. Because the ARP process\xa0\n 55 00:06:54,319 --> 00:06:58,079 but after that we can see that\xa0\n 56 00:06:59,519 --> 00:07:05,199 How about PC2? It shouldn’t be able to\xa0\n 57 00:07:07,439 --> 00:07:17,439 PING 192.168.1.100. So, 203.0.113.2, which\xa0\n 58 00:07:18,319 --> 00:07:24,800 PC2 has been blocked from accessing SRV1.\xa0\n 59 00:07:24,800 --> 00:07:31,040 we’d find that PC3 can reach SRV1 but PC4 can’t.\xa0\n 60 00:07:32,879 --> 00:07:40,079 Hosts in 172.16.2.0/24\xa0\ncan’t access 192.168.2.0/24.\xa0\xa0 61 00:07:40,720 --> 00:07:46,800 Again let’s configure an ACL\xa0\n 62 00:07:47,600 --> 00:08:02,640 and I’ll name it TO_192.168.2.0/24. So, let’s\xa0\n 63 00:08:04,000 --> 00:08:09,759 However we don’t want to restrict any other\xa0\n 64 00:08:09,759 --> 00:08:17,599 to allow all other traffic. And finally, let’s\xa0\n 65 00:08:19,279 --> 00:08:30,399 IP ACCESS-GROUP TO_192.168.2.0/24 OUT. Why this\xa0\n 66 00:08:30,399 --> 00:08:35,199 applied as close to the destination as possible,\xa0\n 67 00:08:35,200 --> 00:08:44,800 for the 192.168.2.0/24 network. Now I’ll quickly\xa0\n 68 00:08:46,159 --> 00:08:54,079 PC1 should be able to reach SRV2,\xa0\n 69 00:08:54,080 --> 00:09:00,000 a ping or two might be lost until the ARP process\xa0\n 70 00:09:01,840 --> 00:09:12,080 But if we try from PC3, the ping should\xa0\n 71 00:09:14,000 --> 00:09:17,440 We get that same message,\xa0\n 72 00:09:18,399 --> 00:09:23,360 Now, I’ll return to R2 and let’s take a look at\xa0\n 73 00:09:24,879 --> 00:09:31,519 DO SHOW ACCESS-LISTS. Here you can see\xa0\n 74 00:09:31,519 --> 00:09:36,559 packets matched each entry of each ACL,\xa0\n 75 00:09:39,120 --> 00:09:45,759 Okay, finally we have to use ACLs\xa0\n 76 00:09:45,759 --> 00:09:50,799 and 2.0/24 subnets from\xa0\n 77 00:09:53,120 --> 00:09:57,519 I’ll configure the two ACLs first and then\xa0\n 78 00:09:59,360 --> 00:10:03,840 First up, I’ll configure\xa0\nACL 1 to deny 172.16.1.0/24\xa0\xa0 79 00:10:04,879 --> 00:10:11,279 but permit all other traffic. Remember, although\xa0\n 80 00:10:11,919 --> 00:10:23,039 numbered ACLs just use ACCESS-LIST. So,\xa0\n 81 00:10:24,559 --> 00:10:32,079 Then I’ll permit all other traffic.\xa0\n 82 00:10:32,879 --> 00:10:41,200 Now I’ll just use the up arrow and edit this\xa0\n 83 00:10:43,279 --> 00:10:50,319 Then do the same for the PERMIT ANY. And\xa0\n 84 00:10:52,000 --> 00:11:02,720 Okay, ACL1 denies 172.16.1.0/24 but permits all\xa0\n 85 00:11:02,720 --> 00:11:10,720 but permits all other traffic. Now let’s\xa0\n 86 00:11:12,240 --> 00:11:23,013 INTERFACE G0/1. IP ACCESS-GROUP 1 OUT.\xa0\n 87 00:11:23,013 --> 00:11:33,200 from accessing 2.0/24. And next, INTERFACE\xa0\n 88 00:11:33,200 --> 00:11:44,320 traffic from 172.16.2.0/24 from accessing 1.0/24.\xa0\n 89 00:11:45,200 --> 00:11:51,440 Let me show you something new. Here\xa0\n 90 00:11:52,159 --> 00:12:00,000 followed by PC3’s IP address, 172.16.2.1. This\xa0\n 91 00:12:00,960 --> 00:12:07,680 You can stop it with CTRL + C, but I’ll leave\xa0\n 92 00:12:08,720 --> 00:12:22,000 Now I’ll do the same from PC3 to PC1. PING\xa0\n 93 00:12:23,360 --> 00:12:26,960 Now I’ll go back on R1,\xa0\nand let’s check those ACLs.\xa0\xa0 94 00:12:29,039 --> 00:12:36,000 DO SHOW ACCESS-LISTS. Notice how many matches\xa0\n 95 00:12:36,000 --> 00:12:43,039 those pings between PC1 and PC3 are being blocked.\xa0\n 96 00:12:43,039 --> 00:12:49,839 you can see the count keeps going up. Okay, in\xa0\n 97 00:12:49,840 --> 00:12:55,519 to allow full connectivity in the network, and\xa0\n 98 00:12:55,519 --> 00:13:02,000 traffic. That’s all for this lab. Now let’s\xa0\n 99 00:13:04,720 --> 00:13:10,960 Okay, here's today's Boson NetSim lab preview.\xa0\n 100 00:13:11,600 --> 00:13:19,600 labs for ACLs. Here in the security fundamentals\xa0\n 101 00:13:19,600 --> 00:13:25,840 ACls. That's right, 20, 2 0. So, if you're\xa0\n 102 00:13:25,840 --> 00:13:32,160 practice labbing ACLs, you gotta get NetSim.\xa0\n 103 00:13:32,159 --> 00:13:37,759 in NetSim for ACLs, you're set for the CCNA exam,\xa0\n 104 00:13:38,559 --> 00:13:44,959 Okay, so the one I've chosen to show you\xa0\n 105 00:13:46,399 --> 00:13:50,720 So, the objective is 'practice configuring\xa0\n 106 00:13:50,720 --> 00:13:58,160 Pretty simple. Here's the topology,\xa0\n 107 00:13:58,720 --> 00:14:06,879 And then Router2 with Switch2 and 3, PC2 and PC3,\xa0\n 108 00:14:06,879 --> 00:14:12,720 need to know. So in this lab we are configuring\xa0\n 109 00:14:14,960 --> 00:14:20,080 Okay, here are the IP addresses on each device.\xa0\n 110 00:14:21,120 --> 00:14:24,240 and Router2 is using router\xa0\n 111 00:14:24,960 --> 00:14:29,840 subinterfaces here for interVLAN\xa0\n 112 00:14:33,919 --> 00:14:40,959 Okay, here are the lab tasks. Task 1, I think\xa0\n 113 00:14:40,960 --> 00:14:45,920 configuring standard ACLs. Okay, so you\xa0\n 114 00:14:46,480 --> 00:14:52,639 Just notice the passwords are configured as\xa0\n 115 00:14:52,639 --> 00:14:56,799 can ping the loopback0 interface\xa0\n 116 00:14:57,679 --> 00:15:02,239 So, if you look at these log messages here you\xa0\n 117 00:15:03,840 --> 00:15:09,120 so hopefully these PCs can ping\xa0\n 118 00:15:11,360 --> 00:15:18,399 Here's Router1's loopback, okay it works. I\xa0\n 119 00:15:21,679 --> 00:15:26,319 And Router2's loopback, that works. Next, PC2.\xa0\xa0 120 00:15:36,320 --> 00:15:40,160 And that works as well. And finally on PC3.\xa0\xa0 121 00:15:45,440 --> 00:15:49,120 Okay, and last, Router2's loopback.\xa0\xa0 122 00:15:51,200 --> 00:15:59,600 That works as well. Okay, from each PC verify\xa0\n 123 00:16:00,879 --> 00:16:04,720 Okay, I'm just for the sake of time I'm\xa0\n 124 00:16:04,720 --> 00:16:18,000 the routes here on the routers. So, Router1 has\xa0\n 125 00:16:19,039 --> 00:16:26,240 which is VLAN3. And also, VLAN1 is directly\xa0\n 126 00:16:29,840 --> 00:16:37,840 SHOW IP ROUTE. And it learned, from OSPF, a route\xa0\n 127 00:16:39,679 --> 00:16:46,959 Okay, next step 3. From each PC, verify that you\xa0\n 128 00:16:46,960 --> 00:16:50,320 Telnet is something we haven't\xa0\n 129 00:16:50,879 --> 00:16:55,360 connecting to a device, like a router\xa0\n 130 00:16:57,440 --> 00:17:03,840 So, Telnet to Router1, and it works.\xa0\n 131 00:17:05,039 --> 00:17:11,279 but I've connected to Router1 and I can configure\xa0\n 132 00:17:11,279 --> 00:17:20,000 Router1. But I'm going to exit out of there. Okay,\xa0\n 133 00:17:22,720 --> 00:17:28,559 Enter the password and I'm connected to Router1.\xa0\n 134 00:17:28,559 --> 00:17:34,960 course, so don't worry about it for now. Okay,\xa0\n 135 00:17:38,640 --> 00:17:43,040 Okay, looks good. Alright,\xa0\n 136 00:17:45,440 --> 00:17:51,279 Okay, so step 4. Create standard ACL1 and\xa0\n 137 00:17:52,960 --> 00:17:57,600 and VLAN3. All other traffic sources\xa0\n 138 00:17:58,160 --> 00:18:01,600 Use no more than 2 rules when configuring ACL1.\xa0\xa0 139 00:18:03,680 --> 00:18:10,320 Okay, ACL1, let me see where I have to apply\xa0\n 140 00:18:10,960 --> 00:18:17,519 and in a direction that will prevent traffic from\xa0\n 141 00:18:17,519 --> 00:18:27,839 on Router1. Okay, so let's think about that.\xa0\n 142 00:18:28,559 --> 00:18:34,399 from connecting to any of these networks.\xa0\n 143 00:18:34,400 --> 00:18:42,000 on Router1. So I think we should configure the ACL\xa0\n 144 00:18:42,000 --> 00:18:48,240 so when traffic tries to come to Router1 from\xa0\n 145 00:18:53,519 --> 00:19:06,319 Okay, so, deny traffic from VLAN2 and VLAN3. So\xa0\n 146 00:19:07,200 --> 00:19:18,640 10.10.2.0. And for the wildcard mask I'm going to\xa0\n 147 00:19:19,680 --> 00:19:31,519 0.0.1.255. And I hope I'm correct about that.\xa0\n 148 00:19:34,079 --> 00:19:37,759 And then I will create a\xa0\n 149 00:19:38,480 --> 00:19:44,480 PERMIT ANY. Because it only says to block traffic\xa0\n 150 00:19:44,480 --> 00:19:52,880 about other traffic, so we should permit it. Okay,\xa0\n 151 00:19:52,880 --> 00:19:59,280 in a direction that will prevent traffic...okay,\xa0\n 152 00:19:59,279 --> 00:20:11,839 It is this one here, fastethernet0/0, is the\xa0\n 153 00:20:16,240 --> 00:20:22,400 Okay, and then we will try to telnet\xa0\n 154 00:20:22,960 --> 00:20:30,960 So from PC1 both should work. Okay, so that\xa0\n 155 00:20:33,599 --> 00:20:37,359 and that works as well. Now from PC2 and PC3,\xa0\xa0 156 00:20:37,359 --> 00:20:40,639 if our ACL is configured\xa0\n 157 00:20:44,880 --> 00:20:48,320 Yes, so that didn't work. It says trying 1.1.1.1,\xa0\xa0 158 00:20:48,319 --> 00:20:52,000 but then it just returned us to the command\xa0\n 159 00:20:55,759 --> 00:21:07,359 Destination host unreachable, okay. Next\xa0\n 160 00:21:07,359 --> 00:21:13,759 same thing, doesn't work. PING 1.1.1.1.\xa0\n 161 00:21:15,680 --> 00:21:21,759 Okay next, step 8, create standard ACL 2 and\xa0\n 162 00:21:22,799 --> 00:21:26,559 All other traffic sources should be\xa0\n 163 00:21:26,559 --> 00:21:32,720 okay. And apply standard ACL 2 to an interface and\xa0\n 164 00:21:33,519 --> 00:21:36,160 from pretending to reside on VLAN 1.\xa0\xa0 165 00:21:39,920 --> 00:21:46,320 Okay, prevent remote networks from pretending to\xa0\n 166 00:21:49,279 --> 00:21:56,319 So let's say there is a PC here in VLAN 2\xa0\n 167 00:21:56,319 --> 00:21:59,679 doesn't have to be here, it could be connected\xa0\n 168 00:21:59,680 --> 00:22:04,880 connected to Router2. And it wants to\xa0\n 169 00:22:05,680 --> 00:22:09,120 So it sends a ping to Router1, and the source\xa0\xa0 170 00:22:09,680 --> 00:22:18,080 is in VLAN 1, and the destination is in VLAN\xa0\n 171 00:22:18,079 --> 00:22:24,960 if we place an ACL outbound on this interface,\xa0\n 172 00:22:27,680 --> 00:22:33,920 blocking all traffic with a source in VLAN 1\xa0\n 173 00:22:35,200 --> 00:22:38,640 So, traffic from VLAN 1\xa0\nwill still be able to exit.\xa0\xa0 174 00:22:39,519 --> 00:22:45,119 But because we applied it outbound on this\xa0\n 175 00:22:45,119 --> 00:22:50,079 1 won't be able to enter. So, this is a security\xa0\n 176 00:22:50,079 --> 00:22:53,839 the course, so don't worry about it if you don't\xa0\n 177 00:22:58,480 --> 00:23:01,120 So, let's configure that here on Router1.\xa0\xa0 178 00:23:05,279 --> 00:23:21,359 ACCESS-LIST 2 DENY 10.10.1.0 /24. And permit other\xa0\n 179 00:23:21,359 --> 00:23:28,799 ACCESS-LIST 2 PERMIT ANY. And then I will apply it\xa0\n 180 00:23:32,079 --> 00:23:35,839 IP ACCESS-GROUP 2 OUT.\xa0\xa0 181 00:23:39,440 --> 00:23:43,360 Okay, display and examine the rules\xa0\n 182 00:23:44,640 --> 00:23:50,960 So I'll do that with DO SHOW\xa0\n 183 00:23:52,720 --> 00:23:56,640 As you can see, we've already got some\xa0\n 184 00:23:57,440 --> 00:24:03,120 telnet and ping. Okay, based on what you\xa0\n 185 00:24:03,119 --> 00:24:09,839 1 or ACL 2 to an interface and in a direction\xa0\n 186 00:24:10,480 --> 00:24:17,839 from pretending to be hosts on VLAN2 or VLAN3.\xa0\n 187 00:24:19,200 --> 00:24:25,519 So, ACL 1 matches these source\xa0\n 188 00:24:26,079 --> 00:24:32,480 source, all the traffic should be entering this\xa0\n 189 00:24:32,480 --> 00:24:39,413 exiting this interface. So, I'll apply the ACL\xa0\n 190 00:24:41,119 --> 00:24:49,599 Yes, that is correct. Okay, INTERFACE\xa0\n 191 00:24:52,720 --> 00:24:55,440 Okay, and that is all for the lab. So,\xa0\xa0 192 00:24:56,000 --> 00:25:01,440 I will use the grade lab function, click on\xa0\n 193 00:25:03,920 --> 00:25:08,160 Okay, that is correct. You completed\xa0\n 194 00:25:08,160 --> 00:25:13,840 the configuration of each device, nothing is\xa0\n 195 00:25:16,319 --> 00:25:21,679 Okay, so there is a lab from Boson NetSim.\xa0\n 196 00:25:21,680 --> 00:25:26,480 parts in it. So that's the thing I like about\xa0\n 197 00:25:26,480 --> 00:25:31,920 some of them are more complex, and some\xa0\n 198 00:25:31,920 --> 00:25:37,279 as I said before, 20 labs for ACLs here, so\xa0\n 199 00:25:37,279 --> 00:25:43,039 control lists. If you want to get Boson NetSim,\xa0\n 200 00:25:45,279 --> 00:25:49,519 Before finishing today’s video I want\xa0\n 201 00:25:50,240 --> 00:25:56,640 To join, please click the ‘Join’ button under\xa0\n 202 00:25:56,640 --> 00:26:04,320 TheGunguy, l33america, Njabulo, Benjamin,\xa0\n 203 00:26:04,319 --> 00:26:12,319 Apogee, Marko, Flodo, Daming, Joshua, Jhilmar,\xa0\n 204 00:26:12,319 --> 00:26:18,559 Velvijaykum, C Mohd, Mark, Yousif, Sidi, Boson\xa0\n 205 00:26:19,440 --> 00:26:23,840 Sorry if I pronounced your name incorrectly,\xa0\n 206 00:26:24,480 --> 00:26:30,799 This is the list of JCNP-level members at the\xa0\n 207 00:26:31,599 --> 00:26:37,839 if you signed up recently and your name isn’t\xa0\n 208 00:26:39,039 --> 00:26:42,079 Thank you for watching. Please\xa0\n 209 00:26:42,079 --> 00:26:46,799 like the video, leave a comment, and share the\xa0\n 210 00:26:47,920 --> 00:26:53,519 If you want to leave a tip, check the links in the\xa0\n 211 00:26:53,519 --> 00:27:00,079 and accept BAT, or Basic Attention Token, tips\xa0\n 17868