Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,040 --> 00:00:06,080
Welcome to Jeremy’s IT Lab. This is\xa0\n
2
00:00:06,879 --> 00:00:10,400
If you like these videos, please\xa0\n
3
00:00:11,119 --> 00:00:15,599
Also, please like and leave a comment, and share\xa0\n
4
00:00:15,599 --> 00:00:20,640
videos. Thanks for your help. Also, remember\xa0\n
5
00:00:20,640 --> 00:00:25,359
get all of the lab files for this course, so\xa0\n
6
00:00:26,960 --> 00:00:30,000
If you want more labs like these,\xa0\n
7
00:00:30,000 --> 00:00:35,200
Boson’s NetSim for the CCNA, click the link\xa0\n
8
00:00:35,920 --> 00:00:40,560
It’s a network simulator like packet tracer, but\xa0\n
9
00:00:40,560 --> 00:00:45,359
guided labs to not only help you get hands-on\xa0\n
10
00:00:45,359 --> 00:00:50,719
but also deepen your understanding of the exam\xa0\n
11
00:00:50,719 --> 00:00:54,560
certifications, so I feel confident\xa0\n
12
00:00:55,359 --> 00:00:59,679
If you want to get your own copy of NetSim,\xa0\n
13
00:01:01,439 --> 00:01:06,879
In today’s video we’ll practice configuring\xa0\n
14
00:01:06,879 --> 00:01:13,759
little OSPF also. Standard ACLs can be used to\xa0\n
15
00:01:13,760 --> 00:01:20,080
of the packet, and then either permit or deny\xa0\n
16
00:01:20,079 --> 00:01:25,840
standard numbered ACLs and standard named\xa0\n
17
00:01:27,359 --> 00:01:33,120
So let’s get right into it. Step 1 says to\xa0\n
18
00:01:33,120 --> 00:01:39,200
connectivity between the devices. We don’t\xa0\n
19
00:01:39,200 --> 00:01:43,200
let’s just simply enable it on\xa0\n
20
00:01:45,359 --> 00:01:52,799
ENABLE. CONF T. ROUTER OSPF 1. I’ll enable\xa0\n
21
00:01:53,519 --> 00:02:07,359
NETWORK 172.16.0.0 0.0.255.255 AREA 0. And now\xa0\n
22
00:02:07,359 --> 00:02:15,439
AREA 0. Let’s see if it was enabled on\xa0\n
23
00:02:17,199 --> 00:02:25,119
Okay, we can see gigabitethernet 0/0, 0/1, and\xa0\n
24
00:02:26,960 --> 00:02:28,560
Let’s do the same on R2.\xa0\xa0
25
00:02:32,000 --> 00:02:40,560
ENABLE. CONF T. ROUTER OSPF 1. Again, I’ll enable\xa0\n
26
00:02:41,520 --> 00:02:55,200
NETWORK 192.168.0.0 0.0.255.255 AREA 0. And then\xa0\n
27
00:02:55,759 --> 00:03:06,319
AREA 0. And let’s check. DO SHOW IP OSPF\xa0\n
28
00:03:06,319 --> 00:03:14,479
and serial 0/0/0. Let’s make sure they are\xa0\n
29
00:03:16,159 --> 00:03:22,560
There’s R1, in the full state. Notice the dash\xa0\n
30
00:03:22,560 --> 00:03:30,800
the OSPF network type is point-to-point, so no DR\xa0\n
31
00:03:30,800 --> 00:03:42,080
table. DO SHOW IP ROUTE. R2 learned routes\xa0\n
32
00:03:43,520 --> 00:03:55,840
How about on R1? DO SHOW IP ROUTE. R1 learned\xa0\n
33
00:03:56,639 --> 00:04:01,919
So, our OSPF configuration is working and we\xa0\n
34
00:04:03,520 --> 00:04:07,520
Now let’s restrict some of that traffic\xa0\n
35
00:04:08,639 --> 00:04:13,839
Four requirements are listed, and in this case\xa0\n
36
00:04:15,280 --> 00:04:21,439
To get practice with both numbered and named\xa0\n
37
00:04:21,439 --> 00:04:29,120
named ACLs on R2. As I said in the lecture video,\xa0\n
38
00:04:29,120 --> 00:04:33,920
your configurations don’t have to be exactly\xa0\n
39
00:04:35,680 --> 00:04:45,120
The first two requirements are about restricting\xa0\n
40
00:04:45,120 --> 00:04:50,560
should be configured as close to the destination\xa0\n
41
00:04:50,560 --> 00:05:01,839
R2. So let’s return to R2 and configure that first\xa0\n
42
00:05:01,839 --> 00:05:08,479
So, I can make two permit entries, one each\xa0\n
43
00:05:09,439 --> 00:05:16,959
The command to enter standard named ACL config\xa0\n
44
00:05:17,547 --> 00:05:34,879
TO_192.168.1.0/24. Now I’ll permit PC1 . PERMIT\xa0\n
45
00:05:36,079 --> 00:05:41,519
So, PC1 and PC3 are both permitted, and all\xa0\n
46
00:05:41,519 --> 00:05:48,159
‘implicit deny’ at the end of all ACLs. However,\xa0\n
47
00:05:48,160 --> 00:05:53,439
at the end anyway, just to make it clear. It’s\xa0\n
48
00:05:55,759 --> 00:06:00,959
Okay, so the ACL has been created, but it’s not\xa0\n
49
00:06:00,959 --> 00:06:10,000
an interface. We want to restrict traffic entering\xa0\n
50
00:06:11,439 --> 00:06:24,319
INTERFACE G0/0. IP ACCESS-GROUP TO_192.168.1.0/24\xa0\n
51
00:06:24,319 --> 00:06:30,639
to an interface uses ACCESS-GROUP, not\xa0\n
52
00:06:30,639 --> 00:06:36,319
working. For the sake of time in this video I\xa0\n
53
00:06:36,319 --> 00:06:41,519
but I still want to demonstrate a little.\xa0\n
54
00:06:45,920 --> 00:06:54,319
PING 192.168.1.100. Because the ARP process\xa0\n
55
00:06:54,319 --> 00:06:58,079
but after that we can see that\xa0\n
56
00:06:59,519 --> 00:07:05,199
How about PC2? It shouldn’t be able to\xa0\n
57
00:07:07,439 --> 00:07:17,439
PING 192.168.1.100. So, 203.0.113.2, which\xa0\n
58
00:07:18,319 --> 00:07:24,800
PC2 has been blocked from accessing SRV1.\xa0\n
59
00:07:24,800 --> 00:07:31,040
we’d find that PC3 can reach SRV1 but PC4 can’t.\xa0\n
60
00:07:32,879 --> 00:07:40,079
Hosts in 172.16.2.0/24\xa0\ncan’t access 192.168.2.0/24.\xa0\xa0
61
00:07:40,720 --> 00:07:46,800
Again let’s configure an ACL\xa0\n
62
00:07:47,600 --> 00:08:02,640
and I’ll name it TO_192.168.2.0/24. So, let’s\xa0\n
63
00:08:04,000 --> 00:08:09,759
However we don’t want to restrict any other\xa0\n
64
00:08:09,759 --> 00:08:17,599
to allow all other traffic. And finally, let’s\xa0\n
65
00:08:19,279 --> 00:08:30,399
IP ACCESS-GROUP TO_192.168.2.0/24 OUT. Why this\xa0\n
66
00:08:30,399 --> 00:08:35,199
applied as close to the destination as possible,\xa0\n
67
00:08:35,200 --> 00:08:44,800
for the 192.168.2.0/24 network. Now I’ll quickly\xa0\n
68
00:08:46,159 --> 00:08:54,079
PC1 should be able to reach SRV2,\xa0\n
69
00:08:54,080 --> 00:09:00,000
a ping or two might be lost until the ARP process\xa0\n
70
00:09:01,840 --> 00:09:12,080
But if we try from PC3, the ping should\xa0\n
71
00:09:14,000 --> 00:09:17,440
We get that same message,\xa0\n
72
00:09:18,399 --> 00:09:23,360
Now, I’ll return to R2 and let’s take a look at\xa0\n
73
00:09:24,879 --> 00:09:31,519
DO SHOW ACCESS-LISTS. Here you can see\xa0\n
74
00:09:31,519 --> 00:09:36,559
packets matched each entry of each ACL,\xa0\n
75
00:09:39,120 --> 00:09:45,759
Okay, finally we have to use ACLs\xa0\n
76
00:09:45,759 --> 00:09:50,799
and 2.0/24 subnets from\xa0\n
77
00:09:53,120 --> 00:09:57,519
I’ll configure the two ACLs first and then\xa0\n
78
00:09:59,360 --> 00:10:03,840
First up, I’ll configure\xa0\nACL 1 to deny 172.16.1.0/24\xa0\xa0
79
00:10:04,879 --> 00:10:11,279
but permit all other traffic. Remember, although\xa0\n
80
00:10:11,919 --> 00:10:23,039
numbered ACLs just use ACCESS-LIST. So,\xa0\n
81
00:10:24,559 --> 00:10:32,079
Then I’ll permit all other traffic.\xa0\n
82
00:10:32,879 --> 00:10:41,200
Now I’ll just use the up arrow and edit this\xa0\n
83
00:10:43,279 --> 00:10:50,319
Then do the same for the PERMIT ANY. And\xa0\n
84
00:10:52,000 --> 00:11:02,720
Okay, ACL1 denies 172.16.1.0/24 but permits all\xa0\n
85
00:11:02,720 --> 00:11:10,720
but permits all other traffic. Now let’s\xa0\n
86
00:11:12,240 --> 00:11:23,013
INTERFACE G0/1. IP ACCESS-GROUP 1 OUT.\xa0\n
87
00:11:23,013 --> 00:11:33,200
from accessing 2.0/24. And next, INTERFACE\xa0\n
88
00:11:33,200 --> 00:11:44,320
traffic from 172.16.2.0/24 from accessing 1.0/24.\xa0\n
89
00:11:45,200 --> 00:11:51,440
Let me show you something new. Here\xa0\n
90
00:11:52,159 --> 00:12:00,000
followed by PC3’s IP address, 172.16.2.1. This\xa0\n
91
00:12:00,960 --> 00:12:07,680
You can stop it with CTRL + C, but I’ll leave\xa0\n
92
00:12:08,720 --> 00:12:22,000
Now I’ll do the same from PC3 to PC1. PING\xa0\n
93
00:12:23,360 --> 00:12:26,960
Now I’ll go back on R1,\xa0\nand let’s check those ACLs.\xa0\xa0
94
00:12:29,039 --> 00:12:36,000
DO SHOW ACCESS-LISTS. Notice how many matches\xa0\n
95
00:12:36,000 --> 00:12:43,039
those pings between PC1 and PC3 are being blocked.\xa0\n
96
00:12:43,039 --> 00:12:49,839
you can see the count keeps going up. Okay, in\xa0\n
97
00:12:49,840 --> 00:12:55,519
to allow full connectivity in the network, and\xa0\n
98
00:12:55,519 --> 00:13:02,000
traffic. That’s all for this lab. Now let’s\xa0\n
99
00:13:04,720 --> 00:13:10,960
Okay, here's today's Boson NetSim lab preview.\xa0\n
100
00:13:11,600 --> 00:13:19,600
labs for ACLs. Here in the security fundamentals\xa0\n
101
00:13:19,600 --> 00:13:25,840
ACls. That's right, 20, 2 0. So, if you're\xa0\n
102
00:13:25,840 --> 00:13:32,160
practice labbing ACLs, you gotta get NetSim.\xa0\n
103
00:13:32,159 --> 00:13:37,759
in NetSim for ACLs, you're set for the CCNA exam,\xa0\n
104
00:13:38,559 --> 00:13:44,959
Okay, so the one I've chosen to show you\xa0\n
105
00:13:46,399 --> 00:13:50,720
So, the objective is 'practice configuring\xa0\n
106
00:13:50,720 --> 00:13:58,160
Pretty simple. Here's the topology,\xa0\n
107
00:13:58,720 --> 00:14:06,879
And then Router2 with Switch2 and 3, PC2 and PC3,\xa0\n
108
00:14:06,879 --> 00:14:12,720
need to know. So in this lab we are configuring\xa0\n
109
00:14:14,960 --> 00:14:20,080
Okay, here are the IP addresses on each device.\xa0\n
110
00:14:21,120 --> 00:14:24,240
and Router2 is using router\xa0\n
111
00:14:24,960 --> 00:14:29,840
subinterfaces here for interVLAN\xa0\n
112
00:14:33,919 --> 00:14:40,959
Okay, here are the lab tasks. Task 1, I think\xa0\n
113
00:14:40,960 --> 00:14:45,920
configuring standard ACLs. Okay, so you\xa0\n
114
00:14:46,480 --> 00:14:52,639
Just notice the passwords are configured as\xa0\n
115
00:14:52,639 --> 00:14:56,799
can ping the loopback0 interface\xa0\n
116
00:14:57,679 --> 00:15:02,239
So, if you look at these log messages here you\xa0\n
117
00:15:03,840 --> 00:15:09,120
so hopefully these PCs can ping\xa0\n
118
00:15:11,360 --> 00:15:18,399
Here's Router1's loopback, okay it works. I\xa0\n
119
00:15:21,679 --> 00:15:26,319
And Router2's loopback, that works. Next, PC2.\xa0\xa0
120
00:15:36,320 --> 00:15:40,160
And that works as well. And finally on PC3.\xa0\xa0
121
00:15:45,440 --> 00:15:49,120
Okay, and last, Router2's loopback.\xa0\xa0
122
00:15:51,200 --> 00:15:59,600
That works as well. Okay, from each PC verify\xa0\n
123
00:16:00,879 --> 00:16:04,720
Okay, I'm just for the sake of time I'm\xa0\n
124
00:16:04,720 --> 00:16:18,000
the routes here on the routers. So, Router1 has\xa0\n
125
00:16:19,039 --> 00:16:26,240
which is VLAN3. And also, VLAN1 is directly\xa0\n
126
00:16:29,840 --> 00:16:37,840
SHOW IP ROUTE. And it learned, from OSPF, a route\xa0\n
127
00:16:39,679 --> 00:16:46,959
Okay, next step 3. From each PC, verify that you\xa0\n
128
00:16:46,960 --> 00:16:50,320
Telnet is something we haven't\xa0\n
129
00:16:50,879 --> 00:16:55,360
connecting to a device, like a router\xa0\n
130
00:16:57,440 --> 00:17:03,840
So, Telnet to Router1, and it works.\xa0\n
131
00:17:05,039 --> 00:17:11,279
but I've connected to Router1 and I can configure\xa0\n
132
00:17:11,279 --> 00:17:20,000
Router1. But I'm going to exit out of there. Okay,\xa0\n
133
00:17:22,720 --> 00:17:28,559
Enter the password and I'm connected to Router1.\xa0\n
134
00:17:28,559 --> 00:17:34,960
course, so don't worry about it for now. Okay,\xa0\n
135
00:17:38,640 --> 00:17:43,040
Okay, looks good. Alright,\xa0\n
136
00:17:45,440 --> 00:17:51,279
Okay, so step 4. Create standard ACL1 and\xa0\n
137
00:17:52,960 --> 00:17:57,600
and VLAN3. All other traffic sources\xa0\n
138
00:17:58,160 --> 00:18:01,600
Use no more than 2 rules when configuring ACL1.\xa0\xa0
139
00:18:03,680 --> 00:18:10,320
Okay, ACL1, let me see where I have to apply\xa0\n
140
00:18:10,960 --> 00:18:17,519
and in a direction that will prevent traffic from\xa0\n
141
00:18:17,519 --> 00:18:27,839
on Router1. Okay, so let's think about that.\xa0\n
142
00:18:28,559 --> 00:18:34,399
from connecting to any of these networks.\xa0\n
143
00:18:34,400 --> 00:18:42,000
on Router1. So I think we should configure the ACL\xa0\n
144
00:18:42,000 --> 00:18:48,240
so when traffic tries to come to Router1 from\xa0\n
145
00:18:53,519 --> 00:19:06,319
Okay, so, deny traffic from VLAN2 and VLAN3. So\xa0\n
146
00:19:07,200 --> 00:19:18,640
10.10.2.0. And for the wildcard mask I'm going to\xa0\n
147
00:19:19,680 --> 00:19:31,519
0.0.1.255. And I hope I'm correct about that.\xa0\n
148
00:19:34,079 --> 00:19:37,759
And then I will create a\xa0\n
149
00:19:38,480 --> 00:19:44,480
PERMIT ANY. Because it only says to block traffic\xa0\n
150
00:19:44,480 --> 00:19:52,880
about other traffic, so we should permit it. Okay,\xa0\n
151
00:19:52,880 --> 00:19:59,280
in a direction that will prevent traffic...okay,\xa0\n
152
00:19:59,279 --> 00:20:11,839
It is this one here, fastethernet0/0, is the\xa0\n
153
00:20:16,240 --> 00:20:22,400
Okay, and then we will try to telnet\xa0\n
154
00:20:22,960 --> 00:20:30,960
So from PC1 both should work. Okay, so that\xa0\n
155
00:20:33,599 --> 00:20:37,359
and that works as well. Now from PC2 and PC3,\xa0\xa0
156
00:20:37,359 --> 00:20:40,639
if our ACL is configured\xa0\n
157
00:20:44,880 --> 00:20:48,320
Yes, so that didn't work. It says trying 1.1.1.1,\xa0\xa0
158
00:20:48,319 --> 00:20:52,000
but then it just returned us to the command\xa0\n
159
00:20:55,759 --> 00:21:07,359
Destination host unreachable, okay. Next\xa0\n
160
00:21:07,359 --> 00:21:13,759
same thing, doesn't work. PING 1.1.1.1.\xa0\n
161
00:21:15,680 --> 00:21:21,759
Okay next, step 8, create standard ACL 2 and\xa0\n
162
00:21:22,799 --> 00:21:26,559
All other traffic sources should be\xa0\n
163
00:21:26,559 --> 00:21:32,720
okay. And apply standard ACL 2 to an interface and\xa0\n
164
00:21:33,519 --> 00:21:36,160
from pretending to reside on VLAN 1.\xa0\xa0
165
00:21:39,920 --> 00:21:46,320
Okay, prevent remote networks from pretending to\xa0\n
166
00:21:49,279 --> 00:21:56,319
So let's say there is a PC here in VLAN 2\xa0\n
167
00:21:56,319 --> 00:21:59,679
doesn't have to be here, it could be connected\xa0\n
168
00:21:59,680 --> 00:22:04,880
connected to Router2. And it wants to\xa0\n
169
00:22:05,680 --> 00:22:09,120
So it sends a ping to Router1, and the source\xa0\xa0
170
00:22:09,680 --> 00:22:18,080
is in VLAN 1, and the destination is in VLAN\xa0\n
171
00:22:18,079 --> 00:22:24,960
if we place an ACL outbound on this interface,\xa0\n
172
00:22:27,680 --> 00:22:33,920
blocking all traffic with a source in VLAN 1\xa0\n
173
00:22:35,200 --> 00:22:38,640
So, traffic from VLAN 1\xa0\nwill still be able to exit.\xa0\xa0
174
00:22:39,519 --> 00:22:45,119
But because we applied it outbound on this\xa0\n
175
00:22:45,119 --> 00:22:50,079
1 won't be able to enter. So, this is a security\xa0\n
176
00:22:50,079 --> 00:22:53,839
the course, so don't worry about it if you don't\xa0\n
177
00:22:58,480 --> 00:23:01,120
So, let's configure that here on Router1.\xa0\xa0
178
00:23:05,279 --> 00:23:21,359
ACCESS-LIST 2 DENY 10.10.1.0 /24. And permit other\xa0\n
179
00:23:21,359 --> 00:23:28,799
ACCESS-LIST 2 PERMIT ANY. And then I will apply it\xa0\n
180
00:23:32,079 --> 00:23:35,839
IP ACCESS-GROUP 2 OUT.\xa0\xa0
181
00:23:39,440 --> 00:23:43,360
Okay, display and examine the rules\xa0\n
182
00:23:44,640 --> 00:23:50,960
So I'll do that with DO SHOW\xa0\n
183
00:23:52,720 --> 00:23:56,640
As you can see, we've already got some\xa0\n
184
00:23:57,440 --> 00:24:03,120
telnet and ping. Okay, based on what you\xa0\n
185
00:24:03,119 --> 00:24:09,839
1 or ACL 2 to an interface and in a direction\xa0\n
186
00:24:10,480 --> 00:24:17,839
from pretending to be hosts on VLAN2 or VLAN3.\xa0\n
187
00:24:19,200 --> 00:24:25,519
So, ACL 1 matches these source\xa0\n
188
00:24:26,079 --> 00:24:32,480
source, all the traffic should be entering this\xa0\n
189
00:24:32,480 --> 00:24:39,413
exiting this interface. So, I'll apply the ACL\xa0\n
190
00:24:41,119 --> 00:24:49,599
Yes, that is correct. Okay, INTERFACE\xa0\n
191
00:24:52,720 --> 00:24:55,440
Okay, and that is all for the lab. So,\xa0\xa0
192
00:24:56,000 --> 00:25:01,440
I will use the grade lab function, click on\xa0\n
193
00:25:03,920 --> 00:25:08,160
Okay, that is correct. You completed\xa0\n
194
00:25:08,160 --> 00:25:13,840
the configuration of each device, nothing is\xa0\n
195
00:25:16,319 --> 00:25:21,679
Okay, so there is a lab from Boson NetSim.\xa0\n
196
00:25:21,680 --> 00:25:26,480
parts in it. So that's the thing I like about\xa0\n
197
00:25:26,480 --> 00:25:31,920
some of them are more complex, and some\xa0\n
198
00:25:31,920 --> 00:25:37,279
as I said before, 20 labs for ACLs here, so\xa0\n
199
00:25:37,279 --> 00:25:43,039
control lists. If you want to get Boson NetSim,\xa0\n
200
00:25:45,279 --> 00:25:49,519
Before finishing today’s video I want\xa0\n
201
00:25:50,240 --> 00:25:56,640
To join, please click the ‘Join’ button under\xa0\n
202
00:25:56,640 --> 00:26:04,320
TheGunguy, l33america, Njabulo, Benjamin,\xa0\n
203
00:26:04,319 --> 00:26:12,319
Apogee, Marko, Flodo, Daming, Joshua, Jhilmar,\xa0\n
204
00:26:12,319 --> 00:26:18,559
Velvijaykum, C Mohd, Mark, Yousif, Sidi, Boson\xa0\n
205
00:26:19,440 --> 00:26:23,840
Sorry if I pronounced your name incorrectly,\xa0\n
206
00:26:24,480 --> 00:26:30,799
This is the list of JCNP-level members at the\xa0\n
207
00:26:31,599 --> 00:26:37,839
if you signed up recently and your name isn’t\xa0\n
208
00:26:39,039 --> 00:26:42,079
Thank you for watching. Please\xa0\n
209
00:26:42,079 --> 00:26:46,799
like the video, leave a comment, and share the\xa0\n
210
00:26:47,920 --> 00:26:53,519
If you want to leave a tip, check the links in the\xa0\n
211
00:26:53,519 --> 00:27:00,079
and accept BAT, or Basic Attention Token, tips\xa0\n
17868
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.