Free CCNA | Extended ACLs | Day 35 | CCNA 200-301 Complete Course
Рет қаралды 128,352
Күн бұрынFree CCNA 200-301 flashcards/Packet Tracer labs for the course: jitl.jp/ccna-files
📖 My CCNA Book: www.manning.com/books/acing-t...
📚Boson ExSim: jitl.jp/ccna-exsim ← the BEST practice exams for CCNA
💻Boson NetSim: jitl.jp/ccna-netsim ← 100+ detailed guided labs for CCNA
💯ExSim + NetSim: jitl.jp/ccna-kit ← get BOTH for a discount!
🥇CCNA Gold Bootcamp: www.flackbox.com/cisco-ccna-c... ← the course I used to get my CCNA (top rated course on the Internet)
Get the course ad-free with bonus quizzes and more on JITL Academy: courses.jeremysitlab.com
In Day 35 in this free CCNA 200-301 complete course, you will learn about extended ACLs (Access Control Lists).
In this FREE and COMPLETE CCNA 200-301 course you will find lecture videos covering all topics in Cisco official exam topics list, end-of-video quizzes to test your knowledge, flashcards to review, and practice labs to get hands-on experience.
SUPPORT MY CHANNEL
The best way to support my channel is to like, comment, subscribe, and share my videos to help spread the word!
If you can spare to leave a tip, here are some options:
PayPal: paypal.me/jeremysitlabYT
BAT (Basic Attention Token) tips in the Brave browser (www.jeremysitlab.com/brave-br...)
======================
Patreon: / jeremysitlab
======================
Cryptocurrency Addresses
Bitcoin: bc1qxjpza7nx46e8a2rtz6vkcrvxx9mfjnufdrk0jv
Ethereum: 0x08B4325b1B99B05d850A3bfCd4A6620D770cfB64
======================
0:00 Introduction
1:00 Things we'll cover
1:51 Numbered ACLs w/ subcommands
3:39 Advantages of named ACL config mode
7:14 Resquencing ACLs
12:14 Matching based on Protocol
14:05 Matching based on Src/Dst IP
15:42 Extended ACL entry practice (1)
17:35 Matching TCP/UDP port numbers
21:17 Extended ACL entry practice (2)
23:26 Extended ACL example
29:41 Things we covered
30:42 Quiz 1
31:43 Quiz 2
32:42 Quiz 3
33:36 Quiz 4
34:22 Quiz 5
35:50 Boson ExSim
#cisco #CCNA
@cloaksorg 3 жыл бұрын
Video error: extra black box @ 15:08. Thanks for the video! EDIT: Just trying to be helpful but also @ 35:49, Quiz 5 the last command should be "ip access-group 150 out" not 110
@airsofttrooper08 2 жыл бұрын
yes that last question stumped me and I got it wrong Just a bit confused there :(
@jimmyfu9496 2 жыл бұрын
Thank you!
@bazaireabemereki6044 2 жыл бұрын
true, Noticed this too
@Clovistered Жыл бұрын
I caught that as well was about to write something but found this comment. This actually means that Jeremy is doing a great job teaching us and we were able to catch it. Best Online Course out in the market and can't believe it's free.
@bstear76 Жыл бұрын
I was waiting for that to be a choice to change the 110 to 150. Surprised that hasn't been fixed but suppose don't want to have to re-record the video
@CH-vv2hr Жыл бұрын
Jeremy is definitely a top G for his efforts to educate humanity. Thank you for your immense contribution to the development of skills for everyone. Education should truly be free!
@jameschua9255 3 жыл бұрын
I've recommended Jeremy's free KZfaq to my classmates who are looking for clear and organised trg videos. Many paid online learnings can't even match that.
@JeremysITLab 3 жыл бұрын
Thanks for recommending! :)
@denilsonlanga5547 Жыл бұрын
Simply the best ccna tutorial ever. I'm speechless with this masterpiece. Thank you Mr Jeremy.
@laflame5998 2 жыл бұрын
Answering every quiz question correctly just made my day! Thanks Jeremy Sensei!
@XxThePlaylistxX Ай бұрын
I have studied ACLs before and I was definitely a little confused when you suggested using "access-list " commands for every single ACE rather than simply going into ACL config mode. Glad you cleared that up lol. I used "deny icmp any 10.0.1.0 0.0.0.255" and "deny icmp any 10.0.2.0 0.0.0.255" since no hosts are allowed to ping, but obviously in a real environment I would be more specific to allow for future upgrades where we may actually want a host to be able to ping those networks.
@iamjoycheee 9 ай бұрын
Thank you Jeremy Sir! I can't stop thanking you. I thought I'm losing it in ACL day 33 but this day 34 cleared the pipes. You are the best sir!
@devnipadmasiri1765 2 жыл бұрын
Sir, your course deserves the name " ccna is easy"
@67awesomekid Жыл бұрын
honestly i jsut stare blankly at a screen for 40 min and somehow ik enough to answer the questions at the end of every video. your freakishly good and breaking down information
@wolfferoni 2 жыл бұрын
Really appreciate the practice sections, I find them super helpful.
@NetworkingwithHamza 26 күн бұрын
What a question by BOSON. Mind blowing...
@upulijaya6309 Жыл бұрын
Jermy i am from sri lanka far far away from your location but you know what ,your work here is masterpiece ,its more valuable to us like living in poor country 🙏
@konefine3626 3 жыл бұрын
Very Superb Videos, big thanks to you master Jeremy
@MiguelHernandez-zd7kr 3 жыл бұрын
Great video, thank you very much!
@Ahmed-TOUMI Жыл бұрын
Awesome course Thank you, Jeremy
@user-oj9ip6qr6x 3 жыл бұрын
I am very grateful to you. Your videos help thousands of people. Now i am studying "Cisco CCNA 4".
@JeremysITLab 3 жыл бұрын
Thanks for your comment :) Good luck in your studies!
@nicholassattaur9964 3 жыл бұрын
Awesome video! Thank you Jeremy
@JeremysITLab 3 жыл бұрын
Thanks Nicholas!
@majiddehbi9186 3 жыл бұрын
hi jerely every things about this topic is much clear now thx
@Mustlehard 8 ай бұрын
What’s confusing me is sometimes you put the port number before the destination and sometimes it’s after
@-b777ljq3 2 жыл бұрын
very good lecture, very good quiz, helps a lot, many thanks.
@keasbeydave 3 жыл бұрын
Excellent explanation as always. I thoroughly enjoy detail.
@JeremysITLab 3 жыл бұрын
Thank you :)
@youssefsalama663 3 жыл бұрын
Thanks so much!
@Moss2323 3 жыл бұрын
Thanks for the videos
@aruizsilva 13 күн бұрын
Thanks!
@fatimahamdan3825 2 жыл бұрын
thank you so much!
@marshalls5364 3 жыл бұрын
Happy New Year Jeremy!
@JeremysITLab 3 жыл бұрын
Thanks, happy new year to you too!
@mpampleki 4 ай бұрын
Start trust my self at question 5 by saying "oh there must be a mistake, lets check comments" thank you Jeremy for this kind of sneaky mistakes. Intentional or not, was very good.
@hotmail4823620 Жыл бұрын
We must atleast like and subscriber to thank Jeremy for the intelligent and hardwork he has done
@maxwellchessdotcom6952 3 жыл бұрын
Netflix tried to buy the rights to Jeremy's life story, but he declined because their network was too slow.
@Manu-rd4pc 11 ай бұрын
Then Jeremy bought Netflix and made the network much faster
@technologian1 6 ай бұрын
Why am I always reqding maxwell’s comments with Jeremy’s voice lol?
@gilmoshe854 3 ай бұрын
love you!
@jamespostlethwaite7799 2 жыл бұрын
The first sections on advantages of named ACL confit mode explained so much to me lol. When I was doing the standard ACL labs I was using the no command on the traditional ACL statements when I entered them incorrectly or made a mistake. I didn’t realise this was deleting the whole ACL and not just the ACE!
@hero96559 2 жыл бұрын
Perfect as usual !. greetings
@JeremysITLab 2 жыл бұрын
Thank you Mahmoud! Greetings :)
@gee40trots 3 жыл бұрын
Thanks Jeremy!!!
@JeremysITLab 3 жыл бұрын
Thanks for watching :)
@hassanrayan3921 11 ай бұрын
JEremy I'm watching your ccna video july 2023 and I'm very happy to find out your video because they way you are explaining is amazing . I'm not english native and I don't speak a good english but your english is understandable than other KZfaqrs everyone can understand your simple english and your simple explanation
@shavkatzokirov2785 Жыл бұрын
the video is best !!!👍👍👍👍👍
@stephenapenkwah 3 жыл бұрын
Thanks Jeremy.
@JeremysITLab 3 жыл бұрын
Thanks for watching, Stephen :)
@felderosa Жыл бұрын
for the extended ACL example, we could just put each ICMP entry in the appropriate ACL on g0/2 or g0/1 and eliminate the need for a third ACL on g0/0.. same amount of entries but fewer ACLs.
@mharoonfrough719 3 жыл бұрын
Thank you well explained
@JeremysITLab 3 жыл бұрын
Thank you :)
@user-wr2lm8qh2t 3 жыл бұрын
Thank you very much
@JeremysITLab 3 жыл бұрын
Thanks for watching :)
@hzakaria5338 Жыл бұрын
This is really a massive job! I'm tired just studying the material, how about preparing it. I am really grateful and I wish you were the President of the US with such a big heart❤
@ariadnaarispe1928 3 жыл бұрын
Hi Jeremy, thank you so much for the update! Merry Christmas and a happy new year :D may the next year be full of success and opportunities for ya
@JeremysITLab 3 жыл бұрын
Thanks Ariadna :) Merry Christmas and a happy new year to you, too!
@mfarokh27 Жыл бұрын
For 28:00 i believe the most ideal would be to assign the 3rd ACL's ACEs to the respective 1st and 2nd ACLs and apply to the interfaces as before, inbound.
@MegaFabioRocks 3 жыл бұрын
This and spanning tree are the most hard part of the CCNA
@JeremysITLab 3 жыл бұрын
Yeah they are tough topics! Take your time to understand them, no rush
@ivagar1982 3 жыл бұрын
@@JeremysITLab Ya agreed. Very tough, specially spanning tree. Plus, so many technical words... to know
@erickcervantes6382 2 жыл бұрын
for me IPv6 has a lot of information.
@Shriramkrishnhari 4 ай бұрын
🙏🏻i reached here to watch this upholds the rope ( the q 3rd March link) although I am already on same playlist yet not reached on this lecture now🙏🏻 Thanks for the quize 🙏🏻
@dmitrikazantsev3692 Жыл бұрын
Thank Jeremy! Note, I believe there is typo @ 12:00 R1(config)# ip access-list extended [ permit | deny ]... R1(config-ext-nacl)# [ seq-num ] [ permit | deny ].... in both cases there must be curly braсes instead of square braces - { permit | deny } instead of [ permit | deny ] because this parameter is required.
@jackd9259 11 ай бұрын
Jeremy 🐐
@jasonng9663 3 жыл бұрын
Love from Vietnam!!!
@JeremysITLab 3 жыл бұрын
Thanks Jason!
@nedatuaconta2431 7 ай бұрын
tysm
@kuldeeps011 3 жыл бұрын
Your videos are so simple,easy to understand. U have great way to teach networking .thank you so much. God bless u
@JeremysITLab 3 жыл бұрын
Thank you :)
@glenntembo2693 3 жыл бұрын
Thanks J
@JeremysITLab 3 жыл бұрын
Hey Glenn, thanks for watching :)
@majdkhalil9645 3 жыл бұрын
Thank you for this course. Happy New Year!
@JeremysITLab 3 жыл бұрын
Thank you, happy new year! Thanks for being a channel member :)
@loulettesane1327 Жыл бұрын
Thank you so much Jeremy :) How would you have done the configuration if it was in one direction communication for instance STV1 can access PC1 but PC1 cannot access the SRV1. Thanks in advance!
@benhadjothmanmohamedaziz1231 2 жыл бұрын
I watch your videos from Tunisia and you really you are the best . In the exercice at minute 28 can we apply just one extended access-list in R1 g0/0 out
@MutaiKipngeno 11 ай бұрын
@28:56 SIMPLE ANSWER EXTENDED ACL EXAMPLE OPTION c (none of the hosts in 192.168.2.0/24 can ping 10.0.1.0/24 or 10.0.2.0/24) R1(config)#ip access-list extended BLOCK_ICMP R1(config-ext-nacl)#deny icmp 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255 R1(config-ext-nacl)#permit ip any any R1(config-ext-nacl)#INT g0/0 R1(config-if)# ip access-group BLOCK_ICMP out
@bazaireabemereki6044 2 жыл бұрын
Thanks Jeremy for the great lectures in your videos. @ 36:44, that access-list 101 is to be applied to the inbound not outbound on the Fa0/0 interface. Help verify
@backbencher497 Жыл бұрын
if it's inbound the packets that will be filtered are the ones coming from the servers, we want to filter the ones coming from the internet
@franksoko02 3 жыл бұрын
thanks Jeremy i forgot you said you will be doing a video every tuesday
@JeremysITLab 3 жыл бұрын
Yep, that's the current schedule ;)
@alibangash4131 Жыл бұрын
Hi Jeremy . You are the best . It’s because of you that I have started my journey in networks and I’m progressing day by day . I’m sorry if I may sound stupid but you have given examples of protocols that either run tcp or udp like http and tftp. I would like to know how you would write sections in you acl which includes both tcp and udp like dns.
@joshz9976 Жыл бұрын
Hey, not Jeremy but I think I can answer this for him. For DNS it would be wise to put in two ACEs for it, one for TCP and another for UDP, same port number 53. Please look into this video's lab, where you will find an example that covers your very question. Thanks!
@Hartley94 3 жыл бұрын
🥳🥳🥳 Thanks
@JeremysITLab 3 жыл бұрын
Thanks for watching :)
@mustafamakhlouf2541 3 жыл бұрын
Thank you very much We wish lessons on the ccnp certification
@JeremysITLab 3 жыл бұрын
Maybe after the CCNA course!
@FuryRushBe 3 жыл бұрын
ты самый лучший учитель спасибо за уроки
@JeremysITLab 3 жыл бұрын
Thanks for watching :) (and thanks to Google for the translation! haha)
@brunobr797 3 жыл бұрын
Could "deny icmp 192.168.0.0 0.0.3.255 10.0.0.0 0.0.3.255" be used to optimize the third requirement in 28:57? Not sure about the .3 there cause i had done the maths on my head, but it was the only thing i could think to solve the problem in a better way, please correct me if im wrong =)
@JeremysITLab 3 жыл бұрын
Yeah that would work!
@fernandoc8876 3 жыл бұрын
@@JeremysITLab that`s what I though as well but I had put like this: "None of the hosts in 192.168.1.0/24 or 192.168.2.0/24 can ping 10.0.1.0/24 or 10.0.2.0/24." R1(config-ext-nacl)#deny icmp 192.168.2.0 0.0.3.255 10.0.2.0 0.0.3.255 R1(config-ext-nacl)#permit ip any any Is it the same result?
@ravenstarr30 2 жыл бұрын
Thank you! I was scrolling through the comments just to find this 'cause it was really bugging me.
@sakeh3420 6 ай бұрын
You would also be blocking the 192.168.3.0/24 from pinging 10.0.1.0/22 network if you did this@@fernandoc8876 I'm not sure if that is most efficient
@kbkeeto 12 күн бұрын
@@fernandoc8876 2 years later response, I think it would work but the syntax is confusing as it doesn't look like it mentions the 192.168.1.0 network (BUT it actually does). Denying 192.168.2.0 0.0.3.255 is saying everything that matches 192.168. 0-3.anything DON'T ALLOW. The wildcard mask 0.0.0.3.255 includes addresses 192.168.1.0, 192.168.2.0 PLUS 192.168.0.0 and 192.168.3.0 since the bit values of 1 and 2 are on. 0+0, 0+1, 2+0, 2+1. The two in 192.168.2.0 doesn't really matter as the wildcard mask is allowing very specific range of addresses. But because it doesn't matter, putting a zero in the address 192.168.0.0 looks better and makes one stop and consider what the wildcard mask is actually saying. Is this correct @JeremysITLab ?
@sepehrsamadi9075 Жыл бұрын
28:55 I believe that using a mask of /23 would be most appropriate to lower the number of ACEs
@matthewgraham790 Жыл бұрын
the problem is that the /23 would be either ranged 192.168.0.0-192.168.1.255 or 192.168.2.0-192.168.3.255, there is no /23 for 192.168.1.0-192.168.2.255. You could do a /22 which would cover 192.168.0.0-192.168.3.255 but that opens up potentially security holes if the network expands to include more hosts/subnets later on
@aminajorloo1680 4 ай бұрын
Thanks Jeremy. there is a small error in 35:00 in the last line of script you wrote access-group 110. I think the coorrect number is 150. thanks a lot.😘
@redhippieful 2 жыл бұрын
Hi Jeremy! Your videos are awesome and so helpful. The only thing I'm still struggling with in the extended ACL are the specified ports. I don't really understand when I put the port behind the source IP or destination IP. Can you help please?
@JeremysITLab 2 жыл бұрын
It depends on if you want to filter traffic based on the source port or the destination port, and there are use cases for both! More common would be destination I guess, since if a client tries to access a certain service on server they send it to that port, not from a particular port.
@husseinolivia2548 3 жыл бұрын
Hi Jeremy and thanks for your great effort which opened new horizons How many days will this course end up with?
@JeremysITLab 3 жыл бұрын
I think the course will be about 50 to 60 days in total
@davidsoh7819 3 жыл бұрын
my proposed ACL for question located at 28:27 timing of your lecture is as follows :- R1(config)#ip access-list extended BLOCK_ICMP R1(config-ext-nacl)#deny icmp 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255 R1(config-ext-nacl)#permit ip any any R1(config-ext-nacl)#interface G0/0 R1(config-ext-nacl)#ip access-group BLOCK_ICMP out
@JeremysITLab 3 жыл бұрын
Yeah that works, nice! 👍
@wafa1203 Жыл бұрын
That was my answer too thanks for answering sir.
@xaanx 11 ай бұрын
Hi, you can also use /23 wildcard mask of 0.0.1.255. It works the same.
@kamalsameh3338 7 ай бұрын
But what about port 443?
@nicholaslilla5327 2 ай бұрын
@@xaanx I don't think is enough, /22 actually should be fine
@arielb111 2 жыл бұрын
Hey, In 28:24 why you decide to use outbound and not inbound? And if you can, explain when to use out or in. thanks
@nematfrotan604 3 жыл бұрын
As of 29:00. deny icmp 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255
@jayasuryar5185 Жыл бұрын
@ 20:39 R1(config-std-nacl)#deny tcp any host 1.1.1.1 eq 80 but in standard acl we can match traffic based on only source ip add ?
@sungmin9717 3 жыл бұрын
Great videos, and I am learning a lot from them. Thank you so much. Quick question, @ 21:39 could using "ip" rather than "tcp" in a command also be an answer for question number 1? Since it was asking for "All traffic"?
@JeremysITLab 3 жыл бұрын
The question specifies 'HTTPS', not 'all traffic', so only 'tcp' with port '443' is correct in this case :) Maybe you misread 'allow traffic'? ;)
@arbygallego4599 Жыл бұрын
Hi i have a question, for the entry "Hosts in 192.168.1.0/24 can't use HTTPS to access Server 1" can i use deny tcp 192.168.1.0 0.0.0.255 eq 443 host 10.0.1.100 since from my understanding, the 192.168.1.0/24 subnet is the one "using" the https, thanks in advance jeremy!!
@dimplekumargupta272 Жыл бұрын
Hey Jeremy, if i become JCNP member, I will get access to your CCNP Videos?
@TheRomsoft 3 жыл бұрын
In the Boson quiz: Wouldn't the 0.0.0.3 wildcard mask also include a potential/future 10.10.10.3-server? Bit-pattern of last octet would be 0000.0011, and 2 to the power of 2 gives 4 hosts. The first one, 0, would be the network id.
@JeremysITLab 3 жыл бұрын
Yeah you're absolutely correct, so it's not the ideal way to fulfill the requirements given in the scenario. However, it is the best choice among the options provided, so it is the correct answer.
@robfilms6264 3 ай бұрын
It does give 4 hosts, but we subtract 2. 1 for network, 1 for broadcast. We are left with 2 usable ip adds. 10,10,10,0 | 1-2 | 3 10,10,10,4 | 5-6| 7 (the additional srv should be in ,4) Do I make sense or am I missing something?
@tomthadeus9917 2 ай бұрын
@@robfilms6264 You might understand this now if you've been studying up but the Subnet is 10.10.10.0/24, so the network address is 10.10.10.0 and the broadcast is 10.10.10.255. The wildcard includes 10.10.10.3 which is a host address, the best solution to this would be to deny TCP any 10.10.10.1 0.0.0.1 eq FTP. This address range would include 10.10.10.1 - 10.10.10.2. Hope this helps
@TheDebasmita7 2 жыл бұрын
So in the traditional numbered standard ACL, if we run command " no 30 " instead of "no access-list..." command, @5:19 will it still delete the entire list?
@serhiikhomenko3821 2 ай бұрын
For denying icmp from both networks, I used wildcard mask 0.0.1.255. Does it work?🤔
@gerryvalenzuela9158 3 жыл бұрын
Hi Jeremy! may sound like too much to ask but could you make a video only tackling wild card mask like the boson question where you have to use a diferen WC mask to filter only 2 ips I still don’t get how to cover some range of IPs using a WC /30 or /28 etc
@JeremysITLab 3 жыл бұрын
Actually, in the Boson Q the /30 covers more than 2 IPs (it covers 4), but if I remember correctly they wanted it to be done in a single command so I used that /30, even though it covers more than the required 2.
@MahmoodShafi0 5 ай бұрын
In 28:32, ip access-group BLOCK_ICMP out. Why is it applied outbound?
@DanyGQ 9 ай бұрын
Question, at 28:32 can I block the entire 192.168.0.0/16 range from reaching 10.0.0.0/16?
@user-fs7ux7oy5f 3 ай бұрын
27:00 I know the "general rule" that you mentioned, but to me it looks like this 2nd rule is way too broad, and even though we're using extended ACL, it functions like a regular ACL. Shouldn't this 2nd rule be applied to R2 G0/2 out?
@juanmartinayonacarrera2190 3 жыл бұрын
Hi Jeremy, thank you for videos, @ 35:37 In question 5, acl is placed outside the g0 / 0 interface on R1, wouldn't it comply filter http and https with TCP?
@JeremysITLab 3 жыл бұрын
Yes, but that wouldn't be as close to the source as possible.
@juanmartinayonacarrera2190 3 жыл бұрын
@@JeremysITLab ok thank you for information, I will continue to watch your videos, they are helping me to learn better ccna.
@djthomassmith Жыл бұрын
Hi Jeremy, 31:33 Why is not ACL 101 the solution? We have implicit deny do not we? Why do you need ACL 103: 20 deny udp any host 10.0.1.100 eq tftp? Implicit deny should cover it, should not it? Or is it because of the permit ip any any command?
@JeremysITLab Жыл бұрын
Hi Thomas, Because of the 'permit ip any any' command, the implicit deny won't ever come in to effect. ACL 101 is like this: 1: Permit this specific traffic 2: Also permit everything else 3: Explicit deny everything else, but 'everything else' has already been permitted by the above statement
@tonysolis6364 Жыл бұрын
Can it be deny icmp 192.168.0.0 0.0.3.255 10.0.0.0 0.0.3.255 at @27:16? so we could avoid creating more entries?
@gerryvalenzuela9158 3 жыл бұрын
I Jeremy! What ACL type is most implemented in real life standard or extended ACL's ? Great work! the most easy to understand course..
@JeremysITLab 3 жыл бұрын
Both are used, I'm not sure which is used more often. They're both useful tools!
@Alberto.81 3 жыл бұрын
Hi Jeremy @21:00 the command on the top right I've noted it's R1(config-std-nacl) means standard shouldn't be extended? What I am missing ? Till standard ACL and source/destination IP extended ACL I can make it. But then when you talk about matching the tcp/udp port number I got lost, literally! This is tough men, my chance to pass the exam are getting dwindling. Any recommendation for practice web site (except for boson, that already bought it) like for subnetting ?
@JeremysITLab 3 жыл бұрын
Just an error, thanks for pointing it out! I don't think there are any ACL practice sites with tons of questions like that, but I did a google search and found some practice questions from Wendell Odom: blog.certskills.com/category/hands-on/acldrill/
@TheJediSlayer7 Жыл бұрын
Would the command deny ICMP 192.168.0.0 0.0.3.255 10.0.0.0 0.0.3.255 work for question at 28:17?
@idk1839 Жыл бұрын
Hey, Can you please create a PDF File including all the commands and upload it to your website for purchase?
@narendranrammudo6726 2 жыл бұрын
can we just use "deny icmp any any" for the 27:29 entry ?
@jessicavillanueva118 3 жыл бұрын
Jeremy, I am using Packet Tracer and unable to use "ip access-list resequence" command. I even used "?" to see my options and cannot find on there. Is this common for packet tracer not being able to execute all commands? Thanks for all your vides!! Planning to take CCNA end of June and have been watching your videos primarily on repeat - always learning something new, brain turning in mush. Thank you!!!
@JeremysITLab 3 жыл бұрын
Yeah that's normal, packet tracer is quite limited compared to what's available on a real Cisco device. But it's still a great resource for the CCNA!
@siddharthdas4080 2 жыл бұрын
Hi Jeremy , Thanks a lot for this fatanstic course. Deep diving into details of networking and that too for free, its unbelievable. - In the Quiz question 3rd there is an ACL entry with equal to port/protocol no - 'domain'. Can you please explain where we use 'domain' as port/protocol no?
@JeremysITLab 2 жыл бұрын
'Domain' is 'Domain Name Service', DNS. So, it means port 53.
@dharmiltejani3323 2 жыл бұрын
Hi for the last req. of Extended ALCs, can we use condition for this particular network? Router(config-ext-nacl)#deny ip 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255 Router(config-ext-nacl)# permit any any Actually they both have same first 16 bits so we can make it as a network address for both right?
@user-oj9ip6qr6x 3 жыл бұрын
Please make a video about NAT
@JeremysITLab 3 жыл бұрын
I will cover all CCNA exam topics 👍
@JeremysITLab 3 жыл бұрын
Boson's having a holiday sale! Get 25% OFF Boson ExSim, NetSim, etc with code MERRY20 (until the end of this month!) 📚Boson ExSim: jeremysitlab.com/boson-exsim ← the BEST practice exams for CCNA 💻Boson NetSim: jeremysitlab.com/boson-netsim ← 100+ detailed guided labs for CCNA 💯ExSim + NetSim: jeremysitlab.com/boson-ccna-kit ← get BOTH for a discount! 📗Boson Courseware: www.jeremysitlab.com/boson-courseware ← Boson's COMPLETE CCNA Courseware
@alishmadhvani9888 11 ай бұрын
I have a question. When the router changes the order of the ace entries, does the checking sequence also change or does it work according the the numbers assigned? Does the router reorder the entries for easy reading? Thanks in advance
@Heeby-Jeebies 9 ай бұрын
Great question! The re-ordering is done so it's more efficient for the router. Importantly: The reordering will not negatively impact the function of the list.
@Alberto.81 3 жыл бұрын
@Jeremy's IT Lab Hi pardon, @23:00 #permit tcp 172.16.1.0 0.0.0.255 gt 9999 host 4.4.4.4 neq 23. We can insert eq(equals) between 9999 and host. Or the command wouldn't work ? @28:27 #deny icmp 192.168.0.0 0.0.255.255 10.0.0.0 0.0.255.255 (outbound on R1 g0/0) is it valid or this is not enough specific ?
@JeremysITLab 3 жыл бұрын
You can't specify both 'gt' and 'eq', the command won't work. Try it out in packet tracer! The second command will definitely work and fulfills the requirements, but it's best to make ACLs more specific to target just the traffic you want.
@qwerty19811 8 ай бұрын
Hi Jeremy, for Quiz 5, why isn't the list applied on R1 G0/0 out when its to filter traffic from both 1 and 2 subnets?
@qwerty19811 8 ай бұрын
And the ACL doesn't contain both subnets 1 and 2 not the answers state to put at least a 0.0.1.255
@JeremysITLab 8 ай бұрын
The question states "from 192.168.1.0/24 to 10.0.2.0/24"
@mohameddellali5258 Жыл бұрын
Hi Jeremy, I have a question in the video : 28:10 when applying Extended ACL using the last requirement, I have used "Deny ICMP any 10.0.0.0 0.0.255.255 ? = I have used a /16 wild mask as a destination and I am not sure if its correct please help thank you in advance
@deydjustino8310 4 ай бұрын
I kind of used the same, but instead of the source IP " Any", I also summarised both 192.168.2.0 and 192.168.1.0 as the Sourse IPs.
@rajivbaxi 2 жыл бұрын
Jeremy, for simplicity, is it better to just stick with using only 1 direction (in vs. out) for all ACLs?
@JeremysITLab 2 жыл бұрын
I don't think so, you should consider which direction is most appropriate (following the rules: standard ACL = close to destination, extended ACL = close to source).
@louishao2516 Жыл бұрын
Hi sir, in quiz 5 35:13, shouldn't we put the eq 80 & eq 443 right behind the src-ip instead of dst-ip? As we want to deny the source which using HTTP and HTTPS ..
@JeremysITLab Жыл бұрын
When a client uses HTTP/HTTPS to access resources on a server, it's the destination port that is 80 or 443, not the source port. The client will use a random ephemeral port as the source port. So, to filter HTTP/HTTPS traffic using an ACL we must specify the destination port of 80 or 443, not the source port.
@louishao2516 Жыл бұрын
Hi sir, can we apply the first ACL in 25:53 outbound on R1's G0/0 interface as well?
@JeremysITLab Жыл бұрын
Yep, that would work
@robfilms6264 3 ай бұрын
28:35 Would this be a better answer ? Deny tcp 192,168,0,0 0,0,255,255 10,0,0,0 0,0,255,255 eq 1
Jeremy's IT Lab
Рет қаралды 57 М.
Infinity Circus
Рет қаралды 5 МЛН
TheSoul Music Jam
Рет қаралды 25 МЛН
Jeremy's IT Lab
Рет қаралды 265 М.
Jeremy's IT Lab
Рет қаралды 255 М.
Keith Barker - The OG of IT
Рет қаралды 37 М.
Jeremy's IT Lab
Рет қаралды 76 М.
flaco
Рет қаралды 757 М.
lev89k
Рет қаралды 663 М.
Pochinka_blog
Рет қаралды 1,7 МЛН
Ujjawal4u. 120k Views . 4 hours ago
Рет қаралды 2,9 МЛН
MaxxPC
Рет қаралды 2,1 МЛН