MicroNugget: How to Configure Extended ACLs on Cisco Routers

Рет қаралды 73,918

11 жыл бұрын

Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, Jeremy Cioara covers extended ACLs on Cisco routers. ACLs are powerful documents that contain lists of statements that govern which devices can and cannot access other devices. By configuring extended ACLs, you can regulate the traffic on a network and keep traffic moving fast and secure.
One of the many things that a well-configured extended ACL can do for a network is prevent a given IP address' traffic from reaching another IP address. That's because an extended access list is really nothing more than a document with a row of statements that permit or deny traffic based on rules you can set up. That can be protocol, port number, source, destination, time range, and more.
When it comes to configuring an extended ACL, just like driving to Disneyland only to discover it's closed would waste time and energy, the best practice is to host extended access lists as close to the source as possible. See how to write rules that identify source IP, its protocol, and the many other filters you can use to manage network traffic with extended ACLs.
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/b942
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/8lky
Start learning with CBT Nuggets:
• Cisco CCNA (200-301) | courses.cbt.gg/h6s

Пікірлер: 98

@alirezaabrishami6530 10 жыл бұрын

Jeremy, I really love the way you teach Cisco!!! Thank You!

@cbtnuggets 10 жыл бұрын

Alireza Abrishami You're are certainly welcome! Good luck with your training.

@muhiziaristide2604 3 жыл бұрын

I did too!

@gchlion 11 жыл бұрын

I just want to say... AMAZING. Jeremy is the best in this of cbt ! He has the ease to explain the stuff in very cool way. NICE!!!

@MrAadeyemo 4 жыл бұрын

That was very straight to the point Jeremy and delivered in a not-boring manner.

@jeremymayer9221 6 жыл бұрын

From one Jeremy to another! Thank you! Really helped!

@zwimaster 11 жыл бұрын

As always informative! Jeremy's nugget series are the best!

@chrisallen6738 11 жыл бұрын

You are the best video instructor on the web. Keep it up, just the way you are doing it.

@El_bigC 9 жыл бұрын

Top notch explanation, as always, Jeremy!!

@mariorodas634 3 жыл бұрын

Jeremy, i love your videos. I'm studying for SBA for CSCO-220 AND CSCO-221. This video, and one other of yours, has been super helpful in remembering which direction to place acl. Thank you!

@Gamelover22478 2 жыл бұрын

Thank you so much for the video ! I’m currently in a CNT160 class and ACLS are a struggle for me, we just started implementing NAT so this will help me very much ! Thank you 😁

@AmazinglyAwkward 5 жыл бұрын

I'm actually doing a comptia exam not the CCNA but this was still super super helpful, it was definetly more helpful seeing a terminal. Thanks so much!

@libertywraith249 7 жыл бұрын

you are THE MAN Jeremy C . your instruction has been so very effective for me....and apparently everyone i talk to. thank you!!!

@seepaknanda3397 4 жыл бұрын

Jeremy really your teaching method on Cisco is excellent thank you.

@Three_Dog_Gaming 4 жыл бұрын

Definitely valuable! Had a co-worker leave the company that was basically master of all things Cisco and we're trying to interpret what he left us with!

@adammohamed5757 6 жыл бұрын

Thank you, honestly speaking, you are amazing instructor.

@cbtnuggets 11 жыл бұрын

Mahad, you are correct! This is one of Jeremy's newest MicroNuggets.

@cbtnuggets 11 жыл бұрын

Thanks for the feedback!

@cspell 8 жыл бұрын

well done, nice explanation of how the protocols work together!

@florentvespit960 8 жыл бұрын

am from africa, i've learned CCNA, but your videos make me understand more and more every days. thanks a lot

@robertsmooth6339 Жыл бұрын

HI Jeremy This course on extended ACLs on Cisco routers is very . But it too late me I'm going to retire... Jeremy your awesome teacher and I want to thank you and Micro Nugget for educating for those who are pursuing a high advance technology career. Thanks you and even If I retired I continue to login from time to time. I'm Network Engineer

@SuijoART 2 жыл бұрын

Really helpfull. I was stuck with ACL. However after listen your explanation I'm ready to work with. Thanks 😃.

@IgorDrozdov4 2 жыл бұрын

Awesome explanation! Thank you!

@incognituadictus2226 2 жыл бұрын

good and clear explanation, i like the "be the router" analogy!

@jasonbrussmn 4 жыл бұрын

Wow, just found your channel and this is awesome!

@MohammadAhmad-nh5ug 3 жыл бұрын

Thanks Jeremy. This was fun.

@Alakion 4 жыл бұрын

Thanks for the explanation , helped me a lot ! Cheers!

@kaguyakobe 22 күн бұрын

We love this, thanks Jeremy

@dwade_fpv 11 жыл бұрын

Great explanation. I really appreciate your wisdom.

@chr1smack1nnon 11 жыл бұрын

Love the explanations. You rock!

@gehacktetYKzZY 3 жыл бұрын

Thanks Jeremy! It was very informative.

@inkbythebarrelandpaperbyth6905 4 жыл бұрын

Hey CBT nuggets. Jeremy is great. Thanks!

@luizclarke1829 9 жыл бұрын

Thank you Jeremy!

@mukunddabholkar4105 3 жыл бұрын

superb!!! explain in simple way.. awsome.

@ajaysankar5467 Жыл бұрын

Very Helpful. Thank you.

@robertmotz9227 9 жыл бұрын

That was awesome. Thanks Robert P. Motz

@user-jt5fw4bm4m 4 жыл бұрын

Perfect explained 🙏

@nahomaseged3324 Жыл бұрын

fantastic video. keep it up!

@bobbywaker1793 4 жыл бұрын

love how u explain it your the best . i wish you do a video for ssh

@cbtnuggets 11 жыл бұрын

Thanks for your question! If you would like you can submit a formal request for this MicroNugget from the link above found in the description.

@ManojKumar-1985 11 жыл бұрын

Great Explanation

@petrithysaj4529 3 жыл бұрын

Thank you very much. I've my exam coming up fast and you are helping in my passing it.

@cbtnuggets 3 жыл бұрын

You can do it, Petrit! Good luck on your exam. Thank you for learning with us!

@muhammad.rafi2012 10 жыл бұрын

Jeremy as nice as ever, can we have micro nugget on applying extended access list for VTY line or console. that would be really helpful for every body i think ..

@NoONE-bk7ud 2 жыл бұрын

that was a good explanation

@chaospressure 10 жыл бұрын

This was super helpful. Thanks alot

@cbtnuggets 10 жыл бұрын

You're welcome Steven Wallis!

@YouSSTheMacOSXWannabe 11 жыл бұрын

thank you Jeremy

@ericmorey1460 11 жыл бұрын

Great video.

@rabiej8011 3 жыл бұрын

Thank you so much, finally that explains it well

@cbtnuggets 3 жыл бұрын

Glad you liked it!

@mlram20055 10 жыл бұрын

Brilliant!!

@nullsemicolon 3 жыл бұрын

great video!

@cbtnuggets 3 жыл бұрын

Glad you enjoyed it, thank you Sean!

@AJIN0071981 7 жыл бұрын

jeremy thanks !!!!

@odrommouniengue2645 Жыл бұрын

thank you sir

@HarshvardhanParashar09 8 жыл бұрын

Awesome !

@WiseK.D 3 ай бұрын

Jeremy thank you so much you cleared most of my confusion.. I Don't know if you have already done this but can you make a video on acl protocoles I mean all of them and explain their use and how they work . That will be great .

@vianneyjean4754 3 жыл бұрын

Y are the best👏👏👏

@khiderglal8245 3 жыл бұрын

thanx your video is helpfull

@user-ik2ys6wq8r 2 жыл бұрын

Amazing Thanks

@habibkhayat1725 2 жыл бұрын

Thanks Jeremy. You make Networking world much easier to understand. We miss instructor like you in Cyber Security. Hope you get into that field like Kieth Barker.

@sherifflawal7131 10 жыл бұрын

May God bless you.

@AhmedMahmoud-qh7oc 6 жыл бұрын

This man is great. I hope I discovered this channel earlier

@kostas8469 4 жыл бұрын

thanks :)

@NWWalkerMusic 7 жыл бұрын

Great video! Thanks for posting. Any Micro-Nuggets on VLSM?

@TheLithGH 4 жыл бұрын

Thanks Jeremy!! I've always been confused as to when to start an extended access-list with "access-list 100___" or " ip access-list extended 100___" ? Thank you for your assistance!! :-)

@ikiyytours2320 Жыл бұрын

i liked it.

@cbtnuggets 11 жыл бұрын

Simon, if you would like to know a little more, feel free to request that MicroNugget in the link found in the MicroNugget description.

@achrafelkhandouli 4 жыл бұрын

godbless

@ashutoshanand4717 5 жыл бұрын

Pretty informative in brief.... would like to know about 1) Internet of things 2) SDN in brief

@rakibuzzamansikdar6367 2 жыл бұрын

respect

@pouyameisamifard5804 5 жыл бұрын

you are good at teaching , i really enjoy it thank you ,say more about ip helper when there is subnets and trunking and the router that dhcp pool run on it is not directly connected to this subnets but it is conneted frome the thered router ,i don't know is that logical or possible but i am curious to know that,at ninja speed

@GuiltySpark 11 жыл бұрын

This Nugget Good for u

@MrSenicho 4 жыл бұрын

Hey Jeremy , thanks for the video, I 'd love to see if you can show me how i can access my local webapp hosted locally in my local area network from the internet, i have CISCO 2900 router, and i have public IP. thanks in advance.

@prodfc3140 2 ай бұрын

Epic

@mihaiciobanu6804 3 жыл бұрын

How do you test the http or https ACL in packet tracer?

@tayyabali5352 3 жыл бұрын

what if i have two routers both having a switch attached to there fa0/0 ports and those switches then have atleast two end devies(pc) connected with them. Now i want to block a single pc of 1st router for communicating with a single pc of the 2nd router. How can i do that?

@aniswlidi2012 Жыл бұрын

Hi Jeremy. I uses alpha prep but there was no configuration questions, only multichoice questions. Is the new CCNA exam consisting of multichoice questions only?

@Asudragon 2 ай бұрын

quick question i am struggling to find answer to, what is the general thought on when to use standard ACL compared to extended? wouldnt a standard ACL where you deny that specific traffic and permitting the rest work as well?

@187MIAMIBOY 9 жыл бұрын

Thank you so much. I'm taking SEC450 and dealing with ACLs right now. This has helped me understand it a bit much better. The only thing I can't get around is the "3P" rule.. How would you do one protocol per access list etc..?

@cbtnuggets 9 жыл бұрын

187MIAMIBOY One protocol means IP protocol (vs. IPX, Appletalk, etc...). Not one protocol as in UDP, TCP, ICMP, etc... You can handle "limitless" IP-based protocols within the access-list. We hope that helps!

@TheSingleNotice Жыл бұрын

Hi Jeremy, thank you for this. I am working on a problem with requires me to limit http/https traffic (as shown in your video) but only when an ip address is even. I know this would be with the use of wildcard masks, but can you give an example please? I then need to how that http does not connect but all other traffic does. How would I showcase this please? Many thanks

@ralph_022 10 жыл бұрын

Thanks !!!!! How do you deny a network from rehashing another network using extended ??? Ex deny network 192.168.2.0 - 192.168.2.63 from pinging network 192.168.3.0. Please help

@cbtnuggets 10 жыл бұрын

ralph restituyo We recommend asking these types of questions on our Forum to get other members of the CBT Nuggets community involved: community.cbtnuggets.com/forums

@cnxduo65 9 жыл бұрын

Hey dude; Have any VOD's on how to use object oriented ACL's on say Cisco 2911 routers? Thanks >:-}

@cbtnuggets 9 жыл бұрын

cnxduo65 Thanks for the comment! We do not have a specific object oriented ACL for Cisco's 2911 routers MicroNugget but we have passed along your request for future recording possibilities.

@delson007. 2 жыл бұрын

yo jeremy, ive been trying to figure this out but i cant find anything about it, once you apply the extended access list to the interface, is there a way to delete that?

@400EMP 2 жыл бұрын

Yes, with many commands in Cisco, the best way to remove a configuration is to use the "No" command before the statement. In this case: "no access-list 150" should remove the ACL in its entirety