Understanding Access Control Lists | Network Fundamentals Part 14
ฝัง
- เผยแพร่เมื่อ 7 ก.ค. 2024
- Understanding Access Control Lists | Network Fundamentals Part 14
ACLs, or Access Control Lists, are one of the fundamental ways to control or influence the traffic flowing through your network.
They can be used in several different ways, but in this video we’ll look at how to use ACLs as a packet filter. Packet filters use ACL’s to control traffic that is and is not allowed through the network.
An ACL is, as the name suggests, a list containing Access Control Entries (or ACE). Each entry is a rule, with ‘match’ conditions. If traffic matches these conditions, then an action (permit or deny) is applied.
Standard ACL’s are the original type, and can only match based on source address. Extended ACLs are newer can can match on a variety of criteria.
There are several ways that ACLs can be configured. Numbered ACLs, is where each entry in the ACL is identified by a number. Named ACLs are more advanced, and group the entries inside a container.
This video contains a lab, where you can see how to configure all these options.
Lab: networkdirection.net/labsandq...
Quiz: link: networkdirection.net/labsandq...
Firewall ACLs: • Configuring Access Con...
Cisco Learning Network: learningnetwork.cisco.com/wel...
Patreon information: networkdirection.net/patreon/
CCENT/CCNA ICND1 100-105 Official Cert Guide (affiliate):
click.linksynergy.com/link?id...
In the next few videos, we’re going to have a look at ARP, DHCP, and DNS.
Overview of this video:
0:00 Introduction
0:28 What are ACL’s For?
1:00 Anatomy of an ACL
3:11 Wildcard Masks
5:45 Quiz Time
5:55 Types of ACLs
7:49 Applying ACLs
9:32 Quiz Time
9:42 Lab
20:48 Quiz Time
21:02 What about Firewalls?
LET'S CONNECT
🌏 / networkdirection
🌏 / netwrkdirection
🌏 / networkdirection
🌏 www.networkdirection.net
#NetworkDirection - วิทยาศาสตร์และเทคโนโลยี
![[안방1열 풀캠4K] 베이비몬스터 'FOREVER' (BABYMONSTER FullCam)│@SBS Inkigayo 240707](http://i.ytimg.com/vi/_2HL-ogzzBU/mqdefault.jpg)
finally a channel that acturly make content where i don't fall asleep trying to learn. Thanks friend!
Glad you enjoy it!
Nice Content and Great Channel i refresh my Lesson in Networking in IT, God Bless Sir.....
Perfect, i'm working on ACL's currently. This is just... PERFECT!!!
Really glad to hear this!
Same here
Great work as always
timelapse from Romania ! ! !
Thank you ! Very well explained. Blessings from Germany
Danke!
you are the best teacher ever.
I wouldn't go that far, but thanks!
Excellent just Excellent video!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Thanks!
In earlier videos we discussed that routers are primarily layer 3 devices. And devices on a lower layer have no information about higher layer attributes. But in case of ACLs, routers are able to allow our deny traffic basis port numbers.
I'm not sure if that's a question?
But let me try to explain. Devices at lower layers operate primarily at that layer. Routers operate primarily at layer-3 (routing is layer-3, routers primarily route traffic). They also have some knowledge of layers 1, 2, and 4.
When a packet comes in, the traffic will have layer-4 information embedded in the layer-3 packet. The layer-3 packet itself is within a layer-2 frame.
So, the router is able to see TCP or UDP port numbers (layer 4) and make decisions based on that.
very helpful for my exam,thansk,liked and subbed:)
very clean explanaiton, thank you!:)
You're welcome!
great videos that you are making Sir... for your Q1 answer will be 1st and 4th IP's since CIDR for this wildcard mask will be 20, and these 2 IP's match network IP given...
This literally took me so long to figure out, I think the question is way harder then what was explained, I had to pause and google what I was missing to figure this out, but it just clicked that there are 2 answers not 1 after 30mins.
this is really good work! create more videos!
More on the way!
uugh i read cisco entire 2 chapters for ACLs and am swamped with information- thanks for the vid. I learned the function of 'do' !
Glad it was helpful!
Nice Video! Well said! Everything is organized! Will subscribe to your channel!
👍
there is a typo from the same network topology from the last video its the subnet ip address thanks for your videos btw
What is the basic deifferent between ACL and Firewall features? Are both the same?
ACLs identify traffic. This could be based on things like IP address or port information. We can then apply actions to this traffic. This could be things like block and allow. There are other more advanced actions too.
So ACLs can be used in a basic firewall.
A "real" firewall had more advanced features. They can look deeper into the traffic. You firewall might allow web traffic (most do). But what if someone downloads a virus from a web page? An ACL will allow this to happen (it will see web traffic as legitimate and allow it). A firewall will look deeper and (if configured right) will block the virus.
ACLs were also a tricky concept starting out.
Yes, true
There is a mistake at 10:00 with the VLAN subnets. They are both on the 192.168.10.X network. Great job by the way.
It should be 192.168.10.0/24 and 192.168.20.0/24.
Question: you said that the first ACL is an extended ACL, but it has numbers in the range 1-99, which you said is the range for standard ACLs. Which is it? Thank you. Edit: never mind, looks like you meant the numbers for the Access Control Lists must be in the range, whereas the entries can have any number. Just seemed confusing since the 6:43 entries contained entries as well, causing me to assume they're indeed entries rather than actual lists.
The video from the begining of the course is from Romania
I've been told that. It's the free stock footage from Pixabay
Are the answers of the quiz the first and the last?
can I have a video on how to set up a computer lab?....Please
There are many different options depending on what you're looking for, and there's lots of tutorials already out there.
You may want to look into packet tracer, GNS3, VIRL, EVEng, and see what suits your needs.
Try the lab here: networkdirection.net/labsandquizzes/labs/lab-configuring-acls/
And the quiz here: networkdirection.net/labsandquizzes/quizzes/acls-quiz/
And if you're adventurous, try the Firewall ACLs: th-cam.com/video/gFqzZm1-KH8/w-d-xo.html
These links appear to point to the wrong place.
are you in Romania?
5:50
is b) the correct answer?
10.22.16.0
No response? Just thumbs up? I'm guessing the . 15 is supposed to be a . 255 in which case they're all accepted?? We are only matching 10.32. And the last two octets can be anything. Otherwise the . 15 is throwing me off
No, it's a and d
@@az_fezz4397 But where did he explain the range of a partial mask? 255 makes perfect sense. 15 makes less, and adding the 32 from the third octet makes it EVEN MORE confusing.
I understand your math, but the problem Is that I don't know where you got that information.
So as long as the 32 bit stays the same, the ACL/mask will let it through? It doesn't have to match 32 exactly? Am I safe to assume that just having the mask "extend" into the 3rd octet is enough to "trigger" the mask-logic.
Also, your binary is off, which I think threw me for a loop. 32 = 0010 0000. so 37 = 0010 0101 and 44 = 0010 1100.
...
I think my brain got it....
Thanks for helping me talk myself through it!
@@SquidChild Thanks for correcting me (should have googled the binary for those numbers), too tired to go through it again hh. I'll edit the message so no one gets confused.
why is there a video fragment with traffic in Romania and more important a commercial to the most controverted party (the Social Democrat Party) that ever governed in Europe in the last 30 years
BRO, just take my money pls
You're content is so good ! Thank you
Hahaha! Thanks for the thought. Glad you like it.
If you're serious, I do have patreon (no pressure though)
www.patreon.com/NetworkDirection
@@NetworkDirection Already done ;)
i love you