nice .. Thanks for all Videos, I am trying to watch one by one as go a long , very clear explanations... give me A give C give L ... access list lol... Thanks
Keith:- as we know that by default their is explicit deny at the end of the access-list .if have created an access-list with just one statement and that is remark.so technically it should deny all the packet.but it doesn't what would be the problem plz help me
An access-list, that has no permit or deny statements, as well as any access-list that doesn't exist, when applied to an interface takes absolutely no filtering action, whatsoever, including any implicit deny.
A show run will show that your access-list with only a single remark statement is in the running config, and show ip interface, will show that it is applied to the interface, but a "show access-list" won't show as output, as it isn't considered valid.
Keith in the video the host is 1.1.1.1 and the destination is 3.3.3.3 and u have created extended access-list.according to my knowledge the exetended access list is placed closed to source .so why u have not placed it on R1.correct me if i m wrong
Great question. R1 owns the IP address of 1.1.1.1 That being said, if R1 sends pings, sourced from 1.1.1.1 that is traffic generated by R1 himself. Outbound ACLs don't block any traffic that was sourced by that same router. Outbound ACLs can stop transit traffic (other devices traffic that may be denied), but not traffic from the same router who has the outbound ACL.
Great question. If we were going to travel to Disneyland today, but it is closed, and not open for business, when would be the best time to find discover there was no access, before we travel hundreds of miles and waste a lot of fuel, or after we arrive outside the gate at Disneyland. Denying the packet, as early as possible, without otherwise negatively affecting the network, is why we would block on R2 instead of R3.
Thanks for the video. Digging deep into CCNA and my head is where it shouldn't be right now. You managed to clarify a great deal about ACL's. Is there any system impact when using extended lists as opposed to standard, or numbered, lists? The extended ACL kinda reminded me of a basic program from the bad old 80's which is more intuitive to me.
nice .. Thanks for all Videos, I am trying to watch one by one as go a long , very clear explanations... give me A give C give L ... access list lol... Thanks
kxzyan 1 month ago
Keith:- as we know that by default their is explicit deny at the end of the access-list .if have created an access-list with just one statement and that is remark.so technically it should deny all the packet.but it doesn't what would be the problem plz help me
vicky9323480065 6 months ago
@vicky9323480065
An access-list, that has no permit or deny statements, as well as any access-list that doesn't exist, when applied to an interface takes absolutely no filtering action, whatsoever, including any implicit deny.
A show run will show that your access-list with only a single remark statement is in the running config, and show ip interface, will show that it is applied to the interface, but a "show access-list" won't show as output, as it isn't considered valid.
Keith
Keith6783 6 months ago
thanks for ur comment.
vicky9323480065 6 months ago
Keith in the video the host is 1.1.1.1 and the destination is 3.3.3.3 and u have created extended access-list.according to my knowledge the exetended access list is placed closed to source .so why u have not placed it on R1.correct me if i m wrong
vicky9323480065 6 months ago
@vicky9323480065
Great question. R1 owns the IP address of 1.1.1.1 That being said, if R1 sends pings, sourced from 1.1.1.1 that is traffic generated by R1 himself. Outbound ACLs don't block any traffic that was sourced by that same router. Outbound ACLs can stop transit traffic (other devices traffic that may be denied), but not traffic from the same router who has the outbound ACL.
Great question.
Best wishes,
Keith
Keith6783 6 months ago
Hi Keith, I'm a newbie studying for my CCNA, fantastic video. I see a lot of "HOW TO" videos but not much on "WHY", you incorporate both.
QUESTION: Is there any reason WHY you would choose to place the access list on R2 as opposed to say R3?
Chris
veganath 7 months ago
@veganath
Great question. If we were going to travel to Disneyland today, but it is closed, and not open for business, when would be the best time to find discover there was no access, before we travel hundreds of miles and waste a lot of fuel, or after we arrive outside the gate at Disneyland. Denying the packet, as early as possible, without otherwise negatively affecting the network, is why we would block on R2 instead of R3.
Best wishes and thanks for the comments.
Keith
Keith6783 7 months ago
@Keith6783 Makes sense, keep overheads down, thx for your reply;-)
veganath 7 months ago
short but really informative..thanks
samarintine 8 months ago
@samarintine
Thanks for your comments. It is appreciated.
Keith
Keith6783 7 months ago
MagicJolley-
There is not any significant impact difference between a standard access-list that has 50 lines, and an extended access-list that has 50 lines.
Best wishes in your studies,
Keith
Keith6783 1 year ago
Thanks for the video. Digging deep into CCNA and my head is where it shouldn't be right now. You managed to clarify a great deal about ACL's. Is there any system impact when using extended lists as opposed to standard, or numbered, lists? The extended ACL kinda reminded me of a basic program from the bad old 80's which is more intuitive to me.
MAGICJOLLEY 1 year ago
Remote Access
xrystalise 1 year ago
Hello xrystalise-
Yes, VPNs are definitely something I know a little about. What type of VPN is most interesting to you?
IPSec Site to Site
IPSec Remote Access
SSL
or any of the above?
Keith
Keith6783 1 year ago
Hey man , This is a good one , Appreciate it . Do you have any videos (offcourse! it should be your make ) anything about VPN's ?
xrystalise 1 year ago
@xrystalise
I added a VPN video last month. Hope you enjoy it.
Best wishes,
Keith
Keith6783 7 months ago
Hey thanks for posting.
Ur video is very clear and easy to understand, and very dynamic, too. Thx.
minhthienle 1 year ago