1

00:00:01,138  -->  00:00:06,000
In the previous video, we already
learn about direction in access list.

2

00:00:06,467  -->  00:00:11,637
Now we have an access list to
block from vlan 20 to the server.

3

00:00:12,086  -->  00:00:20,560
Let’s check it, do show access list,
here we have access list 1 to block

4

00:00:20,560  -->  00:00:28,857
from vlan 20 and permit any, and this
access list is assign to interface fa0/0,

5

00:00:29,326  -->  00:00:30,444
let’s check it,

6

00:00:32,443  -->  00:00:38,801
here we can see that in fa0/0, there
is a command to assign the access-list.

7

00:00:39,526  -->  00:00:43,789
In the router 1, actually we also have access-list,

8

00:00:44,197  -->  00:00:50,911
let’s check it, here we also have access-list 1. But if we try show run,

9

00:00:53,698  -->  00:01:01,157
here we can see that the access list is not assign
to any interface. So this access list is not used.

10

00:01:01,409  -->  00:01:09,564
So now, from vlan 20 to router 1 and router 2
should be ok, but vlan 20 to server will failed.

11

00:01:10,646  -->  00:01:18,413
Now let’s try with new case, let’s say we
also want to block from pc 0 to the server.

12

00:01:18,824  -->  00:01:24,444
Pay attention that we only block
from pc0, not from vlan 10.

13

00:01:24,972  -->  00:01:32,203
So pc 1 should be able to ping to the server.
but vlan 20 and pc 0 should be failed.

14

00:01:32,830  -->  00:01:38,739
Let’s try it first, pc 0 to
server, okay this is success.

15

00:01:39,212  -->  00:01:46,714
So now let’s add the access list to block from
pc 0. Let’s check the ip address of pc 0 first,

16

00:01:48,757  -->  00:01:53,322
here we can see that the
ip address is 192.168.10.2.

17

00:01:54,818  -->  00:02:03,095
Okay go to router 2, configure
terminal, and then access-list

18

00:02:03,095  -->  00:02:09,527
1 deny, because we only want to
block 1 pc, so we can use host.

19

00:02:10,504  -->  00:02:18,278
So deny host, and then the ip address
of pc 0, which is 192.168.10.2.

20

00:02:20,215  -->  00:02:22,235
Let’s see the access list again,

21

00:02:24,516  -->  00:02:32,708
here we can see that now we have rule to
block from 192.168.10.2, which is pc 0.

22

00:02:34,418  -->  00:02:43,644
Let’s test ping from pc 0 to server again, here
we can see that the result is still success.

23

00:02:44,215  -->  00:02:52,659
Let’s see on the router 2, do show access list.
we can see that we don’t have any match here.

24

00:02:53,064  -->  00:03:01,496
But we have new match in the permit any, the
match for permit any before is 21, but now 22.

25

00:03:02,123  -->  00:03:07,127
So the packet from pc 0 to the
server is match with this rule.

26

00:03:07,692  -->  00:03:13,318
Let’s test again, here the match is 22, let’s
test send packet from pc 0 to the server,

27

00:03:14,350  -->  00:03:22,641
let’s see in the router again, here we can see
that now the match in the permit any is 23.

28

00:03:23,495  -->  00:03:31,101
why packet from pc 0 match with this rule? This
is because, access list will read the rule

29

00:03:31,101  -->  00:03:39,816
from top to the buttom. Here we have
number 10 20 30, this is a sequence number

30

00:03:40,295  -->  00:03:45,198
when pc 0 send packet to the server,
router will read the access list,

31

00:03:46,025  -->  00:03:52,258
the packet is not match with the first rule,
and then router will read second rule,

32

00:03:52,850  -->  00:04:01,767
and here the packet is match, because the source is any.
This is why from pc 0 to the server is success.

33

00:04:02,486  -->  00:04:10,068
So, to block from pc 0, we need to create
the rule with sequence number lower than 20.

34

00:04:10,492  -->  00:04:17,151
Let’s say 17 or 15 or anything,
as long as lower than 20.

35

00:04:17,821  -->  00:04:18,967
Let’s try it,

36

00:04:19,704  -->  00:04:28,074
First, we need to go to the access list, the
command is ip access-list and then here standard,

37

00:04:29,747  -->  00:04:31,324
and then the id.

38

00:04:33,126  -->  00:04:40,874
Next we need to remove the rule with sequence
number 30 first, the command is no 30.

39

00:04:41,489  -->  00:04:43,521
Let’s see the access list again,

40

00:04:46,646  -->  00:04:50,899
here we can see that now
sequence number 30 is gone.

41

00:04:51,532  -->  00:04:58,271
Next let’s create rule to block from
pc 0 with sequence number lower than 20.

42

00:04:58,732  -->  00:05:06,998
Let’s say I use sequence number 15
and then deny host 192.168.10.2.

43

00:05:07,772  -->  00:05:11,120
So here we define the
sequence number that we want.

44

00:05:13,126  -->  00:05:21,441
Let’s see the access list again, do show access
list, okay here we have sequence number 10,

45

00:05:21,507  -->  00:05:28,216
and then 15 that we just add, and finally
we have sequence number 20 to permit any.

46

00:05:28,806  -->  00:05:39,545
Now pc 0 should not able to communicate with
server. Let’s try, okay the result is failed.

47

00:05:40,387  -->  00:05:45,286
Okay I think enough for this video, I
hope you understand about the concept

48

00:05:45,286  -->  00:05:47,905
of sequence number in access list.

49

00:05:48,460  -->  00:05:51,643
Thankyou for watching and see you on the next video.