Subtitles of the Movie

If we want to take a look at our new access list, we can simply type 'show run', and then press the space bar couple of times and we'll come down to the line that says access list and has the number that we identified. And then if what we want to do is determine where to apply this list, then what we need to do is picture ourselves as the packet that is trying to make this journey. So for example we want to deny traffic in this case going from 10.10.2.0 to 192.168.0.0, if it's equivalent to telnet. Now we know that access list will identify that traffic. So what we've got to do is figure out where we are going to put this guard in our network. So what we do is we take a look at our network topology. Take a look at where the 10.10.2.0 network is and where the 192.168.0.0 network is. And how those two could be physically connected together. And then as we look at that picture, then it will become evident where we need to put the guard. And to put the guard, we just go to the particular interface where the guard needs to stand, and we put in the command to put the guard there. So for example in this case, say we decided by looking at our network topology, that the best way to stop traffic from going from 10.10.2.0 to 192.168.0.0 was to, on router-A on interface Ethernet-0, we will put that guard right on the outside of that interface. Well then we just go that interface. So I type conf t, and then interface e0, so now I am in interface mode in Ethernet-0, and now I am going to set the guard. To set the guard I use an access group command. So I am going to type - ip access-group - and then the command or the number that we used, that'd be 101, and where do I want the guard to stand; on the inside of the door. So I type 'in' and then press enter. That sets the guard on the inside of the door that applies that access list. So it's as simple as that. Now not every access list is this simple. Some access list seem like that want us to contradict ourselves, that they want the same access list to do two different things and it seems like they can't. But the thing to remember then is we can catch the packet going either way. So as you learn more and more about access lists and about traffic flow, it gets very interesting as to how we can set these up. And in later lessons, we will take a look at much more complex access lists. One thing that we might want to set access lists to limit would be telnet traffic as we did in this example. We've talked about telnet a lot in this training, but we really haven't demonstrated telnet. So in our next section, we will focus on telnet. That's next. ut we really haven't demonstrated telnet. So in our next section, we will focus on telnet. That's next.