My I just say that I was using a study guide, and found it a challenge to understand the inbound & outbound parts of ACL's, untill I surfed this particular vid. I Started with the standard ACL, then on to this one, simply because you make it so easy to understand & like your presentation style. How very good. Thanx a million. Mandla - South Africa.

i really like that you are mentioning , there is a implicit deny all which is a very important thing to keep in mind while configuring acls

very useful video. I had a confusion of how to put a permission to a specific host and now its clear. I watched all your ACL videos , it tooks about 1 hour but I get it the most. thank you :)

Dan the man, great tutorials, very thorough and well iterated.

I am getting both the standard & extended ACLs quickly and that's because of you cheers mate

thanks for your tutorial very clear explanation and I understand easily. because u have a actual presentation. this video are one of masterpieces hahaha.

No doubt ....... THE BEST TEACHER. 👍👍 Clear & perfect.

Cisco recommends that you disable the ACL on the interface before you change the statements in the list.You have ACL 100 enabled on R1's interface fa0/1 for inbound packets. @ 4:24 you delete list 100 so that all packets are allowed through. When you enter a single access-list 100 command and you press Enter, the list exists. The router filters all packets in-bound on fa0/1 based on the one-line list. Therefore you might temporarily filter packets you don’t want to filter. Just a thought...

Thanks for such clear explanation!. Wish you good health and all the best.

Amazing and clear explanation thanks a lot. Please keep doing it.

Great video.........you are providing a great resource for extending my understanding the Cisco literature.

You're doing a great job man... 😘😘😘

Dan, I just want to say thanks a million for your videos. You have been a very big help for me. I am new to Cisco concepts and I got an assignment that was a big headache...but...following your videos helped big time. I do have one issue tho...I cant figure out how to do the vPCs. I am using the catalyst 2960-24TT but I cant seem to get the vPC feature enabled. I would really love to get your help. Tnx again and keep up the good work.

LOVE U Man :'( Whatever I score in this exam is 99% thanks to you!

Some of the best videos on ACL's. Really wish I saw this before my exam lol. Thank you for this!

Thanks for this video, it is very helpful! I've been struggling with ACL's in my preperation for the CCNA cert and this cleared up a few things for me:)

Great tutorial! Helped me a lot for an assignment!

very clear and easy to understand, thank you very much. subscribed to your channel sir

Thanks Dan. This is excellent

thanx it is amasing tutorials

thank u very much, learnt lot from your video tutorials

Thank you for letting me understand this!!!

Hi I would like to ask if I connect a third router to right side swich what will be a second router to the switch , how can I configure it inclusive static routing? thank you frank

Hello, Thank you for the video, i have one question. Can i leave the port number empty? Thank you.

if I add a second router let say using port 81 will not work is there any chance to do that ? thank you.

thanku so much sir :) #danscourses you solved my problem

Very useful. THnaks!

Hello sir. Tnx for the video. May I ask if we can apply more than one access group in an interface? And if we can, how will it treat the individual conditions set in access lists. Many thanks in advance.

Dan plz how did u give R0 to 3 interfaces its allows only 2 interfaces, how did you give Eth0/0/0...plz help me

I don't know if this was stated, but it would have been better to have the extended access list deny access instead of permit as all traffic is already permitted. Thoughts?

thank you for the video...very useful

Thanks a whole lot

II am working on project, and has to implement extended acl, class map and service policy. I need to make difference between pc and laptop because the PC plays the role of an FTP server and it must be 2 times more bandwidth than the Laptop0. I need to Change the configuration to be able to provide this service through the use of access-list . I am not exactly getting what does it mean.? Thanks in advance

THX your method is very cool, thx a lot

Much appreciated! Thank you !

Thank you for letting

Thank you Dan. Awesome

Really nice your explanation, everything worked for me! But I have a question... What if I want to give the destination the permission to access all the sources, but I don't want 2 of the sources (for example 192.168.2.100 and 192.168.2.101, as you did) access the destination? Is that possible?

Do you have the packet tracer for this demonstration to download??

Nice Video ... Thank you so much..

Congratulations!! . I like your videos a lot! . :-)

you are the best Dan thank you so much

Whyd we place eq 80 again? I was kinda lost on that part

whats the difference between putting "ip access-group 100 out" vs "ip access-group 100 in" on an interface? like what effect does that do?

thank you very much

saludo profe pasten

why it's port 80 ?can anyone explain it.. ? and i doing evrything exactly same but can't access server (192.168.1.254 ) ......????

Thank you so much :)

What if I ping 2.100 from 4.100. Is it get block? If yes. Why is it? Only the 1.100 is configured to be denied.

How do you know when to use the command of "tcp, IP, udp"?

much appreciated.

I had to do a no access-list 1 on R0, in order to get that address to ping. This was set in the Video prior, extended access list, which there was not mention to do this prior to setting up the extended access list in this Video. Please make a note. Thanks...

Thanks sir

thanks man

whenever i am writing this command as mention in video for my access-list 106 access-list 106 deny any any (% Invalid input detected at '^' marker). why?

i am confused :( all this time it is the server granting access to port 80, i thought it was the network on the right doing that

thank you

Thank you!

Thank you so much for your help, you're the best Sir. Please, I have a question : why can't we ping to the SERVER even we can reach it ? Thank's in advance.

nice

The Video is great, however I ran into a problem trying to ping the interface 192.168.1.100. According to the blog it has to do with R0's deny statement. Did I miss something? learningnetwork.cisco.com/thread/79091

Its kinda fucked up that an entire access list has to be deleted to then set the order properly for the access list. What if this was real world situation, and your access list was huge ? Would you delete your entire access list of the entire company, to then spend most likely days on end to rebuild the access list all over again, just to add things to the list and put it in order.... There has to be a simpler way of doing this and setting proper order instead of having to delete the entire list..... This is what I gathered by this video, which is daunting to find out that you have to delete the entire list in order to create an updated list thats in order.

salma akasbi because ping use icmp protocol he only permitted tcp protocol thatswhy we cant ping server its cuz of impilictly deny rule

si prmit 192.168.2.100 ,192.168.2.200 via 192.168.1.0 deny any any

Great video... Stop saying right?