12 Replies Latest reply: Mar 15, 2014 3:43 PM by H&M RSS

    Classifying Traffic with Access Lists - Study Session 3 of 12 Discussion Thread

    Brett Lovins, Community Manager

      Please post your questions and conversations for André's 3rd session on Feb 7th.


      I've place the graphics from today and attached (PDF) of today's command line.


      To review recordings and register for other sessions:


      CCNA Routing and Switching Study Sessions with André Laurent






      Message was edited by: Brett Lovins, Community Manager - added some graphics and the command line with notes

        • 1. Re: RS Study Session 3 - Post Seminar Discussion Thread

          Superb Session........Andre Laurent......Will Follow You.......

          Brett Thanks for the Quick Link...

          • 2. Re: RS Study Session 3 - Post Seminar Discussion Thread

            Great job today Brett, Andre and all the participants! Can't wait till Feb 17th!


            PS: I wanted to suggest you an easier way (at least for me) for calculating wildcard mask. For example if we have /26  the mask is and Andre said that the wildcard mask is because 255-192=63. To be honest it's defficult for me to subtract 255 and 192 (or 128, 224, 240 and etc.) in my mind! It's easier for me to calculate it using the powers of 2. I know that 192(10) = 11000000(2) => we have 6 zeros so 2^6=64-1=63. If we have /28 for example:

            subnet mask = and wildcard^4-1 =>


            Hope you get my point and some of you will find it easier that way

            • 3. Re: RS Study Session 3 - Post Seminar Discussion Thread

              Excellent sessions. Totally like the interactive method.


              In today's session, I was hoping to get a firm understanding of in/out aspects of applying access-lists. I have read a lot by now and have seen several videos. I am still at the point where I feel I do not have a complete grasp of exactly why one should apply ACL to either Inbound or Outbound interface.  It gets complicated for me when the topology is compex.  The struggle is as same as initially struggling with subnetting (I can claim to have surpassed that challenge by now).


              I am hoping there are still some resources available which I can review to get a better understanding.



              • 4. Re: RS Study Session 3 - Post Seminar Discussion Thread
                James W. Vickery III

                Good times. Sorry about earlier, fingers out paced my brain .


                I don't know about everyone else but wildcard masks give me quite a headache depending on how they are used. Firewall rules or nat, no problem, anything else and it starts to get fuzzy. I am glad we spent more time with them. I never really got what regular subnet masks were doing until I ran across something that explained that the mask and the ip address gets compared using a logical AND operation. Wildcard masks have something similar going on underneath the hood I take it? WIthout knowing "what" something is doing and "why" I tend not to have a very good foundational picture of the process which makes topics that involve that subject rocky ground.


                Thank you again for your time, the both of you. I am enjoying seeing hands on examples of the things I am learning.

                • 5. Re: RS Study Session 3 - Post Seminar Discussion Thread

                  I didn't attend the first couple of sessions for this , but will say that just sitting in for the first 20 minutes  , it seems like it was a total shambles and if having knew it was going to be starting at fundamental basics of what access-lists where , I would have not signed up for it .


                  I mean the subject matter in this prefix-lists and route maps are not even at the CCNA level and are not even talked about until the CCNP level , it felt at times like being back at junior or middle school . I mean there is basics in something , but starting right at the start then working all the way up to prefix-lists and route maps in one session , even touching on how they work you have to a good grasp of access-lists , but if starting from the real basics of it nope was not going to sit listen to that , sorry for the negative comment , but this is the first webinar that has brought me to make such a comment on the content within it,


                  I have signed up for others which I have no idea if they are going to be the same like BGP and policy based routing which are both CCNP level , if that is the way of teaching it is like not for me . not sitting at a wee single desk anymore.

                  • 6. Re: RS Study Session 3 - Post Seminar Discussion Thread
                    Andre Laurent, 3xCCIE/CCDE



                    I appreciate the feedback. Sounds like this series is not a good fit based on your comments which would make sense if you already has a solid background in the basics. I completely understand disappointment associated with not getting what one expects. You are more than welcome to connect with me directly on LinkedIn to discuss your personal development strategy should you feel that there is value in doing so. No obligation obviously. Perhaps there are some other offering that I am aware of that might be a better fit for for you. Best of luck in your journey and again please feel free to reach out directly if it makes sense.

                    • 7. Re: RS Study Session 3 - Post Seminar Discussion Thread

                      Would seem that is a good idea there for me connect with you on LinkedIn , and see where that does take me . Would like to ask though on the sessions on things like policy based routing and also BGP are they just going to be the fundamentals of both of them along with the zone based firewall session.


                      Having already gone through and got a good understanding of BGP and also policy based routing , would it be an idea to then get it coming from a different perspective rather from just reading about it and only getting an overview from other sources .


                      Or is this kind chat better suited for LinkedIn.

                      • 8. Re: RS Study Session 3 - Post Seminar Discussion Thread

                        It was a superb session Andre. Thanks Brett for link.

                        • 9. Re: RS Study Session 3 - Post Seminar Discussion Thread
                          Andre Laurent, 3xCCIE/CCDE



                          Let's chat directly outside of the forums one on one and figure out what makes sense. It is important you get what you personaly need and I am confident between us that we can come up with a plan

                          • 10. Re: RS Study Session 3 - Post Seminar Discussion Thread

                            Yeah lets do that and see where things do stand and where I need to go in all of this .

                            • 11. Re: RS Study Session 3 - Post Seminar Discussion Thread
                              James W. Vickery III

                              I somehow forgot about NAND (Not And) this is whats going on with the wildcard mask yes? Since it's the opposite of AND logic? Maybe I'll run across some nice video tutorial.

                              • 12. Re: RS Study Session 3 - Post Seminar Discussion Thread



                                I missed the session but managed to review the videos!


                                Very useful information for me: I finally put the Parental Control in place in my home network (using a Cisco box of course!) by blocking all DNS (Domain) traffic to external servers and allowing only the DNS (Domain) traffic to my DNS with Parental control.


                                Until today the Parenthal Control was done in another box that was able to intercept all DNS traffic and resend it to the DNS server with Parenthal Control. (this old box is a Linksys with Tomato USB)


                                I do not know how to "force" my Cisco router to intercept and redirect all DNS trafic so I used the "deny" path: No DNS trafic get out from the hosts through router. The hosts must use the Cisco DNS service (I've started it), service that is set to use only the Parental Control DNS server.


                                Waiting next session!