MY Three weak areas, Suggestions on doing better.

So I was going over my print outs from my last 2 tests and I have 3 weak areas.
LAN Switching Technologies , IP Services ,Network Device Security

I am re reading the chapters on these subjects and making flash cards on questions in these areas as well as watching some videos on them. I am using my Boson testing software to make custom exams for myself. I'm really getting tripped up on answering ACL type questions. The whole inside local, outside local, inside global, outside global questions are really vexing me. Does anyone have a suggestion on how I can get this "right" in my head so I can answer these questions correctly ?

mgmguy1

Find more posts tagged with

Comments

GDaines

mgmguy1 wrote: »

So I was going over my print outs from my last 2 tests and I have 3 weak areas.
LAN Switching Technologies , IP Services ,Network Device Security

I am re reading the chapters on these subjects and making flash cards on questions in these areas as well as watching some videos on them. I am using my Boson testing software to make custom exams for myself. I'm really getting tripped up on answering ACL type questions. The whole inside local, outside local, inside global, outside global questions are really vexing me. Does anyone have a suggestion on how I can get this "right" in my head so I can answer these questions correctly ?

mgmguy1

Have you read this, seems to make sense to me, but then I've seen various explanations posted in these forums before as many people struggle with this, so perhaps I'm getting it in combination with other stuff I've read.

Inside addresses are the LAN (unroutable addresses like 192.168.x.x).
Outside addresses are the WAN (routable addresses often supplied by the ISP).

Local is you, global is the other end.

So your inside local address (for example 192.168.1.10) translates to an outside local public routable address provided by your ISP which is what the world sees you as (for example 82.10.55.12). Traffic traverses the internet to its destination where you reach the outside global address (provided by their ISP), and this is translated to an inside global address to talk to the machine on the LAN at the other end.

james43026

As far as NAT goes, it's all a matter of perspective.

Inside local = IP address of an inside node, before NAT translation, and is the IP address of the node as seen by devices inside your network.

Inside Global = IP address of an inside node, after NAT translation, and is the IP address of the node as seen by devices outside your network

Outside global = IP address of an outside node, before NAT translation, and is the IP address of the node as seen by devices outside your network, usually a public IP address

Outside Local = IP address of an outside node, after NAT translation, and is the IP address of the node as seen by devices inside your network

This will cover you through the CCNA, once you get to CCNP you will start to learn about NVI, which is an enchancement to domain based NAT that you are studying for the CCNA.

What parts of ACL's are you having trouble with?

pinkiaiii

If you have troubles with acls being in or out think like if traffic is coming into device or exiting it,ex you want to block someone out from accessing server in your network from outside so you configure acl to outside,if you want to limit who gets to go on internet etc from your network you put it inside since it will be first point of where router will stop outgoing traffic.

same applies for switches say in your network you want to filter who has access to them so you put ACL inside-since switch will be inside your network,thus anyone trying to console etc will be coming from outside,thus any connection in will be denied/permitted.

main things to watch out is whether extended acl is needed or standard does the job,since on standard you can only specify source and destination while on extended you can specify ip range, protocol, ports and other values.

dan has couple good few videos at explaining ACLs which found helpful https://www.youtube.com/watch?v=4PPUvRj2PvM