ACL Standard dan Extented
| Nama :Anggita Tri Widiastuti |
Konfigurasi ACL Standard dan Extented
|
Tanggal :Selasa, 22 Nov 2016 |
| Kelas : XII TKJ 2 | SK/SD: | |
| No. Job : 16 | Guru: Maman Hariana S.kom |
TOPOLOGI
1. ACL Standard
Standard (1-99) --> Melakukan
filter berdasarkan dari IP saja.
Diletakkan di paling TERDEKAT dari DESTINATION (IP tujuan).
Langkah - Langkah Konfigurasi
Ip address
PC0 : 192.168.10.2/24, gateway 192.168.10.1
PC1 : 192.168.20.2/24, gateway 192.168.20.1
R1 : Fa 0/0 => 12.12.12.1/24, Fa 0/1 => 192.168.10.1/24, Fa 0/1/0 => 192.168.20.1/24
R2 : Fa 0/0 => 12.12.12.2/24, Fa 0/1 => 20.20.20.1/24
Server : 20.20.20.2/24, gateway 20.20.20.1
Setting R1
R1#enable
R1#configure terminal
Enter configuration commands, one per line. End withb CNTL/Z
R1(config)#int fa0/0
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int fa0/1
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int fa0/1/0
R1(config-if)#ip address 192.168.20.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#network 12.12.12.0 0.0.0.255 area 0
R1(config-router)#network 12.12.12.0 0.0.0.255 area 0
R1(config-router)#network 192.168.10.0 0.0.0.255 area 0
R1(config-router)#network 192.168.20.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#do wr
Building configuration...
[OK]
R1(config-router)#network 192.168.20.0 0.0.0.255 area 0
R1(config-router)#exit
R1(config)#do wr
Building configuration...
[OK]
Setting R2
R1#enable
R1#configure terminal
Enter configuration commands, one per line. End withb CNTL/Z
R1(config)#int fa0/0
R1(config-if)#ip address 12.12.12.2 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int fa0/1
R1(config-if)#ip address 20.20.20.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R2(config)#router ospf 1
R2(config-router)#network 12.12.12.0 0.0.0.255 area 0
R2(config-router)#network 20.20.20.0 0.0.0.255 area 0
R2(config-router)#exit
R2(config)#do wr
Building configuration...
[OK]
R2(config-router)#network 12.12.12.0 0.0.0.255 area 0
R2(config-router)#network 20.20.20.0 0.0.0.255 area 0
R2(config-router)#exit
R2(config)#do wr
Building configuration...
[OK]
Untuk memblokir akses dari PC1 ke Server
R2(config)#access
R2(config)#access-list 1 deny 192.168.10.0 0.0.0.255
R2(config)#access-list 1 permit any
R2(config)#int fa 0/1
R2(config-if)#ip access-group 1 out
R2(config)#access
R2(config)#access-list 1 deny 192.168.10.0 0.0.0.255
R2(config)#access-list 1 permit any
R2(config)#int fa 0/1
R2(config-if)#ip access-group 1 out
Tes konfigurasi
a. tes yang bisa di ping
2. ACL Extented
Extended (100-199)->Melakukan
filter berdasarkan IP, TCP/UDP, dan
port. Diletakkan di paling TERDEKAT dari SOURCE (IP asal).
Langkah - Langkah Konfigurasi
Tambahkan konfigurasi dibawah ini pada R1
R1(config)#access-list 100 deny tcp 192.168.10.0 0.0.0.255 host 20.20.20.2 eq www
R1(config-if)#access-list 100 permit ip any any
R1(config-if)#int fa0/1
R1(config-if)#ip access-group 100 in
R1(config-if)#exit
R1(config)#
Tes konfigurasi
Tidak ada komentar:
Posting Komentar