Rabu, 03 Juli 2013

ACCESS CONTROL LISTS untuk Menyaring Trafik









Konfigurasikan router-edmonton:
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Router>en
Router#conf t
Router(config)#hostname Edmonton
Edmonton(config)#int fa0/0
Edmonton(config-if)#ip add 172.16.10.1 255.255.255.0
Edmonton(config-if)#no sh
Edmonton(config-if)#^Z
Edmonton#
Edmonton#conf t
Edmonton(config)#int fa1/0
Edmonton(config-if)#ip add 172.16.20.1 255.255.255.0
Edmonton(config-if)#no sh
Edmonton(config-if)#^Z
Edmonton#
Edmonton#conf t
Edmonton(config)#int se2/0
Edmonton(config-if)#ip add 172.16.30.1 255.255.255.252
Edmonton(config-if)#clock rate 64000
Edmonton(config-if)#no sh
Edmonton(config-if)#^Z
Edmonton#
Konfigurasikan router-RedDeer
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Router>en
Router#conf t
Router(config)#hostname RedDeer
RedDeer(config)#int fa0/0
RedDeer(config-if)#ip add 172.16.40.1 255.255.255.0
RedDeer(config-if)#no sh
RedDeer(config-if)#^Z
RedDeer#
RedDeer#conf t
RedDeer(config)#int fa1/0
RedDeer(config-if)#ip add 172.16.50.1 255.255.255.0
RedDeer(config-if)#no sh
RedDeer(config-if)#^Z
RedDeern#
RedDeer#conf t
RedDeer(config)#int se2/0
RedDeer(config-if)#ip add 172.16.30.2 255.255.255.252
RedDeer(config-if)#no sh
RedDeer(config-if)#^Z
RedDeer#
RedDeer#conf t
RedDeer(config)#int se3/0
RedDeer(config-if)#ip add 172.16.60.2 255.255.255.252
RedDeer (config-if)# clock rate 64000
RedDeer (config-if)#no sh
RedDeer (config-if)#^Z
Konfigurasikan router-calgary
--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: n
Router>en
Router#conf t
Router(config)#hostname Calgary
Calgary(config)#int fa0/0
Calgary(config-if)#ip add 172.16.70.1 255.255.255.0
Calgary(config-if)#no sh
Calgary(config-if)#^Z
Calgary#
Calgary#conf t
Calgary(config)#int fa1/0
Calgary(config-if)#ip add 172.16.80.1 255.255.255.0
Calgary(config-if)#no sh
Calgary(config-if)#^Z
Calgary#
Calgary#conf t
Calgary(config)#int se3/0
Calgary(config-if)#ip add 172.16.60.2 255.255.255.252
Calgary(config-if)#no sh
Calgary(config-if)#^Z
Calgary#
Hubungkan masing masing router agar bisa saling terkoneksi
*      Untuk router edmonton
Edmonton>en
Edmonton#sh ip route
                                                172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C       172.16.10.0/24 is directly connected, FastEthernet0/0
C       172.16.20.0/24 is directly connected, FastEthernet1/0
C       172.16.30.0/30 is directly connected, Serial2/0
Edmonton#conf t
Edmonton(config)#router rip
Edmonton(config-router)#ver 2
Edmonton(config-router)# net 172.16.10.0
Edmonton(config-router)# net 172.16.20.0
Edmonton(config-router)# net 172.16.30.0
Edmonton(config-router)#^Z
Edmonton#
Edmonton#sh ip route

     172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
C       172.16.10.0/24 is directly connected, FastEthernet0/0
C       172.16.20.0/24 is directly connected, FastEthernet1/0
C       172.16.30.0/30 is directly connected, Serial2/0
R       172.16.40.0/24 [120/1] via 172.16.30.2, 00:00:11, Serial2/0
R       172.16.50.0/24 [120/1] via 172.16.30.2, 00:00:11, Serial2/0
R       172.16.60.0/30 [120/1] via 172.16.30.2, 00:00:11, Serial2/0
R       172.16.70.0/24 [120/2] via 172.16.30.2, 00:00:11, Serial2/0
R       172.16.80.0/24 [120/2] via 172.16.30.2, 00:00:11, Serial2/0
Edmonton#
*      Untuk router RedDeer
RedDeer>en
RedDeer#sh ip route
                                                172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
C       172.16.30.0/30 is directly connected, Serial2/0
C       172.16.40.0/24 is directly connected, FastEthernet0/0
C       172.16.50.0/24 is directly connected, FastEthernet1/0
C       172.16.60.0/30 is directly connected, Serial3/0Edmonton#conf t
RedDeer(config)#router rip
RedDeer(config-router)#ver 2
RedDeer(config-router)# net 172.16.30.0
RedDeer(config-router)# net 172.16.40.0
RedDeer(config-router)# net 172.16.50.0
RedDeer(config-router)# net 172.16.60.0
RedDeer(config-router)#^Z
RedDeer#
RedDeer #sh ip route
172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
R       172.16.10.0/24 [120/1] via 172.16.30.1, 00:00:17, Serial2/0
R       172.16.20.0/24 [120/1] via 172.16.30.1, 00:00:17, Serial2/0
C       172.16.30.0/30 is directly connected, Serial2/0
C       172.16.40.0/24 is directly connected, FastEthernet0/0
C       172.16.50.0/24 is directly connected, FastEthernet1/0
C       172.16.60.0/30 is directly connected, Serial3/0
R       172.16.70.0/24 [120/1] via 172.16.60.2, 00:00:14, Serial3/0
R       172.16.80.0/24 [120/1] via 172.16.60.2, 00:00:14, Serial3/0

*      Untuk router calgary
Calgary#sh ip route
                                                172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C       172.16.60.0/30 is directly connected, Serial3/0
C       172.16.70.0/24 is directly connected, FastEthernet0/0
C       172.16.80.0/24 is directly connected, FastEthernet1/0
Calgary#conf t
Calgary(config)# router rip
Calgary(config-router)# ver 2
Calgary(config-router)# net 172.16.60.0
Calgary(config-router)# net 172.16.70.0
Calgary(config-router)# net 172.16.80.0
Calgary(config-router)#^Z
Calgary#
Calgary#sh ip route
     172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks
R       172.16.10.0/24 [120/2] via 172.16.60.1, 00:00:20, Serial3/0
R       172.16.20.0/24 [120/2] via 172.16.60.1, 00:00:20, Serial3/0
R       172.16.30.0/30 [120/1] via 172.16.60.1, 00:00:20, Serial3/0
R       172.16.40.0/24 [120/1] via 172.16.60.1, 00:00:20, Serial3/0
R       172.16.50.0/24 [120/1] via 172.16.60.1, 00:00:20, Serial3/0
C       172.16.60.0/30 is directly connected, Serial3/0
C       172.16.70.0/24 is directly connected, FastEthernet0/0
C       172.16.80.0/24 is directly connected, FastEthernet1/0
Calgary#

Setting IP Address
LAN 10.1

Ip Address          172.16.10.5
Subnet mask      255.255.255.0
Defaul gateway                172.16.10.1
LAN 50.1

Ip Address          172.16.50.7
Subnet mask      255.255.255.0
Defaul gateway                172.16.50.1
LAN 20.1

Ip Address          172.16.20.163
Subnet mask      255.255.255.0
Defaul gateway                172.16.20.1
LAN 70.1

Ip Address          172.16.70.5
Subnet mask      255.255.255.0
Defaul gateway                172.16.70.1
LAN 40.1

Ip Address          172.16.40.89
Subnet mask      255.255.255.0
Defaul gateway                172.16.40.1
LAN 70.1

Ip Address          172.16.70.2
Subnet mask      255.255.255.0
Defaul gateway                172.16.70.1
LAN 50.1

Ip Address          172.16.50.75
Subnet mask      255.255.255.0
Defaul gateway                172.16.50.1
LAN 80.1

Ip Address          172.16.80.16
Subnet mask      255.255.255.0
Defaul gateway                172.16.80.1

Terapkan ACL

*      ACL Standart ( network 172.16.10.0 tidak di ijinkan untuk mengakses ke network 172.16.40.0)
RedDeer#conf t
RedDeer(config)#access-list 10 deny 172.16.10.0 0.0.0.255
RedDeer(config)#access-list 10 permit any
RedDeer(config)#int fa0/0
RedDeer(config-if)#ip access-group 10 out
RedDeer(config-if)#
*      ACL Extended ( host dengan ip 172.16.50.7 tidak diijinkan untuk mengakses host yang ip address nya 172.16.10.5)
Edmonton#conf t
Edmonton(config)#access-list 115 deny ip host 172.16.10.5 host 172.16.50.7
Edmonton(config)#access-list 115 permit ip any any
Edmonton(config)#int fa0/0
Edmonton(config-if)#ip access-group 115 in
Edmonton(config-if)#
*      ACL Standart
RedDeer#conf t
RedDeer(config)#access-list 20 permit host 172.16.10.5
RedDeer(config)#line vty 0 4
RedDeer(config-line)#access-class 20 in
RedDeer(config-line)#
Uji koneksi dengan ping
Ada masalah saat melakukan pengujian ping :
v  Pada PC yang IP address nya 172.16.40.89, tidak bisa terkoneksi dengan ip 172.16.10.0. tetapi dengan PC lain bisa terkoneksi.
v  Pada PC yang ip address nya 172.16.10.5, bisa terkoneksi dengan PC yang lain tetapi jika melakukan pengujian dengan ip 172.16.50.7 yang terjadi adalah (RTO) dan dengan ip 172.16.40.89 malah (Destination host unreachable).


 
 
        ========================== Selamat Mencoba =============================
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)