• Minggu, 07 Juli 2013

    Acces Control List ( ACL )

    Published : 07.06 Author :


    Oke semua, Langsung aja kita mulai 

    Langkah Pertama:  

    - Atur semua router :

    Router (config) # int fa 0/0
    Router (config-if) # ip add 172.16.10.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router 0
    Router >en
    Router #conf t
    Router (config) #int fa 1/0
    Router (config-if) # ip add 172.16.20.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router (config) # int se 2/0
    Router (config-if) # ip add 172.16.30.1 255.255.255.0
    Router (config-if) # clock rate 64000
    Router (config-if) # no sh
    Router (config-if) # z^
    Router # wr mem



    Router 1
    Router (config) # int fa 0/0
    Router (config-if) # ip add 172.16.40.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router >en
    Router #conf t
    Router (config) #int fa 1/0
    Router (config-if) # ip add 172.16.50.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router (config) # int se 2/0
    Router (config-if) # ip add 172.16.30.2 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router (config) # int se 3/0
    Router (config-if) # ip add 172.16.60.1 255.255.255.0
    Router (config-if) # clock rate 64000
    Router (config-if) # no sh
    Router (config-if) # z^
    Router # wr mem


    Router 2
    Router >en
    Router #conf t
    Router (config) #int fa 1/0
    Router (config-if) # ip add 172.16.80.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router (config) # int fa 0/0
    Router (config-if) # ip add 172.16.70.1 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # exit

    Router (config) # int se 3/0
    Router (config-if) # ip add 172.16.60.2 255.255.255.0
    Router (config-if) # no sh
    Router (config-if) # z^
    Router # wr mem

    Langkah Kedua  

    -Configurasi  semua router agar bisa saling terhubung menggunakan OSPF

    Router 0

    Router # sh ip route
    172.16.0.0/24 is subnetted, 8 subnets
    C       172.16.10.0 is directly connected, FastEthernet0/0
    C       172.16.20.0 is directly connected, FastEthernet1/0
    C       172.16.30.0 is directly connected, Serial2/0
    Router #conf t
    Router (config) #router ospf 70
    Router(config-router)#net 172.16.10.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.20.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.30.0 0.0.0.255 area 0
    Router(config-router)# z^
    Router # wr mem

    Router 1

    Router # sh ip route
    172.16.0.0/24 is subnetted, 8 subnets
    C       172.16.30.0 is directly connected, Serial2/0
    C       172.16.40.0 is directly connected, FastEthernet0/0
    C       172.16.50.0 is directly connected, FastEthernet1/0
    C       172.16.60.0 is directly connected, Serial3/0
    Router #conf t
    Router (config) #router ospf 70
    Router(config-router)#net 172.16.30.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.40.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.50.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.60.0 0.0.0.255 area 0
    Router(config-router)# z^
    Router # wr mem

    Router 2

    Router # sh ip route
    172.16.0.0/24 is subnetted, 8 subnets
    C       172.16.60.0 is directly connected, Serial3/0
    C       172.16.70.0 is directly connected, FastEthernet0/0
    C       172.16.80.0 is directly connected, FastEthernet1/0
    Router #conf t
    Router (config) #router ospf 70
    Router(config-router)#net 172.16.60.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.70.0 0.0.0.255 area 0
    Router(config-router)#net 172.16.80.0 0.0.0.255 area 0
    Router(config-router)# z^
    Router # wr mem

    Nah klo sudah  sekarang coba kita cek, dengan mengirim pesan dari salah satu pc ke pc lain dengan router yang berbeda pasti bisa
    Selanjutnya



    Langkah Ketiga

    - Setting IP Address


    LAN 10.1

    Ip Address          172.16.10.5
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.10.1
    LAN 50.1

    Ip Address          172.16.50.7
    Subnet mask      255.255.255.0
    Defaul gateway               172.16.50.1
    LAN 20.1

    Ip Address          172.16.20.163
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.20.1
    LAN 70.1

    Ip Address          172.16.70.5
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.70.1
    LAN 40.1

    Ip Address          172.16.40.89
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.40.1
    LAN 70.1

    Ip Address          172.16.70.2
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.70.1
    LAN 50.1

    Ip Address          172.16.50.75
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.50.1
    LAN 80.1

    Ip Address          172.16.80.16
    Subnet mask      255.255.255.0
    Defaul gateway                172.16.80.1

    Langkah Keempat

    - Terapkan ACL


          ACL Standart di R1,karena ip 172.16.10.0 tidak di ijinkan untuk terhubung dengan  
    net 172.16.40.0
    Router#conf t
    Router (config)#access-list 10 deny 172.16.10.0 0.0.0.255
    Router (config)#access-list 10 permit any
    Router (config)#int fa0/0
    Router (config-if)#ip access-group 10 out
    Router (config-if)#


          ACL Extended di R0, karena host 172.16.10.5 menolak untuk conecsi dengan host 172.16.50.7
    Router#conf t
    Router (config)#access-list 115 deny ip host 172.16.10.5 host 172.16.50.7
    Router (config)#access-list 115 permit ip any any
    Router (config)#int fa0/0
    Router (config-if)#ip access-group 115 in
    Router (config-if)#
          ACL Standart di R2
    Router#conf t
    Router (config)#access-list 20 permit host 172.16.10.5
    Router (config)#line vty 0 4
    Router (config-line)#access-class 20 in
    Router (config-line)#
    Uji koneksi dengan ping
    Ada masalah saat melakukan pengujian ping :
    Pada PC yang IP address nya 172.16.40.89, tidak bisa terkoneksi dengan ip 172.16.10.0. tetapi dengan PC lain bisa terkoneksi.
     Pada PC yang ip address nya 172.16.10.5, bisa terkoneksi dengan PC yang lain tetapi jika melakukan pengujian dengan ip 172.16.50.7 yang terjadi adalah (RTO) dan dengan ip 172.16.40.89 malah (Destination host unreachable).

    Selesai
    Label: |

    0 komentar :

    Posting Komentar

    Langganan: Posting Komentar ( Atom )
    Qin Desain. Diberdayakan oleh Blogger.
    Related Posts Plugin for WordPress, Blogger...