Perlengkapan :
Satu router
Satu switch
Satu server
Tiga client
Disini kita akan membuat rule bahwa untuk client dengan nama PC 1 dan PC 3 dapat melakukan koneksi dengan server tetapi untuk client dengan nama PC 2 dilarang untuk melakukan koneksi dengan server. Dengan adanya masalah diatas dapat disolusikan dengan menggunakan access control list.
Berikut detail dari konfigurasi komputer client dan Cisco Router.
Konfigurasi PC 1
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Konfigurasi PC 2
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Konfigurasi PC 3
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.1.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Konfigurasi server
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.2.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
Konfigurasi Cisco Router
Router>
Router>enable
Router#configure terminal
Router(config)#interface ethernet0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#interface ethernet1
Router(config-if)#ip address 192.168.2.254 255.255.255.0
Router(config-if)#no shut
Router(config-if)#^Z (Ctrl+z)
Router#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Konfigurasi ACL
Router#configure terminal
Router(config)#interface fastethernet 0/0
Router(config-if)#ip access-group 1 in
Router(config-if)#exit
Router(config)#access-list 1 deny 192.168.1.3 255.255.255.0
Router(config)#access-list 1 permit any
Router(config)#exit
Router#show access-list
Standard IP access list 1
Deny 0.0.0.3 255.255.255.0 (2 match(es))
Permit any (8 match(es))
Untuk mengembalikan access seperti sebelumnya :
Router#no access-list 1
Hasil uji coba :
PC 1
Router#ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Ping statistics for 192.168.2.1: Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 60ms, Average = 55ms
PC 2
Router#ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.2.1:
Packets: Sent = 5, Received = 0, Lost = 5 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
PC 3
Router#ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Reply from 192.168.2.1: bytes=32 time=60ms TTL=241
Ping statistics for 192.168.2.1: Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 60ms, Average = 55ms
0 komentar:
Posting Komentar