Rabu, 03 Juli 2013

Access Control Lists


halo semua posting kali ini kita akan belajar Access Control Lists ,perhatikan baik" ya..............


1.     Atur semua router’a;
Router 0
Router >en
Router #conf t
Router (config) #int fa 1/0
Router (config-if) # ip add 172.16.20.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int fa 0/0
Router (config-if) # ip add 172.16.10.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int se 2/0
Router (config-if) # ip add 172.16.30.1 255.255.255.0
Router (config-if) # clock rate 64000
Router (config-if) # no sh
Router (config-if) # z^
Router # wr mem



Router 1
Router >en
Router #conf t
Router (config) #int fa 1/0
Router (config-if) # ip add 172.16.50.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int fa 0/0
Router (config-if) # ip add 172.16.40.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int se 2/0
Router (config-if) # ip add 172.16.30.2 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int se 3/0
Router (config-if) # ip add 172.16.60.1 255.255.255.0
Router (config-if) # clock rate 64000
Router (config-if) # no sh
Router (config-if) # z^
Router # wr mem


Router 2
Router >en
Router #conf t
Router (config) #int fa 1/0
Router (config-if) # ip add 172.16.80.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int fa 0/0
Router (config-if) # ip add 172.16.70.1 255.255.255.0
Router (config-if) # no sh
Router (config-if) # exit

Router (config) # int se 3/0
Router (config-if) # ip add 172.16.60.2 255.255.255.0
Router (config-if) # no sh
Router (config-if) # z^
Router # wr mem

2.    Configurasi  semua router agar bisa saling terhubung menggunakan OSPF

Router 0

Router # sh ip route
172.16.0.0/24 is subnetted, 8 subnets
C       172.16.10.0 is directly connected, FastEthernet0/0
C       172.16.20.0 is directly connected, FastEthernet1/0
C       172.16.30.0 is directly connected, Serial2/0
Router #conf t
Router (config) #router ospf 70
Router(config-router)#net 172.16.10.0 0.0.0.255 area 0
Router(config-router)#net 172.16.20.0 0.0.0.255 area 0
Router(config-router)#net 172.16.30.0 0.0.0.255 area 0
Router(config-router)# z^
Router # wr mem

Router 1

Router # sh ip route
172.16.0.0/24 is subnetted, 8 subnets
C       172.16.30.0 is directly connected, Serial2/0
C       172.16.40.0 is directly connected, FastEthernet0/0
C       172.16.50.0 is directly connected, FastEthernet1/0
C       172.16.60.0 is directly connected, Serial3/0
Router #conf t
Router (config) #router ospf 70
Router(config-router)#net 172.16.30.0 0.0.0.255 area 0
Router(config-router)#net 172.16.40.0 0.0.0.255 area 0
Router(config-router)#net 172.16.50.0 0.0.0.255 area 0
Router(config-router)#net 172.16.60.0 0.0.0.255 area 0
Router(config-router)# z^
Router # wr mem

Router 2

Router # sh ip route
172.16.0.0/24 is subnetted, 8 subnets
C       172.16.60.0 is directly connected, Serial3/0
C       172.16.70.0 is directly connected, FastEthernet0/0
C       172.16.80.0 is directly connected, FastEthernet1/0
Router #conf t
Router (config) #router ospf 70
Router(config-router)#net 172.16.60.0 0.0.0.255 area 0
Router(config-router)#net 172.16.70.0 0.0.0.255 area 0
Router(config-router)#net 172.16.80.0 0.0.0.255 area 0
Router(config-router)# z^
Router # wr mem

Coba di cek dengan mengirim pesan dari salah satu pc ke pc lain dengan router yang berbeda …………….pasti berhasil…………….jika tidak ……………berarti anda belum beruntung ,,,,,,,,,,salalulah berusaha jangan menyerah pasti berhasil….

Selanjutnya



3.   Setting IP Address
LAN 10.1

Ip Address          172.16.10.5
Subnet mask      255.255.255.0
Defaul gateway                172.16.10.1
LAN 50.1

Ip Address          172.16.50.7
Subnet mask      255.255.255.0
Defaul gateway               172.16.50.1
LAN 20.1

Ip Address          172.16.20.163
Subnet mask      255.255.255.0
Defaul gateway                172.16.20.1
LAN 70.1

Ip Address          172.16.70.5
Subnet mask      255.255.255.0
Defaul gateway                172.16.70.1
LAN 40.1

Ip Address          172.16.40.89
Subnet mask      255.255.255.0
Defaul gateway                172.16.40.1
LAN 70.1

Ip Address          172.16.70.2
Subnet mask      255.255.255.0
Defaul gateway                172.16.70.1
LAN 50.1

Ip Address          172.16.50.75
Subnet mask      255.255.255.0
Defaul gateway                172.16.50.1
LAN 80.1

Ip Address          172.16.80.16
Subnet mask      255.255.255.0
Defaul gateway                172.16.80.1

4.   Terapkan ACL

*      ACL Standart di R1,karena ip 172.16.10.0 tidak di ijinkan untuk terhubung dengan    
net 172.16.40.0
Router#conf t
Router (config)#access-list 10 deny 172.16.10.0 0.0.0.255
Router (config)#access-list 10 permit any
Router (config)#int fa0/0
Router (config-if)#ip access-group 10 out
Router (config-if)#


*      ACL Extended di R0, karena host 172.16.10.5 menolak untuk conecsi dengan host 172.16.50.7
Router#conf t
Router (config)#access-list 115 deny ip host 172.16.10.5 host 172.16.50.7
Router (config)#access-list 115 permit ip any any
Router (config)#int fa0/0
Router (config-if)#ip access-group 115 in
Router (config-if)#
*      ACL Standart di R2
Router#conf t
Router (config)#access-list 20 permit host 172.16.10.5
Router (config)#line vty 0 4
Router (config-line)#access-class 20 in
Router (config-line)#
Uji koneksi dengan ping
Ada masalah saat melakukan pengujian ping :
  • Pada PC yang IP address nya 172.16.40.89, tidak bisa terkoneksi dengan ip 172.16.10.0. tetapi dengan PC lain bisa terkoneksi.
  •  Pada PC yang ip address nya 172.16.10.5, bisa terkoneksi dengan PC yang lain tetapi jika melakukan pengujian dengan ip 172.16.50.7 yang terjadi adalah (RTO) dan dengan ip 172.16.40.89 malah (Destination host unreachable).
akhir selesai juga ,,,,,,,,,,,,,,,,,,,semoga bermanfaat...................