networking:cisco:extd-acl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
networking:cisco:extd-acl [2026/02/04 23:24] – [Some acction] ilyasanetworking:cisco:extd-acl [2026/02/04 23:38] (current) – [Testing] ilyasa
Line 68: Line 68:
  
 ===== Topologi ===== ===== Topologi =====
-Gambar topology +{{ :networking:cisco:cisco_extendedacl_rev.png?nolink |}} 
-Goals Topology +Tujuan:  
-===== Konfigurasi ===== +  - Block akses http pada LAN ke Server  
-  * **Step : Pembuatan VLANs** +  Block akses ssh pada LAN 2 ke Server-C
-<code> +
-Switch(config)#vlan 10 +
-Switch(config-vlan)#name BIRU +
-Switch(config-vlan)#exit+
  
-Switch(config)#vlan 20 +<hidden Preconfig> 
-Switch(config-vlan)#name MAGENTA +* **R1: Preconfig** 
-Switch(config-vlan)#exit+<code js> 
 +hostname R1 
 +
 +ip dhcp excluded-address 192.168.1.1  
 +ip dhcp excluded-address 192.168.2.1 
 +
 +ip dhcp pool LAN1 
 +   network 192.168.1.0 255.255.255.0 
 +   default-router 192.168.1.1 
 +
 +ip dhcp pool LAN2 
 +   network 192.168.2.0 255.255.255.0 
 +   default-router 192.168.2.1 
 +
 +interface FastEthernet0/
 + ip address 172.16.1.1 255.255.255.252 
 + no shutdown 
 +
 +interface FastEthernet0/
 + ip address 192.168.1.1 255.255.255.0 
 + no shutdown 
 +
 +interface FastEthernet1/
 + ip address 192.168.2.1 255.255.255.0 
 + no shutdown 
 +
 +router ospf 1 
 + network 172.16.1.0 0.0.0.3 area 0 
 + network 192.168.1.0 0.0.0.255 area 0 
 + network 192.168.2.0 0.0.0.255 area 0 
 +!
 </code> </code>
-  * **Step 2 : Assign VLANs ke Ports** 
-<code> 
-Switch(config)#interface f0/1 
-Switch(config-if)#switchport mode access  
-Switch(config-if)#switchport access vlan 10 
-Switch(config-if)#exit 
  
-Switch(config)#interface f0/2 +* **R2: Preconfig** 
-Switch(config-if)#switchport mode access  +<code js> 
-Switch(config-if)#switchport access vlan 10 +hostname R2 
-Switch(config-if)#exit+
 +ip dhcp pool SERVER 
 +   network 10.10.10.0 255.255.255.0 
 +   default-router 10.10.10.1 
 +
 +interface FastEthernet0/
 + ip address 172.16.1.255.255.255.252 
 + no shutdown 
 +
 +interface FastEthernet0/
 + ip address 10.10.10.1 255.255.255.0 
 + no shutdown 
 +
 +router ospf 1 
 + network 10.10.10.0 0.0.0.255 area 0 
 + network 172.16.1.0 0.0.0.3 area 0
 </code> </code>
 +</hidden>
 +===== Konfigurasi =====
 +<WRAP center round info 90%>
 +Apabilsa standar ACL umumnya ditempatkan paling dekat dengan tujuan. Extended ACL lebih baik ditempatkan paling dekat dengan sumber.
 +</WRAP>
  
 +==== Membuat extended ACL rules ====
 +=== block https access dari lan1 ===
 +  * Membuat access control liss
 +<code js>
 +R1(config)#ip access-list extended Block-HTTP
 +R1(config-ext-nacl)#$192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80
 +R1(config-ext-nacl)#  permit ip any any
 +</code>
 +  * terapkan pada interface
 +<code js>
 +R1(config)#interface fa0/1
 +R1(config-if)# ip access-group Block-HTTP in
 +</code>
 +=== block ssh access dari lan2 ===
 +  * Membuat access control list
 +<code js>
 +R1(config)#ip access-list extended Block-SSH
 +R1(config-ext-nacl)#$192.168.2.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 22
 +R1(config-ext-nacl)#  permit ip any any
 +</code>
 +  * terapkan pada interface
 +<code js>
 +R1(config)#interface fa1/0
 +R1(config-if)# ip access-group Block-SSH in
 +</code>
 ===== Testing ===== ===== Testing =====
 +  * **LAN1 Mencoba akses http❌, dan ssh✅**
 +{{ :networking:cisco:cisco_extendedacl_test02.png?nolink&400 |}}
 +  * **LAN2 Mencoba akses http✅, dan ssh❌**
 +{{ :networking:cisco:cisco_extendedacl_test01.png?nolink&400 |}}
 +
  • networking/cisco/extd-acl.1770222263.txt.gz
  • Last modified: 2026/02/04 23:24
  • by ilyasa