Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| networking:cisco:extd-acl [2026/02/04 23:28] – [Topologi] ilyasa | networking:cisco:extd-acl [2026/02/04 23:38] (current) – [Testing] ilyasa | ||
|---|---|---|---|
| Line 130: | Line 130: | ||
| </ | </ | ||
| ===== Konfigurasi ===== | ===== Konfigurasi ===== | ||
| - | * **Step 1 : Pembuatan VLANs** | + | <WRAP center round info 90%> |
| - | <code> | + | Apabilsa standar ACL umumnya ditempatkan paling dekat dengan tujuan. Extended ACL lebih baik ditempatkan paling dekat dengan sumber. |
| - | Switch(config)# | + | </ |
| - | Switch(config-vlan)# | + | |
| - | Switch(config-vlan)# | + | |
| - | Switch(config)#vlan 20 | + | ==== Membuat extended ACL rules ==== |
| - | Switch(config-vlan)#name MAGENTA | + | === block https access dari lan1 === |
| - | Switch(config-vlan)#exit | + | * Membuat access control liss |
| + | <code js> | ||
| + | R1(config)#ip access-list extended Block-HTTP | ||
| + | R1(config-ext-nacl)#$192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 80 | ||
| + | R1(config-ext-nacl)# | ||
| </ | </ | ||
| - | * **Step 2 : Assign VLANs ke Ports** | + | * terapkan pada interface |
| - | < | + | < |
| - | Switch(config)# | + | R1(config)# |
| - | Switch(config-if)# | + | R1(config-if)# |
| - | Switch(config-if)#switchport | + | </ |
| - | Switch(config-if)#exit | + | === block ssh access dari lan2 === |
| - | + | * Membuat access control list | |
| - | Switch(config)#interface f0/2 | + | <code js> |
| - | Switch(config-if)#switchport mode access | + | R1(config)#ip access-list extended Block-SSH |
| - | Switch(config-if)# | + | R1(config-ext-nacl)#$192.168.2.0 0.0.0.255 10.10.10.0 0.0.0.255 eq 22 |
| - | Switch(config-if)#exit | + | R1(config-ext-nacl)# |
| + | </code> | ||
| + | * terapkan pada interface | ||
| + | <code js> | ||
| + | R1(config)#interface fa1/0 | ||
| + | R1(config-if)# | ||
| </ | </ | ||
| - | |||
| ===== Testing ===== | ===== Testing ===== | ||
| + | * **LAN1 Mencoba akses http❌, dan ssh✅** | ||
| + | {{ : | ||
| + | * **LAN2 Mencoba akses http✅, dan ssh❌** | ||
| + | {{ : | ||
| + | |||