networking:cisco:std-acl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
networking:cisco:std-acl [2026/02/04 22:40] ilyasanetworking:cisco:std-acl [2026/02/04 22:48] (current) ilyasa
Line 68: Line 68:
  
 ===== Topologi ===== ===== Topologi =====
-Gambar topology +{{ :networking:cisco:cisco_standardacl.png?nolink |}} 
-Goals Topology+Tujuan:  
 +  - LAN 1 Dilarang mengakses Server-B  
 +  - LAN 2 Dilarang mengakses Server-C 
 + 
 +<hidden preconfig> 
 +* **R1 : Preconfig** 
 +<code js> 
 +hostname R1 
 +
 +ip dhcp excluded-address 192.168.1.1  
 +ip dhcp excluded-address 192.168.2.1 
 +
 +ip dhcp pool LAN1 
 +   network 192.168.1.0 255.255.255.0 
 +   default-router 192.168.1.1 
 +
 +ip dhcp pool LAN2 
 +   network 192.168.2.0 255.255.255.0 
 +   default-router 192.168.2.1 
 +interface FastEthernet0/
 + ip address 192.168.1.1 255.255.255.0 
 + no shutdown 
 +
 +interface FastEthernet0/
 + ip address 192.168.2.1 255.255.255.0 
 + no shutdown 
 +
 +interface FastEthernet1/
 + ip address 172.16.1.1 255.255.255.25 
 + no shutdown 
 +
 +router ospf 1 
 + network 172.16.1.0 0.0.0.3 area 0 
 + network 192.168.1.0 0.0.0.255 area 0 
 + network 192.168.2.0 0.0.0.255 area 0 
 +
 +</code> 
 + 
 +* **R2 : Preconfig** 
 + 
 +<code js> 
 +hostname R2 
 +
 +interface FastEthernet0/
 + ip address 10.0.1.1 255.255.255.0 
 + no shutdown 
 +
 +interface FastEthernet0/
 + ip address 10.0.2.1 255.255.255.0 
 + no shutdown 
 +
 +interface FastEthernet1/
 + ip address 172.16.1.2 255.255.255.252 
 + no shutdown 
 +
 +router ospf 1 
 + network 10.0.1.0 0.0.0.255 area 0 
 + network 10.0.2.0 0.0.0.255 area 0 
 + network 172.16.1.0 0.0.0.3 area 0 
 +</code> 
 +</hidden> 
 ===== Konfigurasi ===== ===== Konfigurasi =====
-  * **Step 1 : Pembuatan VLANs** +<WRAP center round tip 90%
-<code+Standar ACL umumnya jika tidak selalu ditempatkan paling dekat dengan tujuan. Sedangkan Extended ACL ditempatkan paling dekat dengan sumber. 
-Switch(config)#vlan 10 +</WRAP>
-Switch(config-vlan)#name BIRU +
-Switch(config-vlan)#exit+
  
-Switch(config)#vlan 20 +==== Blocking LAN1 untuk berkomunikasi dengan Server B ==== 
-Switch(config-vlan)#name MAGENTA + 
-Switch(config-vlan)#exit+  * Router terdekat dengan tujuan addlah R2, mari kita buat rulesnya 
 + 
 +<code js> 
 +R2(config)#access-list 10 deny 192.168.1.0 0.0.0.255 
 +R2(config)#access-list 10 permit any
 </code> </code>
-  * **Step 2 : Assign VLANs ke Ports** 
-<code> 
-Switch(config)#interface f0/1 
-Switch(config-if)#switchport mode access  
-Switch(config-if)#switchport access vlan 10 
-Switch(config-if)#exit 
  
-Switch(config)#interface f0/2 +  * Terapkan pada interface menuju server B Fa0/1 
-Switch(config-if)#switchport mode access  + 
-Switch(config-if)#switchport access vlan 10 +<code js> 
-Switch(config-if)#exit+R2(config)#interface f0/1 
 +R2(config-if)#ip access-group 10 out 
 +R2(config-if)#exit 
 +</code> 
 + 
 +==== Blocking LAN2 untuk berkomunikasi dengan Server A ==== 
 + 
 +<code js> 
 +R2(config)#access-list 20 deny 192.168.2.0 0.0.0.255 
 +R2(config)#access-list 20 permit any 
 +</code> 
 + 
 +  * Terapkan pada interface menuju server A Fa1/1 
 + 
 +<code js> 
 +R2(config)#interface fa0/0 
 +R2(config-if)#ip access-group 20 out 
 +R2(config-if)#exit
 </code> </code>
  
 ===== Testing ===== ===== Testing =====
 +
 +* **Tets ping LAN1 ke Server A & B**
 +<code js>
 +PC-A1> show ip
 +
 +NAME        : PC-A1[1]
 +IP/MASK     : 192.168.1.2/24
 +GATEWAY     : 192.168.1.1
 +DNS         :
 +MAC         : 00:50:79:66:68:2c
 +LPORT       : 20000
 +RHOST:PORT  : 127.0.0.1:30000
 +MTU         : 1500
 +
 +PC-A1> ping 10.0.1.2
 +
 +84 bytes from 10.0.1.2 icmp_seq=1 ttl=62 time=95.125 ms
 +84 bytes from 10.0.1.2 icmp_seq=2 ttl=62 time=65.038 ms
 +84 bytes from 10.0.1.2 icmp_seq=3 ttl=62 time=60.712 ms
 +84 bytes from 10.0.1.2 icmp_seq=4 ttl=62 time=63.358 ms
 +84 bytes from 10.0.1.2 icmp_seq=5 ttl=62 time=50.142 ms
 +
 +PC-A1> ping 10.0.2.2
 +
 +*172.16.1.2 icmp_seq=1 ttl=254 time=45.899 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=2 ttl=254 time=32.774 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=3 ttl=254 time=45.168 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=4 ttl=254 time=34.268 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=5 ttl=254 time=42.260 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +</code>
 +
 +* **Tets ping LAN2 ke Server A & B**
 +
 +<code js>
 +PC-B1> show ip
 +
 +NAME        : PC-B1[1]
 +IP/MASK     : 192.168.2.2/24
 +GATEWAY     : 192.168.2.1
 +DNS         :
 +DHCP SERVER : 192.168.2.1
 +DHCP LEASE  : 67259, 86400/43200/75600
 +MAC         : 00:50:79:66:68:2d
 +LPORT       : 20000
 +RHOST:PORT  : 127.0.0.1:30000
 +MTU         : 1500
 +
 +PC-B1> ping 10.0.1.2
 +
 +*172.16.1.2 icmp_seq=1 ttl=254 time=46.086 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=2 ttl=254 time=47.608 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=3 ttl=254 time=47.629 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=4 ttl=254 time=46.073 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +*172.16.1.2 icmp_seq=5 ttl=254 time=46.126 ms (ICMP type:3, code:13, Communication administratively prohibited)
 +
 +PC-B1> ping 10.0.2.2
 +
 +84 bytes from 10.0.2.2 icmp_seq=1 ttl=62 time=83.063 ms
 +84 bytes from 10.0.2.2 icmp_seq=2 ttl=62 time=67.256 ms
 +84 bytes from 10.0.2.2 icmp_seq=3 ttl=62 time=61.611 ms
 +84 bytes from 10.0.2.2 icmp_seq=4 ttl=62 time=61.236 ms
 +84 bytes from 10.0.2.2 icmp_seq=5 ttl=62 time=62.238 ms
 +</code>
  • networking/cisco/std-acl.1770219615.txt.gz
  • Last modified: 2026/02/04 22:40
  • by ilyasa