Scribd Logo
Upload

Welcome to Scribd!

  • Jarkom 5

    Uploaded by

    Fardhan Zabid
    16 views5 pages
    Laporan Sementara Jarkom 2 Praktikum 5

    Original Title

    Jarkom5

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Laporan Sementara Jarkom 2 Praktikum 5

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views5 pages

    Jarkom 5

    Uploaded by

    Fardhan Zabid
    Laporan Sementara Jarkom 2 Praktikum 5

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Laporan Sementara

    Access Control List

    A. Percobaan ACL dengan Standard Access-lisst

    1. Konfigurasi IP PC Client dan PC Server

    Hasil Ping dan Traceroute PC Client ke PC Server :

    2. Setting IP di Router

    R1(config)#int fa0/0
    R1(config-if)#ip add 192.168.1.1 255.255.255.0
    R1(config-if)#no shut
    R1(config-if)#int fa0/1
    R1(config-if)#ip add 192.168.2.1 255.255.255.0
    R1(config-if)#no shut

    R1#sh ip int br
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 192.168.1.1 YES manual up up
    FastEthernet0/1 192.168.2.1 YES manual up up
    FastEthernet1/0 unassigned YES NVRAM administratively down down
    Serial2/0 unassigned YES NVRAM administratively down down
    Serial2/1 unassigned YES NVRAM administratively down down
    Serial2/2 unassigned YES NVRAM administratively down down
    Serial2/3 unassigned YES NVRAM administratively down down

    R1#sh ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    C 192.168.1.0/24 is directly connected, FastEthernet0/0


    C 192.168.2.0/24 is directly connected, FastEthernet0/1

    3. Tes koneksi PC

    4. Setting ACL pada Cisco Router

    R1(config)#access-list 10 deny 192.168.1.0 0.0.0.255


    R1(config)#access-list 10 permit any
    R1(config)#int fa0/1
    R1(config-if)#ip access-group 10 out

    R1#sh access-lists
    Standard IP access list 10
    10 deny 192.168.1.0, wildcard bits 0.0.0.255
    20 permit any

    R1#sh run
    Building configuration...

    Current configuration : 1384 bytes


    !
    !
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.2.1 255.255.255.0
    ip access-group 10 out
    duplex auto
    speed auto
    !
    !
    no ip http server
    no ip http secure-server
    !
    access-list 10 deny 192.168.1.0 0.0.0.255
    access-list 10 permit any
    no cdp log mismatch duplex
    !

    5. Tes PC Client ke PC Server


    B. Percobaan ACL dengan Extended Access-lisst

    1. Setting Router, hapus ACL

    R1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    R1(config)#no access-list 10
    R1(config)#int fa0/1
    R1(config-if)#no ip access-group 10 in

    2. Pada PC
    3. Setting di PC Server

    a. Buat suatu rule di router sebagai berikut :


    Tolak akses telnet, ftp dan ping dari PC Client.
    Ijinkan akses web dan ssh dari PC Client.

    R1(config)#access-list 110 deny tcp host 192.168.1.2 host 192.168.2.2 eq 23


    R1(config)#access-list 110 deny tcp host 192.168.1.2 host 192.168.2.2 eq 21
    R1(config)#access-list 110 deny icmp host 192.168.1.2 host 192.168.2.2
    R1(config)#access-list 110 permit ip any any

    b. Terapkan acl tersebut pada interface yang dekat dengan source yang paketnya ditolak

    R1(config)#int fa0/0
    R1(config-if)#ip access-group 110 in
    R1(config-if)#ex
    c. Lihat konfigurasi.

    R1#sh access-lists
    Extended IP access list 110
    10 deny tcp host 192.168.1.2 host 192.168.2.2 eq telnet
    20 deny tcp host 192.168.1.2 host 192.168.2.2 eq ftp
    30 deny icmp host 192.168.1.2 host 192.168.2.2
    40 permit ip any any
    R1#sh ip int br
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 192.168.1.1 YES manual up up
    FastEthernet0/1 192.168.2.1 YES manual up up
    FastEthernet1/0 unassigned YES unset administratively down down
    Serial2/0 unassigned YES unset administratively down down
    Serial2/1 unassigned YES unset administratively down down
    Serial2/2 unassigned YES unset administratively down down
    Serial2/3 unassigned YES unset administratively down down

    R1#sh run
    Building configuration...

    Current configuration : 1546 bytes


    !
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.0
    ip access-group 110 in
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 192.168.2.1 255.255.255.0
    duplex auto
    speed auto
    !
    !
    access-list 110 deny tcp host 192.168.1.2 host 192.168.2.2 eq telnet
    access-list 110 deny tcp host 192.168.1.2 host 192.168.2.2 eq ftp
    access-list 110 deny icmp host 192.168.1.2 host 192.168.2.2
    access-list 110 permit ip any any
    no cdp log mismatch duplex
    !

    4. Pada PC
    Tes koneksi dari PC Client ke PC Server.

    You might also like