Topologi :
ACL :
- Deny network 10.10.10.0/24 (Inteface loopback) berkomunikasi dengan
- 23.23.23.3/24 (IP Server)
- Deny host 192.168.100.2/24 berkomunikasi dengan 23.23.23.3/24 (IP Server)
- Permit host dan network lainnya.
Konfigurasi :
Pertama, setting IP Address beserta netmask di semua device yang sesuia topologi.
SaktiR1(config)#interface fa0/0
SaktiR1(configif)#no shutdown
SaktiR1(configif)#ip address 23.23.23.2 255.255.255.0
SaktiR1(configif)#exit
SaktiR1(config)#interface fa0/1
SaktiR1(configif)#no shutdown
SaktiR1(configif)#ip address 22.22.22.2 255.255.255.0
SaktiR1(configif)#exit
SaktiR1(config)#
SaktiR2(config)#interface loopback 0
SaktiR2(configif)#ip address 10.10.10.1 255.255.255.0
SaktiR2(config)#interface fa0/0
SaktiR2(configif)#no shutdown
SaktiR2(configif)#ip address 22.22.22.3 255.255.255.0
SaktiR2(configif)#exit
SaktiR2(config)#interface fa0/1
SaktiR2(configif)#no shutdown
SaktiR2(configif)#ip address 192.168.100.1 255.255.255.0
SaktiR2(configif)#exit
SaktiR2(config)#Note :
Secara default interface loopback tidak ada. Fungsi dari interface loopback ini adalah sama seperti logical interface. Dapat digunakan ketika ada keterbatasan resources LAN saat ngelab. Berbeda dengan interface biasa, secara otomatis interface ini akan up tanpa kita. ketikkan command no shutdown.
Setting routing tipe OSPF agar antar network dapat terhubung
SaktiR1(config)#router ospf 1
SaktiR1(configrouter)#network 23.23.23.0 0.0.0.255 area 0
SaktiR1(configrouter)#network 22.22.22.0 0.0.0.255 area 0
SaktiR1(configrouter)#exit
SaktiR1(config)#SaktiR2(config)#router ospf 1
SaktiR2(configrouter)#network 10.10.10.0 0.0.0.255 area 0
SaktiR2(configrouter)#network 192.168.100.0 0.0.0.255 area 0
SaktiR2(configrouter)#network 22.22.22.0 0.0.0.255 area 0
SaktiR2(configrouter)#exit
SaktiR2(config)#Selanjutnya, kita konfigurasikan Access-List di Sakti-R1. Mengapa di Sakti-R? Ingat, Konsep untuk Standard Access-List adalah close to the destination router.
SaktiR1(config)#accesslist 1 deny 10.10.10.0 0.0.0.255
SaktiR1(config)#accesslist 1 deny host 192.168.100.2
SaktiR1(config)#accesslist 1 permit any
SaktiR1(config)#Selanjutnya,kita assign ke interface yang terdekat dengan destination
SaktiR1(config)#interface fa0/0
SaktiR1(configif)#ip accessgroup 1 out
SaktiR1(configif)#exit
SaktiR1(config)#Bisa dilihat konfigurasi access-list nya :
SaktiR1#show accesslists
Standard IP access list 1
10 deny 10.10.10.0 0.0.0.255
20 deny host 192.168.100.2
30 permit any
SaktiR1#Bisa dilihat pula di :
SaktiR1#show ip interface fa0/0
FastEthernet0/0 is up, line protocol is up (connected)
Internet address is 23.23.23.2/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 1
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP Fast switching turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
Router Discovery is disabled
More
SaktiR1#Sakti-PC1. Hasilnya :
Packet Tracer PC Command Line 1.0
C:>ping 23.23.23.3
Pinging 23.23.23.3 with 32 bytes of data:
Reply from 22.22.22.2: Destination host unreachable.
Reply from 22.22.22.2: Destination host unreachable.
Reply from 22.22.22.2: Destination host unreachable.
Reply from 22.22.22.2: Destination host unreachable.
Ping statistics for 23.23.23.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:>Cek dengan PC lain.Misal dengan Sakti-PC2 yang mempunyai IP Address 192.168.100.3/24
Packet Tracer PC Command Line 1.0
C:>ping 23.23.23.3
Pinging 23.23.23.3 with 32 bytes of data:
Request timed out.
Reply from 23.23.23.3: bytes=32 time=31ms TTL=126
Reply from 23.23.23.3: bytes=32 time=28ms TTL=126
Reply from 23.23.23.3: bytes=32 time=26ms TTL=126
Ping statistics for 23.23.23.3:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milliseconds:
Minimum = 26ms, Maximum = 31ms, Average = 28ms
C:>Untuk testing dari interface loopback bisa dengan :
SaktiR2#ping
Protocol [ip]: ip
Target IP address: 23.23.23.3
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.10.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100byte ICMP Echos to 23.23.23.3, timeout is 2
seconds:
Packet sent with a source address of 10.10.10.1
UUUUU
Success rate is 0 percent (0/5)
SaktiR2#
إرسال تعليق