Scribd Logo
Upload

Welcome to Scribd!

  • EvanBenedictZaluchu 1306447360 Tutam5

    Uploaded by

    Evan Benedict
    11 views4 pages
    Praktikum

    Original Title

    EvanBenedictZaluchu_1306447360_Tutam5

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Praktikum

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views4 pages

    EvanBenedictZaluchu 1306447360 Tutam5

    Uploaded by

    Evan Benedict
    Praktikum

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    MODUL 5 NETWORK ACCESS CONTROL LIST

    TUGAS TAMBAHAN
    Evan Benedict Zaluchu 1306447360 Teknik Komputer
    1. Konfigurasi Awal Router
    a. Doraemon
    hostname Doraemon
    //mengatur hostname
    int s0/0/0
    //mengatur interface s0/0/0
    ip address 192.168.4.1 255.255.255.252
    no shutdown
    exit
    int s0/1/0
    //mengatur interface s0/1/0
    ip address 192.168.4.14 255.255.255.252
    no shutdown
    exit
    int f0/0
    //mengatur interface fa0/0
    ip address 192.168.0.1 255.255.255.0
    no shutdown
    exit
    //mengatur static routing
    ip route 192.168.1.0 255.255.255.0 192.168.4.2
    ip route 192.168.2.0 255.255.255.0 192.168.4.2
    ip route 192.168.3.0 255.255.255.0 192.168.4.13
    b. Nobita
    hostname Nobita
    //mengatur hostname
    int s0/0/0
    //mengatur interface s0/0/0
    ip address 192.168.4.5 255.255.255.252
    no shutdown
    exit
    int s0/1/0
    //mengatur interface s0/1/0
    ip address 192.168.4.2 255.255.255.252
    no shutdown
    exit
    int f0/0
    //mengatur interface fa0/0
    ip address 192.168.1.1 255.255.255.0
    no shutdown
    exit
    //mengatur static routing
    ip route 192.168.0.0 255.255.255.0 192.168.4.1
    ip route 192.168.2.0 255.255.255.0 192.168.4.6
    ip route 192.168.3.0 255.255.255.0 192.168.4.6
    c. Giant
    hostname Giant
    //mengatur hostname
    int s0/0/0
    //mengatur interface s0/0/0
    ip address 192.168.4.9 255.255.255.252
    no shutdown
    exit
    int s0/1/0
    //mengatur interface s0/1/0
    ip address 192.168.4.6 255.255.255.252
    no shutdown
    exit
    int f0/0
    //mengatur interface fa0/0

    ip address 192.168.2.1 255.255.255.0


    no shutdown
    exit
    //mengatur static routing
    ip route 192.168.0.0 255.255.255.0 192.168.4.10
    ip route 192.168.1.0 255.255.255.0 192.168.4.5
    ip route 192.168.3.0 255.255.255.0 192.168.4.10
    d. Suneo
    hostname Suneo
    //mengatur hostname
    int s0/0/0
    //mengatur interface s0/0/0
    ip address 192.168.4.13 255.255.255.252
    no shutdown
    exit
    int s0/1/0
    //mengatur interface s0/1/0
    ip address 192.168.4.10 255.255.255.252
    no shutdown
    exit
    int f0/0
    //mengatur interface fa0/0
    ip address 192.168.3.1 255.255.255.0
    no shutdown
    exit
    //mengatur static routing
    ip route 192.168.0.0 255.255.255.0 192.168.4.14
    ip route 192.168.1.0 255.255.255.0 192.168.4.14
    ip route 192.168.2.0 255.255.255.0 192.168.4.9

    2. Konfigurasi ACL
    a. Doraemon
    //memperbolehkan http
    access-list 101 permit tcp host 192.168.1.2 any eq 80
    //memperbolehkan https
    access-list 101 permit tcp host 192.168.1.2 any eq 443
    access-list 101 permit tcp host 192.168.1.2 any eq 110
    access-list 101 permit tcp host 192.168.1.2 any eq 995
    access-list 101 permit tcp host 192.168.1.2 any eq 143
    access-list 101 permit tcp host 192.168.1.2 any eq 993
    access-list 101 permit tcp host 192.168.1.2 any eq 25
    access-list 101 permit tcp host 192.168.1.2 any eq 2525
    access-list 101 permit tcp host 192.168.1.2 any eq 465
    access-list 101 permit tcp 192.168.1.0 0.0.0.255 any eq 21
    //memperbolehkan icmp nobita
    access-list 101 permit icmp 192.168.1.0 0.0.0.255 any
    //memperbolehkan icmp Giant
    access-list 101 permit icmp host 192.168.2.2 any
    //memperbolehkan icmp Suneo
    access-list 101 permit icmp host 192.168.3.2 any
    //memblokir selain protokol di atas
    access-list 101 deny ip any any
    int f0/0
    ip access-group 101 out
    exit
    exit
    copy run start
    b. Nobita
    ip access-list extended Nobis
    //memperbolehkan GiaPC mengakses HTTP & EMAIL
    permit tcp host 192.168.2.2 any eq 443
    permit tcp host 192.168.2.2 any eq 110
    permit tcp host 192.168.2.2 any eq 995
    permit tcp host 192.168.2.2 any eq 143
    permit tcp host 192.168.2.2 any eq 993
    permit tcp host 192.168.2.2 any eq 25
    permit tcp host 192.168.2.2 any eq 2525
    permit tcp host 192.168.2.2 any eq 465
    deny tcp 192.168.2.0 0.0.0.255 any eq 80
    deny tcp 192.168.2.0 0.0.0.255 any eq 443
    deny tcp 192.168.2.0 0.0.0.255 any eq 21
    deny tcp 192.168.2.0 0.0.0.255 any eq 110
    deny tcp 192.168.2.0 0.0.0.255 any eq 995
    deny tcp 192.168.2.0 0.0.0.255 any eq 143
    deny tcp 192.168.2.0 0.0.0.255 any eq 993
    deny tcp 192.168.2.0 0.0.0.255 any eq 25
    deny tcp 192.168.2.0 0.0.0.255 any eq 2525
    deny tcp 192.168.2.0 0.0.0.255 any eq 465
    //memperbolehkan seluruh traffic diluar spesifikasi di atas
    permit ip any any
    int f0/0
    ip access-group Nobis out
    exit

    exit
    copy run start
    c. Giant
    //nama ACL Gias
    ip access-list extended Gias
    //memperbolehkan ICMP dari DoraPC dan SunePC
    permit icmp host 192.168.0.2 any
    permit icmp host 192.168.3.2 any
    //memperbolehkan jaringan Nobita mengakses HTTPS & EMAIL
    permit tcp 192.168.1.0 0.0.0.255 any eq 443
    permit tcp 192.168.1.0 0.0.0.255 any eq 110
    permit tcp 192.168.1.0 0.0.0.255 any eq 995
    permit tcp 192.168.1.0 0.0.0.255 any eq 143
    permit tcp 192.168.1.0 0.0.0.255 any eq 993
    permit tcp 192.168.1.0 0.0.0.255 any eq 25
    permit tcp 192.168.1.0 0.0.0.255 any eq 2525
    permit tcp 192.168.1.0 0.0.0.255 any eq 465
    //memperbolehkan traffic jaringan Suneo mengakses Giant
    permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
    //memblokir protokol jaringan selain di atas
    deny ip any any
    int f0/0
    ip access-group Gias out
    exit
    exit
    copy run start

    d. Suneo
    //nama ACL Sunes
    ip access-list extended Sunes
    //memperbolehkan traffic jaringan Giant mengakses Suneo
    permit ip any any
    int f0/0
    ip access-group Sunes out
    exit
    exit
    copy run start

    Agar ACL dapat diimplementasikan dengan lebih baik, dapat dilakukan hal-hal seperti berikut :
    -

    Memperhatikan urutan penulisan protokol


    Memperhatikan penempatan

    Kesimpulan dari praktikum ini adalah dalam membuat access list. Dalam membuat suatu access list, kita
    harus memperhatikan tata letak urutan, penempatan, dan aturan, secara sekuensial. Pada Standard
    Access List, protokol hanya sebatas mengijinkan atau memblokir. Sedangkan pada Extended Access List,
    protokol pengijinan atau pemblokiran dapat dilakukan dengan syarat- syarat tertentu

    You might also like