Senin, 01 Juli 2013

Konfigurasi ACL pada Router




Konfigurasi pada Router 0 (Edmonton):
Router>en
Router#conf t
Router(config)#hostname Edmonton
Edmonton(config)#int fa0/0
Edmonton(config-if)#ip add 172.16.10.1 255.255.255.0
Edmonton(config-if)#no shut
Edmonton(config-if)#exit
Edmonton(config)#int fa1/0
Edmonton(config-if)#ip add 172.16.20.1 255.255.255.0
Edmonton(config-if)#no shut
Edmonton(config-if)#exit
Edmonton(config)#int ser2/0
Edmonton(config-if)#ip add 172.16.30.1 255.255.255.252
Edmonton(config-if)#clock rate 64000
Edmonton(config-if)#no shut
Edmonton(config-if)#exit
Edmonton(config)#router ospf 1
Edmonton(config-router)#network 172.16.10.0 0.0.0.255 area 0
Edmonton(config-router)#network 172.16.20.0 0.0.0.255 area 0
Edmonton(config-router)#network 172.16.30.0 0.0.0.3 area 0



Konfigurasi pada Router1( Red Deer) :
Router>en
Router#conf t
Router(config)#hostname RedDeer
RedDeer(config)#int fa0/0
RedDeer(config-if)#ip add 172.16.40.1 255.255.255.0
RedDeer(config-if)#no shut
RedDeer(config-if)#exit
RedDeer(config)#int fa1/0
RedDeer(config-if)#ip add 172.16.50.1 255.255.255.0
RedDeer(config-if)#no shut
RedDeer(config-if)#exit
RedDeer(config)#int ser2/0
RedDeer(config-if)#ip add 172.16.30.2 255.255.255.252
RedDeer(config-if)#no shut
RedDeer(config-if)#exit
RedDeer(config)#int ser3/0
RedDeer(config-if)#ip add 172.16.60.1 255.255.255.252
RedDeer(config-if)#clock rate 64000
RedDeer(config-if)#no shut
RedDeer(config-if)#exit
RedDeer(config)#router ospf 1
RedDeer(config-router)#network 172.16.30.0 0.0.0.3 area 0
RedDeer(config-router)#network 172.16.40.0 0.0.0.255 area 0
RedDeer(config-router)#network 172.16.50.0 0.0.0.255 area 0
RedDeer(config-router)#network 172.16.60.0 0.0.0.3 area 0

Konfigurasi pada Router2 ( Calgary):
Router>en
Router#conf t
Router(config)#hostname Calgary
Calgary(config)#int fa0/0
Calgary(config-if)#ip add 172.16.70.1 255.255.255.0
Calgary(config-if)#no shut
Calgary(config-if)#exit
Calgary(config)#int fa1/0
Calgary(config-if)#ip add 172.16.80.1 255.255.255.0
Calgary(config-if)#no shut
Calgary(config-if)#exit
Calgary(config)#int ser3/0
Calgary(config-if)#ip add 172.16.60.2 255.255.255.252
Calgary(config-if)#no shut
Calgary(config-if)#exit
Calgary(config)#router ospf 1
Calgary(config-router)#network 172.16.60.0 0.0.0.3 area 0
Calgary(config-router)#network 172.16.70.0 0.0.0.255 area 0
Calgary(config-router)#network 172.16.80.0 0.0.0.255 area 0


Setting pada PC dan Server :
PC dan Server
IP Address
Subnet Mask
Default Gateway
PC0
172.16.10.5
255.255.255.0
172.16.10.1
PC1
172.16.40.89
255.255.255.0
172.16.40.1
PC2
172.16.70.5
255.255.255.0
172.16.70.1
PC3
172.16.20.163
255.255.255.0
172.16.20.1
PC4
172.16.50.75
255.255.255.0
172.16.50.1
PC5
172.16.50.7
255.255.255.0
172.16.50.1
PC6
172.16.80.16
255.255.255.0
172.16.80.1
Server
172.16.70.2
255.255.255.0
172.16.70.1


Perintah ACL pada RedDeer:
RedDeer(config)#access-list 10 deny 172.16.10.0 0.0.0.255
RedDeer(config)#access-list 10 permit any
RedDeer(config)#int fa0/0
RedDeer(config-if)#ip access-group 10 out

Perintah ACL pada Edmonton:
Edmonton(config)#access-list 115 deny ip host 172.16.10.5 host 172.16.50.7
Edmonton(config)#access-list 115 permit ip any any
Edmonton(config)#int fa0/0
Edmonton(config-if)#ip access-group 115 in

Sehingga host 172.16.10.5 tidak akan dapat mengakses host  172.16.40.89 dan 172.16.50.7


Perintah telnet pada router RedDeer :
RedDeer(config)#access-list 20 permit host 172.16.10.5
RedDeer(config)#line vty 0 4
RedDeer(config-line)#access-class 20 in

Hanya host 172.16.10.5 yang dapat melakukan telnet ke router RedDeer.


Sedangkan hasil telnet host lain:


Konfigurasi Static Router dan Troubleshooting





Konfigurasi pada Router0 :
Router>en
Router#conf t
Router(config)#int fa 0/0
Router(config-if)#ip add 172.16.3.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int s2/0
Router(config-if)#ip add 172.16.2.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config)#exit
Router(config)#ip route 172.16.1.0 255.255.255.0 s2/0
Router(config)#ip route 192.168.0.0 255.255.252.0 s2/0
Router(config)#exit


Konfigurasi pada Router1 :
Router>en
Router#conf t
Router(config)#int fa 0/0
Router(config-if)#ip add 172.16.1.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int s2/0
Router(config-if)#ip add 172.16.2.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int s3/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#ip route 172.16.3.0 255.255.255.0 s2/0
Router(config)#ip route 192.168.2.0 255.255.255.0 s3/0


Konfigurasi pada Router2:
Router>en
Router#conf t
Router(config)#int fa 0/0
Router(config-if)#ip add 192.168.2.1 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int s2/0
Router(config-if)#ip add 192.168.1.2 255.255.255.0
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#ip route 172.16.0.0 255.255.252.0 s2/0

Setting pada PC:
PC
IP Address
Subnet Mask
Default Gateway
PC0
172.16.3.5
255.255.255.0
172.16.3.1
PC1
172.16.1.4
255.255.255.0
172.16.1.1
PC2
192.168.2.3
255.255.255.0
192.168.2.1


Troubleshooting Router0:
1.       Router#ping 192.168.2.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 14/15/16 ms

2.       Router#traceroute 172.16.1.4
Type escape sequence to abort.
Tracing the route to 172.16.1.4
  1   172.16.2.2      3 msec    5 msec    2 msec   
  2   172.16.1.4      7 msec    10 msec   5 msec   

3.       Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is not set
     172.16.0.0/24 is subnetted, 3 subnets
S       172.16.1.0 is directly connected, Serial2/0
C       172.16.2.0 is directly connected, Serial2/0
C       172.16.3.0 is directly connected, FastEthernet0/0
S    192.168.0.0/22 is directly connected, Serial2/0
4.       Router#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        172.16.3.1      YES manual up                    up

FastEthernet1/0        unassigned      YES unset  administratively down down

Serial2/0              172.16.2.1      YES manual up                    up

Serial3/0              unassigned      YES unset  administratively down down

FastEthernet4/0        unassigned      YES unset  administratively down down

FastEthernet5/0        unassigned      YES unset  administratively down down
           
5.       Router#sh cdp neighbors detail

Device ID: Switch
Entry address(es):
Platform: cisco PT3000, Capabilities: Switch
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime: 153

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 17:19 by pt_team

advertisement version: 2
Duplex: full
---------------------------

Device ID: Router
Entry address(es):
  IP address : 172.16.2.2
Platform: cisco PT1000, Capabilities: Router
Interface: Serial2/0, Port ID (outgoing port): Serial2/0
Holdtime: 162

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

advertisement version: 2
Duplex: full


Troubleshooting Router1 :
1.       Router#ping 172.16.3.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/12/16 ms

2.       Router#traceroute 192.168.2.3
Type escape sequence to abort.
Tracing the route to 192.168.2.3
  1   192.168.1.2     4 msec    3 msec    5 msec   
  2   192.168.2.3     13 msec   13 msec   11 msec  

3.       Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 3 subnets
C       172.16.1.0 is directly connected, FastEthernet0/0
C       172.16.2.0 is directly connected, Serial2/0
S       172.16.3.0 is directly connected, Serial2/0
C    192.168.1.0/24 is directly connected, Serial3/0
S    192.168.2.0/24 is directly connected, Serial3/0

4.       Router#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        172.16.1.1      YES manual up                    up

FastEthernet1/0        unassigned      YES unset  administratively down down

Serial2/0              172.16.2.2      YES manual up                    up

Serial3/0              192.168.1.1     YES manual up                    up

FastEthernet4/0        unassigned      YES unset  administratively down down

FastEthernet5/0        unassigned      YES unset  administratively down down
5.       Router#sh cdp neighbors detail

Device ID: Switch
Entry address(es):
Platform: cisco PT3000, Capabilities: Switch
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime: 143

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 17:19 by pt_team

advertisement version: 2
Duplex: full
---------------------------

Device ID: Router
Entry address(es):
  IP address : 192.168.1.2
Platform: cisco PT1000, Capabilities: Router
Interface: Serial3/0, Port ID (outgoing port): Serial2/0
Holdtime: 150

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

advertisement version: 2
Duplex: full
---------------------------

Device ID: Router
Entry address(es):
  IP address : 172.16.2.1
Platform: cisco PT1000, Capabilities: Router
Interface: Serial2/0, Port ID (outgoing port): Serial2/0
Holdtime: 143

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

advertisement version: 2
Duplex: full
Troubleshooting Router2:
1.       Router#ping 172.16.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/10/13 ms

2.       Router#traceroute 172.16.3.5
Type escape sequence to abort.
Tracing the route to 172.16.3.5
  1   192.168.1.1     7 msec    4 msec    5 msec   
  2   172.16.2.1      7 msec    10 msec   8 msec   
  3   172.16.3.5      13 msec   15 msec   16 msec  

3.       Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is not set
     172.16.0.0/22 is subnetted, 1 subnets
S       172.16.0.0 is directly connected, Serial2/0
C    192.168.1.0/24 is directly connected, Serial2/0
C    192.168.2.0/24 is directly connected, FastEthernet0/0

4.       Router#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        192.168.2.1     YES manual up                    up

FastEthernet1/0        unassigned      YES unset  administratively down down

Serial2/0              192.168.1.2     YES manual up                    up

Serial3/0              unassigned      YES unset  administratively down down

FastEthernet4/0        unassigned      YES unset  administratively down down

FastEthernet5/0        unassigned      YES unset  administratively down down

5.       Router#sh cdp neighbors detail

Device ID: Switch
Entry address(es):
Platform: cisco PT3000, Capabilities: Switch
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime: 179

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 17:19 by pt_team

advertisement version: 2
Duplex: full
---------------------------

Device ID: Router
Entry address(es):
  IP address : 192.168.1.1
Platform: cisco PT1000, Capabilities: Router
Interface: Serial2/0, Port ID (outgoing port): Serial3/0
Holdtime: 128

Version :
Cisco Internetwork Operating System Software
IOS (tm) PT1000 Software (PT1000-I-M), Version 12.2(28), RELEASE SOFTWARE (fc5)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 27-Apr-04 19:01 by miwang

advertisement version: 2
Duplex: full