Latihan - Access List

Soal :
Diketahui sebagai berikut  (gambar) :

Dengan acuan gambar diatas, berikut pertanyaannya :
1. Allow only traffic from source 172.16.0.0 to be forwarded out on E0 & E1. Non-172.16.0.0 network traffic is blocked.
2. Blocked traffic from 172.16.4.13 and to allow all other traffic to be forward on traffic E0.
3. Block traffc from subnet 172.16.4.0 and to allow all other traffic to be forwarded out E0.
4. Denny FTP traffic from subnet 172.16.4.0 to subnet 172.16.3.0 permit statement allows all other "IP traffic out interface E0".
5. Denies telnet traffic from 172.16.4.0 being sent out interface E0. All other traffic from any other traffic from any other source to any destination is permited out E0.

Jawab :

No 1:

Router (config)#access_list 1 permit 172.16.0.0  0.0.0.0
Router (config)#access_list 1 deny 0.0.0.0  255.255.255.255

Router (config)#interface ethernet 0Router (config)# IP access-group 1 outRouter (config)# Interface ethernet 1Router (config)# IP access-group 1 out

No 2:
Router (config)#access_list 1 deny 172.16.4.13  0.0.0.0
Router (config)#access_list 1 permit 0.0.0.0  255.255.255.255

Router (config)#interface ethernet 0Router (config)# IP access-group 1 in

No 3:
Router (config)#access_list 1 deny 172.16.4.0  0.0.0.0
Router (config)#access_list 1 deny 0.0.0.0  255.255.255.255

Router (config)#interface ethernet 0Router (config)# IP access-group 1 out

No 4:
Router (config)#access_list 101 deny tcp 172.16.4.0  0.0.0.255  172.16.3.0  0.0.0.255 eq 21
Router (config)#access_list 101 deny tcp 172.16.4.0  0.0.0.255  172.16.3.0  0.0.0.255 eq 20
Router (config)#access_list 101 permit ip any any
Router (config)#interface ethernet 0
Router (config)#ip_access group 101 out

No 5:
Router (config)#access_list 101 deny tcp 172.16.4.0  0.0.0.255 eq 23
Router (config)#access_list 101 permit ip any any

Router (config)#interface ethernet 0
Router (config)#ip_access group 101 out

Keterangan :

•  FTP : eq 21 (controlnya) dan eq 20 (datanya)
• Telnet : eq 23