Latihan - Access List
Soal :
Diketahui sebagai berikut (gambar) :
Dengan acuan gambar diatas, berikut pertanyaannya :
1. Allow only traffic from source 172.16.0.0 to be forwarded out on E0 & E1. Non-172.16.0.0 network traffic is blocked.
2. Blocked traffic from 172.16.4.13 and to allow all other traffic to be forward on traffic E0.
3. Block traffc from subnet 172.16.4.0 and to allow all other traffic to be forwarded out E0.
4. Denny FTP traffic from subnet 172.16.4.0 to subnet 172.16.3.0 permit statement allows all other "IP traffic out interface E0".
5. Denies telnet traffic from 172.16.4.0 being sent out interface E0. All other traffic from any other traffic from any other source to any destination is permited out E0.
Jawab :
No 1:
Router (config)#access_list 1 permit 172.16.0.0 0.0.0.0
Router (config)#access_list 1 deny 0.0.0.0 255.255.255.255
Router (config)#access_list 1 deny 0.0.0.0 255.255.255.255
Router (config)#interface ethernet 0Router (config)# IP access-group 1 outRouter (config)# Interface ethernet 1Router (config)# IP access-group 1 out
No 2:
Router (config)#access_list 1 deny 172.16.4.13 0.0.0.0
Router (config)#access_list 1 permit 0.0.0.0 255.255.255.255
No 2:
Router (config)#access_list 1 deny 172.16.4.13 0.0.0.0
Router (config)#access_list 1 permit 0.0.0.0 255.255.255.255
Router (config)#interface ethernet 0Router (config)#
IP access-group 1 in
No 3:
Router (config)#access_list 1 deny 172.16.4.0 0.0.0.0
Router (config)#access_list 1 deny 0.0.0.0 255.255.255.255
No 3:
Router (config)#access_list 1 deny 172.16.4.0 0.0.0.0
Router (config)#access_list 1 deny 0.0.0.0 255.255.255.255
Router (config)#interface ethernet 0Router (config)#
IP access-group 1 out
No 4:
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
Router (config)#access_list 101 permit ip any any
Router (config)#interface ethernet 0
Router (config)#ip_access group 101 out
No 4:
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 20
Router (config)#access_list 101 permit ip any any
Router (config)#interface ethernet 0
Router (config)#ip_access group 101 out
No 5:
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 eq 23
Router (config)#access_list 101 permit ip any any
Router (config)#access_list 101 deny tcp 172.16.4.0 0.0.0.255 eq 23
Router (config)#access_list 101 permit ip any any
Router (config)#interface ethernet 0
Router (config)#ip_access group 101 out
Router (config)#ip_access group 101 out
Keterangan :
- FTP : eq 21 (controlnya) dan eq 20 (datanya)
- Telnet : eq 23
Tidak ada komentar:
Posting Komentar