Konfigurasi
ACL
Task
1: Standard ACL utk mengeblok telnet dari luar
Router-SBY:
(config)# access-list 1 remark
***permit user dari LAN***
(config)# access-list 1 permit 10.1.1.0 0.0.0.255
(config)# line vty 0 4
(config-line)# access-class 1 in
Router-MDN:
(config)# access-list 1 remark
***permit user dari LAN***
(config)# access-list 1 permit 10.1.5.0 0.0.0.255
(config)# line vty 0 4
(config-line)# access-class 1 in
Contoh mengedit ACL di IOS 12.3
:
(config)# ip access-list standard 1
(config-std-nacl)# no 10
(config-std-nacl)# 10 permit 10.1.5.0 0.0.0.255
Menghapus konfigurasi standard
ACL:
(config)# line vty 0 4
(config-line)# no access-class 1 in
(config-line)# exit
(config)# no access-list 1
Task
2: Extended ACL utk mengeblok FTP & TFTP dari luar
Router-SBY:
(config)# access-list 100 deny udp any host 10.1.1.11 eq 69 log ATAU eq tftp
(config)# access-list 100 deny tcp any host 10.1.1.11 range 20 21 log ATAU range ftp-data ftp
(config)# access-list 100 permit ip any any log
(config)# int s0/1
(config-if)# ip access-group 100 in
# sh access-list
# sh ip int s0/1
Menghapus konfigurasi extended
ACL:
(config)# int f0/0
(config-if)# no ip access-group 100 out
(config-if)# int s0/1
(config-if)# no ip access-group 100 in
(config-if)# exit
(config)#
no access-list 100
1 Comment for "Konfigurasi ACL"