Halaman

Exemplo; Permit a Specific Host and Deny all other Host

Atu hatudu exemplu hanesan atu permit host espesífiku no labele blokeia hotu host seluk, ita bele uza ACL (Access Control List) iha router.

Iha dalan ida hanesan ne'e, ami sei kria du hetan du instrusaun ida: permit ba host espesífiku, no deny boot ba sira seluk. Iha kazu ne'e, ami sei uza ACL standart, tamba ita boot presiza ona kontrola ho IP address origem deit.

Exemplu

  1. Kria ACL Standart:

     
    Router(config)# access-list 1 permit 192.168.1.10
Router(config)# access-list 1 deny any

  2. Aplika ACL ba Interface:

     
    Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip access-group 1 in

Iha exemplu ne'e, ita kria ACL ida ho ID 1. Ami permit IP address 192.168.1.10 (ne'ebé representa host espesífiku) atu hetan asesu. Depois, ita boot blokeia hotu tráfiku seluk ho instrusaun "deny any".

Finalmente, ita aplika ACL ida ba interface GigabitEthernet0/0, ho opsaun "in" hodi hatudu katak ACL sei kontrola tráfiku ne'ebé tama ba interface ne'e (entrada).

Tuir exemplu ne'e, ita hatene katak hotu host ne'ebé la'ós 192.168.1.10 sei blokeia boot liu, no deit host ho endereçu IP ne'ebé mak hetan permit boot hetan asesu.

Favor hatene katak kada rede ka topolojia boot diferente, no ita presiza adapta ACL ho kada kazu ida-idak.


Permit a Specific host and deny all ather host neé katak ita fo permisaun ba ip ka host ida i block tiha ip ka  host tomak iha Network ida nia laran,  exemplo ita sei hare tuir topology network ida tuir mai nee:

 Topology ida neé ita sei konfigura host 10.0.0.3 sei iha Permisaun asesu ba iha Network 172.16.1.0/24 maibe host sira husi Network 10.0.0.1/24 sei la iha permisaun atu asesu ba iha Network 172.16.1.0/24.

#Konfigursaun iha Router RTR001
hostname Rtr001
!
ip dhcp pool Lantai_III
network 30.0.0.0 255.255.255.0
defaul0.0.1
dns-server 172.16.1.2
!
no ip cef
no ipv6 cef
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 30.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 40.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
ip address 172.16.1.1 255.255.255.240
ip access-group TEST-II out
duplex auto
speed auto
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
!
interface Serial0/3/0
ip address 50.0.0.1 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 20.0.0.0 255.255.255.0 50.0.0.2
ip route 10.0.0.0 255.255.255.0 50.0.0.2
!
ip flow-export version 9
!
!
ip access-list standard TEST-II
permit host 10.0.0.3
deny 10.0.0.0 0.0.0.255
permit any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
=============================
#Konfigurasaun iha Rtr002
hostname Rtr002
!

ip dhcp pool Lantai_II
network 20.0.0.0 255.255.255.0
default-router 20.0.0.1
dns-server 172.16.1.2
ip dhcp pool Lantai_I
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 172.16.1.2
!

no ip cef
no ipv6 cef
!
!

spanning-tree mode pvst
!
!

interface FastEthernet0/0
ip address 20.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 50.0.0.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 30.0.0.0 255.255.255.0 50.0.0.1
ip route 40.0.0.0 255.255.255.0 50.0.0.1
ip route 172.16.1.0 255.255.255.240 50.0.0.1
!
ip flow-export version 9
!
!

line con 0
!
line aux 0
!
line vty 0 4
login
!

end

# koko test Ping husi host 10.0.0.3 ba host 172.16.1.3
  

 # koko test ping husi 10.0.0.2 ba host 172.16.1.2
   
 
# Loke web browser husi host 10.0.0.3 ba host 172.16.1.2
 
#  Loke Web browser husi host 10.0.0.2 ba host 172.16.1.2



keta haluha koko halo konfigurasaun iha network seluk iha topology neé; atu bele konpriende liu tan konaba access list nia fungsaun.

Hamutuk ita bele dezemvolve cisco iha Timor Leste.
Diposting oleh Tidak ada komentar:

Exemplo Deny tiha host ida fo permisaun ba Host Seluk (Deny a Specific Host and Permit All other Host)

Koko block tiha Host ida depois fo Permisaun ba host seluk, Exemplo iha Ip ka Host ida ne;e access barak liu ba iha Youtube, facebook ho Standard Access List ita bele block tiha para hamenus traffic, selae ema lakohi servico aproveita internet para access facebook ka youtube los deit...hehehe halimar deit keta hatene tiha Implementa fali ida nee hanesan exemplo deit.



konfigurasaun ne'ebe ita halo mak tuir mai neé;
================================
Rtr001
================================

hostname Rtr001
!
!
ip dhcp pool Lantai_III
network 30.0.0.0 255.255.255.0
default-router 30.0.0.1
dns-server 172.16.1.2
ip dhcp pool lantai_IV
network 40.0.0.0 255.255.255.0
default-router 40.0.0.1
dns-server 172.16.1.2
!
!
!
no ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 30.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 40.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
ip address 172.16.1.1 255.255.255.240
ip access-group TEST-II out
duplex auto
speed auto
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
!
interface Serial0/3/0
ip address 50.0.0.1 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 20.0.0.0 255.255.255.0 50.0.0.2
ip route 10.0.0.0 255.255.255.0 50.0.0.2
!
ip flow-export version 9
!
!
ip access-list standard TEST-II
deny host 10.0.0.3
permit any
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

===============================
Rtr002
===============================
 
 hostname Rtr002
!
ip dhcp pool Lantai_II
network 20.0.0.0 255.255.255.0
default-router 20.0.0.1
dns-server 172.16.1.2
ip dhcp pool Lantai_I
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 172.16.1.2
!
no ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 20.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 50.0.0.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 30.0.0.0 255.255.255.0 50.0.0.1
ip route 40.0.0.0 255.255.255.0 50.0.0.1
ip route 172.16.1.0 255.255.255.240 50.0.0.1
!
ip flow-export version 9
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
end
 =================================

#koko test ping husi host 10.0.0.3 ==>>>network 172.16.1.0/24
ex:ping 172.16.1.2
 
# koko loke web browser iha host 10.0.0.3
ex
 
# bele koko test ping husi host 10.0.0.2 ba 172.16.1.2
ex;
 
ping Reply neé hatudo katak ita nia Konfigurasaun neébe ita halo neé los, depois keta haluha koko loke web browser 
ex,


 

Mak neé deit materia konaba  Deny tiha host ida fo permisaun ba Host Seluk (Deny a Specific Host and Permit All other Host). bele koko deny fali iha network seluk para ita bele kompriende liu tan.

Hamutuk Dezemvolve Cisco iha Timor Leste....





 
Diposting oleh Tidak ada komentar:

Exemplo Standard Named Access List Packet Tracer (Deny a Complete Network)

ACL (Access Control List) hanesan mekanizmu ne'ebé uza atu kontrola ka limita aksesu ba trafiku iha rede. Ita bele uza ACL iha router, switch, firewall, ka dispositivu seluk hodi kontrola komunikasaun entre fonte no destinu sira iha rede.

Standard Access List (ACL) mak tipu ida hosi ACL sira ne'ebé bele uza atu limita ka permiti tráfiku baseia ba endereçu IP origem nia. Nia limitasaun boot iha ita bele determina ho baseia ba IP address origem deit, labele inklui IP address destinu, protokolu, ka porta sira. Iha ACL standart, ita bele kontrola komunikasaun baseia ba IP address origem deit.

Ha'u sei hatudu prosesu hanesan tuir mai atu kria ACL standart iha router:

  1. Kriasaun ACL Standart

    Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255

    Ida-ne'e sei kria ACL ne'ebé permiti tráfiku hosi rede ho IP address range 192.168.1.0 - 192.168.1.255.

  2. Applika ACL Standart ba Interface:

    Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip access-group 1 in

    Ida-ne'e sei aplika ACL ida ne'e ba interface GigabitEthernet0/0 hanesan hanesan in (entrada), ne'ebé signifika katak ACL sei kontrola tráfiku ne'ebé tama ba interface ne'e.

Ho ACL standart, ita bele permiti ka limita komunikasaun boot liu hosi endereçu IP origem deit. Tanba ne'e, uzu ACL standart normalmente hanesan boot tuir nesesidade simplifikadu ka kontrol limitadu ba tráfiku.



Mai ita koko Deny tiha Network ida tomak labele asesu ba Network seluk, hanesan Topology tuir mai neé ita sei block tiha Network 10.0.0.0/24 labele fo asesu ba network 172.16.1.0/28.




Tuir topology ida neé ita sei block tiha network iha Lantai I labele asesu ba Network 172.16.1.0/28 ka ba IT-Office, konfigurasaun mak hanesan tuir mai neé:


# Konfigurasaun iha Router-2
hostname Rtr001

!

!

ip dhcp pool Lantai_III

network 30.0.0.0 255.255.255.0

default-router 30.0.0.1

dns-server 172.16.1.2

ip dhcp pool lantai_IV

network 40.0.0.0 255.255.255.0

default-router 40.0.0.1

dns-server 172.16.1.2

!

no ip cef

no ipv6 cef

!

!

spanning-tree mode pvst

!

!

interface FastEthernet0/0

ip address 30.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 40.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface Ethernet0/0/0

ip address 172.16.1.1 255.255.255.240

ip access-group TEST-II out

duplex auto

speed auto

!

interface Ethernet0/1/0

no ip address

duplex auto

speed auto

!

interface Serial0/3/0

ip address 50.0.0.1 255.255.255.252

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 20.0.0.0 255.255.255.0 50.0.0.2

ip route 10.0.0.0 255.255.255.0 50.0.0.2

!

ip flow-export version 9

!

!

ip access-list standard TEST-II

deny 10.0.0.0 0.0.0.255

permit any

!

line con 0

!

line aux 0

!

line vty 0 4

login

!
end

=======================
# Konfigurasaun iha Router-1

 =======================
hostname Rtr002


!

!

ip dhcp pool Lantai_II

network 20.0.0.0 255.255.255.0

default-router 20.0.0.1

dns-server 172.16.1.2

ip dhcp pool Lantai_I

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 172.16.1.2

!

no ip cef

no ipv6 cef

!

!

!

spanning-tree mode pvst

!

!

interface FastEthernet0/0

ip address 20.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.0.0.1 255.255.255.0

duplex auto

speed auto

!

interface Ethernet0/0/0

no ip address

duplex auto

speed auto

shutdown

!

interface Ethernet0/1/0

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/3/0

ip address 50.0.0.2 255.255.255.252

clock rate 2000000

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 30.0.0.0 255.255.255.0 50.0.0.1

ip route 40.0.0.0 255.255.255.0 50.0.0.1

ip route 172.16.1.0 255.255.255.240 50.0.0.1

!

ip flow-export version 9

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

end

 ========================

# Koko test ping husi network 10.0.0.0/24 kualquer host ba network 172.16.1.0/24
   ex: ping 172.16.1.2 
 




# Koko loke Web browser ex ; 
  
# koko ping fali network 10.0.0.0/24 ====>>>> 30.0.0.0/24 ka Lantai III
Ex.


# Koko Loke Browsing tok ba Server iha Lantai III
  ex:
 

Bele koko test ping husi network sira seluk parece hetan Reply hotu tamba iha neé ita so block network 10.0.0.0/24 ba network 172.16.1.0/28 ka husi lantai I la iha permisaun atu asesu ba IT-Office.







Diposting oleh Tidak ada komentar:
Langganan: Komentar (Atom)