Iha pagina ida neé ita sei aprende oinsa ita atu bloqia tiha ip ruma ka host ruma ba host seluk tuir ita nia hakarak, exemplo; iha ip ruma mak iha ita nia network laran mak hetan asesu traffic makas liu iha pagina www.youtube.com ka facebook, ka pagina sira seluk. karik ita hanesan Administrator ba network ida neé ita mak tenke hatene halo maneja didiak ita nia Cliente sira, se lae financa sira seluk ita nia internet ho kusto nebe makaas tebes..
Tan ne;e mak ita hanesan Administrator mak tenke hatene oinsa atu maneja didiak para bele hamenus tiha kustu neébe bot nee,...karik financa iha osan barak entaun la iha buat ida ou bele koa tiha Administrator nia osan.....hahaha. halimar deit.
Colegas mai ita koko design tok network tuir dezenho iha kraik née, depois mak bele halo mesak.
Tan ne;e mak ita hanesan Administrator mak tenke hatene oinsa atu maneja didiak para bele hamenus tiha kustu neébe bot nee,...karik financa iha osan barak entaun la iha buat ida ou bele koa tiha Administrator nia osan.....hahaha. halimar deit.
Colegas mai ita koko design tok network tuir dezenho iha kraik née, depois mak bele halo mesak.
Bloqia tiha host ruma para labele asesu ba host seluk ( ACLs)
exemplo :
# Topology ida neé ita sei kontinua nafatin ho topology ida antes neé, iha neé ita so bele aumenta tan konfirugasaun balun iha router. tuir dezenho ida iha leten neé ita atu block tiha host 20.20.20.2 para labele accesso ba youtube ka host 10.10.10.3==>>
#konfirugasaun iha router
hostname Router
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 20.20.20.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.248
ip access-group 120 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 120 deny tcp host 20.20.20.2 host 10.10.10.3 eq www
access-list 120 permit icmp host 20.20.20.1 10.10.0.0 0.0.31.255
access-list 120 deny tcp host 20.20.20.1 10.10.0.0 0.0.31.255 eq www
access-list 120 permit ip any any
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 20.20.20.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.248
ip access-group 120 out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 120 deny tcp host 20.20.20.2 host 10.10.10.3 eq www
access-list 120 permit icmp host 20.20.20.1 10.10.0.0 0.0.31.255
access-list 120 deny tcp host 20.20.20.1 10.10.0.0 0.0.31.255 eq www
access-list 120 permit ip any any
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
# koko test ping husi host 20.20.20.2 ==>> 10.10.10.3
# koko loke web browser husi host 20.20.20.2 ==>> http://www.youtube.tl ka 10.10.10.3
tuir imagem iha letan hatudu katak husi host ida neé 20.20.20.2 labele loke http://www.youtube.tl ka 10.10.10.3
# koko loke host seluk asesu tok ba http://www.youtube.tl
exemplo : ita koko husi host 20.20.20.3==>>http://www.youtube.tl
Host ida neé bele asesu ba youtube.tl tamba ita la block nia ip ka ..
maluk sira bele koko halo block tiha host seluk tuir imi nia hakarak.. mak neé deit ita nia edisaun ida neé ita sei hasoru malu iha edisaun seluk...hamutuk ita dezemvolve cisco iha Timor Leste..
obrigado,.......
Tidak ada komentar:
Posting Komentar