Koko block tiha Host ida depois fo Permisaun ba host seluk, Exemplo iha Ip ka Host ida ne;e access barak liu ba iha Youtube, facebook ho Standard Access List ita bele block tiha para hamenus traffic, selae ema lakohi servico aproveita internet para access facebook ka youtube los deit...hehehe halimar deit keta hatene tiha Implementa fali ida nee hanesan exemplo deit.
konfigurasaun ne'ebe ita halo mak tuir mai neé;
================================
Rtr001
================================
hostname Rtr001
================================
Rtr001
================================
hostname Rtr001
!
!
ip dhcp pool Lantai_III
network 30.0.0.0 255.255.255.0
default-router 30.0.0.1
dns-server 172.16.1.2
ip dhcp pool lantai_IV
network 40.0.0.0 255.255.255.0
default-router 40.0.0.1
dns-server 172.16.1.2
!
!
!
no ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 30.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 40.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
ip address 172.16.1.1 255.255.255.240
ip access-group TEST-II out
duplex auto
speed auto
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
!
interface Serial0/3/0
ip address 50.0.0.1 255.255.255.252
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 20.0.0.0 255.255.255.0 50.0.0.2
ip route 10.0.0.0 255.255.255.0 50.0.0.2
!
ip flow-export version 9
!
!
ip access-list standard TEST-II
deny host 10.0.0.3
permit any
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
===============================
Rtr002
===============================
hostname Rtr002
!
ip dhcp pool Lantai_II
network 20.0.0.0 255.255.255.0
default-router 20.0.0.1
dns-server 172.16.1.2
ip dhcp pool Lantai_I
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 172.16.1.2
!
no ip cef
no ipv6 cef
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
ip address 20.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.0
duplex auto
speed auto
!
interface Ethernet0/0/0
no ip address
duplex auto
speed auto
shutdown
!
interface Ethernet0/1/0
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/3/0
ip address 50.0.0.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 30.0.0.0 255.255.255.0 50.0.0.1
ip route 40.0.0.0 255.255.255.0 50.0.0.1
ip route 172.16.1.0 255.255.255.240 50.0.0.1
!
ip flow-export version 9
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
end
=================================
#koko test ping husi host 10.0.0.3 ==>>>network 172.16.1.0/24
ex:ping 172.16.1.2
# koko loke web browser iha host 10.0.0.3
ex
# bele koko test ping husi host 10.0.0.2 ba 172.16.1.2
ex;
ping Reply neé hatudo katak ita nia Konfigurasaun neébe ita halo neé los, depois keta haluha koko loke web browser
ex,
Mak neé deit materia konaba Deny tiha host ida fo permisaun ba Host Seluk (Deny a Specific Host and Permit All other Host). bele koko deny fali iha network seluk para ita bele kompriende liu tan.
Hamutuk Dezemvolve Cisco iha Timor Leste....
Tidak ada komentar:
Posting Komentar