Bloqia tiha host ruma para labele asesu ba host seluk ( ACLs)

Iha pagina ida neé ita sei aprende oinsa ita atu bloqia tiha ip ruma ka host ruma ba host seluk tuir ita nia hakarak, exemplo; iha ip ruma mak iha ita nia network laran mak hetan asesu traffic makas liu iha pagina www.youtube.com ka facebook, ka pagina sira seluk. karik ita hanesan Administrator ba network ida neé ita mak tenke hatene halo maneja didiak ita nia Cliente sira, se lae financa sira seluk ita nia internet ho kusto nebe makaas tebes..

Tan ne;e mak ita hanesan Administrator mak tenke hatene oinsa atu maneja didiak para bele hamenus tiha kustu neébe bot nee,...karik financa iha osan barak entaun la iha buat ida ou bele koa tiha Administrator nia osan.....hahaha. halimar deit.

Colegas mai ita koko design tok network tuir dezenho iha kraik née, depois mak bele halo mesak.

Bloqia tiha  host ruma para labele asesu ba host seluk ( ACLs)

exemplo :

# Topology ida neé ita sei kontinua nafatin ho topology ida antes neé, iha neé ita so  bele aumenta tan konfirugasaun balun iha router. tuir dezenho ida iha leten neé ita atu block tiha host 20.20.20.2 para labele accesso ba youtube ka host 10.10.10.3==>>

#konfirugasaun iha router 

hostname Router
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
!
!
interface FastEthernet0/0
 ip address 20.20.20.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.248
 ip access-group 120 out
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 120 deny tcp host 20.20.20.2 host 10.10.10.3 eq www
access-list 120 permit icmp host 20.20.20.1 10.10.0.0 0.0.31.255
access-list 120 deny tcp host 20.20.20.1 10.10.0.0 0.0.31.255 eq www
access-list 120 permit ip any any
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
end

# koko test ping husi host 20.20.20.2 ==>> 10.10.10.3 

# koko loke web browser husi host 20.20.20.2 ==>> http://www.youtube.tl ka 10.10.10.3 

tuir imagem iha letan hatudu katak husi host ida neé  20.20.20.2 labele loke http://www.youtube.tl ka 10.10.10.3 

# koko loke host seluk asesu tok ba  http://www.youtube.tl

   exemplo : ita koko husi host 20.20.20.3==>>http://www.youtube.tl

   

Host ida neé bele asesu ba youtube.tl tamba ita la block nia ip ka .. 

maluk sira bele koko halo block tiha host seluk tuir imi nia hakarak.. mak neé deit ita nia edisaun ida neé ita sei hasoru malu iha edisaun seluk...hamutuk ita dezemvolve cisco iha Timor Leste..

obrigado,.......

Access Control Lists (ACLs)

Access Control List mak saida?

Access list mak hanesan policia ka guarda  nébe hein hela iha Portaun oin wainhira ita atu tama ba uma laran ou sai ba liur, wain visitante atu tama sai siguranca ka policia sei husu ita nia id kard ka kartaun Eleitoral ka BI ou karta licenca ruma atu bele fo licenca ka permisaun ba ita ba ka lae. Maluk sira ida neé hanesan exemplo ida deit, keta lori ba lia...Mai ita koko halo tuir topology iha kraik neé atu ita bele kompriende liu tan konaba ACLs ne;e...

                                          Access Control List / ACLs 

    Koko block tiha host ida labele asesu ba ICMP ka http 
iha network ida tomak.

                 

1. Dezenho lai Tolopology tuir imagen ne;e iha cisco packet tracert
2. Konfigurasaun neébe ita halo iha Router mak tuir mai neé :

 hostname Router
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/0
 ip address 20.20.20.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.10.10.1 255.255.255.248
 ip access-group 120 out
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
ip flow-export version 9
!
!
access-list 120 permit icmp host 20.20.20.1 10.10.0.0 0.0.31.255
access-list 120 deny tcp host 20.20.20.1 10.10.0.0 0.0.31.255 eq www
access-list 120 permit ip any any
!
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end

# konfigurasun tuir imagen ne;e ita halo para host ida 20.20.20.1 bele halo ping ba network  10.10.0.0 maibe host 20.20.20.1 la iha permisaun atu loke pagina www.timorleste.tl ka 10.10.10.2, tamba host ida neé hetan block tiha husi network ne (10.10.10.0/29) maibe  hots ne bele halo ping ba network ne.

1. koko halo ping husi host 20.20.20.1 ba 10.10.10.2

ex.

2. koko loke web browser iha host 20.20.20.1

 

3.koko loke web browser husi host  http://www.timorleste.tl / ka 10.10.10.2

 

 karik nia resultado hanesan iha leten entaun konfigurasun neébe ita halo iha router los...

bele koko test ping husi qualquer host ou browsing husi kualker host ba iha server sira seluk..

obrigado tamba ita konsege halo tuir ona topologi ne;e.

adeus i hasoru malu fali iha edisaun seluk.. 

mai ita aprende hamutuk network liu husi cisco packet tracert.