Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 9.4.2.6
- masalah 1 (192 dan 10)
- biasanya deny harus di permit
- urutan tidak boleh terbalik
- Current configuration : 1117 bytes
- !
- version 15.1
- no service timestamps log datetime msec
- no service timestamps debug datetime msec
- no service password-encryption
- !
- hostname R1
- !
- !
- !
- !
- !
- !
- !
- !
- ip cef
- no ipv6 cef
- !
- !
- !
- !
- license udi pid CISCO2911/K9 sn FTX15248TP2
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- spanning-tree mode pvst
- !
- !
- !
- !
- !
- !
- interface GigabitEthernet0/0
- ip address 10.0.0.1 255.0.0.0
- ip access-group 10_to_172 out
- duplex auto
- speed auto
- !
- interface GigabitEthernet0/1
- ip address 172.16.0.1 255.255.0.0
- ip access-group 172_to_192 in
- duplex auto
- speed auto
- !
- interface GigabitEthernet0/2
- ip address 192.168.0.1 255.255.255.0
- ip access-group 192_to_10 in
- duplex auto
- speed auto
- !
- interface Vlan1
- no ip address
- shutdown
- !
- ip classless
- !
- ip flow-export version 9
- !
- !
- ip access-list extended 10_to_172
- deny tcp 10.0.0.0 0.255.255.255 host 172.16.255.254 eq www
- permit ip any any
- ip access-list extended 172_to_192
- deny tcp 172.16.0.0 0.0.255.255 host 192.168.0.254 eq ftp
- permit ip any any
- ip access-list extended 192_to_10
- deny tcp 192.168.0.0 0.0.0.255 host 10.255.255.254
- !
- !
- !
- !
- !
- line con 0
- !
- line aux 0
- !
- line vty 0 4
- login
- R1#conf t
- Enter configuration commands, one per line. End with CNTL/Z.
- R1(config)#ip access-list extended 192_to_10
- R1(config-ext-nacl)#permit ip an
- R1(config-ext-nacl)#permit ip any an
- R1(config-ext-nacl)#permit ip any any
- R1(config-ext-nacl)#end
- R1#
- %SYS-5-CONFIG_I: Configured from console by console
- R1#sh r
- Building configuration...
- Current configuration : 1136 bytes
- !
- version 15.1
- no service timestamps log datetime msec
- no service timestamps debug datetime msec
- no service password-encryption
- !
- hostname R1
- !
- !
- !
- !
- !
- !
- !
- !
- ip cef
- no ipv6 cef
- !
- !
- !
- !
- license udi pid CISCO2911/K9 sn FTX15248TP2
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- !
- spanning-tree mode pvst
- !
- !
- !
- !
- !
- !
- interface GigabitEthernet0/0
- ip address 10.0.0.1 255.0.0.0
- ip access-group 10_to_172 out
- duplex auto
- speed auto
- !
- interface GigabitEthernet0/1
- ip address 172.16.0.1 255.255.0.0
- ip access-group 172_to_192 in
- duplex auto
- speed auto
- !
- interface GigabitEthernet0/2
- ip address 192.168.0.1 255.255.255.0
- ip access-group 192_to_10 in
- duplex auto
- speed auto
- !
- interface Vlan1
- no ip address
- shutdown
- !
- ip classless
- !
- ip flow-export version 9
- !
- !
- ip access-list extended 10_to_172
- deny tcp 10.0.0.0 0.255.255.255 host 172.16.255.254 eq www
- permit ip any any
- ip access-list extended 172_to_192
- deny tcp 172.16.0.0 0.0.255.255 host 192.168.0.254 eq ftp
- permit ip any any
- ip access-list extended 192_to_10
- deny tcp 192.168.0.0 0.0.0.255 host 10.255.255.254
- permit ip any any
- !
- !
- !
- !
- !
- line con 0
- !
- line aux 0
- !
- line vty 0 4
- login
- !
- !
- !
- end
- R1# conf t
- Enter configuration commands, one per line. End with CNTL/Z.
- R1(config)#int g0/0
- R1(config-if)#no ip access-group 10_to_172 out
- R1(config-if)#ip access-group 10_to_172 in
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
