Zona Networking - Melanjutkan dari postingan Cisco IOS Commands Cheat Sheet Part#3 kali ini saya share yang Part#4..
menuju tkp...
Access Control Lists:
Standard ACL: 1 – 99 and 1300 – 1999
• Use a remark to describe the ACL (Optional):
R1(config)# access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN
• Create the ACL, keeping the following in mind:
• ACL uses first-match logic.
• There is an implicit deny anyat the end of the ACL.
R1(config)# access-list 2 deny 192.168.1.77
R1(config)# access-list 2 deny 192.168.1.64 0.0.0.31
R1(config)# access-list 2 permit 10.1.0.0 0.0.255.255
R1(config)# access-list 2 deny 10.0.0.0 0.255.255.255
R1(config)# access-list 2 permit any
• Enable the ACL on the chosen router interface in the correct direction (in or out):
R1(config-if)# ip access-group 2 out
• Using standard ACL to limit telnet and SSH access to a router:
Create the ACL that defines the permitted telnet clients:
R1(config)# access-list 99 remark ALLOWED TELNET CLIENTS
R1(config)# access-list 99 permit 192.168.1.128 0.0.0.15
Apply the ACL inbound the vty lines
R1(config)# line vty 0 4
R1(config-line)# access-class 99 in
Extended ACL: 100 – 199 and 2000 – 2699
R1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
R1(config)# access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
R1(config)# access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
R1(config)# access-list 101 deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
R1(config)# access-list 101 deny udphost 10.1.1.7 eq 53 any
R1(config)# access-list 101 permit ip any any
R1(config)# interface fastEthernet 0/0
R1(config-if)# ip access-group 101 in
Named ACL:
• Named ACLs use names to identify ACLs rather than numbers, and commands that permit or deny traffic are written in a sub mode called named ACL mode (nacl).
• Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statements of the ACL.
• Named standard ACL:
R1(config)# ip access-list standard MY_STANDARD_ACL
R1(config-std-nacl)# permit 10.1.1.0 0.0.0.255
R1(config-std-nacl)# deny 10.2.2.2
R1(config-std-nacl)# permit any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_STANDARD_ACL out
• Named extended ACL:
R1(config)# ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)# deny icmp 10.1.1.1 0.0.0.0 any
R1(config-ext-nacl)# deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
R1(config-ext-nacl)# permit ip any any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_EXTENDED_ACL in
• Editing ACL using sequence numbers:
R1(config)# ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)# no 20 ! Deletes the statement of sequence number 20
R1(config)# ip access-list standard 99
R1(config-std-nacl)# 5 deny 1.1.1.1 ! inserts a statement with sequence 5
Verifying ACLs:
• Shows all ACLs configured on a router with counters at the end of each statement:
R1# show access-lists
! OR
R1# show ip access-list
• Shows only the specified ACL:
R1# show ip access-list 101
• Includes a reference to the ACLs enabled on that interface either in or out:
R1# show ip interface f0/0
DHCP Server
• Define a DHCP pool and give it a name:
R1(config)# ip dhcp pool MY_POOL
• Define network and mask to use in this pool and the default gateway:
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.1.1
• Define one or more DNS server (OPTIONAL):
R1(dhcp-config)# dns-server 213.131.65.20 8.8.8.8
• Confine the lease time (OPTIONAL):
R1(dhcp-config)lease 2 ! Days
• Define one or more scopes of excluded (reserved) addresses (OPTIONAL):
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.100
R1(config)# ip dhcp excluded-address 192.168.1.200 192.168.1.254
DHCP Verification and Troubleshooting:
• Shows the status of the specified pool and the leased addresses from that pool:
R1# show ip dhcp pool POOL_1
• Shows all the leased ip addresses from all configured DHCP pools:
R1# show ip dhcp binding
• Shows any conflicts that occurred:
R1# show ip dhcp conflict
Semoga bermanfaat.. Terima Kasih :)
Part - part yang lain :
Referensi
Access Control Lists:
Standard ACL: 1 – 99 and 1300 – 1999
• Use a remark to describe the ACL (Optional):
R1(config)# access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN
• Create the ACL, keeping the following in mind:
• ACL uses first-match logic.
• There is an implicit deny anyat the end of the ACL.
R1(config)# access-list 2 deny 192.168.1.77
R1(config)# access-list 2 deny 192.168.1.64 0.0.0.31
R1(config)# access-list 2 permit 10.1.0.0 0.0.255.255
R1(config)# access-list 2 deny 10.0.0.0 0.255.255.255
R1(config)# access-list 2 permit any
• Enable the ACL on the chosen router interface in the correct direction (in or out):
R1(config-if)# ip access-group 2 out
• Using standard ACL to limit telnet and SSH access to a router:
Create the ACL that defines the permitted telnet clients:
R1(config)# access-list 99 remark ALLOWED TELNET CLIENTS
R1(config)# access-list 99 permit 192.168.1.128 0.0.0.15
Apply the ACL inbound the vty lines
R1(config)# line vty 0 4
R1(config-line)# access-class 99 in
Extended ACL: 100 – 199 and 2000 – 2699
• Extended ACL should be placed as close as possible to the source of the packet.
• Extended ACL matches packets based on source & des.IP addresses, protocol, source & des. Port numbers andother criteria as well
R1(config)# access-list 101 remark MY_ACCESS_LISTR1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
R1(config)# access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
R1(config)# access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
R1(config)# access-list 101 deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
R1(config)# access-list 101 deny udphost 10.1.1.7 eq 53 any
R1(config)# access-list 101 permit ip any any
R1(config)# interface fastEthernet 0/0
R1(config-if)# ip access-group 101 in
Named ACL:
• Named ACLs use names to identify ACLs rather than numbers, and commands that permit or deny traffic are written in a sub mode called named ACL mode (nacl).
• Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statements of the ACL.
• Named standard ACL:
R1(config)# ip access-list standard MY_STANDARD_ACL
R1(config-std-nacl)# permit 10.1.1.0 0.0.0.255
R1(config-std-nacl)# deny 10.2.2.2
R1(config-std-nacl)# permit any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_STANDARD_ACL out
• Named extended ACL:
R1(config)# ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)# deny icmp 10.1.1.1 0.0.0.0 any
R1(config-ext-nacl)# deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
R1(config-ext-nacl)# permit ip any any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_EXTENDED_ACL in
• Editing ACL using sequence numbers:
R1(config)# ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)# no 20 ! Deletes the statement of sequence number 20
R1(config)# ip access-list standard 99
R1(config-std-nacl)# 5 deny 1.1.1.1 ! inserts a statement with sequence 5
Verifying ACLs:
• Shows all ACLs configured on a router with counters at the end of each statement:
R1# show access-lists
! OR
R1# show ip access-list
• Shows only the specified ACL:
R1# show ip access-list 101
• Includes a reference to the ACLs enabled on that interface either in or out:
R1# show ip interface f0/0
DHCP Server
• Define a DHCP pool and give it a name:
R1(config)# ip dhcp pool MY_POOL
• Define network and mask to use in this pool and the default gateway:
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.1.1
• Define one or more DNS server (OPTIONAL):
R1(dhcp-config)# dns-server 213.131.65.20 8.8.8.8
• Confine the lease time (OPTIONAL):
R1(dhcp-config)lease 2 ! Days
• Define one or more scopes of excluded (reserved) addresses (OPTIONAL):
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.100
R1(config)# ip dhcp excluded-address 192.168.1.200 192.168.1.254
DHCP Verification and Troubleshooting:
• Shows the status of the specified pool and the leased addresses from that pool:
R1# show ip dhcp pool POOL_1
• Shows all the leased ip addresses from all configured DHCP pools:
R1# show ip dhcp binding
• Shows any conflicts that occurred:
R1# show ip dhcp conflict
Semoga bermanfaat.. Terima Kasih :)
Part - part yang lain :
- Cisco IOS Commands Cheat Sheet Part#1
- Cisco IOS Commands Cheat Sheet Part#2
- Cisco IOS Commands Cheat Sheet Part#3
- Cisco IOS Commands Cheat Sheet Part#5
Referensi
0 comments