Access Control List

&
NAT

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
 Rifki Fajar Rudin (Bejo)
Network Engineer & Instructor
at BestPath-Network
CCENT, CCNA RS

+62 8232 6469 447

@RifkiFr

rifqyfajar@gmail.com
rifki.fajar.rudin@bestpath-network.com

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
 • ACL Overview

• Wildcard Masking

• Standard ACL

• LAB Standard ACL

• Extended ACL

• LAB Extended ACL

• Numbered ACL

• Named ACL

• Implementation ACL

• Q&A

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
©
© 2011
2010
2010 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco Confidential 4
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
• Digunakan untuk melakaukan kemanan dasar pada perangkat jaringan.

• Membatasi akses pada user yang berada dijaringan

• Meringankan kinerja perangkat jaringan dengan malakukan blocking protocol

• Limitasi traffic untuk meningkatkan kinerja perangkat jaringan.

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
 Access-list 10 permit host 192.168.10.1
!
Interface fastEthernet 0/1
Ip access-group 10 out

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
 Access-list 100 permit tcp host 192.168.10.1 192.168.1.0 0.0.0.255 eq www
!
Interface fastEthernet 0/0
Ip access-group 100 in

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
©
© 2011
2010
2010 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco Confidential 17
 Numbered ACL Named ACL

Menggunakan number untuk identitasnya Menggunakan huruf alfabet untuk

identitasnya

Jika salah satu ACE dihapus, maka yang Bisa menghapus ACE tanpa menghapus
berada dalam satu number tersebut akan ACE yang lain
hilang semua

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
 Ip access-list standard TEST
Permit host 192.168.10.1
!
Interface fastEthernet 0/1
Ip access-group TEST out

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
©
© 2011
2010
2010 Cisco
Cisco and/or
and/or its
its affiliates.
affiliates. All
All rights
rights reserved.
reserved. Cisco Confidential 20
• Digunakan untuk pool internal network untuk NAT

• Digunakan untuk megidentifikasi host untuk melakukan QoS

• Filtering routing update

• Limitasi debug output

• Digunakan untuk melakukan control pada virtual teletype

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• Bisa melewatkan ip private sehingga terkoneksi ke internet

• Meningkatkan fleksibilitas koneksi ke jaringan internet

• NAT menyediakan konsistensi jaringan internal

• Meningkatkan security

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
 • Tidak ada komunikasi end to end

• Komunikasi TCP terganggu

• Tunneling yang akan menjadi lebih sulit

• Tidak ada komunikasi ip end to end

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Thank you.