Nama : Faizura Zadri

Kelas : Tekom 2 A
NIM : 1801081021
Laporan :

I. Judul : Konfigurasi ACL Standart dan Extended

II. Teori Dasar

A. Access Control Lists
One of the most important skills a network administrator needs is
mastery of access control lists (ACLs). ACLs provide security for a
network.
Network designers use firewalls to protect networks from
unauthorized use. Firewalls are hardware or software solutions that
enforce network security policies. Consider a lock on a door to a
room inside a building. The lock allows only authorized users with
a key or access card to pass through the door. Similarly, a firewall
filters unauthorized or potentially dangerous packets from entering
the network.

B. What is an ACL

Gambar 1. 1 What is an ACL

An ACL is a series of IOS commands that control whether a router

forwards or drops packets based on information found in the packet
header. ACLs are among the most commonly used features of Cisco
IOS software.
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
When configured, ACLs perform the following tasks:

Limit network traffic to increase network performance. For

example, if corporate policy does not allow video traffic on the
network, ACLs that block video traffic could be configured and
applied. This would greatly reduce the network load and increase
network performance.

Provide traffic flow control. ACLs can restrict the delivery of

routing updates to ensure that the updates are from a known source.

Provide a basic level of security for network access. ACLs

can allow one host to access a part of the network and prevent
another host from accessing the same area. For example, access to
the Human Resources network can be restricted to authorized users.

Filter traffic based on traffic type. For example, an ACL can

permit email traffic, but block all Telnet traffic.

Screen hosts to permit or deny access to network services.

ACLs can permit or deny a user to access file types, such as FTP or
HTTP.

By default, a router does not have ACLs configured;

therefore, by default a router does not filter traffic. Traffic that enters
the router is routed solely based on information within the routing
table. However, when an ACL is applied to an interface, the router
performs the additional task of evaluating all network packets as
they pass through the interface to determine if the packet can be
forwarded.
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
In addition to either permitting or denying traffic, ACLs can
be used for selecting types of traffic to be analyzed, forwarded, or
processed in other ways. For example, ACLs can be used to classify
traffic to enable priority processing. This capability is similar to
having a VIP pass at a concert or sporting event. The VIP pass gives
selected guests privileges not offered to general admission ticket
holders, such as priority entry or being able to enter a restricted area.

C. Packet Filtering

Gambar 1. 2 Packet Filtering

An ACL is a sequential list of permit or deny statements, known as

access control entries (ACEs). ACEs are also commonly called ACL
statements. When network traffic passes through an interface
configured with an ACL, the router compares the information within
the packet against each ACE, in sequential order, to determine if the
packet matches one of the ACEs. This process is called packet
filtering.

Packet filtering controls access to a network by analyzing the

incoming and outgoing packets and forwarding them or discarding
them based on given criteria. Packet filtering can occur at Layer 3
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
or Layer 4, as shown in the figure. Standard ACLs only filter at
Layer 3. Extended ACLs filter at Layer 3 and Layer 4.

Note: Extended ACLs are beyond the scope of this course.

The source IPv4 address is the filtering criteria set in each ACE of a
standard IPv4 ACL. A router configured with a standard IPv4 ACL
extracts the source IPv4 address from the packet header. The router
starts at the top of the ACL and compares the address to each ACE
sequentially. When a match is made, the router carries out the
instruction, either permitting or denying the packet. After a match is
made, the remaining ACEs in the ACL, if any, are not analyzed. If
the source IPv4 address does not match any ACEs in the ACL, the
packet is discarded.

The last statement of an ACL is always an implicit deny. This

statement is automatically inserted at the end of each ACL even
though it is not physically present. The implicit deny blocks all
traffic. Because of this implicit deny, an ACL that does not have at
least one permit statement will block all traffic.

III. Alat dan Bahan

- 1 Unit Komputer yang sudah terinstall aplikasi Simulator cisco
Packet Tracert

IV. Langkah Kerja

A. Membuat Topologi Jaringan
1. Buka Cisco Packet Tracert, setelah berhasil terbuka klik pada
bagian network devices lalu pilih Switch 2096. Drag Switch
yang sudah dipilih sebanyak 2 buah.

Gambar 1. 3 Insert Switch

Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
2. Selanjutnya Drag Komputer ke lembar kerja Simulator Cisco
sebanyak 2 buah. Letakkan pada switch.

Gambar 1. 4 Insert PC

3. Hubungkan ketiga computer dengan menggunakan kabel

straight ke switch

Gambar 1. 5 Insert Cable

4. Selanjutnya masukkan Router 1941 ke lembar kerja. Lalu

hubungkan dengan switch menggunakan kabel straight.
Masukkan router sebanyak 2 buah. Hubungkan ke dua router
dengan menggunakan kabel rollolver

Gambar 1. 6 Insert Router

5. Tambahkan sebuah server. Dan hubungkan server dengan switch

Gambar 1. 7 Insert Server

B. Configure The PC Interfaces

1. Klik PC-0, lalu akan muncul tampilan seperti gambar dibawah
ini

Gambar 1. 8 PC-0
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
2. Klik IP Configuration, lalu masukkan IP address, dan
subnetmasknya

Gambar 1. 9 Configuration Ip Address PC-0

3. Configure juga PC-1 dengan melakukan hal yang sama, namun

denga nip address yang berbeda

Gambar 1. 10 Configuration Ip Address PC-1

4. Konfigurasi juga untuk Server

Gambar 1. 11 Configuration Ip Address Sever

Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
C. Konfigurasi Hostname, IP Address dan IP Route
a. Konfigurasi Hostname Router 1
Untuk merubah hostname dari router kita bisa mengetikkan
perintah berikut ini:
Router>en
Router#configure terminal
Router (config) #hostname R1
R1(config) #

Gambar 1. 12 Konfigurasi Hostname R1

b. Konfigurasi IP Address Router 1

Pertama tambahkan ip address untuk Gigabitether0/0 dan
Serial 0/0/0 ketikkan perintah sebagai berikut ini:
R1(config) #interface gigabitEthernet 0/0
R1(config-if) #ip address 192.168.1.1
255.255.255.0
R1(config-if) #no shutdown
R1(config-if) #exit
R1(config) #interface seiral 0/0/0
R1(config-if) #ip address 1.1.1.1 255.255.255.252
R1(config-if) #no shutdown
R1(config-if) #exit

Gambar 1. 13 insert ip address

Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
c. Konfigurasi IP Routing Router 1
Jenis routing yang digunakan yaitu routing dinamis, yang
salah satu jenis routingnya adalah Routig Information
Protokol.

Gambar 1. 14 Router Information Protcol

d. Konfigurasi Hostname Router 2

Gambar 1. 15 Hostname R2

e. Konfigurasi IP Address Router 2

Gambar 1. 16 Konfigurasi IP Address Router 2

f. Konfigurasi IP Router 2

Gambar 1. 17 Konfigurasi Router Rip

Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
D. Konfigurasi ACL Standart dan Extended
a. ACL Standart
Pada Router 1 ketikkanlah perintah dibawah ini:
R1 (config)#access-list 2 deny host 192.168.1.2
R1 (config)#access-list 2 permit any

Gambar 1. 18 access-list deny host dan permit any

Ketikkan perintah do show run, untuk melihat hasil konfigurasi.

Gambar 1. 19 Cek konfigurasi

Gambar 1. 20 acces group

Ketikkan perintah do show run, untuk melihat hasil konfigurasi.

Gambar 1. 21 cek hasil konfigurasi

Selanjutnya kita bisa juga setting untuk yang in, pada bagian yang
diatas merupakan untuk blok access kebagian luar, sedangkan untuk
yang in untuk blok access ke router itu sendiri. Untuk blok kebagian
router itu sendiri, maka untuk setingan awalnya sama dengan yang
out, namun yang berbeda adalah interface yang digunakan yaitu arah
ke interface bagian dalam. Berikut adalah perintah-perintahnya.

Gambar 1. 22 access-group in

b. ACL Extended
Untuk konfiguasi acl extended kita bisa menggunakan langkah-
langkah dibawah ini.
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :

Gambar 1. 23 access-list http

Gambar 1. 24 access-list ftp

Gambar 1. 25 permit ip any any

Gambar 1. 26 ip access-group

V. Hasil
A. Topologi Jaringan

Gambar 1. 27 Topologi Jaringan

B. ACL Standart

Gambar 1. 28 Result ping

Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
C. ACL Extended

Gambar 1. 29 Result acl extended

Gambar 1. 30 Result acl extended ftp

VI. Analisis
Pada ACL Standart dan Extended sama-sama memiliki 2 jenis yaitu in
dan out.

VII. Kesimpulan
Antara ACL Standart dan Extended memiliki perbedaan tersendiri, yang
mana acl standart akan memblok access jalur ke tujuan yang sudah
ditentukan pada konfigurasi termasuk untuk protocol-protokolnya,
sedangkan untuk ACL Extended hanya memblok access ke jalur
protocol yang sudah disetting, misalkan pc 1 tidak bisa mengakses ftp
pada server. Namun ia bisa terhubung dengan server.
Nama : Faizura Zadri
Kelas : Tekom 2 A
NIM : 1801081021
Laporan :
VIII. Referensi
Cisco Networking Academy.Access Control Lists di https://static-
course-assets.s3.amazonaws.com/RSE6/en/index.html#7.0.1.1 (di
akses 14 November 2019).