5441336740

LABORATORIUM JARINGAN KOMPUTER

JURUSAN TEKNIK ELEKTRO - INFORMATKA FAKULTAS TEKNIK UNIYERSITAS ISLAM MALANG 2009-2010

MODUŁ V AND VI NAT and ACLs

XIII. DESCRIPTION (MATERI)

1. Objectives

Objective: Configure OSPF on the network

•    Understand the concepts of Network Address Translation (NAT) and Access-list (ACL)

•    Configure ACL and NAT at gateway or router so client’s IP address will be translated to particular IP address, or clients with private IP address can connect to Internet using public IP address on gateway.

2. Background Reading

Go to the Cisco website, or use the Cisco Sybex publication, and read about ACL and NAT. You can read following tutorials as an instead, we have downloaded these from Cisco website.

Standard IP Access List

ACL configuration tends to be simpler than the task of interpreting the meaning and actions taken by an ACL. To that end, this section presents a plan of attack for configuring ACLs. Then it shows a couple of examples that review both the configuration and the concepts implemented by those ACLs.

The generic syntax of the standard ACL configuration command is

access-list access-list-number (deny | permit} source [source-wildcard]

A standard access list uses a series of access-list commands that have the same number. The access-list commands with the same number are considered to be in the same list, with the commands being listed in the same order in which they were added to the configuration.

Each access-list command can match a rangę of source IP addresses. If a match occurs, the ACL either allows the packet to keep going (permit action) or discards the packet (deny action). Each standard ACL can match all, or only part, of the packet’s source IP address.

Notę that for standard IP ACLs, the number rangę for ACLs is 1 to 99 and 1300 to 1999.

Step 1    Plan the location (router and interface) and direction (in or out) on

that interface:

a. Standard ACLs should be placed near to the destination of the packets so that it does not unintentionally discard packets that should not be discarded.

b. Because standard ACLs can only match a packefs source IP address, identify the source IP addresses of packets as they go in the direction that the ACL is examining.

Step 2    Configure one or morę access-list global configuration commands

to create the ACL, keeping the following in mind: a. The list is searched seąuentially, using first-match logie. In other words, when a packet matches one of the access-list statements, the search is over, even if the packet would match subseąuent