Kamis, 13 Oktober 2011

IP Access-list Reflexive

Berikut konfigurasi ip reflexive :



ip access-list extended infilter
permit icmp any any reflect tcpfilter
ip access-list extended outfilter
evaluate tcpfilter
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip access-group infilter in
ip access-group outfilter out
duplex auto
speed auto
!

Result :

client#ping 2.2.2.2 re 10

Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 12/45/80 ms
client#

sedangkan kebalikanya tidak bisa :

r2#ping 192.168.1.2 so lo 0 re 1000

Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.U.
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)