The Simulation of Access Control List (ACLs) Network Security for Frame Relay Network at PT. KAI Palembang

PT. KAI Palembang is a branch of PT. Kereta Api Indonesia (KAI) Persero located in South Sumatra Province, where PT. KAI Persero is an Indonesian State-Owned Enterprise that organizes railway transportation which provide services including passenger and goods transportation. PT. KAI Palembang has a computer network connected to PT. KAI Persero central is located in Jakarta. Now, PT. KAI Palembang is trying to improve computer network security, where one of them is limiting the access of users who connected to PT. KAI Palembang computer network. This can be done by implementing Access Control Lists (ACLs) and Frame Relay on PT. KAI Palembang computer network. In this research used the Network Development Life Cycle (NDLC) method which has several stages, namely Analysis, Design, Simulation Prototyping, Implementation, Monitoring and Management. This research method is used because the results of this research will be displayed in the Cisco packet tracer simulator. In addition, the results of this research were tested using a ping test between computers to show that the ACLs design had been running well.

The problem that occurs in this research is the lower levels of network security, so it is necessary to make efforts for improve computer network security by limiting user access to communication between networks on the PT. KAI Palembang computer network. Therefore in this research, do the application of Access Control List (ACLs) and Frame Relay on the PT. KAI Palembang computer network. ACLs are a list of licensing or rejection statements that are applied to network addresses or the uppermost protocol layer and ACLs also used to select packets that go in and out of the network [8] while Frame relay is a technology that relies on frame-frame that is forwarded to send data [9], where Frame is a packet data [10]. In order to implement both of these technologies, so necessary to build a Virtual Local Area Network (VLAN) by utilizing router and switch, where VLAN are logical groupings of users and network resources that are connected to determined ports on a switch administratively [11]. VLAN is an option because it regulate networks based on their classification techniques, namely through MAC addressing, ports and so on that make flexible VLAN networks [12]. The entire research was carried out using a Cisco packet tracer simulator, where cisco packet tracer is a simulator of network tools issued by cisco that often used as a medium of learning and training and also often used in computer network simulation research fields [13]. The main purpose of the cisco packet tracer is to provide tools for participants and instructors to be able to understand the principles of computer networking and also build skills in the network configuration field that use cisco [13].

Reseach Methods
The research method used in the current research is the Action Research method wherein this method is described, interpreted and explained a condition at the same time in order to make changes or interventions with the aim of improvement and participation [14]. The following in Figure 1 are the stages of the action research method used:

Virtual Local Area Network (VLAN) mapping
Virtual Local Area Network (VLAN) is a network that connect the same network although different locations with configuration in switch device using the trunking method, the switch is connected with a router to connect a predetermined VLAN network [16]. VLAN mapping is done to ease the Frame Relay configuration and VLAN also divide the device into several rooms based on their functions. The following table below is the VLAN mapping that used in this research:

IP Address Scheme in PT. KAI Palembang
To be able to communicate on a private network or on the internet public network every host on the computer network must be identified by an IP address

ACLs design
The following table below is the access control list (ACLs) design that will be applied in this research:  The interface configuration to the PC aim to access the VLAN ID that was created on the switch. Then to connect the interface using an access link command used to connect a computer with switch access links is a configured switch port.

3) Cloud configuration
Cloud is a combination of the computer technology used (computing) in a network with internetbased development (cloud) that has a function to run programs or applications through connected computers at the same time, but not all are connected through the internet using cloud computing. This cloud-based computer is a technology that makes the internet the central server for managing data and user applications. This technology allows users to run programs without installation and allows users to access their personal data through computers with internet access. As well as the benefits of cloud in everyday life can store all data on the server centrally, data security, high flexibility and scalability and long-term investment. a) Port to the Palembang Router

EIGRP Routing Configuration
Each router that is in one domain has a identical database to each other, so that large network can be broken down into smaller areas and react very quickly to changes that occur on the network. Here is the configuration:

Ping test from HR and General Room to Lampung Router
To be able to test the connection from HR and general room to the Lampung Router, the researcher ping the HR and general room client to the Lampung Router IP address : 101.11.10.2. The following results can be seen in the picture below. Figure 10. Ping test on HR and General Room to Lampung Router

Ping test from IT Room to an ISP Router (Internet).
To be able to test the connection from the IT room to the ISP, the researcher ping the IT Room client to the ISP IP address : 10.20.30.2. The following results can be seen in the picture below.

Ping test from Financial Room to the Lampung Router
To be able to test the connection from the Financial room to the Lampung Router, the researcher ping the Financial room client to the Lampung Router IP address : 101.11.10.2. The following results can be seen in the picture below.

Ping test from Documentation Room to the ISP Router (Internet)
To be able test the connection from Documentation Room to the ISP, the researcher ping the Documentation room client to the ISP IP address : 10.20.30.2. The following results can be seen in the picture below. From the results of connection testing between several clients on the PT. KAI Palembang computer network that has been obtained above, it can be seen that the Access Control List (ACLs) configuration has run according to the ACLs design table (Table 3). Can be seen in table 5 below: