ccna lab guidex
DESCRIPTION
CCNA Lab GuidexTRANSCRIPT
Lab 1 : Konfigurasi Cisco Catalyst Switch
Task 1: Konfigurasi awal Cisco Catalyst Switch 1A. switch ASW1-JKT Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI) > (user mode) > enable # (privileged/enabled/EXEC mode) # ? help mode # s? # show ? # show version melihat info perangkat (platform, IOS, interfaces) # sh ver # sh<tab> ver<tab> # sh flash melihat isi dari storage device # show running-config ATAU #sh run melihat isi dari config di RAM # show startup-config ATAU # sh start melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)# (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t
(config)# hostname ASW1-JKT (config)# enable secret cisco123 utk set password utk masuk privileged mode (config)# username netadmin password cisco123 membuat user+password di local database (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged % akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)# (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.1.1.10 255.255.255.0 (config-if)# no shutdown utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10.1.1.1 agar bisa berkomunikasi dengan jaringan lain, gateway adalah router (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# (line config) (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config ATAU # copy run start # write memory ATAU # wr # sh start # sh run # sh mac-address-table
1B. switch ASW2-JKT Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI) > (user mode) > enable
# (privileged/enabled/EXEC mode) # ? help mode # s? # show ? # show version melihat info perangkat (platform, IOS, interfaces) # sh ver # sh<tab> ver<tab> # sh flash melihat isi dari storage device # show running-config ATAU #sh run melihat isi dari config di RAM # show startup-config ATAU # sh start melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)# (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname ASW2-JKT (config)# enable secret cisco123 utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged % akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)# (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.1.1.20 255.255.255.0 (config-if)# no shutdown utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10.1.1.1 agar bisa berkomunikasi dengan jaringan lain, gateway adalah router (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# (line config) (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous
(config-line)# end # copy (source) (destination) # copy running-config startup-config ATAU # copy run start # write memory ATAU # wr # sh start # sh run # sh mac-address-table
1C. switch CSW-JKT Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI) > (user mode) > enable # (privileged/enabled/EXEC mode) # ? help mode # s? # show ? # show version melihat info perangkat (platform, IOS, interfaces) # sh ver # sh<tab> ver<tab> # sh flash melihat isi dari storage device # show running-config ATAU #sh run melihat isi dari config di RAM # show startup-config ATAU # sh start melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)# (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname CSW-JKT (config)# enable secret cisco123 utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged
% akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)# (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.1.1.2 255.255.255.0 (config-if)# no shutdown utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10.1.1.1 agar bisa berkomunikasi dengan jaringan lain, gateway adalah router (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# (line config) (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config ATAU # copy run start # write memory ATAU # wr # sh start # sh run # sh mac-address-table
1D. switch ASW-SBY Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI) > (user mode) > enable # (privileged/enabled/EXEC mode) # ? help mode # s? # show ? # show version melihat info perangkat (platform, IOS, interfaces) # sh ver # sh<tab> ver<tab>
# sh flash melihat isi dari storage device # show running-config ATAU #sh run melihat isi dari config di RAM # show startup-config ATAU # sh start melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)# (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname ASW-SBY (config)# enable secret cisco123 utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged % akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)# (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.1.4.10 255.255.255.0 (config-if)# no shutdown utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10.1.4.1 agar bisa berkomunikasi dengan jaringan lain, gateway adalah router (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config ATAU # copy run start # write memory ATAU # wr # sh start # sh run
# sh mac-address-table
1E. switch ASW-MDN Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI) > (user mode) > enable # (privileged/enabled/EXEC mode) # ? help mode # s? # show ? # show version melihat info perangkat (platform, IOS, interfaces) # sh ver # sh<tab> ver<tab> # sh flash melihat isi dari storage device # show running-config ATAU #sh run melihat isi dari config di RAM # show startup-config ATAU # sh start melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)# (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname ASW-MDN (config)# enable secret cisco123 utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged % akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)# (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.1.5.10 255.255.255.0 (config-if)# no shutdown utk mengaktifkan interface (config-if)# exit
(config)# ip default-gateway 10.1.5.1 agar bisa berkomunikasi dengan jaringan lain, gateway adalah router (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config ATAU # copy run start # write memory ATAU # wr # sh start # sh run # sh mac-address-table
Task 2: Konfigurasi Port-Security
ASW1-JKT & ASW2-JKT: # sh mac-address-table # conf t (config)# int f0/1 (config-if)# description ***connected to User’s PC*** (config-if)# switchport mode access (config-if)# switchport port-security (config-if)# switchport port-security maximum 1 (config-if)# switchport port-security mac-address sticky (config-if)# switchport port-security violation shutdown (config-if)#end # sh mac-address-table # sh port-security # sh port-security address # sh int f0/1 Utk menormalkan interface yg di-shutdown oleh port-security:
1. Copot MAC illegal, dan kembalikan MAC yg terdaftar 2. (config)# int f0/1
(config-if)# shutdown (config-if)# no shutdown (config-if)# end
# sh int f0/2 Utk menghapus konfigurasi Port-Security: (config)# int f0/1 (config-if)# no switchport port-security maximum
(config-if)# no switchport port-security mac-address sticky (config-if)# no switchport port-security (config-if)#end
Task 3: Verifikasi protokol CDP (cisco discovery protocol)
ASW1-JKT, ASW2-JKT, CSW-JKT: # sh cdp neighbor # sh cdp neighbor detail # sh cdp traffic # sh cdp interface (config)# no cdp run mematikan cdp di seluruh interface (config)# cdp run mengaktifkan cdp di seluruh interface (config)# int f0/5 (config-if)# no cdp enable mematikan cdp di interface tertentu saja (config-if)# cdp enable mengaktifkan interface di interface tertentu saja
Task 4: Menggunakan TFTP server untuk Backup config & IOS Backup config from Switch to TFTP server: # copy run tftp://10.1.1.3/[nama-switch].cfg Backup IOS from Switch to TFTP server: # sh flash #copy flash: tftp: Source filename []? c2960-lanbase-mz.122-25.FX.bin Address or name of remote host []? 10.1.1.3 Destination filename [c2960-lanbase-mz.122-25.FX.bin]? <enter aja>
Lab 2 : Konfigurasi VLAN pada Cisco Catalyst Switch
Task 1: Konfigurasi VTP
ASW1-JKT, ASW2-JKT, CSW-JKT (config)# vtp mode transparent (config)# vtp domain ccna
Task 2: Konfigurasi VLAN Trunking
ASW1-JKT: (config)# int range f0/21 , f0/23 (config-if-range)# switchport mode trunk (config-if-range)# no shutdown ASW2-JKT: (config)# int range f0/22 - 23 (config-if-range)# switchport mode trunk (config-if-range)# exit CSW-JKT: (config)# int range f0/21 - 22 , f0/24 (config-if-range)# switchport mode trunk (config-if-range)# exit
Task 3: Membuat VLAN
ASW1-JKT, ASW2-JKT & CSW-JKT: (config)# vlan 2 (config-vlan)# name Engineer (config-vlan)# vlan 3 (config-vlan)# name Sales (config-vlan)# exit
Task 4: Konfigurasi VLAN-membership
ASW1-JKT & ASW2-JKT: (config-if)# int f0/2 (config-if)# description *** connect to PC*** (config-if)# switchport mode access (config-if)# switchport access vlan 2
(config-if)# int f0/3 (config-if)# description *** connect to PC *** (config-if)# switchport mode access (config-if)# switchport access vlan 3 ALL SWITCHES: # copy run start ATAU # write memory # sh int trunk # sh int switchport trunk port # sh vlan # sh vtp status
Task 5: Konfigurasi Router-on-a-stick
Router-JKT: > enable # erase start # reload Tunggu sampai selesai booting: Would you like to enter initial configuration? n > enable # conf t (config)# host Router-JKT (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 line pertama=0 ; line terakhir=4 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0 5 menit 0 detik (config-line)# logging synchronous (config-line)# end (config)# int f0/0 (config-if)# no shutdown (config-if)# int f0/0.1 (config-subif)# desc *** TO VLAN-1 *** (config-subif)# encapsulation dot1q 1 native (config-subif)# ip address 10.1.1.1 255.255.255.0 (config-if)# int f0/0.2 (config-subif)# desc *** TO VLAN-2 *** (config-subif)# encapsulation dot1q 2 (config-subif)# ip address 10.1.2.1 255.255.255.0 (config-subif)# int f0/0.3 (config-subif)# desc *** TO VLAN-3 *** (config-subif)# encap dot1q 3
(config-subif)# ip address 10.1.3.1 255.255.255.0 (config-subif)# end # sh ip route melihat routing table # ping 10.1.1.10 # ping 10.1.1.20 Verifikasi: Dari semua PC ping ke subinterface Router-JKT: C:> ping 10.1.1.1 C:> ping 10.1.2.1 C:> ping 10.1.3.1
LAB 3: SPANNING-TREE PROTOCOL
Task 1: Portfast Switch: (config)# int range f0/1 - 3 (config-if)# spanning-tree portfast
Task 2: PVST ASW1-JKT, ASW2-JKT, CSW-JKT: # sh spanning-tree [cari siapa yg menjadi Root Bridge] CSW-JKT (dijadikan Root Bridge): (config)# spanning-tree vlan 1 priority 0 (config)# spanning-tree vlan 2 priority 0 (config)# spanning-tree vlan 3 priority 0 ATAU (config)# spanning-tree vlan 1 root primary (config)# spanning-tree vlan 2 root primary (config)# spanning-tree vlan 3 root primary
Task 3: PVRST ASW1-JKT, ASW2-JKT, CSW-JKT: # sh spanning-tree # conf t (config)# spanning-tree mode rapid-pvst (config)# end # sh spanning-tree
Lab 4 : Konfigurasi Dasar Cisco Router
Router-JKT: > enable # clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-JKT (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-SBY *** (config-if)# ip address 10.1.0.1 255.255.255.252 (config-if)# clock rate 512000 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# int s0/0/1 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-MDN *** (config-if)# ip address 10.1.0.5 255.255.255.0 (config-if)# bandwidth 512 (config-if)# clock rate 512000 (config-if)# no shutdown
(config-if)# end ROUTER-SBY: > enable # erase start # reload Tunggu sampai router selesai booting: Would you like to enter initial configuration? n > enable # clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-SBY (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config)# int f0/0 (config-if)# description *** CONNECT TO LAN SBY *** (config-if)# ip address 10.1.4.1 255.255.255.0 (config-if)# no shutdown (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-JKT *** (config-if)# ip address 10.1.0.2 255.255.255.252 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# end ROUTER-MDN: > enable # erase start # reload Tunggu sampai router selesai booting: Would you like to enter initial configuration? n
> enable # clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-MDN (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config)# int f0/0 (config-if)# description *** CONNECT TO LAN MDN *** (config-if)# ip address 10.1.5.1 255.255.255.0 (config-if)# no shutdown (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/1 ROUTER-JKT *** (config-if)# ip address 10.1.0.6 255.255.255.252 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# end ALL ROUTERS (JKT, SBY, MDN): # copy run start ATAU # write # sh ip route melihat routing-table # sh ip int brief melihat status semua interface # sh int f0/0 # sh controller s0/0/0 utk ngecek kabel serial di router (DTE/DCE) # ping [ip address router terdekat]
Lab 5: Konfigurasi Static & Default Route
Task 1: Membuat Static & Default Route: Router-SBY: (config)# ip route 0.0.0.0 0.0.0.0 10.1.0.1 ATAU (config)# ip route 0.0.0.0 0.0.0.0 s0/0/0 Router-MDN: (config)# ip route 0.0.0.0 0.0.0.0 10.1.0.5 ATAU (config)# ip route 0.0.0.0 0.0.0.0 s0/0/0 STATIC ROUTE: Router-JKT: (config)# ip route 10.1.4.0 255.255.255.0 10.1.0.2 s0/0/0 (config)# ip route 10.1.5.0 255.255.255.0 10.1.0.6 s0/0/1 # sh ip route # ping [ke semua router]
Task 2: Menghapus static & default route Router-SBY & MDN: (config)# no ip route 0.0.0.0 0.0.0.0 (config)# end Router-JKT: (config)# no ip route 10.1.1.0 255.255.255.0 (config)# no ip route 10.1.5.0 255.255.255.0 (config)# end # sh ip route
Lab 6: Konfigurasi RIP
ALL ROUTERS (SBY, JKT, MDN): (config)# router rip (config-router)# version 2 pakai versi 2 (classless routing protocol) (config-router)# network 10.0.0.0 (config-router)# no auto-summary manual-summarization (config-router)# passive-interface f0/0 agar tidak sending paket RIP ke interface tersebut (config-router)# end # sh ip route melihat routing table, harus ada kode R # sh ip protocol melihat routing protocol di router kita # debug ip rip melihat proses send-receive update RIP # terminal monitor utk liat debug, khusus bagi yg telnet # no debug all ATAU # undebug all Menghapus konfigurasi RIP: (config)# no router rip (config)# end # copy run start
Lab 7: Konfigurasi single-area OSPF
Loopback 0 – JKT: 10.100.100.1/32 Loopback 0 – SBY: 10.100.100.2/32 Loopback 0 – MDN: 10.100.100.3/32
Task 1: Konfigurasi OSPF Router-JKT: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.100.100.1 255.255.255.255 (config-if)# router ospf 1 (config-router)# network 10.1.0.1 0.0.0.0 area 0 (config-router)# network 10.1.0.5 0.0.0.0 area 0 (config-router)# network 10.1.1.1 0.0.0.0 area 0 (config-router)# network 10.1.2.1 0.0.0.0 area 0 (config-router)# network 10.1.3.1 0.0.0.0 area 0 (config-router)# network 10.100.100.1 0.0.0.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end Router-MDN: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.100.100.3 255.255.255.255 (config-if)# router ospf 1 (config-router)# network 10.1.0.6 0.0.0.0 area 0 (config-router)# network 10.1.5.1 0.0.0.0 area 0 (config-router)# network 10.100.100.3 0.0.0.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end
Router-SBY: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.100.100.2 255.255.255.255 (config-if)# router ospf 1 (config-router)# network 10.1.0.2 0.0.0.0 area 0 (config-router)# network 10.1.4.1 0.0.0.0 area 0 (config-router)# network 10.100.100.2 0.0.0.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end ALL ROUTERS (SBY, JKT, MDN): # sh ip ospf # sh ip ospf interface # sh ip ospf neighbor melihat neighbor table # sh ip ospf database melihat topology table # sh ip route melihat routing table # sh ip protocols melihat semua routing protocol di router #debug ip ospf events #debug ip ospf packet #terminal monitor #undebug all
Task 2: menghapus proses routing OSPF ALL ROUTERS (SBY, MDN, JKT): (config)# no int loopback 0 (config)# no router ospf 1
Lab 8 : Konfigurasi EIGRP
Task 1: Konfigurasi EIGRP ALL ROUTERS (SBY, MDN, JKT): (config)# router eigrp 65000 (config-router)# network 10.0.0.0 (config-router)# passive-interface f0/0 (config-router)# no auto-summary (config-router)# end # sh ip eigrp interface show interface yg aktif send-receive EIGRP packets # sh ip eigrp neighbor neighbor table # sh ip eigrp topology topology table P = passive ; artinya jaringan tersebut stabil (tidak up/down) # sh ip route routing table # sh ip protocol # debug ip eigrp
Lab 9 : Konfigurasi ACL
Task 1: Standard ACL utk mengeblok telnet dari luar Router-SBY: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.1.4.0 0.0.0.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end Router-MDN: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.1.5.0 0.0.0.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end Router-JKT: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.1.1.0 0.0.0.255 (config)# access-list 7 permit 10.1.2.0 0.0.0.255 (config)# access-list 7 permit 10.1.3.0 0.0.0.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end # sh access-list Menghapus konfigurasi standard ACL: (config)# line vty 0 4 (config-line)# no access-class 7 in (config-line)# exit (config)# no access-list 7 (config)# end
# sh access-list
Task 2: Extended ACL utk mengeblok FTP & TFTP dari luar Router-JKT: (config)# access-list 100 deny udp any host 10.1.1.3 eq 69 log ATAU eq tftp (config)# access-list 100 deny tcp any host 10.1.1.3 range 20 21 log ATAU range ftp-data ftp (config)# access-list 100 permit ip any any log (config)# int s0/0/0 (config-if)# ip access-group 100 in (config)# int s0/0/1 (config-if)# ip access-group 100 in (config-if)# end # sh access-list # sh ip int s0/0/0 # sh ip int s0/0/1 Menghapus konfigurasi extended ACL: (config)# int s0/0/0 (config-if)# no ip access-group 100 in (config-if)# int s0/0/1 (config-if)# no ip access-group 100 in (config-if)# exit (config)# no access-list 100
Lab 10 : Konfigurasi NAT
Task 1: Konfigurasi Static NAT static NAT (router JKT): 10.1.1.3 202.1.1.3 (Public TFTP & FTP server) Router-JKT: (config)# int s0/1/0 (config-if)# description connect to Internet (config-if)# ip address 202.1.1.2 255.255.255.240 (config-if)# exit (config)# ip route 0.0.0.0 0.0.0.0 s0/1/0 membuat default route mengarah ke ISP (config)# ip nat inside source static 10.1.1.3 202.1.1.3 (config)# int s0/1/0 (config-if)# ip nat outside (config-if)# int s0/0/0 (config-if)# ip nat inside (config-if)# int s0/0/1 (config-if)# ip nat inside (config-if)# int f0/0.1 (config-if)# ip nat inside (config-if)# int f0/0.2 (config-if)# ip nat inside (config-if)# int f0/0.3 (config-if)# ip nat inside (config-if)# end # sh ip nat translation (config-if)# int f0/0 (config-if)# no ip nat inside (config-if)# exit (config)# no ip nat inside source static 10.1.1.11 202.1.2.3
Task 2: Konfigurasi Dynamic PAT Router-JKT: (config)# access-list 2 permit 10.1.0.0 0.0.255.255 (config)# ip nat inside source list 2 int s0/1/0 overload (config)# end # sh ip nat translation # debug ip nat # no debug all # copy run start
Lab 11 : Konfigurasi IPv6
Task 1: Konfigurasi Dual-Stack Router Router-SBY: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::2/64 static manual address assignment (config)# int f0/0 (config-if)# ipv6 address 2001:10:1:4::/64 eui-64 static eui-64 address assignment (config-if)# end Router-MDN: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::6/64 static manual address assignment (config)# int f0/0 (config-if)# ipv6 address 2001:10:1:5::/64 eui-64 static eui-64 address assignment (config-if)# end Router-JKT: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::1/64 static manual address assignment (config-if)# int s0/0/1 (config-if)# ipv6 address 2001:10:1:0::5/64 static manual address assignment (config)# int f0/0.1 (config-if)# ipv6 address 2001:10:1:1::/64 eui-64 static eui-64 address assignment (config)# int f0/0.2 (config-if)# ipv6 address 2001:10:1:2::/64 eui-64 static eui-64 address assignment
(config)# int f0/0.3 (config-if)# ipv6 address 2001:10:1:3::/64 eui-64 static eui-64 address assignment (config-if)# end Verify: # sh ipv6 int brief # sh ipv6 int # sh ipv6 route Static Route JKT: ipv6 route 2001:10:1:4::/64 s0/0/0 ATAU ipv6 route 2001:10:1:4::/64 2001:10:1:0::2 ipv6 route 2001:10:1:5::/64 s0/0/1 ATAU ipv6 route 2001:10:1:5::/64 2001:10:1:0::6 SBY: (config)# ipv6 route ::/0 s0/0/0 ATAU ipv6 route ::/0 2001:10:1:0::1 MDN: (config)# ipv6 route ::/0 s0/0/0 ATAU ipv6 route ::/0 2001:10:1:0::5 Menghapus Default Route di Router-SBY & Router-MDN: (config)# no ipv6 route ::/0 Menghapus Static Route di Router-JKT: ipv6 route 2001:10:1:4::/64 ipv6 route 2001:10:1:5::/64
Task 2: Konfigurasi RIPng Router-SBY: (config)# ipv6 router rip SBY (config)# int s0/0/0 (config-if)# ipv6 rip SBY enable (config)# int f0/0 (config-if)# ipv6 rip SBY enable (config-if)# end Router-MDN: (config)# ipv6 router rip MDN (config)# int s0/0/0 (config-if)# ipv6 rip MDN enable (config)# int f0/0 (config-if)# ipv6 rip MDN enable (config-if)# end Router-JKT: (config)# ipv6 router rip JKT (config)# int s0/0/0 (config-if)# ipv6 rip JKT enable
(config-if)# int s0/0/1 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.1 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.2 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.3 (config-if)# ipv6 rip JKT enable (config-if)# end Verify: # sh ipv6 rip # sh ipv6 protocol # sh ipv6 route
Task 3: Menghapus konfigurasi IPv6 & RIPng Router-SBY: (config)# int s0/0/0 (config-if)# no ipv6 address (config)# int f0/0 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip SBY (config)# no ipv6 unicast-routing (config)# end # copy run start Router-MDN: (config)# int s0/0/0 (config-if)# no ipv6 address (config)# int f0/0 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip MDN (config)# no ipv6 unicast-routing (config)# end Router-JKT: (config)# int s0/0/0 (config-if)# no ipv6 address (config-if)# int s0/0/1 (config-if)# no ipv6 address (config-if)# int f0/0.1 (config-if)# no ipv6 address
(config-if)# int f0/0.2 (config-if)# no ipv6 address (config-if)# int f0/0.3 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip JKT (config)# no ipv6 unicast-routing (config)# end # copy run start
Lab 12 : PPP Authentication
Task 1: CHAP authentication # debug ppp authentication # terminal monitor khusus bagi telnet Router-JKT: # conf t (config)# hostname Router-JKT (config)# user Router-SBY password ccna1 nama router lawan & shared password (config)# user Router-MDN password ccna2 (config)# int s0/0/0 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config)# int s0/0/1 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end Router-MDN: # conf t (config)# hostname Router-MDN (config)# user Router-JKT password ccna2 (config)# int s0/0/0 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end Router-SBY:
# conf t (config)# hostname Router-SBY (config)# user Router-JKT password ccna1 (config)# int s0/1 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end # sh int serial 0/0/0 # sh int serial 0/0/1
Lab 13 : Frame-Relay connection
Task 1: Frame-Relay Point-to-Point subinterface Router-SBY: (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/0/1.100 point-to-point (config-subif)# description pvc to JKT (config-subif)# ip address 10.1.0.102 255.255.255.252 (config-subif)# frame-relay interface-dlci 100 (config-subif)# bandwidth 2048 (config-subif)# end # copy run start Router-MDN: (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/0/1.200 point-to-point (config-subif)# description pvc to JKT (config-subif)# ip address 10.1.0.106 255.255.255.252 (config-subif)# frame-relay interface-dlci 200 (config-subif)# bandwidth 2048 (config-subif)# end Router-JKT: (config)# int s0/1/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/1/1.101 point-to-point (config-subif)# description pvc to SBY (config-subif)# ip address 10.1.0.101 255.255.255.252 (config-subif)# frame-relay interface-dlci 101 (config-subif)# bandwidth 2048
(config-subif)# int s0/1/1.102 point-to-point (config-subif)# description pvc to MDN (config-subif)# ip address 10.1.0.105 255.255.255.252 (config-subif)# frame-relay interface-dlci 102 (config-subif)# bandwidth 2048 (config-subif)# end Verify (all routers: JKT, SBY, MDN): # sh frame-relay map # sh frame-relay pvc # sh frame-relay lmi # sh int s0/0/1 di SBY & MDN # sh int s0/1/1 di JKT # debug frame-relay lmi # terminal monitor # sh ip route # ping …. FRS configurations: (config)# frame-relay switching (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# description connect to Router-SBY (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 100 int s0/0/0 101 (config-if)# int serial 0/0/0 (config-if)# no ip address (config-if)# description connect to Router-JKT (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 101 int s0/0/1 100 (config-if)# frame-relay route 102 int s0/1/0 200 (config-if)# int serial 0/1/0 (config-if)# no ip address (config-if)# description connect to Router-MDN (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 200 int s0/0/0 102 (config-if)# end # copy run start
