Anda di halaman 1dari 34

Lab 1 : Konfigurasi Cisco Catalyst Switch

Task 1: Konfigurasi awal Cisco Catalyst Switch


1A. switch ASW1-JKT
Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI)
> (user mode)
> enable
# (privileged/enabled/EXEC mode)
#?
help mode
# s?
# show ?
# show version melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
melihat isi dari storage device
# show running-config ATAU #sh run
melihat isi dari config di RAM
# show startup-config ATAU # sh start
melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB 7 jam)
# configure terminal
ATAU #conf t
(config)# (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t

(config)# hostname ASW1-JKT


(config)# enable secret cisco123
utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
membuat user+password di local database
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
% akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)# (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.1.10 255.255.255.0
(config-if)# no shutdown
utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.1.1
router

agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4


line pertama=0 ; line terakhir=4
(config-line)# (line config)
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr

ATAU

# copy run start

# sh start
# sh run
# sh mac-address-table

1B. switch ASW2-JKT


Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI)
> (user mode)
> enable

# (privileged/enabled/EXEC mode)
#?
help mode
# s?
# show ?
# show version melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
melihat isi dari storage device
# show running-config ATAU #sh run
melihat isi dari config di RAM
# show startup-config ATAU # sh start
melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB 7 jam)
# configure terminal
ATAU #conf t
(config)# (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t
(config)# hostname ASW2-JKT
(config)# enable secret cisco123
utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
% akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)# (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.1.20 255.255.255.0
(config-if)# no shutdown
utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.1.1
router

agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4


line pertama=0 ; line terakhir=4
(config-line)# (line config)
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous

(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr

ATAU

# copy run start

# sh start
# sh run
# sh mac-address-table

1C. switch CSW-JKT


Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI)
> (user mode)
> enable
# (privileged/enabled/EXEC mode)
#?
help mode
# s?
# show ?
# show version melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
melihat isi dari storage device
# show running-config ATAU #sh run
melihat isi dari config di RAM
# show startup-config ATAU # sh start
melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB 7 jam)
# configure terminal
ATAU #conf t
(config)# (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t
(config)# hostname CSW-JKT
(config)# enable secret cisco123
utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged

% akan muncul pada saat sukses login


(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)# (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.1.2 255.255.255.0
(config-if)# no shutdown
utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.1.1
router

agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4


line pertama=0 ; line terakhir=4
(config-line)# (line config)
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr

ATAU

# copy run start

# sh start
# sh run
# sh mac-address-table

1D. switch ASW-SBY


Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI)
> (user mode)
> enable
# (privileged/enabled/EXEC mode)
#?
help mode
# s?
# show ?
# show version melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>

# sh flash
melihat isi dari storage device
# show running-config ATAU #sh run
melihat isi dari config di RAM
# show startup-config ATAU # sh start
melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB 7 jam)
# configure terminal
ATAU #conf t
(config)# (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t
(config)# hostname ASW-SBY
(config)# enable secret cisco123
utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
% akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)# (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.4.10 255.255.255.0
(config-if)# no shutdown
utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.4.1
router

agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4


line pertama=0 ; line terakhir=4
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr
# sh start
# sh run

ATAU

# copy run start

# sh mac-address-table

1E. switch ASW-MDN


Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n masuk ke Command Line Interface (CLI)
> (user mode)
> enable
# (privileged/enabled/EXEC mode)
#?
help mode
# s?
# show ?
# show version melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
melihat isi dari storage device
# show running-config ATAU #sh run
melihat isi dari config di RAM
# show startup-config ATAU # sh start
melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011 set jam sesuai GMT/UTC (WIB 7 jam)
# configure terminal
ATAU #conf t
(config)# (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t
(config)# hostname ASW-MDN
(config)# enable secret cisco123
utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
% akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)# (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.5.10 255.255.255.0
(config-if)# no shutdown
utk mengaktifkan interface
(config-if)# exit

(config)# ip default-gateway 10.1.5.1


router

agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4


line pertama=0 ; line terakhir=4
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0 5 menit 0 detik
(config-line)# logging synchronous
(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr

ATAU

# copy run start

# sh start
# sh run
# sh mac-address-table

Task 2: Konfigurasi Port-Security


ASW1-JKT & ASW2-JKT:
# sh mac-address-table
# conf t
(config)# int f0/1
(config-if)# description ***connected to Users PC***
(config-if)# switchport mode access
(config-if)# switchport port-security
(config-if)# switchport port-security maximum 1
(config-if)# switchport port-security mac-address sticky
(config-if)# switchport port-security violation shutdown
(config-if)#end
# sh mac-address-table
# sh port-security
# sh port-security address
# sh int f0/1
Utk menormalkan interface yg di-shutdown oleh port-security:
1. Copot MAC illegal, dan kembalikan MAC yg terdaftar
2. (config)# int f0/1
(config-if)# shutdown
(config-if)# no shutdown
(config-if)# end
# sh int f0/2
Utk menghapus konfigurasi Port-Security:
(config)# int f0/1
(config-if)# no switchport port-security maximum

(config-if)# no switchport port-security mac-address sticky


(config-if)# no switchport port-security
(config-if)#end

Task 3: Verifikasi protokol CDP (cisco discovery protocol)


ASW1-JKT, ASW2-JKT, CSW-JKT:
# sh cdp neighbor
# sh cdp neighbor detail
# sh cdp traffic
# sh cdp interface
(config)# no cdp run
(config)# cdp run

mematikan cdp di seluruh interface


mengaktifkan cdp di seluruh interface

(config)# int f0/5


(config-if)# no cdp enable
(config-if)# cdp enable

mematikan cdp di interface tertentu saja


mengaktifkan interface di interface tertentu saja

Task 4: Menggunakan TFTP server untuk Backup config & IOS


Backup config from Switch to TFTP server:
# copy run tftp://10.1.1.3/[nama-switch].cfg
Backup IOS from Switch to TFTP server:
# sh flash
#copy flash: tftp:
Source filename []? c2960-lanbase-mz.122-25.FX.bin
Address or name of remote host []? 10.1.1.3
Destination filename [c2960-lanbase-mz.122-25.FX.bin]? <enter aja>

Lab 2 : Konfigurasi VLAN pada Cisco Catalyst Switch

Task 1: Konfigurasi VTP


ASW1-JKT, ASW2-JKT, CSW-JKT
(config)# vtp mode transparent
(config)# vtp domain ccna

Task 2: Konfigurasi VLAN Trunking


ASW1-JKT:
(config)# int range f0/21 , f0/23
(config-if-range)# switchport mode trunk
(config-if-range)# no shutdown
ASW2-JKT:
(config)# int range f0/22 - 23
(config-if-range)# switchport mode trunk
(config-if-range)# exit
CSW-JKT:
(config)# int range f0/21 - 22 , f0/24
(config-if-range)# switchport mode trunk
(config-if-range)# exit

Task 3: Membuat VLAN


ASW1-JKT, ASW2-JKT & CSW-JKT:
(config)# vlan 2
(config-vlan)# name Engineer
(config-vlan)# vlan 3
(config-vlan)# name Sales
(config-vlan)# exit

Task 4: Konfigurasi VLAN-membership


ASW1-JKT & ASW2-JKT:
(config-if)# int f0/2
(config-if)# description *** connect to PC***
(config-if)# switchport mode access
(config-if)# switchport access vlan 2

(config-if)# int f0/3


(config-if)# description *** connect to PC ***
(config-if)# switchport mode access
(config-if)# switchport access vlan 3
ALL SWITCHES:
# copy run start ATAU # write memory
# sh int trunk
# sh int switchport
trunk port
# sh vlan
# sh vtp status

Task 5: Konfigurasi Router-on-a-stick


Router-JKT:
> enable
# erase start
# reload
Tunggu sampai selesai booting:
Would you like to enter initial configuration? n
> enable
# conf t
(config)# host Router-JKT
(config)# enable secret cisco
(config)# username netadmin password cisco123
(config)# line vty 0 4
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config)# line console 0
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# end

line pertama=0 ; line terakhir=4


agar nanya user+password yg ada di local database
5 menit 0 detik
agar prompt muncul lagi ketika ada logging

agar nanya user+password yg ada di local database


5 menit 0 detik

(config)# int f0/0


(config-if)# no shutdown
(config-if)# int f0/0.1
(config-subif)# desc *** TO VLAN-1 ***
(config-subif)# encapsulation dot1q 1 native
(config-subif)# ip address 10.1.1.1 255.255.255.0
(config-if)# int f0/0.2
(config-subif)# desc *** TO VLAN-2 ***
(config-subif)# encapsulation dot1q 2
(config-subif)# ip address 10.1.2.1 255.255.255.0
(config-subif)# int f0/0.3
(config-subif)# desc *** TO VLAN-3 ***
(config-subif)# encap dot1q 3

(config-subif)# ip address 10.1.3.1 255.255.255.0


(config-subif)# end
# sh ip route
# ping 10.1.1.10
# ping 10.1.1.20

melihat routing table

Verifikasi:
Dari semua PC ping ke subinterface Router-JKT:
C:> ping 10.1.1.1
C:> ping 10.1.2.1
C:> ping 10.1.3.1

LAB 3: SPANNING-TREE PROTOCOL

Task 1: Portfast
Switch:
(config)# int range f0/1 - 3
(config-if)# spanning-tree portfast

Task 2: PVST
ASW1-JKT, ASW2-JKT, CSW-JKT:
# sh spanning-tree
[cari siapa yg menjadi Root Bridge]
CSW-JKT (dijadikan Root Bridge):
(config)# spanning-tree vlan 1 priority 0
(config)# spanning-tree vlan 2 priority 0
(config)# spanning-tree vlan 3 priority 0
ATAU
(config)# spanning-tree vlan 1 root primary
(config)# spanning-tree vlan 2 root primary
(config)# spanning-tree vlan 3 root primary

Task 3: PVRST
ASW1-JKT, ASW2-JKT, CSW-JKT:
# sh spanning-tree
# conf t
(config)# spanning-tree mode rapid-pvst
(config)# end
# sh spanning-tree

Lab 4 : Konfigurasi Dasar Cisco Router

Router-JKT:
> enable
# clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB 7)
# conf t
(config)# clock timezone WIB 7
(config)# end
# sh clock
# conf t
(config)# hostname Router-JKT
(config)# enable secret cisco
(config)# username netadmin password cisco123
(config)# line vty 0 4
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# line console 0
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# exit
(config-if)# int s0/0/0
(config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-SBY ***
(config-if)# ip address 10.1.0.1 255.255.255.252
(config-if)# clock rate 512000
(config-if)# bandwidth 512
(config-if)# no shutdown
(config-if)# int s0/0/1
(config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-MDN ***
(config-if)# ip address 10.1.0.5 255.255.255.0
(config-if)# bandwidth 512
(config-if)# clock rate 512000
(config-if)# no shutdown

(config-if)# end

ROUTER-SBY:
> enable
# erase start
# reload
Tunggu sampai router selesai booting:
Would you like to enter initial configuration? n
> enable
# clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB 7)
# conf t
(config)# clock timezone WIB 7
(config)# end
# sh clock
# conf t
(config)# hostname Router-SBY
(config)# enable secret cisco
(config)# username netadmin password cisco123
(config)# line vty 0 4
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# line console 0
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# exit
(config)# int f0/0
(config-if)# description *** CONNECT TO LAN SBY ***
(config-if)# ip address 10.1.4.1 255.255.255.0
(config-if)# no shutdown

(config-if)# int s0/0/0


(config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-JKT ***
(config-if)# ip address 10.1.0.2 255.255.255.252
(config-if)# bandwidth 512
(config-if)# no shutdown
(config-if)# end
ROUTER-MDN:
> enable
# erase start
# reload
Tunggu sampai router selesai booting:
Would you like to enter initial configuration? n

> enable
# clock set 7:00:00 5 dec 2011 jam GMT/UTC (WIB 7)
# conf t
(config)# clock timezone WIB 7
(config)# end
# sh clock
# conf t
(config)# hostname Router-MDN
(config)# enable secret cisco
(config)# username netadmin password cisco123
(config)# line vty 0 4
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# line console 0
(config-line)# login local
(config-line)# exec-timeout 5 0
(config-line)# logging synchronous
(config-line)# exit
(config)# int f0/0
(config-if)# description *** CONNECT TO LAN MDN ***
(config-if)# ip address 10.1.5.1 255.255.255.0
(config-if)# no shutdown

(config-if)# int s0/0/0


(config-if)# desc *** CONNECTED TO S0/0/1 ROUTER-JKT ***
(config-if)# ip address 10.1.0.6 255.255.255.252
(config-if)# bandwidth 512
(config-if)# no shutdown
(config-if)# end
ALL ROUTERS (JKT, SBY, MDN):
# copy run start ATAU # write
# sh ip route melihat routing-table
# sh ip int brief melihat status semua interface
# sh int f0/0
# sh controller s0/0/0 utk ngecek kabel serial di router (DTE/DCE)
# ping [ip address router terdekat]

Lab 5: Konfigurasi Static & Default Route

Task 1: Membuat Static & Default Route:


Router-SBY:
(config)# ip route 0.0.0.0 0.0.0.0 10.1.0.1
ATAU
(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
Router-MDN:
(config)# ip route 0.0.0.0 0.0.0.0 10.1.0.5
ATAU
(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
STATIC ROUTE:
Router-JKT:
(config)# ip route 10.1.4.0 255.255.255.0 10.1.0.2
(config)# ip route 10.1.5.0 255.255.255.0 10.1.0.6
# sh ip route
# ping [ke semua router]

Task 2: Menghapus static & default route


Router-SBY & MDN:
(config)# no ip route 0.0.0.0 0.0.0.0
(config)# end
Router-JKT:
(config)# no ip route 10.1.1.0 255.255.255.0
(config)# no ip route 10.1.5.0 255.255.255.0
(config)# end
# sh ip route

s0/0/0
s0/0/1

Lab 6: Konfigurasi RIP

ALL ROUTERS (SBY, JKT, MDN):


(config)# router rip
(config-router)# version 2
pakai versi 2 (classless routing protocol)
(config-router)# network 10.0.0.0
(config-router)# no auto-summary
manual-summarization
(config-router)# passive-interface f0/0 agar tidak sending paket RIP ke interface tersebut
(config-router)# end
# sh ip route melihat routing table, harus ada kode R
# sh ip protocol melihat routing protocol di router kita
# debug ip rip melihat proses send-receive update RIP
# terminal monitor
utk liat debug, khusus bagi yg telnet
# no debug all
ATAU
# undebug all
Menghapus konfigurasi RIP:
(config)# no router rip
(config)# end
# copy run start

Lab 7: Konfigurasi single-area OSPF

Loopback 0 JKT: 10.100.100.1/32


Loopback 0 SBY: 10.100.100.2/32
Loopback 0 MDN: 10.100.100.3/32

Task 1: Konfigurasi OSPF


Router-JKT:
(config)# int loopback 0
(config-if)# description *** as Router-ID for OSPF ***
(config-if)# ip address 10.100.100.1 255.255.255.255
(config-if)# router ospf 1
(config-router)# network 10.1.0.1 0.0.0.0 area 0
(config-router)# network 10.1.0.5 0.0.0.0 area 0
(config-router)# network 10.1.1.1 0.0.0.0 area 0
(config-router)# network 10.1.2.1 0.0.0.0 area 0
(config-router)# network 10.1.3.1 0.0.0.0 area 0
(config-router)# network 10.100.100.1 0.0.0.0 area 0
(config-router)# passive-interface f0/0
(config-router)# end
Router-MDN:
(config)# int loopback 0
(config-if)# description *** as Router-ID for OSPF ***
(config-if)# ip address 10.100.100.3 255.255.255.255
(config-if)# router ospf 1
(config-router)# network 10.1.0.6 0.0.0.0 area 0
(config-router)# network 10.1.5.1 0.0.0.0 area 0
(config-router)# network 10.100.100.3 0.0.0.0 area 0
(config-router)# passive-interface f0/0
(config-router)# end

Router-SBY:
(config)# int loopback 0
(config-if)# description *** as Router-ID for OSPF ***
(config-if)# ip address 10.100.100.2 255.255.255.255
(config-if)# router ospf 1
(config-router)# network 10.1.0.2 0.0.0.0 area 0
(config-router)# network 10.1.4.1 0.0.0.0 area 0
(config-router)# network 10.100.100.2 0.0.0.0 area 0
(config-router)# passive-interface f0/0
(config-router)# end
ALL ROUTERS (SBY, JKT, MDN):
# sh ip ospf
# sh ip ospf interface
# sh ip ospf neighbor melihat neighbor table
# sh ip ospf database melihat topology table
# sh ip route
melihat routing table
# sh ip protocols
melihat semua routing protocol di router
#debug ip ospf events
#debug ip ospf packet
#terminal monitor
#undebug all

Task 2: menghapus proses routing OSPF


ALL ROUTERS (SBY, MDN, JKT):
(config)# no int loopback 0
(config)# no router ospf 1

Lab 8 : Konfigurasi EIGRP

Task 1: Konfigurasi EIGRP


ALL ROUTERS (SBY, MDN, JKT):
(config)# router eigrp 65000
(config-router)# network 10.0.0.0
(config-router)# passive-interface f0/0
(config-router)# no auto-summary
(config-router)# end
# sh ip eigrp interface
# sh ip eigrp neighbor
# sh ip eigrp topology
# sh ip route
# sh ip protocol
# debug ip eigrp

show interface yg aktif send-receive EIGRP packets


neighbor table
topology table P = passive ; artinya jaringan tersebut stabil (tidak up/down)
routing table

Lab 9 : Konfigurasi ACL

Task 1: Standard ACL utk mengeblok telnet dari luar


Router-SBY:
(config)# access-list 7 remark ***permit user dari LAN***
(config)# access-list 7 permit 10.1.4.0 0.0.0.255
(config)# line vty 0 4
(config-line)# access-class 7 in
(config-line)# end
Router-MDN:
(config)# access-list 7 remark ***permit user dari LAN***
(config)# access-list 7 permit 10.1.5.0 0.0.0.255
(config)# line vty 0 4
(config-line)# access-class 7 in
(config-line)# end
Router-JKT:
(config)# access-list 7 remark ***permit user dari LAN***
(config)# access-list 7 permit 10.1.1.0 0.0.0.255
(config)# access-list 7 permit 10.1.2.0 0.0.0.255
(config)# access-list 7 permit 10.1.3.0 0.0.0.255
(config)# line vty 0 4
(config-line)# access-class 7 in
(config-line)# end
# sh access-list
Menghapus konfigurasi standard ACL:
(config)# line vty 0 4
(config-line)# no access-class 7 in
(config-line)# exit
(config)# no access-list 7
(config)# end

# sh access-list

Task 2: Extended ACL utk mengeblok FTP & TFTP dari luar
Router-JKT:
(config)# access-list 100 deny udp any host 10.1.1.3 eq 69 log
(config)# access-list 100 deny tcp any host 10.1.1.3 range 20 21 log
(config)# access-list 100 permit ip any any log
(config)# int s0/0/0
(config-if)# ip access-group 100 in
(config)# int s0/0/1
(config-if)# ip access-group 100 in
(config-if)# end
# sh access-list
# sh ip int s0/0/0
# sh ip int s0/0/1
Menghapus konfigurasi extended ACL:
(config)# int s0/0/0
(config-if)# no ip access-group 100 in
(config-if)# int s0/0/1
(config-if)# no ip access-group 100 in
(config-if)# exit
(config)# no access-list 100

ATAU eq tftp
ATAU range ftp-data ftp

Lab 10 : Konfigurasi NAT

Task 1: Konfigurasi Static NAT


static NAT (router JKT):
10.1.1.3 202.1.1.3 (Public TFTP & FTP server)
Router-JKT:
(config)# int s0/1/0
(config-if)# description connect to Internet
(config-if)# ip address 202.1.1.2 255.255.255.240
(config-if)# exit
(config)# ip route 0.0.0.0 0.0.0.0 s0/1/0

membuat default route mengarah ke ISP

(config)# ip nat inside source static 10.1.1.3 202.1.1.3


(config)# int s0/1/0
(config-if)# ip nat outside
(config-if)# int s0/0/0
(config-if)# ip nat inside
(config-if)# int s0/0/1
(config-if)# ip nat inside
(config-if)# int f0/0.1
(config-if)# ip nat inside
(config-if)# int f0/0.2
(config-if)# ip nat inside
(config-if)# int f0/0.3
(config-if)# ip nat inside
(config-if)# end
# sh ip nat translation
(config-if)# int f0/0
(config-if)# no ip nat inside
(config-if)# exit
(config)# no ip nat inside source static 10.1.1.11 202.1.2.3

Task 2: Konfigurasi Dynamic PAT


Router-JKT:
(config)# access-list 2 permit 10.1.0.0 0.0.255.255
(config)# ip nat inside source list 2 int s0/1/0 overload
(config)# end
# sh ip nat translation
# debug ip nat
# no debug all
# copy run start

Lab 11 : Konfigurasi IPv6

Task 1: Konfigurasi Dual-Stack Router


Router-SBY:
(config)# ipv6 unicast-routing
(config)# int s0/0/0
(config-if)# ipv6 address 2001:10:1:0::2/64

static manual address assignment

(config)# int f0/0


(config-if)# ipv6 address 2001:10:1:4::/64 eui-64 static eui-64 address assignment
(config-if)# end
Router-MDN:
(config)# ipv6 unicast-routing
(config)# int s0/0/0
(config-if)# ipv6 address 2001:10:1:0::6/64 static manual address assignment
(config)# int f0/0
(config-if)# ipv6 address 2001:10:1:5::/64 eui-64 static eui-64 address assignment
(config-if)# end
Router-JKT:
(config)# ipv6 unicast-routing
(config)# int s0/0/0
(config-if)# ipv6 address 2001:10:1:0::1/64 static manual address assignment
(config-if)# int s0/0/1
(config-if)# ipv6 address 2001:10:1:0::5/64 static manual address assignment
(config)# int f0/0.1
(config-if)# ipv6 address 2001:10:1:1::/64 eui-64 static eui-64 address assignment
(config)# int f0/0.2
(config-if)# ipv6 address 2001:10:1:2::/64 eui-64 static eui-64 address assignment

(config)# int f0/0.3


(config-if)# ipv6 address 2001:10:1:3::/64 eui-64 static eui-64 address assignment
(config-if)# end
Verify:
# sh ipv6 int brief
# sh ipv6 int
# sh ipv6 route
Static Route
JKT:
ipv6 route 2001:10:1:4::/64 s0/0/0
ipv6 route 2001:10:1:5::/64 s0/0/1

ATAU
ATAU

ipv6 route 2001:10:1:4::/64 2001:10:1:0::2


ipv6 route 2001:10:1:5::/64 2001:10:1:0::6

SBY:
(config)# ipv6 route ::/0 s0/0/0

ATAU

ipv6 route ::/0 2001:10:1:0::1

MDN:
(config)# ipv6 route ::/0 s0/0/0

ATAU

ipv6 route ::/0 2001:10:1:0::5

Menghapus Default Route di Router-SBY & Router-MDN:


(config)# no ipv6 route ::/0
Menghapus Static Route di Router-JKT:
ipv6 route 2001:10:1:4::/64
ipv6 route 2001:10:1:5::/64

Task 2: Konfigurasi RIPng


Router-SBY:
(config)# ipv6 router rip SBY
(config)# int s0/0/0
(config-if)# ipv6 rip SBY enable
(config)# int f0/0
(config-if)# ipv6 rip SBY enable
(config-if)# end
Router-MDN:
(config)# ipv6 router rip MDN
(config)# int s0/0/0
(config-if)# ipv6 rip MDN enable
(config)# int f0/0
(config-if)# ipv6 rip MDN enable
(config-if)# end
Router-JKT:
(config)# ipv6 router rip JKT
(config)# int s0/0/0
(config-if)# ipv6 rip JKT enable

(config-if)# int s0/0/1


(config-if)# ipv6 rip JKT enable
(config-if)# int f0/0.1
(config-if)# ipv6 rip JKT enable
(config-if)# int f0/0.2
(config-if)# ipv6 rip JKT enable
(config-if)# int f0/0.3
(config-if)# ipv6 rip JKT enable
(config-if)# end
Verify:
# sh ipv6 rip
# sh ipv6 protocol
# sh ipv6 route

Task 3: Menghapus konfigurasi IPv6 & RIPng


Router-SBY:
(config)# int s0/0/0
(config-if)# no ipv6 address
(config)# int f0/0
(config-if)# no ipv6 address
(config-if)# exit
(config)# no ipv6 router rip SBY
(config)# no ipv6 unicast-routing
(config)# end
# copy run start
Router-MDN:
(config)# int s0/0/0
(config-if)# no ipv6 address
(config)# int f0/0
(config-if)# no ipv6 address
(config-if)# exit
(config)# no ipv6 router rip MDN
(config)# no ipv6 unicast-routing
(config)# end
Router-JKT:
(config)# int s0/0/0
(config-if)# no ipv6 address
(config-if)# int s0/0/1
(config-if)# no ipv6 address
(config-if)# int f0/0.1
(config-if)# no ipv6 address

(config-if)# int f0/0.2


(config-if)# no ipv6 address
(config-if)# int f0/0.3
(config-if)# no ipv6 address
(config-if)# exit
(config)# no ipv6 router rip JKT
(config)# no ipv6 unicast-routing
(config)# end
# copy run start

Lab 12 : PPP Authentication

Task 1: CHAP authentication


# debug ppp authentication
# terminal monitor
khusus bagi telnet
Router-JKT:
# conf t
(config)# hostname Router-JKT
(config)# user Router-SBY password ccna1
(config)# user Router-MDN password ccna2
(config)# int s0/0/0
(config-if)# shut
(config-if)# encap ppp
(config-if)# ppp authentication chap
(config-if)# no shut
(config)# int s0/0/1
(config-if)# shut
(config-if)# encap ppp
(config-if)# ppp authentication chap
(config-if)# no shut
(config-if)# end
Router-MDN:
# conf t
(config)# hostname Router-MDN
(config)# user Router-JKT password ccna2
(config)# int s0/0/0
(config-if)# shut
(config-if)# encap ppp
(config-if)# ppp authentication chap
(config-if)# no shut
(config-if)# end
Router-SBY:

nama router lawan & shared password

# conf t
(config)# hostname Router-SBY
(config)# user Router-JKT password ccna1
(config)# int s0/1
(config-if)# shut
(config-if)# encap ppp
(config-if)# ppp authentication chap
(config-if)# no shut
(config-if)# end
# sh int serial 0/0/0
# sh int serial 0/0/1

Lab 13 : Frame-Relay connection

Task 1: Frame-Relay Point-to-Point subinterface


Router-SBY:
(config)# int serial 0/0/1
(config-if)# no ip address
(config-if)# encapsulation frame-relay
(config-if)# int s0/0/1.100 point-to-point
(config-subif)# description pvc to JKT
(config-subif)# ip address 10.1.0.102 255.255.255.252
(config-subif)# frame-relay interface-dlci 100
(config-subif)# bandwidth 2048
(config-subif)# end
# copy run start
Router-MDN:
(config)# int serial 0/0/1
(config-if)# no ip address
(config-if)# encapsulation frame-relay
(config-if)# int s0/0/1.200 point-to-point
(config-subif)# description pvc to JKT
(config-subif)# ip address 10.1.0.106 255.255.255.252
(config-subif)# frame-relay interface-dlci 200
(config-subif)# bandwidth 2048
(config-subif)# end
Router-JKT:
(config)# int s0/1/1
(config-if)# no ip address
(config-if)# encapsulation frame-relay
(config-if)# int s0/1/1.101 point-to-point
(config-subif)# description pvc to SBY
(config-subif)# ip address 10.1.0.101 255.255.255.252
(config-subif)# frame-relay interface-dlci 101
(config-subif)# bandwidth 2048

(config-subif)# int s0/1/1.102 point-to-point


(config-subif)# description pvc to MDN
(config-subif)# ip address 10.1.0.105 255.255.255.252
(config-subif)# frame-relay interface-dlci 102
(config-subif)# bandwidth 2048
(config-subif)# end
Verify (all routers: JKT, SBY, MDN):
# sh frame-relay map
# sh frame-relay pvc
# sh frame-relay lmi
# sh int s0/0/1 di SBY & MDN
# sh int s0/1/1 di JKT
# debug frame-relay lmi
# terminal monitor
# sh ip route
# ping .

FRS configurations:
(config)# frame-relay switching
(config)# int serial 0/0/1
(config-if)# no ip address
(config-if)# description connect to Router-SBY
(config-if)# clock rate 2000000
(config-if)# encapsulation frame-relay
(config-if)# frame-relay intf-type dce
(config-if)# frame-relay route 100 int s0/0/0 101
(config-if)# int serial 0/0/0
(config-if)# no ip address
(config-if)# description connect to Router-JKT
(config-if)# clock rate 2000000
(config-if)# encapsulation frame-relay
(config-if)# frame-relay intf-type dce
(config-if)# frame-relay route 101 int s0/0/1 100
(config-if)# frame-relay route 102 int s0/1/0 200
(config-if)# int serial 0/1/0
(config-if)# no ip address
(config-if)# description connect to Router-MDN
(config-if)# clock rate 2000000
(config-if)# encapsulation frame-relay
(config-if)# frame-relay intf-type dce
(config-if)# frame-relay route 200 int s0/0/0 102
(config-if)# end
# copy run start