Superlab Cisco Jaringan Nirkabel dengan Keamanan Jaringan

materi lab ini adalah 

1. ASA VPN SSL

2. EIGRP

3. Redistribution

4. RIP

5. NTP

6. Extended ACL

7. Wireless

8. Telnet

9. DHCP

10. SSH

pertama konfigurasi di bagian dibawah ini

sedikit keterangan keterangan tentang adalah untuk firewall service,di cisco asa ini sudah ada
konfigurasi coba cek "sh run"
kemudian konfigurasi ipnya 

ciscoasa(config)#no dhcpd address 192.168.1.5-192.168.1.35 inside

ciscoasa(config)#int vlan 1

ciscoasa(config-if)#ip addr 21.21.21.2 255.255.255.0

ciscoasa(config-if)#ex

ciscoasa(config)#dhcpd address 21.21.21.5-21.21.21.35 inside

kemudian konfigurasi 

ciscoasa(config)#int vlan 1

ciscoasa(config-if)#int et0/2

ciscoasa(config-if)#switchport access vlan 1

ciscoasa(config-if)#ex

ciscoasa(config)#int vlan 2

ciscoasa(config-if)#ip addr 20.20.20.1 255.255.255.0

ciscoasa(config-if)#int et0/1

ciscoasa(config-if)#switchport access vlan 2

ciscoasa(config-if)#ex

ciscoasa(config)#int et0/0

ciscoasa(config-if)#switchport access vlan 1

kemudian konfigurasi di router 2 

Router2(config)#int fa0/0

Router2(config-if)#no sh

Router2(config-if)#ip addr dhcp

Router2(config-if)#ex

kemudian cek ip nya"sh ip int br"

kemudian kita kembali ke router asa,kita aktifkan webvpn 

ciscoasa(config)#webvpn

ciscoasa(config-webvpn)#enable outside

INFO: WebVPN and DTLS are enabled on 'outside'.

ciscoasa(config-webvpn)#ex

ciscoasa(config)#username idn password jonggol

kemudian coba cek konfigurasinya

kemudian isi username dan passwordnya

kemudian kita singkronkan router asa dengan server

ciscoasa(config)#group-policy political internal

ciscoasa(config)#group-policy political attributes

ciscoasa(config-group-policy)#webvpn

ciscoasa(config-group-webvpn)#url-list value IDN-Server1

ciscoasa(config-group-webvpn)#tunnel-group vpn-asa type remote-access

ciscoasa(config)#tunnel-group vpn-asa general-attributes

ciscoasa(config-tunnel-general)#default-group-policy political

ciscoasa(config-tunnel-general)#ex

kemudian pada cisco asa kita konfigurasi di bookmarknya

kemudian cek pada user manajer

kemudian coba kita refres atau kita access lagi

kemudian konfiurasi dibagian topologi dibawah ini

pertama kita konfigurasi ip addressnya dahulu 

Router2(config)#int se2/0

Router2(config-if)#no sh

Router2(config-if)#clock rate 56000

Router2(config-if)#ip addr 23.23.23.2 255.255.255.0

Router2(config-if)#int se3/0

Router2(config-if)#no sh
Router2(config-if)#ip addr 12.12.12.2 255.255.255.0

Router2(config-if)#clock rate 56000

kemudian konfigurasi di router 3 

Router3(config)#int fa0/0

Router3(config-if)#no sh

Router3(config-if)#ip addr 123.123.123.3 255.255.255.0

Router3(config-if)#int se2/0

Router3(config-if)#no sh

Router3(config-if)#ip addr 23.23.23.3 255.255.255.0

Router3(config-if)#int se3/0

Router3(config-if)#no sh

Router3(config-if)#ip addr 34.34.34.3 255.255.255.0

Router3(config-if)#clock rate 56000

kemudian di router 4 

Router4(config)#int se2/0

Router4(config-if)#no sh

Router4(config-if)#ip addr 34.34.34.4 255.255.255.0

Router4(config-if)#int fa1/0

Router4(config-if)#no sh

Router4(config-if)#ip addr 124.124.124.4 255.255.255.0

Router4(config-if)#int fa0/0

Router4(config-if)#no sh

Router4(config-if)#ip addr 40.40.40.4 255.255.255.0

kemudian konfigurasi di router 1 

Router1(config)#int se3/0

Router1(config-if)#no sh

Router1(config-if)#ip addr 12.12.12.1 255.255.255.0

Router1(config-if)#int fa1/0

Router1(config-if)#ip addr 11.11.11.1 255.255.255.0

kemudian konfigurasi di routing protokolnya,mulai dari router 1 

Router2(config)#router eigrp 10

Router2(config-router)#net 12.12.12.0

Router2(config-router)#net 21.21.21.0

Router2(config-router)#net 23.23.23.0

Router2(config-router)#ex

kemudian konfigurasi dirouter 1 

Router1(config)#router eigrp 10

Router1(config-router)#net 11.11.11.0

Router1(config-router)#net 12.12.12.0

kemudian konfigurasi routing rip di router 4 

Router4(config)#router rip

Router4(config-router)#v 2

Router4(config-router)#net 34.34.34.0

Router4(config-router)#net 40.40.40.0

Router4(config-router)#net 124.124.124.0

Router4(config-router)#ex

kemudian konfigurasi di router 3, dua routin protokol,sekalian kita lakukn redistribute 

Router3(config)#router eigrp 10

Router3(config-router)#net 23.23.23.0

Router3(config-router)#redistribute rip metric 1 1 1 1 1

Router3(config-router)#ex

Router3(config)#router rip

Router3(config-router)#v 2

Router3(config-router)#net 34.34.34.0

Router3(config-router)#net 123.123.123.0

Router3(config-router)#redistribute eigrp 10 metric 1

kemudian konfigurasi wlan

pertama kita konfigurasi ip addressnya

kemudian untuk dhcpnya seperti dibawah ini

kemudian konfigurasi di servernya FTP

kemudian ntp

kemudian dns

kemudian cek

kemudian kita cek ftpnya

kemudian kita cek ntpnya,tapi kita singkronkan dulu dengan servernya 

Router3(config)#ntp server 124.124.124.5

kemudian cek 

Router3(config)#do sh clock

*0:37:46.231 UTC Thu Mar 9 2017

Router3(config)#

kemudian kit konfigurasi bagina topologi dibawah ini

kemudian konfigurasi di router asa seperti dibawah ini 

ciscoasa(config)#no dhcpd address 192.168.1.5-192.168.1.35 inside

ciscoasa(config)#int vlan 1

ciscoasa(config-if)#ip addr 50.50.50.1

ciscoasa(config-if)#ip addr 50.50.50.1 255.255.255.0

ciscoasa(config-if)#ex

ciscoasa(config)#dhcpd address 50.50.50.5-50.50.50.35 inside

ciscoasa(config)#int et0/2

ciscoasa(config-if)#switchport access vlan 2

ciscoasa(config-if)#ex

ciscoasa(config)#int vlan 2

ciscoasa(config-if)#ip addr 40.40.40.1 255.255.255.0

ciscoasa(config-if)#ex

ciscoasa(config)#int et0/1

ciscoasa(config-if)#switchport access vlan 1

ciscoasa(config-if)#ex

ciscoasa(config)#int et0/0

ciscoasa(config-if)#switchport access vlan 2

ciscoasa(config-if)#ex

kemudian aktifkan web vpnnya

ciscoasa(config)#webvpn

ciscoasa(config-webvpn)#enable outside

ciscoasa(config-webvpn)#ex

kemudian buat username dan passwordnya

ciscoasa(config)#username idn password jonggol

ciscoasa(config)#group-policy political internal

ciscoasa(config)#group-policy political attributes

ciscoasa(config-group-policy)#webvpn

ciscoasa(config-group-webvpn)#url-list value IDN-Server3

ciscoasa(config-group-webvpn)#tunnel-group vpn-asa type remote-access

ciscoasa(config)#tunnel-group vpn-asa general-attributes

ciscoasa(config-tunnel-general)#default-group-policy political

ciscoasa(config-tunnel-general)#username idn attributes

ciscoasa(config-username)#vpn-group-policy political

ciscoasa(config-username)#ex

kemudian lihat bookmarknya

kemudian kita akses ke 50.50.50.1:443,selanjutnya kita konfigurasi di bagian topologi dibawah
ini,kali ini kita akan konfigurasi access list,telnet dan ssh 

Router3(config)#int fa0/0

Router3(config-if)#line vty 0 4

Router3(config-line)#pass idn

Router3(config-line)#login

Router3(config-line)#enable pass idn

kemudian cek

kemudian konfigurasi ssh 

Router3(config)#ip domain-name idn.id

Router3(config)#crypto key generate rsa

How many bits in the modulus [512]: 512

% Generating 512 bit RSA keys, keys will be non-exportable...[OK]

Router3(config)#line vty 0 4

Router3(config-line)#transport input ssh

kemudian konfigurasi maka telnetnya akan terputus dan bila kita ingin nyambung lagi maka
tidak bisa
kemudian kita konek ssh

jika kita ingin keduanya maka kita konfigurasi seperti ini 

Router3(config-line)#line vty 0 4

Router3(config-line)#transport input all

kemudian kita konfigurasi access list 

Router4(config)#access-list 100 deny tcp host 123.123.123.6 host 124.124.124.2 eq www

Router4(config)#access-list 100 permit ip any any

Router4(config)#int fa1/0

Router4(config-if)#ip access-group 100 out

kedian kita coba cek,ping

ternyata bisa tapi coba kita cek webnya

ternyata bisa,sekarang kita konfigurasi access list lagi 

Router4(config)#access-list 101 deny tcp host 123.123.123.5 host 124.124.124.2 eq ftp

Router4(config)#access-list 101 permit ip any any

Router4(config)#int fa1/0

Router4(config-if)#ip access-group 101 out

Router4(config-if)#ex

kemudian kita cek di lain 123.123.123.5

kemudian kita cek di ip address 123.123.123.5