Lab 1 : Konfigurasi Cisco Catalyst Switch

Task 1: Konfigurasi awal Cisco Catalyst Switch
1A. switch ASW1-JKT
Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n  masuk ke Command Line Interface (CLI)
>  (user mode)
> enable
#  (privileged/enabled/EXEC mode)
#?
 help mode
# s?
# show ?
# show version  melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
 melihat isi dari storage device
# show running-config ATAU #sh run
 melihat isi dari config di RAM
# show startup-config ATAU # sh start
 melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011  set jam sesuai GMT/UTC (WIB – 7 jam)
# configure terminal
ATAU #conf t
(config)#  (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t

(config)# hostname ASW1-JKT
(config)# enable secret cisco123
 utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
 membuat user+password di local database
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
%  akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)#  (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.1.10 255.255.255.0
(config-if)# no shutdown
 utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.1.1
router

 agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4
 line pertama=0 ; line terakhir=4
(config-line)#  (line config)
(config-line)# login local
 agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0  5 menit 0 detik
(config-line)# logging synchronous
 agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
 agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0  5 menit 0 detik
(config-line)# logging synchronous
(config-line)# end
# copy (source) (destination)
# copy running-config startup-config
# write memory
ATAU # wr

ATAU

# copy run start

# sh start
# sh run
# sh mac-address-table

1B. switch ASW2-JKT
Menghapus konfigurasi router/switch:
> enable
# erase startup-config
# reload
Setelah switch selesai booting:
Would you like to enter the initial configuration dialog? [yes/no]: n  masuk ke Command Line Interface (CLI)
>  (user mode)
> enable

#  (privileged/enabled/EXEC mode)
#?
 help mode
# s?
# show ?
# show version  melihat info perangkat (platform, IOS, interfaces)
# sh ver
# sh<tab> ver<tab>
# sh flash
 melihat isi dari storage device
# show running-config ATAU #sh run
 melihat isi dari config di RAM
# show startup-config ATAU # sh start
 melihat isi dari config di NVRAM
# sh clock
# clock set 7:00:00 5 dec 2011  set jam sesuai GMT/UTC (WIB – 7 jam)
# configure terminal
ATAU #conf t
(config)#  (global config)
(config)# clock timezone WIB 7
(config)# end
# show clock
# conf t
(config)# hostname ASW2-JKT
(config)# enable secret cisco123
 utk set password utk masuk privileged mode
(config)# username netadmin password cisco123
(config)# banner motd %
Authorized users only
Please login with your own username & password
All activities are logged
%  akan muncul pada saat sukses login
(config)# interface vlan 1
ATAU (config)# int vlan 1
(config-if)#  (interface config)
(config-if)# description *** logical interface vlan 1 ***
(config-if)# ip address 10.1.1.20 255.255.255.0
(config-if)# no shutdown
 utk mengaktifkan interface
(config-if)# exit
(config)# ip default-gateway 10.1.1.1
router

 agar bisa berkomunikasi dengan jaringan lain, gateway adalah

(config)# line vty 0 4
 line pertama=0 ; line terakhir=4
(config-line)#  (line config)
(config-line)# login local
 agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0  5 menit 0 detik
(config-line)# logging synchronous
 agar prompt muncul lagi ketika ada logging
(config)# line console 0
(config-line)# login local
 agar nanya user+password yg ada di local database
(config-line)# exec-timeout 5 0  5 menit 0 detik
(config-line)# logging synchronous

IOS.(config-line)# end # copy (source) (destination) # copy running-config startup-config # write memory ATAU # wr ATAU # copy run start # sh start # sh run # sh mac-address-table 1C. switch CSW-JKT Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n  masuk ke Command Line Interface (CLI) >  (user mode) > enable #  (privileged/enabled/EXEC mode) #?  help mode # s? # show ? # show version  melihat info perangkat (platform. interfaces) # sh ver # sh<tab> ver<tab> # sh flash  melihat isi dari storage device # show running-config ATAU #sh run  melihat isi dari config di RAM # show startup-config ATAU # sh start  melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011  set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)#  (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname CSW-JKT (config)# enable secret cisco123  utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged .

gateway adalah (config)# line vty 0 4  line pertama=0 . interfaces) # sh ver # sh<tab> ver<tab> .0 (config-if)# no shutdown  utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10. line terakhir=4 (config-line)#  (line config) (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous  agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config # write memory ATAU # wr ATAU # copy run start # sh start # sh run # sh mac-address-table 1D.1. switch ASW-SBY Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n  masuk ke Command Line Interface (CLI) >  (user mode) > enable #  (privileged/enabled/EXEC mode) #?  help mode # s? # show ? # show version  melihat info perangkat (platform.1 router  agar bisa berkomunikasi dengan jaringan lain.255.1.1.1.2 255. IOS.%  akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)#  (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10.255.

0 (config-if)# no shutdown  utk mengaktifkan interface (config-if)# exit (config)# ip default-gateway 10.1.1.255.1 router  agar bisa berkomunikasi dengan jaringan lain.255.4.# sh flash  melihat isi dari storage device # show running-config ATAU #sh run  melihat isi dari config di RAM # show startup-config ATAU # sh start  melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011  set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)#  (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname ASW-SBY (config)# enable secret cisco123  utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged %  akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)#  (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10. line terakhir=4 (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous  agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config # write memory ATAU # wr # sh start # sh run ATAU # copy run start .10 255.4. gateway adalah (config)# line vty 0 4  line pertama=0 .

0 (config-if)# no shutdown  utk mengaktifkan interface (config-if)# exit .255. switch ASW-MDN Menghapus konfigurasi router/switch: > enable # erase startup-config # reload Setelah switch selesai booting: Would you like to enter the initial configuration dialog? [yes/no]: n  masuk ke Command Line Interface (CLI) >  (user mode) > enable #  (privileged/enabled/EXEC mode) #?  help mode # s? # show ? # show version  melihat info perangkat (platform.# sh mac-address-table 1E.10 255.5.1. interfaces) # sh ver # sh<tab> ver<tab> # sh flash  melihat isi dari storage device # show running-config ATAU #sh run  melihat isi dari config di RAM # show startup-config ATAU # sh start  melihat isi dari config di NVRAM # sh clock # clock set 7:00:00 5 dec 2011  set jam sesuai GMT/UTC (WIB – 7 jam) # configure terminal ATAU #conf t (config)#  (global config) (config)# clock timezone WIB 7 (config)# end # show clock # conf t (config)# hostname ASW-MDN (config)# enable secret cisco123  utk set password utk masuk privileged mode (config)# username netadmin password cisco123 (config)# banner motd % Authorized users only Please login with your own username & password All activities are logged %  akan muncul pada saat sukses login (config)# interface vlan 1 ATAU (config)# int vlan 1 (config-if)#  (interface config) (config-if)# description *** logical interface vlan 1 *** (config-if)# ip address 10. IOS.255.

line terakhir=4 (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous  agar prompt muncul lagi ketika ada logging (config)# line console 0 (config-line)# login local  agar nanya user+password yg ada di local database (config-line)# exec-timeout 5 0  5 menit 0 detik (config-line)# logging synchronous (config-line)# end # copy (source) (destination) # copy running-config startup-config # write memory ATAU # wr ATAU # copy run start # sh start # sh run # sh mac-address-table Task 2: Konfigurasi Port-Security ASW1-JKT & ASW2-JKT: # sh mac-address-table # conf t (config)# int f0/1 (config-if)# description ***connected to User’s PC*** (config-if)# switchport mode access (config-if)# switchport port-security (config-if)# switchport port-security maximum 1 (config-if)# switchport port-security mac-address sticky (config-if)# switchport port-security violation shutdown (config-if)#end # sh mac-address-table # sh port-security # sh port-security address # sh int f0/1 Utk menormalkan interface yg di-shutdown oleh port-security: 1.(config)# ip default-gateway 10. gateway adalah (config)# line vty 0 4  line pertama=0 .5. (config)# int f0/1 (config-if)# shutdown (config-if)# no shutdown (config-if)# end # sh int f0/2 Utk menghapus konfigurasi Port-Security: (config)# int f0/1 (config-if)# no switchport port-security maximum .1. Copot MAC illegal.1 router  agar bisa berkomunikasi dengan jaringan lain. dan kembalikan MAC yg terdaftar 2.

122-25.1.3 Destination filename [c2960-lanbase-mz.cfg Backup IOS from Switch to TFTP server: # sh flash #copy flash: tftp: Source filename []? c2960-lanbase-mz.1. ASW2-JKT.1.1.FX. CSW-JKT: # sh cdp neighbor # sh cdp neighbor detail # sh cdp traffic # sh cdp interface (config)# no cdp run (config)# cdp run  mematikan cdp di seluruh interface  mengaktifkan cdp di seluruh interface (config)# int f0/5 (config-if)# no cdp enable (config-if)# cdp enable  mematikan cdp di interface tertentu saja  mengaktifkan interface di interface tertentu saja Task 4: Menggunakan TFTP server untuk Backup config & IOS Backup config from Switch to TFTP server: # copy run tftp://10.bin Address or name of remote host []? 10.3/[nama-switch].bin]? <enter aja> .122-25.(config-if)# no switchport port-security mac-address sticky (config-if)# no switchport port-security (config-if)#end Task 3: Verifikasi protokol CDP (cisco discovery protocol) ASW1-JKT.FX.

ASW2-JKT & CSW-JKT: (config)# vlan 2 (config-vlan)# name Engineer (config-vlan)# vlan 3 (config-vlan)# name Sales (config-vlan)# exit Task 4: Konfigurasi VLAN-membership ASW1-JKT & ASW2-JKT: (config-if)# int f0/2 (config-if)# description *** connect to PC*** (config-if)# switchport mode access (config-if)# switchport access vlan 2 .Lab 2 : Konfigurasi VLAN pada Cisco Catalyst Switch Task 1: Konfigurasi VTP ASW1-JKT.23 (config-if-range)# switchport mode trunk (config-if-range)# exit CSW-JKT: (config)# int range f0/21 . f0/23 (config-if-range)# switchport mode trunk (config-if-range)# no shutdown ASW2-JKT: (config)# int range f0/22 . CSW-JKT (config)# vtp mode transparent (config)# vtp domain ccna Task 2: Konfigurasi VLAN Trunking ASW1-JKT: (config)# int range f0/21 . ASW2-JKT. f0/24 (config-if-range)# switchport mode trunk (config-if-range)# exit Task 3: Membuat VLAN ASW1-JKT.22 .

255.1 255.1.1.0 (config-subif)# int f0/0.1 (config-subif)# desc *** TO VLAN-1 *** (config-subif)# encapsulation dot1q 1 native (config-subif)# ip address 10.(config-if)# int f0/3 (config-if)# description *** connect to PC *** (config-if)# switchport mode access (config-if)# switchport access vlan 3 ALL SWITCHES: # copy run start ATAU # write memory # sh int trunk # sh int switchport  trunk port # sh vlan # sh vtp status Task 5: Konfigurasi Router-on-a-stick Router-JKT: > enable # erase start # reload Tunggu sampai selesai booting: Would you like to enter initial configuration? n > enable # conf t (config)# host Router-JKT (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# end  line pertama=0 .2.1.2 (config-subif)# desc *** TO VLAN-2 *** (config-subif)# encapsulation dot1q 2 (config-subif)# ip address 10.0 (config-if)# int f0/0. line terakhir=4  agar nanya user+password yg ada di local database  5 menit 0 detik  agar prompt muncul lagi ketika ada logging  agar nanya user+password yg ada di local database  5 menit 0 detik (config)# int f0/0 (config-if)# no shutdown (config-if)# int f0/0.255.255.1 255.3 (config-subif)# desc *** TO VLAN-3 *** (config-subif)# encap dot1q 3 .255.

1.0 (config-subif)# end # sh ip route # ping 10.2.1.3.3.(config-subif)# ip address 10.255.1.10 # ping 10.1 C:> ping 10.1 255.1.255.1.1 .20  melihat routing table Verifikasi: Dari semua PC ping ke subinterface Router-JKT: C:> ping 10.1.1 C:> ping 10.1.1.1.

ASW2-JKT. ASW2-JKT. CSW-JKT: # sh spanning-tree [cari siapa yg menjadi Root Bridge] CSW-JKT (dijadikan Root Bridge): (config)# spanning-tree vlan 1 priority 0 (config)# spanning-tree vlan 2 priority 0 (config)# spanning-tree vlan 3 priority 0 ATAU (config)# spanning-tree vlan 1 root primary (config)# spanning-tree vlan 2 root primary (config)# spanning-tree vlan 3 root primary Task 3: PVRST ASW1-JKT.3 (config-if)# spanning-tree portfast Task 2: PVST ASW1-JKT. CSW-JKT: # sh spanning-tree # conf t (config)# spanning-tree mode rapid-pvst (config)# end # sh spanning-tree .LAB 3: SPANNING-TREE PROTOCOL Task 1: Portfast Switch: (config)# int range f0/1 .

255.255.0.1 255.0 (config-if)# bandwidth 512 (config-if)# clock rate 512000 (config-if)# no shutdown .Lab 4 : Konfigurasi Dasar Cisco Router Router-JKT: > enable # clock set 7:00:00 5 dec 2011  jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-JKT (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-SBY *** (config-if)# ip address 10.1.0.1.252 (config-if)# clock rate 512000 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# int s0/0/1 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-MDN *** (config-if)# ip address 10.255.5 255.255.

255.255.1.4.0.255.2 255.252 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# end ROUTER-MDN: > enable # erase start # reload Tunggu sampai router selesai booting: Would you like to enter initial configuration? n .255.1.0 (config-if)# no shutdown (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/0 ROUTER-JKT *** (config-if)# ip address 10.1 255.(config-if)# end ROUTER-SBY: > enable # erase start # reload Tunggu sampai router selesai booting: Would you like to enter initial configuration? n > enable # clock set 7:00:00 5 dec 2011  jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-SBY (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config)# int f0/0 (config-if)# description *** CONNECT TO LAN SBY *** (config-if)# ip address 10.

MDN): # copy run start ATAU # write # sh ip route  melihat routing-table # sh ip int brief melihat status semua interface # sh int f0/0 # sh controller s0/0/0  utk ngecek kabel serial di router (DTE/DCE) # ping [ip address router terdekat] .1.255.0 (config-if)# no shutdown (config-if)# int s0/0/0 (config-if)# desc *** CONNECTED TO S0/0/1 ROUTER-JKT *** (config-if)# ip address 10.> enable # clock set 7:00:00 5 dec 2011  jam GMT/UTC (WIB – 7) # conf t (config)# clock timezone WIB 7 (config)# end # sh clock # conf t (config)# hostname Router-MDN (config)# enable secret cisco (config)# username netadmin password cisco123 (config)# line vty 0 4 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# line console 0 (config-line)# login local (config-line)# exec-timeout 5 0 (config-line)# logging synchronous (config-line)# exit (config)# int f0/0 (config-if)# description *** CONNECT TO LAN MDN *** (config-if)# ip address 10.6 255.255.0.255.255.252 (config-if)# bandwidth 512 (config-if)# no shutdown (config-if)# end ALL ROUTERS (JKT. SBY.1 255.1.5.

0.0 s0/0/0 Router-MDN: (config)# ip route 0.0.255.0 s0/0/0 STATIC ROUTE: Router-JKT: (config)# ip route 10.0.1.0.0 255.0.0.6 # sh ip route # ping [ke semua router] Task 2: Menghapus static & default route Router-SBY & MDN: (config)# no ip route 0.255.255.2 (config)# ip route 10.0 255.0.0.0 0.0 255.255.0 (config)# no ip route 10.0.0 255.1.0.0.0.0 10.5 ATAU (config)# ip route 0.0 (config)# end Router-JKT: (config)# no ip route 10.1.0.0 (config)# end # sh ip route  s0/0/0  s0/0/1 .0 10.1.0.5.1.Lab 5: Konfigurasi Static & Default Route Task 1: Membuat Static & Default Route: Router-SBY: (config)# ip route 0.0.0.5.0.0.1.1.1 ATAU (config)# ip route 0.255.0.4.255.0 0.0.255.1.0.0.0 0.0.0 10.0.0 0.0 0.1.255.0 10.

khusus bagi yg telnet # no debug all ATAU # undebug all Menghapus konfigurasi RIP: (config)# no router rip (config)# end # copy run start .Lab 6: Konfigurasi RIP ALL ROUTERS (SBY. MDN): (config)# router rip (config-router)# version 2  pakai versi 2 (classless routing protocol) (config-router)# network 10.0 (config-router)# no auto-summary  manual-summarization (config-router)# passive-interface f0/0  agar tidak sending paket RIP ke interface tersebut (config-router)# end # sh ip route  melihat routing table.0. harus ada kode R # sh ip protocol  melihat routing protocol di router kita # debug ip rip  melihat proses send-receive update RIP # terminal monitor  utk liat debug.0. JKT.

100.100.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end Router-MDN: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.1.0.0.100.100.0.0 area 0 (config-router)# network 10.3 0.1.3/32 Task 1: Konfigurasi OSPF Router-JKT: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.0.100.100.1.0.100.0.255 (config-if)# router ospf 1 (config-router)# network 10.0.1.255.100.0.100.Lab 7: Konfigurasi single-area OSPF Loopback 0 – JKT: 10.0 area 0 (config-router)# network 10.3 255.0.1.100.1.255.0 area 0 (config-router)# network 10.1/32 Loopback 0 – SBY: 10.1 0.2.0.3.1.0 area 0 (config-router)# network 10.0.0.1 0.0.255 (config-if)# router ospf 1 (config-router)# network 10.5.1 0.5 0.0 area 0 (config-router)# network 10.0 area 0 (config-router)# network 10.1 255.255.100.1 0.100.0.0 area 0 (config-router)# network 10.1.1 0.255.6 0.0.1 0.2/32 Loopback 0 – MDN: 10.0.0.0.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end .0.100.100.0.0.

0.0.1 0.0. MDN.0 area 0 (config-router)# passive-interface f0/0 (config-router)# end ALL ROUTERS (SBY.1. JKT.2 0.0.0.100.100.255.255 (config-if)# router ospf 1 (config-router)# network 10.255.0.0 area 0 (config-router)# network 10.100.0 area 0 (config-router)# network 10. MDN): # sh ip ospf # sh ip ospf interface # sh ip ospf neighbor  melihat neighbor table # sh ip ospf database  melihat topology table # sh ip route  melihat routing table # sh ip protocols  melihat semua routing protocol di router #debug ip ospf events #debug ip ospf packet #terminal monitor #undebug all Task 2: menghapus proses routing OSPF ALL ROUTERS (SBY.4.0.100.Router-SBY: (config)# int loopback 0 (config-if)# description *** as Router-ID for OSPF *** (config-if)# ip address 10.1.2 0. JKT): (config)# no int loopback 0 (config)# no router ospf 1 .2 255.

0. MDN. artinya jaringan tersebut stabil (tidak up/down)  routing table .Lab 8 : Konfigurasi EIGRP Task 1: Konfigurasi EIGRP ALL ROUTERS (SBY. JKT): (config)# router eigrp 65000 (config-router)# network 10.0.0 (config-router)# passive-interface f0/0 (config-router)# no auto-summary (config-router)# end # sh ip eigrp interface # sh ip eigrp neighbor # sh ip eigrp topology # sh ip route # sh ip protocol # debug ip eigrp  show interface yg aktif send-receive EIGRP packets  neighbor table  topology table  P = passive .

0 0.2.0.0.0.1.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end Router-MDN: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.0 0.0.0.0 0.1.255 (config)# access-list 7 permit 10.0.3.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end # sh access-list Menghapus konfigurasi standard ACL: (config)# line vty 0 4 (config-line)# no access-class 7 in (config-line)# exit (config)# no access-list 7 (config)# end .0 0.0 0.1.0.4.0.1.255 (config)# access-list 7 permit 10.255 (config)# line vty 0 4 (config-line)# access-class 7 in (config-line)# end Router-JKT: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.0.0.1.5.Lab 9 : Konfigurasi ACL Task 1: Standard ACL utk mengeblok telnet dari luar Router-SBY: (config)# access-list 7 remark ***permit user dari LAN*** (config)# access-list 7 permit 10.1.

3 range 20 21 log (config)# access-list 100 permit ip any any log (config)# int s0/0/0 (config-if)# ip access-group 100 in (config)# int s0/0/1 (config-if)# ip access-group 100 in (config-if)# end # sh access-list # sh ip int s0/0/0 # sh ip int s0/0/1 Menghapus konfigurasi extended ACL: (config)# int s0/0/0 (config-if)# no ip access-group 100 in (config-if)# int s0/0/1 (config-if)# no ip access-group 100 in (config-if)# exit (config)# no access-list 100 ATAU eq tftp ATAU range ftp-data ftp .1.1.3 eq 69 log (config)# access-list 100 deny tcp any host 10.# sh access-list Task 2: Extended ACL utk mengeblok FTP & TFTP dari luar Router-JKT: (config)# access-list 100 deny udp any host 10.1.1.

3  202.2 (config-if)# ip nat inside (config-if)# int f0/0.1.3 (Public TFTP & FTP server) Router-JKT: (config)# int s0/1/0 (config-if)# description connect to Internet (config-if)# ip address 202.1.1 (config-if)# ip nat inside (config-if)# int f0/0.1.1.3 (config)# int s0/1/0 (config-if)# ip nat outside (config-if)# int s0/0/0 (config-if)# ip nat inside (config-if)# int s0/0/1 (config-if)# ip nat inside (config-if)# int f0/0.1.0.255.Lab 10 : Konfigurasi NAT Task 1: Konfigurasi Static NAT static NAT (router JKT): 10.3 202.1.1.1.1.0 s0/1/0  membuat default route mengarah ke ISP (config)# ip nat inside source static 10.1.0.2 255.2.3 (config-if)# ip nat inside (config-if)# end # sh ip nat translation (config-if)# int f0/0 (config-if)# no ip nat inside (config-if)# exit (config)# no ip nat inside source static 10.3 .0.0.240 (config-if)# exit (config)# ip route 0.1.1.1.0 0.11 202.255.

Task 2: Konfigurasi Dynamic PAT Router-JKT: (config)# access-list 2 permit 10.0.0 0.255.1.0.255 (config)# ip nat inside source list 2 int s0/1/0 overload (config)# end # sh ip nat translation # debug ip nat # no debug all # copy run start .

Lab 11 : Konfigurasi IPv6 Task 1: Konfigurasi Dual-Stack Router Router-SBY: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::2/64  static manual address assignment (config)# int f0/0 (config-if)# ipv6 address 2001:10:1:4::/64 eui-64  static eui-64 address assignment (config-if)# end Router-MDN: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::6/64  static manual address assignment (config)# int f0/0 (config-if)# ipv6 address 2001:10:1:5::/64 eui-64  static eui-64 address assignment (config-if)# end Router-JKT: (config)# ipv6 unicast-routing (config)# int s0/0/0 (config-if)# ipv6 address 2001:10:1:0::1/64  static manual address assignment (config-if)# int s0/0/1 (config-if)# ipv6 address 2001:10:1:0::5/64  static manual address assignment (config)# int f0/0.1 (config-if)# ipv6 address 2001:10:1:1::/64 eui-64  static eui-64 address assignment (config)# int f0/0.2 (config-if)# ipv6 address 2001:10:1:2::/64 eui-64  static eui-64 address assignment .

3 (config-if)# ipv6 address 2001:10:1:3::/64 eui-64  static eui-64 address assignment (config-if)# end Verify: # sh ipv6 int brief # sh ipv6 int # sh ipv6 route Static Route JKT: ipv6 route 2001:10:1:4::/64 s0/0/0 ipv6 route 2001:10:1:5::/64 s0/0/1 ATAU ATAU ipv6 route 2001:10:1:4::/64 2001:10:1:0::2 ipv6 route 2001:10:1:5::/64 2001:10:1:0::6 SBY: (config)# ipv6 route ::/0 s0/0/0 ATAU ipv6 route ::/0 2001:10:1:0::1 MDN: (config)# ipv6 route ::/0 s0/0/0 ATAU ipv6 route ::/0 2001:10:1:0::5 Menghapus Default Route di Router-SBY & Router-MDN: (config)# no ipv6 route ::/0 Menghapus Static Route di Router-JKT: ipv6 route 2001:10:1:4::/64 ipv6 route 2001:10:1:5::/64 Task 2: Konfigurasi RIPng Router-SBY: (config)# ipv6 router rip SBY (config)# int s0/0/0 (config-if)# ipv6 rip SBY enable (config)# int f0/0 (config-if)# ipv6 rip SBY enable (config-if)# end Router-MDN: (config)# ipv6 router rip MDN (config)# int s0/0/0 (config-if)# ipv6 rip MDN enable (config)# int f0/0 (config-if)# ipv6 rip MDN enable (config-if)# end Router-JKT: (config)# ipv6 router rip JKT (config)# int s0/0/0 (config-if)# ipv6 rip JKT enable .(config)# int f0/0.

1 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.1 (config-if)# no ipv6 address .3 (config-if)# ipv6 rip JKT enable (config-if)# end Verify: # sh ipv6 rip # sh ipv6 protocol # sh ipv6 route Task 3: Menghapus konfigurasi IPv6 & RIPng Router-SBY: (config)# int s0/0/0 (config-if)# no ipv6 address (config)# int f0/0 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip SBY (config)# no ipv6 unicast-routing (config)# end # copy run start Router-MDN: (config)# int s0/0/0 (config-if)# no ipv6 address (config)# int f0/0 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip MDN (config)# no ipv6 unicast-routing (config)# end Router-JKT: (config)# int s0/0/0 (config-if)# no ipv6 address (config-if)# int s0/0/1 (config-if)# no ipv6 address (config-if)# int f0/0.2 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.(config-if)# int s0/0/1 (config-if)# ipv6 rip JKT enable (config-if)# int f0/0.

3 (config-if)# no ipv6 address (config-if)# exit (config)# no ipv6 router rip JKT (config)# no ipv6 unicast-routing (config)# end # copy run start .2 (config-if)# no ipv6 address (config-if)# int f0/0.(config-if)# int f0/0.

Lab 12 : PPP Authentication Task 1: CHAP authentication # debug ppp authentication # terminal monitor  khusus bagi telnet Router-JKT: # conf t (config)# hostname Router-JKT (config)# user Router-SBY password ccna1 (config)# user Router-MDN password ccna2 (config)# int s0/0/0 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config)# int s0/0/1 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end Router-MDN: # conf t (config)# hostname Router-MDN (config)# user Router-JKT password ccna2 (config)# int s0/0/0 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end Router-SBY:  nama router lawan & shared password .

# conf t (config)# hostname Router-SBY (config)# user Router-JKT password ccna1 (config)# int s0/1 (config-if)# shut (config-if)# encap ppp (config-if)# ppp authentication chap (config-if)# no shut (config-if)# end # sh int serial 0/0/0 # sh int serial 0/0/1 .

102 255.101 point-to-point (config-subif)# description pvc to SBY (config-subif)# ip address 10.200 point-to-point (config-subif)# description pvc to JKT (config-subif)# ip address 10.Lab 13 : Frame-Relay connection Task 1: Frame-Relay Point-to-Point subinterface Router-SBY: (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/0/1.0.252 (config-subif)# frame-relay interface-dlci 101 (config-subif)# bandwidth 2048 .255.1.252 (config-subif)# frame-relay interface-dlci 100 (config-subif)# bandwidth 2048 (config-subif)# end # copy run start Router-MDN: (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/0/1.255.100 point-to-point (config-subif)# description pvc to JKT (config-subif)# ip address 10.255.0.252 (config-subif)# frame-relay interface-dlci 200 (config-subif)# bandwidth 2048 (config-subif)# end Router-JKT: (config)# int s0/1/1 (config-if)# no ip address (config-if)# encapsulation frame-relay (config-if)# int s0/1/1.1.1.255.255.101 255.106 255.255.0.

102 point-to-point (config-subif)# description pvc to MDN (config-subif)# ip address 10.1. MDN): # sh frame-relay map # sh frame-relay pvc # sh frame-relay lmi # sh int s0/0/1  di SBY & MDN # sh int s0/1/1  di JKT # debug frame-relay lmi # terminal monitor # sh ip route # ping ….0. FRS configurations: (config)# frame-relay switching (config)# int serial 0/0/1 (config-if)# no ip address (config-if)# description connect to Router-SBY (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 100 int s0/0/0 101 (config-if)# int serial 0/0/0 (config-if)# no ip address (config-if)# description connect to Router-JKT (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 101 int s0/0/1 100 (config-if)# frame-relay route 102 int s0/1/0 200 (config-if)# int serial 0/1/0 (config-if)# no ip address (config-if)# description connect to Router-MDN (config-if)# clock rate 2000000 (config-if)# encapsulation frame-relay (config-if)# frame-relay intf-type dce (config-if)# frame-relay route 200 int s0/0/0 102 (config-if)# end # copy run start .255.255.(config-subif)# int s0/1/1.252 (config-subif)# frame-relay interface-dlci 102 (config-subif)# bandwidth 2048 (config-subif)# end Verify (all routers: JKT. SBY.105 255.