Professional Documents
Culture Documents
Prepared by:
Singgih Saputra
Wahyudin Djohan
Zul Ridwan
DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
The information in this document is confidential and meant for use only by the intended recipient and
only in connection with and subject to the terms of its contractual relationship with MASTERSYSTEM.
Acceptance and/or use of any of the information contained in this document indicates agreement not
to disclose or otherwise make available to any person who is not an employee of the intended
recipient, or to any other entity, any of the information contained herein. This documentation has the
sole purpose of providing information regarding a MASTERSYSTEM software product or service and
shall be disclosed only to those individuals who have a need to know.
Any entity or person with access to this information shall be subject to this confidentiality statement.
No part of this publication may be reproduced or transmitted in any form or by any means for any
purpose without the express written permission of MASTERSYSTEM.
Implementation Document
ii
Confidential
FORM-SE-15
Daftar Isi
KONTROL DOKUMEN ............................................................................................................................. I
DAFTAR ISI............................................................................................................................................. III
DAFTAR GAMBAR ................................................................................................................................. IV
DAFTAR TABEL ...................................................................................................................................... V
1 PENJELASAN DOKUMEN ............................................................................................................... 1
1.1 Pendahuluan......................................................................................................................... 1
1.2 Objektif.................................................................................................................................. 1
1.3 Ruang Lingkup ..................................................................................................................... 1
Implementation Document
iii
Confidential
FORM-SE-15
Daftar Gambar
Figure 2-1 High Level Design (HLD) Network PT Fast Food Indonesia, Tbk ......................................... 2
Figure 2-2 Koneksi Core – Server Farm Switch ..................................................................................... 3
Figure 2-3 Koneksi Fisik Dari Core Switch Ke Access Switch ................................................................ 4
Figure 2-4 DMZ Switch ke Perangkat – Perangkat yang Terkoneksi ..................................................... 6
Figure 2-5 Koneksi Fisik Dari Server Farm Switch ke arah Server & Server Farm Firewall ................. 7
Figure 2-6 Traffic Flow Network di PT. Fast Food Indonesia ............................................................... 11
Figure 2-7 Topologi Logik yang Diimplementasi di PT Fast Food Indonesia ....................................... 12
Figure 2-8 Topologi FortiGate 200E (INET-FW-KFC) .......................................................................... 14
Figure 3-1 Flow-Chart Policy “Accept” .................................................................................................. 46
Figure 3-2 Flow-Chart Policy “Deny” ..................................................................................................... 46
Implementation Document
iv
Confidential
FORM-SE-15
Daftar Tabel
Implementation Document
v
Confidential
FORM-SE-15
Penjelasan Dokumen
1 Penjelasan Dokumen
1.1 Pendahuluan
PT Fast Food Indonesia berencana untuk meningkatkan kualitas network infrastruktur dan
firewall serta melakukan replacement pada perangkat. Hal ini dilakukan untuk mendukung system
design network dan firewall yang lebih reliable. Untuk memenuhi standard tersebut, dilakukan
pergantian perangkat baru.
1.2 Objektif
Maksud dan tujuan dari proyek ini adalah untuk melakukan implementasi project peremajaan
perangkat sesuai dengan kesepakatan dengan PT. Fast Food Indonesia, Tbk dan PT. Mastersystem
Infotama
Implementation Document
1
Confidential
FORM-SE-15
Desain Akhir Perangkat
Berikut ini merupakan topologi High Level Design yang telah diimplementasi pada PT Fast Food
Indonesia, Tbk.
Figure 2-1 High Level Design (HLD) Network PT Fast Food Indonesia, Tbk
Implementation Document
2
Confidential
FORM-SE-15
Desain Akhir Perangkat
Pada bagian ini akan dijelaskan mengenai topology fisik dan logical yang terhubung dan telah
implementasi pada jaringan IT PT Fast Food Indonesia.
Berikut ini adalah topologi fisik yang menjelaskan interkoneksi dari Core Router ke WAN, Core
Switch, dan DMZ Switch yang terdiri dari gambar dan table port mapping.
No. Switch Interface Remote Switch Remote Interface IF Type Local IP Address Remote IP Address
1 Ge 0/0 Router LA Ge 0/0 L3 IP 10.10.100.254/30 10.10.100.253/30
2 Ge 0/1 Router Telkom Ge 0/0 L3 IP 1.2.60.1/30 1.2.60.2/30
3 Ge 0/2 Router CBN Ge 0/0 L3 IP 1.2.70.1/30 1.2.70.2/30
4 RTR01-KFC-LT3 Ge 3/0 CSW01-KFC-LT3 Ge 1/24 L3 IP 172.16.1.6/30 172.16.1.5/30
5 Ge 3/1 CSW01-KFC-LT3 Ge 1/24 L3 IP 172.16.1.2/30 172.16.1.1/30
6 Ge 3/2
7 Ge 3/3
Table 1 Port Mapping dari Core Switch ke Remote Device
Implementation Document
3
Confidential
FORM-SE-15
Desain Akhir Perangkat
Berikut ini adalah koneksi fisik dari Core Switch ke Access Switch di setiap lantai dan ke arah
Server Farm Switch, yang terdiri dari gambar dan port mapping :
Implementation Document
4
Confidential
FORM-SE-15
Desain Akhir Perangkat
19 Ge 1/19
20 Ge 1/20
172.16.1.9/30 172.16.1.10/30
21 Ge 1/21 DMZSW01-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.1.25/30 172.16.1.26/30
172.16.1.13/30 172.16.1.14/30
22 Ge 1/A1 SSW01-KFC-LT3 Ge 1/24 L2 TRUNK 172.16.1.17/30 172.16.1.18/30
172.16.1.13/30 172.16.1.14/30
23 Ge 1/A2 SSW01-KFC-LT3 Ge 2/24 L2 TRUNK 172.16.1.17/30 172.16.1.18/30
24 Ge 1/A3 RTR01-KFC-LT3 Ge 3/2 L3 IP 172.16.1.1/30 172.16.1.2/30
25 Ge 2/1 ASW01-KFC-LT2 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.1/24
26 Ge 2/2 ASW02-KFC-LT2 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.2/24
27 Ge 2/3 ASW03-KFC-LT2 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.3/24
28 Ge 2/4 ASW04-KFC-LT2 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.4/24
29 Ge 2/5 ASW05-KFC-LT2 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.5/24
30 Ge 2/6 ASW06-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.6/24
31 Ge 2/7 ASW07-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.7/24
32 Ge 2/8 ASW08-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.8/24
33 Ge 2/9 ASW09-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.9/24
34 Ge 2/10 ASW10-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.10/24
35 Ge 2/11 ASW11-KFC-LT3 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.11/24
36 Ge 2/12 ASW12-KFC-LT4 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.12/24
37 Ge 2/13 ASW13-KFC-LT4 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.13/24
38 Ge 2/14 ASW14-KFC-LT35 Ge 0/23 L2 TRUNK 172.16.24.254/24 172.16.24.14/24
39 Ge 2/15
40 Ge 2/16
41 Ge 2/17
42 Ge 2/18
43 Ge 2/19
44 Ge 2/20
172.16.1.9/30 172.16.1.10/30
45 Ge 2/21 DMZSW01-KFC-LT3 Ge 0/24 L2 TRUNK 172.16.1.25/30 172.16.1.26/30
172.16.1.13/30 172.16.1.14/30
46 Ge 2/A1 SSW01-KFC-LT3 Ge 1/23 L2 TRUNK 172.16.1.17/30 172.16.1.18/30
172.16.1.13/30 172.16.1.14/30
47 Ge 2/A2 SSW01-KFC-LT3 Ge 2/23 L2 TRUNK 172.16.1.17/30 172.16.1.18/30
48 Ge 2/A3 RTR01-KFC-LT3 Ge 3/3 L3 IP 172.16.1.5/30 172.16.1.6/30
Table 2 Port Mapping Dari Core Switch Ke Access Switch
Implementation Document
5
Confidential
FORM-SE-15
Desain Akhir Perangkat
Berikut ini adalah topologi fisik yang mejelaskan interkoneksi dari DMZ Switch ke perangkat –
perangkat yang terkoneksi, terdiri dari gambar dan table port mapping.
Tabel port mapping dari DMZ switch ke perangkat – perangkat yang terkoneksi :
Implementation Document
6
Confidential
FORM-SE-15
Desain Akhir Perangkat
L2
11 Ge 0/11 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
12 Ge 0/12 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
13 Ge 0/13 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
14 Ge 0/14 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
15 Ge 0/15 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
16 Ge 0/16 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
17 Ge 0/17 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
18 Ge 0/18 ALOKASI SERVER DMZ Ge 0/0 ACCESS
L2
19 Ge 0/19 ALOKASI SERVER DMZ Ge 0/1 ACCESS
L2
20 Ge 0/20 ALOKASI SERVER DMZ Ge 0/1 ACCESS
L2 172.16.1.21/30 172.16.1.22/30
21 Ge 0/21 INET FW Ge 0/1 ACCESS
L2 172.16.1.21/30 172.16.1.22/30
22 Ge 0/22 INET FW Ge 0/1 ACCESS
L2 172.16.1.10/30 172.16.1.9/30
23 Ge 0/23 CSW01-KFC-LT3 Ge 1/21 ACCESS 172.16.1.26/30 172.16.1.25/30
L2 172.16.1.10/30 172.16.1.9/30
24 Ge 0/24 CSW01-KFC-LT3 Ge 2/21 ACCESS 172.16.1.26/30 172.16.1.25/30
Berikut ini adalah koneksi fisik dari Server Farm Switch ke arah Server dan Server Farm Firewall,
yang terdiri dari gambar dan port mapping :
Figure 2-5 Koneksi Fisik Dari Server Farm Switch ke arah Server & Server Farm Firewall
Implementation Document
7
Confidential
FORM-SE-15
Desain Akhir Perangkat
Tabel Port Mapping dari Server Farm Switch ke Server dan Server Farm Firewall :
Remote Local IP Remote IP
No. Switch Interface Remote Switch Interface IF Type Address Address
1 Te 1/0/1 SERVER PORT Ge 0/0 L2 ACCESS
2 Te 1/0/2 SERVER PORT Ge 0/0 L2 ACCESS
3 Te 1/0/3 SERVER PORT Ge 0/0 L2 ACCESS
4 Te 1/0/4 SERVER PORT Ge 0/0 L2 ACCESS
5 Te 1/0/5 SERVER PORT Ge 0/0 L2 ACCESS
6 Te 1/0/6 SERVER PORT Ge 0/0 L2 ACCESS
7 Te 1/0/7 SERVER PORT Ge 0/0 L2 ACCESS
8 Te 1/0/8 SERVER PORT Ge 0/0 L2 ACCESS
9 Te 1/0/9 SERVER PORT Ge 0/0 L2 ACCESS
10 Te 1/0/10 SERVER PORT Ge 0/0 L2 ACCESS
11 Te 1/0/11 SERVER PORT Ge 0/0 L2 ACCESS
12 Te 1/0/12 SERVER PORT Ge 0/0 L2 ACCESS
13 Te 1/0/13 SERVER PORT Ge 0/0 L2 ACCESS
14 Te 1/0/14 SERVER PORT Ge 0/0 L2 ACCESS
15 Te 1/0/15 SERVER PORT Ge 0/0 L2 ACCESS
16 Te 1/0/16 SERVER PORT Ge 0/0 L2 ACCESS
17 Te 1/0/17 SERVER PORT Ge 0/0 L2 ACCESS
18 Te 1/0/18 SERVER PORT Ge 0/0 L2 ACCESS
19 Te 1/0/19 SERVER PORT Ge 0/0 L2 ACCESS
20 Te 1/0/20 SERVER PORT Ge 0/0 L2 ACCESS
21 Te 1/0/21 SERVER PORT Ge 0/0 L2 ACCESS
22 Te 1/0/22 SERVER PORT Ge 0/0 L2 ACCESS
23 Te 1/0/23 SERVER PORT Ge 0/0 L2 ACCESS
24 Te 1/0/24 SERVER PORT Ge 0/0 L2 ACCESS
25 Te 1/0/25 SERVER PORT Ge 0/0 L2 ACCESS
26 Te 1/0/26 SERVER PORT Ge 0/0 L2 ACCESS
27 Te 1/0/27 SERVER PORT Ge 0/0 L2 ACCESS
28 Te 1/0/28 SERVER PORT Ge 0/0 L2 ACCESS
29 Te 1/0/29 SERVER PORT Ge 0/0 L2 ACCESS
30 Te 1/0/30 SERVER PORT Ge 0/0 L2 ACCESS
31 Te 1/0/31 SERVER PORT Ge 0/0 L2 ACCESS
32 Te 1/0/32 SERVER PORT Ge 0/0 L2 ACCESS
33 Te 1/0/33 SERVER PORT Ge 0/0 L2 ACCESS
34 Te 1/0/34 SERVER PORT Ge 0/0 L2 ACCESS
35 Te 1/0/35 SERVER PORT Ge 0/0 L2 ACCESS
36 Te 1/0/36 SERVER PORT Ge 0/0 L2 ACCESS
37 Te 1/0/37 SERVER PORT Ge 0/0 L2 ACCESS
38 Te 1/0/38 SERVER PORT Ge 0/0 L2 ACCESS
39 Te 1/0/39 SERVER PORT Ge 0/0 L2 ACCESS
40 Te 1/0/40 SERVER PORT Ge 0/0 L2 ACCESS
41 Te 1/0/41 SERVER PORT Ge 0/0 L2 ACCESS
42 Te 1/0/42 SERVER PORT Ge 0/0 L2 ACCESS
43 Te 1/0/43 SERVER PORT Ge 0/0 L2 ACCESS
Implementation Document
8
Confidential
FORM-SE-15
Desain Akhir Perangkat
Implementation Document
9
Confidential
FORM-SE-15
Desain Akhir Perangkat
Berikut merupakan summary port mapping table pada setiap Access Switch yang berada di
setiap lokasi :
IP
No. Host Name Port Mapping Vlan Mapping Type
Management
Vlan store development 172.16.24.1/24
1 ASW01-KFC-LT2 Ge 1 – 24, 25-46 (13), Vlan QA (15) L2 ACCESS
Vlan Marketing (10), 172.16.24.2/24
2 ASW02-KFC-LT2 Ge 1 – 24, 25-46 Vlan Operational (11) L2 ACCESS
3 ASW03-KFC-LT4 Ge 1 – 24, 25-46 Vlan Internal Audit (27) L2 ACCESS 172.16.24.3/24
Vlan 24 (FPC), VLan 26 172.16.24.4/24
4 ASW04-KFC-LT3 Ge 1 – 24, 25-46 (Tax) L2 ACCESS
5 ASW05-KFC-LT3 Ge 1 - 48 Vlan 21 (Logistik) L2 ACCESS 172.16.24.5/24
6 ASW06-KFC-LT3 Ge 1 - 48 Vlan IT (16) L2 ACCESS 172.16.24.6/24
7 ASW07-KFC-LT3 Ge 1 - 48 Vlan IT (16) L2 ACCESS 172.16.24.7/24
8 ASW08-KFC-LT3 Ge 1 - 48 Vlan Accounting (19) L2 ACCESS 172.16.24.8/24
9 ASW09-KFC-LT3 Ge 1 - 48 Vlan Finance (20) L2 ACCESS 172.16.24.9/24
Vlan 22 (GA), Vlan 25 172.16.24.10/24
10 ASW10-KFC-LT3 Ge 1 – 24, 25-46 (Legal) L2 ACCESS
11 ASW11-KFC-LT3 Ge 1 - 48 Vlan 23 (Payroll) L2 ACCESS 172.16.24.11/24
12 ASW12-KFC-LT4 Ge 1 - 48 Vlan HR (28) L2 ACCESS 172.16.24.12/24
Vlan Internal 172.16.24.13/24
Communication (30),
13 ASW13-KFC-LT5 Ge 1 – 24, 25-46 Vlan Traveldesk (31) L2 ACCESS
Vlan Procurement (29), 172.16.24.14/24
14 ASW14-KFC-LT5 Ge 1 – 24, 25-46 Vlan BUD (32) L2 ACCESS
Table 5 Summary Port Mapping Table pada Access Switch
Implementation Document
10
Confidential
FORM-SE-15
Desain Akhir Perangkat
3. Segment DMZ
Gateway server – server DMZ akan berada di DMZ Firewall / Internet Firewall, dimana setiap
traffic dari arah external network yang akan mengakses ke DMZ Server akan diinspect terlebih
dahulu oleh DMZ Firewall. DMZ Firewall akan melakukan full inspect untuk traffic yang
mengarah ke segment DMZ dan intranet.
Implementation Document
11
Confidential
FORM-SE-15
Desain Akhir Perangkat
Berikut ini merupakan topologi logik yang telah diimplementasikan di PT Fast Food Indonesia :
1. WAN Router
Koneksi ke arah Branch Office dan Store terdiri dari 3 provider, yaitu Lintas Artha (LA), Telkom,
dan CBN.
Koneksi ke LA menggunakan routing protocol BGP, koneksi ke Telkom dan CBN menggunakan
static route.
Koneksi ke arah HO menggunakan OSPF area 0.
2. Core Switch
Koneksi ke arah HO menggunakan OSPF area 0, koneksi ke arah WAN Router menggunakan
OSPF area 0.
Berikut ini merupakan skema alokasi IP address yang akan digunakan pada network PT. Fast
Food Indonesia :
Implementation Document
12
Confidential
FORM-SE-15
Desain Akhir Perangkat
Hostname IP Address
RTR01-KFC-LT3 172.16.1.2
CSW01-KFC-LT3 172.16.1.1
SSW01-KFC-LT3 172.16.1.18
DMZ01-KFC-LT3 172.16.1.10
ASW01-KFC-LT2 172.16.24.1
ASW02-KFC-LT2 172.16.24.2
ASW03-KFC-LT4 172.16.24.3
ASW04-KFC-LT3 172.16.24.4
ASW05-KFC-LT3 172.16.24.5
ASW06-KFC-LT3 172.16.24.6
ASW07-KFC-LT3 172.16.24.7
ASW08-KFC-LT3 172.16.24.8
ASW09-KFC-LT3 172.16.24.9
ASW10-KFC-LT3 172.16.24.10
ASW11-KFC-LT3 172.16.24.11
ASW12-KFC-LT4 172.16.24.12
ASW13-KFC-LT5 172.16.24.13
ASW14-KFC-LT5 172.16.24.14
Table 7 List IP Management Perangkat
Implementation Document
13
Confidential
FORM-SE-15
Desain Akhir Perangkat
Port 2
Port 3
Port 5
Port 4
INET-FW-KFC
(FortiGate 200E)
Port 13
Port 14
172.16.1.22/30
LACP
172.16.1.21/30
DMZ01-KFC-LT3
(Aruba Switch)
LAN
Implementation Document
14
Confidential
FORM-SE-15
Desain Akhir Perangkat
Tujuan proyek ini adalah untuk mengimplementasikan Project Peremajaan Perangkat Core,
Server Farm Switch, Access Switch, dan Firewall sesuai dengan Bill of Quantity (BoQ) yang telah
disepakati oleh PT Fast Food Indonesia, Tbk dengan PT Mastersystem Infotama.
Di bawah ini adalah Bill Of Quantity :
Implementation Document
15
Confidential
FORM-SE-15
Konfigurasi Perangkat
3 Konfigurasi Perangkat
3.1 Konfigurasi Perangkat Network
WAN Router (RTR01-KFC-LT3)
#
version 7.1.064, Release 0615P16
#
sysname RTR01-KFC-LT3
#
telnet server enable
#
ospf 1
import-route static type 2
import-route bgp allow-ibgp
area 0.0.0.0
network 1.2.60.0 0.0.0.3
network 1.2.70.0 0.0.0.3
network 10.10.100.101 0.0.0.0
#
ip redirects enable
ip ttl-expires enable
ip icmp error-interval 0
#
lldp global enable
#
password-recovery enable
#
vlan 1
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface Virtual-Template0
#
interface NULL0
#
interface LoopBack0
ip address 10.10.100.101 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
description TO LINTASARTA
combo enable copper
ip address 10.10.100.254 255.255.255.252
ospf network-type p2p
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/1
Implementation Document
16
Confidential
FORM-SE-15
Konfigurasi Perangkat
port link-mode route
description TO TELKOM
ip address 1.2.60.1 255.255.255.252
#
interface GigabitEthernet0/2
port link-mode route
description TO CBN
ip address 1.2.70.1 255.255.255.252
#
interface GigabitEthernet3/0
port link-mode route
description TO CSW01-KFC-LT.3 PORT 2/A3
ip address 172.16.1.6 255.255.255.252
ospf cost 100
ospf 1 area 0.0.0.0
#
interface GigabitEthernet3/1
port link-mode route
description TO CSW01-KFC-LT.3 PORT 1/A3
ip address 172.16.1.2 255.255.255.252
ospf 1 area 0.0.0.0
#
interface GigabitEthernet3/3
port link-mode route
#
interface GigabitEthernet3/2
port link-mode bridge
#
bgp 64999
router-id 10.10.100.101
peer 10.10.100.102 as-number 64999
peer 10.10.100.102 connect-interface LoopBack0
#
address-family ipv4 unicast
balance eibgp 8
import-route direct
import-route static
import-route ospf 1
peer 10.10.100.102 enable
#
security-zone name Local
#
security-zone name Trust
#
security-zone name DMZ
#
security-zone name Untrust
#
security-zone name Management
#
scheduler logfile size 16
#
Implementation Document
17
Confidential
FORM-SE-15
Konfigurasi Perangkat
line class aux
authentication-mode password
user-role network-admin
set authentication password hash
$h$6$1LBu6zZ+3jqJ0xkY$bnqwhiPLNBPsBaHWHMJl30q3Avi2DNaNt+Wdq9fEXiMLhypAVO6aPCsFpo
TRCgoocVafuJclGGWe8j8hgT0pvg==
#
line class tty
user-role network-operator
#
line class vty
authentication-mode scheme
user-role network-admin
user-role network-operator
set authentication password hash
$h$6$iP+TfXm20Q4DWzt3$hnVc0C3028bwASI7wA4RFiqUu7bU7i3L31lvlLMaI9h4R9qZcVq+XK6Xj+N
EnXT9AD49i37o7BQNfEmPpMvEdA==
#
line aux 0
user-role network-admin
#
line vty 0 10
authentication-mode scheme
user-role network-admin
user-role network-operator
#
line vty 11 63
user-role network-admin
user-role network-operator
set authentication password hash
$h$6$qVQ/csmvbxGneXOc$370s8TrpAud9Cp+TNOtlQ6pfCFscocVaByn0LbcKTbugRBjvGYaUa+7aLW
zzmfaOPm3cNs/GYWk1bEAxQ1bE/A==
#
ip route-static 1.2.50.0 30 1.2.60.2
ip route-static 10.10.10.128 25 1.2.60.2 description Link_Telkom_Sigma
ip route-static 10.10.165.0 30 1.2.60.2 description LAN-BARU-TLKM
ip route-static 10.11.92.0 24 1.2.60.2
ip route-static 10.12.50.0 24 1.2.60.2
ip route-static 10.13.92.0 24 1.2.60.2
ip route-static 10.14.92.0 24 1.2.60.2
ip route-static 10.15.92.0 24 1.2.60.2
ip route-static 10.16.92.0 24 1.2.60.2
ip route-static 10.17.92.0 24 1.2.60.2
ip route-static 10.165.177.0 24 1.2.60.2
ip route-static 10.165.178.0 24 1.2.60.2
ip route-static 10.165.179.0 29 1.2.60.2
ip route-static 10.165.180.0 24 1.2.60.2
ip route-static 10.165.190.0 24 1.2.60.2
ip route-static 117.54.9.179 32 172.16.1.1
ip route-static 172.10.0.0 16 1.2.70.2 description Link-to-CBN
ip route-static 172.17.0.0 16 1.2.60.2 description LINK_LAN_TELKOM
ip route-static 172.17.15.0 24 1.2.60.2
Implementation Document
18
Confidential
FORM-SE-15
Konfigurasi Perangkat
ip route-static 172.18.0.0 16 1.2.60.2 description LINK_LAN_TELKOM
ip route-static 172.19.0.0 16 1.2.60.2 description LINK_LAN_TELKOM
#
ssh server enable
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
Implementation Document
19
Confidential
FORM-SE-15
Konfigurasi Perangkat
description Predefined level-14 role
#
user-group system
#
local-user kfcadmin class manage
password hash
$h$6$2r5CGpkgFam5lVVO$e5m6WXFHOV9Si1oVOeC1hCvsX2swAYlXOKdr/WE2UYdhkks8O+BHP8
M+dwid4+0JTy+KNb0VAGfJK0Kq1g70nQ==
service-type ssh telnet terminal http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
cwmp
cwmp enable
#
ip http enable
ip https enable
#
ips signature auto-update-url https://tmc.tippingpoint.com/TMC/msrIPSDVInfo
#
Core Switch (CSW01-KFC-LT.3)
Running configuration:
stacking
member 1 type "JL071A" mac-address 089734-ff1380
member 1 priority 255
member 1 flexible-module A type JL081A
member 2 type "JL071A" mac-address 089734-ff2000
member 2 flexible-module A type JL081A
exit
hostname "CSW01-KFC-LT.3"
console idle-timeout 60
console idle-timeout serial-usb 60
trunk 1/21,2/21 trk1 lacp
trunk 1/22,2/22 trk2 lacp
trunk 1/23,2/23 trk3 lacp
trunk 1/A1-1/A2,2/A1-2/A2 trk4 lacp
trunk 1/1,2/1 trk11 lacp
trunk 1/2,2/2 trk12 lacp
trunk 1/3,2/3 trk13 lacp
trunk 1/4,2/4 trk14 lacp
trunk 1/5,2/5 trk15 lacp
trunk 1/6,2/6 trk16 lacp
trunk 1/7,2/7 trk17 lacp
trunk 1/8,2/8 trk18 lacp
trunk 1/9,2/9 trk19 lacp
trunk 1/10,2/10 trk20 lacp
trunk 1/11,2/11 trk21 lacp
Implementation Document
20
Confidential
FORM-SE-15
Konfigurasi Perangkat
trunk 1/12,2/12 trk22 lacp
trunk 1/13,2/13 trk23 lacp
trunk 1/14,2/14 trk24 lacp
ip route 117.54.9.179 255.255.255.255 172.16.1.10
ip router-id 172.16.1.254
ip routing
interface loopback 0
ip address 172.16.1.254
exit
snmp-server community "public" unrestricted
oobm
ip address dhcp-bootp
member 1
ip address dhcp-bootp
exit
member 2
ip address dhcp-bootp
exit
exit
router ospf
area backbone
redistribute connected
enable
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1/15,1/A3,2/A3
untagged 1/16-1/20,1/24,1/A4,2/15-2/20,2/24,2/A4,Trk1-Trk4,Trk11-Trk24
no ip address
exit
vlan 2
name "VLAN2"
tagged Trk1
ip address 172.16.1.25 255.255.255.252
ip ospf 172.16.1.25 area backbone
ip ospf 172.16.1.25 network-type point-to-point
jumbo
exit
vlan 4
name "VLAN4"
tagged Trk4
ip address 172.16.1.17 255.255.255.252
ip ospf 172.16.1.17 area backbone
ip ospf 172.16.1.17 network-type point-to-point
exit
vlan 5
name "VLAN5"
tagged Trk4
ip address 172.16.1.13 255.255.255.252
ip ospf 172.16.1.13 area backbone
ip ospf 172.16.1.13 network-type point-to-point
exit
Implementation Document
21
Confidential
FORM-SE-15
Konfigurasi Perangkat
vlan 6
name "VLAN6"
tagged Trk1
ip address 172.16.1.9 255.255.255.252
ip ospf 172.16.1.9 area backbone
ip ospf 172.16.1.9 network-type point-to-point
jumbo
exit
vlan 7
name "VLAN7"
untagged 2/A3
ip address 172.16.1.5 255.255.255.252
ip ospf 172.16.1.5 area backbone
ip ospf 172.16.1.5 cost 100
exit
vlan 8
name "VLAN8"
untagged 1/A3
tagged Trk17
ip address 172.16.1.1 255.255.255.252
ip ospf 172.16.1.1 area backbone
jumbo
exit
vlan 9
name "VLAN9"
tagged Trk11-Trk24
ip address 172.16.2.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 10
name "VLAN10"
tagged Trk11-Trk24
ip address 172.16.3.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 11
name "VLAN11"
tagged Trk11-Trk24
ip address 172.16.4.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 12
name "VLAN12"
tagged Trk11-Trk24
ip address 172.16.5.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 13
name "VLAN13"
tagged Trk11-Trk24
ip address 172.16.6.1 255.255.255.0
ip helper-address 192.168.10.18
Implementation Document
22
Confidential
FORM-SE-15
Konfigurasi Perangkat
exit
vlan 14
name "VLAN14"
tagged Trk11-Trk24
ip address 172.16.7.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 15
name "VLAN15"
tagged Trk11-Trk24
ip address 172.16.8.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 16
name "VLAN16"
untagged 1/15
tagged Trk11-Trk24
ip address 172.16.9.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 17
name "VLAN17"
no ip address
exit
vlan 18
name "VLAN18"
no ip address
exit
vlan 19
name "VLAN19"
tagged Trk11-Trk24
ip address 172.16.10.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 20
name "VLAN20"
tagged Trk11-Trk24
ip address 172.16.11.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 21
name "VLAN21"
tagged Trk11-Trk24
ip address 172.16.12.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 22
name "VLAN22"
tagged Trk11-Trk24
ip address 172.16.13.1 255.255.255.0
ip helper-address 192.168.10.18
exit
Implementation Document
23
Confidential
FORM-SE-15
Konfigurasi Perangkat
vlan 23
name "VLAN23"
tagged Trk11-Trk24
ip address 172.16.14.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 24
name "VLAN24"
tagged Trk11-Trk24
ip address 172.16.15.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 25
name "VLAN25"
tagged Trk11-Trk24
ip address 172.16.16.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 26
name "VLAN26"
tagged Trk11-Trk24
ip address 172.16.17.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 27
name "VLAN27"
tagged Trk11-Trk24
ip address 172.16.18.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 28
name "VLAN28"
tagged Trk11-Trk24
ip address 172.16.19.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 29
name "VLAN29"
tagged Trk11-Trk24
ip address 172.16.20.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 30
name "VLAN30"
tagged Trk11-Trk24
ip address 172.16.21.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 31
name "VLAN31"
tagged Trk11-Trk24
ip address 172.16.22.1 255.255.255.0
Implementation Document
24
Confidential
FORM-SE-15
Konfigurasi Perangkat
ip helper-address 192.168.10.18
exit
vlan 32
name "VLAN32"
tagged Trk11-Trk24
ip address 172.16.23.1 255.255.255.0
ip helper-address 192.168.10.18
exit
vlan 33
name "VLAN33"
tagged Trk11-Trk24
ip address 172.16.24.254 255.255.255.0
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
spanning-tree Trk3 priority 4
spanning-tree Trk4 priority 4
spanning-tree Trk11 priority 4
spanning-tree Trk12 priority 4
spanning-tree Trk13 priority 4
spanning-tree Trk14 priority 4
spanning-tree Trk15 priority 4
spanning-tree Trk16 priority 4
spanning-tree Trk17 priority 4
spanning-tree Trk18 priority 4
spanning-tree Trk19 priority 4
spanning-tree Trk20 priority 4
spanning-tree Trk21 priority 4
spanning-tree Trk22 priority 4
spanning-tree Trk23 priority 4
spanning-tree Trk24 priority 4
spanning-tree priority 0
allow-unsupported-transceiver
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
Implementation Document
25
Confidential
FORM-SE-15
Konfigurasi Perangkat
irf member 1 priority 32
irf member 2 priority 31
#
router id 172.16.1.252
#
ospf 1
import-route direct
area 0.0.0.0
network 172.16.1.252 0.0.0.0
#
ip redirects enable
ip ttl-expires enable
ip icmp error-interval 0
#
lldp global enable
#
system-working-mode standard
fan prefer-direction slot 1 port-to-power
fan prefer-direction slot 2 port-to-power
password-recovery enable
#
vlan 1
#
vlan 4 to 5
#
irf-port 1/1
port group interface FortyGigE1/0/49
#
irf-port 1/2
port group interface FortyGigE1/0/50
#
irf-port 2/1
port group interface FortyGigE2/0/49
#
irf-port 2/2
port group interface FortyGigE2/0/50
#
stp instance 0 priority 40960
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan 1 4 to 5
link-aggregation mode dynamic
#
interface NULL0
#
interface LoopBack0
ip address 172.16.1.252 255.255.255.255
#
interface Vlan-interface1
description TO LAN KFC
Implementation Document
26
Confidential
FORM-SE-15
Konfigurasi Perangkat
ip address 192.168.10.3 255.255.252.0
ospf 1 area 0.0.0.0
#
interface Vlan-interface4
ip address 172.16.1.18 255.255.255.252
ospf network-type p2p
ospf 1 area 0.0.0.0
#
interface Vlan-interface5
ip address 172.16.1.14 255.255.255.252
ospf network-type p2p
ospf 1 area 0.0.0.0
#
interface FortyGigE1/0/51
port link-mode bridge
#
interface FortyGigE1/0/52
port link-mode bridge
#
interface FortyGigE1/0/53
port link-mode bridge
#
interface FortyGigE1/0/54
port link-mode bridge
#
interface FortyGigE2/0/51
port link-mode bridge
#
interface FortyGigE2/0/52
port link-mode bridge
#
interface FortyGigE2/0/53
port link-mode bridge
#
interface FortyGigE2/0/54
port link-mode bridge
#
interface FortyGigE1/0/49
#
interface FortyGigE1/0/50
#
interface FortyGigE2/0/49
#
interface FortyGigE2/0/50
#
interface M-GigabitEthernet0/0/0
#
interface M-GigabitEthernet0/0/1
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
Implementation Document
27
Confidential
FORM-SE-15
Konfigurasi Perangkat
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/7
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/8
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/9
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/10
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/11
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/12
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/13
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/14
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/15
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/16
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/17
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/18
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/19
Implementation Document
28
Confidential
FORM-SE-15
Konfigurasi Perangkat
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/20
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/21
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/22
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/23
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/25
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/26
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/27
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/28
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/29
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/30
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/31
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/32
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/33
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/34
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/35
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/36
port link-mode bridge
Implementation Document
29
Confidential
FORM-SE-15
Konfigurasi Perangkat
#
interface Ten-GigabitEthernet1/0/37
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/38
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/39
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/40
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/41
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/42
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/43
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/44
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/45
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/46
port link-mode bridge
#
interface Ten-GigabitEthernet1/0/47
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4 to 5
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/48
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4 to 5
port link-aggregation group 1
#
interface Ten-GigabitEthernet2/0/1
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/2
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/3
port link-mode bridge
#
Implementation Document
30
Confidential
FORM-SE-15
Konfigurasi Perangkat
interface Ten-GigabitEthernet2/0/4
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/5
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/6
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/7
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/8
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/9
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/10
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/11
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/12
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/13
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/14
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/15
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/16
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/17
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/18
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/19
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/20
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/21
Implementation Document
31
Confidential
FORM-SE-15
Konfigurasi Perangkat
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/22
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/23
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/24
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/25
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/26
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/27
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/28
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/29
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/30
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/31
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/32
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/33
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/34
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/35
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/36
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/37
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/38
port link-mode bridge
Implementation Document
32
Confidential
FORM-SE-15
Konfigurasi Perangkat
#
interface Ten-GigabitEthernet2/0/39
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/40
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/41
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/42
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/43
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/44
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/45
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/46
port link-mode bridge
#
interface Ten-GigabitEthernet2/0/47
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4 to 5
port link-aggregation group 1
#
interface Ten-GigabitEthernet2/0/48
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4 to 5
port link-aggregation group 1
#
scheduler logfile size 16
#
line class aux
authentication-mode password
user-role network-admin
set authentication password hash
$h$6$4uXzKNpTZrHI/kIK$gnLckuAbDnYeVqm4Jcg6r1bL6dMaNNgz0Ge4mEKVj9YiYrkXdrZ+6dXWoak
xDG7oyYSOHnVCqKoGhSu47qMtwQ==
#
line class vty
authentication-mode scheme
user-role network-admin
user-role network-operator
#
line aux 0 1
Implementation Document
33
Confidential
FORM-SE-15
Konfigurasi Perangkat
user-role network-admin
set authentication password hash
$h$6$C/DybLi9T93nG/9C$hokZ42fCcEoGw53OFp0nYyvLb8XEMj5aWmKDVkj6zQl28AwcYWPbgEsLe
OpdiBZE2UzEb6fUPUpShNOOKEyRIw==
#
line vty 0 10
authentication-mode scheme
user-role network-admin
user-role network-operator
#
line vty 11 63
user-role network-admin
user-role network-operator
set authentication password hash
$h$6$DWejXDjb0bTCWzBD$/r3iyauHHxGTuGcz21+9o0fL6f5dSYDwT6MANDKVs6ZQcU4GC8gTw7h
XyxCbeLM33NbywO1hQNbUg1sEhz4PSw==
#
snmp-agent
snmp-agent local-engineid 800063A280EC9B8B88FB8900000001
snmp-agent sys-info version v3
#
ssh server enable
#
radius scheme system
user-name-format without-domain
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
Implementation Document
34
Confidential
FORM-SE-15
Konfigurasi Perangkat
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user kfcadmin class manage
password hash
$h$6$AJ8LW60OP6uib7Sc$Dm6JMSAIjEfsyXKmub6CCEDkd4aU+F0S1/n2p98koto2gien/2+oFY0q2W
HpWESIif4vLAA6b1xXIAxAcj4H1A==
service-type telnet http https ssh terminal
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ip http enable
ip https enable
#
Return
Implementation Document
35
Confidential
FORM-SE-15
Konfigurasi Perangkat
ip route 10.242.1.0 255.255.255.0 172.16.1.22
ip route 117.54.9.179 255.255.255.255 172.16.1.22
ip router-id 172.16.1.253
ip routing
interface loopback 0
ip address 172.16.1.253
exit
snmp-server community "public" unrestricted
router ospf
area backbone
redistribute connected
redistribute static
enable
exit
vlan 1
name "DEFAULT_VLAN"
untagged 1-20,25-28,Trk1-Trk2
no ip address
exit
vlan 2
name "VLAN2"
tagged Trk1
ip address 172.16.1.26 255.255.255.252
ip ospf 172.16.1.26 area backbone
ip ospf 172.16.1.26 network-type point-to-point
jumbo
exit
vlan 3
name "VLAN3"
tagged Trk2
ip address 172.16.1.21 255.255.255.252
exit
vlan 6
name "VLAN6"
tagged Trk1
ip address 172.16.1.10 255.255.255.252
ip ospf 172.16.1.10 area backbone
ip ospf 172.16.1.10 network-type point-to-point
jumbo
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager
password operator
Implementation Document
36
Confidential
FORM-SE-15
Konfigurasi Perangkat
Access Switch (ASW01-KFC-LT2)
Running configuration:
Implementation Document
37
Confidential
FORM-SE-15
Konfigurasi Perangkat
name "VLAN16"
no ip address
exit
vlan 17
name "VLAN17"
no ip address
exit
vlan 18
name "VLAN18"
no ip address
exit
vlan 19
name "VLAN19"
no ip address
exit
vlan 20
name "VLAN20"
no ip address
exit
vlan 21
name "VLAN21"
no ip address
exit
vlan 22
name "VLAN22"
no ip address
exit
vlan 23
name "VLAN23"
no ip address
exit
vlan 24
name "VLAN24"
no ip address
exit
vlan 25
name "VLAN25"
no ip address
exit
vlan 26
name "VLAN26"
no ip address
exit
vlan 27
name "VLAN27"
no ip address
exit
vlan 28
name "VLAN28"
no ip address
exit
vlan 29
Implementation Document
38
Confidential
FORM-SE-15
Konfigurasi Perangkat
name "VLAN29"
no ip address
exit
vlan 30
name "VLAN30"
no ip address
exit
vlan 31
name "VLAN31"
no ip address
exit
vlan 32
name "VLAN32"
no ip address
exit
vlan 33
name "VLAN33"
tagged Trk1-Trk2
ip address 172.16.24.1 255.255.255.0
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
no tftp server
loop-protect 1-46
loop-protect 1-46 receiver-action send-recv-dis
loop-protect trap loop-detected
loop-protect disable-timer 60
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url
password manager
Implementation Document
39
Confidential
FORM-SE-15
Konfigurasi Perangkat
3.2.2 SD-WAN
Implementation Document
40
Confidential
FORM-SE-15
Konfigurasi Perangkat
3.2.3 Routing
3.2.4 AntiVirus
AntiVirus Profiles
No. Name
1 default
2 wifi-default
Table 12 Anti Virus
Implementation Document
41
Confidential
FORM-SE-15
Konfigurasi Perangkat
IPS Profiles
No. Name
1 all_default
2 all_default_pass
3 default
4 high_security
5 protect_client
6 protect_email_server
7 protect_http_server
8 wifi-default
Table 15 Intrusion Prevention System (IPS) Profiles
- Object
Addresses
No. Name Network/IP Range/ FQDN Comment Associated Interface
1 HO-VLAN-MGMT 172.16.1.0 255.255.255.0 Any
2 HO_VLAN_BUD 172.16.23.0 255.255.255.0 Any
3 HO-VLAN-VOICE 172.16.2.0 255.255.255.0 Any
4 HO-VLAN-MARKETING 172.16.3.0 255.255.255.0 Any
5 HO-VLAN-OPERATIONAL 172.16.4.0 255.255.255.0 Any
6 HO_VLAN_TRAVELDESK 172.16.22.0 255.255.255.0 Any
7 HO-VLAN-MARKET-DEV 172.16.5.0 255.255.255.0 Any
8 HO-VLAN-STORE-DEV 172.16.6.0 255.255.255.0 Any
9 HO-VLAN-BUSINESS-DEV 172.16.7.0 255.255.255.0 Any
10 HO-VLAN-QUALITY-ASSRNC 172.16.8.0 255.255.255.0 Any
11 HO-VLAN-IT 172.16.9.0 255.255.255.0 Any
12 HO-VLAN-SERVER-DEV 192.168.9.0 255.255.255.0 Any
13 HO-VLAN-SERVER-PROD 192.168.8.0 255.255.252.0 Any
14 HO-VLAN-ACCOUNTING 172.16.10.0 255.255.255.0 Any
Implementation Document
42
Confidential
FORM-SE-15
Konfigurasi Perangkat
- Group
Address Group
No. Name Members
HO-VLAN-ACCOUNTING, HO-VLAN-BUSINESS-DEV, HO-VLAN-
1 HO-GROUP-LT.2 MARKET-DEV, HO-VLAN-MARKETING, HO-VLAN-OPERATIONAL,
HO-VLAN-QUALITY-ASSRNC, HO-VLAN-STORE-DEV
HO-VLAN-ACCOUNTING, HO-VLAN-FINANCE, HO-VLAN-FPC,
2 HO-GROUP-LT.3 HO-VLAN-GA, HO-VLAN-LEGAL, HO-VLAN-LOGISTIK, HO-VLAN-
PAYROLL, HO-VLAN-TAX
3 HO-GROUP-LT.4 HO-VLAN-HR, HO-VLAN-INT-AUDIT
HO-VLAN-BUD, HO-VLAN-INT-COMM, HO-VLAN-PROCURMENT,
4 HO-GROUP-LT.5
HO-VLAN-TRAVELDESK
HO-VLAN-ACCOUNTING, HO-VLAN-IT, HO-VLAN-MGMT, HO-
5 HO-GROUP-IT
VLAN-VOICE
6 HO-GROUP-SERVER HO-VLAN-SERVER-DEV, HO-VLAN-SERVER-PROD
HO-VLAN-ACCOUNTING, HO-VLAN-BUD, HO-VLAN-BUSINESS-
DEV, HO-VLAN-FINANCE, HO-VLAN-FPC, HO-VLAN-GA, HO-
7 HO-GROUP-ALL-KFC VLAN-HR, HO-VLAN-INT-AUDIT, HO-VLAN-INT-COMM, HO-VLAN-
IT, HO-VLAN-LEGAL, HO-VLAN-LOGISTIK, HO-VLAN-MARKET-
DEV, HO-VLAN-MARKETING, HO-VLAN-MGMT, HO-VLAN-
Implementation Document
43
Confidential
FORM-SE-15
Konfigurasi Perangkat
Implementation Document
44
Confidential
FORM-SE-15
Konfigurasi Perangkat
3.2.9 Virtual IP
Virtual IP
No Name Public IP Private IP
1 VIP_servicedesk.ffi.co.id 202.152.20.189 192.168.10.179
2 VIP_nagios 202.158.91.203 192.168.10.100
3 VIP_ftp.ffi.co.id 202.53.236.154 192.168.10.10
Table 18 Virtual IP
Implementation Document
45
Confidential
FORM-SE-15
Konfigurasi Perangkat
Implementation Document
46
Confidential
FORM-SE-15
Konfigurasi Perangkat
- Policies
No. ID Name Incoming Interface Outgoing Interface Source Network Destination Network Schedule Services Action NAT Security Profiles
1 26 COUNTRY_BLOCK SD-WAN INSIDE COUNTRY_BLOCK all always ALL DENY - -
AntiVirus: default
2 9 SD-WAN_to_servicedesk.ffi.co.id SD-WAN INSIDE all VIP_servicedesk.ffi.co.id always VIP_Services ACCEPT Disabled
IPS: default
AntiVirus: default
3 21 SD-WAN_to_Nagios SD-WAN INSIDE all VIP_nagios always VIP_Services ACCEPT Disabled
IPS: default
AntiVirus: default
4 22 SD-WAN_to_ftp.ffi.co.id SD-WAN INSIDE all VIP_ftp.ffi.co.id always VIP_Services ACCEPT Disabled
IPS: default
AntiVirus: default
5 29 PPTP_to_INSIDE_HO SD-WAN INSIDE VPN_PPTP_POOL HO-GROUP-ALL-KFC always all ACCEPT Disabled
IPS: default
AntiVirus: default
6 30 PPTP_to_INSIDE_BRANCH SD-WAN INSIDE VPN_PPTP_POOL BRANCH-GROUP-KFC always all ACCEPT Disabled
IPS: default
7 25 INSIDE_to_SD-WAN_AD-DNS INSIDE SD-WAN AD_DNS_SERVER all always DNS ACCEPT Enabled AntiVirus: default
AntiVirus: default
8 16 INSIDE_to_SD-WAN_VIP INSIDE SD-WAN aron, Roy IT, VENDOR all always Internet_Services ACCEPT Enabled Web Filter: default
IPS: default
AntiVirus: default
Web Filter: IT Web Filter
9 15 INSIDE_to_SD-WAN_IT INSIDE SD-WAN HO-GROUP-IT all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
10 14 INSIDE_to_SD-WAN_SERVER INSIDE SD-WAN HO-GROUP-SERVER all always Internet_Services ACCEPT Enabled
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Break
11 17 INSIDE_to_SD-WAN_LT.2_(Break) INSIDE SD-WAN HO-GROUP-LT.2 all Work_Hour_KFC_Break Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Anytime
12 10 INSIDE_to_SD-WAN_LT.2_(Anytime) INSIDE SD-WAN HO-GROUP-LT.2 all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Break
13 18 INSIDE_to_SD-WAN_LT.3_(Break) INSIDE SD-WAN HO-GROUP-LT.3 all Work_Hour_KFC_Break Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Anytime
14 11 INSIDE_to_SD-WAN_LT.3_(Anytime) INSIDE SD-WAN HO-GROUP-LT.3 all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Break
15 19 INSIDE_to_SD-WAN_LT.4_(Break) INSIDE SD-WAN HO-GROUP-LT.4 all Work_Hour_KFC_Break Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Anytime
16 12 INSIDE_to_SD-WAN_LT.4_(Anytime) INSIDE SD-WAN HO-GROUP-LT.4 all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Break
17 20 INSIDE_to_SD-WAN_LT.5_(Break) INSIDE SD-WAN HO-GROUP-LT.5 all Work_Hour_KFC_Break Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Anytime
18 13 INSIDE_to_SD-WAN_LT.5_(Anytime) INSIDE SD-WAN HO-GROUP-LT.5 all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: WF_KFC_Anytime
19 31 SD-WAN_to_SD-WAN_PPTP-INTERNET SD-WAN SD-WAN VPN_PPTP_POOL all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: IT Web Filter
20 1 IT_USERs_to_SD_WAN INSIDE SD-WAN IT USERS all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: VIP
21 2 VIP_USERs_to_SD-WAN INSIDE SD-WAN VIP Users all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
Implementation Document
47
Confidential
FORM-SE-15
Konfigurasi Perangkat
AntiVirus: default
Web Filter: Normal User
22 3 Normal_Users_to_SD-WAN INSIDE SD-WAN Riyani, TAX, Users Group all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: Call Center
23 4 Call_Center_to_SD-WAN INSIDE SD-WAN Andri, mahipal, Wahab all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: ebanking
24 5 E-Banking_to_SD-WAN INSIDE SD-WAN ebanking-group all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: ebanking
25 6 Sunfish_to_SD-WAN INSIDE SD-WAN Ciracas Network, XL all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
AntiVirus: default
Web Filter: Allow Social Media
26 7 Social_Media_to_SD-WAN INSIDE SD-WAN update.microsoft.com all always Internet_Services ACCEPT Enabled Apps Control: Application Control
KFC
IPS: default
SSLVPN_TUNNEL_ADDR
27 23 SSL_VPN_IT_to_INSIDE_HO SSL-VPN INSIDE HO-GROUP-ALL-KFC always ALL ACCEPT Enabled -
1, SSL_VPN_IT
SSLVPN_TUNNEL_ADDR
28 27 SSL_VPN_IT_to_INSIDE_BRANCH SSL-VPN INSIDE BRANCH-GROUP-KFC always ALL ACCEPT Enabled -
1, SSL_VPN_IT
SSLVPN_TUNNEL_ADDR
29 24 SSL_VPN_BRANCH_to_INSIDE_HO SSL-VPN INSIDE HO-GROUP-ALL-KFC always ALL ACCEPT Enabled -
1, SSL_VPN_BRANCH
SSLVPN_TUNNEL_ADDR
30 28 SSL_VPN_BRANCH_to_INSIDE_BRANC SSL-VPN INSIDE BRANCH-GROUP-KFC always ALL ACCEPT Enabled -
1, SSL_VPN_BRANCH
SSLVPN_TUNNEL_ADDR
31 32 SSL_VPN to SSL_VPN SSL-VPN SSL-VPN SSLVPN_TUNNEL_ADDR1 always ALL ACCEPT Enabled -
1, SSL_VPN_IT
32 0 Implicit Deny all all all all always ALL DENY - -
Implementation Document
48
Confidential
FORM-SE-15
Lampiran 1 - Referensi
Implementation Document
49
Confidential
FORM-SE-15