INTERNETWORKING

MODUL PRAKTIKUM

Disusun Oleh :

Santoso, S.Si

JURUSAN TEKNIK INFORMATIKA
Hal 1 dari 115

POLITEKNIK POS INDONESIA 2006

DAFTAR GAMBAR
……………………………………………………………. … III-3

Gambar 3.1 Gambar 3.2

…………………………………………………… III-4

Hal 2 dari 115

DAFTAR ISI
Petemuan 1 dan 2 LAB 1 Instalasi Linux Slackware ……………………………………………………………. 1.1. Kebutuhan Sistem (System Requirement) …………………………………………………... 1.2. Software yang akan diinstall ………………………………………………………………… 1.3. Metode Instalasi …………………………………………………………………………….. 1.4. Langkah – langkah Instalasi Slackware 10.1 ........................................................................... 1.5. Membuat Partisi Linux ………………………………………………………………………. 1.6. Perintah-Perintah di Linux …………………………………………………………………... Pertemuan 3, 4, 5 LAB 2 FTP Server dan Web Server ........................................................................................... 2.1. FTP Server ............................................................................................................................... 2.1.1 File-file konfigurasi ............................................................................................................... 2.1.2 Pengujian FTP Server ............................................................................................................ 2.2. Web Server .............................................................................................................................. 2.2.1 Membuat Web Server ............................................................................................................ 2.2.2 File-file konfigurasi ............................................................................................................... 2.2.3 Pengujian Web Server ........................................................................................................... 2.3. Virtual Host ............................................................................................................................. 2..3.1 Membuat Virtual Host ......................................................................................................... 2.3.2 Pengujian Pertemuan 6,7+Quiz LAB 3 Proxy Server …………………………………………………………………………… 3.1 Membuat Proxy Server dengan Squid ……………………………………………………….. 3.2 Kompilasi dan Instalasi ............................................................................................................ 3.3 Konfigurasi ………………………………………………………………………………….. 3.4 Menggunakan Squid ………………………………………………………………………… 3.5 Mengujicoba Server Proxy/Squid …………………………………………………………… 3.6 Mengkonfigurasi squid sebagai transparan proxy …………………………………………… Pertemuan 8,9 LAB 4 Membuat Mail Server ...................................................................................................... 4.1. Posfix ...................................................................................................................................... 4.1.1 Instalasi Postfix ..................................................................................................................... 4.1.2 Instalasi TPOP3D .................................................................................................................. 4.2. SendMail .................................................................................................................................. 4.2.1 Instalasi dan Konfigurasi SendMail ....................................................................................... 4.2.2. Perintah pada Server SendMail ............................................................................................. 4.2.3 Instalasi dan Konfigurasi Server POP3 ................................................................................. 4.2.4 Pengujian ............................................................................................................................... 4.3. DMMail Client ……………………………………………………………………………… 1 1 1 2 2 3 7 10 10 10 12 13 14 14 15 17 17

20 20 20 20 21 22 22 24 24 24 27 28 29 30 30 31 31

Hal 3 dari 115

...............................................1.............................2................................................. Lab 6...................18 Internet working packet eXchange (IPX) ……………………………………………… Lab 6................................ Langkah-2 pembuatan Routing Dinamis ……………………………………………………..11 Configuring VLANs and ISL ...1.................12 Backing up your Router IOS ..........2 Konfigurasi pada router2 dan route .........................................................................................................3 Commands for starting dan saving configurations ..............22 IPX Standard access-lists ..........4 Setting your paswords ............................................................. 5............................................................................................ Lab 6............................................................10 Dynamic Routing with IGRP .................. Routing Statik .....................................................................26 Frame relay with sub interface ............................................................................... Lab 6............................ Lab 6.8 Default Routes ................... Lab 6................................................. Lab 6.........................................................................................................23 PPP configuration ..........................................................................5 Setting your hostname.....20 Standard IP Address List ...........17 Cisco discovery protocol (CDP) ………………………………………………………..................... Lab 6.................................3 De Militerized Zone ( DMZ). 33 33 33 35 35 35 35 37 40 41 42 44 45 47 50 55 57 59 61 63 66 68 70 71 73 75 78 85 87 89 92 94 95 96 100 109 112 113 Hal 4 dari 115 ............................... Lab 6............ IP address................................................ Lab 6... Appendix B : Port security on the 1900 switch ..................................................2 Help and Editing .............1..................................................................................... Lab 6............. 5....................................................................1 Instalasi Zebra Routing ..................................... Lab 6...................................... Lab......................................... 5.....................27 ISDN configuration ............. Lab 6............................................................................................................................................................................ Lab 6.................21 Extended IP access lists ... Lab 6........ Petemuan 12.....................................................................................24 Configuring PPP Authentication .......................... Lab 6. Appendix B...................... ......................................................................................2.................. Lab 6. Routing Dinamis ............................................................................................6 Configuration the lab ................................................................13 Upgarding or restoring your router IOS ................................................................................16 IP name Resolution ..............................................................................................1 Langkah-2 pembuatan Routing Statik ……………………………………………………… 5.................................19 Adding secondary network addresses and multiple frame types with IPX ..............................................9 Dynamic Routing with RIP .....................Pertemuan 10.................................................................................................................................. Lab 6..... 5.......................................2............................. Lab 6.....................................13.............................................................................14 Back Up the router configuration ... Lab 6..........11 LAB 5 Routing .................... 5......................... Lab 6....... Lab 6........ Identification..................................................... Lab 6.............................25 Point –to-point frame Relay ............................................1 Login ....................1........................................................................................................ Managing the 1900 switch ......................7 Creating Static Routes ................... Lab 6. adding a banner....................................................................................................... bandwidth and clock rate.................................................... .........................................................................................15 Telnet .. Lab 6.....................................14+QUIZ Lab 6 Router ............................. 6... Lab 6.. 5.............

Modul 2 : ......... I-3 II-3 KATA PENGANTAR Modul praktikum ini disusun sebagai pedoman bagi mahasiswa di lingkungan Politeknik Pos Indonesia yang mengikuti praktikum mata kuliah Internetworking................1 Tabel 2. akan dipelajari dan dipraktekan tahapan-tahapan dalam proses pemantapan penguasaan jaringan pada wide area network...... Modul 4 : . Tujuan dari pelaksanaan praktikum mata kuliah Internetworking ini adalah untuk memperdalam mata kuliah komputer yang diberikan kepada mahasiswa di Jurusan Teknik Informatika sebelumya Di dalam kegiatan praktikum ini..... pembahasan singkat mengenai ……...... Modul 5 : .... dan referensi.... Modul 3 : .. ……………………………………………………………...... tugas-tugas praktikum dan tugas-tugas pendahuluan/rumah yang harus dikerjakan oleh para praktikan.. berisi tujuan umum praktikum................ Diharapkan para praktikan telah mempersiapkan materi yang akan diberikan pada praktikum demi kelancarannya. Modul praktikum Internetworking ini terdiri dari 6 Modul dengan topik bahasan sebagai berikut : Jaringan • • • • • • Modul 0 : Pendahuluan....1 .... pembahasan teori praktis........ Modul 1 : .......DAFTAR TABEL Tabel 1. Hal 5 dari 115 ...... Susunan modul ini terdiri dari tujuan.........

2006 Penyusun Hal 6 dari 115 . instruktur. Modul ini masih belum sempurna. Selain itu praktikan diharapkan mengikuti mata kuliah Internetworking dengan baik. Oleh karena itu penyusun berharap agar para pemakai modul ini dapat memberikan sumbangan saran untuk perbaikan modul Internetworking ini. asisten maupun praktikan yang terlibat dalam praktikum. karena salah satu sumber selain modul adalah materi yang diberikan pada saat kuliah. serta dapat meningkatkan kemampuan mahasiswa dalam menguasai proses-proses dalam perancangan dan pelaksanaan instalasi serta konfigurasi pada perangkat lunak maupun perangkat keras yang mendukung jaringan pada wide area network. Semoga modul ini dapat bermanfaat bagi para personil yang terlibat dalam praktikum rekayasa perangkat lunak.Materi yang diberikan dalam modul dan pada saat praktikum masih belum lengkap dan untuk itu praktikan diharapkan dapat mencari referensi tambahan yang diperlukannya baik di perpustakaan maupun melalui media internet. ………. sehingga perlu dikaji baik oleh dosen pengajar. Bandung.

....... Mata Kuliah Internetworking Ketua Jurusan Teknik Informatika Santoso ........ Juli 2003 Kord...............Si Telah disetujui dan disahkan untuk dijadikan bahan ajar di Jurusan Teknik Informatika Bandung... S. TEKNIK PENILAIAN Hal 7 dari 115 ........Nama matakuliah INTERNEWORKING Disusun Oleh : Santoso..

Laporan Praktikum (LP) : 40% Yang terdiri dari : • • • • • • Dokumen Proposal dan Pengembangan Sistem : 15% Dokumen SRS : 20% Dokumen SDD : 20% Dokumen Implementasi : 15% Dokumen Pengujian : 15% Software Aplikasi : 15% c.. adalah sebagai berikut : 85 ≤ Nilai ≤ 100 Grade : A 75 ≤ Nilai < 85 Grade : B 65 ≤ Nilai < 75 Grade : C 55 ≤ Nilai < 65 Grade : D 0 ≤ Nilai < 55 Grade : E 3..Teknik penilaian praktikum mata kuliah adalah sebagai berikut : 1...... Range nilai mata praktikum .. Rincian bobot nilai mata praktikum Interneworking adalah sebagai berikut : a. Absensi/Kehadiran(AK) : 10% 2.. Praktikan dianggap LULUS jika nilai praktikumnya ≥ 65 TEKNIK PELAKSANAAN PRAKTIKUM Hal 8 dari 115 .... Nilai Praktikum : 50% Yang terdiri dari : • • • • • Tugas Pendahuluan(TP) : 20% Tugas Rumah(TR) : 15% Latihan-latihan Praktikum(LLP) : 40% Test Awal/Test Akhir(TA) : 10% Asistensi : 15% b....

3. Analisa. dst) dan/atau • Penyelesaian masalah (algoritma. Pelaksanaan praktikum Interneworking dimulai dari tahapan persiapan dari Dosen. terdiri dari : • Permasalahan/ Pendahuluan (Latar Belakang Masalah. print-out program. hasil analisa dst) • Kesimpulan Hal 9 dari 115 . hasil running program.. Batasan Masalah. (Jika tidak mengumpulkan tugas pendahuluan praktikan tidak diperkenankan mengikuti praktikum).> Untuk memenuhi tugas Praktikum Internetworking Di Jurusan Teknik Informatika Disusun oleh : <NPM> <Nama > Laboratorium Jurusan Teknik Informatika – Politeknik Pos Indonesia Bandung 2006 Logo Poltek Pos <Nama Asisten/Dosen> Asisten/Dosen Halaman : n/m Dimana <n : halaman ke-> dan <m : jumlah halaman> Tanggal : <Tanggal dikumpulkan> Halaman Isi. Bentuk laporan tugas adalah sebagai berikut : Halaman Depan (sampul). Praktikan harus menyelesaikan tugas pendahuluan dan diserahkan pada Instruktur/Asisten dengan tertib sebelum praktikum dimulai.. Asisten dan Praktikan. 2.1. dst) • Isi (Landasan Teori. berisi informasi : <Nama Modul> <Nama Tugas> <Tugas Ke-.

Praktikan harus mengerjakan semua tugas yang diberikan oleh Dosen/Asisten. kecuali cover. Hal 10 dari 115 . praktikan dapat menghubungi asisten/dosen untuk melaksanakan asistensi. baik tugas pendahuluan. Asistensi dilaksanakan pada saat praktikum berlangsung dan di luar praktikum. Diakhir praktikum praktikan harus menyerahkan dokumen-dokumen praktikum dan software aplikasi yang telah dibuat dalam bentuk softcopy maupun hardcopy. print-out program dan tugas khusus (atas persetujuan dosen) boleh di print. latihan maupun tugas rumah. 10. 8. 9. 5.Catatan : Tugas ditulis tangan menggunakan tinta warna hitam. Selama di dalam ruang praktikum. praktikan harus mengikuti semua latihan dan petunjuk yang diberikan Dosen/Asisten. Praktikan di harapkan aktif baik untuk mengajukan pertanyaan maupun menjawab pertanyaan. Asistensi diadakan untuk membantu praktikan dalam menyelesaikan proyek perangkat lunak yang diberikan.. 6.modul dan maksimum diselesaikan dalam 12 kali pertemuan. Asistensi dilaksanakan minimum satu minggu sekali disesuaikan dengan waktu yang dimiliki asisten/instruktur dan praktikan. Modul Praktikum sebanyak . 7.. 4.

Lab 1 Instalasi Linux Slackware 1. Berisi tool pemrograman Tk. Berisi sistem dasar untuk X-Window. Sistem Help. Berisi aplikasi sistem Desktop KDE. Berisi kode sumber (source code) kernel linux. Berisi aplikasi sistem Desktop GNOME.2. telnet. Berisi pustaka sistem (system library) Berisi aplikasi networking: Daemons. diperlukan proses pengecekan kebutuhan sistem yang dimiliki.1. dan dokumentasi GNOME K KDE KDEI L N T TCL X XAP : : : : : : : : : : lainnya. 1. Berisi aplikasi yang membutuhkan sistem X-Window dan independen Hal 11 dari 115 . dan TkDesk. pada distribusi Linux Slackware setiap software dikelompokkan dalam group-group. news reader. TclX. Berisi dukungan bahasa internasional untuk sistem KDE. Interpreter.5" floppy drive Kebutuhan minimal diatas akan bertambah jika ingin menjalankan sistem X-Window. E : Berisi aplikasi GNU Emacs. Berisi aplikasi teTeX untuk kebutuhan format sistem dokumen. Berikut ini adalah kebutuhan sistem minimal yang diperlukan: • • • • 486 processor 16MB RAM (32MB suggested) 100-500 megabytes of hard disk space for a minimal and around 3. HOWTOs. D : Berisi kumpulan aplikasi untuk kebutuhan pengembangan (Development Tools) seperti Kompilator. Kebutuhan Sistem (System Requirement) Sebelum melakukan instalasi Linux Slackware. Group tersebut terdiri adalah: A : Group ini berisi kumpulan software dasar yang dibutuhkan untuk menjalankan Linux Slackware seperti teks editor dan komunikasi.5GB for full install 3. AP : Kumpulan aplikasi / software yang dapat dijalankan tanpa sistem XWindow. F : Berisi FAQs (Frequently Asked Questions). Debugger. aplikasi mail. dan lain-lain. Software yang akan diinstall Langkah berikutnya adalah menentukan software apa saja yang akan diinstall.

Enlightment dan lain-lain. GNOME.1 yang terdiri dari empat buah CDROM Nyalakan komputer dan atur agar First Boot Sequence BIOS mengarah ke CD-ROM Masukkan CD-1 Linux Slackware ke CD-ROM Drive Tunggu hingga muncul layar instalasi slackware. Instalasi dengan CD-ROM. karena cara ini dianggap cara yang paling mudah. Dalam praktikum kali ini akan dipraktekkan instalasi Linux Slackware menggunakan CDROM Slackware 10. Instalasi dengan disket boot dan disket root. Ketikkan jenis harddisk yang digunakan. Instalasi dengan memanfaatkan partisi DOS / Windows 2. yang ditandai dengan munculnya karakter titik dua (:).4.1 : Booting Software Langkah 1 Langkah 2 Langkah 3 Langkah 4 Langkah 5 : : : : : Siapkan Software Slackware 10. atau scsi.s untuk Langkah 6 : jenis harddisk SCSI Selanjutnya akan ada permintaan nama user yang akan login. Metode Instalasi Slackware menyediakan beberapa metode / cara instalasi. 3.terhadap sistem desktop tertentu. kemudian tekan tombol ENTER Misalkan bare. Artinya dapat dijalankan pada KDE. 1.1 Berikut ini adalah langkah melakukan Instalasi linux slackware 10.i untuk jenis harddisk IDE.5. yaitu: 1. Y : Berisi aplikasi game. 1. ketikkan root kemudian tekan tombol ENTER 1.1. Langkah – langkah Instalasi Slackware 10. Membuat Partisi Linux Hal 12 dari 115 .3.

ketikkan p kemudian tekan ENTER. Langkah-langkah membuat partisi Linux adalah sebagai berikut: Langkah 7 : #fdisk /dev/hda maka akan ditampilkan baris seprti berikut : Langkah 8 Command (m for help): : Untuk menampilkan perintah-perintah yang ada ketikkan m kemudian tekan ENTER. 683 cylinders Units = cylinders of 608 * 512 bytes Hal 13 dari 115 . Maka akan ditampilkan menu seperti berikut ini: Command (m for help): m Command action a toggle a bootable flag d delete a partition l list known partition types m print this menu n add a new partition p print the partition table q quit without saving changes t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only) Command (m for help): Langkah 9 : Untuk menampilkan partisi yang telah ada di harddisk.Agar Linux dapat diinstalasi. 38 sectors. terlebih dahulu disediakan ruangan pada harddisk untuk menyimpan System. Makan akan muncul menu seperti berikut ini: Command (m for help): p Disk /dev/hda: 16 heads. Diasumsikan pada praktikum kali ini semua harddisk yang digunakan berjenis IDE.

maka gantilah menjadi Linux Swap dengan langkah sebagai berikut: o o o Ketik t kemudian tekan ENTER Ketik nomor urut partisi yang akan diganti jenisnya. misalnya 1 ENTER. Maka partisi swap yang harus dibuat adalah 256MB. Diasumsikan RAM yang digunakan adalah 128MB. Ketik 82 kemudian ENTER (82=Linux Swap) Langkah 12 : Kini buatlah partisi Linux Native sebagai tempat sistem Linux. Lihat menu dibawah ini : Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (204-683): 204 Last cylinder or +size or +sizeM or +sizeK (204-683): +256M Langkah 11 : Karena partisi yang terbentuk pada langkah sebelumnya adalah Linux Native. dengan cara sebagai berikut: Hal 14 dari 115 .Device Boot Id 6 System * /dev/hda1 Begin 1 Start 1 End 203 Blocks 61693 DOS 16-bit >=32M Command (m for help): Langkah 10 : Selanjutnya kita akan buat terlebih dahulu Partisi Swap sebesar 2 kali ukuran RAM yang digunakan.

default Make tags yang digunakan adalah verbose. 2 adalah nomor urut partisi untuk Linux Native. untuk versi Linux Slackware 10.1 terdiri dari 4 CD-ROM namun pada proses instalasi software ini hanya dibutuhkan 2 CD-ROM. sedang 1 telah digunakan untuk Linux Swap. : Digunakan untuk menentukan mode proses instalasi menggunakan sistem quick (cepat) atau verbose. Pada pertanyaan First cylinder dan Last cylinder tekan : Ketik w kemudian ENTER untuk menyimpan partisi yang telah dibuat. Addswap : Digunakan untuk menentukan digunakan sekaligus menformatnya. : Digunakan untuk mapping keyboard yang digunakan. maka akan terlihat sebagai berikut: Help Keymap Quick : Digunakan untuk menampilkan informasi bantuan proses instalasi. Selanjutnya sampailah pada langkah untuk instalasi software-software yang ada pada Linux Slackware. : Memungkinkan bagi yang telah mahir dengan Linux Slackware untuk mengkustomisasi proses instalasi partisi swap yang dengan membuat file tags. Langkah 14 : #setup Setelah diketik perintah setup tekan enter.o o o o ENTER. default yang digunakan adalah keyboard jenis US. Langkah ini wajib Target dilakukan. : Digunakan untuk menentukan partisi yang akan dijadikan sebagai tempat sistem Linux dalam hal ini jenis partisi Hal 15 dari 115 . Langkah 13 Ketik n kemudian ENTER Ketik p kemudian ENTER Ketik 2 kemudian ENTER.

Pada pilihan ini akan dilakukan proses format dan pembuatan filesystem. domain. Untuk lebih mudahnya lakukan instalasi penuh (Full).26. Dalam praktikum kali ini mahasiswa akan diberikan beberapa perintah yang paling sering digunakan dalam administrasi sistem linux. maka akan ada permintaan username dan password. Keluarkan CDROM dan tekan tombol restart (CTRL+ALT+DEL). Configure : Digunakan untuk melakukan konfigurasi setelah proses intalasi selesai dilakukan. maka pilihlah menu Exit. Pada pilihan ini akan ditentukan nama host. Setelah langkah Configure selesai dilakukan. ip. santos@login: root Password: Linux 2. Langkah ini Source wajib dilakukan. login Perintah ini digunakan untuk melakukan log in dalam sistem linux. : Digunakan untuk melaksanakan proses instalasi sesuai dengan proses-proses sebelumnya. Hampir seluruh perintah di linux menggunakan huruf kecil.adalah Linux Native. 1.4. misalnya dari CD-ROM. Perintah-Perintah di Linux Sistem operasi Linux menyediakan perintah-perintah baris (command line) untuk keperluan administrasi. Langkah ini wajib dilakukan. Langkah ini wajib Disk sets Install dilakukan. dan password root. Setelah perintah ini diketikkan.6. Hal 16 dari 115 . netmask. : Digunakan untuk menentukan program sumber Linux Slackware. : Digunakan untuk menentukan disk mana saja yang akan diikutsertakan dalam proses instalasi.

(mengaktifkan direktori yang lebih atas satu level) root@santos:~# cd / (mengaktifkan direktori root) 5. Contoh: root@santos:~# pwd root@santos:~# Hal 17 dari 115 . Contoh: root@santos:~# mkdir test 4. ls [options] [file. Contoh: root@santos:~# cp test1.] Digunakan untuk menampilkan daftar file dan direktori. cd directory Digunakan untuk mengganti direktori yang aktif.No mail.txt test6. pwd Digunakan untuk menampilkan direktori yang aktif.. 1. Contoh: root@santos:~# cd test (mengaktifkan direktori test) root@santos:~# cd . mkdir [options] directory Digunakan untuk membuat sebuah direktori.. root@santos:~# logout Perintah ini digunakan untuk log out dari sistem linux.txt 3. Perintah ini adalah kebalikan perintah login. cp [options] file path Digunakan untuk membuat duplikasi file atau direktori.. -a Menampilkan daftar file termasuk file yang tersembunyi (berawalan titik). Perintah ini memiliki sejumlah option antara lain yang sering digunakan adalah: -l Menampilkan daftar file dalam bentuk kolom secara lengkap. Contoh: root@santos:~# ls -l root@santos:~# ls -l 2.

26.1 Linux 2. Dalam praktikum kali ini akan dibahas bagaimana membuat sebuah server ftp menggunakan aplikasi Proftpd.1. chown [options] user:[group] file Digunakan untuk mengganti kepemilikan file atau direktori.txt LAB 2 FTP Server dan Web Server 2. Contoh: chown santos:users test1. FTP Server File Transfer Protocol (FTP) adalah salah satu layanan internet yang memungkinkan kita melakukan upload / download file ke / dari server ftp.4. Jika digunakan dengan option –r maka dapat digunakan untuk menghapus direktori. root@santos:~#whereis proftpd Hal 18 dari 115 . chmod [options] mode file Digunakan untuk mengganti mode akses file atau direktori.6. Jenis mode akses yang dapat diterapkan adalah: • r (4): read • w (2): write • x (1): execute Contoh chmod 777 test1.txt rm –r test/ 7. Contoh: rm test6. rm [options] file Digunakan untuk menghapus file atau direktori.txt chown –R santos:users test/ 8. Berikut ini adalah langkah-langkah pembuatan server ftp: whereis proftpd Perintah ini digunakan untuk melakukan pengecekan apakah program proftpd sudah terinstal di server Linux Slackware 10.

org. RequireValid : Jika diisi dengan off maka pengecekan jenis shell yang digunakan Shell client ditiadakan.conf.conf ServerName : Digunakan untuk menentukan nama server ftp. Misalnya bash. Umask : Default dari baris ini adalah 022.proftpd: /usr/sbin/proftpd /etc/proftpd. sedangkan tipe inetd akan menjalankan server ftp berdasarkan program inetd dengan konfigurasi yang pada file /etc/inetd.8. sebaliknya jika diisi on maka client yang mengakses ftp server harus memiliki jenis shell yang sama dengan server. 2. csh dan lain-lain.proftpd.tgz atau menggunakan program sumbernya yang dapat diambil dari website www.conf dan /etc/ftpusers sedangkan pada file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti berikut: ftp-data ftp-data ftp ftp 20/tcp 20/udp 21/tcp 21/udp #File Transfer [Default Data] #File Transfer [Default Data] #File Transfer [Control] #File Transfer [Control] Beberapa baris konfigurasi yang penting pada file /etc/proftpd. yang digunakan untuk kontrol koneksi antara server dan client. yang digunakan untuk menentukan Hal 19 dari 115 .conf /usr/man/man8/proftpd. Port : Default dari baris ini adalah 21.gz root@santos:~# Jika file proftpd tidak ditemukan. yaitu standalone dan inetd.8.1 File-file konfigurasi File-file konfigurasi yang digunakan adalah /etc/proftpd. misalnya “FTP Server Poltekpos” ServerType : Tipe ftp server ada 2 macam. sh.1 yang berupa paket . yang digunakan untuk menentukan mode dari file yang ditulis oleh client yaitu rw--r--r-MaskInstance : Default dari baris ini adalah 30.1. maka Anda harus menginstallnya terlebih dahulu.gz /usr/share/man/man8/proftpd. Jika dipilih standalone maka server ftp harus dijalankan manual. Proses instalasi dapat dilakukan menggunakan cdrom slackware 10.

.. WRIT.. User. Agar layanan ini dapat disediakan maka hapus baris ftp dari file /etc/ftpusers.. .. Akses yang dapat ditentukan adalah: READ..... User : Digunakan untuk menentukan nama user dan group yang menjalankan Group server ftp.... . Group. SystemLog : Digunakan untuk menentukan nama file yang mencatat penggunakan server ftp. </Limit> Diantara baris <Limit> dan </Limit> dapat berisi baris: DenyAll AllowAll Allow From <ip> Deny From <ip> : : : : Menolak semua akses dari semua ip address. DisplayFirstChdir dan tentu saja baris <Limit> dan </Limit>.. Nilai default untuk user adalah nobody. <Limit : Baris ini terletak diantara baris <Directory> dan </Directory> dan ACCESS> .s jumlah proses ftp yang dapat berlangsung pada saat yang bersamaan.. Menerima akses dari ip tertentu. UserAlias.. Baris ini hanya akan mempunyai efek pada tipe ftp standalone.. . DELE. . Menolak akses dari ip tertentu. .. <Directory : Baris ini digunakan untuk menentukan kebijakan akses terhadap DIR> . Menerima semua akses dari semua ip address. Diantara baris <Anonymous> dan </Anonymous> dapat diberikan baris lain seperti MaxClients. TransferLog : Digunakan untuk mencatat proses upload / download yang telah dilakukan. Contoh: <Directory /*> AllowOverwrite ON </Directory> digunakan untuk menentukan akses terhadap direktori yang telah ditentukan pada baris <Directory>.... </Directory> Memungkinkan untuk menimpa file yang telah ada pada proses upload dengan nama file sama... Hal 20 dari 115 anonymous (tanpa user terdaftar). MKD. sedangkan group adalah nogroup. STOR <Anonymous : Baris ini digunakan untuk menentukan layanan ftp untuk user ~ftp> ... . </Anonymous > Home directory dari user anonymous adalah /home/ftp.. DisplayLogin. direktori tertentu.

Web Server Sistem Operasi Linux Slackware 10. Menentukan mode transfer menjadi binary. Mengambil beberapa file dari server ftp. Hal 21 dari 115 .2 Pengujian FTP Server Pengujian terhadap server ftp dapat dilakukan baik dari lokasi server maupun client. Lokasi Server root@santos:~#ftp localhost ftp> Lokasi client I:\>ftp 192. Menampilkan status konfigurasi sesi ftp yang aktif.1 menyediakan layanan web menggunakan software web server Apache 1. Membuat sebuah direktori baru. Menghapus beberapa file.1 ftp> bye Perintah-perintah pada sesi ftp get / recv put / send mget mput prompt help bye/quit cd lcd mkdir rmdir binary ascii type delete mdelete hash rename pwd close/disconnect ls status open verbose user : : : : : : : : : : : : : : : : : : : : : : : : : Mengambil sebuah file (download) dari server ftp. Toggle on/off konfirmasi download / upload / delete. Menampilkan bantuan / daftar perintah yang ada. Mengaktifkan direktori tertentu pada komputer client. Mengaktifkan koneksi ke server ftp. Mengganti nama sebuah file / direktori.168. Menampilkan direktori aktif. Menghapus sebuah file. Toggle on/off untuk menampilkan hasil suatu proses ftp. Menghapus sebuah direktori.4.2. 2. Meletakkan beberapa file ke server ftp. Namun Anda masih dapat menggunakan software web server lain jika diinginkan. Meletakkan sebuah file (upload) ke server ftp.2.33 secara default. Menentukan mode transfer menjadi ascii. Menampilkan daftar file / direktori. Mengganti user yang aktif.3.1. Mengaktifkan direktori tertentu pada komputer server. Mengakhiri sesi ftp tanpa kembali ke sistem operasi. Menampilkan mode transfer file yang sedang aktif. Toggle on/off untuk menampilkan proses download / upload. Mengakhiri sesi ftp dan kembali ke sistem operasi.

2.2.1 Membuat Web Server Berikut ini adalah langkah-langkah pembuatan server web dengan Apache 1.3.33: whereis httpd Perintah ini digunakan untuk melakukan pengecekan apakah program httpd sudah terinstal di server Linux Slackware 10.1 Last login: Mon Apr Linux 2.4.29. root@santos:~#whereis httpd httpd:/usr/sbin/httpd/usr/man/man8/httpd.8.gz /usr/share/man/man8/httpd.8.gz root@santos:~# Jika file httpd tidak ditemukan, maka Anda harus menginstallnya terlebih dahulu. Proses instalasi dapat dilakukan menggunakan cdrom slackware 10.1 yang berupa paket .tgz atau menggunakan program sumbernya yang dapat diambil dari website www.apache.org. 2.2.2 File-file konfigurasi File konfigurasi penting yang digunakan adalah /etc/apache/httpd.conf, sedangkan pada file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti berikut: http http 80/tcp 80/udp www www-http www www-http #World Wide Web HTTP #World Wide Web HTTP 4 12:58:02 2005

Beberapa baris konfigurasi yang penting pada file /etc/apache/httpd.conf ServerType : Baris ini menentukan apakah apache dijalankan secara standalone atau inetd. Menjalankan apache secara standalone cukup dengan mengetikkan perintah /usr/sbin/httpd start, sedangkan jika ingin menjalankan apache menggunakan inetd cukup menghilangkan karakter # pada file /etc/inetd.conf pada baris ftp stream tcp nowait root /usr/sbin/tcpd httpd StartServer : Menentukan jumlah server apache yang akan dijalankan. Jika apache dalam keadaan running, maka jumlah server yang dijalankan bisa MaxClients dilihat dengan perintah ps axf | grep httpd : Menentukan jumlah client yang bisa tersambung ke web server secara bersamaan.
Hal 22 dari 115

Port : Menentukan nomor port yang digunakan oleh apache, defaultnya adalah port 80 User : Menentukan nama user dan group yang menjalankan apache, akan Group ServerAdmin ServerName DocumenRoot DirectoryInde x : : : : lebih aman jika yang digunakan adalah bukan user root. Menentukan email address Administrator web server. Menentukan nama web server, misalnya www.poltekpos.net Menentukan letak file-file web, defaultnya terletak di /var/www/htdocs Menentukan nama file yang pertama kali dibaca oleh web server, misalkan index.html index.htm index.php

2.2.3 Pengujian Web Server Pengujian terhadap server web dapat dilakukan baik dari lokasi server maupun client. Lokasi server: root@santos:~#lynx localhost Test Page for the SSL/TLS-aware Apache Installation on Web Site Hey, it worked ! The SSL/TLS-aware Apache webserver was successfully installed on this website. If you can see this page, then the people who own this website have just installed the Apache Webserver software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content. ATTENTION! If you are seeing this page instead of the site you expected, please contact the administrator of the site involved. (Try sending mail to webmaster@domain>.) Although this site is running the Apache software it almost certainly has no other connection to the Apache Group, so please do not send mail about this site or its contents to the Apache authors. If you do, your message will be ignored.

Hal 23 dari 115

The Apache online documentation has been included with this distribution. Especially also read the mod_ssl User Manual carefully. Your are allowed to use the images below on your SSL-aware Apache Web server. Thanks for using Apache, mod_ssl and OpenSSL! Apache Webserver mod_ssl Interface OpenSSL Toolkit

Lokasi client:

2.3. Virtual Host
Hal 24 dari 115

# Hal 25 dari 115 . dimungkinkan untuk dibuat virtual host.conf Atur baris NameVirtualHost *:80 agar menjadi seperti berikut: # # Use name-based virtual hosting. artinya di dalam satu web server.1 Membuat Virtual Host  Buat direktori /var/www/htdocs/tes root@myhost:/var/www/htdocs# mkdir /var/www/htdocs/tes  Buat file html bernama index.net: 2..3. # NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container.html yang isinya seperti beriktu: <HTML> <HEAD><TITLE>VIRTUAL HOST</TITLE></HEAD> <BODY> <H1>TESTING VIRTUAL HOST</H1> </BODY> </HTML>  Edit file /etc/apache/httpd. Hanya direktori penyimpanan file-file webnya yang berbeda.poltekpos.Dengan apache. bisa terdapat beberapa domain sekaligus. # The first VirtualHost section is used for requests without a known # server name. Berikut akan kita praktekkan bagaimana membuat virtual host dengan nama tes.

net ke file /etc/hosts. kemudian simpan.2 Pengujian Tes virtual host dengan perintah lynx http://tes.com-access_log LAB 3 Proxy Server Hal 26 dari 115 .poltepos.net tes.2 # End of hosts. 2.168.net:80> ServerAdmin munir@myhost.0.com-error_log CustomLog logs/dummy-host.1 192.2 192.0.<VirtualHost tes.example. 127.poltekpos.net/ localhost myhost.168.net # # common </VirtualHost>  Simpan file httpd.poltekpos. # For loopbacking.poltekpos.example.net ErrorLog logs/dummy-host.3.poltekpos.0.net DocumentRoot /var/www/htdocs/tes ServerName tes.0.conf tersebut  Restart apache dengan perintah apachectl restart  Tambahkan baris tes.poltekpos.poltekpos.

5. pico./configure --enable-arp-acl bash-3.tar. bash-3.tar. bash-3. joe atau dapat pula menggunakan mc (Midnight Commander).00#cd squid-2. olehnya itu kita harus menggunakan software tambahan. Dalam praktikum kali ini kita akan membuat proxy server menggunakan software squid2.STABLE9 Konfigurasi dan kompilasi squid.00#make all bash-3.squid-cache.1 Membuat Proxy Server dengan Squid Sistem Operasi Linux Slackware 10.00#tar xzvf squid-2.gz bash-3.00#cp squid-2.3 Konfigurasi File konfigurasi squid secara umum semuanya terletak pada file /usr/local/squid/etc/squid.2 Kompilasi dan Instalasi Kopikan file sumber squid ke direktori /usr/local/src dan aktifkan direktori tersebut. misalnya editor vi.5.STABLE9.00#cd /usr/local/src Ekstrak file sumber squid dan aktifkan direktori hasil ekstrak tersebut. gunakan editor kesukaan Anda untuk mengkonfigurasi file tersebut. Hal 27 dari 115 .tar.1 secara default tidak menyediakan software untuk kebutuhan proxy server.org.STABLE9.gz yang dapat didownload secara gratis di website www. bash-3. Berikut ini adalah langkah-langkah pembuatan proxy server dengan squid: 3.conf.3.00#.gz /usr/local/src bash-3.00#make install Secara default hasil instalasi squid akan berada pada direktori /usr/local/squid 3.STABLE9.

Nilai defaultnya 3128.Berikut ini adalah beberapa baris konfigurasi pada file /usr/local/squid/etc/squid. Default 8 MB. level 1 dan 2 direktori.conf yang harus dimodifikasi: NO BARIS PERINTAH 1 http_port KEGUNAAN Menentukan port yang akan digunakan oleh squid untuk menerima request http. User dan group ini harus disesuaikan dengan baris perintah cache_effective_user dan cache_effective_group bash-3.00#groupadd squid bash-3.poltekpos.00#useradd squid –g squid  Mengganti kepemilikan direktori /usr/local/squid/var menjadi milik user squid dan group squid. Menentukan nama user yang menjalankan squid. Menentukan nama group yang menjalankan squid.net Menentukan alamat email yang bertanggung jawab atas server proxy. Misalnya visible_hostname proxy. 6 visible_hostname 7 cache_mgr direktori level 1 sebanyak 16 dan level 2 sebanyak 100. Menentukan letak direktori dan kapasitas cache pada harddisk. Hal 28 dari 115 . bash-3. misalkan user=squid group=squid. 2 cache_mem 3 cache_effective_user 4 cache_effective_group 5 cache_dir namun umumnya port yang digunakan adalah 8080. Menentukan nama host yang menjalankan squid. Menentukan jumlah memory (RAM) yang digunakan oleh squid. 3. Contoh: cache_dir ufs /usr/local/squid/var 100 16 256 yang berarti direktori cache berada pada /usr/local/squid/var dengan kapasitas 100 MB.00#chown –R squid:squid /usr/local/squid/var  Menjalankan squid untuk pertama kalinya.4 Menggunakan Squid Menentukan user dan group yang menjalankan squid:  Buat user dan group yang menjalankan squid.

ipchains atau iptables telah terinstall .5 Mengujicoba Server Proxy/Squid Ujicoba server proxy / squid dapat dilakukan menggunakan browser dari pc klien dengan mengarahkan setting proxy ke ip address server proxy.00#/usr/local/squid/sbin/squid -z  Menjalankan squid untuk kedua kalinya dan seterusnya. bash-3.bash-3. Dengan kata lain.6 Mengkonfigurasi squid sebagai transparan proxy Asumsi .Squid telah terinstal dengan baik .00#ln –s /usr/local/squid/sbin/squid /usr/local/sbin  Menjalankan squid setelah merubah file /usr/local/squid/etc/squid. Manfaat Kemudahan administrasi Hal 29 dari 115 .1.168.0 . bash-3. 3.conf bash-3.00#squid –k reconfigure 3.00#/usr/local/squid/sbin/squid  Membuat softlink untuk squid agar untuk menjalankannya tidak perlu menyebutkan direktori secara lengkap. transparan proxy web cache akan "membajak" secara halus trafik HTTP (yg umumnya menggunakan port 80) dan dipaksa untuk memakai port yang dipakai oleh squid.Alamat network yg digunakan adalah 192.Squid dikonfigurasi menggunakan port 3128 Transparan proxy web cache adalah suatu proxy web cache (squid) yang difungsikan sebagai satu-satunya server yang menangani semua permintaan halaman web oleh user.

0/0 80 Untuk iptables (kernel 2.4.0. - Arahkan semua permintaan web (port 80) ke port squid (asumsi squid menggunakan port 3128).1 menyediakan layanan mail menggunakan software mail server Sendmail 8.0/24 -d 0/0 --dport 80 --to-ports 3128 Edit squid.4.0/0 -d 0.x compatible): iptables -A POSTROUTING -j MASQUERADE -t nat -s 192.1.x compatible): ipchains -A forward -j MASQ -s 192.0/24 -o ppp0 Catatan: Sesuaikanlah option -o pada iptables di atas dengan interface yang anda gunakan (interface yang terdekat dengan jaringan luar).1.168.2.1.168.Browser-browser pada client tidak perlu dikonfigurasi untuk mengarah ke proxy web cache squid).13. Hal 30 dari 115 . Untuk ipchains (kernel 2.0/0 Untuk iptables (kernel 2.conf untuk mendukung mode transparan: httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on - - - Lab 4 Membuat Mail Server 4. Posfix Sistem Operasi Linux Slackware 10.1.0.x compatible): ipchains -A input -j REDIRECT 3128 -p tcp -s 0.0.3.0.2.5.5 dan program pop3 menggunakan tpop3d-1.x compatible): iptables -A PREROUTING -t nat -j REDIRECT -p tcp -s 192. Namun Anda dalam praktikum kali ini kita akan menggunakan mail server postfix-2.0.1.168. - Kontrol terpusat User tidak dapat mengubah konfigurasi di browsernya untuk membypass squid.3-i486 secara default. Implementasi Pastikan bahwa sistem anda telah mendukung IP forwarding: echo 1 > /proc/sys/net/ipv4/ip_forward Pastikan bahwa sistem anda telah mendukung masquerading: Untuk ipchains (kernel 2.0/24 -d 0.0.

3.13.00# tar xzvf tpop3d-1.1..Berikut ini adalah langkah-langkah pembuatan mail server dengan postfix dan tpop3d: 4. terlebih dahulu program sendmail harus diuninstall.gz  Kompilasi dan Instalasi postfix Proses kompilasi dilakukan dengan perintah make.1.3-i486-2.00# useradd postfix bash-3. Removing files: --> Deleting symlink /usr/bin/hoststat --> Deleting symlink /usr/bin/mailq --> Deleting symlink /usr/bin/newaliases dan seterusnya.5.00# groupadd postdrop  Ekstrak postfix Copykan program sumber postfix dan tpop3d ke direktori /usr/local/src kemudian lakukan ekstraksi sebagai berikut: bash-3.00# tar xzvf postfix-2. bash-3.tar. Jika pada saat instalasi ada pertanyaan dari sistem.gz bash-3.5.  Membuat user dan group untuk postfix.00# removepkg sendmail Removing package /var/log/packages/sendmail-8. maka tekan saja enter. bash-3. Hal 31 dari 115 .1 Instalasi Postfix  Uninstall sendmail Agar postfix tidak bentrok dengan sendmail.. sedankan instalasi dilakukan dengan perintah make install.tar.

5 bash-3.cf Pada file main.1.d/rc. maka di dalam file /etc/rc.bash-3.0. localhost. 192.168.0/16 alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ Simpan file /etc/postfix/main. Berikut adalah perintah yang berhubungan dengan server mail postfix: PERINTAH postfix start postfix restart postfix stop postqueue -p postqueue -f : : Menjalankan postfix : Merestart postfix : Menghentikan postfix : Menampilkan email yang sedang berada dalam antrian (queue) : Memaksa agar email yang sedang berada dalam antrian segera dikirim.  Sampai dengan langkah ini.0/8.local kita berikan perintah /usr/sbin/postfix start bash-3.poltekpos.00#make bash-3.net mydomain = poltekpos.net mydestination = $myhostname.cf gantilah baris konfigurasi menjadi sebagai berikut: myhostname = mail.cf.0. FUNGSI  Agar postfix dijalankan pada saat sistem boot.d/rc.00#echo “/usr/sbin/postfix start” >> /etc/rc.00#make install  Edit file /etc/postfix/main.local Hal 32 dari 115 .00#cd postfix-2.0. instalasi postfix sebagai mail server telah selesai.$mydomain mynetworks = 127.

bash-3.net/munir/” >> /etc/postfix/virtual bash-3.00#echo “san@poltekpos.net >> /etc/postfix/virtual Politeknik Pos Indonesia” bash-3.2 Instalasi TPOP3D Hal 33 dari 115 .1.net poltekpos. 4.00#echo “test@poltekpos. bash-3.00#id virtual uid=1003(virtual) gid=100(users) groups=100(users)  Edit dan gantilah beberapa baris konfigurasi pada file /etc/postfix/main.00#useradd virtual bash-3.net/indarko/” >> /etc/postfix/virtual  Silahkan mencoba mengirim email menggunakan user-user yang telah dibuat pada langkah nomor 10.cf seperti berikut: mailbox_transport = virtual virtual_mailbox_base = /home/virtual virtual_mailbox_maps = hash:/etc/postfix/virtual virtual_uid_maps = static:1003 virtual_gid_maps = static:100 virtual_create_maildirsize = yes  Tambahkan domain yang kita gunakan ke akhir file /etc/postfix/virtual dan tambahkan pula beberapa user untuk pengujian.00#echo “poltekpos. Langkah berikutnya adalah membuat user yang akan menghandel user virtual postfix dan catatlah nomor uid dan gid-nya.

* /etc/syslog.00#make install  Buatlah file /etc/tpop3d.conf /var/log/tpop3d.0.00#echo “/usr/local/sbin/tpop3d” >> /etc/rc. maka harus disiapkan server pop3 mengggunakan tpop3d.00#echo “local6.0. tpop3d merupakan salah satu server pop3. bash-3.0 log-facility: local6 mailbox: maildir:/home/virtual/$(domain)/$(local_part)/ auth-flatfile-enable: yes auth-flatfile-passwd-file: /etc/virtual/$(domain)/passwd auth-flatfile-mail-user: virtual  Atur sistem log untuk tpop3d sebagai berikut: bash-3.00#.local Hal 34 dari 115 .00#touch /var/log/tpop3d.00#cd /usr/local/src/tpop-1.log  Restart server syslog dan aktifkan server tpop3d.conf yang isinya sebagai berikut: Listen-address: 0.3 bash-3. maka sekarang kita lanjutkan dengan kompilasi dan instalasi. Anda dapat menggunakan server pop3 selain tpop3d.syslog restart bash-3. program sumber tpop3d telah diekstrak.d/rc.d/rc.00#/usr/local/sbin/tpop3d bash-3.  Pada saat instalasi postfix.00#make bash-3.log” >> bash-3.5.Agar email yang masuk ke mailbox setiap user dapat diambil.00#/etc/rc./configure –-enable-mbox-maildir –-enableauthflatfile –-disable-auth-pam bash-3. dan atur agar tpop3d jalan pada saat sistem boot: bash-3.

SuSE dan lain-lain.2.0. Pada praktikum kali ini.168.1 Instalasi dan Konfigurasi SendMail 1.0. Sendmail juga merupakan default MTA pada sebagian besar distribusi Linux seperti Slackware. kita akan melakukan instalasi dan konfigurasi sendmail agar dapat mengirim dan menerima email.168. Hal 35 dari 115 . SendMail Sendmail merupakan MTA (Mail Transfer Agent) yang paling tua di lingkungan sistem operasi Linux maupun Unix.00#mkdir /etc/virtual 4. Berikut langkah-langkah pembuatan mail server dengan sendmail: 4. Atur host dan domain menggunakan utilitas netconfig # netconfig Isilah pertanyaan-pertanyaan yang diajukan oleh netconfig sebagai berikut: • • • • • • • • • Hostname Domain name Pilih Static IP IP Address Netmask Gateway Nameserver Pilih Accept Tekan Enter : 192. Buat direktori untuk menyimpan password user: bash-3. Kelebihan sendmail dibanding MTA lain adalah proses instalasi dan konfigurasinya yang mudah.2.0 : 192. RedHat.255.255.1 : No : poltekpos : net Restart komputer dengan perintah reboot.1 : 255.

2. Lakukan pengecekan apakah sendmail sudah terinstalasi pada Slackware 10.1 #whereis sendmail atau dapat juga menggunakan pkgtool milik slackware 3. Jika belum diinstalasi, maka dapat diinstall menggunakan paket yang disediakan oleh slackware pada CD-ROM Disk-1, berupa file sendmail-8.13.3-i486-2.tgz dan sendmailcf-8.13.3-noarch-2.tgz #installpkg sendmail-8.13.3-i486-2.tgz #installpkg sendmail-cf-8.13.3-noarch-2.tgz

4.2.2. Perintah pada Server SendMail /etc/rc.d/rc.sendmail start /etc/rc.d/rc.sendmail restart /etc/rc.d/rc.sendmail stop Menjalankan server sendmail Merestart server sendmail Menghentikan server sendmail

4.2.3 Instalasi dan Konfigurasi Server POP3 Pada distribusi Linux Slackware 10.1 telah terdapat server pop3 pada saat instalasi yaitu popa3d. Anda bisa mengeceknya dengan perintah whereis popa3d. Jika belum diinstall, maka lakukan instalasi dengan perintah: #installpkg popa3d-0.6.4.1-i486-1.tgz Pada praktikum kali ini kita akan membuka server pop3 dan telnet dengan tujuan agar user bisa cekmail dan melakukan telnet. Untuk lakukan langkah berikut ini: #vi /etc/rc.d/inetd.conf

Hal 36 dari 115

hapus tanda crash (#) pada awal baris berikut: #telnet stream tcp nowait root /usr/sbin/tcpd #pop3 stream tcp nowait root /usr/sbin/tcpd in.telnetd /usr/sbin/popa3d

Agar superuser inetd membaca konfigurasi yang baru, maka berikan perintah: #killall –HUP inetd Sampai pada langkah ini, instalasi sendmail sebagai MTA, popa3d sebagai pop3 server, dan in.telnetd sebagai server telnet telah selesai. Untuk melihat apakah servis ketiga program tersebut telah jalan, maka berikan perintah: #nmap localhost Perhatikan bahwa sebagai tanda bahwa servis ketiga program tersebut jalan, maka perintah nmap localhost akan menampilkan baris berikut: PORT 23/tcp 25/tcp 110/tcp 4.2.4 Pengujian Pengujian terhadap ketiga servis tersebut dapat dilakukan dengan perintah telnet ke masingmasing servis: #telnet localhost 23 #telnet localhost 25 #telnet localhost 110 Untuk mengakhiri semua perintah telnet diatas, berikan perintah quit. 4.3. DMMail Client
Hal 37 dari 115

STATE open open open

SERVICE telnet smtp pop3

Distribusi linux Slackware 10.1 disamping menyediakan program-program untuk keperluan server juga menyediakan program-program untuk keperluan client. Pada praktikum kali ini akan dibahas penggunaan program client pine yang berfungsi untuk mengirim dan menerima email dari server lokal. Langkah pertama adalah melakukan pengecekan keberadaan program pine dengan perintah whereis pine. Jika belum terdapat pine pada sistem operasi Slackware Anda, maka install dengan perintah: #installpkg pine-4.62-i486-1.tgz Untuk menjalankan program pine, ketikkan pine kemudian enter. Jika Anda berada bukan pada server, maka Anda terlebih dahulu Anda harus telnet ke server menggunakan user dan password Anda dan perlu diingat jangan menggunakan user root agar kita dapat praktikum mengirim dan menerima email sesama user sistem Linux Slackware. Selanjutnya Anda dapat dengan mudah mengeksplorasi menu-menu yang ada pada program pine untuk mengirim, menerima dan memanage email. Berikut ini diberikan capture tampilan program pine:

PINE 4.62 MAIN MENU

Folder: INBOX 9 Messages

? C I L

HELP COMPOSE MESSAGE MESSAGE INDEX FOLDER LIST

- Get help using Pine - Compose and send a message - View messages in current folder - Select a folder to view
Hal 38 dari 115

Configure Pine Options . Untuk itu dibutuhkan suatu mekanisme penyaluran data hingga sampai tujuan dengan benar. Hal 39 dari 115 .1.Leave the Pine program Copyright 1989-2005. Routing Statik Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network (LAN) maupun internet harus sampai pada tujuan dengan benar. Dalam praktikum kali ini. [Folder "INBOX" opened with 9 messages] LAB 5 Routing 5. PINE is a trademark of the University of Washington. seperti terlihat pada gambar 1. Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar.Update address book . kita akan membuat 3 buah pc-router menggunakan routing statik.A S Q ADDRESS BOOK SETUP QUIT .

1.255.248 Hub 192.168.26 1.1.248 gw 192.248 1.248 1.1.168.27 Hub ws2 router2 192.9 netmask 255.25 netmask 255.255.9 / 255.1 Langkah-2 pembuatan Routing Statik: Pada router1: ifconfig eth0 192.1 Hal 40 dari 115 .1.255.1.248 ifconfig eth1 192.16 netmask 255.255.255.3 / 255.168.1.1.25 / 255.255.255.255.10 1.168.255.2 netmask 255.168.168.255.1.168.255.255.255.2 / 255.1.20 router1 ws3 192.255.2 eth0 route add –net 192.168.248 gw 192.255.248 ifconfig eth1 192.1 / 255.1.19 192.248 ws2 1.255.168.255.255.1.255.168.1 eth0 route add –net 192.1.168.255.255.248 gw 192.12 ws1 ws2 ws3 Hub 192.1.248 route add default gw 192.255.17 / 255.3 Pada router2: ifconfig eth0 192.28 1.1.255.11 1.2 route add –net 192.248 router3 Hub 192.1.168.248 ws3 ws1 ws1 1.1.255.1.248 route add default gw 192.1.255.168.168.1.255.168.1 netmask 255.168.18 Gambar 1 Skema LAN untuk Praktikum Routing Statik 5.168.168.24 netmask 255.1.8 netmask 255.

3 Pada router3: ifconfig eth0 192.248 ifconfig eth1 192.168. Routing Dinamis Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network (LAN) maupun internet harus sampai pada tujuan dengan benar. Hal 41 dari 115 .248 gw 192.168.3 netmask 255.1.248 gw 192.255.168.1.1. kita akan membuat 3 buah pc-router menggunakan routing dinamis zebra.1 route add –net 192.1.255.1.168.248 gw 192.2 Sedangkan pada semua pc client gateway-nya diarahkan ke pc router masing-masing.24 netmask 255.255. Untuk itu dibutuhkan suatu mekanisme penyaluran data hingga sampai tujuan dengan benar.168.168.255.255.1.255. Selanjutnya lakukan ping baik dari router maupun client ke network 5.255.255.8 netmask 255.1.1.1.16 netmask 255.17 netmask 255.255.168. Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar.1.2. seperti terlihat pada gambar 1. Dalam praktikum kali ini.3 eth0 route add –net 192.route add –net 192.248 route add default gw 192.168.255.168.

Langkah-2 pembuatan Routing Dinamis 5.248 router3 Hub 192.255.248 ws3 ws1 1.2.17 / 255.25 / 255.255. Pastikan terdapat baris berikut ini.9 / 255.2 / 255.1 Instalasi Zebra Routing  Copikan file source zebra ke direktori /usr/local/src.255.168.20 router1 ws3 192.1.168. kompile.255.95 #.1.1.1.248 ws2 1. contoh: #cp /mnt/usb/zebra-0.255.12 ws1 ws2 ws3 Hub 192. mc atau yang lainnya.3 / 255.255.tar.255. dan install source zebra #tar xzvf zebra-0.255.168. pico.248 1.255.gz #cd zebra-0.26 ws1 1.19 192.tar. #vi /etc/services zebrasrv zebra 2600/tcp 2601/tcp # zebra service # zebra vty Hal 42 dari 115 /usr/local/src .255.255.27 Hub ws2 router2 192.95./configure –disable-ipv6 #make #make install  Edit file /etc/services menggunakan editor vi.gz #cd /usr/local/src  Ekstrak.18 Gambar 2 Skema LAN untuk Praktikum Routing Dinamis 5.1.168.168.168.1 / 255.248 Hub 192.248 1.2.10 1.11 1. kemudian simpan kembali file /etc/services.95.1.1.255.28 1.

log Hal 43 dari 115 .conf #cp /usr/local/etc/zebra.1. ! ip route 0.conf ! hostname Router1 password zebra enable password zebra ! ! Interface's description.0/0 192.conf  Edit file /usr/local/etc/zebra.ripd ripngd ospfd bgpd ospf6d 2602/tcp 2603/tcp 2604/tcp 2605/tcp 2606/tcp # RIPd vty # RIPngd vty # OSPFd vty # BGPd vty # OSPF6d vty  Copikan file konfigurasi /usr/local/etc/zebra.conf menjadi sebagai berikut: #vi /usr/local/etc/zebra. ! !interface sit0 ! multicast ! ! Static default route sample. ! !interface lo ! description test of desc.sample /usr/local/etc/zebra.0.168.1 ! !log file zebra.conf.sample ke /usr/local/etc/zebra.conf.0.

2 Atur konfigurasi pada router2 dan route 5. Hal 44 dari 115 . DMZ dan jaringan internal yang akan di NAT.3 De Militerized Zone ( DMZ) De Militerized Zone atau yang sering disingkat DMZ adalah suatu daerah jaringan yang dilindungi oleh firewall namun dapat diakses dari internet. Dalam mempraktekkan DMZ dan NAT kita memerlukan program bantu yaitu iptables dan kernel 2. Berikut ini adalah gambar suatu jaringan yang terdiri dari gateway / firewall. Sedangkan Network Address Translation atau NAT adalah suatu mekanisme merubah alamat suatu paket data yang dengan alamat yang lain.x yang telah mendukung iptables. paket data yang dikirim dari jaringan internal ke internet akan dirubah ip addressnya menjadi ip address milik gateway.4. Misalnya. Menjalankan dan mematikan zebra #/usr/local/sbin/zebra –d #killall zebra 5.1.

maka berikan perintah: #iptables –A FORWARD –s 192.159.168.1/24 192.168.65.65.2 netmask 255.168.168.65.0.248 #ifconfig eth1 202.0.159.255.0.0/24 –d 0/0 – Hal 45 dari 115 .1/29 192.159.65.1 netmask 255. #ifconfig eth0 202.248 #ifconfig eth2 192.255.65.3/29 Gambar 3 Contoh jaringan untuk praktikum DMZ & NAT Langkah-2 praktikum DMZ & NAT:  Buatlah sebuah server gateway dengan 3 (tiga) buah interface yaitu: eth0. eth1 dan eth2:  Tentukan ip address pada masing-masing interface.168.255.255.0/24 –d 0/0 –j ACCEPT #iptables –t nat –A POSTROUTING –s 192.65.0.2/29 202.255.0 #route add default gw 202.159.1 eth0  Hapus semua rule yang ada sebelumnya.159.Internet 202.159. #iptables –F #iptables –t nat –F #iptables –t filter –F #iptables –F INPUT #iptables –F OUTPUT #iptables –F FORWARD  Agar komputer yang berada pada daerah internal dapat mengakses internet maupun server yang ada pada DMZ.255.2/24 Gateway / firewall Internal DMZ 202.0.1 netmask 255.

65.3 –j ACCEPT #iptabels –A FORWARD –s 202.159.65.3 –d 0/0 –j ACCEPT Hal 46 dari 115 .159.j SNAT –to-source 202.159.1  Agar server yang berada di DMZ dapat diakses dari internet maupun dari internal.65. maka berikan perintah: #iptables –A FORWARD –s 0/0 –d 202.

Lab 6 Router Hal 47 dari 115 .

6. 12. 11. 2. untuk konfigurasi Hal 48 dari 115 . untuk konfigurasi interface serial 0 kemudian tekan enter ketik encapsulation ? ketik exit kemudian enter tekan Ctrl-Z dan kembali ke menu priviledge ketik disable kemudian enter ketik exit kemudian enter (atau int to0) [kemudian enter]. 14. 9. tekan enter tekan tanda ‘?’ ketik enable (atau en) ketik quit [kemudian enter] ketik ‘config’ [kemudian enter] router1(config)# tekan tanda ‘?’ tekan space bar ketik interface e0 (int e0) [kemudian enter]. 4. 13. 8. 20. untuk konfigurasi ethernet 0 router1(config-if)# tekan tanda ‘?’ tekan q [kemudian enter] Ketik interface to0 Token ring ethernet 0 tekan ‘?’ 15. 17. 3. 10.1 Login Pada Router A Langkah – langkah 1. 19. 16. 7. 5.Lab 6. atau interface serial 0). 18. Ketik inetrface s0 (atau int s0.

2 Help and Editing 1. Login into Router A and go to privilegde mode by typing enable (or en) pressing enter 2. 14. which will give you all teh commands that start with “cl”. 17. 12. type shows access-list 10. Don’t press Type control +A. type clock set 10:33:34 ? 9. 16. then a space and question mark.Lab. set the router clock by typing clock ? and following the help screens. This will also repeat the last enter. Press the up arrow on your keyborad. Hal 49 dari 115 . one character. command. By typing a comand. type ? (question mark) 3. This will repeat the last command. Type cl? Notice that you can see the commnads that start with “cl” 4. 15. This should move you forward Type control+B. 18. then type control+P. This takes you to the beginning of the line Type control + E. This should take you back to the end of the line Type control + A. type clock ? 7. 13. Press enter. First. Type clock? 5. 19. From privileged mode (#). type clock set ? 8. the progrm will only display what you enterd and not keep accurate time. you will see the next available commands. 11. type clock set 10:33:34 22 march 2000 ? press enter Type show clock and press enter to see the time and date Please note : Once you set the clock. Four has you type a command sapce and a question mark. 6. This will move you back one character. Notice the diffrence between steps three and four. 6. type clock set 10:33:34 22 march ? 10. Three has you type letters with no space and a question mark. the type control+F. set the router’s time and date.

Hal 50 dari 115 and press enter. 5. then press your tab key. which is know as starup-config. 25. then press enter. The program will finish typing Tyep show start. 2. history size. 23. log in to Router A and go into privileged mode by typing enable ( or en). then press your tab key. then press enter.3 1. entry size. you will get an error message if no configuration has been . 24. typing the command for you. to save configuration to NVRAM. This shows you the last 10 Type terminal history size ?. Press enter to carry out the command. Press enter to carry out the commnad. 26. The program will finish editing.However. Type show history and press enter. to see the confoguration stored in NVRAM you type show start and press tab saved 3. Repeat commands entered. Lab 6. type start. This assits you in changing the history Type show terminal and press enter to gather terminal statistics and Type terminal no editing.(or type show starup-config and press enter. the command for you. steps 14-18 to see that the shortcut editing keys have no effect until you type terminal editing. or copy running-config startup-config and press enter. then press enter. you can type: copy run start and press enter. Type terminal editing and press enter to re-enable adcvanced Type show run. 4.20. press the eab key. or copy running and press tab. 22. 21. Thsi turns off advanced editing. and press enter. type show run then press the tab key. type show start then press the tab key.

then press enter. then press enter. type config t and press enter 3. type show start. Hal 51 dari 115 . A coorect example would be enable secret todd. then type line? notice that the output for the line commands is auxilliary. 5. Yoy should get an error message. % % Non-volatile configuration memory has not been setup or has bad check sum 8. type reload. now let’s see what happens when you log all the way out and log in. 8. Go to privileged mode. type enable 4. and press enter. 7. then press enter. log in to the router B and go into privileged mode by typing enable (or en) 2. type exit. type erase start then press tab key. The “0 4” is the five of available virtual lines used to connect with telnet. Log all the way by typing control+Z. If you succesfully enter the correct secret password. you will be asked for a password. Wait for the router to reload.4 Setting your paswords 1. Acknowledge the reload by pressing enter. let’s remove the secret password. Go to privileged mode and type config t and press enter. Before you are allowed to go to the privileged mode. you can then proceed 6. type config t to be at the right level to set your console and auxiliary password. This would make your password the word ”password”. set your enable secret pasword by typing enable secret pasword ( the pasword should your own personalized password) and press enter.vty and console we will set all three 9. then press tab key.6. Do not add the command pasword after the command secret. Lab 6. type line vty 0 4 and then press enter. Type no enable secret and press enter. to set the telnet or vty password. Log out and then log in again and you should not be asked for a password when you go to privileged mode 7.

Goto router C Router#config t Router(config)#line vty 0 4 Router(config)#login Router(config)#password todd If you into Router C from Router A. the next command is used to set the authentication on or off. Note: you can use the no log in command to disable the user mode pasword prompt. Type no log in so that you are not prompted for a user mode pasword 11. This is how all the labs work. type login 15. go back to Router A. You will not ba able to telnet into a router password is not set. There is still one more command to set for your vty password. you will bea asked for a password. which will be toadd 13. Type password password to set the password. 12. not he word password. The second word. Set your auxiliary password by first typing line auxialiary 0 (or linw aux 0). Your lab will automatically close when you go to network visualizer but will re-open when you click on RouterC. password is your password is your password. type login 18. You do have to close your lab before you do that. set your console password by first typing line console 0 (or line con 0) 17. The lab will also re-open at this step. Hal 52 dari 115 . 14. type password here is an example of the last two commands. and that is the pasword command. Make sure that you are in configuration mode [(config)]. type password password. Type log in and press enter to prompt for a user mode password when telneting into the router.10. Here is an example of how to set the VTY password on RouterC: Please note: You will not to go the network visualizer to change to RouterC. 16.

Here is an example of setting your hostname: Router#config t Router(config)#hostname Router A RouterA(config)# Notice that the hostname of the router is changed as soon you press enter Hal 53 dari 115 .Router#config t Router(config)#line con 0 Router(config)#login Router(config)#password todd Router(config)#line aux 0 Router(config)#login Router(config)#password bill To remove a password. adding a banner.5 Setting your hostname. IP address. Log in to Router A and go into privileged mode by typing enable (or en) set your hostname on your router by using the hostname command. repeat the previous steps excepts type in no login instead of login. You can add the command exec-timeout 0 0 to the console 0 line. Identification. bandwidth and clock rate. 1. Notice that it is one word. The command will now look like this: Router#config t Router(config)#line con 0 Router(config)#login Router(config)#password todd Router(config)#lexec-timeout 0 0 Lab. 19. This stop the console from timing out and logging out.6. 2.

You can remove the MOTD banner type typing: config t no banner mtod an pressing enter 8. command. Set the login banner by typing: config t banner login # this is a login banner # 9. In this lab we are only intersted in set your MTOD banner. when working with this simulator only “#” will be recognized. auxiliary and vty line passwords. which will be displayed when a console. you can add IP address to an interface with IP address command. We used a # sign as delimiting cahracter. Here is how you do that: config t Hal 54 dari 115 . You can remove the login banner by typing: config t no banner login and press enter 10. but before the user mode password prompt. Set the banner that will be seen by the network administrators by using the banner type config t and press enter. The banner will display immediately after the MOTD. Remember that you set your user mode passwords by setting the console. You need to get into interface configuration first. This tells the router when the message is done. You cannot use the delimiting character in the message.3. the type banner ? notice that you can set four different banners. auxialiary or the login and message of the day banners (MOTD) telnet connection is made to the router by typing: banner mtod# this is a mtod banner # 7. With real router you can use any delimiting character that you want. 4. 6. 5. however.

All interface are shutdown by default.2 255.0.1. Go to the privileged mode ping 1. You can add an identification to interface by using the description command.1.1.0. This isi useful for adding information about the connection.0 no shutdown or no shut notice the IP Address(1.255. you also need to set the ring-speed a Toke Ring interface.2.1.255.255. Shut down router A e0 and then ping 1.1. and 2.1 255. 11. You can also use no shutdown command as a short cut. Here is an example: config t int to0 (you can use int token rin 0 too) ip address 2.2 14.1.1.0.1.1.2. 1.1. you can ping the three interface on router A 1.0 No shutdown Description WAN link to Miami 13. The no shutdown command is used to enable the interface.0.2 but will no be able ping outside of router until IP addresses are set on devices and communication protocol set.2 255.0 ring-speed 16 no shutdown (or no shut) 12. use the int to0 (or interface token ring 0) command.1.1.1.0) is configured on one line.2.1. However. Here is an example: Config t Int s0 Ip address 1. To set an IP address for a Token Ring interface.2 ping 2.1.255.1 again. Hal 55 dari 115 .1.2.2.2. not users.2.1) and subnet mask (255.1. It should not susceed.1 ping 1.int e0 (you can use int Ethernet 0 too) ip address 1. Administratotors only see this.

config t int e0 shut Ctrl+Z ping 1. RouterB is a 2500 serius routers with one 10BaseT interface (e0) connected to teh 1900B Switch. If you are using RIP.1. The clock rate command is used when you are simulating a DCE interface. remember that the clock rate command is two words. one Tolen Ring (to0) The 2561 has two FastEtehrnet inetrfaces with f0/0 connected to RouterA and f0/1 connected to the 1900A switch.7.1. 1900A and 1900B. Here is an example for RouterB: config t int s0 bandwidth 64 clock rate 6400 notice the bandwidth is in kilobits. - - - Hal 56 dari 115 . which uses bandwidth to consider the best cost or path to remote network. configuration the lab The labs for chapter 5 has six router A. All cisco router serial interfaces default to a T1 speed of 1. B. RouterC is a 2500 series routers with one serial interface(s0) connected to RouterB. and two catalyst switches. The bandwidth command is used when you are assigning a routing algorithm like EIGRP an OSPF. 804A. then setting the bandwidth would make absolutely no difference. one 10BaseT interface(e0). (see the network visualizer) - Router A is Cisco 2513 router with one 10 BaseT interface (e0) connected to teh 2621 router. one serial interface (s0) connected to RouterB and one Token Ring LAN to) interace. 2621. Lab 6.544 MBPS. C. 804B. Also. while the clock is in bits.1 15. You can add the bandwidth of a serial link as well as the clock rate when simulating a DCE WAN link. serial 0 connected to RouterA and serial 1 connected to RouterC.

15. - - 1. 804A router wih an ethernet interface.255.255.255.20. It is also is connected to 1900A through a FastEthernet link as well as to RouterB with a 10BaseT connection. 804B router with an ethernet interface.16.255.0 RouterA(config-if)#no shut RouterA(config-if)#int s0 RouterA(config-if)#ip address 172.7 255. 1900B switch has a connection to Host A1 as well as HostB.16.16. It also has a FastEthernet connection to switch 1900B.255.20.- 1900A switch has a connected to HostA and HostB1 as well as the 2621 f0/1 interface.255.255.40. Set the hostname of all six router and two 1900 switches with the hostname command.255.16.1 255.1 255.255.0 RouterB(config-if)#clock rate 56000 Hal 57 dari 115 .0 RouterA(config-if)#ring speed 16 RouterA(config-if)#no shut Type the following to configure RouterB (RouterB has DCE connections on both serial interfaces) Router#config t Router(config)#hostname RouterB RouterB(config)#int e0 RouterB(config-if)#ip address 172.2 255.255.16.1 255.255.0 RouterA(config-if)#no shut RouterA(config-if)#int to0 RouterA(config-if)#ip address 172. Add the IP address of all routers for RouterA Type in the following to configure for RouterA Router#config t RouterA(config)#hostname RouterA RouterA(config)#int e0 RouterA(config-if)#ip address 172.0 RouterB(config-if)#no shut RouterB(config-if)#int s0 RouterB(config-if)#ip address 172.16.10.1 255.0 RouterB(config-if)#clock rate 56000 RouterB(config-if)#no shut RouterB(config-if)#int s1 RouterB(config-if)#ip address 172.11.255.

50.255.7 255.255.16.16.55.255.0 RouterC(config-if)#no shut RouterC(config-if)#int s0 RouterC(config-if)#ip address 172.255.16.0 Router804B(config-if)#no shut Hal 58 dari 115 .40.1 255.255.1 255.255.255.255.2 255.0 2621(config-if)#no shut Type in the following to configure Router804A Router#config t Router(config)#hostname 804A Router804A(config)#int e0 Router804A(config-if)#ip address 172.0 RouterC(config-if)#no shut RouterC(config-if)#int to0 RouterC(config-if)#ip address 172.11.16.16.255.1 255.255.255.50.10.255.0 Router804A(config-if)#no shut Type in the following to configure Router804B Router#config t Router(config)#hostname 804B Router804B(config)#int e0 Router804B(config-if)#ip address 172.0 RouterC(config-if)#ring speed 16 RouterC(config)#no shut Type the following to configure the 2621 router Router#config t Router(config)#hostname 2621 2621(config)#int f0/0 2621(config-if)#ip address 172.RouterB(config-if)#no shut Type in the following to configure RouterC Router#config t Router(config)#hostname RouterC RouterC(config)#int e0 RouterC(config-if)#ip address 172.16.3 255.10.0 2621(config-if)#no shut 2621(config-if)#int f0/1 2621(config-if)#ip address 172.2 255.255.16.255.

Type the following to configure the 1900A switch k en #config t (config)#hostname 1900A 1900A(config)#ip address 172. 3 subnets C 172.255. Each router will only show its directly connected networks.0.4 255.0 is directly conneted.255.11.10.0/24 is subnetted. 3 subnets Hal 59 dari 115 .10.20. Router A 172. serial0 C 172.16.0/24 is subnetted. Ethernet0. 2. and type copy run start and press enter.16.0 1900A(config)#ip default-gateway 172.3 255.16.255.16.10.1 Type the following to configure the 1900B switch k en #config t (config)#hostname 1900B 1900B(config)#ip address 172.16.255.0 is directly connected.16. you will lose ip address information. You should see the following information for each router(switches don’t have routing tables). Type show ip route on each router to see the routeing tables. TokenRing0 C 172.0.1 Remember to save the configurations for each router.16.16. Otherwise.0. Press the control key and the letter Z.0 1900B(config)#ip default-gateway 172. Essensially.0 is directly conneted. Router B 172.10. the information will not be saved to NVRAM the 1900 switches save the information automatically.16. if you exit the program without doing this.

10.16.0 is directly connected.0 is directly conneted. 172.0/24. fastEthernet0/1 C 172. 3 subnets C 172.11.16.10.8 Creating Static Routes Create a Static route in four routers. Lab. type: Hal 60 dari 115 .0 is directly conneted. and 172.60. TokenRing0 C 172.16.16.16.0/24. Ethernet0 Note: the following will show up after yu do lab C 172.16.C 172. FastEthernet0/0 Router804A 172.16. Here is how you do it.0/24 is subnetted.16.0/24.0 is directly connetd.0.50.0. Router C 172. Router2621 172.16.16.0.20. Ethernet0 C 172.16.0 is directly connected.0 is directly connected.10.55.16.55.2 from RouterC.55.0 is directly conneted.40.0/24 is subnetted.40.16. 1 subnets C 172.50. so the routers see all networks.6. Verify your setup by pinging some of the interfaces.16.0 is directly conneted.0/24.16.10. serial0 C 172.16.10. such as: Ping 172. BRI0 3.16.20.16. 2 subnets C 172. Verify with the ping command when complete.1 from RouterC Ping 172. 172. Ethernet0. On RouterA create a static route to see networks 172.0 is directly conneted.40.0/24 is subnetted. Serial0.16.1 from RouterA Ping 172. serial0 C 172.16.0 is directly connected.

0 255.10. which are not directly connected. and 172.0 172.40.11.20.2 RouterB(config)#ip route 172.16.55.50.55. it does not know about networks 172.16.16.16.11.2. Hal 61 dari 115 .16.1 RouterB(config)#ip route 172.0/24 and 172. 172.0 172.2 RouterA(config)#ip route 172.16.0/24 and 172.255.0/24 and networks 172.255.0/24.11.16.15.0/24.255.16.40.50.0/24.255.1.255.16. 172.16.0 255.55.1 RouterB(config)#ip route 172.11.16.0 255.0/24.RouterA#config t RouterA(config)#ip route 172.16.16.0 172. or RouterB.40.50.15.0 255. 172.20.16.16.40.16.15. On RouterB create a static route to see network 172.16.16.0/24.50.16.0/24 Save the current configuration for RouterB by going to the enbled mode and typing copy run start and pressing enter.16.10.16.0/24 and networks 172.255. This also told RouterA to get to network.2 This told RouterB that to get to network 172.255.0/24.20.16. which is trough 172. This is the same interface we will use to get to network 172.2 RouterA(config)#ip route 172.20.0/24. use ip 172. RouterB#config t RouterB(config)#ip route 172.20.0/24. 172.0 255.40.16.16. 172.0 172.40.0/24.255.16.255. and 172.55.55.16.16.2 RouterA(config)#ip route 172.0 172.11.0/24 and 172.16.255.255.16. That is the closest router interface to network 172. Create static routes so RouterC can see all networks.2.255.11.0 172.55. use 172.16.50.0 255.16.0/24.0 255.16.16.16.0/24 Save the current configuration fo RouterA by going to the enable mode and typing copy run start and pressing enter.16.55. The next two commands told RouterB how to get to network 172.0/24.255.20.20.255.50.2 This told RouterA to get to networks 172.0 172. it is connected to network 172.0/24.50.16.15.10.2. On RouterC.0 172.0/24 and 172.16.255.40. wich is the closet neighbor interface conneted to network 172.16.0/24.255.16.0/24.0 255.15. use 172.16.20.16.

40.0/24 and 172.40.1 Save the current configuration for RouterB by going to the enbled mode and typing copy run start and pressing enter.55.0 255.11.55.40.16.9 Default Routes In this lab.16.255. 2621#config t 2621(config)#ip route 172.16. you will create default routes to build routing tables in your routes.255.16.16.6.16.10. On the 2621 router.1 RouterC(config)#ip route 172.0 172.10.16. Lab.1 RouterC(config)#ip route 172.255.15.11.16.0 172.16.40. 2.16.11.40.255.0/24.0 172.16. In this lab you will remove the static routes from Routers 2621 and RouterC an use default instead We will leave Routers A and B with the static routes created from configuring the lab 1.0 255.16.20.50.20.0/24.11.255.0 172.1 2621(config)#ip route 172.0 255.255.0/24.255.0 172.0 255.255.255.255.0 172. it is conneted to network 172.16.1 Save the current configuration for RouterB by going to the enbled mode and typing copy run start and pressing enter. If it is set up coreectly it will works.16.0 172.255.255.16.255.16.11.255.20.16.255.16.0 255.RouterC#config t RouterC(config)#ip route 172.0 255.50.0 172.0/24.255.16.15.0/24 and 172. Now.1 2621(config)#ip route 172.1 RouterC(config)#ip route 172.255.1 2621(config)#ip route 172.16.0 255.11. 172.0 255. ping from each router to each host and from host to each router. 172.0 255. Create static routes so the 2621 can see all networks. 2621#config t Hal 62 dari 115 Type show ip route on each router to see the routing tables.16. You should see all Remove the static routes from the 2621 router and RoutesC networks in all routes routing tables.16. it does not kown about networks 172. .255.1 2621(config)#ip route 172.0 172.11.15.16.16.

40.255.255.0 255.16. but to instead forward them to the default route.0.255.255.16.16.0 0.16.20.10.0 0.255.1 2621#(config)#ip classless RouterC#config t RouterC(config)#ip route 0.0 172.11. This tells the router not to drop packets to uknown network to RouterB(172. On the 2621 router and RouterC.0.40.255.1 RouterC(config)#no ip route 172.255.11.16.1 2621(config)#no ip route 172.1 RouterC#config t RouterC(config)#no ip route 172.55.16.16.15.1 RouterC(config)#ip classless This told the 2621 router to get to any network.40. use ip address 172.16.16.16.0 255.0.1 3. Here is how you do it.255.40.0 172.2621(config)#no ip route 172.1 RouterC(config)#no ip route 172.255.0 255.16. 2621#config t 2621#(config)#ip route 0.0.20.255.255.1) 5.16.0 255.16.1 2621(config)#no ip route 172.16.0 172.11.255.255.0.40.50.16.40.1 2621(config)#no ip route 172. RouteA#show ip route RouterB#show ip route RouterC#show ip route 2621#show ip route 6.11.0 255. create a default route to see the remote networks.0 172.11.Type show ip route on the 2621 router and RouterC to verify only the directly connected are present 4. This tells the router not to drop packets to uknown an network.16.16.255.15.11.0 255.0 172.1 RouterC(config)#no ip route 172.16.0.0 172.0 172.40. which is the closet neighbor interface connected.255.11.0.16.1 2621(config)#no ip route 172.16.0 172.0 255.0.0 172. The ip classless command is set when using default routing.255.16.255.1.0 172.0 172.16. Test your routers by pinging to all remote networks and host Hal 63 dari 115 .0 255.255. Test the configuration by looking at the routing table of all four routers.0 255.11.

16.20.20.2 RouterA(config)#no ip route 172.0 255.0.2 RouterA(config)#no ip route 172. Press the Ctrl-Z simultanously to get out of configuration mode 8. go into configuratin mode on RouterC by typing config t Tell your number to use RIP Routing by typing router rip and pressing enter.20. type show run and press enter on each router in order to verify that all static and default routes are cleared.16.20.0 172.16.1 Since we have already removed the static for routers for Router2621.10.2 RouterA(config)#no ip route 172.1 3.255.16.16.0 255. Config t Router rip Hal 64 dari 115 .0 255.0 0.16.0 172.2 RouterA(config)#no ip route 172.16.255. In the enable mode.0 172.0 255.6.0 and pressing enter 7.0 172.16.0.16.255.50. Go to routers B.2 Do the same for RouterB RouterA#config t RouterA(config)#no ip route 172. type 2621(config)#no ip route 0.255. 2.40.0 255.55. 5.16.255.2 RouterA(config)#no ip route 172.0 172. router rip 6.0.16.16.0 172.10 Dynamic Routing with RIP In this Lab.255.0.255. 4. type RouterC(config)#no ip route 0.0.20.11.16.0.10.0 0.0.16.255.2 Since we have already removed the static for routers for RouterC.40.255.16. we will use the dynamic routing protocol RIP instead of static and default routing.255.0 172.255.2 RouterA(config)#no ip route 172.0 255. 1.11.16.16.255.0 172.16. Add the network number you want to adversite by typing network 172. Make sure you have no static routes or default routes configured on your routers by using the no ip route route command For example: RouterA#config t RouterA(config)#no ip route 172.0 172.11.0.0 255. After static and deafult routers are clear.255.50.55.0 255.C and the 2621 router and type the same commands.255.16.255.0.0 172.255.20.40. Log into RouterA and the dynamic routing protocol RIP instead of static and default routing.

If you want remove RIP.11 Dynamic Routing with IGRP In this lab.16.Network 172. but the classful network boundary. Verify the network by pinging all remote networks an hots. type router igrp? 5.16. save your configurtions by typing copy run start (or copy running-config startup-config) 11. 6.0. Type 10 and press enter. you will run the IGRP routing protocol simultaneously with RIP routing 1. you can use the no router rip global configuration commnad to remove it from RouterA and other routers For example : Config t no router rip stay in configuration mode on RouterA At the configuration prompt.0. Press the Ctrl-Z simultaneously to get out of configuration mode got to router B. AS’s if necessary.0 9. This is used to only allow routers with the same AS nunmber to continu. Verify that rip is running at each router by typing the following commands at each router by typing Show ip protocol Show ip route Show running-config (or show run) 10. At the config-router prompt. C and the 2621 and type the same command as shown: config t router igrp 10 network 172. notice we do not add the subnet numbers to advertise.0. type network 172. Log in ro RouterA and go to into privileged mode by typing enabel (or en) Keep RIP running on RouterA and verify that it is running on each router. 2. Your routers can be configured to be part of as many different. Notice it is asking for an autonomous system number. Lab 6. 7.0.16. 8.0 Hal 65 dari 115 .

Lab 6. Also. 3. 1. some will be (I) routers. 20.16. Notice this will show you your RIP and IGRP routing protocols. Since RIPs default trustworthiness ratinf is 120. Verify that IGRP is running by going to the enabled mode and typing the following commands on each router.0 and 172. 10. 50 and 55. notice the network entry has a network number then (100/23456). 11. The first number (100) is the trustworthiness rating. show ip protocol. or wight of the route that is used to determine the best path to a network. notice it will show the update timers. The second number is the metric. 15. Configure port 26 and 27 on the 1900A to trunk: config t Hal 66 dari 115 .30. Show running-config (or show run) to see that RIP RIP and IGRP are configured. a. B and B1 A Virtual Local Area Network (VLAN) is a logical grouping of network users and resources connected to administatively defined ports on as switch. RIP is still running. You should see all seven subnet. verify tne network by pinnging all routers. The switches and 2621 router will provide the routing to network 172.0 via ISL for hosts A. switches and hosts.10. you will configure the 1900A ann 1900B switch with VLANs and set up trunk links between them. but if you look at the routing table.A1.9. Type copy running-config startup-config (or copy run start) and press enter at each router to save your configuration. the IGRP route is used before a RIP route will be used. Create a VTP domain named routersim on the 1900A switch: Config t Vtp domain routersim 2. 40. c. 10. which are IGRP inject routers. By creating VLANs. Press Ctrl + Z to go to enabled mode and type show vtp to verify the VTP configuration. Some will be directly connected.16. Show ip route. 11. Since RIPs default trustworthiness rating. you are able to create smaller broadcast domains subnet or broadcast domain. b.12 Configuring VLANs and ISL In this lab. This means that frames boadcast onto a network are only switched between ports in the same VLAN.

plugged 1900A. 9. 13.0. Notice that is by default a VTP server.16. Go to the 1900B switch and type sho vtp.30. 5.10. 6.10. Go back to configuration mode: eit vtp domain routersim vp client Verify VTP information and that it found the domain by pressing Ctrl-Z and typing show vtp.16.2/24. On 1900B configuration int f0/26 to trunk. From 1900B type show vlan notice only VLAN 1 is present. Add a VLAN to the 1900A switch config t vlan 2 name sales you can remove a vlan with the command no vlan x.10. 12.16. This is the 100Mbps connection to the 1900A switch: cnfig t it f0/26 tunk on 10. the information was passesd to the 1900B switch. two in network 172.0 and twi in network 172. plugged 1900B. There are four host on your physical network. the host configuration are as follows: HostA: 172. type show vlan and notice that VLAN 2 is present on the switch. port 5 Hal 67 dari 115 . Since the 1900A switch is a VTP server. 7. For example. 8.5/24. Make the 1900B switch switch a VTP client in the vtp domain routersim. port 1 HostA: 172. By default. Go to the enabled mode and type the command show trunk A and show trunk B to very the configuration interface 26 is port A and port B.16.int f0/26 trunk on int f0/27 trunk on 4. all ports are members of VLAN 1. Now. Port 26 is used to connect to the 1900B switch and port 27 is used for the 2621 router connection. type no vlan 2. Verify the VLAN by pressing Ctrl + Z and typing show vlan to see all configuration VLAN or show vlan 2 to see only vlan 2 information.

Configure the 2621 route on FastEthernet 0/1 to perform ISL routing.1 Hal 68 dari 115 . and host B and B1 into VLAN2 From the 1900A switch: 1900A#config t 1900A(config)#int e0/1 1900A(config)#vlan-membership static 1 1900A(config)#int e0/5 1900A(config)#vlan-membership static 2 14. 16. Type show spantree to see Spanning Tree Protocol configuration on each switch. router interfaces as well as server interface card to trunk a server. As ypu look at the information after you enter the show spantree command. This server trunking is good if you are creating functional VLANs and don’t want to break to 8020 rule. There is no command to assign more then one port to a VLAN at time with the 1900 switch. Can be used on a switch port.30. plugged 1900A. you can go back to the command prompt by typing q. You can only configure VLANs port by port.16.30.16. 2621#config t 2621(config)#int f0/1 2621(config)#no shut 2621(config)#f0/1.HostA: 172. plugged 1900B. port 5 HostA: 172. Configure hosts A and A1 into VLAN 1. This is also known as “Router on a Stick”. Inter-Switch Link (ISL): Propietary to Cisco switches. Verify the VLAN chnage by going to the enable and typing show vlan-membership 15. is used for FastEthernet ang Gigabit Ethernet links only. you can ping from HostA to Host A1.2/24. port 2 You can confugure each port to ne in a VLAN by using the vlan-membership command. This will allow HostA and HostA1 to ping HostB and HostB1. but not to Host B and HostB1 since three is no connection between the VLANs.The users do not have to cross a layer three device to access a company shared server.5/24.

Version 10.255.bin”. 2. you see the same files as the show version command displays.2(8a).0 1 Ethernet/IEEE 802. booted via flash Processor board ID 03240944.25 Software. Go to the Network Visualizer screen an verify that you can now ping between HostA and HostB.2. timeout is 2 seconds: !!!! success rate is 100 percent (5/5). version 3.255.0. 100-byte ICMP Echos to 172.16.255.0 2621(config)#int f0/1/2 2621(config)#encap isl 2 2621(config)#ip address 172. Since three is only one file in flash.16. RELASE SOFTWARE BOOTFLAH: 3000 Bootstrap Software (IGS-RXBOOT).16. and HostA1 and HostB1 Lab 6. round-trip min/avg/max = 32/24/68 ms 3.30. Sending 5. Type show version at the router privilege mode prompt to get the name of the IOS currently running on the router.2 Type ping 172.2(8a).30. Notice the file name is c2500-d-I_113-5.10.1 255.2 Type escape squence to abort.3 interface(s) 1 Serial network interface(s) 32K bytes of non-volatile configuration memory Hal 69 dari 115 .16. Log in to RouterA ang go into privilege mode by typing enable (or en) Make sure you can connect to the FTP host that is on network 30 by pinging 172.2621(config)#encap isl 1 2621(config)#ip address 172. Type show flash to see the contents of flash memory.0 17.13 Backing up your Router IOS 1. Version 5. 4.30.bin RouterA#show version ROM: System Bootstrap.1 255.255. with hardware revision 00000000 Bridging software X.16. RELASE SOFTWARE (fc1) RouterA uptime is 20 minutes System restart by power-on System image files is “FLASH: c2500-d-I_113-5.16.2 RouterA#ping 172.30.30.

2 RouterA#ping 172. 2.2555]? type 172. Once you know you have good Ethernet connectivity to the TFTP host and you also know the IOS file name.bin]? press enter Verifying file name for ‘c2500-d-I_1135..30. This command tells the router to copy the contents of flash (this is where the IOS is stored by default) to a TFTP host.bin’ (file #1) ..bin [6078612 bytes used.bin Destination file name [c2500-d-I_1135.16.16.OK Copy ‘c2500-d-I_1135.bin’? [yes/no[ type y !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!! Upload to server done Flash copy took 0:01:53 [hh:mm:ss] That’s it! The file is now staoted in the TFTP host default director Lab 6.8192K bytes of processor board System flash (read ONLY) configuration register is 0x2102 5. backup your IOS by typing copy flash tftp.30..bin’ from flash to server as ‘c2500-d-I_1135.2 Source file name ? type c2500-d-I_1135.14 Upgarding or restoring your router IOS 1.255. Log in to RouterA and goto into privileged mode by typing enable (or en) Make sure you can connect to the TFTP host by typing 172.16. 2309996 available. 8388608 total] Address or name of remote host [255.2 Hal 70 dari 115 . RouterA#copy flash tftp System flash directory: File Length Name/status 1 6078548 c2500-d-I_1135.255.30.

4.2.30. this connection will terminate..2555]? Source file name ? Destination file name [c2500-js-l_120-8. 8388608 total] Address or name of remote host [255.255.bin]? type c2500-d-I_1135.3..2 press enter [6078612 bytes used. restore your IOS by tping copy tftp flash. Once you know you have good Ethernet connectivity to TFTP host and the IOS file name that is stored i n the TFTP host default directory. Loading c2500-js-l_120-8. This command tells the router to copy the contents of tftp to flash..30.255. The file name that you want to use is c2500-js-l_120-8.bin type 172.bin press enter Accesing file c2500-js-l_120-8.16.. System Flas directory: File Length Name/status Hal 71 dari 115 press enter ress enter type y and press enter .16. Are you want to erase ? [confirm] Copy ‘c2500-js-l_120-8. 2309996 available.bin from 172.0 This process will accept the copy options and then terminate the currnet system image to use the ROM based image for the copy Routing fuctionally will not be available during that time If you are logged in via telnet.2 to flash . _ _ _ _*****_ _ _ _ Proceed? [confirm] System flash directory: File Length Name/status 1 6078548 c2500-d-I_1135. You want to restore your IOS or copy a new version into flash memory.bin into Flash WITH erase ? [confirm] 01:01:59: %SYS-5-RELOAD: Reload registrated %FLH: c2500-js-l_120-8.16..30.bin..bin’ on 172.2 (via Ethrnet0): ! OK Erase flash device before writing ? [confirm] Flah contains files.bin from 172.bin. RouterA#copy tftp flash **** NOTICE ***** Flash load helper v1. We are going to upgarde the IOS to version 12 x.. Users with console access can see the results of the copy operation.bin from server As c2500-js-l_120-8..30.16.

.16...erased Loading Loading c2500-js-l_120-8... 2.16.30.bin.bin from 172...2 From RouterB..2 (via Ethrnet0): ! OK Erasing device .30.15 Back Up the router configuration 1.16.OK (0x48B9) Flash copy took 0:03:35 [hh:mm:ss] % FLH: Re-booting system after download Lab 6.. type copy run tftp: RouterB#copy run tftp Remote host [ ]? 3. Lading c2500-js-l_120-8.2) Remote host [ ] ? 172..16.2.2 (via Ethernet0): !!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!! [OK – 6078548/8388608 bytes] Verifying checksum ... 2309996 available.16.30.30.2 Name of configuration file to write [RoutingB-config)? Press enter to accept the default name Write file RouterB-config on host 172.1 6078548 c2500-d-I_1135. Type the ip address of the tftp host (172. From RouterB..bin’ on 172. ping the TFTP host to make sure you have IP connectivity: RouterB#ping 172.bin [6078612 bytes used.bin from 172.30..30. 8388608 total] Accesing file c2500-js-l_120-8.16. eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.16..30.2? [confirm] press enter Hal 72 dari 115 .

you can use the telnet program to configure and check your routers and switches instead of having to use a console cable. Lab 6.40. You can use the Telnet program by typing telnet from any commnad prompt (DOS or Cisco). telnet into RouterC by typing 172. Remember that the VTY password must be set on the routers for this to work. These are UDP acknowledgements that the was transferred succsessfully. you will get unexpected results. and then into RouterC). You cannot telnet from a 1900 switch CLI.2 from RouterA command prompt.2 from the RouterA command prompt Notice that you get an error no password set (unless your vty password is already set) Type ini 172. and soon. or RouterA to RouterC. set your VTY passwords on routers A and C. RouterA(config)#line vty 0 4 RouterA(config-line)#login RouterA(config-line)#password tom RouterA(config)#line vty 0 4 RouterA(config-line)#login RouterA(config-line)#password tom 5. 3. you can telnet into a 1900 switch. You can use the command telnet or just type in the IP address. 16 Telnet After your routersand switches are configured ( see Apendix B to IP sddress for the switches). If you telnet into more than one router at a time ( ie. the skip this part. For example from RouterA to RouterB. Log in to RouterA and go into privileged menu by typing enable (oe en) From RouterA.16. Notice that the router automtically tries to telnet to the IP address ypu spesified. Notice the “!!”. however. Please Note : This simulation program will only support telnetting from one router to another.16. RouterA to RouterB. First. 1.40. However don’t skip step number 5. 4. Set RouterB to have no VTY password: Hal 73 dari 115 .5. If you already did this. 2.

6. This would allow you type RouterA. The router is trying to resolve the host name to an IP address by looking for a DNS server. You can do this wiyh the Ctrl+Shift+6.16. Now telnet into RouterB by typing 172. Go back to RouterA. 10. Type show user. You can press the nummber next to the session on the far left of the screen and press enter to return to that session. Use the Ctrl + Shift + 6 then X command to return to RouterA From RouterA.16. you can either use DNS server or build a host table on each router to resolve host names to IP addresses. 8. You can build a host table. type the word todd and press enter at the command prompt. you can type exit to get back to your RouterA prompt. you may want to return to RouterA without disconnecting from Router C. telnet into RouterC again. Go to netwoek Visualizer an click on RouterC. 9. which allows you to resolve host names to IP address on each router.16.2 RouterA(confog)#ip host RouterB 172.20.1 1. Notice your two sessions to RouterB ang RouterC. The same would go for any IP utility. However. However. Lab 6. instead of 172.16.17 IP name Resolution I n our last lab. From RouterA.2.RouterB(config)#line vty 0 4 RouterB(config-line)#no login This will allow a telnet session without being prompted for a user mode password. Notice the error you recive and the delay.40. 2. After ypur passwords are set. Press Ctrl + Shift + 6 then X to return to RouterA.16.2 RouterA(confog)#ip host RouterC 172. let go then press letter X 7. add a host table entry for RouterB and RouterC RouterA(confog)#ip host router2621 172.2 Hal 74 dari 115 . You can turn this feature off by typing no ip domain-lookup from global configuration mode. Log in to RouterA and go into privileged mode by typing enable (or en) From RouterA. like ping. This will show you the console connection and the remote connection. we had you type in the ip address of a Router to be able to telnet. 3. You can use teh disconnect command to clear the sessions or just type exit from prompt to close your session with RouterC and RouterB. You do this with the ip host command.20.11. Type show sessions.20. Once you are in.

100-byte ICMP Echos to 172. this is a feature. 6. RouterA#router2621 Trying 2621 (172.16.16..2).Open Hal 75 dari 115 . Telnet to Router C by typing RouterC at the command prompt RouterA#RouterC Trying RouterC (172. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X command.. Sending 5. Sending 5.40...20.. IP host names must be at least 7 charavters in length. RouterA#RouterB Trying RouterB (172.. 100-byte ICMP Echos to 172. You can remove a host name by typing in yhe following ( as an example): RouterA(config)#no ip host RouterB 4. The router will automatically try to telnet to the host if ypu do not use thr word telnet.Please Notice : Because of how this program was designed. round-trip min/avg/max = 4/4/4 ms. you will receive an “% Invalid .2.16.”response.. Test your host table by typing ping RouterB from the command prompt (not config): RouterA#ping RouterB Type escape squence to abort.. Keep your session open to RouterB. time out is 2 seconds: !!!!!! Success rate is 100 percent (5/5). 5. 10...11...40.2 ) . Test your table by pinging to RouterC: RouterA#ping RouterC Type escape squence to abort. round-trip min/avg/max = 4/6/8 ms. You can also use the host table for the telnet program.16. otherwise.Open 9. 8.Open 7. and then return to RouterA by using the Ctrl + Shfy + 6 then the X command. time out is 2 seconds: !!!!!! Success rate is 100 percent (5/5). Again.. You can either type telnet RouterB.16..2). Telnet to the 2621 router.2. or just type RouterB.20.

20.OK) (perm.11.255.40. type show cdp and press enter RouterC#show cdp Global CDP information Sending CDP packets every 60 seconds Sending a holtime value of 180 seconds Notice that CDP packets are being sent out to all active interfaces of RouterC every 60 seconds by default RouterC also has a hiltime of 180 seconds. Log into RouterC and go into privileged mode by typing enable (or en) 2.16. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X command.OK) Lab 6.2 0 IP 172. the information will be deiscarded.2 0 IP 172.255 Host Routerb Routerc Flags Age Type Address(es) 0 IP 172.2 Router2621 (perm. Change the CDP update frequency to 90 seconds by using the cdp timer command: RouterC#config t Hal 76 dari 115 .16.255.16. 3. If RouterC does not hear from th neighbor again before the holdtime expires.16 Cisco discovery protocol (CDP) 1.OK) (perm. 12. View the host table by typing show host and pressing enter Default domain is not set Name/addrss lookup uses domain service Name server are 255. This means that CDP information received from neighbor routers will be kept for 180 seconds.11.

It also shows us the timers 60 seconds for an update and 180 seconds for hold the time: RouterC#show cdp int Ehternet0 is up. You can get the list of available commands by typing show cdp ?: RouterC#show cdp? Entry information for specific neighbor entry Interface Neighbors Traffic <cr> 6. Now. line protocol is up. encapsulation is ARPA Hal 77 dari 115 CDP interface status and configuration CDP neighbor entries CDP statistics . one per line. End with CNTL/Z RouterC(config)#cdp timer ? <5-900> Rate at which CDP packets are sent (in sec) RouterC(config)#cdp timer 90 4. verify your CDP timer frequency has changed: RouteC(config)#Ctrl + Z RouteC#show cdp Global CDP information: Sending CDP packets every 90 seconds Sending a holdtime value of 180 seconds 5. use CDP to gather information about neighbor routers. By typing show cdp int. This is the default encapsulation used by the interface.Enter configuration commands. we can see the interface information plus the encapsulation.

Port ID (outgoing port): Serial0 Holdtime: 130 sec The show cdp neighbors command will reveal the information being exchanged among neighbors. line protocol is up. line protocol is down Sending CDP packets every 60 seconds Holdtime is 180 seconds 7.Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial0 is up. Use the show cdp neighbors command to gather Information about all connected neighbors. RouterB#show cdp neighbors Hal 78 dari 115 . (It is important that you memorize all the output from this command): Go to RouterB. It can give you the CDP information received from all routers by typing an asterisk (*) or a specific router by typing the router name: Go to RouterB. 1 Interface: Serial0. encapsulation is HDLC Sending CDP packets every 60 seconds Holdtime is 180 seconds Serial1 is administratively down. RouterB#show cdp entry RouterA -----------------------Device ID: RouterA Entry address(es): IP address: 172. 20. 8. use the show cdp entry command. 16.

line protocol is down 3. End with CNTL/Z.17: Internet working packet eXchange (IPX) 1. 2. T – Trans Bridge. 16. r – Repeater Device IDLocal interface RouterC RouterA Ser 1 Ser 0 Holdtime Capability Platform Port ID R R 2500 Ser 0 2500 Ser 0 158 150 9. B – Source Route Bridge. Internet Protocol routing is enabled Ethernet0 is up.Capability Codes: R – Router. S – Switch. Type show protocol ( or sh prot) to see your routed protocols configured. 15. 1/24 TokenRing0 is up. 16. Type showcdp neighbors deatail and notice it is the same command as show cdp entry* lab 6. 20.1/24 Serial 1 is administratively down. Notice this shows the routed protocol (IP) as well as the configured addresses for each interface. RouterA#show prot Global values. 1/24 Serial0 is up. Enable the IPX Routed protocol on your router by using the IPX routing command. I – IGMP. 16. RouterA#config t Enter configuration commands. Log in to RouterA and go into privileged mode by typing enable (or en). H – Host. line protocol is up Internet address is 172. 11. Hal 79 dari 115 . line protocol is up Internet address is 172. one per line. line protocol is up Internet address is 172.

16. Now check your routed protocols again to see if IPX routing is enabled by typing show protocol (or sh prot): RouterA#show prot Global values: Internet Protocol routing is enabled IPX routing is enabled Ethernet0 is up. enable IPX on the individual interfaces by using the interface command ipx network. only IP addresses. line protocol is up Internet address is 172. line protocol is up Internet address is 172. Next. End with CNTL/Z. 1/24 Serial1 is administratively down. 1/24 Serial0 is up. 1/24 RouterA# Notice that IPX routing is enabled. 5. Lets just use the same numbers as our subnet for easy identification: RouterA#config t Enter configuration commands.20. line protocol is down TokenRing0 is up. one per line. RouterA(config)#int e0 Hal 80 dari 115 . but no interfaces have an IPX address. 16. hexademical (A through F and 0 through 9). 15.RouterA(config)#ipx routing RouterA(config)#^Z RouterA# %SYS-5-CONFIG_l: Configured from console by console 4. 11. up to eight characters. line protocol is up Internet address is 172. 16. You can use any number.

Now. one per line. RouterB(config)#ipx routing RouterB(config)#int s0 RouterB(config-if)# ipx network 20 RouterB(config-if)#int e0 RouterB(config-if)# ipx network 10 RouterB(config-if)#int s1 RouterB(config-if)#ipx network 40 RouterC#config t Enter configuration commands. End with CNTL/Z. let’s configure routers B. Remember. RouterC(config)#int s0 RouterC(config-if)#ipx network 40 %Must give “ipx routing” command first RouterC(config)# ipx routing RouterC(config)#int s0 RouterC(config-if)# ipx network 40 RouterC(config-if)#int e0 Hal 81 dari 115 . End with CNTL/Z. C and the 2621. one per line. the IPX network numbers configured between routers for each network must be the same: RouterA#config t Enter configuration commands.RouterA(config-if)#ipx network 11 RouterA(config-if)#int to0 RouterA(config-if)#ipx network 15 RouterA(config-if)#int s0 RouterA(config-if)#ipx network 20 6. Let’s just continue to use the subnet numbers for our IPX network numbers.

use the show protocol (or sh prot) command and show ipx interface ( or sh ipx int) command: RouterA#show protocol Hal 82 dari 115 .RouterC(config-if)#ipx network 50 RouterC(config-if)#int to0 RouterC(config-if)#ipx network 55 Notice the error when trying to configure an IPX network number in an interface when IPX routing was not enabled: 2621#config t Enter configuration commands. 2621(config)# ipx routing 2621(config)#int f0/0 2621(config-if)# ipx network 11 2621(config-if)#int f0/1 2621(config-if)#ipx network 40 7. One of the best ways to do this is with the show ipx route command: RouterA#show ipx route RouterB#show ipx route RouterC#show ipx route 2621#show ipx route 8. All four routers are now configured and we can now test our configuration. End with CNTL/Z. To see the IPX addresses of an interface. one per line.

16.RouterA#show ipx interface e0 RouterB#show protocol RouterB#show interface e0 RouterC#show protocol RouterC#show interface e0 RouterC#show ipx int to0 2621#show protocol 2621C#show interface e0 9. 40. Port ID (outgoing port): Serial1 Holdtime: 155 sec Hal 83 dari 115 . 1 Novell address: 172. capabilities: Router Interface: Serial0. 1 Platform: cisco 2500. as shown: RouterC#show cdp entry* --------------------Device ID: RouterB Entry address(es): IP address: 172. 16. You can either go to the neighbor routers console port. or you can use the CDP protocol to gather the protocol information. 40. You can ping using the IPX protocol once you can find the IPX address of your neighbor routers. or use the show protocol or show pix interface command.

the program will take it even thought it may not be technically correct. End with CNTL/Z RouterC(config)#ipx maximum-paths ? <1-64> Number of paths RouterC(config)#ipx maximum-paths 2 RouterC(config)#exit %SYS-5-CONFIG_l: Configured from console by console 11.0c8d.5 c9 d ***Important*** Please Note: This program will not check the validity of mac-addresses when you enter an IPX address. the program will still expect an IPX address where the string is between 16 and 18 characters. when you ping an IPX address.xxxx such as 4. c – Connected secondary network Hal 84 dari 115 . How ever. it will not consider looking for another route. The IPX protocol.xxx x.5c9d If you type.RouterC#ping 40.5c9d such as 4.xxxx such as 4.xxxx.xxxx.0000.0c8d.xxxx.0c8d. by default.0000.xxxx. one per line. 40.0000.xxxx. for example.0000. You can use the ipx maximum-paths command to tell a Cisco router that it is possible there is no more then one link to a remote network: RouterC#config t Enter configuration commands. only looks for one route to a remote network.5c9d or xxx.xxxx. 10. even if a second route exists.0000.0c8d.0000.0000. such an in the following formats: x. Once it finds a valid route. You can verify this command with the show ipx route command: RouterC#show ipx route Codes: C – connented primary network.

5c9d.0000. L – Local (internal).0c8d. F – Floating static.0c8d. Se0 R 11 [13/02] via R 15 [13/02] via R 20 [07/01] via R 10 [07/01] via 40. Se0 40.5c9d. N – NLSP. Token Ring 2) to your Ethernet and Token Ring LANs. However. A – Aggregate S – seconds. use the ecanpsulation command. To0 C 50 (NOVELL-ETHER). we are added IPX routing to our routers and IPX network numbers to our interfaces.0000. you need to remember two things: you must use a different network number for each frame type and you cannot add Ethernet and Token Ring frame types to a serial link. Se0 Lab 6.S – Statistic. Up to 2 parallel paths and 16 hops allowed No default route known. 39. E – EIGRP. In this lab. To add a second frame type (Ethernet support 4. 39.5c9d. Log in to RouterA and goto privileged mode by typing enable (or en) 2. Se0 40. one per line. Et0 C 40 (HDLC).0c8d. Let’s configure RouterA with a second frame type on the Erhernet and Token Ring LAN: RouterA#config t Enter configuration commands.5c9d. 39. W – IPXWAN R – RIP.18 Adding secondary network addresses and multiple frame types with IPX 1.0c8d.0000. C 55 (SAP). End with CNTL/Z RouterA(config)#int e0 RouterA(config)#ipx network 11a encapsulation ? arpha hdlc Novell Ethernet_II HDLC on serial links Hal 85 dari 115 . 39. cisco routers run the 802. X – External. By default.0000. Se0 40. u – uses 5 Total IPX routes.3 Ethernet frame type and the SAP frame type on Token Ring LANs.

19 Standard IP Address List Hal 86 dari 115 . and FDDI Lab 6.2 SNAP on Ethernet.3 Novell FDDI RAW IEEE 802.3 Novell FDDI RAW IEEE 802.2 on Ethernet.2 SNAP on Ethernet. and FDDI RouterA(config-if)#ipx network 15a encap snap sec RouterA(config-if)#exit You arpha hdlc novell-ether novell-fddi sap snap ovell Ethernet_II HDLC on serial links Novell Ethenet_802. Token Ring IEEE 802.3 Novell FDDI RAW IEEE 802.novell-ether novell-fddi sap snap Novell Ethenet_802.2 on Ethernet. Token Ring.2 SNAP on Ethernet. FDDI. FDDI.2 on Ethernet. FDDI. Token Ring IEEE 802. Token Ring. Token Ring. and FDDI RouterA(config-if)#ipx network 11a encapsulation arpa? Secondary Make this network a secondary network <cr> RouterA(config-if)#ipx network 11a encapsulation arpa secondary RouterA(config-if)#int to0 RouterA(config-if)#ipx network 15a encap? arpha hdlc novell-ether novell-fddi sap snap Novell Ethernet_II HDLC on serial links Novell Ethenet_802. Token Ring IEEE 802.

50. You can verify your access lists with the following command: RouterA#show access-list Standard IP address list 10 Hal 87 dari 115 Now that the access list is created. used the wildcards 0. work: RouterA(config)#int e0 RouterA(config-if)#ip access-group 10 out 6. Now.In the fist lab. 2.0. chapter 9 5.2) from network 172. Choose an access-list number that will allow you to create an IP standard access-list. This is a number between 1-99: routerA(config)#access-list 10 ? deny specify packets to reject permit specify packets to forward 4. Go to RouterA and enter global configuration mode by typing config t From global configuration mode.0 For an expalnation of willcards.16.16.2. Chose to permit host 172.16. type access list ? to get a list of all the different access-list available: RouterA(config)#access-list? <1-99> IP standard access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list <100-199> IP extended access list <1000-1099> <1100-1199> <1200-1299> <200-299> Protocol type-code access list <300-399> DCEnet access list <600-699> Appeltalk access list <700-799> 48-bit MAC address access list <800-899> IPX standard access list <900-999> IPX extended access list 3. you will allow only HostC (172.0 1.0.50.16.2 RouterA(config)#access-list 10 permit 172. you must apply it to an interface to make it .11.50. please see the Sybex CCNA study guide.50.0 to enter network 172.16.

16. However. the host should still be able to ping the routerB router.255.20. list to RouterA Hal 88 dari 115 First.2) to HostA(172.50.16.0 Please note: You remove an access list item from a specific interface and from the router. so we will add the extended list to RouterA Router 1.2) 8.16. for example RouterA.16.16.2 RouterA#show run -cutinterface Ethernet0 ip address 172.50.50. you will use an extended IP access-list to stop host 172. you would do the following: RouterA(config)#int e0 RouterA(config-if)#no ip access-group 10 out RouterA(config-if)#^Z However. RouterA will still have this access list item still listed. However. Extended IP access lists In this lab. Then add an extended .10.1 255.16.2).Permit 172. it is important to mention it here.10.10.10.16.50. If you want to remove it from a specific interface suc as e0.2) should be able to ping a host or switch 172. which should fail if your access lists is correctly setup.2).20. Only HostC(172. Ping from RouterB and RouterC to HostA (172. IP extended lists should be placed closet to the source.166. You will do this in the next lab. To remove it from.0 ip access-group 10 out ipx network 10A You can test your access-list by printing from HostB(172.16. but not applied to an interface.2 from creating a telnet session to RouterB(172.255. do the following: RouterA(config)#no access-list 10 Lab 6. remove any access any access-list on RouterA.

with a real router.RouterA#config t Enter configuration commands. This will allow you to easily cut and paste the commands back into the router after you your changes. which removes the complete list. On the interface. you must use the entire no ip access-group 10 out command. regardless of the amount of lines in the list. Remember. End with CTRL/Z RouterA(config)#no access-list 10 RouterA(config)#int e0 RouterA(config-if)#no ip access-group 10 count RouterA(config-if)#^Z Notice that when we removed the access-list. to copy your access-list configuration to Notepad berfore deleting the list. 2. IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list Protocol type-code access list DCEnet access list Appeltalk access list 48-bit MAC address access list IPX standard access list IPX extended access list The IP Extended lists use 100-199. Choose a number to create an extended Create an access-list between the numbers 100-199 RouterA(config)#access-list 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward Hal 89 dari 115 . we only had to type the command no access-list 10. RouterA(config)#access-list? <1-99> <100-199> <1000-1099> <1100-1199> <1200-1299> <200-299> <300-399> <600-699> <700-799> <800-899> <900-999> 3. IP list. one per line.

2 ? Ack Eq Established Fin Match on the ACK bit Match only packets on a given port number Match established connections Match on the FIN bit Hal 90 dari 115 .16. we must choose TCP as a Transport layer Protocol RouterA(config)#access-list 110 deny tcp ? A. Use a deny statement first. and then well finish latter with a permit statement to allow other traffic to still work: RouterA(config)#access-list 110 deny ? <0-255> ahp eigrp esp gre icmp igrp ip ipinip nos ospf pcp tcp udp An IP protocol number Authentication Header Protocol Cisco’s EIGRP routing protocol Encapsulation Security Payload Cisco’s GRE Tunneling Internet Control Message Protocol Cisco’s IGRP routing Protocol Any Internet Protocol IP in IP Tunneling KA9Q NOS compatible IP over IP Tunneling OSPF routing protocol Payload Compression Protocol Transmission Control Protocol User Datagram Protocol Since we are going to deny telnet.20. then add the destination host IP address.4.2 host 172.16.B. Source address Any Source host A sinle source host Add the source IP address you want to filter on.10. Use the host command instead of wilcard bits: RouterA(config)#access-list 110 deny tcp host 172.C.D any host 6.

including input interface Matches only packets with a lower port number Matches only packets not on a given port number Match packets with given precedence value Match on the PSH bit Match only packets in the range of port numbers Match on the RST bit Match on the SYN bit Match packets with given TOS value Match on the URG bit 7. however.0.2 to RouterB using the destination IP address of 172. From host 172.16.2 host 172. Apply the access lists to serial 0 on RouterB RouterA(config)#int s0 RouterA(config-if)#ip access-group 110 in RouterA(config-if)#^Z 10.16. At this point.21 IPX Standard access-lists Hal 91 dari 115 .16.16.0 255.255. it should not work.Fragments Gt Log Log-input Lt Neg Precedence Psh Range Rst Syn Tos Urg <cr> Check fragments Match only packets with a greater port number Log matches against this entry Log matches against this entry.16. because if you just add a deny statement.20. we can add the eq telnet command RouterA(config)#access-list 110 deny tcp host 172.0.20.2 Lab 6.10.255 You just create a permit statement.2 eq telnet Here is an important line that you must add next: RouterA(config)#access-list 110 permit ip any 0.Try telnet from host 172.2: >telnet 172.16.2.10.255. then nothing will be permited at all. the ping command should work.20.10. Please see the study guide for more detailed information on the above commnad.

but not from IPX network 50. you will configure RouterA to allow only IPX traffic from IPX network 30. First. Configure an access-list on RouterA to allow only IPX traffic from network 30. End with CTRL/Z RouterA(config)#access-list <1-99> <100-199> <1000-1099> <1100-1199> <1200-1299> <200-299> <300-399> <600-699> <700-799> <800-899> <900-999> Deny Permit IP standard access list IP extended access list IPX SAP access list Extended 48-bit MAC address access list IPX summary address access list Protocol type-code access list DCEnet access list Appeltalk access list 48-bit MAC address access list IPX standard access list IPX extended access list RouterA(config)#access-list 810 ? specify packets to reject Specify packets to permits 3. The 1 is a wilcard in IPX RouterA(config)#access-list 810 deny ? -1 Any IP net Hal 92 dari 115 .In this lab. 1. Remove any existing access-list on RouterA. IPX standard list used the access list number 800-898 RouterA#config t Enter configuration commands. one per line . deny IPX network 50. Since this is an IPX standard access-list. RouterA(config)#no access-list 110 RouterA(config-if)#int s0 RouterA(config-if)#no ip access-group 110 in 2. the filtering can be placed anywhere on the network since it can filter base on IPX source and destination IP address. then permit everything else. but deny IPX network 50.

Please note: As you practice with the different network. RouterA(config)#int s0 RouterA(config-if)ipx access-group 810 in RouterA(config-if)#^Z 7. 1.6. 8. permit everything else with an IPX wilcard RouterA(config)#access-list 810 permit 1 – 1 6.point encapsulation methode on serial links. such as access-lis 810 deny 50 10 To remove the settings. Use the show ipx access-list command to very the list. Verify the list looking at the IPX routing table. Now. If correctly set up. the program will only respond to statemets whre a network is denied.H <cr> 4. Choose network 10 as the destination network RouterA(config)#access-list 810 deny 50 10 5. If you are connecting to non-Cisco equipment. Check the Net Detective. Ping IPX address 11 which is found between RouterA and Router2621.H. Go to Router804B. the ping should not succed.22 PPP configuration By default. Interface e0 should have an IPX address of 50. Cisco routers use high –Level Data Link Protocol (HDLC) as a point-to. type the following: RouterA(config)#no access-list 810 RouterA(config-if)#int s0 RouterA(config-if)#no ipx access-group 810 in Destination net Lab.<0-FFFFFFFF> Source net N. Apply the list yo the serial interface of RouterA to stop the packets as they reach the router. Type show in s0 on RouterB to see the encapsulation method Hal 93 dari 115 . then you must use the PPP encapsulation method.H.

Make sure that each router has the hostname assigned: config t hostname RouterA config t hostname routerB 3. the password MUST be the same: RouterA#config t RouterA(config)#username RouterB password todd RouterB#config t RouterB(config)#username RouterA password todd Hal 94 dari 115 . Configuring PPP Authentication 1. To change the default HDLC encapsulation methode to PPP on RouterB. make sure to go through lab 6.23. Also. To configure PPP authentication. Notice that the username is the name of the remote router. Go to RouterB and verify that serial 0 is PPP an serial 1 is HDLC by typing show int s1. IPXCP and CDPCP. This is the information used to transmit the upper layer (network layer)information accross the ISO HDLC at the MAC sublayer.22 and configure PPP configuration on serial0 of both RouterA and RouterB 2. use the encapsulation command at interface configuration. Both ends of the link must run the same encapsulation. Define a username and password on each router. Notice the IPCP. Lab 6.2. Config t In s0 Encap ppp Now go to RouterA and set serial0 to PPP encapsulation Config t Int s0 Encap ppp Verify the configuration by typing show int s0 5.

We will assume you already have an IP address and IPX network number set on each router. unless you are using a provuder. An important point here.Enable chap or ppp authentication on each interface: RouterA(config)#int s0 RouterA(config-if)#ppp authentication chap RouterB(config)#int s0 RouterB(config-if)#ppp authenticion chap Verify the PPP configuration Show int s0 Lab 6.24 Point –to-point frame Relay 1. To configure frame relay. we need configure other configuration parameters before it will work: 3. you need to create a frame relay switch. However. Log in to RouterB and go into privileged mode by typing enable (or en) 2. as shown: RouterB(config)#int s0 RouterB(config-if)#encap frame-relay RouterB(config-if)#frame-relay intf-type dce RouterB(config-if)#int s1 RouterB(config-if)#encap frame-relay RouterB(config-if)#frame-relay intf-type dce The above commands tells the router that it will perform DCE communication. We will now configure RouterB to be the Frame Switch: RouterB(config)#frame-relay switching That is all you have to do tell your router it will perform switching. If you are using a provider. By default. At this point. Cisco router (actualy. is that this irrelevant to the clock rate command on routers and the command used (clock rate) when a DCE Hal 95 dari 115 . but you need to configure the encapsulation on each serial links first. you will only configure your Cisco router as we will do with RouterA and C. all router) are configured as DTE devices. you need to tell your switch that it will perform DCE communication on the serial links.

. 5.0000.status defined...0c8d.2 dlci 16(0x10. They are Irrelevant to each other. dynnamic. 4. status defined. active Serial0 (up): ipx 20. Broadcast. You can see these mappings with the show frame map command: RouterA#show frame map Serial0 (up):ip 172.20. but your switch provider will give you your DLCI numbers for each connection.16. dynnamic.5c9d dlci 16(0x10. dynamic.2 dlci 16(0x10. RouterB(config)#int s0 RouterB(config-if)#frame-relay interface-dlci 16 RouterB(config-if)#int s1 RouterB(config-if)#frame-relay interface-dlci 17 Notice we will use a different DLCI number for each serial connection.20. active RouterB#show frame map Serial0 (up):ip 172. and now we want to configure router A and C: RouterA(config)#int s0 Router(config-if)#encap frame-relay Router(config-if)#frame-relay interface-dlci 16 Router(config)# int s0 Router(config-if)#encap frame-relay Router(config-if)#frame-relay interface-dlci 17 Since we configured a DLCI number on each interface of all three routers. dynamic. Broadcast.0c8d. 0x400). The switch is now configured. active Serial0 (up): ipx 20. 0x400).5c9d dlci 16(0x10. is not the same command as the intf-type dce command. 0x400). This is a typical example. Hal 96 dari 115 . You now need to configure your DLCI number to identify the PVC of each virtual circuit. Broadcast. IARP (inverse ARP)will map our IP and IPX addresses to the PVCs. This might not always be the case.16. status defined. Data Link Connection identifiers are used to identify the permanent Virtual Circuit (PVC).0000. 0x400).cable is connected to a serial link.

status defined.5c9d dlci 16(0x10. INTERFACE=Serial0 input pkts 523 out bytes 43250 in BECN pkts 0 output pkts 519 droped pkts 2 out FECN pkts 0 in bytes 53158 in FECN pkts 0 out BECN pkts 0 pvc create time 02:12:08. To see PVCs and configured DLCIs. DLCI USAGE=LOCAL. 0x400). active RouterC#show frame map Serial0 (up):ip 172.0000.status defined. PVC STATUS=ACTIVE.2 dlci 16(0x10. 0x400).0000.Broadcast. dynnamic..16. INTERFACE=Serial0 input pkts 218 out bytes 22114 in BECN pkts 0 output pkts 221 droped pkts 0 out FECN pkts 0 in bytes 18018 in FECN pkts 0 out BECN pkts 0 Hal 97 dari 115 . status defined.0c8d. Broadcast. you can use the show frame pvs command: RouterA#show frame pvc PVC Statistic for interface Serial0 (frame Relay DTE) DLCI=16.5c9d dlci 16(0x10. then no communication would take place. Broadcast. active Serial0 (up): ipx 20.16. 0x400). PVC STATUS=ACTIVE. active Serial1 (up):ip 172. active Serial1 (up): ipx 20. dynamic. If the IP and IPX addresses are not mapped to the PVC. active Notice that IARP has mapped both the IP and IPX routing protocols to a DLCI number. 0x400). dynnamic. Broadcast.0c8d.20. DLCI USAGE=LOCAL.2 dlci 16(0x10. dynamic...20. Broadcast.status defined.. last time pvs status changed 02:11:28 RouterA#show frame pvc PVC Statistic for interface Serial0 (frame Relay DCE) DLCI=16.. status defined.

PVC STATUS=ACTIVE. last time pvs status changed 00:55:08 PVC Statistic for interface Serial1 (frame Relay DCE) DLCI=17. INTRFACE=Serial0 Input pkts 152 Ouput bytes 11055 In BECN pkts 0 In DE pkts 0 In DE pkts 0 output pkts 131 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out DE pkts 0 in bytes 14840 in FECN pkts 0 out BECN pkts 0 out pkts 217 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 20952 in bytes 16211 in FECN pkts 0 out BECN pkts 0 Pvc create time 00:56:32. This means routing protocols will not be broadcasted between routers accross a Frame Relay network. The reason you would create subinterfaces is to allow remote offices to communicate without having to create static mappings. PVC STATUS=ACTIVE. Frame Relay is a Non-Broadcast Multiple Access network (NBMA). DLCI USAGE=LOACL.24 Frame relay with sub interface In this lab you will create a Frame Relay network using subinterfaces.out bcast pkts 221 out DE pkts 0 pvc create time 00:56:48. last time pvc status change 00:51:13 The only other command that will show you your DLCI number is the show running-config command. To Hal 98 dari 115 . Lab 6. INTERFACE=Serial1 Input pkts 186 Out bytes 21816 In BECN pkts 0 In DE pkts 0 Out bcast pkts 199 RouterC#show frame pvc PVC Statistic for interface Serial0 (frame Relay DTE) DLCI = 17. DLCI USAGE=LOACL.

Endz with CTRL/Z RouterB(config)#frame-relay switching RouterB(config)#int s0 RouterB(config-if)#encap frame-relay RouterB(config-if)#frame interface-dlci 16 RouterB(config-if-dlci)#exit RouterB(config-if)#frame intf-type dce RouterB(config-if)#int s1 RouterB(config-if)#encap frame-relay RouterB(config-if)#frame interface-dlci 17 RouterB(config-if-dlci)#exit RouterB(config-if)#frame intf-type dce RouterB(config-if)#exit RouterB(config-if)#router rip RouterB(config-if)#neig 172.16. which tells the network to allow all broadcasts. one per line. You can use any number.20. Configure ReouterB to frame Relay switch using DLCIs 16 and 17.1 RouterB(config-if)#^Z RouterC is a remote office. Notice in the following configuration that there have been no changes to the IP address or IPX networks numbers: On the RouterB: RouterB#config t Wntwr configuration commnads. We will use the neighbor command in this lab.solve this you either need to add static routers with the broadcast parameter. Remove the IP addresses and IPX network number from Serial 0 and move that to the subinterface. Totice that we used the subinterface number on the DLI number used to identify the PVC. or use the neighbor command whitin teh routing process configuration. 1. On RouterC: RouterC#config t Hal 99 dari 115 . Create a point-to-point sub interface on serial 0.

255.Enter configuration commands. End with CTRL/Z RouterC(config)#int s0 RouterC(config-if)#no ip address RouterC(config-if)#no ip netw RouterC(config-if)#encap frame RouterC(config-if)#int s0.17 172. End with CTRL/Z RouterA(config)#int s0 RouterA(config-if)no ip address RouterA(config-if)#no ip address RouterA(config-if)#no ipx netw RouterA(config-if)#encap frame RouterA(config)#int.16 point-to-point RouterA(config-subinif)#ip address 172.255. Create a point-to-point subinterface subinterface on serial 0.16.0 Hal 100 dari 115 .255.1 RouterC(config-router)#^Z RouterA is a remote office.0 RouterC(config-subif)# ipx netw 40a RouterC(config-subif)#frame interface-dlci 17 RouterC(config-fr-dlci)#exit RouterC(config-subif)#exit RouterC(config)#router rip RouterC(config-router)#neig 172.40. On RouterA: RouterA#config t Enter configuration commands.2 255.20.16.1 255.16. one per line. one perl line.40.255.17 ? Multipoint Treat as a multipoint link Point-to-point Treat as a point-to-point link RouterC(config)#int s0.

RouterA(config-subif)#ipx netw 20a RouterA(config-subif)#frame interface-dlci 16 RouterA(config-fr-dlci)#exit RouterA(config-subif)#exit RouterA(config)#router rip RouterA(config-router)#neig 172..30..1 255.30 ipx network 30B encapsultion SAP ! interface Ethernet0.2 RouterA(config-router)#^Z Verify your configuration by using the type show runnig-config command. Enable secret 5 $1 $0S1N$wCWj91ArVyodOsZoEsFF221 ! ipx routing 0010. the show frame pvc and show frame map commands.25dd frame-realy switching ! interface Ethernet0 ip address 172.16.20.255.0 ipx network 30A ! interface Ethernet0.16. On RouterB RouterB#show run Building configuration .32 ipx network 30D encapsulation SNAP ! Hal 101 dari 115 .255.7be8.31 ipx network 30C encapsulation ARPA ! interface Ethernet0.

16. last time pvc status changed 00:00:11 Hal 102 dari 115 .16.16.0 encapsulation frame-relay ipx network 40A clockrate 1000000 frame-realy interface-dlci 17 frame-relay intf-type dce ! router rip network 172.40. DLCI USAGE=LOACL.255.2 255.20.2 neighbor 172.255.0. PVC STATUS=ACTIVE.0 encapsulaton frame-relay ipx network 20A clockrate 1000000 frame-relay interface-dlci 16 frame-relay intf-type dce ! interface Serial1 ip address 172.16.0 neighbor 172.255.16.20.1 ! RouterB#show frame pvc PVC Statistic for interface Serial0 (frame Realy DCE) DLCI=16.interface Serial0 ip address 172.1 255. INTERFACE=Serial0 Input pkts 51 Out bytes 2220 In BCEN pkts 0 In DE pkts 0 Out bcast pktas 19 output pkts 19 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 2220 in bytes 4976 in FCEN pkts 0 out BECN pkts 0 Pvc create time 00:06:11.40.255.

PVC Statistic for interface Serial1 (frame Relay DCE) DLCI=17.11 ipx netwaork 10C encapsulation ARPA ! interface Ethernet0.16. Broadcast.status defined.25db dlci 17(0x11. active RouterB# On RouterA: RouterA#show run Enable secret 5 $1$r4Tf$P onblIXG51TskyoNpD.2 dlci 17(0x11. active Serial1(up):ipx 40A.0c8e. DLCI USAGE=LOCAL.0000.status defined. dynamic Broadcast.0x410). Broadcast.0c8e.0x400).. active Serial1(up):ip 172.. last time pvc status changed 00:06:12 RouterB#show frame map Serial0 (up):ip 172.0x410).df26 interface Ethernet0 ip network 10C enacpsulation SAP ! interface Ethernet0.12 Hal 103 dari 115 .16.20.40.. INTERFACE=Serial1 Input pkts 46 Out bytes 4364 In BECN pkts 0 In DE pkts 0 Out bcast pkts 25 output pkts 36 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 2868 in bytes 4668 in FECN pkts 0 out BECN pkts 0 Pvc create time 00:06:12.df26 dlci 16(0x10. dynamic. dynamic. dynamic Broadcast.PAe1 ! ipx routing 0000. active Serila0(up):ipx 20A.00107.7be8.0x400). PVC STATUS=ACTIVE..1 dlci 16(0x10.status defined.status defined.

Hal 104 dari 115 .16.0 ipx network 20A frame-raely interface-dlci 16 ! interface Serial1 no ip address shutdown ! router rip network 172.16(up): point-to-point dlci.0x400).16 Input pkts 80 Out bytes 9664 In BECN pkts 0 In DE pkts 0 Out bcast pkts 44 output pkts 104 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 4972 in bytes 5648 in FECN pkts 0 out BECN pkts 0 Pvc create time 00:07:37.20. INTERFACE=Serial0.ipx netwaork 10D encapsulation SNAP ! interface Serial0 no ip address enacapsulation frame-realy ! interface Serial0.16.1 255. PVC STATUS=ACTIVE.16 point-to-point ip address 172.20.0 neigbor 172.255.2 RouterA#show frame pvc PVC Statistic for interface Serial) Frame Relay DTE) DLCI=16.255. DLCI USAGE=LOCAL. dlci 16(0x10.0. last time pvc status changed 00:07:37 RouterA#show frame map Serial0.16.

Servivce timestamps log uptime No service password-encription ! hostname RouterC ! ipx routing 001.25db ! ! interface Ethernet0 ip address 172.52 ipx network 50D encapusulation SNAP ! inetrface Serial0 no ip address enacapslation frame-relay ! Hal 105 dari 115 .3 Servive timestamps debug uptime.255.0 ipx network 50A ! interface Ethernet0 50 ipx network 50C encapsulation ARPA ! interface Ethernet0.255.16.1 255. active On RouterC: Router#show run Building configuration .50.7be8. Current configuration: ! Version 11.Broadcast status defined...

40. INTERFACE=Serial0.interface Serial0.16.255.16.16.255.2 255.0 neighbor 172.0 ipx network 40A frame-relay interface-dlci 17 ! interface Serial1 no ip address shutdown ! router rip network 172.17 Inteface pkts 113 Out bytes 10674 In BECN pkts 0 In DE pkts 0 Out bcast pkts 44 out pkts 111 dropped pkts 0 out FECN pkts 0 out DE pkts 0 out bcast bytes 5104 in bytes 9827 in FECN pkts 0 out BECN pkts 0 Pvc create time 00:09:49. PVC STATUS=ACTIVE.40.1 ! no ip calassless ! line con 0 line aux 0 line vty 0 4 no login ! end RouterC#show frame pvc PVC Satistic for interface Serial0 (frame Relay DTE) DLCI=17.17 point-to-point ip address 172. last time pvc status changed 00:09:49 Hal 106 dari 115 . DLCI USAGE=LOCAL.0.

0x410).17 (up): point-to-point dlci 17(10x11.2 255.1/24 Config t Int bri0 Isdn spd1 0835866101 8358661 Isdn spd1 0835886301 8358663 Ip address 172.255.60.255.0 No shut Hal 107 dari 115 . Set the spdis on 804B and make the IP address of the interface 172. On router804A.255. The point of steps one and two show you that you can configure the switch type either through global configuration mode or intercafe level.60.25 ISDN configuration 1. Go to 804B and set the switch type.16.16.60.1 255.0 No shut 4.60. Config t Isdn switch-type basic-ni 2.255.16.16. Config t Interface bri0 Isdn switch-type basic-ni 3. Broadcast status defined. set the SPID number on BRI 0 and make the IP address 171.RouterC#show frame map Serial0. Set the switch type 0n 804A at the interface level. active Lab 6.2/24 Config t Int bri0 Isdn spd1 0835866201 8358662 Isnd spd2 0835866401 8358664 Ip address 172.

2 804A(config)#ip route 172.255. Lets choose all IP traffic.255. Config t Int bri0 Dialer-group 1 8.255.255.1 804B(config)#ip route 172.16. which matches the dialer-list number.0 255. Static routers are recommended with ISDN and that is waht the Routersim version 2. we only give routes to the LANs.50. add the command dialer-group 1.10.255.0 172.0 255.255. that network loop will accour because of multiple links between the same location because the CCNA exam and Routersim product only support distant vector routing protocol (RIP an IGRP).55.2 804B(config)#ip route 172. Also notice that to get to some LANs.16. Under the BRI interface of both routers. Specify interesting traffic to bring up the ISDN link.16.0 Support on the 804’s as well: Notice in the following static routes. the static routers go through the 2500 routers.0 172.0 172.255. Dynamic routing will create two problems: One that the ISDN line will always stay up an two.11. 804A(config)#dialer-list 1 protocol ip permit 804B(config)#dialer-list 1 protocol ip permit 7.0 172.16.2 6. not the WANs. Since RIP or IGRP is used to help the other router four routers update routing tables. we only need to be concerned about getting the packets to tour closets neighbor routes.16.16. 804A(config)#ip route 172.2 804A(config)#ip route 172. Configure the dialer information on both routers Hal 108 dari 115 .0 255.50.11.0 255.16.16.10.0 172.60.16.255.50. not the ISDN network. Create static routes on the routers to use the remote ISDN interface. This is a global configuration mode command.5.16.255.60.255.0 255.

The dialer load-threshold and ppp multi link tells the router when to bring up the second BRI interface. Verify the ISDN connection Ping between 80a and 804B or between 804B and 804A telnet Hal 109 dari 115 . bring up the second B-channel. The dialer idle-timeout tells the router when to drop the connection if no data is passing on the link. 10. Set the dialer load-threshold and multilink command as well the idle time percentage on both 804 routers.804A config t int bri0 dialer string 8358662 804B config t int bri0 dialer string 8358661 9. Set the hold queue for packets when they are found intersting and need a place to wait for the ISBD link to come up Confit t Int bri0 Hold-queue 75 in 11. Config t Int bri0 Dialer load-threshold 125 either Ppp multilink Dialer idle-timeout 180 Set the above commands on bith routers. 125 means that if the first BRI is 50 % saturated.

Managing the 1900 switch In this lab.1 8.10. Type show interfaces to gather statics on all inetfaces 12.3 255. set the name of the 1900 as switch by using the hostname command config t hostname 1900A 6. Type show int e 0/? To see all available interfaces 15.16. typw show running-config (or show run) to view the current configuration. Notice the default setings. 1. type show int Ethernet ? to choose the card0 <0-0> means only one card with 12 0r 14 ports 14. Type show version to view the IOS version running on the switch 5.0 ip default-gateway 172. From the 1900 user mode prompt (>). Press Ctrl+Z and type show ip to see the new configuration 9. you will connect to the cisco catalyst 1900 switch and manage the switch features.16. From the 1900 switch. type enable and press enter 3. subnet mask and default gateway settings. 4. 11. type show mac-address table to view the filter table used in the switch to make forwarding decisions.show dialer show isdn status sh ip route Appendix B.255. Ping RouterA by typing ping 172. type show int ? to see the available Ethernet and FastEthernet commands 13.11.1 10. set the IP address.16. Type show int e 0/2 to seeststistic for interface Ethernet 2 Hal 110 dari 115 .255. subnet mask and default gateway of the switch by typing the following: config t ip address 172. 7. type letter K to enter into commandLine interface (CLI) mode 2. Press Ctrl+Z and type show ip to see the default IP address.10.

the runnig-config is saved automaticaly to NVRAM Appendix B : Port security on the 1900 switch 1. This would set your password to password bill. Go to int Ethernet 0/5 and set the duplex to full: Config t Int e0/5 Duplex full 7. Set the enable password by typing: Config t Enable password level 15 todd 4. Press Ctrl+Z and type show run to see the password and notice that it is not encrypted. only the running-config. Also. 6. The 1900 switch does not have an enable secret password and you must set the level. Important note: DO not set the enable secret as enable secret password bill. 5. where 15 is the higest level. Type enable (or en) and press enter to enter privileged mode 3. Type the letter K from the 1900A or 1990B switch console to enter ino CLI (user mode) 2.16. Go to interface Etherface 0/6 and set the duplex to half: Int e0/6 Duplex half Hal 111 dari 115 . set tehe enable secret password by typing : config t enable secret bill Setting thr enable secret overrides the enable password. Type delete nvram to delete the startup-config Note : you cannot view the startup-config.

16.255. Go to enable mode and type show mac-address-table and notice the permanent entry for interface e0/9 16. By using this command.1 12. verify the configuration by going to the enabled mode and typing show ip 13. Notice that all MAC addresses nave been found dynamically 14. By default up to 132 MAC addresses can be associated with a single port.10. Go to the enable mode(#) and type show ip 11. Use the mac-address. verify the switch is IP-less.table restricted static global configuration command to associate a restricted static address with a particular sewitched port interface: Config t Mac-address-table restricted static 083c. Go to interface e0/1 and use the port secure max-mac-count 1 command to enable addressing security and allow only one mac address in the filter table o that port.255. Type : confit t no ip address 10. type show mac-address-table to see the following table. Config t Mac-address-table permanent 083c. subnet mask and default gateway of the switch: config t ip address 172. Go to the enable mode(#) and verify the setting by typing show interface or show int e0/5 and show int e0/6 9.8.0 ip default-gateway 172. we will allow only one workstation Int e0/1 Port secure max-mac-count 1 Hal 112 dari 115 .0001 e0/9 15.0000. you can remove the IP configuration from the switch. set the IP address.0002 on interface e0/3 only from interface e0/4 17.16. Add a static entry into the filter table by using the commnad permanent.0000.0000.3 255.10.0002 e0/3 e0/4 The above command only allow traffic to the restricted static address 083c.

18. Verify which port have port security on them by going to enabled mode and typing show macaddress-table security. Notice that port e0/1 is enabled Hal 113 dari 115 .

Hal 114 dari 115 .

Hal 115 dari 115 .

Sign up to vote on this title
UsefulNot useful