Scribd
Upload
284 views29 pages

Technical LLD

Cisco setting

Uploaded by

Regi Suryo Wibowo Jati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
284 views29 pages

Technical LLD

Cisco setting

Uploaded by

Regi Suryo Wibowo Jati
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Implementasi Network

Prepared by:
Anton Prasetyo
anton.prasetyo@mastersystem.co.id
Kontrol Dokumen
Nama Customer:
Nama Project:
Nama Dokumen:

Persetujuan

Perusahaan Nama Tanda Tangan

Mastersystem
Dibuat Oleh :
Infotama

Mastersystem
Infotama
Direview Oleh:
Mastersystem
Infotama

Disetujui Oleh:

Histori Revisi

Versi Tanggal Penulis Deskripsi

DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,


REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE
EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

The information in this document is confidential and meant for use only by the intended recipient
and only in connection with and subject to the terms of its contractual relationship with
MASTERSYSTEM. Acceptance and/or use of any of the information contained in this document
indicates agreement not to disclose or otherwise make available to any person who is not an
employee of the intended recipient, or to any other entity, any of the information contained herein.
This documentation has the sole purpose of providing information regarding a MASTERSYSTEM
software product or service and shall be disclosed only to those individuals who have a need to
know.

Any entity or person with access to this information shall be subject to this confidentiality statement.

Low Level Design Document


i
Confidential
No part of this publication may be reproduced or transmitted in any form or by any means for any
purpose without the express written permission of MASTERSYSTEM.

Copyright © 2016 MASTERSYSTEM INFOTAMA. All rights reserved.

Low Level Design Document


ii
Confidential
Daftar Isi
KONTROL DOKUMEN.................................................................................................................
DAFTAR ISI................................................................................................................................
DAFTAR GAMBAR....................................................................................................................
DAFTAR TABEL..........................................................................................................................
1 DAFTAR PERANGKAT.........................................................................................................
1.1 Daftar Hardware dan Software.................................................................................................

2 LOW LEVEL DESIGN...........................................................................................................


2.1 Topology Design......................................................................................................................
2.2 Konfigurasi Switch dan Router.................................................................................................
2.3 Konfigurasi AP........................................................................................................................

LAMPIRAN 1 - REFERENSI......................................................................................................

Low Level Design Document


iii
Confidential
Daftar Gambar

Figure 1 Network Topology.................................................................................................................... 3

Low Level Design Document


iv
Confidential
Daftar Tabel

Daftar Tabel

Implementation Document
1
Confidential
FORM-SE-14
Low Level Design

1 Daftar Perangkat

1.1 Daftar Hardware dan Software


Table 1 Daftar Perangkat
No Part Number Description Qty
1 CISCO1941/K9 Cisco Router 1941 1
2 WS-C3560V2-24PS-S Cisco Switch 3560V2 24 Port POE 2
3 AIR-AP1242AG-A-K9 Cisco AP 1242 8

Table 2 Daftar IP Address Perangkat


N
o Hostname Tipe IP Address
192.168.1.24
1 AP-Gereja1 Access Point 1
192.168.1.24
2 AP-Gereja2 Access Point 2
192.168.1.24
3 AP-Gereja3 Access Point 3
192.168.1.24
4 AP-Gereja4 Access Point 4
192.168.1.24
5 AP-Gereja5 Access Point 5
192.168.1.24
6 AP-Gereja6 Access Point 6
192.168.1.24
7 AP-Gereja7 Access Point 7
192.168.1.25
8 AP-Gereja10 Access Point 0
192.168.1.25
9 Gereja-SwGereja Switch 4
192.168.1.25
10 Gereja-SwAula Switch 3
11 Gereja-Router Router 192.168.1.1

Implementation Document
2
Confidential
FORM-SE-14
Low Level Design

2 Low Level Design

2.1 Topology Design

Figure 1 Network Topology

Implementation Document
3
Confidential
FORM-SE-14
Low Level Design

2.2 Konfigurasi Switch dan Router

Hostname : Gereja-Router
Gereja-Router#term le 0
Gereja-Router#sh run
Building configuration...

Current configuration : 6849 bytes


!
! Last configuration change at 14:45:58 WIB Thu Dec 23 2021 by admin
!
version 15.4
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Gereja-Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096 informational
logging console warnings
no logging monitor
enable secret 5 $1$AldR$wRGRAvUXHOwfA7ewKbB6s0
!
no aaa new-model
clock timezone WIB 7 0
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.253
ip dhcp excluded-address 192.168.1.252
ip dhcp excluded-address 192.168.1.251
ip dhcp excluded-address 192.168.1.250
ip dhcp excluded-address 192.168.1.249
ip dhcp excluded-address 192.168.1.248
ip dhcp excluded-address 192.168.1.247
ip dhcp excluded-address 192.168.1.246
ip dhcp excluded-address 192.168.1.245
ip dhcp excluded-address 192.168.1.244
ip dhcp excluded-address 192.168.1.243
ip dhcp excluded-address 192.168.1.242
ip dhcp excluded-address 192.168.1.241

Implementation Document
4
Confidential
FORM-SE-14
Low Level Design

ip dhcp excluded-address 192.168.1.240


ip dhcp excluded-address 192.168.2.254
ip dhcp excluded-address 192.168.3.254
!
ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 103.47.132.195 27.50.30.21 8.8.8.8 8.8.4.4 1.1.1.1
!
ip dhcp pool Streaming
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
dns-server 103.47.132.195 27.50.30.21 8.8.8.8 8.8.4.4 1.1.1.1
!
ip dhcp pool AccessPoint
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 103.47.132.195 27.50.30.21 8.8.8.8 8.8.4.4 1.1.1.1
!
!
!
ip domain name mastersystem.co.id
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1941/K9 sn FGL1950263Q
license boot module c1900 technology-package securityk9
!
!
vtp version 2
username admin privilege 15 secret 5 $1$UeFi$9RmpKXWoo.xFttzBxenB21
!
redundancy
!
!
!
!
!
!
class-map match-any Standart
match access-group 2
class-map match-any Prioritas
match access-group 3
!
policy-map Prioritas
class Prioritas
set ip precedence 5
bandwidth percent 80
class Standart
class class-default
fair-queue
random-detect
!

Implementation Document
5
Confidential
FORM-SE-14
Low Level Design

!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description ..:: TO Modem MyRepublic ::..
ip address 192.168.5.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output Prioritas
!
interface GigabitEthernet0/1
description ..:: To Switch MSISBYSC01 ::..
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description ..:: Gateway AP ::..
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
description ..:: Gateway LAN ::..
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly in*
!
interface GigabitEthernet0/1.3
description ..:: Gateway Streaming ::..
encapsulation dot1Q 3
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly in*
!
ip forward-protocol nd
!
ip http server*
ip http access-class 33
ip http authentication local
ip http secure-server
!
ip nat translation timeout 900

Implementation Document
6
Confidential
FORM-SE-14
Low Level Design

ip nat inside source list Network interface GigabitEthernet0/0 overload


ip route 0.0.0.0 0.0.0.0 192.168.5.1
!
ip access-list standard Network
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
permit 192.168.3.0 0.0.0.255
permit 192.168.5.0 0.0.0.255
!
ip access-list extended ACL-WAN-IN
deny tcp any any eq www
deny udp any any eq 80
deny ip host 255.255.255.255 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 128.0.0.0 0.0.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 191.255.0.0 0.0.255.255 any
deny ip 192.0.0.0 0.0.0.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.88.99.0 0.0.0.255 any
deny ip host 0.0.0.0 any
deny ip 223.255.255.0 0.0.0.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit icmp host 8.8.8.8 any
permit icmp host 1.1.1.1 any
permit icmp host 1.0.0.1 any
permit icmp host 203.142.82.222 any
permit icmp host 203.142.84.222 any
permit icmp host 182.253.48.1 any
permit icmp any any echo
permit icmp any any echo-reply
deny tcp any any eq 33434
deny udp any any eq syslog
deny udp any any range snmp snmptrap
deny 53 any any
deny 55 any any
deny 77 any any
deny pim any any
deny udp any any range netbios-ns netbios-ss
deny tcp any any eq 139
deny tcp any any eq 445
deny tcp any any eq 593
deny tcp any any eq 3389
permit ip any any
ip access-list extended ACL-WAN-OUT
permit ip any 192.168.2.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
deny ip any 10.0.0.0 0.255.255.255
deny udp any any eq netbios-ns
deny udp any any eq netbios-dgm

Implementation Document
7
Confidential
FORM-SE-14
Low Level Design

deny udp any any eq netbios-ss


deny tcp any any eq 4899
deny udp any any eq 4899
deny tcp any any eq 310
deny udp any any eq 310
deny udp any any eq 3389
permit tcp any any established
permit ip any any
!
!
!
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 33 permit 192.168.1.0 0.0.0.255
access-list 33 permit 192.168.2.0 0.0.0.255
access-list 33 permit 192.168.3.0 0.0.0.255
access-list 33 permit 192.168.5.0 0.0.0.255
!
control-plane
!
!
banner motd ^C
**************************************************************
* This System is the Property of PT. Mastersystem Infotama *
* *
* Access is restricted to Authorized Person Only *
* Unauthorized Access is Prohibited *
* All unauthorized attempt to access this system will be *
* logged and investigated. *
* Violators will be prosecuted in conformance with local law *
* *
* *
**************************************************************
^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class Network in
exec-timeout 5 15
privilege level 15
logging synchronous
login local
transport input all
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server pool.ntp.org
!
end

Implementation Document
8
Confidential
FORM-SE-14
Low Level Design

Hostname : Gereja-SwAula
Gereja-SwAula#sh run
Building configuration...

Current configuration : 5236 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gereja-SwAula
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uorv$mWcSj.cR60evWGMr5s6vB.
!
username cisco privilege 15 secret 5 $1$GC4J$PD/.vDqHm74hR41/mlMuK0
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
ip dhcp pool AP
!
!
!
!
crypto pki trustpoint TP-self-signed-2839906944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2839906944
revocation-check none
rsakeypair TP-self-signed-2839906944
!
!
crypto pki certificate chain TP-self-signed-2839906944
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383339 39303639 3434301E 170D3933 30333037 31393539
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333939

Gereja-SwAula#term le 0
Gereja-SwAula#sh run
Building configuration...

Current configuration : 5236 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption

Implementation Document
9
Confidential
FORM-SE-14
Low Level Design

!
hostname Gereja-SwAula
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uorv$mWcSj.cR60evWGMr5s6vB.
!
username cisco privilege 15 secret 5 $1$GC4J$PD/.vDqHm74hR41/mlMuK0
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
ip dhcp pool AP
!
!
!
!
crypto pki trustpoint TP-self-signed-2839906944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2839906944
revocation-check none
rsakeypair TP-self-signed-2839906944
!
!
crypto pki certificate chain TP-self-signed-2839906944
certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383339 39303639 3434301E 170D3933 30333037 31393539
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333939
30363934 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009ABE 30933843 A3B9FF59 92064477 A024F406 394B31E5 97F24874 7BD5A3B6
3D55992A 32C2596A 4F80F9DD 00111DD2 9FA96B4F 3109520D 02D1377E A5FBE3E2
E0E570BC AE7B6995 F27B8701 F30CB2AD DCE5904B 8DEE7892 37063432 B1C86317
45C0424E 68AEF089 D9D7FB52 4D4D7DE1 B9A07537 E00BDE50 CDD5165D CC6F527D
695D0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
551D1104 12301082 0E476572 656A612D 53774175 6C612E30 1F060355 1D230418
30168014 9B7F4170 46BCE975 C12C4912 FE54F654 AE973E19 301D0603 551D0E04
1604149B 7F417046 BCE975C1 2C4912FE 54F654AE 973E1930 0D06092A 864886F7
0D010104 05000381 810066B4 C37BC3F5 354D67A0 F3D669B4 BD39F687 352B93BC
1AC8455E 78299588 1206CDBB D9D71D02 BA8A6EB9 1D38B4CE 04287DD1 C0BE4542
EFA3FEA9 80EDBE21 73AB691A 7729133A E3AA6672 D1D1A76C D2508432 31F49B9E
B62C1FA0 4BC4BFD5 E11A4CDE 671AC478 45983F73 01C7B766 C8400D55 DC4C468C
2A6401B1 36A0C3C3 B140
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!

Implementation Document
10
Confidential
FORM-SE-14
Low Level Design

!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
description ..:: DVR ::..
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/13
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 2

Implementation Document
11
Confidential
FORM-SE-14
Low Level Design

switchport mode access


!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/23
switchport mode access
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.253 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http access-class 33
ip http authentication local
ip http secure-server
!
access-list 33 permit 192.168.1.0 0.0.0.255
access-list 33 permit 192.168.2.0 0.0.0.255
access-list 33 permit 192.168.3.0 0.0.0.255
access-list 33 permit 192.168.5.0 0.0.0.255
!
banner motd ^C
**************************************************************
* This System is the Property of PT. Mastersystem Infotama *
* *
* Access is restricted to Authorized Person Only *

Implementation Document
12
Confidential
FORM-SE-14
Low Level Design

* Unauthorized Access is Prohibited *


* All unauthorized attempt to access this system will be *
* logged and investigated. *
* Violators will be prosecuted in conformance with local law *
* *
* *
**************************************************************
^C
!
line con 0
line vty 0 4
privilege level 15
login local
transport input all
line vty 5 15
login local
transport input all
!
end

Hostname : Gereja-SwGereja
Gereja-SwGereja#sh run
Building configuration...

Current configuration : 5308 bytes


!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gereja-SwGereja
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.IIw$pNSV/ESrPg1EIMKf08/mB/
!
username cisco privilege 15 secret 5 $1$rOJd$.k/JfxKYD6dOdldQelf74/
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-128943872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-128943872
revocation-check none
rsakeypair TP-self-signed-128943872
!
!
crypto pki certificate chain TP-self-signed-128943872

Implementation Document
13
Confidential
FORM-SE-14
Low Level Design

certificate self-signed 01
30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323839 34333837 32301E17 0D393330 33303532 32313632
335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3132 38393433
38373230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
E50412D8 18CC34ED CA93B326 B69891EB 0AE7033A 6BE90D0C 8565B247 D97A2BD8
FE7854C6 A8326968 42C49031 E1EA4952 C6D91762 3F2AD562 6D0D2DED 7DB3EF1E
0249ABB5 28B69A7A AD0B2B2A 7E8494A3 77CF3C6D 933C6EEB F69BDC40 5C92881E
32C5DFD2 906F01C0 C8AB261B 6814858F 65E4F731 A09D771B 88FA071D 8FD23E1B
02030100 01A37030 6E300F06 03551D13 0101FF04 05300301 01FF301B 0603551D
11041430 12821047 6572656A 612D5377 47657265 6A612E30 1F060355 1D230418
30168014 A13D3EEE 5B7048C4 03F1895E 60272FD0 9725B7E7 301D0603 551D0E04
160414A1 3D3EEE5B 7048C403 F1895E60 272FD097 25B7E730 0D06092A 864886F7
0D010104 05000381 8100748D 63F59904 100FF8D5 7CE99640 50C4E323 13F7079F
B39F10F7 6284FEF3 E3395A9A 1DC3B0D6 C7370A85 42C834A4 34BED4A0 CDCDFBA0
C0791D4A 4D32C1DF 40CB0D33 E432F115 F6B5F71C 65130A5D D37668A9 8CC241B5
6B876D30 846D4892 BCE8C695 B2BD06D8 AA8DA74C BEC1A4F3 3D76957A F8A1FD04
3D5BDF0E 09FC69A0 9784
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id*
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/8

Implementation Document
14
Confidential
FORM-SE-14
Low Level Design

switchport access vlan 3


switchport mode access
!
interface FastEthernet0/9
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 3
switchport mode access

Implementation Document
15
Confidential
FORM-SE-14
Low Level Design

!
interface FastEthernet0/23
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
ip default-gateway 192.168.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http access-class 33
ip http authentication local
ip http secure-server
!
access-list 33 permit 192.168.1.0 0.0.0.255
access-list 33 permit 192.168.2.0 0.0.0.255
access-list 33 permit 192.168.3.0 0.0.0.255
access-list 33 permit 192.168.5.0 0.0.0.255
!
banner motd ^C
**************************************************************
* This System is the Property of PT. Mastersystem Infotama *
* *
* Access is restricted to Authorized Person Only *
* Unauthorized Access is Prohibited *
* All unauthorized attempt to access this system will be *
* logged and investigated. *
* Violators will be prosecuted in conformance with local law *
* *
* *
**************************************************************
^C
!
line con 0
line vty 0 4
privilege level 15
login local
transport input all
line vty 5 15
login local
transport input all
!
end

Implementation Document
16
Confidential
FORM-SE-14
Low Level Design

2.3 Konfigurasi AP
Cara menambah, menghapus SSID dan mengganti password SSID di Cisco AP 1242 via Web:

1. Login ke website AP dengan username cisco password cisco

Implementation Document
17
Confidential
FORM-SE-14
Low Level Design

2. Setelah berhasil masuk, klik Security > Encryption Manager

3. Kemudian pada Chiper pilih AES CCMP, lalu klik Apply-All

Implementation Document
18
Confidential
FORM-SE-14
Low Level Design

4. Kemudian klik Security > SSID Manager

5. Untuk membuat SSID baru, pilih NEW pada Current SSID List. Kemudian masukkan data berikut:
a. SSID : Nama SSID yang akan dibuat
b. Interface, centang Radio0-802.11G dan Radio1-802.11A

Implementation Document
19
Confidential
FORM-SE-14
Low Level Design

c. Client Authenticated Key Management:


- Key Management, Pilih Mandatory
- Centang Enable WPA, Pilih WPA
- Pada WPA Pre-shared Key, masukkan password SSID minimal 8 karakter

d. Kemudian klik Apply, dan klik Ok

6. Untuk broadcast SSID yang telah dibuat, klik Security > SSID Manager kemudian pada bagian Guest
Model/Infrastructure SSID Settings, Radio0-802.11G > Set Beacon Mode > Single BSSID. Kemudian pilih
SSID yang akan di broadcast pada Set Single Guest Mode SSID. Lalu klik Apply dan Ok.

Implementation Document
20
Confidential
FORM-SE-14
Low Level Design

7. Untuk menghapus SSID yang telah dibuat, klik Security > SSID Manager, pilih SSID yang akan dihapus di
Current SSID List, kemudian klik Delete dan Ok

8. Untuk mengganti password SSID yang telah dibuat, klik Security > SSID Manager, pilih SSID yang akan
diganti passwordnya pada Current SSID List,

Implementation Document
21
Confidential
FORM-SE-14
Low Level Design

Kemudian pada bagian Client Authenticated Key Management masukkan data-data berikut:
- Key Management > Mandatory
- Centang Enable WPA > WPA
- Masukkan password SSID baru di WPA Pre-shared Key, minimal 8 karakter
- Kemudian klik Apply dan Ok

Implementation Document
22
Confidential
FORM-SE-14
Low Level Design

Implementation Document
23
Confidential
FORM-SE-14
Lampiran 1 - Referensi

Lampiran 1 - Referensi


Implementation Document
24
Confidential
FORM-SE-14

You might also like