Modul Praktikum Internet Working Ok

INTERNETWORKING

MODUL PRAKTIKUM

Disusun Oleh :

Santoso, S.Si

JURUSAN TEKNIK INFORMATIKA

Hal 1 dari 114

POLITEKNIK POS INDONESIA

2006

DAFTAR GAMBAR

Gambar 3.1 …………………………………………………………….… III-3

Gambar 3.2 …………………………………………………… III-4

Hal 2 dari 114

DAFTAR ISI

Petemuan 1 dan 2LAB 1 Instalasi Linux Slackware …………………………………………………………….

1

1.1. Kebutuhan Sistem (System Requirement) …………………………………………………... 11.2. Software yang akan diinstall ………………………………………………………………… 11.3. Metode Instalasi …………………………………………………………………………….. 21.4. Langkah – langkah Instalasi Slackware 10.1 ........................................................................... 21.5. Membuat Partisi Linux ………………………………………………………………………. 31.6. Perintah-Perintah di Linux …………………………………………………………………... 7

Pertemuan 3, 4, 5LAB 2 FTP Server dan Web Server ...........................................................................................

10

2.1. FTP Server ............................................................................................................................... 102.1.1 File-file konfigurasi ............................................................................................................... 102.1.2 Pengujian FTP Server ............................................................................................................ 122.2. Web Server .............................................................................................................................. 132.2.1 Membuat Web Server ............................................................................................................ 142.2.2 File-file konfigurasi ............................................................................................................... 142.2.3 Pengujian Web Server ........................................................................................................... 152.3. Virtual Host ............................................................................................................................. 172..3.1 Membuat Virtual Host ......................................................................................................... 172.3.2 Pengujian

Pertemuan 6,7+Quiz LAB 3 Proxy Server …………………………………………………………………………… 203.1 Membuat Proxy Server dengan Squid ……………………………………………………….. 203.2 Kompilasi dan Instalasi ............................................................................................................ 203.3 Konfigurasi ………………………………………………………………………………….. 203.4 Menggunakan Squid ………………………………………………………………………… 213.5 Mengujicoba Server Proxy/Squid …………………………………………………………… 223.6 Mengkonfigurasi squid sebagai transparan proxy …………………………………………… 22

Pertemuan 8,9LAB 4 Membuat Mail Server ......................................................................................................

24

4.1. Posfix ...................................................................................................................................... 244.1.1 Instalasi Postfix ..................................................................................................................... 244.1.2 Instalasi TPOP3D .................................................................................................................. 274.2. SendMail .................................................................................................................................. 284.2.1 Instalasi dan Konfigurasi SendMail ....................................................................................... 294.2.2. Perintah pada Server SendMail ............................................................................................. 304.2.3 Instalasi dan Konfigurasi Server POP3 ................................................................................. 304.2.4 Pengujian ............................................................................................................................... 314.3. DMMail Client ……………………………………………………………………………… 31

Hal 3 dari 114

Pertemuan 10,11LAB 5 Routing ............................................................................................................................... 335.1. Routing Statik .......................................................................................................................... 335.1.1 Langkah-2 pembuatan Routing Statik ……………………………………………………… 335.1.2. Routing Dinamis ................................................................................................................... 355.2. Langkah-2 pembuatan Routing Dinamis ……………………………………………………. 355.2.1 Instalasi Zebra Routing ......................................................................................................... 355.1.2 Konfigurasi pada router2 dan route ...................................................................................... 355.3 De Militerized Zone ( DMZ)..................................................................................................... 37

Petemuan 12,13,14+QUIZLab 6 Router ..................................................................................................................................

40

Lab 6.1 Login .................................................................................................................................. 41Lab. 6.2 Help and Editing .............................................................................................................................. 42Lab 6.3 Commands for starting dan saving configurations ............................................................ 44Lab 6.4 Setting your paswords ....................................................................................................... 45Lab 6.5 Setting your hostname, adding a banner, IP address, Identification, bandwidth and

clock rate. .........................................................................................................................47

Lab 6.6 Configuration the lab ......................................................................................................... 50Lab 6.7 Creating Static Routes ....................................................................................................... 55Lab 6.8 Default Routes ................................................................................................................... 57Lab 6.9 Dynamic Routing with RIP ................................................................................................ 59Lab 6.10 Dynamic Routing with IGRP ........................................................................................... 61Lab 6.11 Configuring VLANs and ISL .......................................................................................... 63Lab 6.12 Backing up your Router IOS ........................................................................................... 66Lab 6.13 Upgarding or restoring your router IOS .......................................................................... 68Lab 6.14 Back Up the router configuration .................................................................................... 70Lab 6.15 Telnet ............................................................................................................................... 71Lab 6.16 IP name Resolution ......................................................................................................... 73Lab 6.17 Cisco discovery protocol (CDP) ……………………………………………………….. 75Lab 6.18 Internet working packet eXchange (IPX) ……………………………………………… 78Lab 6.19 Adding secondary network addresses and multiple frame types with IPX .................... 85Lab 6.20 Standard IP Address List ................................................................................................ 87Lab 6.21 Extended IP access lists ................................................................................................... 89Lab 6.22 IPX Standard access-lists ................................................................................................ 92Lab 6.23 PPP configuration ............................................................................................................ 94Lab 6.24 Configuring PPP Authentication ..................................................................................... 95Lab 6.25 Point –to-point frame Relay ............................................................................................ 96Lab 6.26 Frame relay with sub interface ........................................................................................ 100Lab 6.27 ISDN configuration ......................................................................................................... 109

Appendix B. Managing the 1900 switch ........................................................................................ 112Appendix B : Port security on the 1900 switch .............................................................................. 113

Hal 4 dari 114

DAFTAR TABEL

Tabel 1.1 ............................................................................................... I-3

Tabel 2.1 ……………………………………………………………... II-3

KATA PENGANTAR

Modul praktikum ini disusun sebagai pedoman bagi mahasiswa di lingkungan Politeknik Pos

Indonesia yang mengikuti praktikum mata kuliah Internetworking. Tujuan dari pelaksanaan

praktikum mata kuliah Internetworking ini adalah untuk memperdalam mata kuliah Jaringan

komputer yang diberikan kepada mahasiswa di Jurusan Teknik Informatika sebelumya

Di dalam kegiatan praktikum ini, akan dipelajari dan dipraktekan tahapan-tahapan dalam

proses pemantapan penguasaan jaringan pada wide area network. Susunan modul ini terdiri dari

tujuan, pembahasan teori praktis, tugas-tugas praktikum dan tugas-tugas pendahuluan/rumah yang

harus dikerjakan oleh para praktikan. Diharapkan para praktikan telah mempersiapkan materi yang

akan diberikan pada praktikum demi kelancarannya.

Modul praktikum Internetworking ini terdiri dari 6 Modul dengan topik bahasan sebagai

berikut :

Modul 0 : Pendahuluan, berisi tujuan umum praktikum, pembahasan singkat mengenai

…….. dan referensi.

Modul 1 : .

Modul 2 : .

Modul 3 : .

Modul 4 : .

Modul 5 : .

Hal 5 dari 114

Materi yang diberikan dalam modul dan pada saat praktikum masih belum lengkap dan untuk

itu praktikan diharapkan dapat mencari referensi tambahan yang diperlukannya baik di

perpustakaan maupun melalui media internet. Selain itu praktikan diharapkan mengikuti mata

kuliah Internetworking dengan baik, karena salah satu sumber selain modul adalah materi yang

diberikan pada saat kuliah.

Modul ini masih belum sempurna, sehingga perlu dikaji baik oleh dosen pengajar, instruktur,

asisten maupun praktikan yang terlibat dalam praktikum. Oleh karena itu penyusun berharap agar

para pemakai modul ini dapat memberikan sumbangan saran untuk perbaikan modul

Internetworking ini.

Semoga modul ini dapat bermanfaat bagi para personil yang terlibat dalam praktikum

rekayasa perangkat lunak, serta dapat meningkatkan kemampuan mahasiswa dalam menguasai

proses-proses dalam perancangan dan pelaksanaan instalasi serta konfigurasi pada perangkat lunak

maupun perangkat keras yang mendukung jaringan pada wide area network.

Bandung, ……….2006

Penyusun

Hal 6 dari 114

Nama matakuliah

INTERNEWORKING

Disusun Oleh :

Santoso, S.Si

Telah disetujui dan disahkan untuk dijadikan bahan ajar

di Jurusan Teknik Informatika

Bandung, Juli 2003

Kord. Mata Kuliah

Internetworking

Ketua Jurusan Teknik Informatika

Santoso .......................................

Hal 7 dari 114

TEKNIK PENILAIAN

Teknik penilaian praktikum mata kuliah adalah sebagai berikut :

1. Rincian bobot nilai mata praktikum Interneworking adalah sebagai berikut :

a. Nilai Praktikum : 50%

Yang terdiri dari :

Tugas Pendahuluan(TP) : 20%

Tugas Rumah(TR) : 15%

Latihan-latihan Praktikum(LLP) : 40%

Test Awal/Test Akhir(TA) : 10%

Asistensi : 15%

b. Laporan Praktikum (LP) : 40%

Yang terdiri dari :

Dokumen Proposal dan Pengembangan Sistem : 15%

Dokumen SRS : 20%

Dokumen SDD : 20%

Dokumen Implementasi : 15%

Dokumen Pengujian : 15%

Software Aplikasi : 15%

c. Absensi/Kehadiran(AK) : 10%

2. Range nilai mata praktikum ................ adalah sebagai berikut :

85 Nilai 100 Grade : A

75 Nilai < 85 Grade : B

65 Nilai < 75 Grade : C

55 Nilai < 65 Grade : D

0 Nilai < 55 Grade : E

3. Praktikan dianggap LULUS jika nilai praktikumnya 65

TEKNIK PELAKSANAAN PRAKTIKUM

Hal 8 dari 114

1. Pelaksanaan praktikum Interneworking dimulai dari tahapan persiapan dari Dosen, Asisten

dan Praktikan.

2. Praktikan harus menyelesaikan tugas pendahuluan dan diserahkan pada Instruktur/Asisten

dengan tertib sebelum praktikum dimulai. (Jika tidak mengumpulkan tugas pendahuluan

praktikan tidak diperkenankan mengikuti praktikum).

3. Bentuk laporan tugas adalah sebagai berikut :

Halaman Depan (sampul), berisi informasi :

<Nama Modul>

<Nama Tugas>

<Tugas Ke-...>

Untuk memenuhi tugas Praktikum Internetworking

Di Jurusan Teknik Informatika

Disusun oleh :

<NPM> <Nama >

Laboratorium

Jurusan Teknik Informatika – Politeknik Pos Indonesia

Bandung

2006

Logo

Poltek Pos

Asisten/Dosen Halaman : n/m

Dimana <n : halaman ke-> dan

<m : jumlah halaman>

<Nama Asisten/Dosen> Tanggal : <Tanggal dikumpulkan>

Halaman Isi, terdiri dari :

Hal 9 dari 114

Permasalahan/ Pendahuluan (Latar Belakang Masalah, Batasan Masalah, dst)

Isi (Landasan Teori, Analisa, dst) dan/atau

Penyelesaian masalah (algoritma, print-out program, hasil running program, hasil analisa dst)

Kesimpulan

Catatan : Tugas ditulis tangan menggunakan tinta warna hitam, kecuali cover, print-out

program dan tugas khusus (atas persetujuan dosen) boleh di print.

4. Selama di dalam ruang praktikum, praktikan harus mengikuti semua latihan dan petunjuk

yang diberikan Dosen/Asisten.

5. Praktikan harus mengerjakan semua tugas yang diberikan oleh Dosen/Asisten, baik tugas

pendahuluan, latihan maupun tugas rumah.

6. Modul Praktikum sebanyak ...modul dan maksimum diselesaikan dalam 12 kali

pertemuan.

7. Diakhir praktikum praktikan harus menyerahkan dokumen-dokumen praktikum dan software

aplikasi yang telah dibuat dalam bentuk softcopy maupun hardcopy.

8. Asistensi dilaksanakan pada saat praktikum berlangsung dan di luar praktikum, praktikan

dapat menghubungi asisten/dosen untuk melaksanakan asistensi. Asistensi diadakan untuk

membantu praktikan dalam menyelesaikan proyek perangkat lunak yang diberikan.

9. Asistensi dilaksanakan minimum satu minggu sekali disesuaikan dengan waktu yang dimiliki

asisten/instruktur dan praktikan.

10. Praktikan di harapkan aktif baik untuk mengajukan pertanyaan maupun menjawab pertanyaan.

Hal 10 dari 114

Lab 1 Instalasi Linux Slackware

1.1. Kebutuhan Sistem (System Requirement)

Sebelum melakukan instalasi Linux Slackware, diperlukan proses pengecekan kebutuhan

sistem yang dimiliki. Berikut ini adalah kebutuhan sistem minimal yang diperlukan:

486 processor

16MB RAM (32MB suggested)

100-500 megabytes of hard disk space for a minimal and around 3.5GB for full install

3.5" floppy drive

Kebutuhan minimal diatas akan bertambah jika ingin menjalankan sistem X-Window.

1.2. Software yang akan diinstall

Langkah berikutnya adalah menentukan software apa saja yang akan diinstall, pada

distribusi Linux Slackware setiap software dikelompokkan dalam group-group. Group

tersebut terdiri adalah:

A : Group ini berisi kumpulan software dasar yang dibutuhkan untuk

menjalankan Linux Slackware seperti teks editor dan komunikasi.

AP : Kumpulan aplikasi / software yang dapat dijalankan tanpa sistem X-

Window.

D : Berisi kumpulan aplikasi untuk kebutuhan pengembangan (Development

Tools) seperti Kompilator, Debugger, Interpreter, Sistem Help.

E : Berisi aplikasi GNU Emacs.

F : Berisi FAQs (Frequently Asked Questions), HOWTOs, dan dokumentasi

lainnya.

GNOME : Berisi aplikasi sistem Desktop GNOME.

K : Berisi kode sumber (source code) kernel linux.

KDE : Berisi aplikasi sistem Desktop KDE.

KDEI : Berisi dukungan bahasa internasional untuk sistem KDE.

Hal 11 dari 114

L : Berisi pustaka sistem (system library)

N : Berisi aplikasi networking: Daemons, aplikasi mail, telnet, news reader,

dan lain-lain.

T : Berisi aplikasi teTeX untuk kebutuhan format sistem dokumen.

TCL : Berisi tool pemrograman Tk, TclX, dan TkDesk.

X : Berisi sistem dasar untuk X-Window.

XAP : Berisi aplikasi yang membutuhkan sistem X-Window dan independen

terhadap sistem desktop tertentu. Artinya dapat dijalankan pada KDE,

GNOME, Enlightment dan lain-lain.

Y : Berisi aplikasi game.

1.3. Metode Instalasi

Slackware menyediakan beberapa metode / cara instalasi, yaitu:

1. Instalasi dengan memanfaatkan partisi DOS / Windows

2. Instalasi dengan disket boot dan disket root.

3. Instalasi dengan CD-ROM.

Dalam praktikum kali ini akan dipraktekkan instalasi Linux Slackware menggunakan CD-

ROM Slackware 10.1, karena cara ini dianggap cara yang paling mudah.

1.4. Langkah – langkah Instalasi Slackware 10.1

Berikut ini adalah langkah melakukan Instalasi linux slackware 10.1 :

Booting Software

Langkah 1 : Siapkan Software Slackware 10.1 yang terdiri dari empat buah CD-

ROM

Langkah 2 : Nyalakan komputer dan atur agar First Boot Sequence BIOS

mengarah ke CD-ROM

Langkah 3 : Masukkan CD-1 Linux Slackware ke CD-ROM Drive

Langkah 4 : Tunggu hingga muncul layar instalasi slackware, yang ditandai

dengan munculnya karakter titik dua (:).

Langkah 5 : Ketikkan jenis harddisk yang digunakan, kemudian tekan tombol

Hal 12 dari 114

ENTER Misalkan bare.i untuk jenis harddisk IDE, atau scsi.s untuk

jenis harddisk SCSI

Langkah 6 : Selanjutnya akan ada permintaan nama user yang akan login,

ketikkan root kemudian tekan tombol ENTER

1.5. Membuat Partisi Linux

Agar Linux dapat diinstalasi, terlebih dahulu disediakan ruangan pada harddisk untuk

menyimpan System. Diasumsikan pada praktikum kali ini semua harddisk yang digunakan

berjenis IDE. Langkah-langkah membuat partisi Linux adalah sebagai berikut:

Langkah 7 : #fdisk /dev/hda

maka akan ditampilkan baris seprti berikut :

Command (m for help):

Langkah 8 : Untuk menampilkan perintah-perintah yang ada ketikkan m kemudian

tekan ENTER.

Maka akan ditampilkan menu seperti berikut ini:

Command (m for help): m

Command action

a toggle a bootable flag

d delete a partition

l list known partition types

m print this menu

n add a new partition

p print the partition table

q quit without saving changes

t change a partition's system id

u change display/entry units

v verify the partition table

w write table to disk and exit

x extra functionality (experts only)


Langkah 9 : Untuk menampilkan partisi yang telah ada di harddisk, ketikkan p

Hal 13 dari 114

kemudian tekan ENTER.

Makan akan muncul menu seperti berikut ini:

Command (m for help): p

Disk /dev/hda: 16 heads, 38 sectors, 683

cylinders

Units = cylinders of 608 * 512 bytes

Device Boot Begin Start End Blocks

Id System

/dev/hda1 * 1 1 203 61693

6 DOS 16-bit >=32M


Langkah 10 : Selanjutnya kita akan buat terlebih dahulu Partisi Swap sebesar 2 kali

ukuran RAM yang digunakan. Diasumsikan RAM yang digunakan

adalah 128MB. Maka partisi swap yang harus dibuat adalah 256MB.

Lihat menu dibawah ini :

Command (m for help): n

Command action

e extended

p primary partition (1-4)

p

Partition number (1-4): 1

First cylinder (204-683): 204

Last cylinder or +size or +sizeM or +sizeK

(204-683): +256M

Langkah 11 : Karena partisi yang terbentuk pada langkah sebelumnya adalah Linux

Native, maka gantilah menjadi Linux Swap dengan langkah sebagai Hal 14 dari 114

berikut:

o Ketik t kemudian tekan ENTER

o Ketik nomor urut partisi yang akan diganti jenisnya,

misalnya 1 ENTER.

o Ketik 82 kemudian ENTER (82=Linux Swap)

Langkah 12 : Kini buatlah partisi Linux Native sebagai tempat sistem Linux,

dengan cara sebagai berikut:

o Ketik n kemudian ENTER

o Ketik p kemudian ENTER

o Ketik 2 kemudian ENTER, 2 adalah nomor urut partisi

untuk Linux Native, sedang 1 telah digunakan untuk Linux Swap.

o Pada pertanyaan First cylinder dan Last cylinder tekan

ENTER.

Langkah 13 : Ketik w kemudian ENTER untuk menyimpan partisi yang telah

dibuat.

Selanjutnya sampailah pada langkah untuk instalasi software-software yang ada pada

Linux Slackware, untuk versi Linux Slackware 10.1 terdiri dari 4 CD-ROM namun pada

proses instalasi software ini hanya dibutuhkan 2 CD-ROM.

Langkah 14 : #setup

Setelah diketik perintah setup tekan enter, maka akan terlihat sebagai

berikut:

Help : Digunakan untuk menampilkan informasi bantuan proses

instalasi.

Keymap : Digunakan untuk mapping keyboard yang digunakan,

default yang digunakan adalah keyboard jenis US.

Quick : Digunakan untuk menentukan mode proses instalasi

Hal 15 dari 114

menggunakan sistem quick (cepat) atau verbose, default

yang digunakan adalah verbose.

Make

tags

: Memungkinkan bagi yang telah mahir dengan Linux

Slackware untuk mengkustomisasi proses instalasi

dengan membuat file tags.

Addswap : Digunakan untuk menentukan partisi swap yang

digunakan sekaligus menformatnya. Langkah ini wajib

dilakukan.

Target : Digunakan untuk menentukan partisi yang akan dijadikan

sebagai tempat sistem Linux dalam hal ini jenis partisi

adalah Linux Native. Pada pilihan ini akan dilakukan

proses format dan pembuatan filesystem. Langkah ini

wajib dilakukan.

Source : Digunakan untuk menentukan program sumber Linux

Slackware, misalnya dari CD-ROM. Langkah ini wajib

dilakukan.

Disk sets : Digunakan untuk menentukan disk mana saja yang akan

diikutsertakan dalam proses instalasi.

Install : Digunakan untuk melaksanakan proses instalasi sesuai

dengan proses-proses sebelumnya. Untuk lebih

mudahnya lakukan instalasi penuh (Full). Langkah ini

wajib dilakukan.

Configure : Digunakan untuk melakukan konfigurasi setelah proses

intalasi selesai dilakukan. Pada pilihan ini akan

ditentukan nama host, domain, ip, netmask, dan password

root.

Setelah langkah Configure selesai dilakukan, maka pilihlah menu Exit. Keluarkan CD-

ROM dan tekan tombol restart (CTRL+ALT+DEL).

1.6. Perintah-Perintah di Linux

Hal 16 dari 114

Sistem operasi Linux menyediakan perintah-perintah baris (command line) untuk keperluan

administrasi. Dalam praktikum kali ini mahasiswa akan diberikan beberapa perintah yang

paling sering digunakan dalam administrasi sistem linux. Hampir seluruh perintah di linux

menggunakan huruf kecil.

login

Perintah ini digunakan untuk melakukan log in dalam sistem linux. Setelah perintah ini

diketikkan, maka akan ada permintaan username dan password.

santos@login: root

Password:

Linux 2.4.26.

No mail.

root@santos:~#

logout

Perintah ini digunakan untuk log out dari sistem linux. Perintah ini adalah kebalikan

perintah login.

1. ls [options] [file...]

Digunakan untuk menampilkan daftar file dan direktori. Perintah ini memiliki sejumlah

option antara lain yang sering digunakan adalah:

-l Menampilkan daftar file dalam bentuk kolom secara lengkap.

-a Menampilkan daftar file termasuk file yang tersembunyi

(berawalan titik).

Contoh: root@santos:~# ls -l

root@santos:~# ls -l

2. cp [options] file path

Digunakan untuk membuat duplikasi file atau direktori.

Contoh: root@santos:~# cp test1.txt test6.txt

3. mkdir [options] directory

Hal 17 dari 114

Digunakan untuk membuat sebuah direktori.

Contoh: root@santos:~# mkdir test

4. cd directory

Digunakan untuk mengganti direktori yang aktif.

Contoh: root@santos:~# cd test (mengaktifkan direktori test)

root@santos:~# cd .. (mengaktifkan direktori yang lebih atas

satu level)

root@santos:~# cd / (mengaktifkan direktori root)

5. pwd

Digunakan untuk menampilkan direktori yang aktif.

Contoh: root@santos:~# pwd

root@santos:~#

6. rm [options] file

Digunakan untuk menghapus file atau direktori. Jika digunakan dengan option –r maka

dapat digunakan untuk menghapus direktori.

Contoh: rm test6.txt

rm –r test/

7. chown [options] user:[group] file

Digunakan untuk mengganti kepemilikan file atau direktori.

Contoh: chown santos:users test1.txt

chown –R santos:users test/

8. chmod [options] mode file

Digunakan untuk mengganti mode akses file atau direktori.

Jenis mode akses yang dapat diterapkan adalah:

r (4): read

w (2): write

x (1): execute

Contoh chmod 777 test1.txt

Hal 18 dari 114

LAB 2 FTP Server dan Web Server2.1. FTP Server

File Transfer Protocol (FTP) adalah salah satu layanan internet yang memungkinkan kita

melakukan upload / download file ke / dari server ftp. Dalam praktikum kali ini akan

dibahas bagaimana membuat sebuah server ftp menggunakan aplikasi Proftpd.

Berikut ini adalah langkah-langkah pembuatan server ftp:

whereis proftpd

Perintah ini digunakan untuk melakukan pengecekan apakah program proftpd sudah terinstal

di server Linux Slackware 10.1

Linux 2.4.26.

root@santos:~#whereis proftpd

proftpd: /usr/sbin/proftpd /etc/proftpd.conf

/usr/man/man8/proftpd.8.gz

/usr/share/man/man8/proftpd.8.gz

root@santos:~#

Jika file proftpd tidak ditemukan, maka Anda harus menginstallnya terlebih dahulu. Proses

instalasi dapat dilakukan menggunakan cdrom slackware 10.1 yang berupa paket .tgz atau

menggunakan program sumbernya yang dapat diambil dari website www.proftpd.org.

2.1.1 File-file konfigurasi

File-file konfigurasi yang digunakan adalah /etc/proftpd.conf dan /etc/ftpusers sedangkan

pada file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti

berikut:

ftp-data 20/tcp #File Transfer [Default Data]

ftp-data 20/udp #File Transfer [Default Data]

ftp 21/tcp #File Transfer [Control]

ftp 21/udp #File Transfer [Control]

Hal 19 dari 114

http://www.proftpd.org/

Beberapa baris konfigurasi yang penting pada file /etc/proftpd.conf

ServerName : Digunakan untuk menentukan nama server ftp, misalnya “FTP Server

Poltekpos”

ServerType : Tipe ftp server ada 2 macam, yaitu standalone dan inetd. Jika dipilih

standalone maka server ftp harus dijalankan manual, sedangkan tipe

inetd akan menjalankan server ftp berdasarkan program inetd dengan

konfigurasi yang pada file /etc/inetd.conf.

RequireValid

Shell

: Jika diisi dengan off maka pengecekan jenis shell yang digunakan

client ditiadakan, sebaliknya jika diisi on maka client yang mengakses

ftp server harus memiliki jenis shell yang sama dengan server.

Misalnya bash, sh, csh dan lain-lain.

Port : Default dari baris ini adalah 21, yang digunakan untuk kontrol koneksi

antara server dan client.

Umask : Default dari baris ini adalah 022, yang digunakan untuk menentukan

mode dari file yang ditulis oleh client yaitu

rw--r--r--

MaskInstance

s

: Default dari baris ini adalah 30, yang digunakan untuk menentukan

jumlah proses ftp yang dapat berlangsung pada saat yang bersamaan.

Baris ini hanya akan mempunyai efek pada tipe ftp standalone.

User

Group

: Digunakan untuk menentukan nama user dan group yang menjalankan

server ftp. Nilai default untuk user adalah nobody, sedangkan group

adalah nogroup.

SystemLog : Digunakan untuk menentukan nama file yang mencatat penggunakan

server ftp.

TransferLog : Digunakan untuk mencatat proses upload / download yang telah

dilakukan.

<Directory

DIR>

....

....

....

</Directory>

: Baris ini digunakan untuk menentukan kebijakan akses terhadap

direktori tertentu. Contoh:

<Directory /*>

AllowOverwrite ON

</Directory>

Hal 20 dari 114

Memungkinkan untuk menimpa file yang telah ada pada proses upload

dengan nama file sama.

<Limit

ACCESS>

....

....

....

</Limit>

: Baris ini terletak diantara baris <Directory> dan </Directory> dan

digunakan untuk menentukan akses terhadap direktori yang telah

ditentukan pada baris <Directory>. Akses yang dapat ditentukan

adalah:

READ, WRIT, MKD, DELE, STOR

Diantara baris <Limit> dan </Limit> dapat berisi baris:

DenyAll : Menolak semua akses dari semua ip address.AllowAll : Menerima semua akses dari semua ip address.

Allow From <ip> : Menerima akses dari ip tertentu.Deny From <ip> : Menolak akses dari ip tertentu.

<Anonymous

~ftp>

...

...

...

</

Anonymous>

: Baris ini digunakan untuk menentukan layanan ftp untuk user

anonymous (tanpa user terdaftar). Agar layanan ini dapat disediakan

maka hapus baris ftp dari file /etc/ftpusers.

Home directory dari user anonymous adalah /home/ftp. Diantara baris

<Anonymous> dan </Anonymous> dapat diberikan baris lain seperti

MaxClients, User, Group, UserAlias, DisplayLogin, DisplayFirstChdir

dan tentu saja baris <Limit> dan </Limit>.

2.1.2 Pengujian FTP Server

Pengujian terhadap server ftp dapat dilakukan baik dari lokasi server maupun client.

Lokasi Server root@santos:~#ftp localhost

ftp>

Lokasi client I:\>ftp 192.168.4.1

ftp> bye

Perintah-perintah pada sesi ftp

get / recv : Mengambil sebuah file (download) dari server ftp.

put / send : Meletakkan sebuah file (upload) ke server ftp.Hal 21 dari 114

mget : Mengambil beberapa file dari server ftp.

mput : Meletakkan beberapa file ke server ftp.

prompt : Toggle on/off konfirmasi download / upload / delete.

help : Menampilkan bantuan / daftar perintah yang ada.

bye/quit : Mengakhiri sesi ftp dan kembali ke sistem operasi.

cd : Mengaktifkan direktori tertentu pada komputer server.

lcd : Mengaktifkan direktori tertentu pada komputer client.

mkdir : Membuat sebuah direktori baru.

rmdir : Menghapus sebuah direktori.

binary : Menentukan mode transfer menjadi binary.

ascii : Menentukan mode transfer menjadi ascii.

type : Menampilkan mode transfer file yang sedang aktif.

delete : Menghapus sebuah file.

mdelete : Menghapus beberapa file.

hash : Toggle on/off untuk menampilkan proses download / upload.

rename : Mengganti nama sebuah file / direktori.

pwd : Menampilkan direktori aktif.

close/disconnect : Mengakhiri sesi ftp tanpa kembali ke sistem operasi.

ls : Menampilkan daftar file / direktori.

status : Menampilkan status konfigurasi sesi ftp yang aktif.

open : Mengaktifkan koneksi ke server ftp.

verbose : Toggle on/off untuk menampilkan hasil suatu proses ftp.

user : Mengganti user yang aktif.

2.2. Web Server

Sistem Operasi Linux Slackware 10.1 menyediakan layanan web menggunakan software

web server Apache 1.3.33 secara default. Namun Anda masih dapat menggunakan software

web server lain jika diinginkan.

2.2.1 Membuat Web Server

Berikut ini adalah langkah-langkah pembuatan server web dengan Apache 1.3.33:

Hal 22 dari 114

whereis httpd

Perintah ini digunakan untuk melakukan pengecekan apakah program httpd sudah terinstal

di server Linux Slackware 10.1

Last login: Mon Apr 4 12:58:02 2005

Linux 2.4.29.

root@santos:~#whereis httpd

httpd:/usr/sbin/httpd/usr/man/man8/httpd.8.gz

/usr/share/man/man8/httpd.8.gz

root@santos:~#

Jika file httpd tidak ditemukan, maka Anda harus menginstallnya terlebih dahulu. Proses

instalasi dapat dilakukan menggunakan cdrom slackware 10.1 yang berupa paket .tgz atau

menggunakan program sumbernya yang dapat diambil dari website www.apache.org.

2.2.2 File-file konfigurasi

File konfigurasi penting yang digunakan adalah /etc/apache/httpd.conf, sedangkan pada

file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti berikut:

http 80/tcp www www-http #World Wide Web HTTP

http 80/udp www www-http #World Wide Web HTTP

Beberapa baris konfigurasi yang penting pada file /etc/apache/httpd.conf

ServerType : Baris ini menentukan apakah apache dijalankan secara standalone atau

inetd. Menjalankan apache secara standalone cukup dengan

mengetikkan perintah /usr/sbin/httpd start, sedangkan jika ingin

menjalankan apache menggunakan inetd cukup menghilangkan

karakter # pada file /etc/inetd.conf pada baris ftp stream tcp nowait

root /usr/sbin/tcpd httpd

StartServer : Menentukan jumlah server apache yang akan dijalankan. Jika apache

dalam keadaan running, maka jumlah server yang dijalankan bisa

dilihat dengan perintah ps axf | grep httpd

MaxClients : Menentukan jumlah client yang bisa tersambung ke web server secara

bersamaan.

Port : Menentukan nomor port yang digunakan oleh apache, defaultnya

Hal 23 dari 114

http://www.proftpd.org/

adalah port 80

User

Group

: Menentukan nama user dan group yang menjalankan apache, akan

lebih aman jika yang digunakan adalah bukan user root.

ServerAdmin : Menentukan email address Administrator web server.

ServerName : Menentukan nama web server, misalnya www.poltekpos.net

DocumenRoot : Menentukan letak file-file web, defaultnya terletak di /var/www/htdocs

DirectoryInde

x

: Menentukan nama file yang pertama kali dibaca oleh web server,

misalkan index.html index.htm index.php

2.2.3 Pengujian Web Server

Pengujian terhadap server web dapat dilakukan baik dari lokasi server maupun client.

Lokasi server: root@santos:~#lynx localhost

Test Page for the SSL/TLS-aware Apache Installation on Web Site

Hey, it worked !

The SSL/TLS-aware Apache webserver was

successfully installed on this website.

If you can see this page, then the people who own this website have

just installed the Apache Webserver software and the Apache

Interface to OpenSSL (mod_ssl) successfully. They now have to add

content to this directory and replace this placeholder page, or else

point the server at their real content.

ATTENTION!

If you are seeing this page instead of the site you expected, please

contact the administrator of the site involved. (Try sending mail to

webmaster@domain>.) Although this site is running the Apache

software it almost certainly has no other connection to the Apache

Group, so please do not

send mail about this site or its contents to the Apache authors. If you

do, your message will be ignored.

Hal 24 dari 114

http://www.poltekpos.net/

The Apache online documentation has been included with this

distribution.

Especially also read the mod_ssl User Manual carefully.

Your are allowed to use the images below on your SSL-aware

Apache Web server.

Thanks for using Apache, mod_ssl and OpenSSL!

Apache Webserver mod_ssl Interface OpenSSL

Toolkit

Lokasi client:

Hal 25 dari 114

2.3. Virtual Host

Dengan apache, dimungkinkan untuk dibuat virtual host, artinya di dalam satu web server,

bisa terdapat beberapa domain sekaligus. Hanya direktori penyimpanan file-file webnya

yang berbeda. Berikut akan kita praktekkan bagaimana membuat virtual host dengan nama

tes.poltekpos.net:

2..3.1 Membuat Virtual Host

Buat direktori /var/www/htdocs/tes

root@myhost:/var/www/htdocs# mkdir /var/www/htdocs/tes

Buat file html bernama index.html yang isinya seperti beriktu:

<HTML>

<HEAD><TITLE>VIRTUAL HOST</TITLE></HEAD>

<BODY>

<H1>TESTING VIRTUAL HOST</H1>

</BODY>

</HTML>

Edit file /etc/apache/httpd.conf

Atur baris NameVirtualHost *:80 agar menjadi seperti berikut:

#

# Use name-based virtual hosting.

#

NameVirtualHost *:80

#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost

container.

# The first VirtualHost section is used for requests

Hal 26 dari 114

without a known

# server name.

#

<VirtualHost tes.poltepos.net:80>

ServerAdmin [email protected]

DocumentRoot /var/www/htdocs/tes

ServerName tes.poltekpos.net

# ErrorLog logs/dummy-host.example.com-error_log

# CustomLog logs/dummy-host.example.com-access_log

common

</VirtualHost>

Simpan file httpd.conf tersebut

Restart apache dengan perintah apachectl restart

Tambahkan baris tes.poltekpos.net ke file /etc/hosts, kemudian simpan.

# For loopbacking.

127.0.0.1 localhost

192.168.0.2 myhost.poltekpos.net

192.168.0.2 tes.poltekpos.net

# End of hosts.

2.3.2 Pengujian

Tes virtual host dengan perintah lynx http://tes.poltekpos.net/

Hal 27 dari 114

http://tes.poltekpos.net/

LAB 3 Proxy Server3.1 Membuat Proxy Server dengan Squid

Sistem Operasi Linux Slackware 10.1 secara default tidak menyediakan software untuk

kebutuhan proxy server, olehnya itu kita harus menggunakan software tambahan. Dalam

praktikum kali ini kita akan membuat proxy server menggunakan software squid-

2.5.STABLE9.tar.gz yang dapat didownload secara gratis di website www.squid-cache.org.

Berikut ini adalah langkah-langkah pembuatan proxy server dengan squid:

3.2 Kompilasi dan Instalasi

Kopikan file sumber squid ke direktori /usr/local/src dan aktifkan direktori tersebut.

bash-3.00#cp squid-2.5.STABLE9.tar.gz /usr/local/src

bash-3.00#cd /usr/local/src

Ekstrak file sumber squid dan aktifkan direktori hasil ekstrak tersebut.

bash-3.00#tar xzvf squid-2.STABLE9.tar.gz

bash-3.00#cd squid-2.STABLE9

Konfigurasi dan kompilasi squid.

bash-3.00#./configure --enable-arp-acl

bash-3.00#make all

bash-3.00#make install

Secara default hasil instalasi squid akan berada pada direktori /usr/local/squid

3.3 Konfigurasi

File konfigurasi squid secara umum semuanya terletak pada file

/usr/local/squid/etc/squid.conf, gunakan editor kesukaan Anda untuk mengkonfigurasi file

Hal 28 dari 114

tersebut, misalnya editor vi, pico, joe atau dapat pula menggunakan mc (Midnight

Commander).

Berikut ini adalah beberapa baris konfigurasi pada file /usr/local/squid/etc/squid.conf yang

harus dimodifikasi:

NO BARIS PERINTAH KEGUNAAN

1 http_port Menentukan port yang akan digunakan oleh squid

untuk menerima request http. Nilai defaultnya 3128,

namun umumnya port yang digunakan adalah 8080.

2 cache_mem Menentukan jumlah memory (RAM) yang digunakan

oleh squid. Default 8 MB.

3 cache_effective_user Menentukan nama user yang menjalankan squid.

4 cache_effective_group Menentukan nama group yang menjalankan squid.

5 cache_dir Menentukan letak direktori dan kapasitas cache pada

harddisk, level 1 dan 2 direktori. Contoh:

cache_dir ufs /usr/local/squid/var 100 16 256 yang

berarti direktori cache berada pada /usr/local/squid/var

dengan kapasitas 100 MB,

direktori level 1 sebanyak 16 dan level 2 sebanyak 100.

6 visible_hostname Menentukan nama host yang menjalankan squid.

Misalnya visible_hostname proxy.poltekpos.net

7 cache_mgr Menentukan alamat email yang bertanggung jawab atas

server proxy.

3.4 Menggunakan Squid

Menentukan user dan group yang menjalankan squid:

Buat user dan group yang menjalankan squid, misalkan user=squid group=squid. User

dan group ini harus disesuaikan dengan baris perintah cache_effective_user dan

cache_effective_group

bash-3.00#groupadd squid

bash-3.00#useradd squid –g squid

Hal 29 dari 114

Mengganti kepemilikan direktori /usr/local/squid/var menjadi milik user squid dan group

squid.

bash-3.00#chown –R squid:squid /usr/local/squid/var

Menjalankan squid untuk pertama kalinya.

bash-3.00#/usr/local/squid/sbin/squid -z

Menjalankan squid untuk kedua kalinya dan seterusnya.

bash-3.00#/usr/local/squid/sbin/squid

Membuat softlink untuk squid agar untuk menjalankannya tidak perlu menyebutkan

direktori secara lengkap.

bash-3.00#ln –s /usr/local/squid/sbin/squid

/usr/local/sbin

Menjalankan squid setelah merubah file /usr/local/squid/etc/squid.conf

bash-3.00#squid –k reconfigure

3.5 Mengujicoba Server Proxy/Squid

Ujicoba server proxy / squid dapat dilakukan menggunakan browser dari pc klien dengan

mengarahkan setting proxy ke ip address server proxy.

3.6 Mengkonfigurasi squid sebagai transparan proxy

Asumsi

- Squid telah terinstal dengan baik

- ipchains atau iptables telah terinstall

- Alamat network yg digunakan adalah 192.168.1.0

- Squid dikonfigurasi menggunakan port 3128

Hal 30 dari 114

Transparan proxy web cache adalah suatu proxy web cache (squid) yang difungsikan

sebagai satu-satunya server yang menangani semua permintaan halaman web oleh user.

Dengan kata lain, transparan proxy web cache akan "membajak" secara halus trafik HTTP

(yg umumnya menggunakan port 80) dan dipaksa untuk memakai port yang dipakai oleh

squid.

Manfaat

- Kemudahan administrasi

Browser-browser pada client tidak perlu dikonfigurasi untuk mengarah ke proxy web

cache squid).

- Kontrol terpusat User tidak dapat mengubah konfigurasi di browsernya untuk mem-

bypass squid.

Implementasi

Pastikan bahwa sistem anda telah mendukung IP forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

Pastikan bahwa sistem anda telah mendukung masquerading: Untuk ipchains (kernel 2.2.x

compatible):

ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0 Untuk iptables (kernel 2.4.x

compatible):

iptables -A POSTROUTING -j MASQUERADE -t nat -s 192.168.1.0/24 -o ppp0

Catatan:

Sesuaikanlah option -o pada iptables di atas dengan interface yang anda gunakan (interface

yang terdekat dengan jaringan luar).

- Arahkan semua permintaan web (port 80) ke port squid (asumsi squid menggunakan port

3128).

- Untuk ipchains (kernel 2.2.x compatible): ipchains -A input -j REDIRECT 3128 -p tcp -

s 0.0.0.0/0 -d 0.0.0.0/0 80

- Untuk iptables (kernel 2.4.x compatible): iptables -A PREROUTING -t nat -j

REDIRECT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 --to-ports 3128

- Edit squid.conf untuk mendukung mode transparan:

httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

Hal 31 dari 114

Lab 4 Membuat Mail Server

4.1. Posfix

Sistem Operasi Linux Slackware 10.1 menyediakan layanan mail menggunakan software

mail server Sendmail 8.13.3-i486 secara default. Namun Anda dalam praktikum kali ini kita

akan menggunakan mail server postfix-2.1.5 dan program pop3 menggunakan tpop3d-1.5.3.

Berikut ini adalah langkah-langkah pembuatan mail server dengan postfix dan tpop3d:

4.1.1 Instalasi Postfix

Uninstall sendmail

Agar postfix tidak bentrok dengan sendmail, terlebih dahulu program sendmail harus

diuninstall.

bash-3.00# removepkg sendmail

Removing package /var/log/packages/sendmail-8.13.3-i486-2...

Removing files:

--> Deleting symlink /usr/bin/hoststat

--> Deleting symlink /usr/bin/mailq

--> Deleting symlink /usr/bin/newaliases dan seterusnya.

Membuat user dan group untuk postfix.

bash-3.00# useradd postfix

bash-3.00# groupadd postdrop

Ekstrak postfix

Copykan program sumber postfix dan tpop3d ke direktori /usr/local/src kemudian

lakukan ekstraksi sebagai berikut:

Hal 32 dari 114

bash-3.00# tar xzvf postfix-2.1.5.tar.gz

bash-3.00# tar xzvf tpop3d-1.5.3.tar.gz

Kompilasi dan Instalasi postfix

Proses kompilasi dilakukan dengan perintah make, sedankan instalasi dilakukan dengan

perintah make install. Jika pada saat instalasi ada pertanyaan dari sistem, maka tekan

saja enter.

bash-3.00#cd postfix-2.1.5

bash-3.00#make


Edit file /etc/postfix/main.cf

Pada file main.cf gantilah baris konfigurasi menjadi sebagai berikut:

myhostname = mail.poltekpos.net

mydomain = poltekpos.net

mydestination = $myhostname, localhost.$mydomain

mynetworks = 127.0.0.0/8, 192.168.0.0/16

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

home_mailbox = Maildir/

Simpan file /etc/postfix/main.cf.

Sampai dengan langkah ini, instalasi postfix sebagai mail server telah selesai. Berikut

adalah perintah yang berhubungan dengan server mail postfix:

PERINTAH : FUNGSI

postfix start : Menjalankan postfix

postfix restart : Merestart postfix

postfix stop : Menghentikan postfix

postqueue -p : Menampilkan email yang sedang berada dalam antrian (queue)

Hal 33 dari 114

PERINTAH : FUNGSI

postqueue -f : Memaksa agar email yang sedang berada dalam antrian segera

dikirim.

Agar postfix dijalankan pada saat sistem boot, maka di dalam file /etc/rc.d/rc.local kita

berikan perintah /usr/sbin/postfix start

bash-3.00#echo “/usr/sbin/postfix start” >>

/etc/rc.d/rc.local

Langkah berikutnya adalah membuat user yang akan menghandel user virtual postfix

dan catatlah nomor uid dan gid-nya.

bash-3.00#useradd virtual

bash-3.00#id virtual

uid=1003(virtual) gid=100(users) groups=100(users)

Edit dan gantilah beberapa baris konfigurasi pada file /etc/postfix/main.cf seperti

berikut:

mailbox_transport = virtual

virtual_mailbox_base = /home/virtual

virtual_mailbox_maps = hash:/etc/postfix/virtual

virtual_uid_maps = static:1003

virtual_gid_maps = static:100

virtual_create_maildirsize = yes

Tambahkan domain yang kita gunakan ke akhir file /etc/postfix/virtual dan tambahkan

pula beberapa user untuk pengujian.

Hal 34 dari 114

bash-3.00#echo “poltekpos.net Politeknik Pos Indonesia”

>> /etc/postfix/virtual

bash-3.00#echo “[email protected]/munir/” >>

/etc/postfix/virtual

bash-3.00#echo “[email protected] poltekpos.net/indarko/”

>> /etc/postfix/virtual

Silahkan mencoba mengirim email menggunakan user-user yang telah dibuat pada

langkah nomor 10.

4.1.2 Instalasi TPOP3D

Agar email yang masuk ke mailbox setiap user dapat diambil, maka harus disiapkan server

pop3 mengggunakan tpop3d, tpop3d merupakan salah satu server pop3. Anda dapat

menggunakan server pop3 selain tpop3d.

Pada saat instalasi postfix, program sumber tpop3d telah diekstrak, maka sekarang kita

lanjutkan dengan kompilasi dan instalasi.

bash-3.00#cd /usr/local/src/tpop-1.5.3

bash-3.00#./configure –-enable-mbox-maildir –-enable-

authflatfile –-disable-auth-pam

bash-3.00#make


Buatlah file /etc/tpop3d.conf yang isinya sebagai berikut:

Listen-address: 0.0.0.0

log-facility: local6

mailbox: maildir:/home/virtual/$(domain)/$(local_part)/

auth-flatfile-enable: yes

auth-flatfile-passwd-file: /etc/virtual/$(domain)/passwd

auth-flatfile-mail-user: virtual

Atur sistem log untuk tpop3d sebagai berikut:Hal 35 dari 114

bash-3.00#echo “local6.* /var/log/tpop3d.log” >>

/etc/syslog.conf

bash-3.00#touch /var/log/tpop3d.log

Restart server syslog dan aktifkan server tpop3d, dan atur agar tpop3d jalan pada saat

sistem boot:

bash-3.00#/etc/rc.d/rc.syslog restart

bash-3.00#/usr/local/sbin/tpop3d

bash-3.00#echo “/usr/local/sbin/tpop3d” >>

/etc/rc.d/rc.local

Buat direktori untuk menyimpan password user:

bash-3.00#mkdir /etc/virtual

4.2. SendMail

Sendmail merupakan MTA (Mail Transfer Agent) yang paling tua di lingkungan sistem

operasi Linux maupun Unix, Sendmail juga merupakan default MTA pada sebagian besar

distribusi Linux seperti Slackware, RedHat, SuSE dan lain-lain. Kelebihan sendmail

dibanding MTA lain adalah proses instalasi dan konfigurasinya yang mudah.

Pada praktikum kali ini, kita akan melakukan instalasi dan konfigurasi sendmail agar dapat

mengirim dan menerima email. Berikut langkah-langkah pembuatan mail server dengan

sendmail:

4.2.1 Instalasi dan Konfigurasi SendMail

1. Atur host dan domain menggunakan utilitas netconfig

# netconfig

Isilah pertanyaan-pertanyaan yang diajukan oleh netconfig sebagai berikut:

Hal 36 dari 114

Hostname : poltekpos

Domain name : net

Pilih Static IP

IP Address : 192.168.0.1

Netmask : 255.255.255.0

Gateway : 192.168.0.1

Nameserver : No

Pilih Accept

Tekan Enter

Restart komputer dengan perintah reboot.

2. Lakukan pengecekan apakah sendmail sudah terinstalasi pada Slackware 10.1

#whereis sendmail atau dapat juga menggunakan pkgtool milik slackware

3. Jika belum diinstalasi, maka dapat diinstall menggunakan paket yang disediakan oleh

slackware pada CD-ROM Disk-1, berupa file sendmail-8.13.3-i486-2.tgz dan sendmail-

cf-8.13.3-noarch-2.tgz

#installpkg sendmail-8.13.3-i486-2.tgz

#installpkg sendmail-cf-8.13.3-noarch-2.tgz

4.2.2. Perintah pada Server SendMail

/etc/rc.d/rc.sendmail start Menjalankan server sendmail

/etc/rc.d/rc.sendmail restart Merestart server sendmail

/etc/rc.d/rc.sendmail stop Menghentikan server sendmail

4.2.3 Instalasi dan Konfigurasi Server POP3

Hal 37 dari 114

Pada distribusi Linux Slackware 10.1 telah terdapat server pop3 pada saat instalasi yaitu

popa3d. Anda bisa mengeceknya dengan perintah whereis popa3d.

Jika belum diinstall, maka lakukan instalasi dengan perintah:

#installpkg popa3d-0.6.4.1-i486-1.tgz

Pada praktikum kali ini kita akan membuka server pop3 dan telnet dengan tujuan agar user

bisa cekmail dan melakukan telnet. Untuk lakukan langkah berikut ini:

#vi /etc/rc.d/inetd.conf

hapus tanda crash (#) pada awal baris berikut:

#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd

#pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popa3d

Agar superuser inetd membaca konfigurasi yang baru, maka berikan perintah:

#killall –HUP inetd

Sampai pada langkah ini, instalasi sendmail sebagai MTA, popa3d sebagai pop3 server, dan

in.telnetd sebagai server telnet telah selesai. Untuk melihat apakah servis ketiga program

tersebut telah jalan, maka berikan perintah:

#nmap localhost

Perhatikan bahwa sebagai tanda bahwa servis ketiga program tersebut jalan, maka perintah

nmap localhost akan menampilkan baris berikut:

PORT STATE SERVICE

23/tcp open telnet

25/tcp open smtp

Hal 38 dari 114

110/tcp open pop3

4.2.4 Pengujian

Pengujian terhadap ketiga servis tersebut dapat dilakukan dengan perintah telnet ke masing-

masing servis:

#telnet localhost 23



Untuk mengakhiri semua perintah telnet diatas, berikan perintah quit.

4.3. DMMail Client

Distribusi linux Slackware 10.1 disamping menyediakan program-program untuk keperluan

server juga menyediakan program-program untuk keperluan client. Pada praktikum kali ini

akan dibahas penggunaan program client pine yang berfungsi untuk mengirim dan

menerima email dari server lokal.

Langkah pertama adalah melakukan pengecekan keberadaan program pine dengan perintah

whereis pine.

Jika belum terdapat pine pada sistem operasi Slackware Anda, maka install dengan perintah:

#installpkg pine-4.62-i486-1.tgz

Untuk menjalankan program pine, ketikkan pine kemudian enter. Jika Anda berada bukan

pada server, maka Anda terlebih dahulu Anda harus telnet ke server menggunakan user dan

password Anda dan perlu diingat jangan menggunakan user root agar kita dapat praktikum

mengirim dan menerima email sesama user sistem Linux Slackware.

Hal 39 dari 114

Selanjutnya Anda dapat dengan mudah mengeksplorasi menu-menu yang ada pada program

pine untuk mengirim, menerima dan memanage email.

Berikut ini diberikan capture tampilan program pine:

PINE 4.62 MAIN MENU Folder: INBOX 9 Messages

? HELP - Get help using Pine

C COMPOSE MESSAGE - Compose and send a message

I MESSAGE INDEX - View messages in current folder

L FOLDER LIST - Select a folder to view

A ADDRESS BOOK - Update address book

S SETUP - Configure Pine Options

Q QUIT - Leave the Pine program

Copyright 1989-2005. PINE is a trademark of the University of Washington.

[Folder "INBOX" opened with 9 messages]

LAB 5 Routing5.1. Routing Statik

Hal 40 dari 114

Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network

(LAN) maupun internet harus sampai pada tujuan dengan benar. Untuk itu dibutuhkan suatu

mekanisme penyaluran data hingga sampai tujuan dengan benar.

Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah

server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar. Dalam

praktikum kali ini, kita akan membuat 3 buah pc-router menggunakan routing statik, seperti

terlihat pada gambar 1.

Gambar 1 Skema LAN untuk Praktikum Routing Statik

5.1.1 Langkah-2 pembuatan Routing Statik:

Pada router1:

ifconfig eth0 192.168.1.1 netmask 255.255.255.248


route add default gw 192.168.1.1 eth0

route add –net 192.168.1.24 netmask 255.255.255.248 gw

192.168.1.2

Hal 41 dari 114


192.168.1.3

Pada router2:





192.168.1.1


192.168.1.3

Pada router3:





192.168.1.1


192.168.1.2

Sedangkan pada semua pc client gateway-nya diarahkan ke pc router masing-masing.

Selanjutnya lakukan ping baik dari router maupun client ke network

5.1.2. Routing Dinamis

Hal 42 dari 114

Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network

(LAN) maupun internet harus sampai pada tujuan dengan benar. Untuk itu dibutuhkan suatu

mekanisme penyaluran data hingga sampai tujuan dengan benar.

Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah

server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar. Dalam

praktikum kali ini, kita akan membuat 3 buah pc-router menggunakan routing dinamis

zebra, seperti terlihat pada gambar 1.

Gambar 2 Skema LAN untuk Praktikum Routing Dinamis

5.2. Langkah-2 pembuatan Routing Dinamis

5.2.1 Instalasi Zebra Routing

Copikan file source zebra ke direktori /usr/local/src, contoh:

#cp /mnt/usb/zebra-0.95.tar.gz /usr/local/src

#cd /usr/local/src

Ekstrak, kompile, dan install source zebra

Hal 43 dari 114

#tar xzvf zebra-0.95.tar.gz

#cd zebra-0.95

#./configure –disable-ipv6

#make

#make install

Edit file /etc/services menggunakan editor vi, pico, mc atau yang lainnya. Pastikan

terdapat baris berikut ini, kemudian simpan kembali file /etc/services.

#vi /etc/services

zebrasrv 2600/tcp # zebra service

zebra 2601/tcp # zebra vty

ripd 2602/tcp # RIPd vty

ripngd 2603/tcp # RIPngd vty

ospfd 2604/tcp # OSPFd vty

bgpd 2605/tcp # BGPd vty

ospf6d 2606/tcp # OSPF6d vty

Copikan file konfigurasi /usr/local/etc/zebra.conf.sample ke /usr/local/etc/zebra.conf

#cp /usr/local/etc/zebra.conf.sample

/usr/local/etc/zebra.conf

Edit file /usr/local/etc/zebra.conf menjadi sebagai berikut:

#vi /usr/local/etc/zebra.conf

!

hostname Router1

password zebra

enable password zebra

!

! Interface's description.

!

!interface lo

Hal 44 dari 114

! description test of desc.

!

!interface sit0

! multicast

!

! Static default route sample.

!

ip route 0.0.0.0/0 192.168.1.1

!

!log file zebra.log

Menjalankan dan mematikan zebra

#/usr/local/sbin/zebra –d

#killall zebra

5.1.2 Atur konfigurasi pada router2 dan route

5.3 De Militerized Zone ( DMZ)

Hal 45 dari 114

De Militerized Zone atau yang sering disingkat DMZ adalah suatu daerah jaringan yang

dilindungi oleh firewall namun dapat diakses dari internet. Sedangkan Network Address

Translation atau NAT adalah suatu mekanisme merubah alamat suatu paket data yang

dengan alamat yang lain. Misalnya, paket data yang dikirim dari jaringan internal ke internet

akan dirubah ip addressnya menjadi ip address milik gateway.

Berikut ini adalah gambar suatu jaringan yang terdiri dari gateway / firewall, DMZ dan

jaringan internal yang akan di NAT. Dalam mempraktekkan DMZ dan NAT kita

memerlukan program bantu yaitu iptables dan kernel 2.4.x yang telah mendukung iptables.

Gambar 3 Contoh jaringan untuk praktikum DMZ & NAT

Langkah-2 praktikum DMZ & NAT:

Buatlah sebuah server gateway dengan 3 (tiga) buah interface yaitu: eth0, eth1 dan eth2:

Tentukan ip address pada masing-masing interface.

#ifconfig eth0 202.159.65.1 netmask 255.255.255.248



#route add default gw 202.159.65.1 eth0

Hapus semua rule yang ada sebelumnya.

#iptables –F

Hal 46 dari 114

#iptables –t nat –F

#iptables –t filter –F

#iptables –F INPUT

#iptables –F OUTPUT

#iptables –F FORWARD

Agar komputer yang berada pada daerah internal dapat mengakses internet maupun

server yang ada pada DMZ, maka berikan perintah:

#iptables –A FORWARD –s 192.168.0.0/24 –d 0/0 –j ACCEPT

#iptables –t nat –A POSTROUTING –s 192.168.0.0/24 –d 0/0 –

j SNAT –to-source 202.159.65.1

Agar server yang berada di DMZ dapat diakses dari internet maupun dari internal, maka

berikan perintah:

#iptables –A FORWARD –s 0/0 –d 202.159.65.3 –j ACCEPT

#iptabels –A FORWARD –s 202.159.65.3 –d 0/0 –j ACCEPT

Hal 47 dari 114

Lab 6 Router

Hal 48 dari 114

Lab 6.1 Login

Pada Router A

Langkah – langkah

1. tekan enter

2. tekan tanda ‘?’

3. ketik enable (atau en)

4. ketik quit [kemudian enter]

5. ketik ‘config’ [kemudian enter]

6. router1(config)#


8. tekan space bar

9. ketik interface e0 (int e0) [kemudian enter], untuk konfigurasi ethernet 0

10. router1(config-if)#


12. tekan q [kemudian enter]

13. Ketik interface to0 (atau int to0) [kemudian enter], untuk konfigurasi Token ring ethernet 0

14. tekan ‘?’

15. Ketik inetrface s0 (atau int s0, atau interface serial 0), untuk konfigurasi interface serial 0 kemudian

tekan enter

16. ketik encapsulation ?

17. ketik exit kemudian enter

18. tekan Ctrl-Z dan kembali ke menu priviledge

19. ketik disable kemudian enter

20. ketik exit kemudian enter

Hal 49 dari 114

Lab. 6.2 Help and Editing

1. Login into Router A and go to privilegde mode by typing enable (or en) pressing enter

2. type ? (question mark)

3. Type cl? Notice that you can see the commnads that start with “cl”

4. Type clock?

5. Notice the diffrence between steps three and four. Three has you type letters with no space and a question

mark, which will give you all teh commands that start with “cl”. Four has you type a command sapce and a

question mark. By typing a comand, then a space and question mark, you will see the next available

commands.

6. set the router clock by typing clock ? and following the help screens, set the router’s time and date.

First, type clock ?

7. type clock set ?

8. type clock set 10:33:34 ?

9. type clock set 10:33:34 22 march ?

10.type clock set 10:33:34 22 march 2000 ?

11.press enter

12. Type show clock and press enter to see the time and date

Please note : Once you set the clock, the progrm will only display what you enterd and not keep accurate

time.

13. From privileged mode (#), type shows access-list 10. Don’t press enter.

14. Type control +A. This takes you to the beginning of the line

15. Type control + E. This should take you back to the end of the line

16. Type control + A, the type control+F. This should move you forward one character.

17. Type control+B. This will move you back one character.

18. Press enter, then type control+P. This will repeat the last command.

19. Press the up arrow on your keyborad. This will also repeat the last command.

20. Type show history and press enter. This shows you the last 10 commands entered.

21. Type terminal history size ?. This assits you in changing the history entry size.

22. Type show terminal and press enter to gather terminal statistics and history size.

Hal 50 dari 114

23. Type terminal no editing. Thsi turns off advanced editing. Repeat steps 14-18 to see that the shortcut

editing keys have no effect until you type terminal editing.

24. Type terminal editing and press enter to re-enable adcvanced editing.

25. Type show run, then press your tab key. The program will finish typing the command for you. Press enter

to carry out the command.

26.Tyep show start, then press your tab key. The program will finish typing the command for you. Press enter

to carry out the commnad.

Lab 6.3

1. log in to Router A and go into privileged mode by typing enable ( or en), then press enter.

2. to see the confoguration stored in NVRAM you type show start and press tab and press enter.(or type

show starup-config and press enter.However, you will get an error message if no configuration has been

saved

3. to save configuration to NVRAM, which is know as starup-config, you can type:

copy run start and press enter, or

copy running and press tab, type start, press the eab key, and press enter, or

copy running-config startup-config and press enter.

4. type show start then press the tab key, then press enter.

5. type show run then press the tab key, then press enter.

6. type erase start then press tab key, then press enter.

7. type show start, then press tab key, then press enter. Yoy should get an error message.

% % Non-volatile configuration memory has not been setup or has bad check sum

8. type reload, then press enter. Acknowledge the reload by pressing enter. Wait for the router to reload.

Lab 6.4 Setting your paswords

1. log in to the router B and go into privileged mode by typing enable (or en)

2. type config t and press enter

3. type enable

4. set your enable secret pasword by typing enable secret pasword ( the pasword should your own

personalized password) and press enter. Do not add the command pasword after the command secret.

This would make your password the word ”password”. A coorect example would be enable secret todd.

Hal 51 dari 114

5. now let’s see what happens when you log all the way out and log in. Log all the way by typing control+Z,

type exit, and press enter. Go to privileged mode. Before you are allowed to go to the privileged mode, you

will be asked for a password. If you succesfully enter the correct secret password, you can then proceed

6. let’s remove the secret password. Go to privileged mode and type config t and press enter. Type no

enable secret and press enter. Log out and then log in again and you should not be asked for a password

when you go to privileged mode

7. type config t to be at the right level to set your console and auxiliary password, then type line?

8. notice that the output for the line commands is auxilliary,vty and console we will set all three

9. to set the telnet or vty password, type line vty 0 4 and then press enter. The “0 4” is the five of available

virtual lines used to connect with telnet.

10.the next command is used to set the authentication on or off. Type log in and press enter to prompt for a

user mode password when telneting into the router. You will not ba able to telnet into a router password is

not set.

Note: you can use the no log in command to disable the user mode pasword prompt. Type no log in so

that you are not prompted for a user mode pasword

11.There is still one more command to set for your vty password, and that is the pasword command. Type

password password to set the password. The second word, password is your password is your password,

not he word password.

12. Here is an example of how to set the VTY password on RouterC:

Please note:

You will not to go the network visualizer to change to RouterC. You do have to close your lab before you

do that. Your lab will automatically close when you go to network visualizer but will re-open when you

click on RouterC. The lab will also re-open at this step. This is how all the labs work.

Goto router C

Router#config t

Router(config)#line vty 0 4

Router(config)#login

Router(config)#password todd

If you into Router C from Router A, you will bea asked for a password, which will be toadd

13. go back to Router A. Make sure that you are in configuration mode [(config)]. Set your auxiliary password

by first typing line auxialiary 0 (or linw aux 0).

14. type login

15. type password password.

16. set your console password by first typing line console 0 (or line con 0)

17. type login

Hal 52 dari 114

18. type password

here is an example of the last two commands.

Router#config t

Router(config)#line con 0



Router(config)#line aux 0


Router(config)#password bill

To remove a password, repeat the previous steps excepts type in no login instead of login.

19. You can add the command exec-timeout 0 0 to the console 0 line. This stop the console from timing out

and logging out. The command will now look like this:

Router#config t

Router(config)#line con 0



Router(config)#lexec-timeout 0 0

Lab.6.5 Setting your hostname, adding a banner, IP address, Identification, bandwidth and

clock rate.

1. Log in to Router A and go into privileged mode by typing enable (or en)

2. set your hostname on your router by using the hostname command. Notice that it is one word.

Here is an example of setting your hostname:

Router#config t

Router(config)#hostname Router A

RouterA(config)#

Notice that the hostname of the router is changed as soon you press enter

3. Set the banner that will be seen by the network administrators by using the banner command.

4. type config t and press enter, the type banner ?

Hal 53 dari 114

5. notice that you can set four different banners. In this lab we are only intersted in the login and

message of the day banners (MOTD)

6. set your MTOD banner, which will be displayed when a console, auxialiary or telnet connection

is made to the router by typing:

banner mtod#

this is a mtod banner

#

7. We used a # sign as delimiting cahracter. This tells the router when the message is done. You

cannot use the delimiting character in the message. With real router you can use any delimiting

character that you want, however, when working with this simulator only “#” will be recognized.

You can remove the MOTD banner type typing:

config t

no banner mtod an pressing enter

8. Set the login banner by typing:

config t

banner login #

this is a login banner

#

9. The banner will display immediately after the MOTD, but before the user mode password

prompt. Remember that you set your user mode passwords by setting the console, auxiliary and

vty line passwords.

You can remove the login banner by typing:

config t

no banner login and press enter

10. you can add IP address to an interface with IP address command. You need to get into interface

configuration first. Here is how you do that:

config t

int e0 (you can use int Ethernet 0 too)

ip address 1.1.1.1 255.255.0.0

no shutdown or no shut

Hal 54 dari 114

notice the IP Address(1.1.1.1) and subnet mask (255.255.0.0) is configured on one line. The no

shutdown command is used to enable the interface. All interface are shutdown by default. You

can also use no shutdown command as a short cut.

11. To set an IP address for a Token Ring interface, use the int to0 (or interface token ring 0)

command. However, you also need to set the ring-speed a Toke Ring interface.

Here is an example:

config t

int to0 (you can use int token rin 0 too)

ip address 2.2.2.2 255.255.0.0

ring-speed 16

no shutdown (or no shut)

12. You can add an identification to interface by using the description command. This isi useful for

adding information about the connection. Administratotors only see this, not users. Here is an

example:

Config t

Int s0

Ip address 1.1.1.2 255.255.0.0

No shutdown

Description WAN link to Miami

13. you can ping the three interface on router A 1.1.1.1, 1.1.1.2, and 2.2.2.2 but will no be able

ping outside of router until IP addresses are set on devices and communication protocol set.

Go to the privileged mode

ping 1.1.1.1

ping 1.1.1.2

ping 2.2.2.2

14. Shut down router A e0 and then ping 1.1.1.1 again. It should not susceed.

config t

int e0

shut

Ctrl+Z

ping 1.1.1.1

Hal 55 dari 114

15. You can add the bandwidth of a serial link as well as the clock rate when simulating a DCE

WAN link. Here is an example for RouterB:

config t

int s0

bandwidth 64

clock rate 6400

notice the bandwidth is in kilobits, while the clock is in bits. Also, remember that the clock rate

command is two words. The clock rate command is used when you are simulating a DCE

interface. The bandwidth command is used when you are assigning a routing algorithm like

EIGRP an OSPF, which uses bandwidth to consider the best cost or path to remote network. All

cisco router serial interfaces default to a T1 speed of 1.544 MBPS. If you are using RIP, then

setting the bandwidth would make absolutely no difference.

Lab 6.7. configuration the lab

The labs for chapter 5 has six router A, B, C, 2621, 804A, 804B, and two catalyst switches, 1900A

and 1900B. (see the network visualizer)

- Router A is Cisco 2513 router with one 10 BaseT interface (e0) connected to teh 2621 router,

one serial interface (s0) connected to RouterB and one Token Ring LAN to) interace.

- RouterB is a 2500 serius routers with one 10BaseT interface (e0) connected to teh 1900B

Switch, serial 0 connected to RouterA and serial 1 connected to RouterC.

- RouterC is a 2500 series routers with one serial interface(s0) connected to RouterB, one

10BaseT interface(e0), one Tolen Ring (to0)

- The 2561 has two FastEtehrnet inetrfaces with f0/0 connected to RouterA and f0/1 connected to

the 1900A switch.

- 1900A switch has a connected to HostA and HostB1 as well as the 2621 f0/1 interface. It also

has a FastEthernet connection to switch 1900B.

- 1900B switch has a connection to Host A1 as well as HostB. It is also is connected to 1900A

through a FastEthernet link as well as to RouterB with a 10BaseT connection.

- 804A router wih an ethernet interface.

- 804B router with an ethernet interface.

-

1. Set the hostname of all six router and two 1900 switches with the hostname command.

Hal 56 dari 114

Add the IP address of all routers for RouterA

Type in the following to configure for RouterA

Router#config t

RouterA(config)#hostname RouterA

RouterA(config)#int e0

RouterA(config-if)#ip address 172.16.11.1 255.255.255.0

RouterA(config-if)#no shut

RouterA(config-if)#int s0



RouterA(config-if)#int to0


RouterA(config-if)#ring speed 16


Type the following to configure RouterB (RouterB has DCE connections on both serial

interfaces)

Router#config t

Router(config)#hostname RouterB

RouterB(config)#int e0

RouterB(config-if)#ip address 172.16.10.7 255.255.255.0

RouterB(config-if)#no shut

RouterB(config-if)#int s0


RouterB(config-if)#clock rate 56000




RouterB(config-if)#clock rate 56000


Type in the following to configure RouterC

Router#config t

Router(config)#hostname RouterC

RouterC(config)#int e0

RouterC(config-if)#ip address 172.16.50.1 255.255.255.0

RouterC(config-if)#no shut

RouterC(config-if)#int s0


RouterC(config-if)#no shut

Hal 57 dari 114

RouterC(config-if)#int to0


RouterC(config-if)#ring speed 16

RouterC(config)#no shut

Type the following to configure the 2621 router

Router#config t

Router(config)#hostname 2621

2621(config)#int f0/0

2621(config-if)#ip address 172.16.11.2 255.255.255.0

2621(config-if)#no shut

2621(config-if)#int f0/1

2621(config-if)#ip address 172.16.10.1 255.255.255.0

2621(config-if)#no shut

Type in the following to configure Router804A

Router#config t

Router(config)#hostname 804A

Router804A(config)#int e0

Router804A(config-if)#ip address 172.16.10.7 255.255.255.0

Router804A(config-if)#no shut

Type in the following to configure Router804B

Router#config t

Router(config)#hostname 804B

Router804B(config)#int e0

Router804B(config-if)#ip address 172.16.50.3 255.255.255.0

Router804B(config-if)#no shut

Type the following to configure the 1900A switch

k

en

#config t

(config)#hostname 1900A

1900A(config)#ip address 172.16.10.3 255.255.255.0

1900A(config)#ip default-gateway 172.16.10.1

Hal 58 dari 114

Type the following to configure the 1900B switch

k

en

#config t

(config)#hostname 1900B

1900B(config)#ip address 172.16.10.4 255.255.255.0

1900B(config)#ip default-gateway 172.16.10.1

Remember to save the configurations for each router. Press the control key and the letter Z, and

type copy run start and press enter. Otherwise, if you exit the program without doing this, you will

lose ip address information. Essensially, the information will not be saved to NVRAM the 1900

switches save the information automatically.

2. Type show ip route on each router to see the routeing tables. Each router will only show its

directly connected networks. You should see the following information for each router(switches

don’t have routing tables).

Router A

172.16.0.0/24 is subnetted, 3 subnets

C 172.16.0.0 is directly conneted, serial0

C 172.16.20.0 is directly connected, TokenRing0

C 172.16.11.0 is directly conneted, Ethernet0.

Router B



C 172.16.10.0 is directly connected, Ethernet0

C 172.16.20.0 is directly conneted, Serial0.

Router C



C 172.16.55.0 is directly connected, TokenRing0

C 172.16.50.0 is directly conneted, Ethernet0.

Hal 59 dari 114

Router2621


C 172.16.10.0 is directly connected, fastEthernet0/1

C 172.16.11.0 is directly connected, FastEthernet0/0

Router804A


C 172.16.10.0 is directly conneted, Ethernet0

Note: the following will show up after yu do lab

C 172.16.60.0 is directly connetd, BRI0

3. Verify your setup by pinging some of the interfaces, such as:

Ping 172.16.55.1 from RouterA

Ping 172.16.10.1 from RouterC

Ping 172.16.20.2 from RouterC.

Lab.6.8 Creating Static Routes

Create a Static route in four routers, so the routers see all networks. Verify with the ping command

when complete.

On RouterA create a static route to see networks 172.16.10.0/24, 172.16.40.0/24, 172.16.50.0/24,

and 172.16.55.0/24. Here is how you do it, type:

RouterA#config t

RouterA(config)#ip route 172.16.10.0 255.255.255.0 172.16.11.2




This told RouterA to get to networks 172.16.10.0/24, use 172.16.11.2. This also told RouterA to get

to network.

172.16.40.0/24, use ip 172.16.20.2, wich is the closet neighbor interface conneted to network

172.16.40.0/24, or RouterB. This is the same interface we will use to get to network 172.16.50.0/24

and 172.16.55.0/24

Hal 60 dari 114

Save the current configuration fo RouterA by going to the enable mode and typing copy run start

and pressing enter.

On RouterB create a static route to see network 172.16.11.0/24, 172.16.15.0/24, 172.16.50.0/24 and

networks 172.16.55.0/24, which are not directly connected.

RouterB#config t

RouterB(config)#ip route 172.16.11.0 255.255.255.0 172.16.20.1




This told RouterB that to get to network 172.16.11.0/24, and 172.16.15.0/24, use 172.16.20.1. The

next two commands told RouterB how to get to network 172.16.50.0/24 and 172.15.55.0/24, which

is trough 172.16.40.2. That is the closest router interface to network 172.16.50.0/24 and

172.16.55.0/24

Save the current configuration for RouterB by going to the enbled mode and typing copy run start

and pressing enter.

On RouterC, it is connected to network 172.16.50.0/24, 172.16.40.0/24, and 172.16.55.0/24. it does

not know about networks 172.16.20.0/24 and networks 172.16.15.0/24, 172.16.11.0/24 and

172.16.10.0/24. Create static routes so RouterC can see all networks.

RouterC#config t

RouterC(config)#ip route 172.16.20.0 255.255.255.0 172.16.40.1





and pressing enter.

Hal 61 dari 114

On the 2621 router, it is conneted to network 172.16.10.0/24 and 172.16.11.0/24. it does not kown

about networks 172.16.15.0/24, 172.16.20.0/24, 172.16.50.0/24 and 172.16.55.0/24. Create static

routes so the 2621 can see all networks.

2621#config t

2621(config)#ip route 172.16.15.0 255.255.255.0 172.16.11.1

2621(config)#ip route 172.16.20.0 255.255.255.0 172.16.11.1

2621(config)#ip route 172.16.40.0 255.255.255.0 172.16.11.1

2621(config)#ip route 172.16.50.0 255.255.255.0 172.16.11.1

2621(config)#ip route 172.16.55.0 255.255.255.0 172.16.11.1


and pressing enter.

Now, ping from each router to each host and from host to each router. If it is set up coreectly it will

works.

Lab.6.9 Default Routes

In this lab, you will create default routes to build routing tables in your routes.

In this lab you will remove the static routes from Routers 2621 and RouterC an use default instead

We will leave Routers A and B with the static routes created from configuring the lab

1. Type show ip route on each router to see the routing tables. You should see all networks in all

routes routing tables.

2. Remove the static routes from the 2621 router and RoutesC

2621#config t

2621(config)#no ip route 172.16.15.0 255.255.255.0 172.16.11.1





RouterC#config t

RouterC(config)#no ip route 172.16.20.0 255.255.255.0 172.16.40.1



Hal 62 dari 114


3.Type show ip route on the 2621 router and RouterC to verify only the directly connected are

present

4. On the 2621 router and RouterC, create a default route to see the remote networks. Here is how

you do it.

2621#config t

2621#(config)#ip route 0.0.0.0 0.0.0.0 172.16.11.1

2621#(config)#ip classless

RouterC#config t


RouterC(config)#ip classless

This told the 2621 router to get to any network, use ip address 172.16.11.1, which is the closet

neighbor interface connected. The ip classless command is set when using default routing. This tells

the router not to drop packets to uknown an network, but to instead forward them to the default

route. This tells the router not to drop packets to uknown network to RouterB(172.16.40.1)

5. Test the configuration by looking at the routing table of all four routers.

RouteA#show ip route

RouterB#show ip route

RouterC#show ip route

2621#show ip route

6. Test your routers by pinging to all remote networks and host

6.10 Dynamic Routing with RIP

In this Lab, we will use the dynamic routing protocol RIP instead of static and default routing.

1. Log into RouterA and the dynamic routing protocol RIP instead of static and default routing.

2. Make sure you have no static routes or default routes configured on your routers by using the no

ip route route command

For example:

RouterA#config t

RouterA(config)#no ip route 172.16.10.0 255.255.255.0 172.16.11.2

Hal 63 dari 114




Do the same for RouterB

RouterA#config t





Since we have already removed the static for routers for RouterC, type


Since we have already removed the static for routers for Router2621, type


3. In the enable mode, type show run and press enter on each router in order to verify that all static

and default routes are cleared.

4. After static and deafult routers are clear, go into configuratin mode on RouterC by typing

config t

5. Tell your number to use RIP Routing by typing router rip and pressing enter.

router rip

6. Add the network number you want to adversite by typing network 172.16.0.0 and pressing enter

7. Press the Ctrl-Z simultanously to get out of configuration mode

8. Go to routers B,C and the 2621 router and type the same commands.

Config t

Router rip

Network 172.16.0.0

9. Verify that rip is running at each router by typing the following commands at each router by

typing

Show ip protocol

Show ip route

Show running-config (or show run)

10. save your configurtions by typing copy run start (or copy running-config startup-config)

11. Verify the network by pinging all remote networks an hots.

Hal 64 dari 114

Lab 6.11 Dynamic Routing with IGRP

In this lab, you will run the IGRP routing protocol simultaneously with RIP routing

1. Log in ro RouterA and go to into privileged mode by typing enabel (or en)

2. Keep RIP running on RouterA and verify that it is running on each router. If you want remove

RIP, you can use the no router rip global configuration commnad to remove it from RouterA

and other routers

For example :

Config t

no router rip

3. stay in configuration mode on RouterA

4. At the configuration prompt, type router igrp?

5. Notice it is asking for an autonomous system number. This is used to only allow routers with the

same AS nunmber to continu. Type 10 and press enter. Your routers can be configured to be

part of as many different. AS’s if necessary.

6. At the config-router prompt, type network 172.16.0.0. notice we do not add the subnet numbers

to advertise, but the classful network boundary.

7. Press the Ctrl-Z simultaneously to get out of configuration mode

8. got to router B, C and the 2621 and type the same command as shown:

config t

router igrp 10

network 172.16.0.0

9. Verify that IGRP is running by going to the enabled mode and typing the following commands

on each router.

a. show ip protocol. Notice this will show you your RIP and IGRP routing protocols. Also,

notice it will show the update timers.

b. Show ip route. You should see all seven subnet. 10, 11, 15, 20, 40, 50 and 55. Some will be

directly connected, some will be (I) routers, which are IGRP inject routers. RIP is still

running, but if you look at the routing table, notice the network entry has a network number

then (100/23456). The first number (100) is the trustworthiness rating. Since RIPs default

trustworthiness rating. Since RIPs default trustworthiness ratinf is 120, the IGRP route is

Hal 65 dari 114

used before a RIP route will be used. The second number is the metric, or wight of the route

that is used to determine the best path to a network.

c. Show running-config (or show run) to see that RIP RIP and IGRP are configured.

10. Type copy running-config startup-config (or copy run start) and press enter at each router to

save your configuration.

11. verify tne network by pinnging all routers, switches and hosts.

Lab 6.12 Configuring VLANs and ISL

In this lab, you will configure the 1900A ann 1900B switch with VLANs and set up trunk links

between them. The switches and 2621 router will provide the routing to network 172.16.10.0 and

172.16.30.0 via ISL for hosts A,A1, B and B1

A Virtual Local Area Network (VLAN) is a logical grouping of network users and resources

connected to administatively defined ports on as switch. By creating VLANs, you are able to create

smaller broadcast domains subnet or broadcast domain. This means that frames boadcast onto a

network are only switched between ports in the same VLAN.

1. Create a VTP domain named routersim on the 1900A switch:

Config t

Vtp domain routersim

2. Press Ctrl + Z to go to enabled mode and type show vtp to verify the VTP configuration.

3. Configure port 26 and 27 on the 1900A to trunk:

config t

int f0/26

trunk on

int f0/27

trunk on

4. Go to the enabled mode and type the command show trunk A and show trunk B to very the

configuration interface 26 is port A and port B. Port 26 is used to connect to the 1900B switch

and port 27 is used for the 2621 router connection.

5. Add a VLAN to the 1900A switch

config t

Hal 66 dari 114

vlan 2 name sales

you can remove a vlan with the command no vlan x. For example, type no vlan 2.

6. Verify the VLAN by pressing Ctrl + Z and typing show vlan to see all configuration VLAN or

show vlan 2 to see only vlan 2 information.

7. Go to the 1900B switch and type sho vtp. Notice that is by default a VTP server.

8. From 1900B type show vlan notice only VLAN 1 is present.

9. On 1900B configuration int f0/26 to trunk. This is the 100Mbps connection to the 1900A

switch:

cnfig t

it f0/26

tunk on

10. Make the 1900B switch switch a VTP client in the vtp domain routersim. Go back to

configuration mode:

eit

vtp domain routersim

vp client

11. Verify VTP information and that it found the domain by pressing Ctrl-Z and typing show vtp.

12. Now, type show vlan and notice that VLAN 2 is present on the switch. Since the 1900A switch

is a VTP server, the information was passesd to the 1900B switch.

13. By default, all ports are members of VLAN 1. There are four host on your physical network,

two in network 172.16.10.0 and twi in network 172.16.30.0. the host configuration are as

follows:

HostA: 172.16.10.2/24; plugged 1900A, port 1

HostA: 172.16.10.5/24; plugged 1900B, port 5

HostA: 172.16.30.2/24; plugged 1900B, port 5

HostA: 172.16.30.5/24; plugged 1900A, port 2

You can confugure each port to ne in a VLAN by using the vlan-membership command. You

can only configure VLANs port by port. There is no command to assign more then one port to a

VLAN at time with the 1900 switch.

Configure hosts A and A1 into VLAN 1, and host B and B1 into VLAN2

From the 1900A switch:

Hal 67 dari 114

1900A#config t

1900A(config)#int e0/1

1900A(config)#vlan-membership static 1

1900A(config)#int e0/5

1900A(config)#vlan-membership static 2

14. Verify the VLAN chnage by going to the enable and typing show vlan-membership

15. Type show spantree to see Spanning Tree Protocol configuration on each switch.

As ypu look at the information after you enter the show spantree command, you can go back

to the command prompt by typing q.

16. you can ping from HostA to Host A1, but not to Host B and HostB1 since three is no

connection between the VLANs. Configure the 2621 route on FastEthernet 0/1 to perform ISL

routing. This is also known as “Router on a Stick”. This will allow HostA and HostA1 to ping

HostB and HostB1.

Inter-Switch Link (ISL): Propietary to Cisco switches, is used for FastEthernet ang Gigabit

Ethernet links only. Can be used on a switch port, router interfaces as well as server interface

card to trunk a server. This server trunking is good if you are creating functional VLANs and

don’t want to break to 8020 rule.The users do not have to cross a layer three device to access a

company shared server.

2621#config t


2621(config)#no shut

2621(config)#f0/1.1

2621(config)#encap isl 1

2621(config)#ip address 172.16.10.1 255.255.255.0

2621(config)#int f0/1/2

2621(config)#encap isl 2

2621(config)#ip address 172.16.30.1 255.255.255.0

17. Go to the Network Visualizer screen an verify that you can now ping between HostA and

HostB, and HostA1 and HostB1

Hal 68 dari 114

Lab 6.13 Backing up your Router IOS

1. Log in to RouterA ang go into privilege mode by typing enable (or en)

2. Make sure you can connect to the FTP host that is on network 30 by pinging 172.16.30.2

Type ping 172.16.30.2

RouterA#ping 172.16.30.2

Type escape squence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.30.2, timeout is 2 seconds:

!!!!

success rate is 100 percent (5/5), round-trip min/avg/max = 32/24/68 ms

3. Type show flash to see the contents of flash memory. Since three is only one file in flash, you

see the same files as the show version command displays.

4. Type show version at the router privilege mode prompt to get the name of the IOS currently

running on the router. Notice the file name is c2500-d-I_113-5.bin

RouterA#show version

ROM: System Bootstrap, Version 5.2(8a), RELASE SOFTWARE

BOOTFLAH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELASE SOFTWARE (fc1)

RouterA uptime is 20 minutes

System restart by power-on

System image files is “FLASH: c2500-d-I_113-5.bin”, booted via flash

Processor board ID 03240944, with hardware revision 00000000

Bridging software

X.25 Software, version 3.0.0

1 Ethernet/IEEE 802.3 interface(s)

1 Serial network interface(s)

32K bytes of non-volatile configuration memory

8192K bytes of processor board System flash (read ONLY)

configuration register is 0x2102

5. Once you know you have good Ethernet connectivity to the TFTP host and you also know the

IOS file name, backup your IOS by typing copy flash tftp. This command tells the router to

copy the contents of flash (this is where the IOS is stored by default) to a TFTP host.

RouterA#copy flash tftp

System flash directory:

File Length Name/status

1 6078548 c2500-d-I_1135.bin

[6078612 bytes used, 2309996 available, 8388608 total]

Hal 69 dari 114

Address or name of remote host [255.255.255.2555]? type 172.16.30.2

Source file name ? type c2500-d-I_1135.bin

Destination file name [c2500-d-I_1135.bin]? press enter

Verifying file name for ‘c2500-d-I_1135.bin’ (file #1) ....OK

Copy ‘c2500-d-I_1135.bin’ from flash to server

as ‘c2500-d-I_1135.bin’? [yes/no[ type y

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!

Upload to server done

Flash copy took 0:01:53 [hh:mm:ss]

That’s it! The file is now staoted in the TFTP host default director

Lab 6.14 Upgarding or restoring your router IOS

1. Log in to RouterA and goto into privileged mode by typing enable (or en)

2. Make sure you can connect to the TFTP host by typing 172.16.30.2

RouterA#ping 172.16.30.2

3. You want to restore your IOS or copy a new version into flash memory. The file name that you

want to use is c2500-js-l_120-8.bin. We are going to upgarde the IOS to version 12 x.

4. Once you know you have good Ethernet connectivity to TFTP host and the IOS file name that is

stored i n the TFTP host default directory, restore your IOS by tping copy tftp flash. This

command tells the router to copy the contents of tftp to flash.

RouterA#copy tftp flash

**** NOTICE *****

Flash load helper v1.0

Hal 70 dari 114

This process will accept the copy options and then terminate

the currnet system image to use the ROM based image for the copy

Routing fuctionally will not be available during that time

If you are logged in via telnet, this connection will terminate.

Users with console access can see the results of the copy operation.

_ _ _ _*****_ _ _ _

Proceed? [confirm] press enter

System flash directory:


1 6078548 c2500-d-I_1135.bin


Address or name of remote host [255.255.255.2555]? type 172.16.30.2

Source file name ? type c2500-d-I_1135.bin

Destination file name [c2500-js-l_120-8.bin]? press enter

Accesing file c2500-js-l_120-8.bin’ on 172.16.30.2......

Loading c2500-js-l_120-8.bin.bin from 172.16.30.2 (via Ethrnet0): ! OK

Erase flash device before writing ? [confirm] press enter

Flah contains files. Are you want to erase ? [confirm] ress enter

Copy ‘c2500-js-l_120-8.bin from server

As c2500-js-l_120-8.bin into Flash WITH erase ? [confirm] type y and press enter

01:01:59: %SYS-5-RELOAD: Reload registrated

%FLH: c2500-js-l_120-8.bin from 172.16.30.2 to flash ....

System Flas directory:


1 6078548 c2500-d-I_1135.bin


Accesing file c2500-js-l_120-8.bin’ on 172.16.30.2......

Lading c2500-js-l_120-8.bin.bin from 172.16.30.2 (via Ethrnet0): ! OK

Erasing device .... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee......erased

Loading Loading c2500-js-l_120-8.bin from 172.16.30.2 (via Ethernet0): !!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Hal 71 dari 114

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 6078548/8388608 bytes]

Verifying checksum ...OK (0x48B9)

Flash copy took 0:03:35 [hh:mm:ss]

% FLH: Re-booting system after download

Lab 6.15 Back Up the router configuration

1. From RouterB, ping the TFTP host to make sure you have IP connectivity:

RouterB#ping 172.16.30.2

2. From RouterB, type copy run tftp:

RouterB#copy run tftp

Remote host [ ]?

3. Type the ip address of the tftp host (172.16.30.2)

Remote host [ ] ? 172.16.30.2

Name of configuration file to write [RoutingB-config)? Press enter to accept the default name

Write file RouterB-config on host 172.16.30.2? [confirm] press enter

5. Notice the “!!”. These are UDP acknowledgements that the was transferred succsessfully.

Lab 6. 16 Telnet

After your routersand switches are configured ( see Apendix B to IP sddress for the switches), you

can use the telnet program to configure and check your routers and switches instead of having to

Hal 72 dari 114

use a console cable. You can use the Telnet program by typing telnet from any commnad prompt

(DOS or Cisco). Remember that the VTY password must be set on the routers for this to work. You

cannot telnet from a 1900 switch CLI, however, you can telnet into a 1900 switch.

Please Note : This simulation program will only support telnetting from one router to another. For

example from RouterA to RouterB, or RouterA to RouterC, and soon. If you telnet

into more than one router at a time ( ie, RouterA to RouterB, and then into RouterC),

you will get unexpected results.

1. Log in to RouterA and go into privileged menu by typing enable (oe en)

2. From RouterA, telnet into RouterC by typing 172.16.40.2 from the RouterA command prompt

Notice that you get an error no password set (unless your vty password is already set)

3. Type ini 172.16.40.2 from RouterA command prompt. Notice that the router automtically tries

to telnet to the IP address ypu spesified. You can use the command telnet or just type in the IP

address.

4. First, set your VTY passwords on routers A and C. If you already did this, the skip this part.

However don’t skip step number 5.

RouterA(config)#line vty 0 4

RouterA(config-line)#login

RouterA(config-line)#password tom

RouterA(config)#line vty 0 4

RouterA(config-line)#login

RouterA(config-line)#password tom

5. Set RouterB to have no VTY password:

RouterB(config)#line vty 0 4

RouterB(config-line)#no login

This will allow a telnet session without being prompted for a user mode password.

6. After ypur passwords are set, telnet into RouterC again. Once you are in, you can type exit to get

back to your RouterA prompt. However, you may want to return to RouterA without

disconnecting from Router C. You can do this wiyh the Ctrl+Shift+6, let go then press letter X

7. Press Ctrl + Shift + 6 then X to return to RouterA. Now telnet into RouterB by typing

172.16.20.2. Use the Ctrl + Shift + 6 then X command to return to RouterA

Hal 73 dari 114

8. From RouterA, Type show sessions. Notice your two sessions to RouterB ang RouterC. You can

press the nummber next to the session on the far left of the screen and press enter to return to

that session.

9. Go to netwoek Visualizer an click on RouterC. Type show user. This will show you the console

connection and the remote connection.

10. Go back to RouterA. You can use teh disconnect command to clear the sessions or just type exit

from prompt to close your session with RouterC and RouterB.

Lab 6.17 IP name Resolution

I n our last lab, we had you type in the ip address of a Router to be able to telnet. The same would

go for any IP utility, like ping. However, you can either use DNS server or build a host table on

each router to resolve host names to IP addresses. This would allow you type RouterA, instead of

172.16.20.1

1. Log in to RouterA and go into privileged mode by typing enable (or en)

2. From RouterA, type the word todd and press enter at the command prompt. Notice the error you

recive and the delay. The router is trying to resolve the host name to an IP address by looking

for a DNS server. You can turn this feature off by typing no ip domain-lookup from global

configuration mode.

3. You can build a host table, which allows you to resolve host names to IP address on each router.

You do this with the ip host command. From RouterA, add a host table entry for RouterB and

RouterC

RouterA(confog)#ip host router2621 172.16.11.2

RouterA(confog)#ip host RouterB 172.16.20.2

RouterA(confog)#ip host RouterC 172.16.40.2

Please Notice : Because of how this program was designed, IP host names must be at least 7

charavters in length, otherwise, you will receive an “% Invalid .....”response.

You can remove a host name by typing in yhe following ( as an example):

RouterA(config)#no ip host RouterB

4. Test your host table by typing ping RouterB from the command prompt (not config):

RouterA#ping RouterB


Sending 5, 100-byte ICMP Echos to 172.16.20.2, time out is 2 seconds:

Hal 74 dari 114

!!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms.

5. Test your table by pinging to RouterC:

RouterA#ping RouterC


Sending 5, 100-byte ICMP Echos to 172.16.40.2, time out is 2 seconds:

!!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms.

6. You can also use the host table for the telnet program. You can either type telnet RouterB, or

just type RouterB. The router will automatically try to telnet to the host if ypu do not use thr

word telnet. Again, this is a feature.

RouterA#RouterB

Trying RouterB (172.16.20.2).....Open

7. Keep your session open to RouterB, and then return to RouterA by using the Ctrl + Shfy + 6

then the X command.

8. Telnet to Router C by typing RouterC at the command prompt

RouterA#RouterC

Trying RouterC (172.16.40.2).....Open

9. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X

command.

10. Telnet to the 2621 router.

RouterA#router2621

Trying 2621 (172.16.11.2 ) ...Open

11. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X

command.

12. View the host table by typing show host and pressing enter

Default domain is not set

Name/addrss lookup uses domain service

Name server are 255.255.255.255

Host Flags Age Type Address(es)

Router2621 (perm,OK) 0 IP 172.16.11.2

Hal 75 dari 114

Routerb (perm,OK) 0 IP 172.16.20.2

Routerc (perm,OK) 0 IP 172.16.40.2

Lab 6.16 Cisco discovery protocol (CDP)

1. Log into RouterC and go into privileged mode by typing enable (or en)

2. type show cdp and press enter

RouterC#show cdp

Global CDP information

Sending CDP packets every 60 seconds

Sending a holtime value of 180 seconds

Notice that CDP packets are being sent out to all active interfaces of RouterC every 60 seconds

by default

RouterC also has a hiltime of 180 seconds. This means that CDP information received from

neighbor routers will be kept for 180 seconds. If RouterC does not hear from th neighbor again

before the holdtime expires, the information will be deiscarded.

3. Change the CDP update frequency to 90 seconds by using the cdp timer command:

RouterC#config t

Enter configuration commands, one per line. End with CNTL/Z

RouterC(config)#cdp timer ?

<5-900> Rate at which CDP packets are sent (in sec)

RouterC(config)#cdp timer 90

4. verify your CDP timer frequency has changed:

Hal 76 dari 114

RouteC(config)#Ctrl + Z

RouteC#show cdp

Global CDP information:


Sending a holdtime value of 180 seconds

5. Now, use CDP to gather information about neighbor routers. You can get the list of available

commands by typing show cdp ?:

RouterC#show cdp?

Entry information for specific neighbor entry

Interface CDP interface status and configuration

Neighbors CDP neighbor entries

Traffic CDP statistics

<cr>

6. By typing show cdp int, we can see the interface information plus the encapsulation. This is the

default encapsulation used by the interface. It also shows us the timers 60 seconds for an update

and 180 seconds for hold the time:

RouterC#show cdp int

Ehternet0 is up, line protocol is up, encapsulation is ARPA


Holdtime is 180 seconds

Serial0 is up, line protocol is up, encapsulation is HDLC



Serial1 is administratively down, line protocol is down



Hal 77 dari 114

7. use the show cdp entry command. It can give you the CDP information received from all

routers by typing an asterisk (*) or a specific router by typing the router name:

Go to RouterB.

RouterB#show cdp entry RouterA

------------------------

Device ID: RouterA

Entry address(es):

IP address: 172. 16. 20. 1

Interface: Serial0, Port ID (outgoing port): Serial0

Holdtime: 130 sec

The show cdp neighbors command will reveal the information being exchanged among

neighbors.

8. Use the show cdp neighbors command to gather Information about all connected neighbors. (It

is important that you memorize all the output from this command):

Go to RouterB.

RouterB#show cdp neighbors

Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge, S – Switch, H –

Host, I – IGMP, r – Repeater

Device IDLocal interface Holdtime Capability Platform Port ID

RouterC Ser 1 158 R 2500 Ser 0

RouterA Ser 0 150 R 2500 Ser 0

9. Type showcdp neighbors deatail and notice it is the same command as show cdp entry*

Hal 78 dari 114

lab 6.17: Internet working packet eXchange (IPX)

1. Log in to RouterA and go into privileged mode by typing enable (or en).

2. Type show protocol ( or sh prot) to see your routed protocols configured. Notice this

shows the routed protocol (IP) as well as the configured addresses for each interface;

RouterA#show prot

Global values;

Internet Protocol routing is enabled

Ethernet0 is up, line protocol is up

Internet address is 172. 16. 11. 1/24

TokenRing0 is up, line protocol is up


Serial0 is up, line protocol is up

Internet address is 172. 16. 20.1/24

Serial 1 is administratively down, line protocol is down

3. Enable the IPX Routed protocol on your router by using the IPX routing command;

RouterA#config t

Enter configuration commands, one per line. End with CNTL/Z.

RouterA(config)#ipx routing

RouterA(config)#^Z

RouterA#

%SYS-5-CONFIG_l: Configured from console by console

4. Now check your routed protocols again to see if IPX routing is enabled by typing show pro-

tocol (or sh prot):

Hal 79 dari 114

RouterA#show prot

Global values:

Internet Protocol routing is enabled

IPX routing is enabled

Ethernet0 is up, line protocol is up


Serial0 is up, line protocol is up

Internet address is 172. 16.20. 1/24

Serial1 is administratively down, line protocol is down

TokenRing0 is up, line protocol is up


RouterA#

Notice that IPX routing is enabled, but no interfaces have an IPX address, only IP addresses.

5. Next, enable IPX on the individual interfaces by using the interface command ipx network.

You can use any number, up to eight characters, hexademical (A through F and 0 through

9). Lets just use the same numbers as our subnet for easy identification:

RouterA#config t



RouterA(config-if)#ipx network 11





6. Now, let’s configure routers B, C and the 2621. Let’s just continue to use the subnet num-

bers for our IPX network numbers. Remember, the IPX network numbers configured be-

tween routers for each network must be the same:

Hal 80 dari 114

RouterA#config t


RouterB(config)#ipx routing

RouterB(config)#int s0

RouterB(config-if)# ipx network 20

RouterB(config-if)#int e0

RouterB(config-if)# ipx network 10


RouterB(config-if)#ipx network 40

RouterC#config t


RouterC(config)#int s0

RouterC(config-if)#ipx network 40

%Must give “ipx routing” command first

RouterC(config)# ipx routing


RouterC(config-if)# ipx network 40

RouterC(config-if)#int e0


RouterC(config-if)#int to0


Notice the error when trying to configure an IPX network number in an interface when IPX

routing was not enabled:

2621#config t

Hal 81 dari 114


2621(config)# ipx routing


2621(config-if)# ipx network 11

2621(config-if)#int f0/1

2621(config-if)#ipx network 40

7. All four routers are now configured and we can now test our configuration. One of the best

ways to do this is with the show ipx route command:

RouterA#show ipx route

RouterB#show ipx route

RouterC#show ipx route

2621#show ipx route

8. To see the IPX addresses of an interface, use the show protocol (or sh prot) command and

show ipx interface ( or sh ipx int) command:

RouterA#show protocol

RouterA#show ipx interface e0

RouterB#show protocol

RouterB#show interface e0

RouterC#show protocol

RouterC#show interface e0

Hal 82 dari 114

RouterC#show ipx int to0

2621#show protocol

2621C#show interface e0

9. You can ping using the IPX protocol once you can find the IPX address of your neighbor

routers. You can either go to the neighbor routers console port, or use the show protocol or show

pix interface command, or you can use the CDP protocol to gather the protocol information, as

shown:

RouterC#show cdp entry*

---------------------

Device ID: RouterB

Entry address(es):

IP address: 172. 16. 40. 1

Novell address: 172. 16. 40. 1

Platform: cisco 2500, capabilities: Router

Interface: Serial0, Port ID (outgoing port): Serial1

Holdtime: 155 sec

RouterC#ping 40.0000.0c8d.5 c9 d

***Important***

Please Note: This program will not check the validity of mac-addresses when you enter an IPX

address. How ever, when you ping an IPX address, the program will still expect an IPX address

where the string is between 16 and 18 characters, such an in the following formats:

x.xxxx.xxxx.xxx such as 4.0000.0c8d.5c9d

Hal 83 dari 114

x.xxxx.xxxx.xxxx such as 4.0000.0c8d.5c9d

or xxx.xxxx.xxxx.xxxx such as 4.0000.0c8d.5c9d

If you type, for example, 40.0000.0000.0000, the program will take it even thought it may not be

technically correct.

10. The IPX protocol, by default, only looks for one route to a remote network. Once it finds a

valid route, it will not consider looking for another route, even if a second route exists. You can

use the ipx maximum-paths command to tell a Cisco router that it is possible there is no more

then one link to a remote network:

RouterC#config t


RouterC(config)#ipx maximum-paths ?

<1-64> Number of paths

RouterC(config)#ipx maximum-paths 2

RouterC(config)#exit

%SYS-5-CONFIG_l: Configured from console by console

11. You can verify this command with the show ipx route command:

RouterC#show ipx route

Codes: C – connented primary network, c – Connected secondary network

S – Statistic, F – Floating static, L – Local (internal), W – IPXWAN

R – RIP, E – EIGRP, N – NLSP, X – External, A – Aggregate

S – seconds, u – uses

5 Total IPX routes. Up to 2 parallel paths and 16 hops allowed

No default route known.

C 55 (SAP), To0

Hal 84 dari 114

C 50 (NOVELL-ETHER), Et0

C 40 (HDLC), Se0

R 11 [13/02] via 40.0000.0c8d.5c9d, 39, Se0

R 15 [13/02] via 40.0000.0c8d.5c9d, 39, Se0

R 20 [07/01] via 40.0000.0c8d.5c9d, 39, Se0

R 10 [07/01] via 40.0000.0c8d.5c9d, 39, Se0

Lab 6.18 Adding secondary network addresses and multiple frame types with IPX

1. Log in to RouterA and goto privileged mode by typing enable (or en)

2. In this lab, we are added IPX routing to our routers and IPX network numbers to our interfaces.

By default, cisco routers run the 802.3 Ethernet frame type and the SAP frame type on Token

Ring LANs. To add a second frame type (Ethernet support 4, Token Ring 2) to your Ethernet

and Token Ring LANs, use the ecanpsulation command. However, you need to remember two

things: you must use a different network number for each frame type and you cannot add

Ethernet and Token Ring frame types to a serial link. Let’s configure RouterA with a second

frame type on the Erhernet and Token Ring LAN:

RouterA#config t



RouterA(config)#ipx network 11a encapsulation ?

arpha Novell Ethernet_II

hdlc HDLC on serial links

novell-ether Novell Ethenet_802.3

novell-fddi Novell FDDI RAW

sap IEEE 802.2 on Ethernet, FDDI, Token Ring

snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI

RouterA(config-if)#ipx network 11a encapsulation arpa?

Secondary Make this network a secondary network

<cr>

RouterA(config-if)#ipx network 11a encapsulation arpa secondary

Hal 85 dari 114


RouterA(config-if)#ipx network 15a encap?

arpha Novell Ethernet_II






RouterA(config-if)#ipx network 15a encap snap sec

RouterA(config-if)#exit

You arpha ovell Ethernet_II






Lab 6.19 Standard IP Address List

In the fist lab, you will allow only HostC (172.16.50.2) from network 172.16.50.0 to enter network

172.16.11.0

1. Go to RouterA and enter global configuration mode by typing config t

2. From global configuration mode, type access list ? to get a list of all the different access-list

available:

RouterA(config)#access-list?

<1-99> IP standard access list

<100-199> IP extended access list

<1000-1099> IPX SAP access list

Hal 86 dari 114

<1100-1199> Extended 48-bit MAC address access list

<1200-1299> IPX summary address access list

<200-299> Protocol type-code access list

<300-399> DCEnet access list

<600-699> Appeltalk access list

<700-799> 48-bit MAC address access list

<800-899> IPX standard access list

<900-999> IPX extended access list

3. Choose an access-list number that will allow you to create an IP standard access-list. This is a

number between 1-99:

routerA(config)#access-list 10 ?

deny specify packets to reject

permit specify packets to forward

4. Now, Chose to permit host 172.16.50.2

RouterA(config)#access-list 10 permit 172.16.50.2, used the wildcards 0.0.0.0

For an expalnation of willcards, please see the Sybex CCNA study guide, chapter 9

5. Now that the access list is created, you must apply it to an interface to make it work:


RouterA(config-if)#ip access-group 10 out

6. You can verify your access lists with the following command:

RouterA#show access-list

Standard IP address list 10

Permit 172.16.50.2

RouterA#show run

-cut-

interface Ethernet0

ip address 172.16.10.1 255.255.255.0

ip access-group 10 out

ipx network 10A

7. You can test your access-list by printing from HostB(172.16.50.2) to HostA(172.16.10.2)

8. Ping from RouterB and RouterC to HostA (172.16.50.2), which should fail if your access lists is

correctly setup. Only HostC(172.16.50.2) should be able to ping a host or switch 172.16.10.0

Hal 87 dari 114

Please note: You remove an access list item from a specific interface and from the router. You

will do this in the next lab. However, it is important to mention it here.

If you want to remove it from a specific interface suc as e0, you would do the following:


RouterA(config-if)#no ip access-group 10 out

RouterA(config-if)#^Z

However, RouterA will still have this access list item still listed, but not applied to an interface.

To remove it from, for example RouterA, do the following:

RouterA(config)#no access-list 10

Lab 6.20. Extended IP access lists

In this lab, you will use an extended IP access-list to stop host 172.16.10.2 from creating a telnet

session to RouterB(172.166.20.2). However, the host should still be able to ping the routerB router.

IP extended lists should be placed closet to the source, so we will add the extended list to RouterA

Router

1. First, remove any access any access-list on RouterA. Then add an extended list to RouterA

RouterA#config t

Enter configuration commands, one per line. End with CTRL/Z



RouterA(config-if)#no ip access-group 10 count


Notice that when we removed the access-list, we only had to type the command no access-list

10, which removes the complete list, regardless of the amount of lines in the list. Remember,

with a real router, to copy your access-list configuration to Notepad berfore deleting the list.

This will allow you to easily cut and paste the commands back into the router after you your

changes. On the interface, you must use the entire no ip access-group 10 out command.

Hal 88 dari 114

2. The IP Extended lists use 100-199. Choose a number to create an extended IP list.

RouterA(config)#access-list?












3. Create an access-list between the numbers 100-199

RouterA(config)#access-list 110 ?

deny Specify packets to reject

dynamic Specify a DYNAMIC list of PERMITs or DENYs

permit Specify packets to forward

4. Use a deny statement first, and then well finish latter with a permit statement to allow other

traffic to still work:

RouterA(config)#access-list 110 deny ?

<0-255> An IP protocol number

ahp Authentication Header Protocol

eigrp Cisco’s EIGRP routing protocol

esp Encapsulation Security Payload

gre Cisco’s GRE Tunneling

icmp Internet Control Message Protocol

igrp Cisco’s IGRP routing Protocol

ip Any Internet Protocol

ipinip IP in IP Tunneling

nos KA9Q NOS compatible IP over IP Tunneling

Hal 89 dari 114

ospf OSPF routing protocol

pcp Payload Compression Protocol

tcp Transmission Control Protocol

udp User Datagram Protocol

5. Since we are going to deny telnet, we must choose TCP as a Transport layer Protocol

RouterA(config)#access-list 110 deny tcp ?

A.B.C.D Source address

any Any Source host

host A sinle source host

6. Add the source IP address you want to filter on, then add the destination host IP address. Use the

host command instead of wilcard bits:

RouterA(config)#access-list 110 deny tcp host 172.16.10.2 host 172.16.20.2 ?

Ack Match on the ACK bit

Eq Match only packets on a given port number

Established Match established connections

Fin Match on the FIN bit

Fragments Check fragments

Gt Match only packets with a greater port number

Log Log matches against this entry

Log-input Log matches against this entry, including input interface

Lt Matches only packets with a lower port number

Neg Matches only packets not on a given port number

Precedence Match packets with given precedence value

Psh Match on the PSH bit

Range Match only packets in the range of port numbers

Rst Match on the RST bit

Syn Match on the SYN bit

Tos Match packets with given TOS value

Urg Match on the URG bit

<cr>

Hal 90 dari 114

7. At this point, we can add the eq telnet command

RouterA(config)#access-list 110 deny tcp host 172.16.10.2 host 172.16.20.2 eq telnet

8. Here is an important line that you must add next:

RouterA(config)#access-list 110 permit ip any 0.0.0.0 255.255.255.255

You just create a permit statement, because if you just add a deny statement, then nothing will be

permited at all. Please see the study guide for more detailed information on the above commnad.

9. Apply the access lists to serial 0 on RouterB

RouterA(config)#int s0

RouterA(config-if)#ip access-group 110 in


10.Try telnet from host 172.16.10.2 to RouterB using the destination IP address of 172.16.20.2. it

should not work, however, the ping command should work.

From host 172.16.10.2: >telnet 172.16.20.2

Lab 6.21 IPX Standard access-lists

In this lab, you will configure RouterA to allow only IPX traffic from IPX network 30, but not from

IPX network 50.

1. Remove any existing access-list on RouterA. Since this is an IPX standard access-list, the

filtering can be placed anywhere on the network since it can filter base on IPX source and

destination IP address.



RouterA(config-if)#no ip access-group 110 in

2. Configure an access-list on RouterA to allow only IPX traffic from network 30, but deny IPX

network 50. IPX standard list used the access list number 800-898

RouterA#config t

Enter configuration commands, one per line . End with CTRL/Z

RouterA(config)#access-list


Hal 91 dari 114











RouterA(config)#access-list 810 ?

Deny specify packets to reject

Permit Specify packets to permits

3. First, deny IPX network 50, then permit everything else. The 1 is a wilcard in IPX

RouterA(config)#access-list 810 deny ?

-1 Any IP net

<0-FFFFFFFF> Source net

N.H.H.H Destination net

<cr>

4. Choose network 10 as the destination network

RouterA(config)#access-list 810 deny 50 10

5. Now, permit everything else with an IPX wilcard

RouterA(config)#access-list 810 permit 1 – 1

6. Apply the list yo the serial interface of RouterA to stop the packets as they reach the router.


RouterA(config-if)ipx access-group 810 in


7. Verify the list looking at the IPX routing table. Use the show ipx access-list command to very

the list.

8. Go to Router804B. Interface e0 should have an IPX address of 50. Ping IPX address 11 which is

found between RouterA and Router2621. If correctly set up, the ping should not succed. Check

the Net Detective.

Hal 92 dari 114

Please note: As you practice with the different network, the program will only respond to

statemets whre a network is denied, such as access-lis 810 deny 50 10

10. To remove the settings, type the following:



RouterA(config-if)#no ipx access-group 810 in

Lab.6.22 PPP configuration

By default, Cisco routers use high –Level Data Link Protocol (HDLC) as a point-to- point

encapsulation methode on serial links. If you are connecting to non-Cisco equipment, then you must

use the PPP encapsulation method.

1. Type show in s0 on RouterB to see the encapsulation method

2. To change the default HDLC encapsulation methode to PPP on RouterB, use the encapsulation

command at interface configuration. Both ends of the link must run the same encapsulation.

Config t

In s0

Encap ppp

3. Now go to RouterA and set serial0 to PPP encapsulation

Config t

Int s0

Encap ppp

4. Verify the configuration by typing show int s0

5. Go to RouterB and verify that serial 0 is PPP an serial 1 is HDLC by typing show int s1. Notice

the IPCP, IPXCP and CDPCP. This is the information used to transmit the upper layer

(network layer)information accross the ISO HDLC at the MAC sublayer.

Lab 6.23. Configuring PPP Authentication

Hal 93 dari 114

1. To configure PPP authentication, make sure to go through lab 6.22 and configure PPP

configuration on serial0 of both RouterA and RouterB

2. Make sure that each router has the hostname assigned:

config t

hostname RouterA

config t

hostname routerB

3. Define a username and password on each router. Notice that the username is the name of the

remote router. Also, the password MUST be the same:

RouterA#config t

RouterA(config)#username RouterB password todd

RouterB#config t

RouterB(config)#username RouterA password todd

4. Enable chap or ppp authentication on each interface:


RouterA(config-if)#ppp authentication chap


RouterB(config-if)#ppp authenticion chap

5. Verify the PPP configuration

Show int s0

Lab 6.24 Point –to-point frame Relay

1. Log in to RouterB and go into privileged mode by typing enable (or en)

2. To configure frame relay, you need to create a frame relay switch, unless you are using a

provuder. If you are using a provider, you will only configure your Cisco router as we will do

with RouterA and C. We will now configure RouterB to be the Frame Switch:

RouterB(config)#frame-relay switching

Hal 94 dari 114

That is all you have to do tell your router it will perform switching. However, we need configure

other configuration parameters before it will work:

3. We will assume you already have an IP address and IPX network number set on each router. At

this point, you need to tell your switch that it will perform DCE communication on the serial

links, but you need to configure the encapsulation on each serial links first, as shown:


RouterB(config-if)#encap frame-relay

RouterB(config-if)#frame-relay intf-type dce



RouterB(config-if)#frame-relay intf-type dce

The above commands tells the router that it will perform DCE communication. By default, Cisco

router (actualy, all router) are configured as DTE devices. An important point here, is that this

irrelevant to the clock rate command on routers and the command used (clock rate) when a DCE

cable is connected to a serial link, is not the same command as the intf-type dce command. They

are Irrelevant to each other.

4. You now need to configure your DLCI number to identify the PVC of each virtual circuit. Data

Link Connection identifiers are used to identify the permanent Virtual Circuit (PVC).


RouterB(config-if)#frame-relay interface-dlci 16


RouterB(config-if)#frame-relay interface-dlci 17

Notice we will use a different DLCI number for each serial connection. This might not always

be the case, but your switch provider will give you your DLCI numbers for each connection.

This is a typical example.

5. The switch is now configured, and now we want to configure router A and C:


Router(config-if)#encap frame-relay

Router(config-if)#frame-relay interface-dlci 16

Router(config)# int s0

Router(config-if)#encap frame-relay

Hal 95 dari 114

Router(config-if)#frame-relay interface-dlci 17

Since we configured a DLCI number on each interface of all three routers, IARP (inverse

ARP)will map our IP and IPX addresses to the PVCs. You can see these mappings with the

show frame map command:

RouterA#show frame map

Serial0 (up):ip 172.16.20.2 dlci 16(0x10, 0x400), dynnamic,

Broadcast,, status defined, active

Serial0 (up): ipx 20.0000.0c8d.5c9d dlci 16(0x10, 0x400), dynamic,

Broadcast,,status defined, active

RouterB#show frame map









RouterC#show frame map





Notice that IARP has mapped both the IP and IPX routing protocols to a DLCI number. If the IP

and IPX addresses are not mapped to the PVC, then no communication would take place. To see

PVCs and configured DLCIs, you can use the show frame pvs command:

RouterA#show frame pvc

Hal 96 dari 114

PVC Statistic for interface Serial0 (frame Relay DTE)

DLCI=16, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0

input pkts 523 output pkts 519 in bytes 53158

out bytes 43250 droped pkts 2 in FECN pkts 0

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0

pvc create time 02:12:08, last time pvs status changed 02:11:28


PVC Statistic for interface Serial0 (frame Relay DCE)


input pkts 218 output pkts 221 in bytes 18018

out bytes 22114 droped pkts 0 in FECN pkts 0

in BECN pkts 0 out FECN pkts 0 out BECN pkts 0

out bcast pkts 221 out DE pkts 0

pvc create time 00:56:48, last time pvs status changed 00:55:08


DLCI=17, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTERFACE=Serial1

Input pkts 186 out pkts 217 in bytes 16211

Out bytes 21816 dropped pkts 0 in FECN pkts 0

In BECN pkts 0 out FECN pkts 0 out BECN pkts 0

In DE pkts 0 out DE pkts 0

Out bcast pkts 199 out bcast bytes 20952

Pvc create time 00:56:32, last time pvc status change 00:51:13

RouterC#show frame pvc

PVC Statistic for interface Serial0 (frame Relay DTE)

DLCI = 17, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTRFACE=Serial0

Input pkts 152 output pkts 131 in bytes 14840

Ouput bytes 11055 dropped pkts 0 in FECN pkts 0



Hal 97 dari 114


The only other command that will show you your DLCI number is the show running-config

command.

Lab 6.24 Frame relay with sub interface

In this lab you will create a Frame Relay network using subinterfaces. The reason you would

create subinterfaces is to allow remote offices to communicate without having to create static

mappings. Frame Relay is a Non-Broadcast Multiple Access network (NBMA). This means

routing protocols will not be broadcasted between routers accross a Frame Relay network. To

solve this you either need to add static routers with the broadcast parameter, which tells the

network to allow all broadcasts, or use the neighbor command whitin teh routing process

configuration. We will use the neighbor command in this lab.

1. Configure ReouterB to frame Relay switch using DLCIs 16 and 17. Notice in the following

configuration that there have been no changes to the IP address or IPX networks numbers:

On the RouterB:

RouterB#config t

Wntwr configuration commnads, one per line. Endz with CTRL/Z

RouterB(config)#frame-relay switching



RouterB(config-if)#frame interface-dlci 16

RouterB(config-if-dlci)#exit

RouterB(config-if)#frame intf-type dce



RouterB(config-if)#frame interface-dlci 17

Hal 98 dari 114

RouterB(config-if-dlci)#exit

RouterB(config-if)#frame intf-type dce

RouterB(config-if)#exit

RouterB(config-if)#router rip

RouterB(config-if)#neig 172.16.20.1

RouterB(config-if)#^Z

RouterC is a remote office. Create a point-to-point sub interface on serial 0. Remove the IP

addresses and IPX network number from Serial 0 and move that to the subinterface. Totice that we

used the subinterface number on the DLI number used to identify the PVC. You can use any

number.

On RouterC:

RouterC#config t

Enter configuration commands, one per line. End with CTRL/Z


RouterC(config-if)#no ip address

RouterC(config-if)#no ip netw

RouterC(config-if)#encap frame

RouterC(config-if)#int s0.17 ?

Multipoint Treat as a multipoint link

Point-to-point Treat as a point-to-point link

RouterC(config)#int s0.17 172.16.40.2 255.255.255.0

RouterC(config-subif)# ipx netw 40a

RouterC(config-subif)#frame interface-dlci 17

RouterC(config-fr-dlci)#exit

RouterC(config-subif)#exit

RouterC(config)#router rip

RouterC(config-router)#neig 172.16.40.1

RouterC(config-router)#^Z

Hal 99 dari 114

RouterA is a remote office. Create a point-to-point subinterface subinterface on serial 0.

On RouterA:

RouterA#config t

Enter configuration commands, one perl line. End with CTRL/Z


RouterA(config-if)no ip address

RouterA(config-if)#no ip address

RouterA(config-if)#no ipx netw

RouterA(config-if)#encap frame

RouterA(config)#int.16 point-to-point

RouterA(config-subinif)#ip address 172.16.20.1 255.255.255.0

RouterA(config-subif)#ipx netw 20a

RouterA(config-subif)#frame interface-dlci 16

RouterA(config-fr-dlci)#exit

RouterA(config-subif)#exit

RouterA(config)#router rip

RouterA(config-router)#neig 172.16.20.2

RouterA(config-router)#^Z

Verify your configuration by using the type show runnig-config command, the show frame pvc and

show frame map commands.

On RouterB

RouterB#show run

Building configuration ...

Enable secret 5 $1 $0S1N$wCWj91ArVyodOsZoEsFF221

!

ipx routing 0010.7be8.25dd

Hal 100 dari 114

frame-realy switching

!

interface Ethernet0

ip address 172.16.30.1 255.255.255.0

ipx network 30A

!

interface Ethernet0.30

ipx network 30B encapsultion SAP

!


ipx network 30C encapsulation ARPA

!


ipx network 30D encapsulation SNAP

!

interface Serial0

ip address 172.16.20.2 255.255.255.0

encapsulaton frame-relay

ipx network 20A

clockrate 1000000

frame-relay interface-dlci 16

frame-relay intf-type dce

!

interface Serial1

ip address 172.16.40.1 255.255.255.0

encapsulation frame-relay

ipx network 40A

clockrate 1000000

frame-realy interface-dlci 17

frame-relay intf-type dce

!

router rip

network 172.16.0.0

Hal 101 dari 114

neighbor 172.16.40.2


!

RouterB#show frame pvc

PVC Statistic for interface Serial0 (frame Realy DCE)

DLCI=16, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTERFACE=Serial0


Out bytes 2220 dropped pkts 0 in FCEN pkts 0

In BCEN pkts 0 out FECN pkts 0 out BECN pkts 0


Out bcast pktas 19 out bcast bytes 2220

Pvc create time 00:06:11, last time pvc status changed 00:00:11









RouterB#show frame map

Serial0 (up):ip 172.16.20.1 dlci 16(0x10,0x400), dynamic,


Serila0(up):ipx 20A.0000.0c8e.df26 dlci 16(0x10,0x400), dynamic,


Serial1(up):ipx 40A.00107.7be8.25db dlci 17(0x11,0x410), dynamic


Serial1(up):ip 172.16.40.2 dlci 17(0x11,0x410), dynamic

Hal 102 dari 114


RouterB#

On RouterA:

RouterA#show run

Enable secret 5 $1$r4Tf$P onblIXG51TskyoNpD.PAe1

!

ipx routing 0000.0c8e.df26

interface Ethernet0

ip network 10C enacpsulation SAP

!


ipx netwaork 10C encapsulation ARPA

!


ipx netwaork 10D encapsulation SNAP

!

interface Serial0

no ip address

enacapsulation frame-realy

!

interface Serial0.16 point-to-point

ip address 172.16.20.1 255.255.255.0

ipx network 20A

frame-raely interface-dlci 16

!

interface Serial1

no ip address

shutdown

!

router rip

network 172.16.0.0

neigbor 172.16.20.2

Hal 103 dari 114


PVC Statistic for interface Serial) Frame Relay DTE)

DLCI=16, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0.16







RouterA#show frame map

Serial0.16(up): point-to-point dlci, dlci 16(0x10,0x400),

Broadcast status defined, active

On RouterC:

Router#show run

Building configuration ...

Current configuration:

!

Version 11.3

Servive timestamps debug uptime.

Servivce timestamps log uptime

No service password-encription

!

hostname RouterC

!

ipx routing 001.7be8.25db

!

Hal 104 dari 114

!

interface Ethernet0

ip address 172.16.50.1 255.255.255.0

ipx network 50A

!

interface Ethernet0 50

ipx network 50C encapsulation ARPA

!


ipx network 50D encapusulation SNAP

!

inetrface Serial0

no ip address

enacapslation frame-relay

!

interface Serial0.17 point-to-point

ip address 172.16.40.2 255.255.255.0

ipx network 40A

frame-relay interface-dlci 17

!

interface Serial1

no ip address

shutdown

!

router rip

network 172.16.0.0


!

no ip calassless

!

line con 0

line aux 0

line vty 0 4

Hal 105 dari 114

no login

!

end

RouterC#show frame pvc

PVC Satistic for interface Serial0 (frame Relay DTE)

DLCI=17, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0.17

Inteface pkts 113 out pkts 111 in bytes 9827






RouterC#show frame map

Serial0.17 (up): point-to-point dlci 17(10x11,0x410),

Broadcast status defined, active

Lab 6.25 ISDN configuration

1. Go to 804B and set the switch type.

Config t

Isdn switch-type basic-ni

2. Set the switch type 0n 804A at the interface level. The point of steps one and two show you that

you can configure the switch type either through global configuration mode or intercafe level.

Config t

Interface bri0

Isdn switch-type basic-ni

3. On router804A, set the SPID number on BRI 0 and make the IP address 171.16.60.1/24

Hal 106 dari 114

Config t

Int bri0

Isdn spd1 0835866101 8358661

Isdn spd1 0835886301 8358663

Ip address 172.16.60.1 255.255.255.0

No shut

4. Set the spdis on 804B and make the IP address of the interface 172.16.60.2/24

Config t

Int bri0

Isdn spd1 0835866201 8358662

Isnd spd2 0835866401 8358664

Ip address 172.16.60.2 255.255.255.0

No shut

5. Create static routes on the routers to use the remote ISDN interface. Dynamic routing will create

two problems:

One that the ISDN line will always stay up an two, that network loop will accour because of

multiple links between the same location because the CCNA exam and Routersim product only

support distant vector routing protocol (RIP an IGRP). Static routers are recommended with

ISDN and that is waht the Routersim version 2.0

Support on the 804’s as well:

Notice in the following static routes, we only give routes to the LANs, not the WANs. Since RIP

or IGRP is used to help the other router four routers update routing tables, we only need to be

concerned about getting the packets to tour closets neighbor routes. Also notice that to get to

some LANs, the static routers go through the 2500 routers, not the ISDN network.

804A(config)#ip route 172.16.50.0 255.255.255.0 172.16.60.2

804A(config)#ip route 172.16.55.0 255.255.255.0 172.16.60.2

804A(config)#ip route 172.16.11.0 255.255.255.0 172.16.10.1

804B(config)#ip route 172.16.10.0 255.255.255.0 172.16.50.2

Hal 107 dari 114

804B(config)#ip route 172.16.11.0 255.255.255.0 172.16.50.2

6. Specify interesting traffic to bring up the ISDN link. Lets choose all IP traffic. This is a global

configuration mode command.

804A(config)#dialer-list 1 protocol ip permit

804B(config)#dialer-list 1 protocol ip permit

7. Under the BRI interface of both routers, add the command dialer-group 1, which matches the

dialer-list number.

Config t

Int bri0

Dialer-group 1

8. Configure the dialer information on both routers

804A

config t

int bri0

dialer string

8358662

804B

config t

int bri0

dialer string 8358661

9. Set the dialer load-threshold and multilink command as well the idle time percentage on both

804 routers.

Config t

Int bri0

Dialer load-threshold 125 either

Ppp multilink

Dialer idle-timeout 180

Hal 108 dari 114

Set the above commands on bith routers. The dialer load-threshold and ppp multi link tells the

router when to bring up the second BRI interface, 125 means that if the first BRI is 50 % saturated,

bring up the second B-channel. The dialer idle-timeout tells the router when to drop the connection

if no data is passing on the link.

10. Set the hold queue for packets when they are found intersting and need a place to wait for the

ISBD link to come up

Confit t

Int bri0

Hold-queue 75 in

11. Verify the ISDN connection

Ping between 80a and 804B or between 804B and 804A

telnet

show dialer

show isdn status

sh ip route

Appendix B. Managing the 1900 switch

In this lab, you will connect to the cisco catalyst 1900 switch and manage the switch features.

1. From the 1900 switch, type letter K to enter into commandLine interface (CLI) mode

2. From the 1900 user mode prompt (>), type enable and press enter

3. typw show running-config (or show run) to view the current configuration. Notice the

default setings.

4. Type show version to view the IOS version running on the switch

5. set the name of the 1900 as switch by using the hostname command

config t

hostname 1900A

Hal 109 dari 114

6. Press Ctrl+Z and type show ip to see the default IP address, subnet mask and default

gateway settings.

7. set the IP address, subnet mask and default gateway of the switch by typing the following:

config t

ip address 172.16.10.3 255.255.255.0

ip default-gateway 172.16.10.1

8. Press Ctrl+Z and type show ip to see the new configuration

9. Ping RouterA by typing ping 172.16.11.1

10. type show mac-address table to view the filter table used in the switch to make

forwarding decisions.

11. Type show interfaces to gather statics on all inetfaces

12. type show int ? to see the available Ethernet and FastEthernet commands

13. type show int Ethernet ? to choose the card0 <0-0> means only one card with 12 0r 14

ports

14. Type show int e 0/? To see all available interfaces

15. Type show int e 0/2 to seeststistic for interface Ethernet 2

16. Type delete nvram to delete the startup-config

Note : you cannot view the startup-config, only the running-config. Also, the runnig-config is

saved automaticaly to NVRAM

Appendix B : Port security on the 1900 switch

1. Type the letter K from the 1900A or 1990B switch console to enter ino CLI (user mode)

2. Type enable (or en) and press enter to enter privileged mode

3. Set the enable password by typing:

Config t

Enable password level 15 todd

4. set tehe enable secret password by typing :

config t

enable secret bill

Hal 110 dari 114

Setting thr enable secret overrides the enable password. Important note: DO not set the enable

secret as enable secret password bill. This would set your password to password bill.

The 1900 switch does not have an enable secret password and you must set the level, where

15 is the higest level.

5. Press Ctrl+Z and type show run to see the password and notice that it is not encrypted.

6. Go to int Ethernet 0/5 and set the duplex to full:

Config t

Int e0/5

Duplex full

7. Go to interface Etherface 0/6 and set the duplex to half:

Int e0/6

Duplex half

8. Go to the enable mode(#) and verify the setting by typing show interface or show int e0/5 and

show int e0/6

9. you can remove the IP configuration from the switch. Type :

confit t

no ip address

10. verify the switch is IP-less. Go to the enable mode(#) and type show ip

11. set the IP address, subnet mask and default gateway of the switch:

config t

ip address 172.16.10.3 255.255.255.0

ip default-gateway 172.16.10.1

12. verify the configuration by going to the enabled mode and typing show ip

13. type show mac-address-table to see the following table. Notice that all MAC addresses nave

been found dynamically

14. Add a static entry into the filter table by using the commnad permanent.

Config t

Mac-address-table permanent 083c.0000.0001 e0/9

15. Go to enable mode and type show mac-address-table and notice the permanent entry for

interface e0/9

Hal 111 dari 114

16. Use the mac-address- table restricted static global configuration command to associate a

restricted static address with a particular sewitched port interface:

Config t

Mac-address-table restricted static 083c.0000.0002 e0/3 e0/4

The above command only allow traffic to the restricted static address 083c.0000.0002 on

interface e0/3 only from interface e0/4

17. Go to interface e0/1 and use the port secure max-mac-count 1 command to enable

addressing security and allow only one mac address in the filter table o that port. By default

up to 132 MAC addresses can be associated with a single port. By using this command, we

will allow only one workstation

Int e0/1

Port secure max-mac-count 1

18. Verify which port have port security on them by going to enabled mode and typing show mac-

address-table security. Notice that port e0/1 is enabled

Hal 112 dari 114

Hal 113 dari 114

Hal 114 dari 114

Modul Praktikum Internet Working Ok

Documents

Transcript of Modul Praktikum Internet Working Ok