Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Roll-Over Cable
Basic Configuration:
1. Set Encryption Password for Privileged Exec Mode. Use Password: Cisco
2. Set Clear Password for Privileged Exec Mode. Use Password: Cisco2
3. Set Hostname to : Ro_HQ
4. Save Configuration to NVRAM
5. Restart router without using power button.
Basic Router Configuration
Untuk Masuk ke Privilleged Exec Mode:
Router>enable
Router#
Mengaktifkan Password:
Router(config)#enable secret cisco
Router(config)#enable password cisco2
192.168.0.0/24
Basic Configuration:
1. Set Banner Motd. Write your own Message
2. Set Password Requirement when Connect to router using Console Port. Using
Password: Cisco
3. Activate Telnet Connection on Ro_1. Use Password: Sanfran for Telnet Connection.
4. Set IP Address for all Interfaces. Use Clock Rate: 64000 for DCE
5. Try all connection using PING Command
6. Try connect to Router Via Telnet.
Konfigurasi Dasar Router
Menambahkan Banner di awal:
Router(config)#banner motd $
Enter TEXT message. End with the character ‘$'.
TULISKAN ISI PESAN DISINI
$
Router(config)#
Konfigurasi Dasar Router
Setting password console:
Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login
SSH Client:
Ro_2#ssh -l student 192.168.0.1
Konfigurasi Dasar Router
Konfigurasi Interface FastEthernet:
Router(config)#int fa0/0
Router(config-if)#ip address 192.168.0.1 255.255.255.0
Router(config-if)#no shutdown
Tekan Ctrl+Z
Basic Configuration:
1. Set Router IP Address, Hostname and Password on Router.
2. Install TFTP Server on Your PC. Set IP Address for PC
3. Backup Configuration from RAM to TFTP Server. Restart Router
4. Restore Configuration from TFTP Server to RAM.
5. Backup IOS to TFTP Server. Delete IOS.
6. Restore IOS from TFTP Server to Router
7. Recovery Router Password
8. Install IOS from ROMMON
Manajemen IOS
Password Recovery:
1. Booting ulang router dgn mematikan power.
2. Setelah Router menyala tekan tombol 'Ctrl+break'. PC sudah terkoneksi
ke console melalui hyperterminal)
3. Muncul prompt ROM Monitor:
monitor: command "boot" aborted due to user
interrupt
rommon 1 > ?
Manajemen IOS
4. Ubah Configuration-register menjadi 0x2142, kemudian reset router:
rommon 2 > confreg 0x2142
rommon 3 > reset
5. Router akan booting kembali dan masuk ke 'setup'. Lakukan
konfigurasi awal lagi dari Setup Dialog.
6. Jangan lupa setelah masuk ke privilleged mode, ubah Configure Register
kembali ke nilai 0x2102.
Ro3(config)#config-register 0x2102
Ro3(config)#exit
Ro3#copy run start
Destination filename [startup-config]?
Building configuration...
Manajemen IOS
INSTALASI IOS MELALUI rommon:
1. KONFIGURASI TERLEBIH DAHULU IP ADDRESS TFTP SERVER
(192.168.20.2)
2. Masuk ke rommon (tekan ctrl+break)
rommon 1 > tftpdnld
Missing or illegal ip address for variable
IP_ADDRESS
llegal IP address.
rommon 2 > IP_ADDRESS=192.168.20.1
rommon 3 > IP_SUBNET_MASK=255.255.255.0
rommon 4 > DEFAULT_GATEWAY=192.168.20.2
rommon 5 > TFTP_SERVER=192.168.20.2
rommon 6 > TFTP_FILE=c2600-i-mz.122-28.bin
Manajemen IOS
rommon 7 > tftpdnld
IP_ADDRESS: 192.168.20.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.20.2
TFTP_SERVER: 192.168.20.2
TFTP_FILE: bbpom
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on
flash will be lost!
HOBOKEN:
Router(config) #ip route 172.16.1.0 255.255.255.0 172.16.2.1
Router(config) #ip route 172.16.5.0 255.255.255.0 172.16.4.2
Router(config)#exit
Router#sh ip route
WAYCROSS:
Router(config) #ip route 172.16.1.0 255.255.255.0 172.16.4.1
Router(config) #ip route 172.16.3.0 255.255.255.0 172.16.4.1
Router(config)#exit
Router#sh ip route
KONFIGURASI DEFAULT ROUTING
RTY(STUB NETWORK):
RTY(config) #ip route 0.0.0.0 0.0.0.0 172.16.1.2
RTY(config)#exit
RTY#sh ip route
KONFIGURASI RIP
BHM:
BHM#conf t
BHM(config)#router rip
BHM(config-router)#network 10.0.0.0
BHM(config-router)#network 192.168.13.0
GAD:
GAD#conf t
GAD(config)#router rip
GAD(config-router)#network 192.168.14.0
GAD(config-router)#network 192.168.13.0
KONFIGURASI RIP
BOAZ:
BOAZ#conf t
BOAZ(config)#router rip
BOAZ(config-router)#network 172.31.0.0
BOAZ(config-router)#network 192.168.14.0
Router#debug ip rip
Router#no debug ip rip
Router#sh ip protocols
KONFIGURASI OSPF
RoA:
RoA#conf t
RoA(config)#router ospf 1
RoA(config-router)#network 10.64.0.0 0.0.0.255 area 0
RoB:
RoB(config)#router ospf 1
RoB(config-router)#network 10.64.0.2 0.0.0.0 area 0
RoB(config-router)#network 10.2.1.2 0.0.0.0 area 0
KONFIGURASI EIGRP
MERINDA:
Merinda#conf t
Merinda(config)#interface Loopback1
Merinda(config-if)#ip address 172.16.1.1 255.255.255.0
Merinda(config-if)#interface Loopback2
Merinda(config-if)#ip address 172.16.2.1 255.255.255.0
Merinda(config-if)#interface FastEthernet0/0
Merinda(config-if)#ip address 192.168.20.2 255.255.255.252
Merinda(config-if)#no shut
Merinda(config-fi)#exit
Merinda(config-router)#router eigrp 1
Merinda(config-router)#network 172.16.0.0
Merinda(config-router)#network 192.168.20.0
KONFIGURASI EIGRP
VARGAS:
VARGAS#conf t
VARGAS(config)#interface Loopback1
VARGAS(config-if)#ip address 192.168.30.1 255.255.255.0
VARGAS(config-if)#interface Loopback2
VARGAS(config-if)#ip address 192.168.20.5 255.255.255.252
VARGAS(config-if)#interface FastEthernet0/0
VARGAS(config-if)#ip address 192.168.20.1 255.255.255.252
VARGAS(config-if)#no shut
VARGAS(config)#router eigrp 1
VARGAS(config-router)#network 192.168.20.0
VARGAS(config-router)#network 192.168.30.0
VARGAS(config-router)#exit
VARGAS(config)#interface fa 0/0
VARGAS(config-if)#ip summary-address eigrp 1 172.16.0.0
255.255.252.0
STANDARD ACL
GATEWAY:
Router(config)#hostname gateway
gateway(config)#access-list 2 permit 192.168.0.1 0.0.0.254
gateway(config)#int fa0/0
gateway(config-if)#ip address 192.168.0.1 255.255.255.0
gateway(config-if)#no shut
gateway(config-if)#int s0/0
gateway(config-if)#ip address 202.13.1.65 255.255.255.252
gateway(config-if)#no shut
STANDARD ACL
gateway(config-if)#ip access-group 2 out
gateway(config-if)#exit
gateway(config)#ip route 202.13.1.64 255.255.255.252
202.13.1.66
ISP:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname ISP
ISP(config)#int s0/0
ISP(config-if)#ip address 202.13.1.66 255.255.255.252
ISP(config-if)#clock rate 64000
ISP(config-if)#no shut
ISP(config-if)#exit
ISP(config)#ip route 192.168.0.0 255.255.255.0 202.13.1.65
EXTENDED ACL
GATEWAY:
Router(config)#hostname Gateway
Gateway(config)#access-list 114 deny tcp 192.168.1.3 0.0.0.0
any eq www
Gateway(config)#access-list 114 deny icmp 192.168.1.2 0.0.0.0
191.10.2.2 0.0.0.0
Gateway(config)#access-list 114 permit ip any any
Gateway(config)#int fa0/0
Gateway(config-if)#ip address 192.168.1.1 255.255.255.0
Gateway(config-if)#no shut
Gateway(config-if)#int s0/0
Gateway(config-if)#ip address 202.1.2.65 255.255.255.0
EXTENDED ACL
Gateway(config-if)#no shut
Gateway(config-if)#int fa0/0
Gateway(config-if)#ip access-group 114 in
Gateway(config-if)#exit
Gateway(config)#ip route 0.0.0.0 0.0.0.0 202.1.2.66
ISP:
Router(config)#hostname ISP
ISP(config)#int fa0/0
ISP(config-if)#ip address 191.10.2.1 255.255.255.0
ISP(config-if)#no shut
ISP(config-if)#int s0/0
ISP(config-if)#ip address 202.1.2.66 255.255.255.0
ISP(config-if)#clock rate 64000
ISP(config-if)#no shut
ISP(config-if)#exit
ISP(config)#ip route 192.168.1.0 255.255.255.0 202.1.2.65
KONFIGURASI DHCP
192.168.0.0/24
192.168.0.1/24
Router#conf t
Gateway(config)#int fa0/0
Gateway(config-if)#ip address 192.168.0.1 255.255.255.0
Gateway(config-if)#no shut
Gateway(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.4
Gateway(config)#ip dhcp excluded-address 192.168.0.6
KONFIGURASI DHCP
Gateway(config)#ip dhcp pool LAN_KELAS
Gateway(dhcp-config)#network 192.168.0.0 255.255.255.0
Gateway(dhcp-config)#default-router 192.168.0.1
Gateway(dhcp-config)#dns-server 192.168.0.1
------------------------------------------------
SET DI PC CLIENT PILIHAN AUTOMATICALLY / DHCP DR COMMAND PROMPT :
• UNTUK MELIHAT KONFIGURASI IP KETIkk C:\> ipconfig /all
• UNTUK MELEPAS IP KETIK: C:\> ipconfig /release
• UNTUK MENDAPAT IP KETIK: C:\> ipconfig /renew
NAT OVERLOAD/PAT
Gateway(config)#ip route 0.0.0.0 0.0.0.0 190.40.12.1
Default Routing
RIP Version 2
RIP Version 2
RIP Version 2
DHCP Client
Ro_1:
Ro_1#conf t
Ro_1(config-)#int fa0/0
Ro_1(config-if)#ip address 190.40.12.1 255.255.255.0
Ro_1(config-if)#no shut
Ro_1(config-if)#int S0/0
Ro_1(config-if)#ip address 192.168.2.2 255.255.255.0
Ro_1(config-if)#no shut
NAT OVERLOAD/PAT
Ro_1(config-if)#int S0/1
Ro_1(config-if)#ip address 192.168.1.2 255.255.255.0
Ro_1(config-if)#no shut
Ro_1(config-if)#exit
Ro_1(config)#router rip
Ro_1(config-router)#network 190.40.12.0
Ro_1(config-router)#network 192.168.1.0
Ro_1(config-router)#network 192.168.2.0
Ro_1(config-router)#exit
Ro_2:
Ro_2#conf t
Ro_2(config)#int fa0/0
Ro_2(config-if)#ip address 201.56.10.1 255.255.255.0
Ro_2(config-if)#no shut
NAT OVERLOAD/PAT
Ro_2(config-if)#int S0/1
Ro_2(config-if)#ip address 192.168.1.1 255.255.255.0
Ro_2(config-if)#clock rate 64000
Ro_2(config-if)#no shut
Ro_2(config-if)#exit
Ro_2(config)#router rip
Ro_2(config-router)#network 192.168.1.0
Ro_2(config-router)#network 201.56.10.0
Ro_2(config-router)#exit
Ro_3:
Ro_3#conf t
Ro_3(config)#int fa0/0
Ro_3(config-if)#ip address 10.0.2.1 255.255.255.0
Ro_3(config-if)#no shut
NAT OVERLOAD/PAT
Ro_3(config-if)#int S0/0
Ro_3(config-if)#ip address 192.168.2.1 255.255.255.0
Ro_3(config-if)#clock rate 64000
Ro_3(config-if)#no shut
Ro_3(config-if)#exit
Ro_3(config#router rip
Ro_3(config-router)#network 10.0.2.0
Ro_3(config-router)#network 192.168.2.0
Ro_3(config-router)#exit
VLAN
KONFIGURASI VLAN
KONFIGURASI SWITCH:
Switch#vlan database
Switch(vlan)#vlan 2 name ENGINEERING
Switch(vlan)#vlan 3 name SALES
Switch#conf t
Switch(config)#int fa0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
KONFIGURASI TRUNK:
Switch#conf t
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
KONFIGURASI VLAN
KONFIGURASI ROUTER:
Gateway(config)#int fa0/0
Gateway(config-if)#no shut
Gateway(config-if)#int fa0/0.1
Gateway(config-subif)#encapsulation dot1Q 1
Gateway(config-subif)#ip address 192.168.0.1 255.255.255.0
Gateway(config-subif)#int fa0/0.2
Gateway(config-subif)#encapsulation dot1Q 2
Gateway(config-subif)#ip address 192.168.2.1 255.255.255.0
Gateway(config-subif)#int fa0/0.3
Gateway(config-subif)#encapsulation dot1Q 3
Gateway(config-subif)#ip address 192.168.3.1 255.255.255.0
PPP
Ro_1:
Ro_1#conf t
Ro_1(config)#hostname Ro1
Ro_1(config)#int fa0/0
Ro_1(config-if)#ip address 192.168.1.1 255.255.255.0
Ro_1(config-if)#no shut
Ro_1(config-if)#int S0/0
Ro_1(config-if)#ip address 202.1.1.2 255.255.255.0
Ro_1(config-if)#no shut
Ro_1(config-if)#exit
Ro_1(config)#ip route 0.0.0.0 0.0.0.0 202.1.1.1
Ro_1(config)#username Ro2 password cisco
PPP
Ro_1(config)#int s0/0
Ro_1(config-if)#encapsulation ppp
Ro_1(config-if)#ppp authentication chap
Ro_2:
Ro_2#conf t
Ro_2(config)#hostname Ro2
Ro_2(config)#int fa0/0
Ro_2(config-if)#ip address 192.168.2.1 255.255.255.0
Ro_2(config-if)#no shut
Ro_2(config-if)#int S0/0
Ro_2(config-if)#ip address 202.1.1.1 255.255.255.0
Ro_2(config-if)#clock rate 64000
Ro_2(config-if)#no shut
Ro_2(config-if)#exit
PPP
Ro_2(config)#ip route 0.0.0.0 0.0.0.0 202.1.1.2
Ro_2(config)#username Ro1 password cisco
Ro_2(config)#int s0/0
Ro_2(config-if)#encapsulation ppp
Ro_2(config-if)#ppp authentication chap
IPSec
IPSec
Konfigurasi Router A (Head Office - Jakpus)
ip access-list extended jakpus-to-jakbar
permit ip 10.10.1.0 0.0.0.255 10.30.1.0 0.0.0.255
Crypto isakmp policy 1
encr 3des
authentication pre-share group 2
crypto isakmp key vpnxyz address 192.168.1.2
crypto ipsec transform-set 6 transvpnxyz esp-3des esp-sha-hmac
crypto map map-vpn-xyz 1 ipsec-isakmp
set peer 192.168.1.2
set transform set transvpnxyz
match address jakpus-to-jakbar
Interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.192
crypto map map-vpn-xyz
Interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.10.1.9 - IP Core Switch
ip route 10.30.1.0 255.255.255.0 192.168.1.2
IPSec
Konfigurasi Router B (Branch – Jakarta Barat)
ip access-list extended jakbar-to-jakpus
permit ip 10.30.1.0 0.0.0.255 10.10.1.0 0.0.0.255
crypto isakmp policy 1
encr 3des
authentication pre-share group 2
crypto isakmp key vpnxyz address 192.168.1.1
crypto ipsec transform-set 6 transvpnxyz esp-3des esp-sha-hmac
crypto map map-vpn-xyz 1 ipsec-isakmp set peer 192.168.1.1
set transform set transvpnxyz
match address jakbar-to-jakpus
Interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.192
crypto map map-vpn-xyz
Interface FastEthernet0/0
ip address 10.30.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1 192.168.1.1
IPSec
Konfigurasi Switch Core (Head office - Jakpus)
ip route 10.30.1.0 255.255.255.0 10.10.1.1
ip route 192.168.1.0 255.255.255.192 10.10.1.1
Washington:
washington#conf t
washington(config)#hostname washington
washington(config)#int s0/0
washington(config-if)#ip address 192.168.1.1 255.255.255.0
washington(config-if)#clock rate 64000
washington(config-if)#no shut
washington(config-if)#int fa0/0
washington(config-if)#ip address 192.168.3.1 255.255.255.0
washington(config-if)#no shut
FRAME RELAY
washington(config)#int s0/0
washington(config-if)#encapsulation frame-relay ietf
washington(config-if)#no keepalive
washington(config-if)#frame-relay map ip 192.168.1.2 201
ietf broadcast
washington(config-if)#bandwidth 64
washington(config-if)#exit
washington(config)#ip route 192.168.2.0 255.255.255.0
192.168.1.2
Dublin:
dublin#conf t
dublin(config)#hostname dublin
dublin(config)#int s0/0
dublin(config-if)#ip address 192.168.1.2 255.255.255.0
dublin(config-if)#no shut
FRAME RELAY
dublin(config-if)#int fa0/0
dublin(config-if)#ip address 192.168.2.1 255.255.255.0
dublin(config-if)#no shut
dublin(config)#int s0/0
dublin(config-if)#encapsulation frame-relay ietf
dublin(config-if)#no keepalive
dublin(config-if)#frame-relay map ip 192.168.1.1 201 ietf
broadcast
dublin(config-if)#bandwidth 64
dublin(config-if)#exit
dublin(config)#ip route 192.168.3.0 255.255.255.0
192.168.1.1
FRAME SWITCH
Frame Switch Configuration
FRAME_SWITCH#show run interface Serial1
version 12.0 no ip address
service timestamps debug uptime no ip directed-broadcast
service timestamps log uptime encapsulation frame-relay
no service password-encryption logging event subif-link-status
! logging event dlci-status-change
hostname FRAME_SWITCH clockrate 64000
! no frame-relay inverse-arp
! frame-relay intf-type dce
ip subnet-zero frame-relay route 221 interface Serial0 122
no ip domain-lookup !
frame-relay switching ip classless
! !
! !
! line con 0
interface FastEthernet0 exec-timeout 0 0
no ip address logging synchronous
no ip directed-broadcast transport input none
shutdown line aux 0
! line vty 0 4
login
interface Serial 0 !
no ip address end
no ip directed-broadcast
encapsulation frame-relay FRAME_SWITCH#show frame route
logging event subif-link-status Input Intf Input Dlci Output Ietf Output Dlci
logging event dlci-status-change Status
clockrate 64000 Serial0 122 Serial1 221 active
no frame-relay inverse-arp Serial1 221 Serial0 122 active
frame-relay intf-type dce
frame-relay route 122 interface Serial1 221
!
Frame Relay Configuration
Ro_1 Configuration: Ro_2 Configuration:
Ro_1#show run Ro_2#show run
version 12.0 version 12.0
service timestamps debug uptime service timestamps debug uptime
service timestamps log uptime service timestamps log uptime
no service password-encryption no service password-encryption
! !
hostname Ro_1 hostname Ro_2
! !
ip subnet-zero ip subnet-zero
no ip domain-lookup no ip domain-lookup
! !
interface FastEthernet0 interface FastEthernet0
ip address 192.168.0.1 255.255.255.0 ip address 10.0.1.1 255.255.255.0
no ip directed-broadcast no ip directed-broadcast
! !
interface Serial0 interface serial 0
no ip address encapsulation frame-relay ietf
no ip directed-broadcast no keepalive
shutdown ip address 202.12.1.2 255.255.255.0
! frame-relay map ip 202.12.1.1 221 ietf broadcast
interface serial1 !
encapsulation frame-relay ietf interface Serial1
no keepalive no ip address
ip address 202.12.1.1 255.255.255.0 no ip directed-broadcast
frame-relay map ip 202.12.1.2 122 ietf broadcast shutdown
! !
router rip router rip
network 202.12.1.0 network 202.12.1.0
network 192.168.0.0 network 10.0.1.0
! !