JENDELA TEKNIK KOMPUTER DAN JARINGAN: PEMBAHASAN

CONTENTS

This Test Project proposal consists of the following document/file:

PEMBAHASAN-LKSJATENG2017.pdf

PART 1 - CONFIGURE WITH INSTRUCTION BELOW

IP ADDRESS LIST TABLE

DEVICE	INTERFACE	IPv4	IPv6	NOTE
ISP-Router	Fa 0/0	25.10.21.200/23	-	Preconfig
ISP-Router	Se 0/1/0	24.10.20.17/29	2017:10:25:AAA::1/124	Preconfig
CORE-R1	Fa 0/0	172.16.25.121/29	-
	Se 0/1/0	10.0.13.101/28	2017:0c:25:CCC::6/125
	Lo 0	1.1.1.1/32	2017::1/128
CORE-R2	Fa 0/0	172.16.25.122/29	-
	Se 0/1/0	10.0.23.202/29	2017:C:25:BBB::6/125
	Lo 0	2.2.2.2/32	2017::2/128
CORE-R3	Se 0/0/0	10.0.23.203/29	2017:C:25:BBB::1/125
	Se 0/1/0	24.10.20.18/29	2017:10:25:AAA::E/124
	Se 0/1/1	10.0.13.103.28	2017:C:25:CCC::1/125
	Lo 0	3.3.3.3/32	2017::3/128
Dist-SW	Fa 0/4	10.0.0.1/32	-
	Vlan1	172.16.25.123/29	-
	Vlan10	10.10.10.1/28	-
R-GDG	Fa 0/0	10.0.0.2/30	-
	Fa 0/1.100	x	-
	Fa 0/1.200	x	-
	Fa 0/1.1000	x	-
Server-Internet	Fa 0	25.10.20.17/22	-
DNS Server	-	10.10.10.10	-
Mail Server	-	10.10.10.11	-
A1	Fa 0	DHCP	-
A2	Fa 0	DHCP	-
B1	Fa 0	DHCP	-
B2	Fa 0	DHCP	-
IPPHONE_A	VLAN1000	DHCP	-
IPPHONE_B	VLAN1000	DHCP	-

NB :

You don't have to configure Server-Internet and ISP-Router

X = ip address which you calculate by yourself

1. Configure hostname for each device according to the topology.

2. Configure the privileged with encryption password for each device below:

a) CORE-R1 : jateng1

b) CORE-R2 : jateng2

c) CORE-R3 : jateng3

Pembahasan PART 1

Pada IPAddress list table di atas ada beberapa ip address yang belum kita ketahui, untuk menyelesaikannya nanti ada di bagian soal selanjutnya, jadi yang sudah ada kita konfigurasikan dulu.

IPv4 Addressing

CORE-R1

interface Loopback0

ip address 1.1.1.1 255.255.255.255

interface FastEthernet0/0

no sh

ip address 172.16.25.121 255.255.255.248

interface Serial0/1/0

no sh

ip address 10.0.13.101 255.255.255.240

CORE-R2

interface Loopback0

ip address 2.2.2.2 255.255.255.255

interface FastEthernet0/0

no sh

ip address 172.16.25.122 255.255.255.248

interface Serial0/1/0

no sh

ip address 10.0.23.202 255.255.255.248

CORE-R3

interface Loopback0

ip address 3.3.3.3 255.255.255.255

interface Serial0/0/0

no sh

ip address 10.0.23.203 255.255.255.248

interface Serial0/1/0

no sh

ip address 24.10.20.18 255.255.255.248

interface Serial0/1/1

no sh

ip address 10.0.13.103 255.255.255.240

Dist-SW

interface FastEthernet0/4

no switchport

ip address 10.0.0.1 255.255.255.252

interface Vlan1

ip address 172.16.25.123 255.255.255.248

interface Vlan10

ip address 10.10.10.1 255.255.255.240

R-GDG

interface FastEthernet0/0

ip address 10.0.0.2 255.255.255.252

No sh

IPv6 Addressing

CORE-R1

interface Loopback0

ipv6 address 2017::1/128

interface Serial0/1/0

ipv6 address 2017:C:25:CCC::6/125

CORE-R2

interface Loopback0

ipv6 address 2017::2/128

interface Serial0/1/0

ipv6 address 2017:C:25:BBB::6/125

CORE-R3

interface Loopback0

ipv6 address 2017::3/128

interface Serial0/0/0

ipv6 address 2017:C:25:BBB::1/125

interface Serial0/1/0

ipv6 address 2017:10:25:AAA::E/124

interface Serial0/1/1

ipv6 address 2017:C:25:CCC::1/125

Hostname

CORE-R1

Router(config)# hostname CORE-R1

CORE-R2

Router(config)# hostname CORE-R2

CORE-R3

Router(config)# hostname CORE-R3

Dist-SW

Switch(config)# hostname Dist-SW

R-GDG

Router(config)# hostname R-GDG

SW-GDG-MAIN

Switch(config)# hostname SW-GDG-MAIN

SW-A

Switch(config)# hostname SW-A

SW-B

Switch(config)# hostname SW-B

SW-Farm-Server

Switch(config)# hostname SW-Farm-Server

PASSWORD ENCRYPTION

Pada soal point ke 2 kita diminta untuk mengkonfigurasikan password yang langsung terenkripsi pada CORE-DOMAIN (CORE-R1, CORE-R2, dan CORE-R3). Jadi kita gunakan perintah enable secret agar password yang kita tambahkan langsung terenkripsi.

CORE-R1

CORE-R1(config)# enable secret jateng1

CORE-R2

CORE-R2(config)# enable secret jateng2

CORE-R3

CORE-R3(config)# enable secret jateng3

PART 2 - SWITCHING ADMINISTRATION

Dist-SW and SW-Fram-Server

1. Use protocol which can simplify VLAN configuration in a switched network.

2. Dist-SW can distributed their VLAN configuration to other switches in the same domain, use lksjateng2017 for domain.

3. Protect this protocol with MD5 digest of ASCII string sayapastijuara!!!

4. Create VLAN 10 with name Server-farm on switch which can distributed their VLAN configuration.

5. Configure the SW-Farm-Server so it can’t create, change, or delete VLAN on this database

6. Verify the VLAN database on ALL switches have same value.

Pembahasan

Pada point pertama kita diminta menggunakan sebuah protocol yang dapat mempermudah dalam VLAN management, dalam hal ini kita gunakan VTP.

Point ke 2, DIST-SW dapat mendistribusikan VLAN ke switch yang lain yang berada pada domain yang sama. Nah dalam hal ini Dist-SW sebagai VTP Server yang akan menyebarkan informasi VLAN update ke switch yang lain dalam satu domain, sementara untuk domainnya kita gunakan lksjateng2017. Kemudian kita diminta untuk menambahakan keamanan atau password pada VTP domain yang akan kita buat dengan password sayapastijuara!!!

Dist-SW

Dist-SW(config)# vtp mode server

Dist-SW(config)# vtp domain lksjateng2017

Dist-SW(config)# vtp password sayapastijuara!!!

Buat VLAN 10 dengan nama Server-farm pada Dist-SW

Dist-SW

Dist-SW(config)# vlan 10

Dist-SW(config-vlan)# name Server-farm

Point ke 5, kita diminta untuk mengkonfigurasikan VTP mode Client pada SW-Farm-Server, karena mode ini tidak bisa membuat, merubah, dan menghapus database VLAN

SW-Farm-Server

SW-Farm-Server(config)# vtp mode client

SW-Farm-Server(config)# vtp domain lksjateng2017

SW-Farm-Server(config)# vtp password sayapastijuara!!!

Konfigurasi trunk untuk melewakan beberapa vlan

Dist-SW

Dist-SW(config)# int fa 0/3

Dist-SW(config-if)# sw tr encap dot1q

Dist-SW(config-if)# sw mode tr

SW-Farm-Server

SW-Farm-Server (config)# int fa 0/1

SW-Farm-Server(config-if)# sw mode tr

Assign VLAN 10 pada tiap server

SW-Farm-Server

SW-Farm-Server (config)# int ra fa 0/2-3

SW-Farm-Server(config-if-range)# sw access vlan 10

Point ke 6, kita diminta untuk verifikasi agar database VLAN di masing-masing switch yang berada dalam domain yang sama. Ini pake sh vlan brief aja di Dist-SW dan SW-Farm-Server

Dist-SW#show vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gig0/1, Gig0/2

10 Server-farm active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

SW-Farm-Server#sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7 Fa0/8, Fa0/9, Fa0/10, Fa0/11 Fa0/12, Fa0/13, Fa0/14, Fa0/15 Fa0/16, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gig0/1, Gig0/2

10 Server-farm active Fa0/2, Fa0/3

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

SW-GDG-MAIN, SW-GDA, and SW-GDB

7. Use protocol which can simplify VLAN configuration in a switched network. Intinya ini pake VTP

8. SW-GDG-MAIN can distributed their VLAN configuration to other switches in the same domain, use lksjateng for domain. SW-GDG-MAIN sebagai VTP Server dengan domain lksjateng

9. Protect this protocol with MD5 digest of ASCII string pastijuara!!!. Tambahkan password pastijuara!!! untuk mengamankan VTP update

10. Create VLAN for IP Phone, Room A and Room B with configuration below:

VLAN-ID	VLAN NAME
100	ROOM-A
200	ROOM-B
1000	IPPHONE

SW-GDG-MAIN

SW-GDG-MAIN (config)# vtp mode server

SW-GDG-MAIN (config)# vtp domain lksjateng

SW-GDG-MAIN (config)# vtp password pastijuara!!!

SW-GDG-MAIN (config)# vlan 100

SW-GDG-MAIN (config-vlan)# name ROOM-A

SW-GDG-MAIN (config)# vlan 200

SW-GDG-MAIN (config-vlan)# name ROOM-B

SW-GDG-MAIN (config)# vlan 1000

SW-GDG-MAIN (config-vlan)# name IPPHONE

11. Configure the others switches except SW-GDG-MAIN so they can’t create, change, or delete VLAN on their database. Selain SW-GDG-MAIN di set sebagai VTP Client

SW-A, SW-B

SW-A, SW-B (config)# vtp mode client

SW-A, SW-B (config)# vtp domain lksjateng

SW-A, SW-B (config)# vtp password pastijuara!!!

Setting Trunk

SW-GDG-MAIN

SW-GDG_MAIN (config)# int ra fa 0/1-2

SW-GDG_MAIN (config-if-range)# sw mode trunk

SW-A, SW-B

SW-A, SW-B (config)# int fa 0/1

SW-A, SW-B (config-if)# sw mode trunk

Assign VLAN interface

SW-A

SW-A (config)# int fa 0/2

SW-A (config-if)# sw mode access

SW-A (config-if)# sw access vlan 200

SW-A (config)# int fa 0/3

SW-A (config-if)# sw mode access

SW-A (config-if)# sw access vlan 100

SW-B

SW-B (config)# int fa 0/2

SW-B (config-if)# sw mode access

SW-B (config-if)# sw access vlan 100

SW-B (config)# int fa 0/3

SW-B (config-if)# sw mode access

SW-B (config-if)# sw access vlan 200

12. Verify the VLAN database on ALL switches have same value.

SW-GDG-MAIN

SW-GDG-MAIN#sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gig0/1, Gig0/2

100 ROOM-A active

200 ROOM-B active

1000 IPPHONE active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

SW-A

SW-A#sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gig0/1, Gig0/2

100 ROOM-A active Fa0/3

200 ROOM-B active Fa0/2

1000 IPPHONE active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

SW-B

SW-B#sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Fa0/24, Gig0/1, Gig0/2

100 ROOM-A active Fa0/2

200 ROOM-B active Fa0/3

1000 IPPHONE active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

PART 3 - ROUTER ADMINISTRATION

CORE ROUTER DOMAIN

1. Configure IPv4 Address and IPv6 Address of the CORE Routers Domain (CORE-R1, CORE-R2, CORE-R3) with ip addresses as the table IP ADDRESS LIST in above. (ini sudah kita konfigurasikan di atas)

2. Verify thath CORE-R3 can ping CORE-R1 and CORE-R2 (sekarang baru verifikasi ping dari CORE-R3 ke router yang lain yang directly connect)

CORE-R3 <-> CORE-R1

CORE-R3#ping 10.0.13.101

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.13.101, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms

CORE-R3#ping 2017:0c:25:ccc::6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2017:0c:25:ccc::6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms

CORE-R3 <-> CORE-R2

CORE-R3#ping 10.0.23.202

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.23.202, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/7 ms

CORE-R3#ping 2017:0c:25:bbb::6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2017:0c:25:bbb::6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

3. Configure VLAN1 in Dist-SW can reacheable from CORE-R1 and CORE-R2 with an IP address as the table above. (ini juga sudah kita konfigurasikan di atas, tinggal kita test ping)

DIST-SW <-> CORE-R1

Dist-SW#ping 172.16.25.121

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.25.121, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

DIST-SW <-> CORE-R2

Dist-SW#ping 172.16.25.122

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.25.122, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms

4. Configure DHCP Server service for ROOM A, ROOM B and IP PHONE in R-GDG, with requiretments below:

l Set DNS to local server in Server Farm (ini diminta ngeset dns pakai ip dns local yang di Server farm)

l Calculate the VLSM according to hosts which needed following table below!

Kita hitung dulu VLSM berdasarkan table di bawah

VLAN NAME	DHCP POOL NAME	VLSM	NETWORK
ROOM-A	ROOM_A	11 host	192.168.10.x/x
ROOM-B	ROOM_B	8 host	192.168.20.x/x
IPPHONE	IPPHONE	2 host	10.10.20.Y/x

ROOM-A punya 11 host ----> 192.168.10.x/x ?

Pada table subnet di atas untuk host di ROOM-A kita bisa make /28 karena jumlah hostnya ada 14.

ROOM-B punya 8 host ----> / ? à /28

IPPHONE punya 2 host ----> / ? à /29

l Use the first IP address of the first subnet as gateway (IP address pertama pada subnet di jadikan sebagai gateway)

Karena di router cuma punya satu jalur physical ke SW-GDG-MAIN, sementara ada 3 network yang harus di lewatkan. Jadi kita create sub interface di router:

Int Fa 0/1 ---> main interface

Int Fa 0/1.x ---> sub interface

Karena di router yang konek ke SW-GDG-MAIN menggunakan port fa 0/1, maka kita setting sub interface di port tersebut.

interface FastEthernet0/1

no sh

interface FastEthernet0/1.100

encapsulation dot1Q 100

ip address 192.168.10.1 255.255.255.240

interface FastEthernet0/1.200

encapsulation dot1Q 200

ip address 192.168.20.1 255.255.255.240

interface FastEthernet0/1.1000

encapsulation dot1Q 1000

ip address 10.10.20.30 255.255.255.248

l Dont use IP address below, because is reserved for server soon

n 10 first IP address of range subnet 192.168.10.x/x is reserved

n 2 last IP address of range subnet 192.168.10.x/x is reserved

n 5 first IP address of range subnet 192.168.20.x/x is reserved

n 7 last IP address of range subnet 192.168.20.x/x is reserved

Untuk memecahkan soal di atas kita bisa pakai dhcp-excluded address, dengan dhcp-excluded address ini kita bisa setting ip address mana saja yang tidak di perbolehkan untuk di kasih ke client, konfigurasinya sebagai berikut

R-GDG(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10

R-GDG(config)# ip dhcp excluded-address 192.168.10.13 192.168.10.14

R-GDG(config)# ip dhcp excluded-address 192.168.20.1 192.168.10.5

R-GDG(config)# ip dhcp excluded-address 192.168.20.8 192.168.10.14

PART 4 - DYNAMIC ROUTING PROTOCOL

IPv4 ROUTING

1. Don’t CONFIGURE routing protocols on ISP-Router, Only devices store in local can use this routing protocol. (intinya jangan konfig router ISP-Router, karena ini dah preconfig)

2. Use routing protocol which can support unlimited hop count and allows scalability.

Kalau routing protocol yang support unlimited hop count dan support skalabilitas adalah OSPF

3. Configure the routing protocol’s identity each router with requirements below.

hostname	Identifier
CORE-R1	1001
CORE-R2	1002
CORE-R3	1003
Dist-SW	1000
R-GDG	1010

Maksud identity disini adalah process idnya, jadi nanti di CORE-R1 menggunakan router ospf 1001, CORE-R2 menggunakan router ospf 1002, dst,,

4. All loopback must be advertised as internal prefixes.

Jadi nanti kita harus advertise loopback agar menjadi internal prefix, tinggal dimasukin aja networknya loopback

5. Use loopback of CORE DOMAIN (CORE-R1, CORE-R2, CORE-R3) as router ID

Pada core domain, ip loopback digunakan sebagai router id di masing-masing router

6. Configure hierarchy to the routing network with requirements below:

a) All CORE DOMAIN (CORE-R1, CORE-R2, CORE-R3) include in backbone, except it use non-backbone.

Intinnya semua CORE DOMAIN pakai backbone atau area 0, sedangakan selain router yang berada pada CORE DOMAIN nanti dia pakai non-backbone

b) CORE-R2 and CORE-R3 as ABR

ABR (Area Border Router) merupakan router yang didalamnya terdapat lebih dari satu area, jadi ABR ini akan menjembatani area satu dengan area yang lain dalam OSPF.

c) For non-backbone router use 12 for identification area.

Kita diminta menggunakan area 12 sebagai area untuk non-backbonnya

Oke sekarang kita konfigure satu persatu

CORE-R1

router ospf 1001

router-id 1.1.1.1 (ip loopback sebgai router-id)

network 172.16.25.120 0.0.0.7 area 12

network 10.0.13.96 0.0.0.15 area 0

network 1.1.1.1 0.0.0.0 area 0 (advertise loopback sebagai internal prefic)

CORE-R2

router ospf 1002

router-id 2.2.2.2

network 172.16.25.120 0.0.0.7 area 12

network 10.0.23.200 0.0.0.7 area 0

network 2.2.2.2 0.0.0.0 area 0

CORE-R3

router ospf 1003

router-id 3.3.3.3

network 10.0.13.96 0.0.0.15 area 0

network 10.0.23.200 0.0.0.7 area 0

network 3.3.3.3 0.0.0.0 area 0

Dist-SW

router ospf 1000

network 10.10.10.0 0.0.0.15 area 12

network 172.16.25.120 0.0.0.7 area 12

network 10.0.0.0 0.0.0.3 area 12

R-GDG

router ospf 1010

network 192.168.10.0 0.0.0.15 area 12

network 192.168.20.0 0.0.0.15 area 12

network 10.10.20.24 0.0.0.7 area 12

network 10.0.0.0 0.0.0.3 area 12

7. Verify all router and each host can commuicated successfully.

IPv6 ROUTING

1. Configure IPv6 routing protocol only for devices which have IPv6 address following the IP ADDRESS LIST TABLE

Untuk device yang menggunakan IPv6, kita konfigurasikan IPv6 routing

2. Remember don’t CONFIGURE routing protocols on ISP-Router, Only devices store in local can use this routing protocol. Walaupun di ISP-Router ada ipv6 tetapi kita tidak di ijinkan mengkonfigurasikan routing di ISP

3. Use routing protocol for IPv6 addressing same as routing protocol which can you chose in IPv4 addressing and run on the same identifier process.

Artinya disini kita pake routing protocol yang sama pada IPv6 dengan process id yang sama juga. Untuk OSPF di IPv6 kita pakai OSPFv3

4. All loopback IPv6 address must be advertised as internal prefixes. Ini sepeti sebelumnya tinggal kita tambahakan aja loopback ke dalam OSPFv3

5. Advertise all interface each router in routing protocols. Untuk routing di IPv6 paling mudah kita assign routingnya di tiap-tiap interface.

Konfigurasi

Jadi hanya pada ROUTER yang berada di CORE DOMAIN saja yang ada IPv6nya, sebelumnya kita aktifkan dulu unicast-routingnya.

CORE-R1, CORE-R2, CORE-R3

CORE-R1, CORE-R2, CORE-R3 (config)# ipv6 unicast-routing

Barulah kita create OSPFv3 dengan router-id ip loopback IPv4

CORE-R1

CORE-R1 (config)# ipv6 router ospf 1001

CORE-R1 (config-router)#router-id 1.1.1.1

CORE-R2

CORE-R2 (config)# ipv6 router ospf 1002

CORE-R2 (config-router)#router-id 2.2.2.2

CORE-R3

CORE-R3 (config)# ipv6 router ospf 1003

CORE-R3 (config-router)#router-id 3.3.3.3

Kemudian kita assign OSPFv3 ke dalam setiap interface di router

CORE-R1

CORE-R1 (config)# interface Loopback0

CORE-R1 (config-if)# ipv6 ospf 1001 area 0

CORE-R1 (config)# interface Serial0/1/0

CORE-R1 (config-if)# ipv6 ospf 1001 area 0

CORE-R2

CORE-R2 (config)# interface Loopback0

CORE-R2 (config-if)# ipv6 ospf 1002 area 0

CORE-R2 (config)# interface Serial0/1/0

CORE-R2 (config-if)# ipv6 ospf 1002 area 0

CORE-R3

CORE-R3 (config)# interface Loopback0

CORE-R3 (config-if)# ipv6 ospf 1003 area 0

CORE-R3 (config)# interface Serial0/0/0

CORE-R3 (config-if)# ipv6 ospf 1003 area 0

CORE-R3 (config)# interface Serial0/1/0

CORE-R3 (config-if)# ipv6 ospf 1003 area 0

6. Verify all loopback router can reachable in each router.

CORE-R1

CORE-R1#show ipv6 route ospf

IPv6 Routing Table - 7 entries

O 2017::2/128 [110/128]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

O 2017::3/128 [110/64]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

O 2017:C:25:BBB::/125 [110/128]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

Loopback CORE-R2 dan CORE-R3 sudah kebaca di CORE-R1

CORE-R2

CORE-R2#sh ipv6 route ospf

IPv6 Routing Table - 7 entries

O 2017::1/128 [110/128]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

O 2017::3/128 [110/64]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

O 2017:C:25:CCC::/125 [110/128]

via FE80::2E0:F7FF:FEA0:2E01, Serial0/1/0

CORE-R3

CORE-R3#sh ipv6 route ospf

IPv6 Routing Table - 11 entries

O 2017::1/128 [110/64]

via FE80::290:2BFF:FED2:8501, Serial0/1/1

O 2017::2/128 [110/64]

via FE80::201:43FF:FE54:1701, Serial0/0/0

Test PING

CORE-R1 <---> CORE-R3

CORE-R1#ping 2017::3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2017::3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/11 ms

CORE-R1 <---> CORE-R2

CORE-R1#ping 2017::2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2017::2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/19 ms

Nah antar IP loopback sudah bisa saling ping sekarang.

PART 5 - NAT

NAT

1. All PC/host and server in local can access server internet. Intinya semua PC/Host yang ada di local bisa internetan atau bisa mengakses server yang ada di internet. Kita gunakan PAT (Dynamic NAT with Overload).

2. List address use ACL which control traffic depending of the source address only.

Disini kita harus menggunakan ACL yang dapat mengontrol traffic berdasarkan source saja, artinya kita pakai Standard ACL

3. Create ACL using the highest ACL Number

Untuk ACLnya kita gunakan number yang terbesar, untuk yang stard ACL numbernya 1-99. jadi kita gunakan ACL Number 99. berikut selengkapnya

CORE-R3(config)#access-list ?

<1-99> IP standard access list

<100-199> IP extended access list

Konfigurasi Dynamic NAT with Overload

CORE-R3

CORE-R3(config)# ip nat inside source list 99 interface Serial0/1/0 overload

CORE-R3(config)# access-list 99 permit any

CORE-R3(config)# ip route 0.0.0.0 0.0.0.0 24.10.20.17

CORE-R3(config)# interface Serial0/0/0

CORE-R3(config-if)# ip nat inside

CORE-R3(config)# interface Serial0/1/0

CORE-R3(config-if)# ip nat outside

CORE-R3(config)# interface Serial0/1/1

CORE-R3(config-if)# ip nat inside

4. Configure and verify that there is default route on the others router as an external route.

Nah untuk default router yang kita konfigurasikan di CORE-R3, di router lain akan di anggap sebagai external. Solusinya kita redistribut default route yang ada di

CORE-R3 kedalam OSPF agar di anggap sebagai external

CORE-R3

CORE-R3(config)# router ospf 1003

CORE-R3(config-router)# redistribute static subnets

CORE-R3(config-router)# default-information originate

Ketika akan meredistribute static ke ospf harus menambahkan option default-information originate agar router mau menambahkan LSA type 5 untuk default route ke dalam database ospf.

Verifikasi Routing table

CORE-R1#sh ip route | b Ga

Gateway of last resort is 10.0.13.103 to network 0.0.0.0

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback0

2.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2 [110/129] via 10.0.13.103, 00:52:58, Serial0/1/0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/65] via 10.0.13.103, 00:52:58, Serial0/1/0

10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks

O 10.0.0.0/30 [110/2] via 172.16.25.123, 00:52:18, FastEthernet0/0

C 10.0.13.96/28 is directly connected, Serial0/1/0

O 10.0.23.200/29 [110/128] via 10.0.13.103, 00:52:58, Serial0/1/0

O 10.10.10.0/28 [110/2] via 172.16.25.123, 00:52:18, FastEthernet0/0

O 10.10.20.24/29 [110/3] via 172.16.25.123, 00:52:18, FastEthernet0/0

172.16.0.0/29 is subnetted, 1 subnets

C 172.16.25.120 is directly connected, FastEthernet0/0

192.168.10.0/28 is subnetted, 1 subnets

O 192.168.10.0 [110/3] via 172.16.25.123, 00:52:18, FastEthernet0/0

192.168.20.0/28 is subnetted, 1 subnets

O 192.168.20.0 [110/3] via 172.16.25.123, 00:52:18, FastEthernet0/0

O*E2 0.0.0.0/0 [110/1] via 10.0.13.103, 00:52:58, Serial0/1/0

O*E2 menandakan OSPF external, kemudian tanda * menandakan bahwa itu berasal dari default route. Jadi default route di sini di anggap sebagai external OSPF di router lain.

5. Server-Internet can access domain web server on local using IP Public 24.10.20.20.

Untuk soal no 5 ini kita pake STATIC NAT, tujuannya agar web server yang dari local bisa kita akses dari internet menggunakan ip public 24.10.20.20

CORE-R3

CORE-R3(config)# ip nat inside source static 10.10.10.10 24.10.20.20

Verifikasi

Akses IP public server local dari server internet.

PART 6 - HSRP

HSRP

1. Configure HSRP with grup 12 and use the highest one an IP address of the subnet for the Virtual IP. Ini kita diminta mengkonfigurasikan HSRP dengan grup 12, kemudian untuk virtual IP kita gunakan IP address terbesar yang ada pada subnet, untuk HSRPnya di konfigurasikan di CORE-R1, dan CORE-R2 dengan menggunakan subnet 172.16.25.120/29

2. Set priority 50 for router with the lowest one mac address as a standby. Untuk router yang punya mac address terendah kita setting priority hsrpnya menjadi 50

3. Check MAC Address between two routers. The lowest mac address router use priority 50 and the highest use default.

Konfigurasi

Pertama, cek dulu mac address di CORE-R1 dan CORE-R2

CORE-R1

CORE-R1#show int fa 0/0

FastEthernet0/0 is up, line protocol is up (connected)

Hardware is Lance, address is 0090.2bd2.8501 (bia 0090.2bd2.8501)

Internet address is 172.16.25.121/29

...

CORE-R2

CORE-R2#sh int fa 0/0

FastEthernet0/0 is up, line protocol is up (connected)

Hardware is Lance, address is 0001.4354.1701 (bia 0001.4354.1701)

Internet address is 172.16.25.122/29

...

Pada verifikasi di atas mac address CORE-R2 paling kecil dari CORE-R1, jadi kita jadikan CORE-R2 sebagai backup router.

Konfigurasi HSRP

CORE-R1

CORE-R1(config)# int fa 0/0

CORE-R1(config-if)# standby 12 ip 172.16.25.126

CORE-R1(config-if)# standby 12 preempt

CORE-R2

CORE-R2(config)# int fa 0/0

CORE-R2(config-if)# standby 12 ip 172.16.25.126

CORE-R2(config-if)# standby 12 preempt

CORE-R2(config-if)# standby 12 priority 50

VERIFIKASI

CORE-R1#sh standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Fa0/0 12 100 P Active local 172.16.25.122 172.16.25.126

CORE-R1#

CORE-R2#sh standby brief

P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP

Fa0/0 12 50 P Standby 172.16.25.121 local 172.16.25.126

CORE-R1#

PART 7 - IP Telephony Service

IP Telephony

1. Configure IP Telephony with following requirements:

a) Use the lowest port as the service ip telephony.

b) Use gateway IPPHONE as a IP source-address.

c) Set only 3 for max number of IP Phones.

d) Set only 5 for maximum directory number supported.

Ephone	Device	Mac-Address	Button	Ephone-dn	Number
1	IPPHONE_A	0006.2A84.4888	1:1	1	111
2	IPPHONE_B	0001.6345.38A2	1:2	2	222

2. Verify IP Phone in room A can dial IP Phone in room B

Konfigurasi

R-GDG

Buat dhcp server untuk IP phone

R-GDG (config)# ip dhcp pool IPPHONE

R-GDG (dhcp-config)# network 10.10.20.24 255.255.255.248

R-GDG (dhcp-config)# default-router 10.10.20.30

R-GDG (dhcp-config)# dns-server 10.10.10.10

R-GDG (dhcp-config)# option 150 ip 10.10.20.30

Konfigurasi IP Phone (telephony-service)

R-GDG (config)# telephony-service

R-GDG (config-telephony)# max-ephones 3

R-GDG (config-telephony)# max-dn 5

R-GDG (config-telephony)# ip source-address 10.10.20.30 port 2000

Setting phone numbernya

R-GDG (config)# ephone-dn 1

R-GDG (config-ephone-dn)# number 111

R-GDG (config)# ephone-dn 2

R-GDG (config-ephone-dn)# number 222

R-GDG (config)# ephone 1

R-GDG (config-ephone)# mac-address 0006.2A84.4888

R-GDG (config-ephone)# button 1:1

R-GDG (config)# ephone 2

R-GDG (config-ephone)# mac-address 0001.6345.38A2

R-GDG (config-ephone)# button 1:2

SW-GDG-MAIN

Di switch ini cuman ada konfigurasi trunk, untuk melewatkan traffik VLAN dan VOIPnya

SW-GDG-MAIN (config)# int ra fa 0/1-3

SW-GDG-MAIN (config-if-range)# sw mode tr

SW-A

Di switch A ini kit konfigurasikan cuman ada konfigurasi trunk, untuk melewatkan traffik VLAN dan VOIPnya

SW-A (config)# int fa 0/1

SW-A (config-if)# sw mode tr

SW-A (config)# int fa 0/2

SW-A (config-if)# sw mode acc

SW-A (config-if)# sw mode vlan 200

SW-A (config)# int ga 0/3

SW-A (config-if)# sw mode acc

SW-A (config-if)# sw mode vlan 100

SW-A (config-if)# sw voice vlan 1000

SW-B

SW-A (config)# int fa 0/1

SW-A (config-if)# sw mode tr

SW-A (config)# int fa 0/2

SW-A (config-if)# sw mode acc

SW-A (config-if)# sw mode vlan 100

SW-A (config)# int ga 0/3

SW-A (config-if)# sw mode acc

SW-A (config-if)# sw mode vlan 200

SW-A (config-if)# sw voice vlan 1000

Verifikasi

Akses IP public server local dari server internet.

Verifikasi telpon-telponan

PART 8 - Remote Access Management

Remote Access Management

3. Configure Remote Access Management Service which have encryption and configure with following requirements: (untuk remote access managemenet yang support encryption disini kita gunakan ssh)

a) Use default version of remote access

b) domain lksjateng2017

c) Generate a certificate which used to encrypt the packet with the highest value. (untuk key yang nanti di generate harus menggunakan yang paling besar di 360 – 2048)

d) Limit number user who connect to router is 3 users only. (limit agar yang bisa konek ke ssh Cuma 3 session)

e) All routers in Core Domain can access using remote access only.

Konfigurasi

CORE-R1

CORE-R1(config)# ip domain-name lksjateng2017

CORE-R1(config)# crypto key generate rsa

How many bits in the modulus [512]: 2048

CORE-R1(config)# line vty 0 2

CORE-R1(config-line)# login local

CORE-R1(config-line)# transport input ssh

CORE-R2

CORE-R2(config)# ip domain-name lksjateng2017

CORE-R2(config)# crypto key generate rsa

How many bits in the modulus [512]: 2048

CORE-R2(config)# line vty 0 2

CORE-R2(config-line)# login local

CORE-R2(config-line)# transport input ssh

CORE-R3

CORE-R3(config)# ip domain-name lksjateng2017

CORE-R3(config)# crypto key generate rsa

How many bits in the modulus [512]: 2048

CORE-R3(config)# line vty 0 2

CORE-R3(config-line)# login local

CORE-R3(config-line)# transport input ssh

PART 9 - SERVER Management

DNS

1. Configure DNS Server with following requirements:

DOMAIN	IP ADDRESS
lksjateng2017.com	10.10.10.10
lkssmk2017.net	25.10.20.17
mail.lksjateng2017.com	10.10.10.11
www.lksjateng2017.com	10.10.10.10
www.lkssmk2017.net	25.10.20.17

2. Configure DNS on Server Farm

FTP Server

1. Configure FTP Server on Server2 with following requirements:

a) Don’t use default user, so you must delete default user and create new user with following requirementes:

USER	PASSWORD	Priviledges
manager	learn	Have full access
engineer	study	Have full access
helper	action	Can’t modify, can remove
support	winner	Can’t modify, can remove
admin	success	Only can see file

Mail Server

2. Configure Mail Server on Server2 with following requirements:

a) Use domain mail.lksjateng2017.com

b) Create 2 users with following requirements:

USER	PASSWORD
smk	juara
tkj	luarbiasa

Verify PC in ROOM-A use smk user and ROOM-B use tkj user for send email successfully.

~~DO YOUR BEST~~

JENDELA TEKNIK KOMPUTER DAN JARINGAN

Kamis, 04 Januari 2018

PEMBAHASAN - LKSJATENG2017

Formulir Kontak