modul praktikum internet working ok
TRANSCRIPT
INTERNETWORKING
MODUL PRAKTIKUM
Disusun Oleh :
Santoso, S.Si
JURUSAN TEKNIK INFORMATIKA
Hal 1 dari 114
POLITEKNIK POS INDONESIA
2006
DAFTAR GAMBAR
Gambar 3.1 …………………………………………………………….… III-3
Gambar 3.2 …………………………………………………… III-4
Hal 2 dari 114
DAFTAR ISI
Petemuan 1 dan 2LAB 1 Instalasi Linux Slackware …………………………………………………………….
1
1.1. Kebutuhan Sistem (System Requirement) …………………………………………………... 11.2. Software yang akan diinstall ………………………………………………………………… 11.3. Metode Instalasi …………………………………………………………………………….. 21.4. Langkah – langkah Instalasi Slackware 10.1 ........................................................................... 21.5. Membuat Partisi Linux ………………………………………………………………………. 31.6. Perintah-Perintah di Linux …………………………………………………………………... 7
Pertemuan 3, 4, 5LAB 2 FTP Server dan Web Server ...........................................................................................
10
2.1. FTP Server ............................................................................................................................... 102.1.1 File-file konfigurasi ............................................................................................................... 102.1.2 Pengujian FTP Server ............................................................................................................ 122.2. Web Server .............................................................................................................................. 132.2.1 Membuat Web Server ............................................................................................................ 142.2.2 File-file konfigurasi ............................................................................................................... 142.2.3 Pengujian Web Server ........................................................................................................... 152.3. Virtual Host ............................................................................................................................. 172..3.1 Membuat Virtual Host ......................................................................................................... 172.3.2 Pengujian
Pertemuan 6,7+Quiz LAB 3 Proxy Server …………………………………………………………………………… 203.1 Membuat Proxy Server dengan Squid ……………………………………………………….. 203.2 Kompilasi dan Instalasi ............................................................................................................ 203.3 Konfigurasi ………………………………………………………………………………….. 203.4 Menggunakan Squid ………………………………………………………………………… 213.5 Mengujicoba Server Proxy/Squid …………………………………………………………… 223.6 Mengkonfigurasi squid sebagai transparan proxy …………………………………………… 22
Pertemuan 8,9LAB 4 Membuat Mail Server ......................................................................................................
24
4.1. Posfix ...................................................................................................................................... 244.1.1 Instalasi Postfix ..................................................................................................................... 244.1.2 Instalasi TPOP3D .................................................................................................................. 274.2. SendMail .................................................................................................................................. 284.2.1 Instalasi dan Konfigurasi SendMail ....................................................................................... 294.2.2. Perintah pada Server SendMail ............................................................................................. 304.2.3 Instalasi dan Konfigurasi Server POP3 ................................................................................. 304.2.4 Pengujian ............................................................................................................................... 314.3. DMMail Client ……………………………………………………………………………… 31
Hal 3 dari 114
Pertemuan 10,11LAB 5 Routing ............................................................................................................................... 335.1. Routing Statik .......................................................................................................................... 335.1.1 Langkah-2 pembuatan Routing Statik ……………………………………………………… 335.1.2. Routing Dinamis ................................................................................................................... 355.2. Langkah-2 pembuatan Routing Dinamis ……………………………………………………. 355.2.1 Instalasi Zebra Routing ......................................................................................................... 355.1.2 Konfigurasi pada router2 dan route ...................................................................................... 355.3 De Militerized Zone ( DMZ)..................................................................................................... 37
Petemuan 12,13,14+QUIZLab 6 Router ..................................................................................................................................
40
Lab 6.1 Login .................................................................................................................................. 41Lab. 6.2 Help and Editing .............................................................................................................................. 42Lab 6.3 Commands for starting dan saving configurations ............................................................ 44Lab 6.4 Setting your paswords ....................................................................................................... 45Lab 6.5 Setting your hostname, adding a banner, IP address, Identification, bandwidth and
clock rate. .........................................................................................................................47
Lab 6.6 Configuration the lab ......................................................................................................... 50Lab 6.7 Creating Static Routes ....................................................................................................... 55Lab 6.8 Default Routes ................................................................................................................... 57Lab 6.9 Dynamic Routing with RIP ................................................................................................ 59Lab 6.10 Dynamic Routing with IGRP ........................................................................................... 61Lab 6.11 Configuring VLANs and ISL .......................................................................................... 63Lab 6.12 Backing up your Router IOS ........................................................................................... 66Lab 6.13 Upgarding or restoring your router IOS .......................................................................... 68Lab 6.14 Back Up the router configuration .................................................................................... 70Lab 6.15 Telnet ............................................................................................................................... 71Lab 6.16 IP name Resolution ......................................................................................................... 73Lab 6.17 Cisco discovery protocol (CDP) ……………………………………………………….. 75Lab 6.18 Internet working packet eXchange (IPX) ……………………………………………… 78Lab 6.19 Adding secondary network addresses and multiple frame types with IPX .................... 85Lab 6.20 Standard IP Address List ................................................................................................ 87Lab 6.21 Extended IP access lists ................................................................................................... 89Lab 6.22 IPX Standard access-lists ................................................................................................ 92Lab 6.23 PPP configuration ............................................................................................................ 94Lab 6.24 Configuring PPP Authentication ..................................................................................... 95Lab 6.25 Point –to-point frame Relay ............................................................................................ 96Lab 6.26 Frame relay with sub interface ........................................................................................ 100Lab 6.27 ISDN configuration ......................................................................................................... 109
Appendix B. Managing the 1900 switch ........................................................................................ 112Appendix B : Port security on the 1900 switch .............................................................................. 113
Hal 4 dari 114
DAFTAR TABEL
Tabel 1.1 ............................................................................................... I-3
Tabel 2.1 ……………………………………………………………... II-3
KATA PENGANTAR
Modul praktikum ini disusun sebagai pedoman bagi mahasiswa di lingkungan Politeknik Pos
Indonesia yang mengikuti praktikum mata kuliah Internetworking. Tujuan dari pelaksanaan
praktikum mata kuliah Internetworking ini adalah untuk memperdalam mata kuliah Jaringan
komputer yang diberikan kepada mahasiswa di Jurusan Teknik Informatika sebelumya
Di dalam kegiatan praktikum ini, akan dipelajari dan dipraktekan tahapan-tahapan dalam
proses pemantapan penguasaan jaringan pada wide area network. Susunan modul ini terdiri dari
tujuan, pembahasan teori praktis, tugas-tugas praktikum dan tugas-tugas pendahuluan/rumah yang
harus dikerjakan oleh para praktikan. Diharapkan para praktikan telah mempersiapkan materi yang
akan diberikan pada praktikum demi kelancarannya.
Modul praktikum Internetworking ini terdiri dari 6 Modul dengan topik bahasan sebagai
berikut :
Modul 0 : Pendahuluan, berisi tujuan umum praktikum, pembahasan singkat mengenai
…….. dan referensi.
Modul 1 : .
Modul 2 : .
Modul 3 : .
Modul 4 : .
Modul 5 : .
Hal 5 dari 114
Materi yang diberikan dalam modul dan pada saat praktikum masih belum lengkap dan untuk
itu praktikan diharapkan dapat mencari referensi tambahan yang diperlukannya baik di
perpustakaan maupun melalui media internet. Selain itu praktikan diharapkan mengikuti mata
kuliah Internetworking dengan baik, karena salah satu sumber selain modul adalah materi yang
diberikan pada saat kuliah.
Modul ini masih belum sempurna, sehingga perlu dikaji baik oleh dosen pengajar, instruktur,
asisten maupun praktikan yang terlibat dalam praktikum. Oleh karena itu penyusun berharap agar
para pemakai modul ini dapat memberikan sumbangan saran untuk perbaikan modul
Internetworking ini.
Semoga modul ini dapat bermanfaat bagi para personil yang terlibat dalam praktikum
rekayasa perangkat lunak, serta dapat meningkatkan kemampuan mahasiswa dalam menguasai
proses-proses dalam perancangan dan pelaksanaan instalasi serta konfigurasi pada perangkat lunak
maupun perangkat keras yang mendukung jaringan pada wide area network.
Bandung, ……….2006
Penyusun
Hal 6 dari 114
Nama matakuliah
INTERNEWORKING
Disusun Oleh :
Santoso, S.Si
Telah disetujui dan disahkan untuk dijadikan bahan ajar
di Jurusan Teknik Informatika
Bandung, Juli 2003
Kord. Mata Kuliah
Internetworking
Ketua Jurusan Teknik Informatika
Santoso .......................................
Hal 7 dari 114
TEKNIK PENILAIAN
Teknik penilaian praktikum mata kuliah adalah sebagai berikut :
1. Rincian bobot nilai mata praktikum Interneworking adalah sebagai berikut :
a. Nilai Praktikum : 50%
Yang terdiri dari :
Tugas Pendahuluan(TP) : 20%
Tugas Rumah(TR) : 15%
Latihan-latihan Praktikum(LLP) : 40%
Test Awal/Test Akhir(TA) : 10%
Asistensi : 15%
b. Laporan Praktikum (LP) : 40%
Yang terdiri dari :
Dokumen Proposal dan Pengembangan Sistem : 15%
Dokumen SRS : 20%
Dokumen SDD : 20%
Dokumen Implementasi : 15%
Dokumen Pengujian : 15%
Software Aplikasi : 15%
c. Absensi/Kehadiran(AK) : 10%
2. Range nilai mata praktikum ................ adalah sebagai berikut :
85 Nilai 100 Grade : A
75 Nilai < 85 Grade : B
65 Nilai < 75 Grade : C
55 Nilai < 65 Grade : D
0 Nilai < 55 Grade : E
3. Praktikan dianggap LULUS jika nilai praktikumnya 65
TEKNIK PELAKSANAAN PRAKTIKUM
Hal 8 dari 114
1. Pelaksanaan praktikum Interneworking dimulai dari tahapan persiapan dari Dosen, Asisten
dan Praktikan.
2. Praktikan harus menyelesaikan tugas pendahuluan dan diserahkan pada Instruktur/Asisten
dengan tertib sebelum praktikum dimulai. (Jika tidak mengumpulkan tugas pendahuluan
praktikan tidak diperkenankan mengikuti praktikum).
3. Bentuk laporan tugas adalah sebagai berikut :
Halaman Depan (sampul), berisi informasi :
<Nama Modul>
<Nama Tugas>
<Tugas Ke-...>
Untuk memenuhi tugas Praktikum Internetworking
Di Jurusan Teknik Informatika
Disusun oleh :
<NPM> <Nama >
Laboratorium
Jurusan Teknik Informatika – Politeknik Pos Indonesia
Bandung
2006
Logo
Poltek Pos
Asisten/Dosen Halaman : n/m
Dimana <n : halaman ke-> dan
<m : jumlah halaman>
<Nama Asisten/Dosen> Tanggal : <Tanggal dikumpulkan>
Halaman Isi, terdiri dari :
Hal 9 dari 114
Permasalahan/ Pendahuluan (Latar Belakang Masalah, Batasan Masalah, dst)
Isi (Landasan Teori, Analisa, dst) dan/atau
Penyelesaian masalah (algoritma, print-out program, hasil running program, hasil analisa dst)
Kesimpulan
Catatan : Tugas ditulis tangan menggunakan tinta warna hitam, kecuali cover, print-out
program dan tugas khusus (atas persetujuan dosen) boleh di print.
4. Selama di dalam ruang praktikum, praktikan harus mengikuti semua latihan dan petunjuk
yang diberikan Dosen/Asisten.
5. Praktikan harus mengerjakan semua tugas yang diberikan oleh Dosen/Asisten, baik tugas
pendahuluan, latihan maupun tugas rumah.
6. Modul Praktikum sebanyak ...modul dan maksimum diselesaikan dalam 12 kali
pertemuan.
7. Diakhir praktikum praktikan harus menyerahkan dokumen-dokumen praktikum dan software
aplikasi yang telah dibuat dalam bentuk softcopy maupun hardcopy.
8. Asistensi dilaksanakan pada saat praktikum berlangsung dan di luar praktikum, praktikan
dapat menghubungi asisten/dosen untuk melaksanakan asistensi. Asistensi diadakan untuk
membantu praktikan dalam menyelesaikan proyek perangkat lunak yang diberikan.
9. Asistensi dilaksanakan minimum satu minggu sekali disesuaikan dengan waktu yang dimiliki
asisten/instruktur dan praktikan.
10. Praktikan di harapkan aktif baik untuk mengajukan pertanyaan maupun menjawab pertanyaan.
Hal 10 dari 114
Lab 1 Instalasi Linux Slackware
1.1. Kebutuhan Sistem (System Requirement)
Sebelum melakukan instalasi Linux Slackware, diperlukan proses pengecekan kebutuhan
sistem yang dimiliki. Berikut ini adalah kebutuhan sistem minimal yang diperlukan:
486 processor
16MB RAM (32MB suggested)
100-500 megabytes of hard disk space for a minimal and around 3.5GB for full install
3.5" floppy drive
Kebutuhan minimal diatas akan bertambah jika ingin menjalankan sistem X-Window.
1.2. Software yang akan diinstall
Langkah berikutnya adalah menentukan software apa saja yang akan diinstall, pada
distribusi Linux Slackware setiap software dikelompokkan dalam group-group. Group
tersebut terdiri adalah:
A : Group ini berisi kumpulan software dasar yang dibutuhkan untuk
menjalankan Linux Slackware seperti teks editor dan komunikasi.
AP : Kumpulan aplikasi / software yang dapat dijalankan tanpa sistem X-
Window.
D : Berisi kumpulan aplikasi untuk kebutuhan pengembangan (Development
Tools) seperti Kompilator, Debugger, Interpreter, Sistem Help.
E : Berisi aplikasi GNU Emacs.
F : Berisi FAQs (Frequently Asked Questions), HOWTOs, dan dokumentasi
lainnya.
GNOME : Berisi aplikasi sistem Desktop GNOME.
K : Berisi kode sumber (source code) kernel linux.
KDE : Berisi aplikasi sistem Desktop KDE.
KDEI : Berisi dukungan bahasa internasional untuk sistem KDE.
Hal 11 dari 114
L : Berisi pustaka sistem (system library)
N : Berisi aplikasi networking: Daemons, aplikasi mail, telnet, news reader,
dan lain-lain.
T : Berisi aplikasi teTeX untuk kebutuhan format sistem dokumen.
TCL : Berisi tool pemrograman Tk, TclX, dan TkDesk.
X : Berisi sistem dasar untuk X-Window.
XAP : Berisi aplikasi yang membutuhkan sistem X-Window dan independen
terhadap sistem desktop tertentu. Artinya dapat dijalankan pada KDE,
GNOME, Enlightment dan lain-lain.
Y : Berisi aplikasi game.
1.3. Metode Instalasi
Slackware menyediakan beberapa metode / cara instalasi, yaitu:
1. Instalasi dengan memanfaatkan partisi DOS / Windows
2. Instalasi dengan disket boot dan disket root.
3. Instalasi dengan CD-ROM.
Dalam praktikum kali ini akan dipraktekkan instalasi Linux Slackware menggunakan CD-
ROM Slackware 10.1, karena cara ini dianggap cara yang paling mudah.
1.4. Langkah – langkah Instalasi Slackware 10.1
Berikut ini adalah langkah melakukan Instalasi linux slackware 10.1 :
Booting Software
Langkah 1 : Siapkan Software Slackware 10.1 yang terdiri dari empat buah CD-
ROM
Langkah 2 : Nyalakan komputer dan atur agar First Boot Sequence BIOS
mengarah ke CD-ROM
Langkah 3 : Masukkan CD-1 Linux Slackware ke CD-ROM Drive
Langkah 4 : Tunggu hingga muncul layar instalasi slackware, yang ditandai
dengan munculnya karakter titik dua (:).
Langkah 5 : Ketikkan jenis harddisk yang digunakan, kemudian tekan tombol
Hal 12 dari 114
ENTER Misalkan bare.i untuk jenis harddisk IDE, atau scsi.s untuk
jenis harddisk SCSI
Langkah 6 : Selanjutnya akan ada permintaan nama user yang akan login,
ketikkan root kemudian tekan tombol ENTER
1.5. Membuat Partisi Linux
Agar Linux dapat diinstalasi, terlebih dahulu disediakan ruangan pada harddisk untuk
menyimpan System. Diasumsikan pada praktikum kali ini semua harddisk yang digunakan
berjenis IDE. Langkah-langkah membuat partisi Linux adalah sebagai berikut:
Langkah 7 : #fdisk /dev/hda
maka akan ditampilkan baris seprti berikut :
Command (m for help):
Langkah 8 : Untuk menampilkan perintah-perintah yang ada ketikkan m kemudian
tekan ENTER.
Maka akan ditampilkan menu seperti berikut ini:
Command (m for help): m
Command action
a toggle a bootable flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
p print the partition table
q quit without saving changes
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help):
Langkah 9 : Untuk menampilkan partisi yang telah ada di harddisk, ketikkan p
Hal 13 dari 114
kemudian tekan ENTER.
Makan akan muncul menu seperti berikut ini:
Command (m for help): p
Disk /dev/hda: 16 heads, 38 sectors, 683
cylinders
Units = cylinders of 608 * 512 bytes
Device Boot Begin Start End Blocks
Id System
/dev/hda1 * 1 1 203 61693
6 DOS 16-bit >=32M
Command (m for help):
Langkah 10 : Selanjutnya kita akan buat terlebih dahulu Partisi Swap sebesar 2 kali
ukuran RAM yang digunakan. Diasumsikan RAM yang digunakan
adalah 128MB. Maka partisi swap yang harus dibuat adalah 256MB.
Lihat menu dibawah ini :
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (204-683): 204
Last cylinder or +size or +sizeM or +sizeK
(204-683): +256M
Langkah 11 : Karena partisi yang terbentuk pada langkah sebelumnya adalah Linux
Native, maka gantilah menjadi Linux Swap dengan langkah sebagai Hal 14 dari 114
berikut:
o Ketik t kemudian tekan ENTER
o Ketik nomor urut partisi yang akan diganti jenisnya,
misalnya 1 ENTER.
o Ketik 82 kemudian ENTER (82=Linux Swap)
Langkah 12 : Kini buatlah partisi Linux Native sebagai tempat sistem Linux,
dengan cara sebagai berikut:
o Ketik n kemudian ENTER
o Ketik p kemudian ENTER
o Ketik 2 kemudian ENTER, 2 adalah nomor urut partisi
untuk Linux Native, sedang 1 telah digunakan untuk Linux Swap.
o Pada pertanyaan First cylinder dan Last cylinder tekan
ENTER.
Langkah 13 : Ketik w kemudian ENTER untuk menyimpan partisi yang telah
dibuat.
Selanjutnya sampailah pada langkah untuk instalasi software-software yang ada pada
Linux Slackware, untuk versi Linux Slackware 10.1 terdiri dari 4 CD-ROM namun pada
proses instalasi software ini hanya dibutuhkan 2 CD-ROM.
Langkah 14 : #setup
Setelah diketik perintah setup tekan enter, maka akan terlihat sebagai
berikut:
Help : Digunakan untuk menampilkan informasi bantuan proses
instalasi.
Keymap : Digunakan untuk mapping keyboard yang digunakan,
default yang digunakan adalah keyboard jenis US.
Quick : Digunakan untuk menentukan mode proses instalasi
Hal 15 dari 114
menggunakan sistem quick (cepat) atau verbose, default
yang digunakan adalah verbose.
Make
tags
: Memungkinkan bagi yang telah mahir dengan Linux
Slackware untuk mengkustomisasi proses instalasi
dengan membuat file tags.
Addswap : Digunakan untuk menentukan partisi swap yang
digunakan sekaligus menformatnya. Langkah ini wajib
dilakukan.
Target : Digunakan untuk menentukan partisi yang akan dijadikan
sebagai tempat sistem Linux dalam hal ini jenis partisi
adalah Linux Native. Pada pilihan ini akan dilakukan
proses format dan pembuatan filesystem. Langkah ini
wajib dilakukan.
Source : Digunakan untuk menentukan program sumber Linux
Slackware, misalnya dari CD-ROM. Langkah ini wajib
dilakukan.
Disk sets : Digunakan untuk menentukan disk mana saja yang akan
diikutsertakan dalam proses instalasi.
Install : Digunakan untuk melaksanakan proses instalasi sesuai
dengan proses-proses sebelumnya. Untuk lebih
mudahnya lakukan instalasi penuh (Full). Langkah ini
wajib dilakukan.
Configure : Digunakan untuk melakukan konfigurasi setelah proses
intalasi selesai dilakukan. Pada pilihan ini akan
ditentukan nama host, domain, ip, netmask, dan password
root.
Setelah langkah Configure selesai dilakukan, maka pilihlah menu Exit. Keluarkan CD-
ROM dan tekan tombol restart (CTRL+ALT+DEL).
1.6. Perintah-Perintah di Linux
Hal 16 dari 114
Sistem operasi Linux menyediakan perintah-perintah baris (command line) untuk keperluan
administrasi. Dalam praktikum kali ini mahasiswa akan diberikan beberapa perintah yang
paling sering digunakan dalam administrasi sistem linux. Hampir seluruh perintah di linux
menggunakan huruf kecil.
login
Perintah ini digunakan untuk melakukan log in dalam sistem linux. Setelah perintah ini
diketikkan, maka akan ada permintaan username dan password.
santos@login: root
Password:
Linux 2.4.26.
No mail.
root@santos:~#
logout
Perintah ini digunakan untuk log out dari sistem linux. Perintah ini adalah kebalikan
perintah login.
1. ls [options] [file...]
Digunakan untuk menampilkan daftar file dan direktori. Perintah ini memiliki sejumlah
option antara lain yang sering digunakan adalah:
-l Menampilkan daftar file dalam bentuk kolom secara lengkap.
-a Menampilkan daftar file termasuk file yang tersembunyi
(berawalan titik).
Contoh: root@santos:~# ls -l
root@santos:~# ls -l
2. cp [options] file path
Digunakan untuk membuat duplikasi file atau direktori.
Contoh: root@santos:~# cp test1.txt test6.txt
3. mkdir [options] directory
Hal 17 dari 114
Digunakan untuk membuat sebuah direktori.
Contoh: root@santos:~# mkdir test
4. cd directory
Digunakan untuk mengganti direktori yang aktif.
Contoh: root@santos:~# cd test (mengaktifkan direktori test)
root@santos:~# cd .. (mengaktifkan direktori yang lebih atas
satu level)
root@santos:~# cd / (mengaktifkan direktori root)
5. pwd
Digunakan untuk menampilkan direktori yang aktif.
Contoh: root@santos:~# pwd
root@santos:~#
6. rm [options] file
Digunakan untuk menghapus file atau direktori. Jika digunakan dengan option –r maka
dapat digunakan untuk menghapus direktori.
Contoh: rm test6.txt
rm –r test/
7. chown [options] user:[group] file
Digunakan untuk mengganti kepemilikan file atau direktori.
Contoh: chown santos:users test1.txt
chown –R santos:users test/
8. chmod [options] mode file
Digunakan untuk mengganti mode akses file atau direktori.
Jenis mode akses yang dapat diterapkan adalah:
r (4): read
w (2): write
x (1): execute
Contoh chmod 777 test1.txt
Hal 18 dari 114
LAB 2 FTP Server dan Web Server2.1. FTP Server
File Transfer Protocol (FTP) adalah salah satu layanan internet yang memungkinkan kita
melakukan upload / download file ke / dari server ftp. Dalam praktikum kali ini akan
dibahas bagaimana membuat sebuah server ftp menggunakan aplikasi Proftpd.
Berikut ini adalah langkah-langkah pembuatan server ftp:
whereis proftpd
Perintah ini digunakan untuk melakukan pengecekan apakah program proftpd sudah terinstal
di server Linux Slackware 10.1
Linux 2.4.26.
root@santos:~#whereis proftpd
proftpd: /usr/sbin/proftpd /etc/proftpd.conf
/usr/man/man8/proftpd.8.gz
/usr/share/man/man8/proftpd.8.gz
root@santos:~#
Jika file proftpd tidak ditemukan, maka Anda harus menginstallnya terlebih dahulu. Proses
instalasi dapat dilakukan menggunakan cdrom slackware 10.1 yang berupa paket .tgz atau
menggunakan program sumbernya yang dapat diambil dari website www.proftpd.org.
2.1.1 File-file konfigurasi
File-file konfigurasi yang digunakan adalah /etc/proftpd.conf dan /etc/ftpusers sedangkan
pada file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti
berikut:
ftp-data 20/tcp #File Transfer [Default Data]
ftp-data 20/udp #File Transfer [Default Data]
ftp 21/tcp #File Transfer [Control]
ftp 21/udp #File Transfer [Control]
Hal 19 dari 114
Beberapa baris konfigurasi yang penting pada file /etc/proftpd.conf
ServerName : Digunakan untuk menentukan nama server ftp, misalnya “FTP Server
Poltekpos”
ServerType : Tipe ftp server ada 2 macam, yaitu standalone dan inetd. Jika dipilih
standalone maka server ftp harus dijalankan manual, sedangkan tipe
inetd akan menjalankan server ftp berdasarkan program inetd dengan
konfigurasi yang pada file /etc/inetd.conf.
RequireValid
Shell
: Jika diisi dengan off maka pengecekan jenis shell yang digunakan
client ditiadakan, sebaliknya jika diisi on maka client yang mengakses
ftp server harus memiliki jenis shell yang sama dengan server.
Misalnya bash, sh, csh dan lain-lain.
Port : Default dari baris ini adalah 21, yang digunakan untuk kontrol koneksi
antara server dan client.
Umask : Default dari baris ini adalah 022, yang digunakan untuk menentukan
mode dari file yang ditulis oleh client yaitu
rw--r--r--
MaskInstance
s
: Default dari baris ini adalah 30, yang digunakan untuk menentukan
jumlah proses ftp yang dapat berlangsung pada saat yang bersamaan.
Baris ini hanya akan mempunyai efek pada tipe ftp standalone.
User
Group
: Digunakan untuk menentukan nama user dan group yang menjalankan
server ftp. Nilai default untuk user adalah nobody, sedangkan group
adalah nogroup.
SystemLog : Digunakan untuk menentukan nama file yang mencatat penggunakan
server ftp.
TransferLog : Digunakan untuk mencatat proses upload / download yang telah
dilakukan.
<Directory
DIR>
....
....
....
</Directory>
: Baris ini digunakan untuk menentukan kebijakan akses terhadap
direktori tertentu. Contoh:
<Directory /*>
AllowOverwrite ON
</Directory>
Hal 20 dari 114
Memungkinkan untuk menimpa file yang telah ada pada proses upload
dengan nama file sama.
<Limit
ACCESS>
....
....
....
</Limit>
: Baris ini terletak diantara baris <Directory> dan </Directory> dan
digunakan untuk menentukan akses terhadap direktori yang telah
ditentukan pada baris <Directory>. Akses yang dapat ditentukan
adalah:
READ, WRIT, MKD, DELE, STOR
Diantara baris <Limit> dan </Limit> dapat berisi baris:
DenyAll : Menolak semua akses dari semua ip address.AllowAll : Menerima semua akses dari semua ip address.
Allow From <ip> : Menerima akses dari ip tertentu.Deny From <ip> : Menolak akses dari ip tertentu.
<Anonymous
~ftp>
...
...
...
</
Anonymous>
: Baris ini digunakan untuk menentukan layanan ftp untuk user
anonymous (tanpa user terdaftar). Agar layanan ini dapat disediakan
maka hapus baris ftp dari file /etc/ftpusers.
Home directory dari user anonymous adalah /home/ftp. Diantara baris
<Anonymous> dan </Anonymous> dapat diberikan baris lain seperti
MaxClients, User, Group, UserAlias, DisplayLogin, DisplayFirstChdir
dan tentu saja baris <Limit> dan </Limit>.
2.1.2 Pengujian FTP Server
Pengujian terhadap server ftp dapat dilakukan baik dari lokasi server maupun client.
Lokasi Server root@santos:~#ftp localhost
ftp>
Lokasi client I:\>ftp 192.168.4.1
ftp> bye
Perintah-perintah pada sesi ftp
get / recv : Mengambil sebuah file (download) dari server ftp.
put / send : Meletakkan sebuah file (upload) ke server ftp.Hal 21 dari 114
mget : Mengambil beberapa file dari server ftp.
mput : Meletakkan beberapa file ke server ftp.
prompt : Toggle on/off konfirmasi download / upload / delete.
help : Menampilkan bantuan / daftar perintah yang ada.
bye/quit : Mengakhiri sesi ftp dan kembali ke sistem operasi.
cd : Mengaktifkan direktori tertentu pada komputer server.
lcd : Mengaktifkan direktori tertentu pada komputer client.
mkdir : Membuat sebuah direktori baru.
rmdir : Menghapus sebuah direktori.
binary : Menentukan mode transfer menjadi binary.
ascii : Menentukan mode transfer menjadi ascii.
type : Menampilkan mode transfer file yang sedang aktif.
delete : Menghapus sebuah file.
mdelete : Menghapus beberapa file.
hash : Toggle on/off untuk menampilkan proses download / upload.
rename : Mengganti nama sebuah file / direktori.
pwd : Menampilkan direktori aktif.
close/disconnect : Mengakhiri sesi ftp tanpa kembali ke sistem operasi.
ls : Menampilkan daftar file / direktori.
status : Menampilkan status konfigurasi sesi ftp yang aktif.
open : Mengaktifkan koneksi ke server ftp.
verbose : Toggle on/off untuk menampilkan hasil suatu proses ftp.
user : Mengganti user yang aktif.
2.2. Web Server
Sistem Operasi Linux Slackware 10.1 menyediakan layanan web menggunakan software
web server Apache 1.3.33 secara default. Namun Anda masih dapat menggunakan software
web server lain jika diinginkan.
2.2.1 Membuat Web Server
Berikut ini adalah langkah-langkah pembuatan server web dengan Apache 1.3.33:
Hal 22 dari 114
whereis httpd
Perintah ini digunakan untuk melakukan pengecekan apakah program httpd sudah terinstal
di server Linux Slackware 10.1
Last login: Mon Apr 4 12:58:02 2005
Linux 2.4.29.
root@santos:~#whereis httpd
httpd:/usr/sbin/httpd/usr/man/man8/httpd.8.gz
/usr/share/man/man8/httpd.8.gz
root@santos:~#
Jika file httpd tidak ditemukan, maka Anda harus menginstallnya terlebih dahulu. Proses
instalasi dapat dilakukan menggunakan cdrom slackware 10.1 yang berupa paket .tgz atau
menggunakan program sumbernya yang dapat diambil dari website www.apache.org.
2.2.2 File-file konfigurasi
File konfigurasi penting yang digunakan adalah /etc/apache/httpd.conf, sedangkan pada
file /etc/services tanda # diawal baris harus dihilangkan sehingga tampak seperti berikut:
http 80/tcp www www-http #World Wide Web HTTP
http 80/udp www www-http #World Wide Web HTTP
Beberapa baris konfigurasi yang penting pada file /etc/apache/httpd.conf
ServerType : Baris ini menentukan apakah apache dijalankan secara standalone atau
inetd. Menjalankan apache secara standalone cukup dengan
mengetikkan perintah /usr/sbin/httpd start, sedangkan jika ingin
menjalankan apache menggunakan inetd cukup menghilangkan
karakter # pada file /etc/inetd.conf pada baris ftp stream tcp nowait
root /usr/sbin/tcpd httpd
StartServer : Menentukan jumlah server apache yang akan dijalankan. Jika apache
dalam keadaan running, maka jumlah server yang dijalankan bisa
dilihat dengan perintah ps axf | grep httpd
MaxClients : Menentukan jumlah client yang bisa tersambung ke web server secara
bersamaan.
Port : Menentukan nomor port yang digunakan oleh apache, defaultnya
Hal 23 dari 114
adalah port 80
User
Group
: Menentukan nama user dan group yang menjalankan apache, akan
lebih aman jika yang digunakan adalah bukan user root.
ServerAdmin : Menentukan email address Administrator web server.
ServerName : Menentukan nama web server, misalnya www.poltekpos.net
DocumenRoot : Menentukan letak file-file web, defaultnya terletak di /var/www/htdocs
DirectoryInde
x
: Menentukan nama file yang pertama kali dibaca oleh web server,
misalkan index.html index.htm index.php
2.2.3 Pengujian Web Server
Pengujian terhadap server web dapat dilakukan baik dari lokasi server maupun client.
Lokasi server: root@santos:~#lynx localhost
Test Page for the SSL/TLS-aware Apache Installation on Web Site
Hey, it worked !
The SSL/TLS-aware Apache webserver was
successfully installed on this website.
If you can see this page, then the people who own this website have
just installed the Apache Webserver software and the Apache
Interface to OpenSSL (mod_ssl) successfully. They now have to add
content to this directory and replace this placeholder page, or else
point the server at their real content.
ATTENTION!
If you are seeing this page instead of the site you expected, please
contact the administrator of the site involved. (Try sending mail to
webmaster@domain>.) Although this site is running the Apache
software it almost certainly has no other connection to the Apache
Group, so please do not
send mail about this site or its contents to the Apache authors. If you
do, your message will be ignored.
Hal 24 dari 114
The Apache online documentation has been included with this
distribution.
Especially also read the mod_ssl User Manual carefully.
Your are allowed to use the images below on your SSL-aware
Apache Web server.
Thanks for using Apache, mod_ssl and OpenSSL!
Apache Webserver mod_ssl Interface OpenSSL
Toolkit
Lokasi client:
Hal 25 dari 114
2.3. Virtual Host
Dengan apache, dimungkinkan untuk dibuat virtual host, artinya di dalam satu web server,
bisa terdapat beberapa domain sekaligus. Hanya direktori penyimpanan file-file webnya
yang berbeda. Berikut akan kita praktekkan bagaimana membuat virtual host dengan nama
tes.poltekpos.net:
2..3.1 Membuat Virtual Host
Buat direktori /var/www/htdocs/tes
root@myhost:/var/www/htdocs# mkdir /var/www/htdocs/tes
Buat file html bernama index.html yang isinya seperti beriktu:
<HTML>
<HEAD><TITLE>VIRTUAL HOST</TITLE></HEAD>
<BODY>
<H1>TESTING VIRTUAL HOST</H1>
</BODY>
</HTML>
Edit file /etc/apache/httpd.conf
Atur baris NameVirtualHost *:80 agar menjadi seperti berikut:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost
container.
# The first VirtualHost section is used for requests
Hal 26 dari 114
without a known
# server name.
#
<VirtualHost tes.poltepos.net:80>
ServerAdmin [email protected]
DocumentRoot /var/www/htdocs/tes
ServerName tes.poltekpos.net
# ErrorLog logs/dummy-host.example.com-error_log
# CustomLog logs/dummy-host.example.com-access_log
common
</VirtualHost>
Simpan file httpd.conf tersebut
Restart apache dengan perintah apachectl restart
Tambahkan baris tes.poltekpos.net ke file /etc/hosts, kemudian simpan.
# For loopbacking.
127.0.0.1 localhost
192.168.0.2 myhost.poltekpos.net
192.168.0.2 tes.poltekpos.net
# End of hosts.
2.3.2 Pengujian
Tes virtual host dengan perintah lynx http://tes.poltekpos.net/
Hal 27 dari 114
LAB 3 Proxy Server3.1 Membuat Proxy Server dengan Squid
Sistem Operasi Linux Slackware 10.1 secara default tidak menyediakan software untuk
kebutuhan proxy server, olehnya itu kita harus menggunakan software tambahan. Dalam
praktikum kali ini kita akan membuat proxy server menggunakan software squid-
2.5.STABLE9.tar.gz yang dapat didownload secara gratis di website www.squid-cache.org.
Berikut ini adalah langkah-langkah pembuatan proxy server dengan squid:
3.2 Kompilasi dan Instalasi
Kopikan file sumber squid ke direktori /usr/local/src dan aktifkan direktori tersebut.
bash-3.00#cp squid-2.5.STABLE9.tar.gz /usr/local/src
bash-3.00#cd /usr/local/src
Ekstrak file sumber squid dan aktifkan direktori hasil ekstrak tersebut.
bash-3.00#tar xzvf squid-2.STABLE9.tar.gz
bash-3.00#cd squid-2.STABLE9
Konfigurasi dan kompilasi squid.
bash-3.00#./configure --enable-arp-acl
bash-3.00#make all
bash-3.00#make install
Secara default hasil instalasi squid akan berada pada direktori /usr/local/squid
3.3 Konfigurasi
File konfigurasi squid secara umum semuanya terletak pada file
/usr/local/squid/etc/squid.conf, gunakan editor kesukaan Anda untuk mengkonfigurasi file
Hal 28 dari 114
tersebut, misalnya editor vi, pico, joe atau dapat pula menggunakan mc (Midnight
Commander).
Berikut ini adalah beberapa baris konfigurasi pada file /usr/local/squid/etc/squid.conf yang
harus dimodifikasi:
NO BARIS PERINTAH KEGUNAAN
1 http_port Menentukan port yang akan digunakan oleh squid
untuk menerima request http. Nilai defaultnya 3128,
namun umumnya port yang digunakan adalah 8080.
2 cache_mem Menentukan jumlah memory (RAM) yang digunakan
oleh squid. Default 8 MB.
3 cache_effective_user Menentukan nama user yang menjalankan squid.
4 cache_effective_group Menentukan nama group yang menjalankan squid.
5 cache_dir Menentukan letak direktori dan kapasitas cache pada
harddisk, level 1 dan 2 direktori. Contoh:
cache_dir ufs /usr/local/squid/var 100 16 256 yang
berarti direktori cache berada pada /usr/local/squid/var
dengan kapasitas 100 MB,
direktori level 1 sebanyak 16 dan level 2 sebanyak 100.
6 visible_hostname Menentukan nama host yang menjalankan squid.
Misalnya visible_hostname proxy.poltekpos.net
7 cache_mgr Menentukan alamat email yang bertanggung jawab atas
server proxy.
3.4 Menggunakan Squid
Menentukan user dan group yang menjalankan squid:
Buat user dan group yang menjalankan squid, misalkan user=squid group=squid. User
dan group ini harus disesuaikan dengan baris perintah cache_effective_user dan
cache_effective_group
bash-3.00#groupadd squid
bash-3.00#useradd squid –g squid
Hal 29 dari 114
Mengganti kepemilikan direktori /usr/local/squid/var menjadi milik user squid dan group
squid.
bash-3.00#chown –R squid:squid /usr/local/squid/var
Menjalankan squid untuk pertama kalinya.
bash-3.00#/usr/local/squid/sbin/squid -z
Menjalankan squid untuk kedua kalinya dan seterusnya.
bash-3.00#/usr/local/squid/sbin/squid
Membuat softlink untuk squid agar untuk menjalankannya tidak perlu menyebutkan
direktori secara lengkap.
bash-3.00#ln –s /usr/local/squid/sbin/squid
/usr/local/sbin
Menjalankan squid setelah merubah file /usr/local/squid/etc/squid.conf
bash-3.00#squid –k reconfigure
3.5 Mengujicoba Server Proxy/Squid
Ujicoba server proxy / squid dapat dilakukan menggunakan browser dari pc klien dengan
mengarahkan setting proxy ke ip address server proxy.
3.6 Mengkonfigurasi squid sebagai transparan proxy
Asumsi
- Squid telah terinstal dengan baik
- ipchains atau iptables telah terinstall
- Alamat network yg digunakan adalah 192.168.1.0
- Squid dikonfigurasi menggunakan port 3128
Hal 30 dari 114
Transparan proxy web cache adalah suatu proxy web cache (squid) yang difungsikan
sebagai satu-satunya server yang menangani semua permintaan halaman web oleh user.
Dengan kata lain, transparan proxy web cache akan "membajak" secara halus trafik HTTP
(yg umumnya menggunakan port 80) dan dipaksa untuk memakai port yang dipakai oleh
squid.
Manfaat
- Kemudahan administrasi
Browser-browser pada client tidak perlu dikonfigurasi untuk mengarah ke proxy web
cache squid).
- Kontrol terpusat User tidak dapat mengubah konfigurasi di browsernya untuk mem-
bypass squid.
Implementasi
Pastikan bahwa sistem anda telah mendukung IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Pastikan bahwa sistem anda telah mendukung masquerading: Untuk ipchains (kernel 2.2.x
compatible):
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0 Untuk iptables (kernel 2.4.x
compatible):
iptables -A POSTROUTING -j MASQUERADE -t nat -s 192.168.1.0/24 -o ppp0
Catatan:
Sesuaikanlah option -o pada iptables di atas dengan interface yang anda gunakan (interface
yang terdekat dengan jaringan luar).
- Arahkan semua permintaan web (port 80) ke port squid (asumsi squid menggunakan port
3128).
- Untuk ipchains (kernel 2.2.x compatible): ipchains -A input -j REDIRECT 3128 -p tcp -
s 0.0.0.0/0 -d 0.0.0.0/0 80
- Untuk iptables (kernel 2.4.x compatible): iptables -A PREROUTING -t nat -j
REDIRECT -p tcp -s 192.168.1.0/24 -d 0/0 --dport 80 --to-ports 3128
- Edit squid.conf untuk mendukung mode transparan:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Hal 31 dari 114
Lab 4 Membuat Mail Server
4.1. Posfix
Sistem Operasi Linux Slackware 10.1 menyediakan layanan mail menggunakan software
mail server Sendmail 8.13.3-i486 secara default. Namun Anda dalam praktikum kali ini kita
akan menggunakan mail server postfix-2.1.5 dan program pop3 menggunakan tpop3d-1.5.3.
Berikut ini adalah langkah-langkah pembuatan mail server dengan postfix dan tpop3d:
4.1.1 Instalasi Postfix
Uninstall sendmail
Agar postfix tidak bentrok dengan sendmail, terlebih dahulu program sendmail harus
diuninstall.
bash-3.00# removepkg sendmail
Removing package /var/log/packages/sendmail-8.13.3-i486-2...
Removing files:
--> Deleting symlink /usr/bin/hoststat
--> Deleting symlink /usr/bin/mailq
--> Deleting symlink /usr/bin/newaliases dan seterusnya.
Membuat user dan group untuk postfix.
bash-3.00# useradd postfix
bash-3.00# groupadd postdrop
Ekstrak postfix
Copykan program sumber postfix dan tpop3d ke direktori /usr/local/src kemudian
lakukan ekstraksi sebagai berikut:
Hal 32 dari 114
bash-3.00# tar xzvf postfix-2.1.5.tar.gz
bash-3.00# tar xzvf tpop3d-1.5.3.tar.gz
Kompilasi dan Instalasi postfix
Proses kompilasi dilakukan dengan perintah make, sedankan instalasi dilakukan dengan
perintah make install. Jika pada saat instalasi ada pertanyaan dari sistem, maka tekan
saja enter.
bash-3.00#cd postfix-2.1.5
bash-3.00#make
bash-3.00#make install
Edit file /etc/postfix/main.cf
Pada file main.cf gantilah baris konfigurasi menjadi sebagai berikut:
myhostname = mail.poltekpos.net
mydomain = poltekpos.net
mydestination = $myhostname, localhost.$mydomain
mynetworks = 127.0.0.0/8, 192.168.0.0/16
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
Simpan file /etc/postfix/main.cf.
Sampai dengan langkah ini, instalasi postfix sebagai mail server telah selesai. Berikut
adalah perintah yang berhubungan dengan server mail postfix:
PERINTAH : FUNGSI
postfix start : Menjalankan postfix
postfix restart : Merestart postfix
postfix stop : Menghentikan postfix
postqueue -p : Menampilkan email yang sedang berada dalam antrian (queue)
Hal 33 dari 114
PERINTAH : FUNGSI
postqueue -f : Memaksa agar email yang sedang berada dalam antrian segera
dikirim.
Agar postfix dijalankan pada saat sistem boot, maka di dalam file /etc/rc.d/rc.local kita
berikan perintah /usr/sbin/postfix start
bash-3.00#echo “/usr/sbin/postfix start” >>
/etc/rc.d/rc.local
Langkah berikutnya adalah membuat user yang akan menghandel user virtual postfix
dan catatlah nomor uid dan gid-nya.
bash-3.00#useradd virtual
bash-3.00#id virtual
uid=1003(virtual) gid=100(users) groups=100(users)
Edit dan gantilah beberapa baris konfigurasi pada file /etc/postfix/main.cf seperti
berikut:
mailbox_transport = virtual
virtual_mailbox_base = /home/virtual
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_uid_maps = static:1003
virtual_gid_maps = static:100
virtual_create_maildirsize = yes
Tambahkan domain yang kita gunakan ke akhir file /etc/postfix/virtual dan tambahkan
pula beberapa user untuk pengujian.
Hal 34 dari 114
bash-3.00#echo “poltekpos.net Politeknik Pos Indonesia”
>> /etc/postfix/virtual
bash-3.00#echo “[email protected]/munir/” >>
/etc/postfix/virtual
bash-3.00#echo “[email protected] poltekpos.net/indarko/”
>> /etc/postfix/virtual
Silahkan mencoba mengirim email menggunakan user-user yang telah dibuat pada
langkah nomor 10.
4.1.2 Instalasi TPOP3D
Agar email yang masuk ke mailbox setiap user dapat diambil, maka harus disiapkan server
pop3 mengggunakan tpop3d, tpop3d merupakan salah satu server pop3. Anda dapat
menggunakan server pop3 selain tpop3d.
Pada saat instalasi postfix, program sumber tpop3d telah diekstrak, maka sekarang kita
lanjutkan dengan kompilasi dan instalasi.
bash-3.00#cd /usr/local/src/tpop-1.5.3
bash-3.00#./configure –-enable-mbox-maildir –-enable-
authflatfile –-disable-auth-pam
bash-3.00#make
bash-3.00#make install
Buatlah file /etc/tpop3d.conf yang isinya sebagai berikut:
Listen-address: 0.0.0.0
log-facility: local6
mailbox: maildir:/home/virtual/$(domain)/$(local_part)/
auth-flatfile-enable: yes
auth-flatfile-passwd-file: /etc/virtual/$(domain)/passwd
auth-flatfile-mail-user: virtual
Atur sistem log untuk tpop3d sebagai berikut:Hal 35 dari 114
bash-3.00#echo “local6.* /var/log/tpop3d.log” >>
/etc/syslog.conf
bash-3.00#touch /var/log/tpop3d.log
Restart server syslog dan aktifkan server tpop3d, dan atur agar tpop3d jalan pada saat
sistem boot:
bash-3.00#/etc/rc.d/rc.syslog restart
bash-3.00#/usr/local/sbin/tpop3d
bash-3.00#echo “/usr/local/sbin/tpop3d” >>
/etc/rc.d/rc.local
Buat direktori untuk menyimpan password user:
bash-3.00#mkdir /etc/virtual
4.2. SendMail
Sendmail merupakan MTA (Mail Transfer Agent) yang paling tua di lingkungan sistem
operasi Linux maupun Unix, Sendmail juga merupakan default MTA pada sebagian besar
distribusi Linux seperti Slackware, RedHat, SuSE dan lain-lain. Kelebihan sendmail
dibanding MTA lain adalah proses instalasi dan konfigurasinya yang mudah.
Pada praktikum kali ini, kita akan melakukan instalasi dan konfigurasi sendmail agar dapat
mengirim dan menerima email. Berikut langkah-langkah pembuatan mail server dengan
sendmail:
4.2.1 Instalasi dan Konfigurasi SendMail
1. Atur host dan domain menggunakan utilitas netconfig
# netconfig
Isilah pertanyaan-pertanyaan yang diajukan oleh netconfig sebagai berikut:
Hal 36 dari 114
Hostname : poltekpos
Domain name : net
Pilih Static IP
IP Address : 192.168.0.1
Netmask : 255.255.255.0
Gateway : 192.168.0.1
Nameserver : No
Pilih Accept
Tekan Enter
Restart komputer dengan perintah reboot.
2. Lakukan pengecekan apakah sendmail sudah terinstalasi pada Slackware 10.1
#whereis sendmail atau dapat juga menggunakan pkgtool milik slackware
3. Jika belum diinstalasi, maka dapat diinstall menggunakan paket yang disediakan oleh
slackware pada CD-ROM Disk-1, berupa file sendmail-8.13.3-i486-2.tgz dan sendmail-
cf-8.13.3-noarch-2.tgz
#installpkg sendmail-8.13.3-i486-2.tgz
#installpkg sendmail-cf-8.13.3-noarch-2.tgz
4.2.2. Perintah pada Server SendMail
/etc/rc.d/rc.sendmail start Menjalankan server sendmail
/etc/rc.d/rc.sendmail restart Merestart server sendmail
/etc/rc.d/rc.sendmail stop Menghentikan server sendmail
4.2.3 Instalasi dan Konfigurasi Server POP3
Hal 37 dari 114
Pada distribusi Linux Slackware 10.1 telah terdapat server pop3 pada saat instalasi yaitu
popa3d. Anda bisa mengeceknya dengan perintah whereis popa3d.
Jika belum diinstall, maka lakukan instalasi dengan perintah:
#installpkg popa3d-0.6.4.1-i486-1.tgz
Pada praktikum kali ini kita akan membuka server pop3 dan telnet dengan tujuan agar user
bisa cekmail dan melakukan telnet. Untuk lakukan langkah berikut ini:
#vi /etc/rc.d/inetd.conf
hapus tanda crash (#) pada awal baris berikut:
#telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
#pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popa3d
Agar superuser inetd membaca konfigurasi yang baru, maka berikan perintah:
#killall –HUP inetd
Sampai pada langkah ini, instalasi sendmail sebagai MTA, popa3d sebagai pop3 server, dan
in.telnetd sebagai server telnet telah selesai. Untuk melihat apakah servis ketiga program
tersebut telah jalan, maka berikan perintah:
#nmap localhost
Perhatikan bahwa sebagai tanda bahwa servis ketiga program tersebut jalan, maka perintah
nmap localhost akan menampilkan baris berikut:
PORT STATE SERVICE
23/tcp open telnet
25/tcp open smtp
Hal 38 dari 114
110/tcp open pop3
4.2.4 Pengujian
Pengujian terhadap ketiga servis tersebut dapat dilakukan dengan perintah telnet ke masing-
masing servis:
#telnet localhost 23
#telnet localhost 25
#telnet localhost 110
Untuk mengakhiri semua perintah telnet diatas, berikan perintah quit.
4.3. DMMail Client
Distribusi linux Slackware 10.1 disamping menyediakan program-program untuk keperluan
server juga menyediakan program-program untuk keperluan client. Pada praktikum kali ini
akan dibahas penggunaan program client pine yang berfungsi untuk mengirim dan
menerima email dari server lokal.
Langkah pertama adalah melakukan pengecekan keberadaan program pine dengan perintah
whereis pine.
Jika belum terdapat pine pada sistem operasi Slackware Anda, maka install dengan perintah:
#installpkg pine-4.62-i486-1.tgz
Untuk menjalankan program pine, ketikkan pine kemudian enter. Jika Anda berada bukan
pada server, maka Anda terlebih dahulu Anda harus telnet ke server menggunakan user dan
password Anda dan perlu diingat jangan menggunakan user root agar kita dapat praktikum
mengirim dan menerima email sesama user sistem Linux Slackware.
Hal 39 dari 114
Selanjutnya Anda dapat dengan mudah mengeksplorasi menu-menu yang ada pada program
pine untuk mengirim, menerima dan memanage email.
Berikut ini diberikan capture tampilan program pine:
PINE 4.62 MAIN MENU Folder: INBOX 9 Messages
? HELP - Get help using Pine
C COMPOSE MESSAGE - Compose and send a message
I MESSAGE INDEX - View messages in current folder
L FOLDER LIST - Select a folder to view
A ADDRESS BOOK - Update address book
S SETUP - Configure Pine Options
Q QUIT - Leave the Pine program
Copyright 1989-2005. PINE is a trademark of the University of Washington.
[Folder "INBOX" opened with 9 messages]
LAB 5 Routing5.1. Routing Statik
Hal 40 dari 114
Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network
(LAN) maupun internet harus sampai pada tujuan dengan benar. Untuk itu dibutuhkan suatu
mekanisme penyaluran data hingga sampai tujuan dengan benar.
Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah
server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar. Dalam
praktikum kali ini, kita akan membuat 3 buah pc-router menggunakan routing statik, seperti
terlihat pada gambar 1.
Gambar 1 Skema LAN untuk Praktikum Routing Statik
5.1.1 Langkah-2 pembuatan Routing Statik:
Pada router1:
ifconfig eth0 192.168.1.1 netmask 255.255.255.248
ifconfig eth1 192.168.1.9 netmask 255.255.255.248
route add default gw 192.168.1.1 eth0
route add –net 192.168.1.24 netmask 255.255.255.248 gw
192.168.1.2
Hal 41 dari 114
route add –net 192.168.1.16 netmask 255.255.255.248 gw
192.168.1.3
Pada router2:
ifconfig eth0 192.168.1.2 netmask 255.255.255.248
ifconfig eth1 192.168.1.25 netmask 255.255.255.248
route add default gw 192.168.1.2 eth0
route add –net 192.168.1.8 netmask 255.255.255.248 gw
192.168.1.1
route add –net 192.168.1.16 netmask 255.255.255.248 gw
192.168.1.3
Pada router3:
ifconfig eth0 192.168.1.3 netmask 255.255.255.248
ifconfig eth1 192.168.1.17 netmask 255.255.255.248
route add default gw 192.168.1.3 eth0
route add –net 192.168.1.8 netmask 255.255.255.248 gw
192.168.1.1
route add –net 192.168.1.24 netmask 255.255.255.248 gw
192.168.1.2
Sedangkan pada semua pc client gateway-nya diarahkan ke pc router masing-masing.
Selanjutnya lakukan ping baik dari router maupun client ke network
5.1.2. Routing Dinamis
Hal 42 dari 114
Sebuah paket data yang dikirimkan ke jaringan baik dalam lingkup local area network
(LAN) maupun internet harus sampai pada tujuan dengan benar. Untuk itu dibutuhkan suatu
mekanisme penyaluran data hingga sampai tujuan dengan benar.
Router baik yang dibuat oleh pabrik (hardware) seperti Cisco maupun pc-router (sebuah
server yang berfungsi sebagai router) dapat menyalurkan data ke tujuan yang benar. Dalam
praktikum kali ini, kita akan membuat 3 buah pc-router menggunakan routing dinamis
zebra, seperti terlihat pada gambar 1.
Gambar 2 Skema LAN untuk Praktikum Routing Dinamis
5.2. Langkah-2 pembuatan Routing Dinamis
5.2.1 Instalasi Zebra Routing
Copikan file source zebra ke direktori /usr/local/src, contoh:
#cp /mnt/usb/zebra-0.95.tar.gz /usr/local/src
#cd /usr/local/src
Ekstrak, kompile, dan install source zebra
Hal 43 dari 114
#tar xzvf zebra-0.95.tar.gz
#cd zebra-0.95
#./configure –disable-ipv6
#make
#make install
Edit file /etc/services menggunakan editor vi, pico, mc atau yang lainnya. Pastikan
terdapat baris berikut ini, kemudian simpan kembali file /etc/services.
#vi /etc/services
zebrasrv 2600/tcp # zebra service
zebra 2601/tcp # zebra vty
ripd 2602/tcp # RIPd vty
ripngd 2603/tcp # RIPngd vty
ospfd 2604/tcp # OSPFd vty
bgpd 2605/tcp # BGPd vty
ospf6d 2606/tcp # OSPF6d vty
Copikan file konfigurasi /usr/local/etc/zebra.conf.sample ke /usr/local/etc/zebra.conf
#cp /usr/local/etc/zebra.conf.sample
/usr/local/etc/zebra.conf
Edit file /usr/local/etc/zebra.conf menjadi sebagai berikut:
#vi /usr/local/etc/zebra.conf
!
hostname Router1
password zebra
enable password zebra
!
! Interface's description.
!
!interface lo
Hal 44 dari 114
! description test of desc.
!
!interface sit0
! multicast
!
! Static default route sample.
!
ip route 0.0.0.0/0 192.168.1.1
!
!log file zebra.log
Menjalankan dan mematikan zebra
#/usr/local/sbin/zebra –d
#killall zebra
5.1.2 Atur konfigurasi pada router2 dan route
5.3 De Militerized Zone ( DMZ)
Hal 45 dari 114
De Militerized Zone atau yang sering disingkat DMZ adalah suatu daerah jaringan yang
dilindungi oleh firewall namun dapat diakses dari internet. Sedangkan Network Address
Translation atau NAT adalah suatu mekanisme merubah alamat suatu paket data yang
dengan alamat yang lain. Misalnya, paket data yang dikirim dari jaringan internal ke internet
akan dirubah ip addressnya menjadi ip address milik gateway.
Berikut ini adalah gambar suatu jaringan yang terdiri dari gateway / firewall, DMZ dan
jaringan internal yang akan di NAT. Dalam mempraktekkan DMZ dan NAT kita
memerlukan program bantu yaitu iptables dan kernel 2.4.x yang telah mendukung iptables.
Gambar 3 Contoh jaringan untuk praktikum DMZ & NAT
Langkah-2 praktikum DMZ & NAT:
Buatlah sebuah server gateway dengan 3 (tiga) buah interface yaitu: eth0, eth1 dan eth2:
Tentukan ip address pada masing-masing interface.
#ifconfig eth0 202.159.65.1 netmask 255.255.255.248
#ifconfig eth1 202.159.65.2 netmask 255.255.255.248
#ifconfig eth2 192.168.0.1 netmask 255.255.255.0
#route add default gw 202.159.65.1 eth0
Hapus semua rule yang ada sebelumnya.
#iptables –F
Hal 46 dari 114
#iptables –t nat –F
#iptables –t filter –F
#iptables –F INPUT
#iptables –F OUTPUT
#iptables –F FORWARD
Agar komputer yang berada pada daerah internal dapat mengakses internet maupun
server yang ada pada DMZ, maka berikan perintah:
#iptables –A FORWARD –s 192.168.0.0/24 –d 0/0 –j ACCEPT
#iptables –t nat –A POSTROUTING –s 192.168.0.0/24 –d 0/0 –
j SNAT –to-source 202.159.65.1
Agar server yang berada di DMZ dapat diakses dari internet maupun dari internal, maka
berikan perintah:
#iptables –A FORWARD –s 0/0 –d 202.159.65.3 –j ACCEPT
#iptabels –A FORWARD –s 202.159.65.3 –d 0/0 –j ACCEPT
Hal 47 dari 114
Lab 6 Router
Hal 48 dari 114
Lab 6.1 Login
Pada Router A
Langkah – langkah
1. tekan enter
2. tekan tanda ‘?’
3. ketik enable (atau en)
4. ketik quit [kemudian enter]
5. ketik ‘config’ [kemudian enter]
6. router1(config)#
7. tekan tanda ‘?’
8. tekan space bar
9. ketik interface e0 (int e0) [kemudian enter], untuk konfigurasi ethernet 0
10. router1(config-if)#
11. tekan tanda ‘?’
12. tekan q [kemudian enter]
13. Ketik interface to0 (atau int to0) [kemudian enter], untuk konfigurasi Token ring ethernet 0
14. tekan ‘?’
15. Ketik inetrface s0 (atau int s0, atau interface serial 0), untuk konfigurasi interface serial 0 kemudian
tekan enter
16. ketik encapsulation ?
17. ketik exit kemudian enter
18. tekan Ctrl-Z dan kembali ke menu priviledge
19. ketik disable kemudian enter
20. ketik exit kemudian enter
Hal 49 dari 114
Lab. 6.2 Help and Editing
1. Login into Router A and go to privilegde mode by typing enable (or en) pressing enter
2. type ? (question mark)
3. Type cl? Notice that you can see the commnads that start with “cl”
4. Type clock?
5. Notice the diffrence between steps three and four. Three has you type letters with no space and a question
mark, which will give you all teh commands that start with “cl”. Four has you type a command sapce and a
question mark. By typing a comand, then a space and question mark, you will see the next available
commands.
6. set the router clock by typing clock ? and following the help screens, set the router’s time and date.
First, type clock ?
7. type clock set ?
8. type clock set 10:33:34 ?
9. type clock set 10:33:34 22 march ?
10.type clock set 10:33:34 22 march 2000 ?
11.press enter
12. Type show clock and press enter to see the time and date
Please note : Once you set the clock, the progrm will only display what you enterd and not keep accurate
time.
13. From privileged mode (#), type shows access-list 10. Don’t press enter.
14. Type control +A. This takes you to the beginning of the line
15. Type control + E. This should take you back to the end of the line
16. Type control + A, the type control+F. This should move you forward one character.
17. Type control+B. This will move you back one character.
18. Press enter, then type control+P. This will repeat the last command.
19. Press the up arrow on your keyborad. This will also repeat the last command.
20. Type show history and press enter. This shows you the last 10 commands entered.
21. Type terminal history size ?. This assits you in changing the history entry size.
22. Type show terminal and press enter to gather terminal statistics and history size.
Hal 50 dari 114
23. Type terminal no editing. Thsi turns off advanced editing. Repeat steps 14-18 to see that the shortcut
editing keys have no effect until you type terminal editing.
24. Type terminal editing and press enter to re-enable adcvanced editing.
25. Type show run, then press your tab key. The program will finish typing the command for you. Press enter
to carry out the command.
26.Tyep show start, then press your tab key. The program will finish typing the command for you. Press enter
to carry out the commnad.
Lab 6.3
1. log in to Router A and go into privileged mode by typing enable ( or en), then press enter.
2. to see the confoguration stored in NVRAM you type show start and press tab and press enter.(or type
show starup-config and press enter.However, you will get an error message if no configuration has been
saved
3. to save configuration to NVRAM, which is know as starup-config, you can type:
copy run start and press enter, or
copy running and press tab, type start, press the eab key, and press enter, or
copy running-config startup-config and press enter.
4. type show start then press the tab key, then press enter.
5. type show run then press the tab key, then press enter.
6. type erase start then press tab key, then press enter.
7. type show start, then press tab key, then press enter. Yoy should get an error message.
% % Non-volatile configuration memory has not been setup or has bad check sum
8. type reload, then press enter. Acknowledge the reload by pressing enter. Wait for the router to reload.
Lab 6.4 Setting your paswords
1. log in to the router B and go into privileged mode by typing enable (or en)
2. type config t and press enter
3. type enable
4. set your enable secret pasword by typing enable secret pasword ( the pasword should your own
personalized password) and press enter. Do not add the command pasword after the command secret.
This would make your password the word ”password”. A coorect example would be enable secret todd.
Hal 51 dari 114
5. now let’s see what happens when you log all the way out and log in. Log all the way by typing control+Z,
type exit, and press enter. Go to privileged mode. Before you are allowed to go to the privileged mode, you
will be asked for a password. If you succesfully enter the correct secret password, you can then proceed
6. let’s remove the secret password. Go to privileged mode and type config t and press enter. Type no
enable secret and press enter. Log out and then log in again and you should not be asked for a password
when you go to privileged mode
7. type config t to be at the right level to set your console and auxiliary password, then type line?
8. notice that the output for the line commands is auxilliary,vty and console we will set all three
9. to set the telnet or vty password, type line vty 0 4 and then press enter. The “0 4” is the five of available
virtual lines used to connect with telnet.
10.the next command is used to set the authentication on or off. Type log in and press enter to prompt for a
user mode password when telneting into the router. You will not ba able to telnet into a router password is
not set.
Note: you can use the no log in command to disable the user mode pasword prompt. Type no log in so
that you are not prompted for a user mode pasword
11.There is still one more command to set for your vty password, and that is the pasword command. Type
password password to set the password. The second word, password is your password is your password,
not he word password.
12. Here is an example of how to set the VTY password on RouterC:
Please note:
You will not to go the network visualizer to change to RouterC. You do have to close your lab before you
do that. Your lab will automatically close when you go to network visualizer but will re-open when you
click on RouterC. The lab will also re-open at this step. This is how all the labs work.
Goto router C
Router#config t
Router(config)#line vty 0 4
Router(config)#login
Router(config)#password todd
If you into Router C from Router A, you will bea asked for a password, which will be toadd
13. go back to Router A. Make sure that you are in configuration mode [(config)]. Set your auxiliary password
by first typing line auxialiary 0 (or linw aux 0).
14. type login
15. type password password.
16. set your console password by first typing line console 0 (or line con 0)
17. type login
Hal 52 dari 114
18. type password
here is an example of the last two commands.
Router#config t
Router(config)#line con 0
Router(config)#login
Router(config)#password todd
Router(config)#line aux 0
Router(config)#login
Router(config)#password bill
To remove a password, repeat the previous steps excepts type in no login instead of login.
19. You can add the command exec-timeout 0 0 to the console 0 line. This stop the console from timing out
and logging out. The command will now look like this:
Router#config t
Router(config)#line con 0
Router(config)#login
Router(config)#password todd
Router(config)#lexec-timeout 0 0
Lab.6.5 Setting your hostname, adding a banner, IP address, Identification, bandwidth and
clock rate.
1. Log in to Router A and go into privileged mode by typing enable (or en)
2. set your hostname on your router by using the hostname command. Notice that it is one word.
Here is an example of setting your hostname:
Router#config t
Router(config)#hostname Router A
RouterA(config)#
Notice that the hostname of the router is changed as soon you press enter
3. Set the banner that will be seen by the network administrators by using the banner command.
4. type config t and press enter, the type banner ?
Hal 53 dari 114
5. notice that you can set four different banners. In this lab we are only intersted in the login and
message of the day banners (MOTD)
6. set your MTOD banner, which will be displayed when a console, auxialiary or telnet connection
is made to the router by typing:
banner mtod#
this is a mtod banner
#
7. We used a # sign as delimiting cahracter. This tells the router when the message is done. You
cannot use the delimiting character in the message. With real router you can use any delimiting
character that you want, however, when working with this simulator only “#” will be recognized.
You can remove the MOTD banner type typing:
config t
no banner mtod an pressing enter
8. Set the login banner by typing:
config t
banner login #
this is a login banner
#
9. The banner will display immediately after the MOTD, but before the user mode password
prompt. Remember that you set your user mode passwords by setting the console, auxiliary and
vty line passwords.
You can remove the login banner by typing:
config t
no banner login and press enter
10. you can add IP address to an interface with IP address command. You need to get into interface
configuration first. Here is how you do that:
config t
int e0 (you can use int Ethernet 0 too)
ip address 1.1.1.1 255.255.0.0
no shutdown or no shut
Hal 54 dari 114
notice the IP Address(1.1.1.1) and subnet mask (255.255.0.0) is configured on one line. The no
shutdown command is used to enable the interface. All interface are shutdown by default. You
can also use no shutdown command as a short cut.
11. To set an IP address for a Token Ring interface, use the int to0 (or interface token ring 0)
command. However, you also need to set the ring-speed a Toke Ring interface.
Here is an example:
config t
int to0 (you can use int token rin 0 too)
ip address 2.2.2.2 255.255.0.0
ring-speed 16
no shutdown (or no shut)
12. You can add an identification to interface by using the description command. This isi useful for
adding information about the connection. Administratotors only see this, not users. Here is an
example:
Config t
Int s0
Ip address 1.1.1.2 255.255.0.0
No shutdown
Description WAN link to Miami
13. you can ping the three interface on router A 1.1.1.1, 1.1.1.2, and 2.2.2.2 but will no be able
ping outside of router until IP addresses are set on devices and communication protocol set.
Go to the privileged mode
ping 1.1.1.1
ping 1.1.1.2
ping 2.2.2.2
14. Shut down router A e0 and then ping 1.1.1.1 again. It should not susceed.
config t
int e0
shut
Ctrl+Z
ping 1.1.1.1
Hal 55 dari 114
15. You can add the bandwidth of a serial link as well as the clock rate when simulating a DCE
WAN link. Here is an example for RouterB:
config t
int s0
bandwidth 64
clock rate 6400
notice the bandwidth is in kilobits, while the clock is in bits. Also, remember that the clock rate
command is two words. The clock rate command is used when you are simulating a DCE
interface. The bandwidth command is used when you are assigning a routing algorithm like
EIGRP an OSPF, which uses bandwidth to consider the best cost or path to remote network. All
cisco router serial interfaces default to a T1 speed of 1.544 MBPS. If you are using RIP, then
setting the bandwidth would make absolutely no difference.
Lab 6.7. configuration the lab
The labs for chapter 5 has six router A, B, C, 2621, 804A, 804B, and two catalyst switches, 1900A
and 1900B. (see the network visualizer)
- Router A is Cisco 2513 router with one 10 BaseT interface (e0) connected to teh 2621 router,
one serial interface (s0) connected to RouterB and one Token Ring LAN to) interace.
- RouterB is a 2500 serius routers with one 10BaseT interface (e0) connected to teh 1900B
Switch, serial 0 connected to RouterA and serial 1 connected to RouterC.
- RouterC is a 2500 series routers with one serial interface(s0) connected to RouterB, one
10BaseT interface(e0), one Tolen Ring (to0)
- The 2561 has two FastEtehrnet inetrfaces with f0/0 connected to RouterA and f0/1 connected to
the 1900A switch.
- 1900A switch has a connected to HostA and HostB1 as well as the 2621 f0/1 interface. It also
has a FastEthernet connection to switch 1900B.
- 1900B switch has a connection to Host A1 as well as HostB. It is also is connected to 1900A
through a FastEthernet link as well as to RouterB with a 10BaseT connection.
- 804A router wih an ethernet interface.
- 804B router with an ethernet interface.
-
1. Set the hostname of all six router and two 1900 switches with the hostname command.
Hal 56 dari 114
Add the IP address of all routers for RouterA
Type in the following to configure for RouterA
Router#config t
RouterA(config)#hostname RouterA
RouterA(config)#int e0
RouterA(config-if)#ip address 172.16.11.1 255.255.255.0
RouterA(config-if)#no shut
RouterA(config-if)#int s0
RouterA(config-if)#ip address 172.16.20.1 255.255.255.0
RouterA(config-if)#no shut
RouterA(config-if)#int to0
RouterA(config-if)#ip address 172.16.15.1 255.255.255.0
RouterA(config-if)#ring speed 16
RouterA(config-if)#no shut
Type the following to configure RouterB (RouterB has DCE connections on both serial
interfaces)
Router#config t
Router(config)#hostname RouterB
RouterB(config)#int e0
RouterB(config-if)#ip address 172.16.10.7 255.255.255.0
RouterB(config-if)#no shut
RouterB(config-if)#int s0
RouterB(config-if)#ip address 172.16.20.2 255.255.255.0
RouterB(config-if)#clock rate 56000
RouterB(config-if)#no shut
RouterB(config-if)#int s1
RouterB(config-if)#ip address 172.16.40.1 255.255.255.0
RouterB(config-if)#clock rate 56000
RouterB(config-if)#no shut
Type in the following to configure RouterC
Router#config t
Router(config)#hostname RouterC
RouterC(config)#int e0
RouterC(config-if)#ip address 172.16.50.1 255.255.255.0
RouterC(config-if)#no shut
RouterC(config-if)#int s0
RouterC(config-if)#ip address 172.16.40.2 255.255.255.0
RouterC(config-if)#no shut
Hal 57 dari 114
RouterC(config-if)#int to0
RouterC(config-if)#ip address 172.16.55.1 255.255.255.0
RouterC(config-if)#ring speed 16
RouterC(config)#no shut
Type the following to configure the 2621 router
Router#config t
Router(config)#hostname 2621
2621(config)#int f0/0
2621(config-if)#ip address 172.16.11.2 255.255.255.0
2621(config-if)#no shut
2621(config-if)#int f0/1
2621(config-if)#ip address 172.16.10.1 255.255.255.0
2621(config-if)#no shut
Type in the following to configure Router804A
Router#config t
Router(config)#hostname 804A
Router804A(config)#int e0
Router804A(config-if)#ip address 172.16.10.7 255.255.255.0
Router804A(config-if)#no shut
Type in the following to configure Router804B
Router#config t
Router(config)#hostname 804B
Router804B(config)#int e0
Router804B(config-if)#ip address 172.16.50.3 255.255.255.0
Router804B(config-if)#no shut
Type the following to configure the 1900A switch
k
en
#config t
(config)#hostname 1900A
1900A(config)#ip address 172.16.10.3 255.255.255.0
1900A(config)#ip default-gateway 172.16.10.1
Hal 58 dari 114
Type the following to configure the 1900B switch
k
en
#config t
(config)#hostname 1900B
1900B(config)#ip address 172.16.10.4 255.255.255.0
1900B(config)#ip default-gateway 172.16.10.1
Remember to save the configurations for each router. Press the control key and the letter Z, and
type copy run start and press enter. Otherwise, if you exit the program without doing this, you will
lose ip address information. Essensially, the information will not be saved to NVRAM the 1900
switches save the information automatically.
2. Type show ip route on each router to see the routeing tables. Each router will only show its
directly connected networks. You should see the following information for each router(switches
don’t have routing tables).
Router A
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.0.0 is directly conneted, serial0
C 172.16.20.0 is directly connected, TokenRing0
C 172.16.11.0 is directly conneted, Ethernet0.
Router B
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.40.0 is directly conneted, serial0
C 172.16.10.0 is directly connected, Ethernet0
C 172.16.20.0 is directly conneted, Serial0.
Router C
172.16.0.0/24 is subnetted, 3 subnets
C 172.16.40.0 is directly conneted, serial0
C 172.16.55.0 is directly connected, TokenRing0
C 172.16.50.0 is directly conneted, Ethernet0.
Hal 59 dari 114
Router2621
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.10.0 is directly connected, fastEthernet0/1
C 172.16.11.0 is directly connected, FastEthernet0/0
Router804A
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.10.0 is directly conneted, Ethernet0
Note: the following will show up after yu do lab
C 172.16.60.0 is directly connetd, BRI0
3. Verify your setup by pinging some of the interfaces, such as:
Ping 172.16.55.1 from RouterA
Ping 172.16.10.1 from RouterC
Ping 172.16.20.2 from RouterC.
Lab.6.8 Creating Static Routes
Create a Static route in four routers, so the routers see all networks. Verify with the ping command
when complete.
On RouterA create a static route to see networks 172.16.10.0/24, 172.16.40.0/24, 172.16.50.0/24,
and 172.16.55.0/24. Here is how you do it, type:
RouterA#config t
RouterA(config)#ip route 172.16.10.0 255.255.255.0 172.16.11.2
RouterA(config)#ip route 172.16.40.0 255.255.255.0 172.16.20.2
RouterA(config)#ip route 172.16.50.0 255.255.255.0 172.16.20.2
RouterA(config)#ip route 172.16.55.0 255.255.255.0 172.16.20.2
This told RouterA to get to networks 172.16.10.0/24, use 172.16.11.2. This also told RouterA to get
to network.
172.16.40.0/24, use ip 172.16.20.2, wich is the closet neighbor interface conneted to network
172.16.40.0/24, or RouterB. This is the same interface we will use to get to network 172.16.50.0/24
and 172.16.55.0/24
Hal 60 dari 114
Save the current configuration fo RouterA by going to the enable mode and typing copy run start
and pressing enter.
On RouterB create a static route to see network 172.16.11.0/24, 172.16.15.0/24, 172.16.50.0/24 and
networks 172.16.55.0/24, which are not directly connected.
RouterB#config t
RouterB(config)#ip route 172.16.11.0 255.255.255.0 172.16.20.1
RouterB(config)#ip route 172.16.15.0 255.255.255.0 172.16.20.1
RouterB(config)#ip route 172.16.50.0 255.255.255.0 172.16.40.2
RouterB(config)#ip route 172.16.55.0 255.255.255.0 172.16.40.2
This told RouterB that to get to network 172.16.11.0/24, and 172.16.15.0/24, use 172.16.20.1. The
next two commands told RouterB how to get to network 172.16.50.0/24 and 172.15.55.0/24, which
is trough 172.16.40.2. That is the closest router interface to network 172.16.50.0/24 and
172.16.55.0/24
Save the current configuration for RouterB by going to the enbled mode and typing copy run start
and pressing enter.
On RouterC, it is connected to network 172.16.50.0/24, 172.16.40.0/24, and 172.16.55.0/24. it does
not know about networks 172.16.20.0/24 and networks 172.16.15.0/24, 172.16.11.0/24 and
172.16.10.0/24. Create static routes so RouterC can see all networks.
RouterC#config t
RouterC(config)#ip route 172.16.20.0 255.255.255.0 172.16.40.1
RouterC(config)#ip route 172.16.15.0 255.255.255.0 172.16.40.1
RouterC(config)#ip route 172.16.11.0 255.255.255.0 172.16.40.1
RouterC(config)#ip route 172.16.10.0 255.255.255.0 172.16.40.1
Save the current configuration for RouterB by going to the enbled mode and typing copy run start
and pressing enter.
Hal 61 dari 114
On the 2621 router, it is conneted to network 172.16.10.0/24 and 172.16.11.0/24. it does not kown
about networks 172.16.15.0/24, 172.16.20.0/24, 172.16.50.0/24 and 172.16.55.0/24. Create static
routes so the 2621 can see all networks.
2621#config t
2621(config)#ip route 172.16.15.0 255.255.255.0 172.16.11.1
2621(config)#ip route 172.16.20.0 255.255.255.0 172.16.11.1
2621(config)#ip route 172.16.40.0 255.255.255.0 172.16.11.1
2621(config)#ip route 172.16.50.0 255.255.255.0 172.16.11.1
2621(config)#ip route 172.16.55.0 255.255.255.0 172.16.11.1
Save the current configuration for RouterB by going to the enbled mode and typing copy run start
and pressing enter.
Now, ping from each router to each host and from host to each router. If it is set up coreectly it will
works.
Lab.6.9 Default Routes
In this lab, you will create default routes to build routing tables in your routes.
In this lab you will remove the static routes from Routers 2621 and RouterC an use default instead
We will leave Routers A and B with the static routes created from configuring the lab
1. Type show ip route on each router to see the routing tables. You should see all networks in all
routes routing tables.
2. Remove the static routes from the 2621 router and RoutesC
2621#config t
2621(config)#no ip route 172.16.15.0 255.255.255.0 172.16.11.1
2621(config)#no ip route 172.16.20.0 255.255.255.0 172.16.11.1
2621(config)#no ip route 172.16.40.0 255.255.255.0 172.16.11.1
2621(config)#no ip route 172.16.50.0 255.255.255.0 172.16.11.1
2621(config)#no ip route 172.16.55.0 255.255.255.0 172.16.11.1
RouterC#config t
RouterC(config)#no ip route 172.16.20.0 255.255.255.0 172.16.40.1
RouterC(config)#no ip route 172.16.15.0 255.255.255.0 172.16.40.1
RouterC(config)#no ip route 172.16.11.0 255.255.255.0 172.16.40.1
Hal 62 dari 114
RouterC(config)#no ip route 172.16.10.0 255.255.255.0 172.16.40.1
3.Type show ip route on the 2621 router and RouterC to verify only the directly connected are
present
4. On the 2621 router and RouterC, create a default route to see the remote networks. Here is how
you do it.
2621#config t
2621#(config)#ip route 0.0.0.0 0.0.0.0 172.16.11.1
2621#(config)#ip classless
RouterC#config t
RouterC(config)#ip route 0.0.0.0 0.0.0.0 172.16.40.1
RouterC(config)#ip classless
This told the 2621 router to get to any network, use ip address 172.16.11.1, which is the closet
neighbor interface connected. The ip classless command is set when using default routing. This tells
the router not to drop packets to uknown an network, but to instead forward them to the default
route. This tells the router not to drop packets to uknown network to RouterB(172.16.40.1)
5. Test the configuration by looking at the routing table of all four routers.
RouteA#show ip route
RouterB#show ip route
RouterC#show ip route
2621#show ip route
6. Test your routers by pinging to all remote networks and host
6.10 Dynamic Routing with RIP
In this Lab, we will use the dynamic routing protocol RIP instead of static and default routing.
1. Log into RouterA and the dynamic routing protocol RIP instead of static and default routing.
2. Make sure you have no static routes or default routes configured on your routers by using the no
ip route route command
For example:
RouterA#config t
RouterA(config)#no ip route 172.16.10.0 255.255.255.0 172.16.11.2
Hal 63 dari 114
RouterA(config)#no ip route 172.16.40.0 255.255.255.0 172.16.20.2
RouterA(config)#no ip route 172.16.50.0 255.255.255.0 172.16.20.2
RouterA(config)#no ip route 172.16.55.0 255.255.255.0 172.16.20.2
Do the same for RouterB
RouterA#config t
RouterA(config)#no ip route 172.16.10.0 255.255.255.0 172.16.11.2
RouterA(config)#no ip route 172.16.40.0 255.255.255.0 172.16.20.2
RouterA(config)#no ip route 172.16.50.0 255.255.255.0 172.16.20.2
RouterA(config)#no ip route 172.16.55.0 255.255.255.0 172.16.20.2
Since we have already removed the static for routers for RouterC, type
RouterC(config)#no ip route 0.0.0.0 0.0.0.0 172.16.40.1
Since we have already removed the static for routers for Router2621, type
2621(config)#no ip route 0.0.0.0 0.0.0.0 172.16.11.1
3. In the enable mode, type show run and press enter on each router in order to verify that all static
and default routes are cleared.
4. After static and deafult routers are clear, go into configuratin mode on RouterC by typing
config t
5. Tell your number to use RIP Routing by typing router rip and pressing enter.
router rip
6. Add the network number you want to adversite by typing network 172.16.0.0 and pressing enter
7. Press the Ctrl-Z simultanously to get out of configuration mode
8. Go to routers B,C and the 2621 router and type the same commands.
Config t
Router rip
Network 172.16.0.0
9. Verify that rip is running at each router by typing the following commands at each router by
typing
Show ip protocol
Show ip route
Show running-config (or show run)
10. save your configurtions by typing copy run start (or copy running-config startup-config)
11. Verify the network by pinging all remote networks an hots.
Hal 64 dari 114
Lab 6.11 Dynamic Routing with IGRP
In this lab, you will run the IGRP routing protocol simultaneously with RIP routing
1. Log in ro RouterA and go to into privileged mode by typing enabel (or en)
2. Keep RIP running on RouterA and verify that it is running on each router. If you want remove
RIP, you can use the no router rip global configuration commnad to remove it from RouterA
and other routers
For example :
Config t
no router rip
3. stay in configuration mode on RouterA
4. At the configuration prompt, type router igrp?
5. Notice it is asking for an autonomous system number. This is used to only allow routers with the
same AS nunmber to continu. Type 10 and press enter. Your routers can be configured to be
part of as many different. AS’s if necessary.
6. At the config-router prompt, type network 172.16.0.0. notice we do not add the subnet numbers
to advertise, but the classful network boundary.
7. Press the Ctrl-Z simultaneously to get out of configuration mode
8. got to router B, C and the 2621 and type the same command as shown:
config t
router igrp 10
network 172.16.0.0
9. Verify that IGRP is running by going to the enabled mode and typing the following commands
on each router.
a. show ip protocol. Notice this will show you your RIP and IGRP routing protocols. Also,
notice it will show the update timers.
b. Show ip route. You should see all seven subnet. 10, 11, 15, 20, 40, 50 and 55. Some will be
directly connected, some will be (I) routers, which are IGRP inject routers. RIP is still
running, but if you look at the routing table, notice the network entry has a network number
then (100/23456). The first number (100) is the trustworthiness rating. Since RIPs default
trustworthiness rating. Since RIPs default trustworthiness ratinf is 120, the IGRP route is
Hal 65 dari 114
used before a RIP route will be used. The second number is the metric, or wight of the route
that is used to determine the best path to a network.
c. Show running-config (or show run) to see that RIP RIP and IGRP are configured.
10. Type copy running-config startup-config (or copy run start) and press enter at each router to
save your configuration.
11. verify tne network by pinnging all routers, switches and hosts.
Lab 6.12 Configuring VLANs and ISL
In this lab, you will configure the 1900A ann 1900B switch with VLANs and set up trunk links
between them. The switches and 2621 router will provide the routing to network 172.16.10.0 and
172.16.30.0 via ISL for hosts A,A1, B and B1
A Virtual Local Area Network (VLAN) is a logical grouping of network users and resources
connected to administatively defined ports on as switch. By creating VLANs, you are able to create
smaller broadcast domains subnet or broadcast domain. This means that frames boadcast onto a
network are only switched between ports in the same VLAN.
1. Create a VTP domain named routersim on the 1900A switch:
Config t
Vtp domain routersim
2. Press Ctrl + Z to go to enabled mode and type show vtp to verify the VTP configuration.
3. Configure port 26 and 27 on the 1900A to trunk:
config t
int f0/26
trunk on
int f0/27
trunk on
4. Go to the enabled mode and type the command show trunk A and show trunk B to very the
configuration interface 26 is port A and port B. Port 26 is used to connect to the 1900B switch
and port 27 is used for the 2621 router connection.
5. Add a VLAN to the 1900A switch
config t
Hal 66 dari 114
vlan 2 name sales
you can remove a vlan with the command no vlan x. For example, type no vlan 2.
6. Verify the VLAN by pressing Ctrl + Z and typing show vlan to see all configuration VLAN or
show vlan 2 to see only vlan 2 information.
7. Go to the 1900B switch and type sho vtp. Notice that is by default a VTP server.
8. From 1900B type show vlan notice only VLAN 1 is present.
9. On 1900B configuration int f0/26 to trunk. This is the 100Mbps connection to the 1900A
switch:
cnfig t
it f0/26
tunk on
10. Make the 1900B switch switch a VTP client in the vtp domain routersim. Go back to
configuration mode:
eit
vtp domain routersim
vp client
11. Verify VTP information and that it found the domain by pressing Ctrl-Z and typing show vtp.
12. Now, type show vlan and notice that VLAN 2 is present on the switch. Since the 1900A switch
is a VTP server, the information was passesd to the 1900B switch.
13. By default, all ports are members of VLAN 1. There are four host on your physical network,
two in network 172.16.10.0 and twi in network 172.16.30.0. the host configuration are as
follows:
HostA: 172.16.10.2/24; plugged 1900A, port 1
HostA: 172.16.10.5/24; plugged 1900B, port 5
HostA: 172.16.30.2/24; plugged 1900B, port 5
HostA: 172.16.30.5/24; plugged 1900A, port 2
You can confugure each port to ne in a VLAN by using the vlan-membership command. You
can only configure VLANs port by port. There is no command to assign more then one port to a
VLAN at time with the 1900 switch.
Configure hosts A and A1 into VLAN 1, and host B and B1 into VLAN2
From the 1900A switch:
Hal 67 dari 114
1900A#config t
1900A(config)#int e0/1
1900A(config)#vlan-membership static 1
1900A(config)#int e0/5
1900A(config)#vlan-membership static 2
14. Verify the VLAN chnage by going to the enable and typing show vlan-membership
15. Type show spantree to see Spanning Tree Protocol configuration on each switch.
As ypu look at the information after you enter the show spantree command, you can go back
to the command prompt by typing q.
16. you can ping from HostA to Host A1, but not to Host B and HostB1 since three is no
connection between the VLANs. Configure the 2621 route on FastEthernet 0/1 to perform ISL
routing. This is also known as “Router on a Stick”. This will allow HostA and HostA1 to ping
HostB and HostB1.
Inter-Switch Link (ISL): Propietary to Cisco switches, is used for FastEthernet ang Gigabit
Ethernet links only. Can be used on a switch port, router interfaces as well as server interface
card to trunk a server. This server trunking is good if you are creating functional VLANs and
don’t want to break to 8020 rule.The users do not have to cross a layer three device to access a
company shared server.
2621#config t
2621(config)#int f0/1
2621(config)#no shut
2621(config)#f0/1.1
2621(config)#encap isl 1
2621(config)#ip address 172.16.10.1 255.255.255.0
2621(config)#int f0/1/2
2621(config)#encap isl 2
2621(config)#ip address 172.16.30.1 255.255.255.0
17. Go to the Network Visualizer screen an verify that you can now ping between HostA and
HostB, and HostA1 and HostB1
Hal 68 dari 114
Lab 6.13 Backing up your Router IOS
1. Log in to RouterA ang go into privilege mode by typing enable (or en)
2. Make sure you can connect to the FTP host that is on network 30 by pinging 172.16.30.2
Type ping 172.16.30.2
RouterA#ping 172.16.30.2
Type escape squence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.30.2, timeout is 2 seconds:
!!!!
success rate is 100 percent (5/5), round-trip min/avg/max = 32/24/68 ms
3. Type show flash to see the contents of flash memory. Since three is only one file in flash, you
see the same files as the show version command displays.
4. Type show version at the router privilege mode prompt to get the name of the IOS currently
running on the router. Notice the file name is c2500-d-I_113-5.bin
RouterA#show version
ROM: System Bootstrap, Version 5.2(8a), RELASE SOFTWARE
BOOTFLAH: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a), RELASE SOFTWARE (fc1)
RouterA uptime is 20 minutes
System restart by power-on
System image files is “FLASH: c2500-d-I_113-5.bin”, booted via flash
Processor board ID 03240944, with hardware revision 00000000
Bridging software
X.25 Software, version 3.0.0
1 Ethernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory
8192K bytes of processor board System flash (read ONLY)
configuration register is 0x2102
5. Once you know you have good Ethernet connectivity to the TFTP host and you also know the
IOS file name, backup your IOS by typing copy flash tftp. This command tells the router to
copy the contents of flash (this is where the IOS is stored by default) to a TFTP host.
RouterA#copy flash tftp
System flash directory:
File Length Name/status
1 6078548 c2500-d-I_1135.bin
[6078612 bytes used, 2309996 available, 8388608 total]
Hal 69 dari 114
Address or name of remote host [255.255.255.2555]? type 172.16.30.2
Source file name ? type c2500-d-I_1135.bin
Destination file name [c2500-d-I_1135.bin]? press enter
Verifying file name for ‘c2500-d-I_1135.bin’ (file #1) ....OK
Copy ‘c2500-d-I_1135.bin’ from flash to server
as ‘c2500-d-I_1135.bin’? [yes/no[ type y
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
Upload to server done
Flash copy took 0:01:53 [hh:mm:ss]
That’s it! The file is now staoted in the TFTP host default director
Lab 6.14 Upgarding or restoring your router IOS
1. Log in to RouterA and goto into privileged mode by typing enable (or en)
2. Make sure you can connect to the TFTP host by typing 172.16.30.2
RouterA#ping 172.16.30.2
3. You want to restore your IOS or copy a new version into flash memory. The file name that you
want to use is c2500-js-l_120-8.bin. We are going to upgarde the IOS to version 12 x.
4. Once you know you have good Ethernet connectivity to TFTP host and the IOS file name that is
stored i n the TFTP host default directory, restore your IOS by tping copy tftp flash. This
command tells the router to copy the contents of tftp to flash.
RouterA#copy tftp flash
**** NOTICE *****
Flash load helper v1.0
Hal 70 dari 114
This process will accept the copy options and then terminate
the currnet system image to use the ROM based image for the copy
Routing fuctionally will not be available during that time
If you are logged in via telnet, this connection will terminate.
Users with console access can see the results of the copy operation.
_ _ _ _*****_ _ _ _
Proceed? [confirm] press enter
System flash directory:
File Length Name/status
1 6078548 c2500-d-I_1135.bin
[6078612 bytes used, 2309996 available, 8388608 total]
Address or name of remote host [255.255.255.2555]? type 172.16.30.2
Source file name ? type c2500-d-I_1135.bin
Destination file name [c2500-js-l_120-8.bin]? press enter
Accesing file c2500-js-l_120-8.bin’ on 172.16.30.2......
Loading c2500-js-l_120-8.bin.bin from 172.16.30.2 (via Ethrnet0): ! OK
Erase flash device before writing ? [confirm] press enter
Flah contains files. Are you want to erase ? [confirm] ress enter
Copy ‘c2500-js-l_120-8.bin from server
As c2500-js-l_120-8.bin into Flash WITH erase ? [confirm] type y and press enter
01:01:59: %SYS-5-RELOAD: Reload registrated
%FLH: c2500-js-l_120-8.bin from 172.16.30.2 to flash ....
System Flas directory:
File Length Name/status
1 6078548 c2500-d-I_1135.bin
[6078612 bytes used, 2309996 available, 8388608 total]
Accesing file c2500-js-l_120-8.bin’ on 172.16.30.2......
Lading c2500-js-l_120-8.bin.bin from 172.16.30.2 (via Ethrnet0): ! OK
Erasing device .... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee......erased
Loading Loading c2500-js-l_120-8.bin from 172.16.30.2 (via Ethernet0): !!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Hal 71 dari 114
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 6078548/8388608 bytes]
Verifying checksum ...OK (0x48B9)
Flash copy took 0:03:35 [hh:mm:ss]
% FLH: Re-booting system after download
Lab 6.15 Back Up the router configuration
1. From RouterB, ping the TFTP host to make sure you have IP connectivity:
RouterB#ping 172.16.30.2
2. From RouterB, type copy run tftp:
RouterB#copy run tftp
Remote host [ ]?
3. Type the ip address of the tftp host (172.16.30.2)
Remote host [ ] ? 172.16.30.2
Name of configuration file to write [RoutingB-config)? Press enter to accept the default name
Write file RouterB-config on host 172.16.30.2? [confirm] press enter
5. Notice the “!!”. These are UDP acknowledgements that the was transferred succsessfully.
Lab 6. 16 Telnet
After your routersand switches are configured ( see Apendix B to IP sddress for the switches), you
can use the telnet program to configure and check your routers and switches instead of having to
Hal 72 dari 114
use a console cable. You can use the Telnet program by typing telnet from any commnad prompt
(DOS or Cisco). Remember that the VTY password must be set on the routers for this to work. You
cannot telnet from a 1900 switch CLI, however, you can telnet into a 1900 switch.
Please Note : This simulation program will only support telnetting from one router to another. For
example from RouterA to RouterB, or RouterA to RouterC, and soon. If you telnet
into more than one router at a time ( ie, RouterA to RouterB, and then into RouterC),
you will get unexpected results.
1. Log in to RouterA and go into privileged menu by typing enable (oe en)
2. From RouterA, telnet into RouterC by typing 172.16.40.2 from the RouterA command prompt
Notice that you get an error no password set (unless your vty password is already set)
3. Type ini 172.16.40.2 from RouterA command prompt. Notice that the router automtically tries
to telnet to the IP address ypu spesified. You can use the command telnet or just type in the IP
address.
4. First, set your VTY passwords on routers A and C. If you already did this, the skip this part.
However don’t skip step number 5.
RouterA(config)#line vty 0 4
RouterA(config-line)#login
RouterA(config-line)#password tom
RouterA(config)#line vty 0 4
RouterA(config-line)#login
RouterA(config-line)#password tom
5. Set RouterB to have no VTY password:
RouterB(config)#line vty 0 4
RouterB(config-line)#no login
This will allow a telnet session without being prompted for a user mode password.
6. After ypur passwords are set, telnet into RouterC again. Once you are in, you can type exit to get
back to your RouterA prompt. However, you may want to return to RouterA without
disconnecting from Router C. You can do this wiyh the Ctrl+Shift+6, let go then press letter X
7. Press Ctrl + Shift + 6 then X to return to RouterA. Now telnet into RouterB by typing
172.16.20.2. Use the Ctrl + Shift + 6 then X command to return to RouterA
Hal 73 dari 114
8. From RouterA, Type show sessions. Notice your two sessions to RouterB ang RouterC. You can
press the nummber next to the session on the far left of the screen and press enter to return to
that session.
9. Go to netwoek Visualizer an click on RouterC. Type show user. This will show you the console
connection and the remote connection.
10. Go back to RouterA. You can use teh disconnect command to clear the sessions or just type exit
from prompt to close your session with RouterC and RouterB.
Lab 6.17 IP name Resolution
I n our last lab, we had you type in the ip address of a Router to be able to telnet. The same would
go for any IP utility, like ping. However, you can either use DNS server or build a host table on
each router to resolve host names to IP addresses. This would allow you type RouterA, instead of
172.16.20.1
1. Log in to RouterA and go into privileged mode by typing enable (or en)
2. From RouterA, type the word todd and press enter at the command prompt. Notice the error you
recive and the delay. The router is trying to resolve the host name to an IP address by looking
for a DNS server. You can turn this feature off by typing no ip domain-lookup from global
configuration mode.
3. You can build a host table, which allows you to resolve host names to IP address on each router.
You do this with the ip host command. From RouterA, add a host table entry for RouterB and
RouterC
RouterA(confog)#ip host router2621 172.16.11.2
RouterA(confog)#ip host RouterB 172.16.20.2
RouterA(confog)#ip host RouterC 172.16.40.2
Please Notice : Because of how this program was designed, IP host names must be at least 7
charavters in length, otherwise, you will receive an “% Invalid .....”response.
You can remove a host name by typing in yhe following ( as an example):
RouterA(config)#no ip host RouterB
4. Test your host table by typing ping RouterB from the command prompt (not config):
RouterA#ping RouterB
Type escape squence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.2, time out is 2 seconds:
Hal 74 dari 114
!!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms.
5. Test your table by pinging to RouterC:
RouterA#ping RouterC
Type escape squence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.40.2, time out is 2 seconds:
!!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms.
6. You can also use the host table for the telnet program. You can either type telnet RouterB, or
just type RouterB. The router will automatically try to telnet to the host if ypu do not use thr
word telnet. Again, this is a feature.
RouterA#RouterB
Trying RouterB (172.16.20.2).....Open
7. Keep your session open to RouterB, and then return to RouterA by using the Ctrl + Shfy + 6
then the X command.
8. Telnet to Router C by typing RouterC at the command prompt
RouterA#RouterC
Trying RouterC (172.16.40.2).....Open
9. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X
command.
10. Telnet to the 2621 router.
RouterA#router2621
Trying 2621 (172.16.11.2 ) ...Open
11. Return to RouterA and keep the session open to RouterC by using the Ctrl + Shift + 6 then X
command.
12. View the host table by typing show host and pressing enter
Default domain is not set
Name/addrss lookup uses domain service
Name server are 255.255.255.255
Host Flags Age Type Address(es)
Router2621 (perm,OK) 0 IP 172.16.11.2
Hal 75 dari 114
Routerb (perm,OK) 0 IP 172.16.20.2
Routerc (perm,OK) 0 IP 172.16.40.2
Lab 6.16 Cisco discovery protocol (CDP)
1. Log into RouterC and go into privileged mode by typing enable (or en)
2. type show cdp and press enter
RouterC#show cdp
Global CDP information
Sending CDP packets every 60 seconds
Sending a holtime value of 180 seconds
Notice that CDP packets are being sent out to all active interfaces of RouterC every 60 seconds
by default
RouterC also has a hiltime of 180 seconds. This means that CDP information received from
neighbor routers will be kept for 180 seconds. If RouterC does not hear from th neighbor again
before the holdtime expires, the information will be deiscarded.
3. Change the CDP update frequency to 90 seconds by using the cdp timer command:
RouterC#config t
Enter configuration commands, one per line. End with CNTL/Z
RouterC(config)#cdp timer ?
<5-900> Rate at which CDP packets are sent (in sec)
RouterC(config)#cdp timer 90
4. verify your CDP timer frequency has changed:
Hal 76 dari 114
RouteC(config)#Ctrl + Z
RouteC#show cdp
Global CDP information:
Sending CDP packets every 90 seconds
Sending a holdtime value of 180 seconds
5. Now, use CDP to gather information about neighbor routers. You can get the list of available
commands by typing show cdp ?:
RouterC#show cdp?
Entry information for specific neighbor entry
Interface CDP interface status and configuration
Neighbors CDP neighbor entries
Traffic CDP statistics
<cr>
6. By typing show cdp int, we can see the interface information plus the encapsulation. This is the
default encapsulation used by the interface. It also shows us the timers 60 seconds for an update
and 180 seconds for hold the time:
RouterC#show cdp int
Ehternet0 is up, line protocol is up, encapsulation is ARPA
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial0 is up, line protocol is up, encapsulation is HDLC
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Serial1 is administratively down, line protocol is down
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
Hal 77 dari 114
7. use the show cdp entry command. It can give you the CDP information received from all
routers by typing an asterisk (*) or a specific router by typing the router name:
Go to RouterB.
RouterB#show cdp entry RouterA
------------------------
Device ID: RouterA
Entry address(es):
IP address: 172. 16. 20. 1
Interface: Serial0, Port ID (outgoing port): Serial0
Holdtime: 130 sec
The show cdp neighbors command will reveal the information being exchanged among
neighbors.
8. Use the show cdp neighbors command to gather Information about all connected neighbors. (It
is important that you memorize all the output from this command):
Go to RouterB.
RouterB#show cdp neighbors
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge, S – Switch, H –
Host, I – IGMP, r – Repeater
Device IDLocal interface Holdtime Capability Platform Port ID
RouterC Ser 1 158 R 2500 Ser 0
RouterA Ser 0 150 R 2500 Ser 0
9. Type showcdp neighbors deatail and notice it is the same command as show cdp entry*
Hal 78 dari 114
lab 6.17: Internet working packet eXchange (IPX)
1. Log in to RouterA and go into privileged mode by typing enable (or en).
2. Type show protocol ( or sh prot) to see your routed protocols configured. Notice this
shows the routed protocol (IP) as well as the configured addresses for each interface;
RouterA#show prot
Global values;
Internet Protocol routing is enabled
Ethernet0 is up, line protocol is up
Internet address is 172. 16. 11. 1/24
TokenRing0 is up, line protocol is up
Internet address is 172. 16. 15. 1/24
Serial0 is up, line protocol is up
Internet address is 172. 16. 20.1/24
Serial 1 is administratively down, line protocol is down
3. Enable the IPX Routed protocol on your router by using the IPX routing command;
RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)#ipx routing
RouterA(config)#^Z
RouterA#
%SYS-5-CONFIG_l: Configured from console by console
4. Now check your routed protocols again to see if IPX routing is enabled by typing show pro-
tocol (or sh prot):
Hal 79 dari 114
RouterA#show prot
Global values:
Internet Protocol routing is enabled
IPX routing is enabled
Ethernet0 is up, line protocol is up
Internet address is 172. 16. 11. 1/24
Serial0 is up, line protocol is up
Internet address is 172. 16.20. 1/24
Serial1 is administratively down, line protocol is down
TokenRing0 is up, line protocol is up
Internet address is 172. 16. 15. 1/24
RouterA#
Notice that IPX routing is enabled, but no interfaces have an IPX address, only IP addresses.
5. Next, enable IPX on the individual interfaces by using the interface command ipx network.
You can use any number, up to eight characters, hexademical (A through F and 0 through
9). Lets just use the same numbers as our subnet for easy identification:
RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterA(config)#int e0
RouterA(config-if)#ipx network 11
RouterA(config-if)#int to0
RouterA(config-if)#ipx network 15
RouterA(config-if)#int s0
RouterA(config-if)#ipx network 20
6. Now, let’s configure routers B, C and the 2621. Let’s just continue to use the subnet num-
bers for our IPX network numbers. Remember, the IPX network numbers configured be-
tween routers for each network must be the same:
Hal 80 dari 114
RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterB(config)#ipx routing
RouterB(config)#int s0
RouterB(config-if)# ipx network 20
RouterB(config-if)#int e0
RouterB(config-if)# ipx network 10
RouterB(config-if)#int s1
RouterB(config-if)#ipx network 40
RouterC#config t
Enter configuration commands, one per line. End with CNTL/Z.
RouterC(config)#int s0
RouterC(config-if)#ipx network 40
%Must give “ipx routing” command first
RouterC(config)# ipx routing
RouterC(config)#int s0
RouterC(config-if)# ipx network 40
RouterC(config-if)#int e0
RouterC(config-if)#ipx network 50
RouterC(config-if)#int to0
RouterC(config-if)#ipx network 55
Notice the error when trying to configure an IPX network number in an interface when IPX
routing was not enabled:
2621#config t
Hal 81 dari 114
Enter configuration commands, one per line. End with CNTL/Z.
2621(config)# ipx routing
2621(config)#int f0/0
2621(config-if)# ipx network 11
2621(config-if)#int f0/1
2621(config-if)#ipx network 40
7. All four routers are now configured and we can now test our configuration. One of the best
ways to do this is with the show ipx route command:
RouterA#show ipx route
RouterB#show ipx route
RouterC#show ipx route
2621#show ipx route
8. To see the IPX addresses of an interface, use the show protocol (or sh prot) command and
show ipx interface ( or sh ipx int) command:
RouterA#show protocol
RouterA#show ipx interface e0
RouterB#show protocol
RouterB#show interface e0
RouterC#show protocol
RouterC#show interface e0
Hal 82 dari 114
RouterC#show ipx int to0
2621#show protocol
2621C#show interface e0
9. You can ping using the IPX protocol once you can find the IPX address of your neighbor
routers. You can either go to the neighbor routers console port, or use the show protocol or show
pix interface command, or you can use the CDP protocol to gather the protocol information, as
shown:
RouterC#show cdp entry*
---------------------
Device ID: RouterB
Entry address(es):
IP address: 172. 16. 40. 1
Novell address: 172. 16. 40. 1
Platform: cisco 2500, capabilities: Router
Interface: Serial0, Port ID (outgoing port): Serial1
Holdtime: 155 sec
RouterC#ping 40.0000.0c8d.5 c9 d
***Important***
Please Note: This program will not check the validity of mac-addresses when you enter an IPX
address. How ever, when you ping an IPX address, the program will still expect an IPX address
where the string is between 16 and 18 characters, such an in the following formats:
x.xxxx.xxxx.xxx such as 4.0000.0c8d.5c9d
Hal 83 dari 114
x.xxxx.xxxx.xxxx such as 4.0000.0c8d.5c9d
or xxx.xxxx.xxxx.xxxx such as 4.0000.0c8d.5c9d
If you type, for example, 40.0000.0000.0000, the program will take it even thought it may not be
technically correct.
10. The IPX protocol, by default, only looks for one route to a remote network. Once it finds a
valid route, it will not consider looking for another route, even if a second route exists. You can
use the ipx maximum-paths command to tell a Cisco router that it is possible there is no more
then one link to a remote network:
RouterC#config t
Enter configuration commands, one per line. End with CNTL/Z
RouterC(config)#ipx maximum-paths ?
<1-64> Number of paths
RouterC(config)#ipx maximum-paths 2
RouterC(config)#exit
%SYS-5-CONFIG_l: Configured from console by console
11. You can verify this command with the show ipx route command:
RouterC#show ipx route
Codes: C – connented primary network, c – Connected secondary network
S – Statistic, F – Floating static, L – Local (internal), W – IPXWAN
R – RIP, E – EIGRP, N – NLSP, X – External, A – Aggregate
S – seconds, u – uses
5 Total IPX routes. Up to 2 parallel paths and 16 hops allowed
No default route known.
C 55 (SAP), To0
Hal 84 dari 114
C 50 (NOVELL-ETHER), Et0
C 40 (HDLC), Se0
R 11 [13/02] via 40.0000.0c8d.5c9d, 39, Se0
R 15 [13/02] via 40.0000.0c8d.5c9d, 39, Se0
R 20 [07/01] via 40.0000.0c8d.5c9d, 39, Se0
R 10 [07/01] via 40.0000.0c8d.5c9d, 39, Se0
Lab 6.18 Adding secondary network addresses and multiple frame types with IPX
1. Log in to RouterA and goto privileged mode by typing enable (or en)
2. In this lab, we are added IPX routing to our routers and IPX network numbers to our interfaces.
By default, cisco routers run the 802.3 Ethernet frame type and the SAP frame type on Token
Ring LANs. To add a second frame type (Ethernet support 4, Token Ring 2) to your Ethernet
and Token Ring LANs, use the ecanpsulation command. However, you need to remember two
things: you must use a different network number for each frame type and you cannot add
Ethernet and Token Ring frame types to a serial link. Let’s configure RouterA with a second
frame type on the Erhernet and Token Ring LAN:
RouterA#config t
Enter configuration commands, one per line. End with CNTL/Z
RouterA(config)#int e0
RouterA(config)#ipx network 11a encapsulation ?
arpha Novell Ethernet_II
hdlc HDLC on serial links
novell-ether Novell Ethenet_802.3
novell-fddi Novell FDDI RAW
sap IEEE 802.2 on Ethernet, FDDI, Token Ring
snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI
RouterA(config-if)#ipx network 11a encapsulation arpa?
Secondary Make this network a secondary network
<cr>
RouterA(config-if)#ipx network 11a encapsulation arpa secondary
Hal 85 dari 114
RouterA(config-if)#int to0
RouterA(config-if)#ipx network 15a encap?
arpha Novell Ethernet_II
hdlc HDLC on serial links
novell-ether Novell Ethenet_802.3
novell-fddi Novell FDDI RAW
sap IEEE 802.2 on Ethernet, FDDI, Token Ring
snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI
RouterA(config-if)#ipx network 15a encap snap sec
RouterA(config-if)#exit
You arpha ovell Ethernet_II
hdlc HDLC on serial links
novell-ether Novell Ethenet_802.3
novell-fddi Novell FDDI RAW
sap IEEE 802.2 on Ethernet, FDDI, Token Ring
snap IEEE 802.2 SNAP on Ethernet, Token Ring, and FDDI
Lab 6.19 Standard IP Address List
In the fist lab, you will allow only HostC (172.16.50.2) from network 172.16.50.0 to enter network
172.16.11.0
1. Go to RouterA and enter global configuration mode by typing config t
2. From global configuration mode, type access list ? to get a list of all the different access-list
available:
RouterA(config)#access-list?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
Hal 86 dari 114
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<200-299> Protocol type-code access list
<300-399> DCEnet access list
<600-699> Appeltalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
3. Choose an access-list number that will allow you to create an IP standard access-list. This is a
number between 1-99:
routerA(config)#access-list 10 ?
deny specify packets to reject
permit specify packets to forward
4. Now, Chose to permit host 172.16.50.2
RouterA(config)#access-list 10 permit 172.16.50.2, used the wildcards 0.0.0.0
For an expalnation of willcards, please see the Sybex CCNA study guide, chapter 9
5. Now that the access list is created, you must apply it to an interface to make it work:
RouterA(config)#int e0
RouterA(config-if)#ip access-group 10 out
6. You can verify your access lists with the following command:
RouterA#show access-list
Standard IP address list 10
Permit 172.16.50.2
RouterA#show run
-cut-
interface Ethernet0
ip address 172.16.10.1 255.255.255.0
ip access-group 10 out
ipx network 10A
7. You can test your access-list by printing from HostB(172.16.50.2) to HostA(172.16.10.2)
8. Ping from RouterB and RouterC to HostA (172.16.50.2), which should fail if your access lists is
correctly setup. Only HostC(172.16.50.2) should be able to ping a host or switch 172.16.10.0
Hal 87 dari 114
Please note: You remove an access list item from a specific interface and from the router. You
will do this in the next lab. However, it is important to mention it here.
If you want to remove it from a specific interface suc as e0, you would do the following:
RouterA(config)#int e0
RouterA(config-if)#no ip access-group 10 out
RouterA(config-if)#^Z
However, RouterA will still have this access list item still listed, but not applied to an interface.
To remove it from, for example RouterA, do the following:
RouterA(config)#no access-list 10
Lab 6.20. Extended IP access lists
In this lab, you will use an extended IP access-list to stop host 172.16.10.2 from creating a telnet
session to RouterB(172.166.20.2). However, the host should still be able to ping the routerB router.
IP extended lists should be placed closet to the source, so we will add the extended list to RouterA
Router
1. First, remove any access any access-list on RouterA. Then add an extended list to RouterA
RouterA#config t
Enter configuration commands, one per line. End with CTRL/Z
RouterA(config)#no access-list 10
RouterA(config)#int e0
RouterA(config-if)#no ip access-group 10 count
RouterA(config-if)#^Z
Notice that when we removed the access-list, we only had to type the command no access-list
10, which removes the complete list, regardless of the amount of lines in the list. Remember,
with a real router, to copy your access-list configuration to Notepad berfore deleting the list.
This will allow you to easily cut and paste the commands back into the router after you your
changes. On the interface, you must use the entire no ip access-group 10 out command.
Hal 88 dari 114
2. The IP Extended lists use 100-199. Choose a number to create an extended IP list.
RouterA(config)#access-list?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<200-299> Protocol type-code access list
<300-399> DCEnet access list
<600-699> Appeltalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
3. Create an access-list between the numbers 100-199
RouterA(config)#access-list 110 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
4. Use a deny statement first, and then well finish latter with a permit statement to allow other
traffic to still work:
RouterA(config)#access-list 110 deny ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco’s EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco’s GRE Tunneling
icmp Internet Control Message Protocol
igrp Cisco’s IGRP routing Protocol
ip Any Internet Protocol
ipinip IP in IP Tunneling
nos KA9Q NOS compatible IP over IP Tunneling
Hal 89 dari 114
ospf OSPF routing protocol
pcp Payload Compression Protocol
tcp Transmission Control Protocol
udp User Datagram Protocol
5. Since we are going to deny telnet, we must choose TCP as a Transport layer Protocol
RouterA(config)#access-list 110 deny tcp ?
A.B.C.D Source address
any Any Source host
host A sinle source host
6. Add the source IP address you want to filter on, then add the destination host IP address. Use the
host command instead of wilcard bits:
RouterA(config)#access-list 110 deny tcp host 172.16.10.2 host 172.16.20.2 ?
Ack Match on the ACK bit
Eq Match only packets on a given port number
Established Match established connections
Fin Match on the FIN bit
Fragments Check fragments
Gt Match only packets with a greater port number
Log Log matches against this entry
Log-input Log matches against this entry, including input interface
Lt Matches only packets with a lower port number
Neg Matches only packets not on a given port number
Precedence Match packets with given precedence value
Psh Match on the PSH bit
Range Match only packets in the range of port numbers
Rst Match on the RST bit
Syn Match on the SYN bit
Tos Match packets with given TOS value
Urg Match on the URG bit
<cr>
Hal 90 dari 114
7. At this point, we can add the eq telnet command
RouterA(config)#access-list 110 deny tcp host 172.16.10.2 host 172.16.20.2 eq telnet
8. Here is an important line that you must add next:
RouterA(config)#access-list 110 permit ip any 0.0.0.0 255.255.255.255
You just create a permit statement, because if you just add a deny statement, then nothing will be
permited at all. Please see the study guide for more detailed information on the above commnad.
9. Apply the access lists to serial 0 on RouterB
RouterA(config)#int s0
RouterA(config-if)#ip access-group 110 in
RouterA(config-if)#^Z
10.Try telnet from host 172.16.10.2 to RouterB using the destination IP address of 172.16.20.2. it
should not work, however, the ping command should work.
From host 172.16.10.2: >telnet 172.16.20.2
Lab 6.21 IPX Standard access-lists
In this lab, you will configure RouterA to allow only IPX traffic from IPX network 30, but not from
IPX network 50.
1. Remove any existing access-list on RouterA. Since this is an IPX standard access-list, the
filtering can be placed anywhere on the network since it can filter base on IPX source and
destination IP address.
RouterA(config)#no access-list 110
RouterA(config-if)#int s0
RouterA(config-if)#no ip access-group 110 in
2. Configure an access-list on RouterA to allow only IPX traffic from network 30, but deny IPX
network 50. IPX standard list used the access list number 800-898
RouterA#config t
Enter configuration commands, one per line . End with CTRL/Z
RouterA(config)#access-list
<1-99> IP standard access list
Hal 91 dari 114
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<200-299> Protocol type-code access list
<300-399> DCEnet access list
<600-699> Appeltalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
RouterA(config)#access-list 810 ?
Deny specify packets to reject
Permit Specify packets to permits
3. First, deny IPX network 50, then permit everything else. The 1 is a wilcard in IPX
RouterA(config)#access-list 810 deny ?
-1 Any IP net
<0-FFFFFFFF> Source net
N.H.H.H Destination net
<cr>
4. Choose network 10 as the destination network
RouterA(config)#access-list 810 deny 50 10
5. Now, permit everything else with an IPX wilcard
RouterA(config)#access-list 810 permit 1 – 1
6. Apply the list yo the serial interface of RouterA to stop the packets as they reach the router.
RouterA(config)#int s0
RouterA(config-if)ipx access-group 810 in
RouterA(config-if)#^Z
7. Verify the list looking at the IPX routing table. Use the show ipx access-list command to very
the list.
8. Go to Router804B. Interface e0 should have an IPX address of 50. Ping IPX address 11 which is
found between RouterA and Router2621. If correctly set up, the ping should not succed. Check
the Net Detective.
Hal 92 dari 114
Please note: As you practice with the different network, the program will only respond to
statemets whre a network is denied, such as access-lis 810 deny 50 10
10. To remove the settings, type the following:
RouterA(config)#no access-list 810
RouterA(config-if)#int s0
RouterA(config-if)#no ipx access-group 810 in
Lab.6.22 PPP configuration
By default, Cisco routers use high –Level Data Link Protocol (HDLC) as a point-to- point
encapsulation methode on serial links. If you are connecting to non-Cisco equipment, then you must
use the PPP encapsulation method.
1. Type show in s0 on RouterB to see the encapsulation method
2. To change the default HDLC encapsulation methode to PPP on RouterB, use the encapsulation
command at interface configuration. Both ends of the link must run the same encapsulation.
Config t
In s0
Encap ppp
3. Now go to RouterA and set serial0 to PPP encapsulation
Config t
Int s0
Encap ppp
4. Verify the configuration by typing show int s0
5. Go to RouterB and verify that serial 0 is PPP an serial 1 is HDLC by typing show int s1. Notice
the IPCP, IPXCP and CDPCP. This is the information used to transmit the upper layer
(network layer)information accross the ISO HDLC at the MAC sublayer.
Lab 6.23. Configuring PPP Authentication
Hal 93 dari 114
1. To configure PPP authentication, make sure to go through lab 6.22 and configure PPP
configuration on serial0 of both RouterA and RouterB
2. Make sure that each router has the hostname assigned:
config t
hostname RouterA
config t
hostname routerB
3. Define a username and password on each router. Notice that the username is the name of the
remote router. Also, the password MUST be the same:
RouterA#config t
RouterA(config)#username RouterB password todd
RouterB#config t
RouterB(config)#username RouterA password todd
4. Enable chap or ppp authentication on each interface:
RouterA(config)#int s0
RouterA(config-if)#ppp authentication chap
RouterB(config)#int s0
RouterB(config-if)#ppp authenticion chap
5. Verify the PPP configuration
Show int s0
Lab 6.24 Point –to-point frame Relay
1. Log in to RouterB and go into privileged mode by typing enable (or en)
2. To configure frame relay, you need to create a frame relay switch, unless you are using a
provuder. If you are using a provider, you will only configure your Cisco router as we will do
with RouterA and C. We will now configure RouterB to be the Frame Switch:
RouterB(config)#frame-relay switching
Hal 94 dari 114
That is all you have to do tell your router it will perform switching. However, we need configure
other configuration parameters before it will work:
3. We will assume you already have an IP address and IPX network number set on each router. At
this point, you need to tell your switch that it will perform DCE communication on the serial
links, but you need to configure the encapsulation on each serial links first, as shown:
RouterB(config)#int s0
RouterB(config-if)#encap frame-relay
RouterB(config-if)#frame-relay intf-type dce
RouterB(config-if)#int s1
RouterB(config-if)#encap frame-relay
RouterB(config-if)#frame-relay intf-type dce
The above commands tells the router that it will perform DCE communication. By default, Cisco
router (actualy, all router) are configured as DTE devices. An important point here, is that this
irrelevant to the clock rate command on routers and the command used (clock rate) when a DCE
cable is connected to a serial link, is not the same command as the intf-type dce command. They
are Irrelevant to each other.
4. You now need to configure your DLCI number to identify the PVC of each virtual circuit. Data
Link Connection identifiers are used to identify the permanent Virtual Circuit (PVC).
RouterB(config)#int s0
RouterB(config-if)#frame-relay interface-dlci 16
RouterB(config-if)#int s1
RouterB(config-if)#frame-relay interface-dlci 17
Notice we will use a different DLCI number for each serial connection. This might not always
be the case, but your switch provider will give you your DLCI numbers for each connection.
This is a typical example.
5. The switch is now configured, and now we want to configure router A and C:
RouterA(config)#int s0
Router(config-if)#encap frame-relay
Router(config-if)#frame-relay interface-dlci 16
Router(config)# int s0
Router(config-if)#encap frame-relay
Hal 95 dari 114
Router(config-if)#frame-relay interface-dlci 17
Since we configured a DLCI number on each interface of all three routers, IARP (inverse
ARP)will map our IP and IPX addresses to the PVCs. You can see these mappings with the
show frame map command:
RouterA#show frame map
Serial0 (up):ip 172.16.20.2 dlci 16(0x10, 0x400), dynnamic,
Broadcast,, status defined, active
Serial0 (up): ipx 20.0000.0c8d.5c9d dlci 16(0x10, 0x400), dynamic,
Broadcast,,status defined, active
RouterB#show frame map
Serial0 (up):ip 172.16.20.2 dlci 16(0x10, 0x400), dynnamic,
Broadcast,, status defined, active
Serial0 (up): ipx 20.0000.0c8d.5c9d dlci 16(0x10, 0x400), dynamic,
Broadcast,,status defined, active
Serial1 (up):ip 172.16.20.2 dlci 16(0x10, 0x400), dynnamic,
Broadcast,, status defined, active
Serial1 (up): ipx 20.0000.0c8d.5c9d dlci 16(0x10, 0x400), dynamic,
Broadcast,,status defined, active
RouterC#show frame map
Serial0 (up):ip 172.16.20.2 dlci 16(0x10, 0x400), dynnamic,
Broadcast,, status defined, active
Serial0 (up): ipx 20.0000.0c8d.5c9d dlci 16(0x10, 0x400), dynamic,
Broadcast,,status defined, active
Notice that IARP has mapped both the IP and IPX routing protocols to a DLCI number. If the IP
and IPX addresses are not mapped to the PVC, then no communication would take place. To see
PVCs and configured DLCIs, you can use the show frame pvs command:
RouterA#show frame pvc
Hal 96 dari 114
PVC Statistic for interface Serial0 (frame Relay DTE)
DLCI=16, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0
input pkts 523 output pkts 519 in bytes 53158
out bytes 43250 droped pkts 2 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
pvc create time 02:12:08, last time pvs status changed 02:11:28
RouterA#show frame pvc
PVC Statistic for interface Serial0 (frame Relay DCE)
DLCI=16, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0
input pkts 218 output pkts 221 in bytes 18018
out bytes 22114 droped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
out bcast pkts 221 out DE pkts 0
pvc create time 00:56:48, last time pvs status changed 00:55:08
PVC Statistic for interface Serial1 (frame Relay DCE)
DLCI=17, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTERFACE=Serial1
Input pkts 186 out pkts 217 in bytes 16211
Out bytes 21816 dropped pkts 0 in FECN pkts 0
In BECN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Out bcast pkts 199 out bcast bytes 20952
Pvc create time 00:56:32, last time pvc status change 00:51:13
RouterC#show frame pvc
PVC Statistic for interface Serial0 (frame Relay DTE)
DLCI = 17, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTRFACE=Serial0
Input pkts 152 output pkts 131 in bytes 14840
Ouput bytes 11055 dropped pkts 0 in FECN pkts 0
In BECN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Hal 97 dari 114
In DE pkts 0 out DE pkts 0
The only other command that will show you your DLCI number is the show running-config
command.
Lab 6.24 Frame relay with sub interface
In this lab you will create a Frame Relay network using subinterfaces. The reason you would
create subinterfaces is to allow remote offices to communicate without having to create static
mappings. Frame Relay is a Non-Broadcast Multiple Access network (NBMA). This means
routing protocols will not be broadcasted between routers accross a Frame Relay network. To
solve this you either need to add static routers with the broadcast parameter, which tells the
network to allow all broadcasts, or use the neighbor command whitin teh routing process
configuration. We will use the neighbor command in this lab.
1. Configure ReouterB to frame Relay switch using DLCIs 16 and 17. Notice in the following
configuration that there have been no changes to the IP address or IPX networks numbers:
On the RouterB:
RouterB#config t
Wntwr configuration commnads, one per line. Endz with CTRL/Z
RouterB(config)#frame-relay switching
RouterB(config)#int s0
RouterB(config-if)#encap frame-relay
RouterB(config-if)#frame interface-dlci 16
RouterB(config-if-dlci)#exit
RouterB(config-if)#frame intf-type dce
RouterB(config-if)#int s1
RouterB(config-if)#encap frame-relay
RouterB(config-if)#frame interface-dlci 17
Hal 98 dari 114
RouterB(config-if-dlci)#exit
RouterB(config-if)#frame intf-type dce
RouterB(config-if)#exit
RouterB(config-if)#router rip
RouterB(config-if)#neig 172.16.20.1
RouterB(config-if)#^Z
RouterC is a remote office. Create a point-to-point sub interface on serial 0. Remove the IP
addresses and IPX network number from Serial 0 and move that to the subinterface. Totice that we
used the subinterface number on the DLI number used to identify the PVC. You can use any
number.
On RouterC:
RouterC#config t
Enter configuration commands, one per line. End with CTRL/Z
RouterC(config)#int s0
RouterC(config-if)#no ip address
RouterC(config-if)#no ip netw
RouterC(config-if)#encap frame
RouterC(config-if)#int s0.17 ?
Multipoint Treat as a multipoint link
Point-to-point Treat as a point-to-point link
RouterC(config)#int s0.17 172.16.40.2 255.255.255.0
RouterC(config-subif)# ipx netw 40a
RouterC(config-subif)#frame interface-dlci 17
RouterC(config-fr-dlci)#exit
RouterC(config-subif)#exit
RouterC(config)#router rip
RouterC(config-router)#neig 172.16.40.1
RouterC(config-router)#^Z
Hal 99 dari 114
RouterA is a remote office. Create a point-to-point subinterface subinterface on serial 0.
On RouterA:
RouterA#config t
Enter configuration commands, one perl line. End with CTRL/Z
RouterA(config)#int s0
RouterA(config-if)no ip address
RouterA(config-if)#no ip address
RouterA(config-if)#no ipx netw
RouterA(config-if)#encap frame
RouterA(config)#int.16 point-to-point
RouterA(config-subinif)#ip address 172.16.20.1 255.255.255.0
RouterA(config-subif)#ipx netw 20a
RouterA(config-subif)#frame interface-dlci 16
RouterA(config-fr-dlci)#exit
RouterA(config-subif)#exit
RouterA(config)#router rip
RouterA(config-router)#neig 172.16.20.2
RouterA(config-router)#^Z
Verify your configuration by using the type show runnig-config command, the show frame pvc and
show frame map commands.
On RouterB
RouterB#show run
Building configuration ...
Enable secret 5 $1 $0S1N$wCWj91ArVyodOsZoEsFF221
!
ipx routing 0010.7be8.25dd
Hal 100 dari 114
frame-realy switching
!
interface Ethernet0
ip address 172.16.30.1 255.255.255.0
ipx network 30A
!
interface Ethernet0.30
ipx network 30B encapsultion SAP
!
interface Ethernet0.31
ipx network 30C encapsulation ARPA
!
interface Ethernet0.32
ipx network 30D encapsulation SNAP
!
interface Serial0
ip address 172.16.20.2 255.255.255.0
encapsulaton frame-relay
ipx network 20A
clockrate 1000000
frame-relay interface-dlci 16
frame-relay intf-type dce
!
interface Serial1
ip address 172.16.40.1 255.255.255.0
encapsulation frame-relay
ipx network 40A
clockrate 1000000
frame-realy interface-dlci 17
frame-relay intf-type dce
!
router rip
network 172.16.0.0
Hal 101 dari 114
neighbor 172.16.40.2
neighbor 172.16.20.1
!
RouterB#show frame pvc
PVC Statistic for interface Serial0 (frame Realy DCE)
DLCI=16, DLCI USAGE=LOACL, PVC STATUS=ACTIVE, INTERFACE=Serial0
Input pkts 51 output pkts 19 in bytes 4976
Out bytes 2220 dropped pkts 0 in FCEN pkts 0
In BCEN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Out bcast pktas 19 out bcast bytes 2220
Pvc create time 00:06:11, last time pvc status changed 00:00:11
PVC Statistic for interface Serial1 (frame Relay DCE)
DLCI=17, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial1
Input pkts 46 output pkts 36 in bytes 4668
Out bytes 4364 dropped pkts 0 in FECN pkts 0
In BECN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Out bcast pkts 25 out bcast bytes 2868
Pvc create time 00:06:12, last time pvc status changed 00:06:12
RouterB#show frame map
Serial0 (up):ip 172.16.20.1 dlci 16(0x10,0x400), dynamic,
Broadcast,,status defined, active
Serila0(up):ipx 20A.0000.0c8e.df26 dlci 16(0x10,0x400), dynamic,
Broadcast,,status defined, active
Serial1(up):ipx 40A.00107.7be8.25db dlci 17(0x11,0x410), dynamic
Broadcast,,status defined, active
Serial1(up):ip 172.16.40.2 dlci 17(0x11,0x410), dynamic
Hal 102 dari 114
Broadcast,,status defined, active
RouterB#
On RouterA:
RouterA#show run
Enable secret 5 $1$r4Tf$P onblIXG51TskyoNpD.PAe1
!
ipx routing 0000.0c8e.df26
interface Ethernet0
ip network 10C enacpsulation SAP
!
interface Ethernet0.11
ipx netwaork 10C encapsulation ARPA
!
interface Ethernet0.12
ipx netwaork 10D encapsulation SNAP
!
interface Serial0
no ip address
enacapsulation frame-realy
!
interface Serial0.16 point-to-point
ip address 172.16.20.1 255.255.255.0
ipx network 20A
frame-raely interface-dlci 16
!
interface Serial1
no ip address
shutdown
!
router rip
network 172.16.0.0
neigbor 172.16.20.2
Hal 103 dari 114
RouterA#show frame pvc
PVC Statistic for interface Serial) Frame Relay DTE)
DLCI=16, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0.16
Input pkts 80 output pkts 104 in bytes 5648
Out bytes 9664 dropped pkts 0 in FECN pkts 0
In BECN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Out bcast pkts 44 out bcast bytes 4972
Pvc create time 00:07:37, last time pvc status changed 00:07:37
RouterA#show frame map
Serial0.16(up): point-to-point dlci, dlci 16(0x10,0x400),
Broadcast status defined, active
On RouterC:
Router#show run
Building configuration ...
Current configuration:
!
Version 11.3
Servive timestamps debug uptime.
Servivce timestamps log uptime
No service password-encription
!
hostname RouterC
!
ipx routing 001.7be8.25db
!
Hal 104 dari 114
!
interface Ethernet0
ip address 172.16.50.1 255.255.255.0
ipx network 50A
!
interface Ethernet0 50
ipx network 50C encapsulation ARPA
!
interface Ethernet0.52
ipx network 50D encapusulation SNAP
!
inetrface Serial0
no ip address
enacapslation frame-relay
!
interface Serial0.17 point-to-point
ip address 172.16.40.2 255.255.255.0
ipx network 40A
frame-relay interface-dlci 17
!
interface Serial1
no ip address
shutdown
!
router rip
network 172.16.0.0
neighbor 172.16.40.1
!
no ip calassless
!
line con 0
line aux 0
line vty 0 4
Hal 105 dari 114
no login
!
end
RouterC#show frame pvc
PVC Satistic for interface Serial0 (frame Relay DTE)
DLCI=17, DLCI USAGE=LOCAL, PVC STATUS=ACTIVE, INTERFACE=Serial0.17
Inteface pkts 113 out pkts 111 in bytes 9827
Out bytes 10674 dropped pkts 0 in FECN pkts 0
In BECN pkts 0 out FECN pkts 0 out BECN pkts 0
In DE pkts 0 out DE pkts 0
Out bcast pkts 44 out bcast bytes 5104
Pvc create time 00:09:49, last time pvc status changed 00:09:49
RouterC#show frame map
Serial0.17 (up): point-to-point dlci 17(10x11,0x410),
Broadcast status defined, active
Lab 6.25 ISDN configuration
1. Go to 804B and set the switch type.
Config t
Isdn switch-type basic-ni
2. Set the switch type 0n 804A at the interface level. The point of steps one and two show you that
you can configure the switch type either through global configuration mode or intercafe level.
Config t
Interface bri0
Isdn switch-type basic-ni
3. On router804A, set the SPID number on BRI 0 and make the IP address 171.16.60.1/24
Hal 106 dari 114
Config t
Int bri0
Isdn spd1 0835866101 8358661
Isdn spd1 0835886301 8358663
Ip address 172.16.60.1 255.255.255.0
No shut
4. Set the spdis on 804B and make the IP address of the interface 172.16.60.2/24
Config t
Int bri0
Isdn spd1 0835866201 8358662
Isnd spd2 0835866401 8358664
Ip address 172.16.60.2 255.255.255.0
No shut
5. Create static routes on the routers to use the remote ISDN interface. Dynamic routing will create
two problems:
One that the ISDN line will always stay up an two, that network loop will accour because of
multiple links between the same location because the CCNA exam and Routersim product only
support distant vector routing protocol (RIP an IGRP). Static routers are recommended with
ISDN and that is waht the Routersim version 2.0
Support on the 804’s as well:
Notice in the following static routes, we only give routes to the LANs, not the WANs. Since RIP
or IGRP is used to help the other router four routers update routing tables, we only need to be
concerned about getting the packets to tour closets neighbor routes. Also notice that to get to
some LANs, the static routers go through the 2500 routers, not the ISDN network.
804A(config)#ip route 172.16.50.0 255.255.255.0 172.16.60.2
804A(config)#ip route 172.16.55.0 255.255.255.0 172.16.60.2
804A(config)#ip route 172.16.11.0 255.255.255.0 172.16.10.1
804B(config)#ip route 172.16.10.0 255.255.255.0 172.16.50.2
Hal 107 dari 114
804B(config)#ip route 172.16.11.0 255.255.255.0 172.16.50.2
6. Specify interesting traffic to bring up the ISDN link. Lets choose all IP traffic. This is a global
configuration mode command.
804A(config)#dialer-list 1 protocol ip permit
804B(config)#dialer-list 1 protocol ip permit
7. Under the BRI interface of both routers, add the command dialer-group 1, which matches the
dialer-list number.
Config t
Int bri0
Dialer-group 1
8. Configure the dialer information on both routers
804A
config t
int bri0
dialer string
8358662
804B
config t
int bri0
dialer string 8358661
9. Set the dialer load-threshold and multilink command as well the idle time percentage on both
804 routers.
Config t
Int bri0
Dialer load-threshold 125 either
Ppp multilink
Dialer idle-timeout 180
Hal 108 dari 114
Set the above commands on bith routers. The dialer load-threshold and ppp multi link tells the
router when to bring up the second BRI interface, 125 means that if the first BRI is 50 % saturated,
bring up the second B-channel. The dialer idle-timeout tells the router when to drop the connection
if no data is passing on the link.
10. Set the hold queue for packets when they are found intersting and need a place to wait for the
ISBD link to come up
Confit t
Int bri0
Hold-queue 75 in
11. Verify the ISDN connection
Ping between 80a and 804B or between 804B and 804A
telnet
show dialer
show isdn status
sh ip route
Appendix B. Managing the 1900 switch
In this lab, you will connect to the cisco catalyst 1900 switch and manage the switch features.
1. From the 1900 switch, type letter K to enter into commandLine interface (CLI) mode
2. From the 1900 user mode prompt (>), type enable and press enter
3. typw show running-config (or show run) to view the current configuration. Notice the
default setings.
4. Type show version to view the IOS version running on the switch
5. set the name of the 1900 as switch by using the hostname command
config t
hostname 1900A
Hal 109 dari 114
6. Press Ctrl+Z and type show ip to see the default IP address, subnet mask and default
gateway settings.
7. set the IP address, subnet mask and default gateway of the switch by typing the following:
config t
ip address 172.16.10.3 255.255.255.0
ip default-gateway 172.16.10.1
8. Press Ctrl+Z and type show ip to see the new configuration
9. Ping RouterA by typing ping 172.16.11.1
10. type show mac-address table to view the filter table used in the switch to make
forwarding decisions.
11. Type show interfaces to gather statics on all inetfaces
12. type show int ? to see the available Ethernet and FastEthernet commands
13. type show int Ethernet ? to choose the card0 <0-0> means only one card with 12 0r 14
ports
14. Type show int e 0/? To see all available interfaces
15. Type show int e 0/2 to seeststistic for interface Ethernet 2
16. Type delete nvram to delete the startup-config
Note : you cannot view the startup-config, only the running-config. Also, the runnig-config is
saved automaticaly to NVRAM
Appendix B : Port security on the 1900 switch
1. Type the letter K from the 1900A or 1990B switch console to enter ino CLI (user mode)
2. Type enable (or en) and press enter to enter privileged mode
3. Set the enable password by typing:
Config t
Enable password level 15 todd
4. set tehe enable secret password by typing :
config t
enable secret bill
Hal 110 dari 114
Setting thr enable secret overrides the enable password. Important note: DO not set the enable
secret as enable secret password bill. This would set your password to password bill.
The 1900 switch does not have an enable secret password and you must set the level, where
15 is the higest level.
5. Press Ctrl+Z and type show run to see the password and notice that it is not encrypted.
6. Go to int Ethernet 0/5 and set the duplex to full:
Config t
Int e0/5
Duplex full
7. Go to interface Etherface 0/6 and set the duplex to half:
Int e0/6
Duplex half
8. Go to the enable mode(#) and verify the setting by typing show interface or show int e0/5 and
show int e0/6
9. you can remove the IP configuration from the switch. Type :
confit t
no ip address
10. verify the switch is IP-less. Go to the enable mode(#) and type show ip
11. set the IP address, subnet mask and default gateway of the switch:
config t
ip address 172.16.10.3 255.255.255.0
ip default-gateway 172.16.10.1
12. verify the configuration by going to the enabled mode and typing show ip
13. type show mac-address-table to see the following table. Notice that all MAC addresses nave
been found dynamically
14. Add a static entry into the filter table by using the commnad permanent.
Config t
Mac-address-table permanent 083c.0000.0001 e0/9
15. Go to enable mode and type show mac-address-table and notice the permanent entry for
interface e0/9
Hal 111 dari 114
16. Use the mac-address- table restricted static global configuration command to associate a
restricted static address with a particular sewitched port interface:
Config t
Mac-address-table restricted static 083c.0000.0002 e0/3 e0/4
The above command only allow traffic to the restricted static address 083c.0000.0002 on
interface e0/3 only from interface e0/4
17. Go to interface e0/1 and use the port secure max-mac-count 1 command to enable
addressing security and allow only one mac address in the filter table o that port. By default
up to 132 MAC addresses can be associated with a single port. By using this command, we
will allow only one workstation
Int e0/1
Port secure max-mac-count 1
18. Verify which port have port security on them by going to enabled mode and typing show mac-
address-table security. Notice that port e0/1 is enabled
Hal 112 dari 114
Hal 113 dari 114
Hal 114 dari 114