Posts Tagged nvram
KONFIGURASI VLAN, ROUTING STATIC, DHCP DAN NAT PADA LAYER 3 SWITCH CISCO 3560
Layer 3 switch atau Multilayer Switch adalah switch yang bekerja pada layer 2 dan juga bekerja pada layer 3 yang mempunyai fungsi routing, kemampuan routing pada layer 3 switch antara lain routing antar VLAN berdasarkan encapsulation dot 1Q maupun routing protocol static dan routing protocol dinamis lain seperti Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), dan Routing Information Protocol (RIP). Pada contoh ini akan diperlihatkan langkah melakukan konfigurasi VLAN pada Catalyst 3560 serta routing antar VLAN, Routing Static, DHCP dan juga NAT.
Skenario
| VLAN ID | Nama VLAN | Alamat Subnet |
| 2 | Guest | 192.168.0.0/24 |
| 3 | Student | 192.168.1.0/24 |
| 4 | Lecture | 192.168.2.0/24 |
| Interface | IP address |
| Interface vlan 2 | 192.168.0.1/24 |
| Interface vlan 3 | 192.168.1.1/24 |
| Interface vlan 4 | 192.168.2.1/24 |
| Interface gigabitEthernet 0/1 | 222.124.194.2/27 |
Topologi
Buat Database VLAN pada Switch.
Switch>enable
Switch#vlan
Switch#vlan database
Switch(vlan)#vlan 2 name guest
VLAN 2 added:
Name: guest
Switch(vlan)#vlan 3 name student
VLAN 3 added:
Name: student
Switch(vlan)#vlan 4 name lecture
VLAN 4 added:
Name: lecture
Switch(vlan)#exit
APPLY completed.
Exiting….
Switch#
Masuk ke Global Configuration Mode dan lakukan Grouping Port.
Switch#configure terminal
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 3
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 4
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/6
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 4
Switch(config-if)#
Buat Interface VLAN yang berfungsi sebagai gateway tiap-tiap VLAN, Nomor Interface VLAN yang dibuat harus sama VLAN ID yang akan dilewatkan, misalnya interface VLAN 2 itu berfungsi sebagai gateway untuk VLAN 2, begitu juga dengan VLAN yang lain.
Switch(config)#interface vlan 2
Switch(config-if)#ip address 192.168.0.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#interface vlan 3
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#interface vlan 4
Switch(config-if)#ip address 192.168.2.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#
Untuk memudahan pemberian IP address pada host tiap-tiap VLAN ada baiknya kita membuat DHCP server, dan pada contoh ini kita akan menggunakan IP 222.124.194.11 sebagai DNS server
Switch(config)#ip dhcp pool vlan2
Switch(dhcp-config)#default-router 192.168.0.1
Switch(dhcp-config)#dns-server 222.124.194.11
Switch(dhcp-config)#network 192.168.0.0 255.255.255.0
Switch(dhcp-config)#exit
Switch(config)#ip dhcp pool vlan3
Switch(dhcp-config)#default-router 192.168.1.1
Switch(dhcp-config)#dns-server 222.124.194.11
Switch(dhcp-config)#network 192.168.1.0 255.255.255.0
Switch(dhcp-config)#exit
Switch(config)#ip dhcp pool vlan4
Switch(dhcp-config)#default-router 192.168.2.1
Switch(dhcp-config)#dns-server 222.124.194.11
Switch(dhcp-config)#network 192.168.2.0 255.255.255.0
Switch(dhcp-config)#exit
Switch(config)#
Berikan IP address pada Interface gigabitEthernet 0/1 (anda bisa mengguakan interface lain jika tidak menggunakan interface ini), perhatikan perintah no switchport , perintah ini digunakan agar interface tersebut itu bisa diberi IP address seperti halnya pada router atau interface layer 3, tanpa perintah ini maka interface pada switch hanya sebagai interface layer 2.
Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 222.124.194.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Buat default routing yang berfungsi sebagai “the last resort” terhadap tujuan packet dalam menuju alamat yang tidak terdapat pada routing tabel, sehingga packet tidak di-dischard atau dibuang dari network.
Switch(config)#ip route 0.0.0.0 0.0.0.0 222.124.194.1
Buat NAT sehingga IP private yang berada pada VLAN bisa ditranlasi menuju IP Public, masuk ke interface gigabitEthernet 0/1 dan setting sebgai NAT Outside, kemudian masuk ke tiap-tiap Interface VLAN yang sudah kita buat dan set sebagai NAT Inside.
Switch(config)#interface gigabitEthernet 0/1
Switch(config-if)#ip nat outside
Switch(config-if)#exit
Switch(config)#interface vlan 2
Switch(config-if)#ip nat inside
Switch(config-if)#exit
Switch(config)#interface vlan 3
Switch(config-if)#ip nat inside
Switch(config-if)#exit
Switch(config)#interface vlan 4
Switch(config-if)#ip nat inside
Switch(config-if)#exit
Switch(config)#
Kemudian buat aturan NAT dan jangan lupa untuk mengatur access-list agar mengizinkan packet untuk lewat, perhatikan juga nomor aturan NAT dan access-list keduanya harus mempunya nomor yang sama, jadi kalau aturan NAT-nya menggunakan nomor 1 maka pada access-list juga harus menggunakan nomor 1.
Switch(config)#ip nat inside source list 1 interface gigabitEthernet 0/1 overload
Switch(config)#access-list 1 permit any
Switch(config)#
Kembali ke Privilege Mode dan simpan hasil konfigurasian
Switch(config)#exit
Switch#copy running-config startup-config
Switch#
Download pdf
Memisahkan gateway hotspot dengan VLAN
Dimisalkan kita berlangganan dua ISP, ISP1 untuk kepentingan user yang bersifat stationery dan ISP2 untuk kepentingan user yang menggunakan hotspot
TOPOLOGI
Pada contoh topologi ini peralatan yang digunakan adalah switch Cisco dan router Cisco
| No Vlan | Name | Network | First Host | Last Host | Broadcast |
|
1 |
Management | 192.168.1.0/28 | 192.168.1.1/28 | 192.168.1.14/28 | 192.168.1.15/28 |
|
2 |
Lecture | 192.168.1.16/28 | 192.168.1.17/28 | 192.168.1.30/28 | 192.168.1.31/28 |
|
3 |
Staff | 192.168.1.32/28 | 192.168.1.33/28 | 192.168.1.46/28 | 192.168.1.47/28 |
|
4 |
Guest | 192.168.1.48/28 | 192.168.1.49/28 | 192.168.1.62/28 | 192.168.1.63/28 |
|
5 |
Student | 192.168.1.64/28 | 192.168.1.65/28 | 192.168.1.78/28 | 192.168.1.79/28 |
|
6 |
Hotspot | 192.168.1.80/28 | 192.168.1.81/28 | 192.168.1.94/28 | 192.168.1.95/28 |
SWITCH 1
Switch>enable
Switch#conf t
Switch(config)#hostname vtp-server
vtp-server(config)#interface vlan 1
vtp-server(config-if)#ip address 192.168.1.3 255.255.255.240
vtp-server(config-if)#no shutdown
vtp-server(config-if)#exit
vtp-server(config)#ip default-gateway 192.168.1.1
vtp-server(config)#vtp mode server
vtp-server(config)#vtp domain unsri
vtp-server(config)#vtp password unsri
vtp-server(config)#vlan 2
vtp-server(config-vlan)#name lecture
vtp-server(config-vlan)#exit
vtp-server(config)#vlan 3
vtp-server(config-vlan)#name staff
vtp-server(config-vlan)#exit
vtp-server(config)#vlan 4
vtp-server(config-vlan)#name guest
vtp-server(config-vlan)#exit
vtp-server(config)#vlan 5
vtp-server(config-vlan)#name student
vtp-server(config-vlan)#exit
vtp-server(config)#vlan 6
vtp-server(config-vlan)#name hotspot
vtp-server(config-vlan)#exit
vtp-server(config)#interface fastEthernet 0/1
vtp-server(config-if)#switchport mode trunk
vtp-server(config-if)#switchport trunk native vlan 1
vtp-server(config-if)#exit
vtp-server(config)#interface fastEthernet 0/2
vtp-server(config-if)#switchport mode trunk
vtp-server(config-if)#switchport trunk native vlan 1
vtp-server(config-if)#exit
vtp-server(config)#interface fastEthernet 0/4
vtp-server(config-if)#switchport mode trunk
vtp-server(config-if)#switchport trunk native vlan 1
vtp-server(config-if)#exit
vtp-server(config)#interface fastEthernet 0/3
vtp-server(config-if)#switchport mode trunk
vtp-server(config-if)#switchport trunk native vlan 1
vtp-server(config-if)#exit
vtp-server(config)#line vty 0 4
vtp-server(config-line)#password candraganteng
vtp-server(config-line)#login
vtp-server(config-line)#exit
vtp-server(config)#enable secret candragantengtenan
vtp-server(config)#exit
vtp-server#copy running-config startup-config
vtp-server#
SWITCH 2
Switch>enable
Switch#conf t
Switch(config)#hostname vtp-client1
vtp-client1(config)#vtp mode client
vtp-client1(config)#interface vlan 1
vtp-client1(config-if)#ip address 192.168.1.4 255.255.255.240
vtp-client1(config-if)#no shutdown
vtp-client1(config-if)#exit
vtp-client1(config)#ip default-gateway 192.168.1.1
vtp-client1(config)#line vty 0 4
vtp-client1(config-line)#password candraganteng
vtp-client1(config-line)#login
vtp-client1(config-line)#exit
vtp-client1(config)#enable secret candragantengtenan
vtp-client1(config)#exit
vtp-client1(config)#vtp domain unsri
vtp-client1(config)#vtp password unsri
vtp-client1(config)#interface fastEthernet 0/1
vtp-client1(config-if)#switchport mode trunk
vtp-client1(config-if)#switchport trunk native vlan 1
vtp-client1(config-if)#exit
vtp-client1(config)#exit
vtp-client1#show vtp status
VTP Version : 2
Configuration Revision : 11
Maximum VLANs supported locally : 255
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : unsri
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×71 0×4B 0×63 0×34 0×6A 0xC2 0xEB 0×11
Configuration last modified by 192.168.1.2 at 3-1-93 00:21:42
vtp-client1#sh
vtp-client1#show vl
vtp-client1#show vlan
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
2 lecture active
3 staff active
4 guest active
5 student active
6 hotspot active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
——————————————————————————
Primary Secondary Type Ports
——- ——— —————– ——————————————
vtp-client1#conf t
vtp-client1(config)#interface fastEthernet 0/2
vtp-client1(config-if)#switchport mode access
vtp-client1(config-if)#switchport access vlan 6
vtp-client1(config-if)#exit
vtp-client1(config)#interface fastEthernet 0/3
vtp-client1(config-if)#switchport mode access
vtp-client1(config-if)#switchport access vlan 2
vtp-client1(config-if)#exit
vtp-client1(config)#interface fastEthernet 0/4
vtp-client1(config-if)#switchport mode access
vtp-client1(config-if)#switchport access vlan 3
vtp-client1(config-if)#exit
vtp-client1(config)#interface fastEthernet 0/5
vtp-client1(config-if)#switchport mode access
vtp-client1(config-if)#switchport access vlan 4
vtp-client1(config-if)#exit
vtp-client1(config)#interface fastEthernet 0/6
vtp-client1(config-if)#switchport mode access
vtp-client1(config-if)#switchport access vlan 5
vtp-client1(config-if)#exit
vtp-client1(config)#exit
vtp-client1#show vlan
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 lecture active Fa0/3
3 staff active Fa0/4
4 guest active Fa0/5
5 student active Fa0/6
6 hotspot active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
——————————————————————————
Primary Secondary Type Ports
——- ——— —————– ——————————————
vtp-client1#copy run startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
vtp-client1#
vtp-client1#
SWITCH 3
Switch>enable
Switch#conf t
Switch(config)#hostname vtp-client2
vtp-client2(config)#vtp mode client
vtp-client2(config)#vtp domain unsri
vtp-client2(config)#vtp password unsri
vtp-client2(config)#interface fastEthernet 0/1
vtp-client2(config-if)#switchport mode trunk
vtp-client2(config-if)#switchport trunk native vlan 1
vtp-client2(config)#interface vlan 1
vtp-client2(config-if)#ip address 192.168.1.5 255.255.255.240
vtp-client2(config-if)#no shutdown
vtp-client2(config-if)#exit
vtp-client2(config)#ip default-gateway 192.168.1.1
vtp-client2(config)#line vty 0 4
vtp-client2(config-line)#password candraganteng
vtp-client2(config-line)#login
vtp-client2(config-line)#exit
vtp-client2(config)#enable secret candragantengtenan
vtp-client2(config)#exit
vtp-client2#show vtp status
VTP Version : 2
Configuration Revision : 11
Maximum VLANs supported locally : 255
Number of existing VLANs : 10
VTP Operating Mode : Client
VTP Domain Name : unsri
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0×71 0×4B 0×63 0×34 0×6A 0xC2 0xEB 0×11
Configuration last modified by 192.168.1.2 at 3-1-93 00:21:42
vtp-client2#show vlan
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
2 lecture active
3 staff active
4 guest active
5 student active
6 hotspot active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
——————————————————————————
Primary Secondary Type Ports
——- ——— —————– ——————————————
vtp-client2#conf t
vtp-client2(config)#interface fastEthernet 0/2
vtp-client2(config-if)#switchport mode access
vtp-client2(config-if)#switchport access vlan 6
vtp-client2(config-if)#exit
vtp-client2(config)#interface fastEthernet 0/3
vtp-client2(config-if)#switchport mode access
vtp-client2(config-if)#switchport access vlan 2
vtp-client2(config-if)#exit
vtp-client2(config)#interface fastEthernet 0/4
vtp-client2(config-if)#switchport mode access
vtp-client2(config-if)#switchport access vlan 3
vtp-client2(config-if)#exit
vtp-client2(config)#interface fastEthernet 0/5
vtp-client2(config-if)#switchport mode access
vtp-client2(config-if)#switchport access vlan 4
vtp-client2(config-if)#exit
vtp-client2(config)#interface fastEthernet 0/6
vtp-client2(config-if)#switchport mode access
vtp-client2(config-if)#switchport access vlan 5
vtp-client2(config-if)#exit
vtp-client2(config)#exit
vtp-client2#show vlan
VLAN Name Status Ports
—- ——————————– ——— ——————————-
1 default active Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 lecture active Fa0/3
3 staff active Fa0/4
4 guest active Fa0/5
5 student active Fa0/6
6 hotspot active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
——————————————————————————
Primary Secondary Type Ports
——- ——— —————– ——————————————
vtp-client2#
vtp-client2#
ROUTER 1
Router>enable
Router#conf t
Router(config)#hostname R1
R1(config)#line vty 0 4
R1(config-line)#password candraganteng
R1(config-line)#login
R1(config-line)#exit
R1(config)#enable secret candragantengtenan
R1(config)#service password-encryption
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 222.124.194.23 255.255.255.224
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 222.124.194.1
R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 192.168.1.1 255.255.255.240
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 0/1.2
R1(config-subif)#encapsulation dot1Q 2
R1(config-subif)#ip address 192.168.1.17 255.255.255.240
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#interface fastEthernet 0/1.3
R1(config-subif)#encapsulation dot1Q 3
R1(config-subif)#ip address 192.168.1.33 255.255.255.240
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#interface fastEthernet 0/1.4
R1(config-subif)#encapsulation dot1Q 4
R1(config-subif)#ip address 192.168.1.49 255.255.255.240
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#interface fastEthernet 0/1.5
R1(config-subif)#encapsulation dot1Q 5
R1(config-subif)#ip address 192.168.1.65 255.255.255.240
R1(config-subif)#ip nat inside
R1(config-subif)#exit
R1(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload
R1(config)#access-list 1 permit any
R1(config-subif)#exit
R1(config)#ip dhcp pool vlan2
R1(dhcp-config)#default-router 192.168.1.17
R1(dhcp-config)#network 192.168.1.16 255.255.255.240
R1(dhcp-config)#dns-server 222.124.194.11
R1(dhcp-config)#exit
R1(config)#ip dhcp pool vlan3
R1(dhcp-config)#default-router 192.168.1.33
R1(dhcp-config)#dns-server 222.124.194.11
R1(dhcp-config)#exit
R1(config)#ip dhcp pool vlan4
R1(dhcp-config)#default-router 192.168.1.49
R1(dhcp-config)#network 192.168.1.48 255.255.255.240
R1(dhcp-config)#dns-server 222.124.194.11
R1(dhcp-config)#exit
R1(config)#ip dhcp pool vlan5
R1(dhcp-config)#default-router 192.168.1.65
R1(dhcp-config)#network 192.168.1.64 255.255.255.240
R1(dhcp-config)#dns-server 222.124.194.11
R1(dhcp-config)#exit
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.15 area 0
R1(config-router)#network 192.168.1.16 0.0.0.15 area 0
R1(config-router)#network 192.168.1.32 0.0.0.15 area 0
R1(config-router)#network 192.168.1.48 0.0.0.15 area 0
R1(config-router)#network 192.168.1.64 0.0.0.15 area 0
R1(config)#exit
R1#copy running-config startup-config
R1#
ROUTER 2
Router>enable
Router#conf t
Router(config)#hostname R2
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 202.134.248.6 255.255.255.240
R2(config-if)#no shutdown
R2(config-if)#ip nat outside
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip address 192.168.1.2 255.255.255.240
R2(config-if)#no shutdown
R2(config)#interface fastEthernet 0/1.6
R2(config-subif)#encapsulation dot1Q 6
R2(config-subif)#ip address 192.168.1.81 255.255.255.240
R2(config-subif)#ip nat inside
R2(config-subif)#exit
R2(config)#ip nat inside source list 1 interface fastEthernet 0/0 overload
R2(config)#access-list 1 permit any
R2(config)#ip route 0.0.0.0 0.0.0.0 202.134.248.1
R2(config)#ip dhcp pool vlan6
R2(dhcp-config)#default-router 192.168.1.81
R2(dhcp-config)#network 192.168.1.80 255.255.255.240
R2(dhcp-config)#dns-server 202.134.248.9
R2(dhcp-config)#exit
R2(config)#line vty 0 4
R2(config-line)#password candraganteng
R2(config-line)#login
R2(config-line)#exit
R2(config)#enable secret candragantengtenan
R2(config)#service password-encryption
R2(config)#
R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 0.0.0.15 area 0
R2(config-router)#network 192.168.1.80 0.0.0.15 area 0
R2(config-router)#^Z
R2#
ROUTER 1
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 222.124.194.1 to network 0.0.0.0
192.168.1.0/28 is subnetted, 6 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
C 192.168.1.16 is directly connected, FastEthernet0/1.2
C 192.168.1.32 is directly connected, FastEthernet0/1.3
C 192.168.1.48 is directly connected, FastEthernet0/1.4
C 192.168.1.64 is directly connected, FastEthernet0/1.5
O 192.168.1.80 [110/2] via 192.168.1.2, 00:00:27, FastEthernet0/1
222.124.194.0/27 is subnetted, 1 subnets
C 222.124.194.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 222.124.194.1
R1#
ROUTER 2
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 202.134.248.1 to network 0.0.0.0
192.168.1.0/28 is subnetted, 6 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
O 192.168.1.16 [110/2] via 192.168.1.1, 00:00:44, FastEthernet0/1
O 192.168.1.32 [110/2] via 192.168.1.1, 00:00:34, FastEthernet0/1
O 192.168.1.48 [110/2] via 192.168.1.1, 00:00:34, FastEthernet0/1
O 192.168.1.64 [110/2] via 192.168.1.1, 00:00:24, FastEthernet0/1
C 192.168.1.80 is directly connected, FastEthernet0/1.6
202.134.248.0/28 is subnetted, 1 subnets
C 202.134.248.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 202.134.248.1
R2#
download pdf memisahkan-gateway-hotspot-dengan-vlan
CONFIGURATION REGISTER
Cisco mempunyai software register 16 bit yang ditulis pada nonvolatile memory. Configuration register diatur secara default untuk me-load Cisco IOS dari flash dan me-load startup-config dari NVRAM
Kita bisa mengubah configuration register untuk keperluan:
- Memaksa system untuk masuk bootstrap monitor
- Memilih sebuah boot source dan default boot filename
- Enable atau men-disable fungsi break
- Mengontrol alamat broadcast
- Mengatur baud rate terminal console
- Me-load software operating dari ROM
- Booting dari TFTP server
Konfigurasi default pada Cisco router adalah 0×2102
Nomor bit pada configuration register
|
16 bit |
||||||||||||||||
| Configuration register | 2 | 1 | 0 | 2 | ||||||||||||
| Bit Number | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| Binary | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
Prefix 0x pada alamat configuration register (0×2102) untuk menunjukkan bilangan yang digunakan adalah hexadecimal
Maksud dari Nomor Bit
| Bit No. | Hexadecimal | Deskripsi |
| 0-3 | 0×0000-0×000F | Boot field lihat tabel bootfield |
| 6 | 0×0040 | Abaikan isi NVRAM |
| 7 | 0×0080 | OEM bit enabled |
| 8 | 0×0100 | Break disabled |
| 10 | 0×0400 | IP Broadcast with all zero |
| 11-12 | 0×0800-0×1000 | Kecepatan line console |
| 13 | 0×2000 | Boot default ROM software if network boot fails |
| 14 | 0×4000 | IP broadcast do not have net number |
| 15 | 0×8000 | Enable diagnostic messages and ignore NVRAM contents |
Bit ke 6 digunakan untuk mengabaikan isi dari NVRAM
Boot field
| Boot field | Meaning |
| 00 | ROM Monitor Mode |
| 01 | Boot image from ROM |
| 02-F | Specifies a default netboot filename |
Untuk boot ke mode ROM Monitor atur configuration register ke 0×2100, kemudian reboot router. Pada router akan muncul rommon>
Untuk booting ke mini-IOS images pada ROM (dikenal sebagai RXBOOT), atur configuration register ke 0×2101. Maka akan tampil router(boot)> Jika ini jenis router lama, atau akan muncul rommon 1> jika router berbasiskan RISC terbaru dengan sebuah “smart ROM” pengganti dari mini IOS.
Nilai dari 0×2102 sampai 0×210F untuk memberi tahu pada router untuk menggunakan perintah boot yang spesifik di NVRAM. Semua nilai dalam bentuk hexadecimal, skemanya adalah 0-9 dan A-F. (A=10, B=11, C=12, D=13, E=14, dan F=15). Sehingga kita mengatur configuration register sampai 210(15), atau 1111 dalam bentuk binary.
MENGUBAH CONFIGURATION REGISTER
Sebelum mengubah configuration register, maka perlu mengetahui nilai configuration register yang sudah ada. Pada router ketikkan perintah:
Router>enable
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
System returned to ROM by power-on
System image file is “flash:c1841-advipservicesk9-mz.124-15.T1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0×2102
Untuk mengubah configuration register
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#config-register 0×2101
Router(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Router#show version
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
System returned to ROM by power-on
System image file is “flash:c1841-advipservicesk9-mz.124-15.T1.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0×2102 (will be 0×2101 at next reload)
PASSWORD RECOVERY
Bit ke 6 pada configuration register merupakan bit yang digunakan untuk memberi tahu router apakah harus menggunakan isi dari NVRAM, atau malah sebaliknya untuk mengabaikan isi dari NVRAM.
Nilai default dari configuration register adalah 0×2102, dimana bit ke tersebut dinyatakan off, jika nilai ini off maka router akan mencari dan me-loading konfigurasi yang disimpan pada NVRAM (startup-config). Untuk melakukan recovery password, kita perlu memberi nilai pada bit ke 6 tersebut, sehingga router akan mengabaikan startup-config yang terdapat pada NVRAM, sedangkan konfigurasi mengenai password tersendiri disimpan pada startup-config tersebut, jika startup-config diabaikan maka router tidak akan membaca password yang sudah ada.
Untuk melakukan recovery password pada router, hubungkan router pada program hyperterminal. Setelah itu matikanlah router, kemudian pada keyboard computer tekan Control+break, dan nyalakan lagi router. Router akan masuk ke ROM monitor, pada ROM monitor ketik perintah confreg 0×2142
rommon 1 > confreg 0×2142
rommon 2 > reset
Setelah direset maka router akan masuk ke configuration dialog, ketik no
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
Image text-base: 0×60080608, data-base: 0×6270CD50
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
— System Configuration Dialog —
Continue with configuration dialog? [yes/no]:
Masuk ke privileges mode
Router>enable
Kemudian masuk ke Global Configuration Mode
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Berikan password yang baru
Router(config)#enable secret candra
Kembalikan konfigurasi kenilai default
Router(config)#config-register 0×2102
Router(config)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Simpan ke startup config
Router#copy run startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
Reload router
Router#reload
Proceed with reload? [confirm]
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
Image text-base: 0×60080608, data-base: 0×6270CD50
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
Press RETURN to get started!
Ketik enable dan masukkan password baru yang kita buat tadi
Router>enable
Password:
Router#
Jika interface pada router sudah ada konfigurasi mengenai IP address dan lain-lain, jangan lupa untuk masuk ke Interface mode karena seluruh interface kembali berada dalam kondisi down.