Tuesday, March 11, 2008

OSPF + VLAN

note : neh orang minta photo sambil gaya :D , miss my friends in snap ui cisco ......




Neh Hasil ujicoba Ngelab - Selama ikut cisco silahkan menikmati ya bisa diconfig pakai paket tracert atau boson simulator tergantung selera masing-masing

VLAN – TRUNKING LAB CONFIGURATION





SWITCH CONFIGURATION :

NAMA VLAN PORT
VLAN 20 9, 10
VLAN 30 17, 18
TRUNK 23, 24
VLAN 1 SISA PORT

Port Security : port 9 dan 17

SKENARIO ACCESS-LIST
VLAN 1 (A – B) full access ke server 50.50.50.50 dan 100.100.100.100
VLAN 20 (A – B) permit akses http ke 50.50.50.50 dan telnet ke 100.100.100.100
VLAN 30 (A – B) permit akses telnet ke 50.50.50.50 dan http ke 100.100.100.100
VLAN 1 (A) hanya boleh akses ke VLAN 1 (B) dan sebaliknya
VLAN 2 (A) hanya boleh akses ke VLAN 2 (B) dan sebaliknya
VLAN 3 (A) hanya boleh akses ke VLAN 3 (B) dan sebaliknya




ROUTER-A CONFIGURATION

router#conf ig terminal
router(config)#hostname ROUTER-A
ROUTER-A(config)#enable secret cisco

ROUTER-A(config)#line vty 0 4
ROUTER-A(config-line)#password cisco
ROUTER-A(config-line)#login
ROUTER-A(config-line)#exit

ROUTER-A(config)#int fa0/0.1
ROUTER-A(config-subif))#encapsulation dot1q 1
ROUTER-A(config-subif))#ip address 150.150.1.1 255.255.255.0
ROUTER-A(config-subif))#ip access-group 101 in
ROUTER-A(config-subif))#no shut
ROUTER-A(config-subif))#exit

ROUTER-A(config)#int fa0/0.2
ROUTER-A(config-subif))#encapsulation dot1q 20
ROUTER-A(config-subif))#ip address 150.150.2.1 255.255.255.0
ROUTER-A(config-subif))#ip access-group 102 in
ROUTER-A(config-subif))#no shut
ROUTER-A(config-subif))#exit

ROUTER-A(config)#int fa0/0.3
ROUTER-A(config-subif))#encapsulation dot1q 30
ROUTER-A(config-subif))#ip address 150.150.3.1 255.255.255.0
ROUTER-A(config-subif))#ip access-group 103 in
ROUTER-A(config-subif))#no shut
ROUTER-A(config-subif))#exit

ROUTER-A(config)#int s0/0
ROUTER-A(config-if)#ip address 150.150.7.13 255.255.255.252
ROUTER-A(config-if)#clockrate 64000 (if DCE type)
ROUTER-A(config-if)#no shutdown
ROUTER-A(config-if)#exit

ROUTER-A(config)#int s0/1
ROUTER-A(config-if)#ip address 150.150.7.6 255.255.255.252
ROUTER-A(config-if)#clockrate 64000 (if DCE type)
ROUTER-A(config-if)#no shutdown
ROUTER-A(config-if)#exit

ROUTER-A(config)#router ospf 1
ROUTER-A(config-router)#network 150.150.1.0 0.0.0.255 area 0
ROUTER-A(config-router)#network 150.150.2.0 0.0.0.255 area 0
ROUTER-A(config-router)#network 150.150.3.0 0.0.0.255 area 0
ROUTER-A(config-router)#network 150.150.7.12 0.0.0.3 area 0
ROUTER-A(config-router)#network 150.150.7.4 0.0.0.3 area 0
ROUTER-A(config-router)#exit

ROUTER-A(config)#access-list 101 permit ip 150.150.1.0 0.0.0.255 host 50.50.50.50
ROUTER-A(config)#access-list 101 permit ip 150.150.1.0 0.0.0.255 host 100.100.100.100
ROUTER-A(config)#access-list 101 permit ip 150.150.1.0 0.0.0.255 150.150.4.0 0.0.0.255

ROUTER-A(config)#access-list 102 permit tcp 150.150.2.0 0.0.0.255 host 50.50.50.50 eq www
ROUTER-A(config)#access-list 102 permit tcp 150.150.2.0 0.0.0.255 host 100.100.100.100 eq telnet
ROUTER-A(config)#access-list 102 permit ip 150.150.2.0 0.0.0.255 150.150.5.0 0.0.0.255

ROUTER-A(config)#access-list 103 permit tcp 150.150.3.0 0.0.0.255 host 50.50.50.50 eq telnet
ROUTER-A(config)#access-list 103 permit tcp 150.150.3.0 0.0.0.255 host 100.100.100.100 eq www
ROUTER-A(config)#access-list 103 permit ip 150.150.3.0 0.0.0.255 150.150.6.0 0.0.0.255



ROUTER-B CONFIGURATION

router#conf ig terminal
router(config)#hostname ROUTER-B
ROUTER-B(config)#enable secret cisco

ROUTER-B(config)#line vty 0 4
ROUTER-B(config-line)#password cisco
ROUTER-B(config-line)#login
ROUTER-B(config-line)#exit

ROUTER-B(config)#int fa0/0.1
ROUTER-B(config-subif))#encapsulation dot1q 1
ROUTER-B(config-subif))#ip address 150.150.4.1 255.255.255.0
ROUTER-B(config-subif))#no shut
ROUTER-B(config-subif))#exit

ROUTER-B(config)#int fa0/0.2
ROUTER-B(config-subif))#encapsulation dot1q 20
ROUTER-B(config-subif))#ip address 150.150.5.1 255.255.255.0
ROUTER-B(config-subif))#no shut
ROUTER-B(config-subif))#exit

ROUTER-B(config)#int fa0/0.3
ROUTER-B(config-subif))#encapsulation dot1q 30
ROUTER-B(config-subif))#ip address 150.150.6.1 255.255.255.0
ROUTER-B(config-subif))#no shut
ROUTER-B(config-subif))#exit

ROUTER-B(config)#int s0/0
ROUTER-B(config-if)#ip address 150.150.7.9 255.255.255.252
ROUTER-B(config-if)#clockrate 64000 (if DCE type)
ROUTER-B(config-if)#no shutdown
ROUTER-B(config-if)#exit

ROUTER-B(config)#int s0/1
ROUTER-B(config-if)#ip address 150.150.7.14 255.255.255.252
ROUTER-B(config-if)#clockrate 64000 (if DCE type)
ROUTER-B(config-if)#no shutdown
ROUTER-B(config-if)#exit

ROUTER-B(config)#router ospf 1
ROUTER-B(config-router)#network 150.150.4.0 0.0.0.255 area 0
ROUTER-B(config-router)#network 150.150.5.0 0.0.0.255 area 0
ROUTER-B(config-router)#network 150.150.6.0 0.0.0.255 area 0
ROUTER-B(config-router)#network 150.150.7.12 0.0.0.3 area 0
ROUTER-B(config-router)#network 150.150.7.8 0.0.0.3 area 0



ROUTER-C CONFIGURATION

router#conf ig terminal
router(config)#hostname ROUTER-C
ROUTER-C(config)#enable secret cisco

ROUTER-C(config)#line vty 0 4
ROUTER-C(config-line)#password cisco
ROUTER-C(config-line)#login
ROUTER-C(config-line)#exit

ROUTER-C(config)#int s0/0
ROUTER-C(config-if)#ip address 150.150.7.5 255.255.255.252
ROUTER-C(config-if)#clockrate 64000 (if DCE type)
ROUTER-C(config-if)#no shutdown
ROUTER-C(config-if)#exit

ROUTER-C(config)#int s0/1
ROUTER-C(config-if)#ip address 150.150.7.10 255.255.255.252
ROUTER-C(config-if)#clockrate 64000 (if DCE type)
ROUTER-C(config-if)#no shutdown
ROUTER-C(config-if)#exit

ROUTER-C(config)#int loopback 0
ROUTER-C(config-if)#ip address 50.50.50.50 255.0.0.0
ROUTER-C(config-if)#no shutdown
ROUTER-C(config-if)#exit

ROUTER-C(config)#int loopback 1
ROUTER-C(config-if)#ip address 100.100.100.100 255.0.0.0
ROUTER-C(config-if)#no shutdown
ROUTER-C(config-if)#exit

ROUTER-C(config)#router ospf 1
ROUTER-C(config-router)#network 150.150.7.12 0.0.0.3 area 0
ROUTER-C(config-router)#network 150.150.7.8 0.0.0.3 area 0
ROUTER-C(config-router)#network 50.0.0.0 0.255.255.255 area 0
ROUTER-C(config-router)#network 100.0.0.0 0.255.255.255 area 0



SWITCH A DAN B CONFIGURATION

switch#vlan database
switch(vlan)#vlan 20
switch(vlan)#vlan 30
switch(vlan)#exit

switch#config terminal
switch(config)#enable secret cisco
switch(config)#line vty 0 15
switch(config-line)#password cisco
switch(config-line)#login
switch(config-line)#exit

switch(config)#int fa0/9
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 20
switch(config-if)#switchport port-security
switch(config-if)#switchport port-security maximum 1
switch(config-if)#switchport port-security violation shutdown
switch(config-if)#exit

switch(config)#int fa0/10
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 20
switch(config-if)#exit

switch(config)#int fa0/17
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 30
switch(config-if)#switchport port-security
switch(config-if)#switchport port-security maximum 1
switch(config-if)#switchport port-security violation shutdown
switch(config-if)#exit

switch(config)#int fa0/18
switch(config-if)#switchport mode access
switch(config-if)#switchport access vlan 30
switch(config-if)#exit

switch(config)#int fa0/23
switch(config-if)#switchport mode trunk
switch(config-if)#exit

switch(config)#int fa0/24
switch(config-if)#switchport mode trunk
switch(config-if)#exit

switch(config)#interface vlan 1
switch(config-if)#ip address 150.150.1.2 255.255.255.0 (SWITCH A)
switch(config-if)#ip address 150.150.4.2 255.255.255.0 (SWITCH B)
switch(config-if)#no shut
switch(config-if)#exit

switch(config)#ip daefault-gateway 150.150.1.1 (SWITCH A)
switch(config)#ip daefault-gateway 150.150.4.1 (SWITCH B)

No comments:

Post a Comment