[Study Notes] CCNA Routing & Switching

Sedikit coretan dan catatan CCNA, entah versi berapa

Password Configuration

SSH Pre-req configuration

Pre-reqs: hostname, domain name & username

Configuring SSH

Configuring terminal to allow ssh

ACL:

VLAN

Assign Port Access

802.1q Trunk

Verify trunk

Delete interface from a VLAN

PORT SECURITY

HSRP

primary=highest priority

Frame Relay

Frame Relay Manual Mapping:

Virtual Interface for Router on Stick p2p:

NAT
Create access list for NAT:

assign NAT inside ke interface inside & outside:

assign ke NAT:

-> translate semua ip add di NAT_ADDRESSES ke ip s0/0

ATAU dengan cara create NAT Pool:

assign ke port:

atau:

-> translate ip 1.1.1.1 ke IP yang ada di int f0/0

-> mapping 1 to 1

-> translate ip 1.1.1.1 ke 12.12.12.11

-> mapping 1 to 1

-> translate network 1.1.1.0 ke 10.0.0.0 dgn prefix /24

translate 1 ip inside ke salah satu dari 2 ip:

-> translate 1.1.1.1 ke ip 10.1.1.1 ATAU 20.1.1.2

ping from loopback addr:

ping x.x.x.x source x.x.x.x

EIGRP

verify:

Configuration example:

bandwidth 1544 (default for Serial in KBits), only modifies bw metric not the actual bandwidth

metric:

bandwidth (k1) configurable
load (k2) dynamic 0-255, not used by default
delay (k3) configurable
reliability (k4-k5) dynamic 255/255, not used by default

How to see metric:

-> eigrp melakukan auto-summary by default

redistribute static ke eigrp (default route):

Hello Intervals & Hold Times:

-> both configurable per interface basis & does not have to match to form adjacencies.

int s0/0/0

ip hello-interval eigrp 1 60 (AS number & hello interval seconds)
ip hold-time eigrp 1 180 (AS number & hold seconds)

EIGRP & IPv6

Aktifkan EIGRP di IPv6:

Enable di interface yg akan menjalankan eigrp:

WAN:CHAP

if R1 is directly connected to R2, then (2 way authentication)

on R1:

on R2:

troubleshooting:

u all or undebug all -> stop all debugging

OSPF

Area Border Router (ABR)
no auto-summarizaton -> by default
area 0 always the first are you create
all other areas have to connect to area 0

RouterID selection/priority:

  1. router-id command
  2. Loopback ip
  3. highest active ip
  4. router’s name

Cost =100/Bandwidth(in Mbps)

56k = 1785
64k = 1562
ethernet = 10
fastethernet = 1
T1(1,544) = 64
E1(2,048) = 48

verify:

Konfigurasi OSPF:

Note:

-> penting set RouterID sejak awal untuk mencegah router id yg berubah-ubah karena proses seleksi
-> jika diganti setelah neighbor terbentuk, harus clear OSPF process atau bahkan reboot router

set ip loopback:

-> wildcard 0.0.0.0 utk menjalankan ospf pada spesifik ip 172.30.0.1

config di Area Border Router (ABR):

-> summarize ip 10.10.0.0

config di AS Border Router (ASBR):

redistribute static subnets metric 100

-> redistribute static route ke dalam sistem ospf
-> nilai metric dihitung dr rumus cost=100/Bandwidth(in Mbps) or just made it up

summary-address 172.16.0.0 255.255.0.0

-> summary di ASBR ke network external

Verification:

OSPFv3

-> support IPv6

-> run by default ketika ospf diakses (eigrp hrs di no shutdown dulu)

enable ospf di interface:

Etherchannel

Main purpose to increase bandwidth

Protocols:

PAgP (Port Aggregation Protocol)

-> cisco proprietary
-> modes: on,desirable,auto

LACP (Link Aggregation Control Protocol)

-> Industry standard
-> modes: on,active,passive

Port yang dimasukkan dalam etherchannel sebaiknya pangkat 2, seperti 2,4, or 8, etc ports
Cisco best practice untuk etherchannel: desirable-auto

config:

Verification:

Cisco Device Management

-check config register: 2100 (ROMMon),2101 (RxBoot),2102 (normal boot),2142 (ignore NVRAM)
-check boot system command in startup-config
-look 1st IOS image in flash
-if failed, broadcast for a tftp server

backup:

use tftp32 / tftp64

IPv6
  1. unicast:1-1
  2. multicast:1-many;
  3. anycast:1-closest;
  4. link local scope address: layer 2 domain
  5. unique/site-local scope address: organization
  6. global scope address: internet

 

IPv6 ACL

create ACL:

apply ke interface:

VTP

VTP domain harus sama agar terjadi pertukaran pesan
Pruning: hanya traffic yg perlu yg dilewatkan,mencegah traffic flooding
Enable pruning di switch utk mencegah flooding

Verification:

Konfigurasi VTP Server:

Lalu setting lainnya,seperti VLAN, ip management, dan lain lain.
Ingat interface untuk VTP antar switch HARUS di set sebagai Trunk, baik di Server, Client, maupun Transparent.

Konfigurasi VTP Client:

ketika berperan sebagai client, sebagian besar settingan VLAN akan ikut dari server dan disimpan ke running-config, kecuali ip management yang harus disetting manual sendiri untuk tiap switch.

Konfigurasi VTP Transparent:

VTP Transparent hanya meneruskan setting dari VTP server ke VTP client dan tidak menyimpan settingan ke running-config.

Syslog

EACE WNID

-> emergency, alerts, critical, errors, warnings, notifications, informational, debugging

Netflow

tracks data flow

NAT NEW

ACL:

 

 

 

[Lesson Learned] Membongkar Pesan Error saat Join Domain Clearpass dan Active Directory
[Study Notes] AAA Fundamentals

Leave a Reply

Your email address will not be published / Required fields are marked *