[Study Notes] CCNA Routing & Switching
Sedikit coretan dan catatan CCNA, entah versi berapa
Password Configuration
|
1 2 3 4 |
(config)# line vty 0 4 password mypassword login exit |
SSH Pre-req configuration
Pre-reqs: hostname, domain name & username
|
1 2 3 4 |
(config)#hostname R1 ip domain-name cisco.com username netadmin password mypassword crypto key generate rsa |
Configuring SSH
|
1 2 3 |
(config)# key generate rsa ip ssh version 2 |
Configuring terminal to allow ssh
|
1 2 3 4 |
(config)# line vty 0 4 login local transport input telnet ssh |
ACL:
|
1 2 3 4 5 6 7 |
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 access-list 100 deny tcp any host 172.22.242.23 eq 80 access-list 100 permit ip any any int f0/1 ip access-group 100 out do wr |
VLAN
|
1 2 3 |
#configure terminal (config)#vlan 10 (config-vlan)#name student |
Assign Port Access
|
1 2 3 4 |
(config)#interface f0/1 (config-if)#switchport mode access (config-if)#switchport access vlan 10 |
802.1q Trunk
|
1 2 3 4 |
(config)#interface f0/2 (config)#switchport trunk native vlan 99 (for Native/Management Vlan) (config-if)#switchport mode trunk (config-if)#switchport trunk allowed vlan [add] [VlanNo] |
Verify trunk
|
1 2 3 4 5 |
#show vlan brief #show vlan name student #show interfaces vlan 10 #show interfaces f0/1 switchport #show interfaces trunk |
Delete interface from a VLAN
|
1 2 3 |
(config)#interface f0/1 (config-if)#no switchport access vlan #no vlan 10 |
PORT SECURITY
|
1 2 3 4 5 6 7 |
S1(config)#interface fastEthernet 0/1 S1(config-if)#switchport mode access S1(config-if)#switchport port-security maximum 50 S1(config-if)#switchport port-security mac-address sticky #show port-security int f0/0 S1(config-if)#switchport port-security violation shutdown |
HSRP
primary=highest priority
|
1 2 3 4 5 6 |
config t interface FastEthernet0/0 ip address 192.168.10.2 255.255.255.0 standby 10 ip 192.168.10.1 standby 10 priority 50 standby 10 preempt |
Frame Relay
|
1 2 3 |
int f0/0 encapsulation frame-relay show frame-relay pvc |
Frame Relay Manual Mapping:
|
1 |
frame-relay map ip 192.168.1.0 301 |
Virtual Interface for Router on Stick p2p:
|
1 2 |
int s0/0.201 point-to-point frame-relay interface-dlci 201 |
NAT
Create access list for NAT:
|
1 2 |
ip access-list standard NAT_ADDRESSES permit 192.168.1.0 0.0.0.255 |
assign NAT inside ke interface inside & outside:
|
1 2 3 4 5 6 |
int f0/0 ip nat inside int f0/1 ip nat inside int s/0 ip nat outside |
assign ke NAT:
|
1 |
ip nat inside source list NAT_ADDRESSES int s0/0 overload |
-> translate semua ip add di NAT_ADDRESSES ke ip s0/0
ATAU dengan cara create NAT Pool:
|
1 |
ip nat pool OUTSIDE_IP 200.1.1.1 (start ip) 200.1.1.1 (end ip) netmask 255.255.255.248 |
assign ke port:
|
1 |
ip nat inside source list NAT_ADDRESSES pool OUTSIDE_IP overload |
atau:
|
1 |
ip nat inside source static 1.1.1.1 int f0/0 |
-> translate ip 1.1.1.1 ke IP yang ada di int f0/0
-> mapping 1 to 1
|
1 |
ip nat inside source static 1.1.1.1 12.12.12.11 |
-> translate ip 1.1.1.1 ke 12.12.12.11
-> mapping 1 to 1
|
1 |
ip nat inside source static network 1.1.1.0 10.0.0.0 /24 |
-> translate network 1.1.1.0 ke 10.0.0.0 dgn prefix /24
translate 1 ip inside ke salah satu dari 2 ip:
|
1 2 |
ip nat inside source static 1.1.1.1 10.1.1.1 extendable ip nat inside source static 1.1.1.1 20.1.1.2 extendable |
-> translate 1.1.1.1 ke ip 10.1.1.1 ATAU 20.1.1.2
ping from loopback addr:
ping x.x.x.x source x.x.x.x
EIGRP
verify:
|
1 2 3 4 5 6 7 8 9 |
show ip eigrp topology show ip eigrp topology show ip eigrp topology all-links show ip eigrp neighbors show ip protocols show ip route debug eigrp fsm |
Configuration example:
|
1 2 3 4 |
router eigrp 1 (ASnumber) net 192.168.1.0 (classfull) net 192.168.1.0 0.0.0.3 (subnet) metric weights tos k1 k2 k3 k4 k5 |
bandwidth 1544 (default for Serial in KBits), only modifies bw metric not the actual bandwidth
metric:
bandwidth (k1) configurable
load (k2) dynamic 0-255, not used by default
delay (k3) configurable
reliability (k4-k5) dynamic 255/255, not used by default
How to see metric:
|
1 2 |
show int s0/0 no auto-summary |
-> eigrp melakukan auto-summary by default
redistribute static ke eigrp (default route):
|
1 2 3 4 |
conf t ip route 0.0.0.0 0.0.0.0 loopback 1 router eigrp 1 redistribute static |
Hello Intervals & Hold Times:
-> both configurable per interface basis & does not have to match to form adjacencies.
int s0/0/0
ip hello-interval eigrp 1 60 (AS number & hello interval seconds)
ip hold-time eigrp 1 180 (AS number & hold seconds)
EIGRP & IPv6
Aktifkan EIGRP di IPv6:
|
1 2 3 |
conf t ipv6 router eigrp 100 no shutdown |
Enable di interface yg akan menjalankan eigrp:
|
1 2 3 |
conf t int f0/0 ipv6 eigrp 100 |
WAN:CHAP
if R1 is directly connected to R2, then (2 way authentication)
on R1:
|
1 2 3 4 5 6 |
conf t username R2 password packetnotes int s0/0 ppp authentication chap |
on R2:
|
1 2 3 4 |
conf t username R1 password packetnotes int s0/0 ppp authentication chap |
troubleshooting:
|
1 |
debug ppp authentication |
u all or undebug all -> stop all debugging
OSPF
Area Border Router (ABR)
no auto-summarizaton -> by default
area 0 always the first are you create
all other areas have to connect to area 0
RouterID selection/priority:
- router-id command
- Loopback ip
- highest active ip
- router’s name
Cost =100/Bandwidth(in Mbps)
56k = 1785
64k = 1562
ethernet = 10
fastethernet = 1
T1(1,544) = 64
E1(2,048) = 48
verify:
|
1 |
show ip ospf neighbor |
Konfigurasi OSPF:
|
1 2 3 |
conf t router ospf 1 (process id,1-65535) router-id 1.1.1.1 |
Note:
-> penting set RouterID sejak awal untuk mencegah router id yg berubah-ubah karena proses seleksi
-> jika diganti setelah neighbor terbentuk, harus clear OSPF process atau bahkan reboot router
set ip loopback:
|
1 2 3 |
int loopback 0 ip add 1.1.1.1 255.255.255.255 -> spesifik utk ip tsb network 172.30.0.1 0.0.0.0 area 0 |
-> wildcard 0.0.0.0 utk menjalankan ospf pada spesifik ip 172.30.0.1
config di Area Border Router (ABR):
|
1 2 |
router ospf 1 area 10 range 10.10.0.0 255.255.0.0 |
-> summarize ip 10.10.0.0
config di AS Border Router (ASBR):
redistribute static subnets metric 100
-> redistribute static route ke dalam sistem ospf
-> nilai metric dihitung dr rumus cost=100/Bandwidth(in Mbps) or just made it up
summary-address 172.16.0.0 255.255.0.0
-> summary di ASBR ke network external
Verification:
|
1 2 |
debug ip ospf adj clear ip ospf processes -> clear utk mulai bentuk neighborhood dari awal |
OSPFv3
-> support IPv6
-> run by default ketika ospf diakses (eigrp hrs di no shutdown dulu)
|
1 2 3 |
conf t ipv6 router ospf 1 router-id 1.1.1.1 |
enable ospf di interface:
|
1 2 |
int s0/0 ipv6 ospf 1 area 0 |
Etherchannel
Main purpose to increase bandwidth
Protocols:
PAgP (Port Aggregation Protocol)
-> cisco proprietary
-> modes: on,desirable,auto
LACP (Link Aggregation Control Protocol)
-> Industry standard
-> modes: on,active,passive
Port yang dimasukkan dalam etherchannel sebaiknya pangkat 2, seperti 2,4, or 8, etc ports
Cisco best practice untuk etherchannel: desirable-auto
config:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
int range f0/1-2 sbg trunk: switchport mode trunk switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-10 speed 100 duplex full apply to port channel: channel-group 10 mode [(on|auto|desirable PAgP)(on,active,passive LACP)] |
Verification:
|
1 2 |
show etherchannel summary show running interface port-channel10 |
Cisco Device Management
-check config register: 2100 (ROMMon),2101 (RxBoot),2102 (normal boot),2142 (ignore NVRAM)
-check boot system command in startup-config
-look 1st IOS image in flash
-if failed, broadcast for a tftp server
|
1 2 3 4 5 6 |
conf t config-register 0x2142 boot: conf t boot system flash:/namafile.bin |
backup:
use tftp32 / tftp64
|
1 |
copy running-config tftp |
IPv6
- unicast:1-1
- multicast:1-many;
- anycast:1-closest;
- link local scope address: layer 2 domain
- unique/site-local scope address: organization
- global scope address: internet
|
1 2 3 4 5 6 7 8 9 |
conf t ipv6 unicast-routing -> aktifkan routing ipv6 ip routing int f0/0 ipv6 add 2001:1::1/64 ipv6 add autoconfig show ipv6 int f0/0 showipv6 neighbor |
IPv6 ACL
create ACL:
|
1 2 3 |
conf t ipv6 access-list CBTACL permit tcp any any eq 23 |
apply ke interface:
|
1 2 3 4 |
int f0/0 ipv6 traffic-filter CBTACL in show ipv6 access-list |
VTP
VTP domain harus sama agar terjadi pertukaran pesan
Pruning: hanya traffic yg perlu yg dilewatkan,mencegah traffic flooding
Enable pruning di switch utk mencegah flooding
Verification:
|
1 |
show vtp status |
Konfigurasi VTP Server:
|
1 2 3 4 5 |
conf t hostname VTP-SERVER vtp mode server vtp domain MYDOMAIN vtp password cisco |
Lalu setting lainnya,seperti VLAN, ip management, dan lain lain.
Ingat interface untuk VTP antar switch HARUS di set sebagai Trunk, baik di Server, Client, maupun Transparent.
|
1 2 |
int f0/0 switchport mode trunk |
Konfigurasi VTP Client:
|
1 2 3 4 5 |
conf t hostname VTP-CLIENT vtp mode client vtp domain MYDOMAIN vtp password cisco |
ketika berperan sebagai client, sebagian besar settingan VLAN akan ikut dari server dan disimpan ke running-config, kecuali ip management yang harus disetting manual sendiri untuk tiap switch.
Konfigurasi VTP Transparent:
|
1 2 3 4 5 |
conf t hostname VTP-TRANSPARENT vtp mode transparent vtp domain MYDOMAIN vtp password cisco |
VTP Transparent hanya meneruskan setting dari VTP server ke VTP client dan tidak menyimpan settingan ke running-config.
Syslog
|
1 2 3 4 |
conf t logging 1.1.1.1 -> ip syslog server logging buffered ? logging trap ? |
EACE WNID
-> emergency, alerts, critical, errors, warnings, notifications, informational, debugging
Netflow
tracks data flow
|
1 2 3 4 5 6 |
conf t ip flow-export destination 172.20.100.190 9991 (9991 -> port number) ip flow-export version 9 int f0/0 ip flow ingress -> inbound netflow ip flow egress -> outbound netflow |
NAT NEW
|
1 2 3 4 |
conf t ip access-list standard NAT_ADDRESSES permit 10.0.1.0 0.0.0.255 permit 10.0.2.0 0.0.0.7 |
ACL:
|
1 2 3 4 5 6 |
access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80 access-list 100 deny tcp any host 172.22.242.23 eq 80 access-list 100 permit ip any any int f0/1 ip access-group 100 out do wr |