Sunday, 15 November 2015

Soal-soalJaringan IP

1. A, 1. Kalau dibalik jadi? 1, A.

2. A, 1, 2. Kalau yang bisa dibalik hanya 2 karakter saja jadi apa? 1, A, 2.

2. Kalau nomor kamar dari 1 - 9. Berapa jumlah kamar? 10

3. Kalau nomor kamar dari 0 - 9. Berapa jumlah kamar? 10 + 1 = 11

4. Kalau nomor kamar dari 1 - 19. Berapa jumlah kamar? 20!

5. Kalau nomor kamar dari 0 - 19. Berapa jumlah kamar? 21!
Posted by at No comments:

Guide membuat access-list (ACL)

1. Deny dulu baru permit. Denying the network traffic from accessing another network comes before permitting all other traffic.
2. Selalu tempatkan access-list standard dekat ke network/host yang mau di deny
3. Selalu tempatkan/urutkan most specific ke least specific.
4. Kalau tidak ada mention port, mending pakai access-list standard
5. Kalau ada mention port, pakai access-list extended
6. Numbered atau named terserah, kalau yang lebih mudah di edit named.
7. Untuk nge-view atau examine access-list jangan pakai show run tapi lebih enak pakai show access-list atau show ip access-list

Contoh:
• For the 192.168.10.0/24 network, block Telnet access to all locations and TFTP access to the corporate Web/TFTP server at 192.168.20.254. All other access is allowed.
• For the192.168.11.0/24 network, allow TFTP access and web access to the corporate Web/TFTP server at 192.168.20.254. Block all other traffic from the 192.168.11.0/24 network to the 192.168.20.0/24 network. All other access is allowed.

Terjemahan:

  • Untuk network 192.168.10.0/24, blok akses Telnet ke semua lokasi dan akses TFTP ke corporate Web/TFTP server di 192.168.20.254. Semua akses lain diperbolehkan.
  • Untuk network 192.168.11.0/24, izinkan/bolehkan akses TFTP dan akses web ke corporate Web/TFTP server. Blok semua trafik lain dari 192.168.11.0/24 (network ini) ke network 192.168.20.0/24. Semua akses lain diperbolehkan.

Dengan bahasa lain / yang lebih sederhana:
Network 192.168.10.0/24 bisa akses ke semua kecuali telnet ke semua lokasi dan akses TFTP ke corporate Web/TFTP server.
Network 192.168.11.0/24

Penjabaran:
For 192.168.10.0/24
Block:

  • Telnet access to all locations
  • TFTP access to the corporate Web/TFTP server 192.168.20.254
Permit

  • All other access (Mail, Database, Ping/ICMP)
For 192.168.11.0/24
Block:
  • Block all other traffic from the 192.168.11.0/24 to the 192.168.20.0/24 network
Permit:
  • TFTP access and web access to the corporate Web/TFTP server at 192.168.20.254

Access-list
R1(config)#access-list 100 

Posted by at No comments:
Labels:

Acitivty: Mengamankan jaringan dengan menggunakan ACL

Activity 1

1. An access Control List (ACL) is a router configuration script that controls whether a router will ____ or ___ packets based on criteria found in the packet header.

2. ACL are often used in ___ routers that are positioned between your internal network and external network.

3. A router with three active interface and two network protocols (IP and IPX) can have as many as ___ active ACLs.

4. For inbound ACLs, incoming packets are processed ___ they are routed to an outbound interface.

5. For outbound ACLs, incoming packets are processed ___ they are routed to an outbound interface.

6. At the end of every access-list is an implied ___ all traffic criteria statement. Therefore, if a packet does not match any of your criteria statements, the packet will be ___

permit, six, before, blocked, allowed, while, deny, firewall, after, three, twelve.

Answer:
1. Permit, Deny
2. Firewall
3. Twelve
4. Before
5. After
6. Deny, Blocked

Activity 2
1. Can filter traffic based on source IP address: Standard dan Extended
2. Can filter traffic based on destination IP address: hanya Extended saja
3. Can filter traffic based on protocol type: hany Extended saja
4. Uses number 1 - 99: Standard
5. Uses number 100 - 199: Extended
6. Uses number 1300 - 1999: Standard
7. Can use a name insted of a number: Standard and Extended

Activity 3
Network policy #1: Use a standard ACL to stop the 192.168.1.0/24 network from accessing the Internet via ISP
Network policy #2: Use an extended ACL to stop the 192.168.30.0/24 network from accessing the Web/TFTP server.


Posted by at No comments:

Saturday, 14 November 2015

URL must not have a path (example.com/path) or subdomain (subdomain.example.com).<a href='//support.google.com/adsense/answer/2784438?hl=en_US&utm_source=aso&utm_medium=link&utm_campaign=ww-ww-et-asfe_' target='_blank'> Learn more</a


If you wish to show ads on your non-host websites, you will need to submit a one-time application via the form below.
Important: In order for your application to be reviewed, you must place your ad code on one or more webpages at the URL you enter below. Note that blank ads will be shown until your application is approved.
Once your application has been approved, you may place your ad code on any website that you own without any further approvals. If your application is not approved, you will still be able to show ads on host sites and may apply again in the future.
Posted by at No comments:

Beberapa tips and trick Cisco switch dan router

1. Routing tabel bisa digunakan sebagai alat pensumerisasi nomor jaringan
1. Create 1 atau 2 buah interface loopback
2. Assign nomor jaringan yang ingin disumerisasi ke interface loopback yang baru saja di create
3. Asssign show ip route

2. Menentukan reference bandwidth cost dari fitur OSPF pada router-router jaringan
Interface cost = reference bandwith /  interface bandwidth


2. Access-list sebagai menentukan


4. Cara menentukan root id dari fitur spanning-tree pada switch - switch jaringan
1. Telnet ke semua switch
2. Assign command: show spanning-tree brief di semua switch
3. Look for VLAN yang ingin dicari/diamati (VLAN target)
4. Lihat apakah semua portnya forward.
5.

5. Cara menentukan switch berhasil memforward atau tidak paket host



Posted by at No comments:

Thursday, 12 November 2015

Comparing 802.d and 802.w

Membandingkan kecepatan spanning-tree and pvst

Spanning-tree 802.1d
Algoritma:
1. show spanning-tree di semua switch
S1# show spanning-tree
S2# show spanning-tree
S3# show spanning-tree

2. Dari output / keluaran / hasil perintah-perintah diatas, tentukan switch mana yg jadi root bridge.

3. Dari output / keluaran / hasil perintah S2#show spanning-tree vlan 99 tentukan port mana yang blocking dan forwarding.

3. Test ping dari PC3 ke PC server

4. Cabut kabel fa0/1 switch 1 dan fa0/3 switch 1. Btw apakah status port fa0/1 pada switch 1 ini, dan apakah status fa0/3 pada switch 1 ini?

5. Kembali ke window PC3, berapa kali terjadi timeout?

6. Kembalikan kabel fa0/1 ke switch dan fa0/3 ke switch 1. Apakah terjadi timeout lagi?



Posted by at No comments:

Wednesday, 11 November 2015

Configuring RSTP

Task 8: Configure PVST Rapid Spanning Tree Protocol
Cisco has developed several features to address the slow convergence times associated with standard STP. PortFast, UplinkFast, and BackboneFast are features that, when properly configured, can dramatically reduce the time required to restore connectivity dramatically. Incorporating these features requires manual configuration, and care must be taken to do it correctly. The longer term solution is Rapid STP (RSTP), 802.1w, which incorporates these features among others. RSTP-PVST is configured as follows:
S1(config)#spanning-tree mode rapid-pvst
Configure all three switches in this manner.
S2(config)#spanning-tree mode rapid-pvst
S3(config)#spanning-tree mode rapid-pvst
Use the command show spanning-tree summary to verify that RSTP is enabled.


Posted by at No comments:
Subscribe to: Comments (Atom)