ROUTER ON STICK


ini adalah LAB ROUTER-ON-STICK by Buku BEST PATH TRAINING CENTER oleh Bapak Danu Wiyoto, namun topologinya sudah saya rapihkan dengan perintah yang sudah terpampang di topologinya. kita langsung aja ke konfigurasinya.


1.Pasang IP static pada SERVER-PT 192.168.10.10/24 dan SERVER-DNS 192.168.10.11/24 


2. Setting vlan pada masing masing switch, dan mode switchportnya masing-masing interface sesuai topologi

SW-0:

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname SW-0

SW-0(config)#vlan 10

SW-0(config-vlan)#name 10

SW-0(config)#vlan 20

SW-0(config-vlan)#name 20

SW-0(config)#vlan 30

SW-0(config-vlan)#name 30

SW-0(config-vlan)#int r fa0/3-4

SW-0(config-if-range)#switchport mode access

SW-0(config-if-range)#switchport access vlan 10

SW-0(config-if-range)#int r fa0/1-2

SW-0(config-if-range)#switchport mode trunk


SW-1:

Switch>en

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/ZSW-1(config)#en

Switch(config)#hostname SW-1

SW-1(config)#vlan 10 

SW-1(config-vlan)#name 10

SW-1(config-vlan)#vlan 20

SW-1(config-vlan)#name 20

SW-1(config-vlan)#vlan 30

SW-1(config-vlan)#name 30

SW-1(config-vlan)#int r fa0/1-4

SW-1(config-if-range)#SW-1port mode trunk 

SW-1(config-if-range)#int r f0/5-7

SW-1(config-if-range)#sw mode access 

SW-1(config-if-range)#sw access vlan 20

SW-1(config-if-range)#int f0/24 

SW-1(config-if)#sw mode trunk


SW-2:

Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW-2
SW-2(config)#int r fastEthernet 0/1-2
SW-2(config-if-range)#sw mode trunk

SW-2(config)#vlan 10

SW-2(config-vlan)#name 10

SW-2(config)#vlan 20

SW-2(config-vlan)#name 20

SW-2(config-if-range)#vlan 30
SW-2(config-vlan)#name 30
SW-2(config-if-range)#int r f0/3-4
SW-2(config-if-range)#sw access vlan 30

SW-3:
switch>en
switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#hostname SW-3
SW-3(config)#vlan 40 
SW-3(config-vlan)#name 40
SW-3(config-vlan)#vlan 50
SW-3(config-vlan)#name 50
SW-3(config)#int r f0/1-2, f0/24
SW-3(config-if-range)#sw mode trunk
SW-3(config-vlan)#int r f0/3-4
SW-3(config-if-range)#sw mode access 
SW-3(config-if-range)#sw access vlan 40

SW-4:
switch>en
switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
switch(config)#hostname SW-4
SW-4(config)#vlan 40
SW-4(config-vlan)#name 40
SW-4(config-vlan)#vlan 50
SW-4(config-vlan)#name 50
SW-4(config)#int f0/1-2
SW-4(config-if-range)#sw mode trunk
SW-4(config-vlan)#int r f0/3-4
SW-4(config-if-range)#sw mode access 
SW-4(config-if-range)#sw access vlan 50

SW-5:
nanti ya cuy settingan  SW-5 ada di bagian Port-Based dibawah, jd kita setting trunknya aja.

Switch>en

Switch#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#hostname SW-5

SW-5(config-vlan)#int f0/24

SW-5(config-if)#switchport mode trunk



3. Setting ip menuju vlan 10,20 dan 30, juga MLS pada router

Router:

Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int range f0/0-1

Router(config-if)#no sh


%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up


Router(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up


Router(config-subif)#int f0/0

Router(config-if)#ip add 192.168.100.1 255.255.255.0 (menuju MLS)

Router(config-subif)#int f0/1.10

Router(config-subif)#

%LINK-5-CHANGED: Interface FastEthernet0/1.10, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.10, changed state to up


Router(config-subif)#encapsulation dot1Q 10

Router(config-subif)#ip add 192.168.10.1 255.255.255.0

Router(config-if)#int f0/1.20

Router(config-subif)#

%LINK-5-CHANGED: Interface FastEthernet0/1.20, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.20, changed state to up


Router(config-subif)#encapsulation dot1Q 20

Router(config-subif)#ip add 192.168.20.1 255.255.255.0


Router(config-subif)#int f0/1.30

Router(config-subif)#

%LINK-5-CHANGED: Interface FastEthernet0/1.30, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1.30, changed state to up


Router(config-subif)#encapsulation dot1Q 30

Router(config-subif)#ip add 192.168.30.1 255.255.255.0



4. setting dhcp untuk vlan 20 di router

Router:

Router(config)#ip dhcp pool POOL-VLAN20

Router(dhcp-config)#network 192.168.20.0 255.255.255.0

Router(dhcp-config)#default-router 192.168.20.1

Router(dhcp-config)#dns-server 192.168.10.11

Router(dhcp-config)#ex

Router(config)#ip dhcp excluded-address 192.168.20.1 192.168.20.10

Router(dhcp-config)#ip dhcp pool POOL-VLAN30

Router(dhcp-config)#network 192.168.30.0 255.255.255.0

Router(dhcp-config)#default-router 192.168.30.1

Router(dhcp-config)#dns-server 192.168.10.11

Router(dhcp-config)#ex

Router(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.10



5. Setting MLS


Switch>en

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

MLS(config)#hostname MLS

MLS(config)#int r f0/1

(port f0/1 disini masih berfungsi sebagai L2, kita harus mematikan fungsi L2 nya dulu dengan command "no switchport"

MLS(config-if-range)#no switchport

MLS(config-if-range)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up



6.pasang ip pada f0/1 yang menuju ROUTER


MLS(config-if)#int f0/1

MLS(config-if)#ip add 192.168.100.2 255.255.255.0

MLS(config-if-range)#no shutdown 



7. Pasang Ip pada PC5=192.168.40.10/24 dan PC7=192.168.50.10/24 



pada nomor 8 dan 10 adalah setting  MLS menggunakan metode SVI(Switch Virtual Interface), simak baik-baik



8. Setting trunk pada f0/2, untuk membuka jalur vlan 40 dan 50


MLS(config)#int f0/2

MLS(config-if)#switchport (untuk mengaktifkan mode switchport/L2)

MLS(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up


MLS(config-if)#%SPANTREE-2-RECV_PVID_ERR: Received 802.1Q BPDU on non trunk FastEthernet0/2 VLAN1.


%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/2 on VLAN0001. Inconsistent port type.


MLS(config-if)#switchport trunk encapsulation dot1q

MLS(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up


MLS(config-if)#switchport mode trunk



9. buat vlan pada MLS dan juga IP nya


MLS(config-if-range)#vlan 40

MLS(config-vlan)#name 40

MLS(config-vlan)#vlan 50

MLS(config-vlan)#name 50

MLS(config)#int vlan 40

MLS(config-if)#

MLS(config-if)#ip add 192.168.40.1 255.255.255.0

MLS(config-if)#int vlan 50

MLS(config-if)#ip add 192.168.50.1 255.255.255.0



10. Agar bisa ping antar vlan/satu sama lain, kita masukkan perintah "ip routing"


MLS(config-vlan)#ip routing



pada nomor 11-13  akan setting MLS menggunakan metode PORTS BASED, simak baik-baik


11. setting ip di interface f0/3

MLS(config)#int f0/3

MLS(config-if)#no sw

MLS(config-if)#no switchport

MLS(config-if)#ip add 192.168.60.1 255.255.255.0



12. pasang ip static di PC9=192.168.60.10



13. ping dulu dari MLS ke PC9


MLS#ping 192.168.60.10


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.60.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/12/39 ms



14. ROUTING STATIC ROUTER ke VLAN 40,50 dan Client SW-5(192.168.60.0/24)


Router:

Router>en

Router#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)#int f0/1

Router(config-if)#ex

Router(config)#ip rou

Router(config)#ip route 192.168.40.0 255.255.255.0 192.168.100.2

Router(config)#ip route 192.168.50.0 255.255.255.0 192.168.100.2

Router(config)#ip route 192.168.60.0 255.255.255.0 192.168.100.2



15. ROUTING STATIC MLS ke VLAN 10


MLS:

MLS(config)#ip route 192.168.10.0 255.255.255.0 192.168.100.1



16.Pasang DHCP untuk Vlan 40,50 dan Client SW-5 di DHCP-SVR



17. Setting IP-HELPER Address di MLS untuk Client Vlan 40,50 dan Client  SW-5

MLS(config)#int vlan 40

MLS(config-if)#ip helper-a

MLS(config-if)#ip helper-address 192.168.10.10

MLS(config-if)#int vlan 50

MLS(config-if)#ip helper-address 192.168.10.10

MLS(config-if)#int vlan 50

MLS(config-if)#int f0/3

MLS(config-if)#ip helper-address 192.168.10.10



18. Cek DHCP IP di PC6,PC8 dan PC10 apakah mendapat IP yang sesuai dengan POOL DHCPnya



19. DNS



DNS:




Router:


Router(config)#ip domain-name bestpath-network.com

Router(config)#ip name-server 192.168.10.11



percobaan ping ke DNS


Router(config)#do ping mls-0.bestpath-network.com


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.100.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms



20.Ether Channel


perhatikan pada topologi, Switch 0-1 menggunakan mode PAGP, Switch 1-2 menggunakan mode LACP dan Switch 3-4 menggunakan mode ON



SW-0 dan SW-1



SW-0:


SW-0>en

SW-0#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

SW-0(config)#int r f0/1-2

SW-0(config-if-range)#channel-protocol pagp

SW-0(config-if-range)#channel-group 1 mode desirable

SW-0(config-if-range)#

Creating a port-channel interface Port-channel 1


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up


%LINK-5-CHANGED: Interface Port-channel1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up



SW-1:


SW-1>en

SW-1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

SW-1(config)#int r f0/1-2

SW-1(config-if-range)#channel-protocol pagp

SW-1(config-if-range)#channel-group 1 mode desirable

SW-1(config-if-range)#

Creating a port-channel interface Port-channel 1


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up


%LINK-5-CHANGED: Interface Port-channel1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up



SW-1 dan SW-2



SW-1:


SW-1(config-if-range)#int r f0/3-4

SW-1(config-if-range)#channel-protocol lacp

SW-1(config-if-range)#channel-group 2 mode active

SW-1(config-if-range)#

Creating a port-channel interface Port-channel 2


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up



SW-2:


SW-2>en

SW-2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW-2(config)#int r f0/1-2

SW-2(config-if-range)#channel-protocol lacp

SW-2(config-if-range)#channel-group 2 mode active

SW-2(config-if-range)#

Creating a port-channel interface Port-channel 2


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down


%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up


%LINK-5-CHANGED: Interface Port-channel2, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel2, changed state to up



SW-3 dan SW-4



SW-3:


SW-3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW-3(config)#int r f0/1-2

SW-3(config-if-range)#channel-group 1 mode on

SW-3(config-if-range)#

Creating a port-channel interface Port-channel 1


%LINK-5-CHANGED: Interface Port-channel1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up



SW-4:


SW-4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW-4(config)#int r f0/1-2

SW-4(config-if-range)#channel-group 1 mode on

SW-4(config-if-range)#

Creating a port-channel interface Port-channel 1


%LINK-5-CHANGED: Interface Port-channel1, changed state to up


%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up



21. PORT-SECURITY


disini saya akan menggunakan VLAN 20 sebagai port-security, dengan ketentuan:

PC0(f0/5) menggunakan violation shutdown dengan mac-address manual

PC1(f0/6) mengggunakan violation restrict dengan mac-address sticky

PC2(f0/7) mengggunakan violation protect dengan mac-address sticky


agar mac-address terdeteksi oleh switch, lakukan ping antar-pc yang ada di vlan 20


jika sudah lakukan perintah "do show mac-address-table" di SW-1


SW-1:


SW-1(config)#do sh mac-address-table

Mac Address Table

-------------------------------------------


Vlan Mac Address Type Ports

---- ----------- -------- -----


1 0006.2a41.ba01 DYNAMIC Fa0/3

1 0006.2a41.ba02 DYNAMIC Fa0/4

1 0007.ec84.2301 DYNAMIC Fa0/1

1 0007.ec84.2302 DYNAMIC Fa0/2

1 0009.7c21.c202 DYNAMIC Fa0/24

1 000d.bda0.8626 DYNAMIC Po2

1 0030.f2ab.e508 DYNAMIC Po1

10 0009.7c21.c202 DYNAMIC Fa0/24

20 0003.e47a.6228 DYNAMIC Fa0/6

20 0009.7c21.c202 DYNAMIC Fa0/24

20 000a.f379.00e2 DYNAMIC Fa0/7

20 000d.bda0.8626 DYNAMIC Po2

20 0030.a363.97e7 DYNAMIC Fa0/5

30 0009.7c21.c202 DYNAMIC Fa0/24

30 000d.bda0.8626 DYNAMIC Po2


terlihat semua mac-address perangkat yang terhubung di port SW-1, lanjut gas setting masing-masing port-security nya sesuai ketentuan diatas


SW-1(config)#int f0/5

SW-1(config-if)#switchport port-security

SW-1(config-if)#switchport port-security mac-address 0030.a363.97e7

SW-1(config-if)#switchport port-security violation shutdown

SW-1(config-if)#int f0/6

SW-1(config-if)#switchport port-security

SW-1(config-if)#switchport port-security mac-address sticky

SW-1(config-if)#switchport port-security violation restrict

SW-1(config-if)#int f0/7

SW-1(config-if)#switchport port-security

SW-1(config-if)#switchport port-security mac-address sticky

SW-1(config-if)#switchport port-security violation protect


Konfigurasi Router-On-Stick sesuai buku BESTPATH TRAINING CENTER sudah selesai.

EXTRA!!

pada Router On Stick yang hanya bisa ping adalah vlan 10 ke vlan 40,50 dan client SW-5,
agar vlan client bisa saling ping, lakukan konfigurasi Static VLAN 20 dan 30 di MLS:


MLS:

MLS(config)#ip route 192.168.20.0 255.255.255.0 192.168.100.1

MLS(config)#ip route 192.168.30.0 255.255.255.0 192.168.100.1


sekarang semua PC sudah bisa saling PING

Postingan populer dari blog ini

ROUTING STATIC Metode Floating

Gambar
 Pasang IP di PC-0 : 192.168.10.10/24                            PC-1  : 192.168.30.10/24 Pasang  HWIC-2T di masing-masing Router, pasang persis seperti ini: Router0: Router>en Router#conf t Enter configuration commands, one per line.  End with CNTL/Z. Router(config)#int f0/0 R-0(config)# hostname R-0 R-0(config-if)#ip add 192.168.10.1 255.255.255.0 R-0(config-if)#no sh R-0(config-if)#int se0/0/0 R-0(config-if)#ip add 192.168.20.1 255.255.255.252 R-0(config-if)#no sh R-0(config-if)#int se0/0/1 R-0(config-if)#ip add 192.168.20.5 255.255.255.252 R-0(config-if)#no sh Router1: Router>en Router#conf t Enter configuration commands, one per line.  End with CNTL/Z. Router(config)#hostname R-1 R-1(config)#int f0/0 R-1(config-if)#ip add 192.168.30.1 255.255.255.0 R-1(config-if)#no sh R-1(config-if)#int se0/0/0 R-1(config-if)#ip add 192.168.20.2 255.255.255.252 R-1(config-if)#no sh R-1(co...
Baca selengkapnya

KONFIGURASI VLAN + ROUTING STATIC DI H3C

Gambar
 Topologi: disini saya menggunakan Multi Layer Switch(MLS) H3C 29850 Series, saya akan menggunakan penyebutan MLS-1 untuk S9850-1,dan juga MLS-2/3 pada masing-masing perangkat. konfigurasi hostname dan point-to-point antar MLS pada masing-masing MLS MLS-1: <H3C>system-view System View: return to User View with Ctrl+Z. [H3C]hostname MLS-1 [MLS-1]interface HundredGigE 1/0/1 (interface ke arah MLS-2) [MLS-1-HundredGigE1/0/1]ip address 192.168.100.2 255.255.255.252 [MLS-1-HundredGigE1/0/1]no shutdown [MLS-1-HundredGigE1/0/1]quit MLS-2: <H3C>system-view System View: return to User View with Ctrl+Z. [H3C]hostname MLS-2 [MLS-2]interface HundredGigE 1/0/1  (interface ke arah MLS-1) [MLS-2-HundredGigE1/0/1]ip address 192.168.100.1 255.255.255.252 [MLS-2-HundredGigE1/0/1]no shutdown [MLS-2-HundredGigE1/0/1]quit [MLS-2]interface HundredGigE 1/0/2  (interface ke arah MLS-3) [MLS-2-HundredGigE1/0/2]ip address 192.168.200.1 255.255.255.252 [MLS-2-HundredGigE1/0/2]no shutdow...
Baca selengkapnya

Ujikom BPN 14-10-2022

Gambar
1. pasang ip pada masing masing end device terlebih dahulu 2. setting switch mode access, mode trunk,port-security dan ether-channel sesuai perintah di topologi SW-01: SW-01>en SW-01#conf t Enter configuration commands, one per line.  End with CNTL/Z. SW-01(config)#vlan 100 SW-01(config-vlan)#name Rumah-Emak SW-01(config-vlan)#int ra fa0/3-4 SW-01(config-if-range)#sw mode acc SW-01(config-if-range)#sw acc vlan 100 SW-01(config-if-range)#int gig 0/1 SW-01(config-if)#sw mode tru (setting port-security) SW-01(config-if)#int f0/4 SW-01(config-if)#sw port-security *lakukan ping dahulu dari DNS-SVR ke DHCP-SVR agar mac-addressnya tercatat oleh Switch SW-01(config-if)#sw port-security mac-address sticky SW-01(config-if)#switchport port-security maximum 1 SW-01(config-if)#switchport port-security violation shutdown  SW-02: SW-02>en SW-02#conf t Enter configuration commands, one per line.  End with CNTL/Z. SW-02(config)#vlan 200 SW-02(config-vlan)#name Wisma SW-02(config-vla...
Baca selengkapnya