KONFIGURASI DI ROUTER VLAN
Router>
Router>en
Router#config t
Router(config)#hostname RouterVLAN
RouterVLAN(config)#int f0/0
RouterVLAN(config-if)#no sh
RouterVLAN(config-if)#int f0/0.1------à Masuk ke subinterface mode
RouterVLAN(config-subif)#encapsulation dot1q 1
RouterVLAN(config-subif)#ip add 192.168.1.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.2
RouterVLAN(config-subif)#encapsulation dot1q 2
RouterVLAN(config-subif)#ip add 192.168.2.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.3
RouterVLAN(config-subif)#encapsulation dot1q 3
RouterVLAN(config-subif)#ip add 192.168.3.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.4
RouterVLAN(config-subif)#encapsulation dot1q 4
RouterVLAN(config-subif)#ip add 192.168.4.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#int f0/0.5
RouterVLAN(config-subif)#encapsulation dot1q 5
RouterVLAN(config-subif)#ip add 192.168.5.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.6
RouterVLAN(config-subif)#encapsulation dot1q 6
RouterVLAN(config-subif)#ip add 192.168.6.1 255.255.255.0
RouterVLAN(config-subif)#int f0/0.7
RouterVLAN(config-subif)#encapsulation dot1q 7
RouterVLAN(config-subif)#ip add 192.168.7.1 255.255.255.0
RouterVLAN(config-subif)#end
RouterVLAN#config t
RouterVLAN(config)#enable password cantik------àpassword bebas
RouterVLAN(config)#line vty 0 15
RouterVLAN(config-line)#password cantik
RouterVLAN(config-line)#login
RouterVLAN(config-line)#exit
RouterVLAN(config-line)#^Z --------àTekan Ctrl+Z
Ketikan perintah RouterVLAN#sh ip route
Dan hasilnya seperti berikut
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, FastEthernet0/0.1
C 192.168.2.0/24 is directly connected, FastEthernet0/0.2
C 192.168.3.0/24 is directly connected, FastEthernet0/0.3
C 192.168.4.0/24 is directly connected, FastEthernet0/0.4
C 192.168.5.0/24 is directly connected, FastEthernet0/0.5
C 192.168.6.0/24 is directly connected, FastEthernet0/0.6
C 192.168.7.0/24 is directly connected, FastEthernet0/0.7
RouterVLAN#
KONFIGURASI SWITCH 1 /VLAN
Switch>en
Switch#config t
Switch(config)#hostname VLAN
VLAN(config)#^Z
VLAN#vlan database
VLAN(vlan)#vlan 2 name Server
VLAN(vlan)#vlan 3 name Fakultas-Ekonomi
VLAN(vlan)#vlan 4 name Fakultas-Kedokteran
VLAN(vlan)#vlan 5 name Fakultas-WebServer2
VLAN(vlan)#vlan 6 name Fakultas-pertanian
VLAN(vlan)#vlan 7 name Fakultas-teknik
VLAN(vlan)#exit
VLAN#config t
VLAN(config)#int f0/1
VLAN(config-if)#switchport mode trunk
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int f0/3
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 2
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/7
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 3
VLAN(config-if)#int f0/9
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config-if)#int f0/11
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 4
VLAN(config)#int f0/4
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/8
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 6
VLAN(config-if)#int f0/5
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 5
VLAN(config-if)#int f0/10
VLAN(config-if)#switchport mode access
VLAN(config-if)#switchport access vlan 7
VLAN(config-if)#end
VLAN#config t
VLAN(config)#int vlan 1
VLAN(config-if)#ip add 192.168.1.2 255.255.255.0
VLAN(config-if)#no sh
VLAN(config-if)#exit
VLAN(config)#ip default-gateway 192.168.1.1
VLAN(config)#end
VLAN#config t
VLAN(config)#enable password cantik
VLAN(config)#line vty 0 15
VLAN(config-line)#password cantik
VLAN(config-line)#login
VLAN(config-line)#exit
VLAN(config-line)#^Z
Ketikan perintah VLAN#sh vlan.
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/6, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 Server active Fa0/3
3 Fakultas-Ekonomi active Fa0/7
4 Fakultas-Kedokteran active Fa0/9, Fa0/11
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
VLAN#
KONFIGURASI SWITCH 2/SWITCH-VLAN2
Switch>en
Switch#config t
Switch(config)#hostname SWITCH-VLAN2
SWITCH-VLAN2(config)#^Z
SWITCH-VLAN2#vlan database
SWITCH-VLAN2(vlan)#vlan 5 name Fakultas-WebServer2
SWITCH-VLAN2(vlan)#vlan 6 name Fakultas-pertanian
SWITCH-VLAN2(vlan)#vlan 7 name Fakultas-teknik
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/2
SWITCH-VLAN2(config-if)#switchport mode trunk
SWITCH-VLAN2(config-if)#end
%SYS-5-CONFIG_I: Configured from console by console
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#int f0/4
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/8
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 6
SWITCH-VLAN2(config-if)#int f0/5
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 5
SWITCH-VLAN2(config-if)#int f0/10
SWITCH-VLAN2(config-if)#switchport mode access
SWITCH-VLAN2(config-if)#switchport access vlan 7
SWITCH-VLAN2(config-if)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config-if)#ip default-gateway 192.168.1.1
SWITCH-VLAN2(config)#end
SWITCH-VLAN2#config t
SWITCH-VLAN2(config)#enable password cantik
SWITCH-VLAN2(config)#line vty 0 15
SWITCH-VLAN2(config-line)#password cantik
SWITCH-VLAN2(config-line)#login
SWITCH-VLAN2(config-line)#exit
SWITCH-VLAN2(config-line)#^Z
Ketikan perintah SWITCH-VLAN2#sh vlan
Jika berhasil hasilnya seperti di bawah ini
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/3, Fa0/6, Fa0/7
Fa0/9, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
5 Fakultas-farmasi active Fa0/5
6 Fakultas-pertanian active Fa0/4, Fa0/8
7 Fakultas-teknik active Fa0/10
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
1002 enet 101002 1500 - - - - - 0 0
1003 enet 101003 1500 - - - - - 0 0
1004 enet 101004 1500 - - - - - 0 0
1005 enet 101005 1500 - - - - - 0 0
Catatan:
VLAN1 adalah default,
Standarisasi IP address pada InterVLAN
Switch1/VLAN SWITCH-VLAN2
VLAN2
NETWORK 192.168.2.0/24
Gateway 192.168.2.1 VLAN5
NETWORK 192.168.5.0/24
Gateway 192.168.5.1
VLAN3
NETWORK 192.168.3.0/24
Gateway 192.168.3.1 VLAN6
NETWORK 192.168.6.0/24
Gateway 192.168.6.1
VLAN2
NETWORK 192.168.4.0/24
Gateway 192.168.4.1 VLAN7
NETWORK 192.168.7.0/24
Gateway 192.168.7.1
VLAN 1 Default
Network 192.168.1.0/24
Gateway 192.168.1.1
Semoga bermanfaat terutama bagi yang sedang mangambil ujian sertifikasi CCNA3. Experience is the best teacher. Kritik saran dan koreksi silahkan Email di waji4ntoe@yahoo.co.id
Refrerensi
http://www.cisco.com
Modul CCNA3
CCNA Exam Prep (Exam640-801) By David Minutella, Jeremy Cioara, Heather Stevenson
Thanks to Gembel Corp
Minggu, 14 Agustus 2011
Kamis, 11 Agustus 2011
FileZilla Server: Implicit SSL part 2
On a local network FTP works just fine however when connecting to the Internet you need to consider a user (FTP client) more importantly the mode of transfer, active or passive. Everything is geared to make it easier for the client hence your server must support passive mode. The following covers this mode and the added complication of running a FTP server behind a wireless router with NAT.
FTP Basics
FTP uses two ports, a 'command' (control) port and 'data' port traditionally these are assigned ports 21 and 20 respectively. Depending on the operating mode, the data port is not always on port 20. Most browsers use passive mode for connection this mode changes the data port as follows.
Top
Passive FTP
In passive mode a client initiates both connections to the server. A client first opens two consecutive random unprivileged ports (ports above 1023). The first port contacts the server on port 21, and issues the “PASV” command. In response the server opens a random unprivileged port and sends the “PORT P” command back to the client. The client then initiates the connection from it’s second port to transfer data.
A secure FTP server follows the above procedure with one minor difference the command port used is reserved port 990.
What’s important when using a NAT device is the need to forward ports 20, 21, 990 and all unprivileged ports. In reality unprivileged ports are restricted to a small range for example 50000 to 50100.
During a data transfer the FTP server needs to send its visible IP address back to a client. Because of address translation through a NAT device the FTP servers has no way of determining this IP address. It needs to be set during FTP server configuration, not a problem if you have a fixed IP address however a dynamic IP is problematic.
The FileZilla team neatly resolves this issue by providing a dynamic IP address resolution service.
Top
Active FTP
If you have ever set-up an FTP client behind a NAT (Network Address Translation) router you will have been forced to changed mode from active to passive. Reason for this, active FTP will not work behind a NAT device.
Top
Summary
The above is intended to explain why you need to twiddle certain settings and how to choose options for your installation. All settings for passive mode are on a single page making the whole set-up process easier.
Top
Configure Passive Mode
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. A) Select Passive mode settings
5. B) Default: Select this if directly connected to the Internet.
6. C) Use the following IP: If connected to the Internet via a NAT router and you have a fixed IP address enter it here.
7. D) Retrieve external IP address from: If connected to the Internet via a NAT router and you have a dynamic IP address select this radio button. Enables FileZilla’s dynamic IP address resolution service
8. E) Don’t use external IP for local connection. Default is checked, no need to change this.
9. F) Use custom port range: Check this box to enable, we do need to restrict the range of random ports. This also restricts (minimises) the ports that require forwarding in the router.
10. G) Enter range of ports you want to allow, 50000-50100 is reasonable. Allows 100 ports consider reducing this if you do not expect a high number of simultaneous connections.
11. H) Click OK
Uc filezilla 9.gif
Top
Configure NAT Router
You need to forward ports 20, 21, 990 and the range (50000-50100) to your PC’s IP address (192.168.1.6)
Replace the values in brackets with your own.
There is a vast range of routers hence I have not provided any detailed set-up instructions.
Again I point you to PortForwrd a website dedicated to this topic with detailed instructions how to forward ports on most routers.
When setting up your router, example shown on the right hopefully provides a clue what to look for.
FTP Basics
FTP uses two ports, a 'command' (control) port and 'data' port traditionally these are assigned ports 21 and 20 respectively. Depending on the operating mode, the data port is not always on port 20. Most browsers use passive mode for connection this mode changes the data port as follows.
Top
Passive FTP
In passive mode a client initiates both connections to the server. A client first opens two consecutive random unprivileged ports (ports above 1023). The first port contacts the server on port 21, and issues the “PASV” command. In response the server opens a random unprivileged port and sends the “PORT P” command back to the client. The client then initiates the connection from it’s second port to transfer data.
A secure FTP server follows the above procedure with one minor difference the command port used is reserved port 990.
What’s important when using a NAT device is the need to forward ports 20, 21, 990 and all unprivileged ports. In reality unprivileged ports are restricted to a small range for example 50000 to 50100.
During a data transfer the FTP server needs to send its visible IP address back to a client. Because of address translation through a NAT device the FTP servers has no way of determining this IP address. It needs to be set during FTP server configuration, not a problem if you have a fixed IP address however a dynamic IP is problematic.
The FileZilla team neatly resolves this issue by providing a dynamic IP address resolution service.
Top
Active FTP
If you have ever set-up an FTP client behind a NAT (Network Address Translation) router you will have been forced to changed mode from active to passive. Reason for this, active FTP will not work behind a NAT device.
Top
Summary
The above is intended to explain why you need to twiddle certain settings and how to choose options for your installation. All settings for passive mode are on a single page making the whole set-up process easier.
Top
Configure Passive Mode
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. A) Select Passive mode settings
5. B) Default: Select this if directly connected to the Internet.
6. C) Use the following IP: If connected to the Internet via a NAT router and you have a fixed IP address enter it here.
7. D) Retrieve external IP address from: If connected to the Internet via a NAT router and you have a dynamic IP address select this radio button. Enables FileZilla’s dynamic IP address resolution service
8. E) Don’t use external IP for local connection. Default is checked, no need to change this.
9. F) Use custom port range: Check this box to enable, we do need to restrict the range of random ports. This also restricts (minimises) the ports that require forwarding in the router.
10. G) Enter range of ports you want to allow, 50000-50100 is reasonable. Allows 100 ports consider reducing this if you do not expect a high number of simultaneous connections.
11. H) Click OK
Uc filezilla 9.gif
Top
Configure NAT Router
You need to forward ports 20, 21, 990 and the range (50000-50100) to your PC’s IP address (192.168.1.6)
Replace the values in brackets with your own.
There is a vast range of routers hence I have not provided any detailed set-up instructions.
Again I point you to PortForwrd a website dedicated to this topic with detailed instructions how to forward ports on most routers.
When setting up your router, example shown on the right hopefully provides a clue what to look for.
FileZilla Server: Implicit SSL part 1
Implicit SSL
Due to the number of steps required setting up a secure FTP server is relatively difficult because of this I have split this over two pages. The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.
Server certificate
FileZilla has a built in certificate generator making this process very easy.
Enable SSL support:
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. From the left menu clcik on SSL/TLS settings A)
5. Check Enable SSL/TSL support B)
6. Default Allow explicit SSL/TLS on normal connections C)
7. Checks Force explicit SSL/TLS D)
8. Default Listen for SSL/TLS –only connections on port 990 E)
9. Click Generate new certificate F)
Note: No need to fill in Private key or Certificate files or Key password boxes.
Fill in certificate details:
11. Seclect Key size 4096bit G)
12. Insert 2-Digit country code H)
13. Fill in some real or dummy information a)-f)
14. Fill in Common name I) Use localhost or your real domain name
15. Use browse J) and navigate to folder *\udrive\filezilla_server
this is where the certificate will be saved.
16. Click Generate certificate K) this will take a while.
17. When complete click OK L)
Enable user to use SSL:
18. From admin select Edit > Users
19. Select a user account M)
20. Check Bypass N)
21. Check Force SSL for user login O)
22. Click OK P)
23. Restart server
Client
I am assuming your are using FireFox and FireFTP
1. Enter a host R) either use IP address 127.0.0.1 or host name localhost
2. Enter an Account name Q) Can be anything you like.
3. Enter login name S) e.g fred (ftp user name)
4. Enter password T) for fred (ftp user account password)
5. Click on Connection tab U)
6. From the drop down menu V) select Implicit SSL (Good)
7. Check the port number 990 is set W)
8. Finally click OK X)
Local test:
From FireFTP click the Connect button enter name an password.
Your browser will have a whinge, create a certificate exception.
FTP folder will display.
Local network test:
On another PC connected to your network repeat the above steps 1-11.
Note: At step 1 enter your PC’s IP address. (See previous page how to obtain IP address)
That confirms you can access the FTP server across your network.
Source : http://wiki.uniformserver.com
Due to the number of steps required setting up a secure FTP server is relatively difficult because of this I have split this over two pages. The procedure is incremental first create a server certificate ensure it runs on a local network and finally configure for Internet access.
Server certificate
FileZilla has a built in certificate generator making this process very easy.
Enable SSL support:
1. Start the server by double clicking on filezila_start.bat
2. Start the administration interface, double click on filezilla_admin.bat
3. Select Edit > Settings
4. From the left menu clcik on SSL/TLS settings A)
5. Check Enable SSL/TSL support B)
6. Default Allow explicit SSL/TLS on normal connections C)
7. Checks Force explicit SSL/TLS D)
8. Default Listen for SSL/TLS –only connections on port 990 E)
9. Click Generate new certificate F)
Note: No need to fill in Private key or Certificate files or Key password boxes.
Fill in certificate details:
11. Seclect Key size 4096bit G)
12. Insert 2-Digit country code H)
13. Fill in some real or dummy information a)-f)
14. Fill in Common name I) Use localhost or your real domain name
15. Use browse J) and navigate to folder *\udrive\filezilla_server
this is where the certificate will be saved.
16. Click Generate certificate K) this will take a while.
17. When complete click OK L)
Enable user to use SSL:
18. From admin select Edit > Users
19. Select a user account M)
20. Check Bypass N)
21. Check Force SSL for user login O)
22. Click OK P)
23. Restart server
Client
I am assuming your are using FireFox and FireFTP
1. Enter a host R) either use IP address 127.0.0.1 or host name localhost
2. Enter an Account name Q) Can be anything you like.
3. Enter login name S) e.g fred (ftp user name)
4. Enter password T) for fred (ftp user account password)
5. Click on Connection tab U)
6. From the drop down menu V) select Implicit SSL (Good)
7. Check the port number 990 is set W)
8. Finally click OK X)
Local test:
From FireFTP click the Connect button enter name an password.
Your browser will have a whinge, create a certificate exception.
FTP folder will display.
Local network test:
On another PC connected to your network repeat the above steps 1-11.
Note: At step 1 enter your PC’s IP address. (See previous page how to obtain IP address)
That confirms you can access the FTP server across your network.
Source : http://wiki.uniformserver.com
Langganan:
Postingan (Atom)