Praktikan

NPM
Aslab
Kelompok

: Ilham Muharma
: 1306370291
: Taufiq Bahruddin
:7

MODULE 1: Introduction to Switched Network & Basic Switching Concepts and

Configuration
PKA 1-Configuring SSH
Part 1: Secure Password
Packet Tracer PC Command Line 1.0
PC>telnet 10.10.10.2
Trying 10.10.10.2 ...Open

User Access Verification

Password:
S1>en
Password:
S1#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
S1#sh run
Building configuration...
Current configuration : 1107 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
enable password cisco
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!

interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.10.10.2 255.255.255.0
!
!
!
!

line con 0
!
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
!
end
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#service password-encryption
S1(config)#end
Part 2: Encrypt Communcation
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#ip domain-name netacad.pka
S1(config)#crypto key generate rsa
S1(config)#crypt
The name for the keys will be: S1.netacad.pka
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
S1(config)#username administrator secret cisco
*Mar 1 0:4:44.163: %SSH-5-ENABLED: SSH 1.99 has been enabled
S1(config)#line vty 0 15
S1(config-line)#no password
S1(config-line)#no login
Part 3: Verify SSH Implementation
S1(config-line)#login local
S1(config-line)#transport input ssh
S1(config-line)#exit
S1(config)#exit
S1#exit
[Connection to 10.10.10.2 closed by foreign host]
PC>ssh
Packet Tracer PC SSH
Usage: SSH -l username target
PC> ssh l administrator 10.10.10.2
Open
Password:

S1>
Penjelasan:
Pertama, melakukan telnet S1 10.10.10.2 dan memasukkan password dan username cisco. Kemudian,
dengan command show running-config akan memunculkan konfigurasi untuk memastikan password
yang ada di setting perangkat. Password masih dalam bentuk cipher text dan akan dienkripsi menjadi
angka acak dengan metode RSA. Kemudian dengan perintah service password-encryption akan
menenkripsi password tersebut menjadi sebuah password yang acak jika akan memunculkan pasword
kembali (show run). Kemudian untuk mengenkripsi komunikasi tersebut kita akan membuatt domain
name menjadi netacad.pka. Ip domain-name netacad.pka dan kemudian melakuakn enkripsi dengan
command crypto key generate RSA. Bit yang akan menjadi modulu untuk enkripsi rsa sebesar 1024
untuk membuat password menjadi sedikit lebih kompleks dengan metode enkripsi RSA. Kemudian
melakukan konfigurasi line vty. Konfigurasi tersebut akan mengecek username lokal yang ada di
database lokal juga untuk mengotentikasi credentials dari pengguna untuk memungkinkan dan
memperbolehkan koneksi ssh dilakukan melalui remote access. Kemudian dengan perintah no
password untuk menghilangkan password vty line yang sebelumnya. Kemudian keluar dari telnet
dengan perintah exit. Kemudian praktikan mencoba untuk menghubungkan dengan ssh ke perangkat
dan terjadi error yaitu langsung closed oleh perangkat. Dan kemudian praktikan mencoba untuk
melakukan ssh dengan perintah ssh l username target sebagai berikut dan memasukkan password
tadi yaitu cisco. Dan berhasil login, kemudian praktikan akan masuk ke privileged exec mode untuk
menyimpan konfigurasi ke konfigurasi utama di startup.
PKA 2-Configuring Switch Port Security
S1>en
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#int range fa0/1-2
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 1
S1(config-if-range)#switchport port-security mac-address sticky
S1(config-if-range)#switchport port-security violation restrict
S1(config-if-range)#int range fa0/3-24
S1(config-if-range)#shut
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/5, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/6, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/7, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/8, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/9, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/10, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/11, changed state to administratively down

%LINK-5-CHANGED: Interface FastEthernet0/12, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/13, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/14, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/15, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/16, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/17, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/18, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/20, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/21, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/22, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/23, changed state to administratively down
%LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down
S1(config-if-range)#exit
S1(config)#exit
S1#
%SYS-5-CONFIG_I: Configured from console by console
S1#show run
Building configuration...
Current configuration : 1675 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1

switchport mode access

switchport port-security
switchport port-security mac-address sticky
switchport port-security violation restrict
switchport port-security mac-address sticky 00E0.B027.2245
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security violation restrict
switchport port-security mac-address sticky 0001.647C.697E
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!

interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.10.10.2 255.255.255.0
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#int f0/3
S1(config-if)#no shut

S1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

Penjelaasan:
Switch(config)# interface interface_id
Memasuki mode konfigurasi antarmuka dan memasuki antarmuka fisik untuk mengkonfigurasi.
Switch(config-if)# switchport port-security
Memungkinkan keamanan port pada interface.
Switch(config-if)# switchport port-security maximum value
(pilihan) set jumlah maksimum keamanan MAC address pada antarmuka. Rentangannya adalah
1 sampai 3072, defaultnya adalah 1.
Switch(config-if)# switchport port-security mac-address sticky
(pilihan) mengaktifkan sticky learning pada antarmuka
Switch(config-if)# switchport port-security violation {restrict | shutdown}
(Opsional) Set modus pelanggaran, tindakan harus diambil ketika pelanggaran keamanan
terdeteksi. Restrict adalah pelanggaran keamanan membatasi data dan menyebabkan keamanan
counter untuk kenaikan dan mengirim pemberitahuan perangkat SNMP. Sedangkan shutdown
adalah antaramuka error-disabled saat terjadi pelanggaran keamanan
Switch(config-if)# show run
Menampilkan hasil konfigurasi
PKA 3- Troubleshooting Switch Port Security
Pertama praktikan diminta sebuah requerement untuk memutuskan home laptop dan mengoneksikan
kembali PC1 ke port.

Kemudian menghubungkan PC2 dengan S1 menggunakan kabel console agar menjadi seperti
topologi berikut:

Kemudian mengecek status port fast ethernet yang ada di S1 dengan melihat tiap IP address dan
statusnya.

Setelah melihat status tersebut ternyata ada sebuah interface yang berstatus administratively down.
Kemudian mengubah status interface menjadi up.

Kemudian sesuai dengan permintaan, PC1 akan bisa mengeping PC2. Melakukan verifikasi terhadap
hal tersebut. Pertama mencoba mengeck alamat ip dari PC2.

Memiliki alamat ip 10.10.10.11, kemudian akan diping dengan PC1

Dan hasilnya menunjukkan PC1 berhasil melakukan ping ke PC2.