CISCO PACKET TREACER (11.6.2)

 Switch Security Configuration

Nama : Elsa sandra dewi

Kelas : XI TJKT B 

Absen : 13

Rangkuman Materi :

 
Port Security adalah suatu kemanan jaringan yang dipakai pada Switch Cisco yang berfungsi untuk membatasi jumlah host dan menentukan host lain yang bisa terkoneksi pada setiap port yang ada di switch

Langkah-langkah :

1. Lakukan konfigurasi di R1

enable 
configure terminal 
hostname R1
 no ip domain lookup
 ip dhcp excluded-address 192.168.10.1 192.168.10.9 
ip dhcp excluded-address 192.168.10.201 192.168.10.202
 ! ip dhcp pool Students network 192.168.10.0 255.255.255.0 
default-router 192.168.10.1
 domain-name CCNA2.
Lab-11.6.1 ! interface Loopback0 ip address 10.10.1.1 255.255.255.0 !
 interface GigabitEthernet0/0/1 description Link to S1 Port 5
 ip dhcp relay information trusted ip address 192.168.10.1 255.255.255.0
 no shutdown ! line con 0 logging synchronous exec-timeout 0 0

R1# show ip interface brief

2. Konfigurasikan dan verifikasi pengaturan sakelar dasar.

Switch# config t

Switch(config)# hostname S1 

S1(config)# no ip domain-lookup

S1(config)# interface f0/1 

S1(config-if)# description Link to S2 

S1(config-if)# interface f0/5 

S1(config-if)# description Link to R1 

S1(config-if)# interface f0/6 

S1(config-if)# description Link to PC A - B

S1(config)# ip default-gateway 192.168.10.1

(Lakukan konfigurasi yang sama pada S2)

3. Konfigurasikan VLAN pada Switch.

S1(config)# interface vlan 10 

S1(config-if)# ip address 192.168.10.201 255.255.255.0 

S1(config-if)# description Management SVI S1(config-if)# no shutdown

S1(config)# vlan 333 

S1(config-vlan)# name Native

S1(config-vlan)# vlan 999 

S1(config-vlan)# name ParkingLot

(Lakukan konfigurasi vlan yang sama pada S2)

4.Konfigure Switch Security.

S1(config)# interface f0/1 

S1(config-if)# switchport mode trunk 

S1(config-if)# switchport trunk native vlan 333 

S1# show interface trunk

S1(config)# interface f0/1 

S1(config-if)# switchport nonegotiate

S1(config)# interface range f0/5-6 

S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 10

S1(config)# interface range f0/2-4 , f0/7-24, g0/1-2 

S1(config-if-range)# switchport mode access S1(config-if-range)# switchport access vlan 999 S1(config-if-range)# shutdown 

S2(config)# interface range f0/2-17 , f0/19-24, g0/1-2 

S2(config-if-range)# switchport mode access S2(config-if-range)# switchport access vlan 999 

S2(config-if-range)# shutdown

S1(config-if)# switchport port-security S1(config-if)# switchport port-security maximum 3 

S1(config-if)# switchport port-security violation restrict

S1(config-if)# switchport port-security aging time 60 

S1(config-if)# switchport port-security aging type inactivity

S1(config)# interface f0/6 
S1(config-if)# switchport port-security S1(config-if)# switchport port-security maximum 3 
S1(config-if)# switchport port-security violation restrict 
S1(config-if)# switchport port-security aging time 60 
S1(config-if)# switchport port-security aging type inactivity

S2(config)# interface f0/18 

S2(config-if)# switchport port-security S2(config-if)# switchport port-security mac-address sticky

S2(config)# interface f0/18 

S2(config-if)# switchport port-security aging time 60 

S2(config-if)# switchport port-security maximum 2 

S2(config-if)# switchport port-security violation protect

S2(config)# ip dhcp snooping S2(config)# ip dhcp snooping vlan 10

S2(config)# interface f0/1 S2(config-if)# ip dhcp snooping trust

S2(config)# interface f0/18 S2(config-if)# ip dhcp snooping limit rate 5

S1(config)# interface f0/6 S1(config-if)# spanning-tree bpduguard

S1# show spanning-tree interface f0/6 detail

(cek juga pada S2)

Link vidio cisco packet treacer :

https://drive.google.com/drive/folders/1bGsxuffjxs1lR99gN2UY4sxcKvnGtEOZ