On the 4th day BLC Klaten
by. M Rifki
VLAN
=================
Vlan
=================
- cost reduction
- higher performance
- decrease broadcast storm
- improve IT staff efficiency
- Security
Vlan ada 2
- vlan data
- vlan voice (cne) cisco ip phone
Vlan switch
1. access port
2. trunk port melewatkan banyak vlan
===============================
Dynamic Trunking Protocol
==============
==============
VTP SERVER
==============
Switch>ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vtp m
Switch(config)#vtp mode s
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp do
Switch(config)#vtp domain "serverku"
Changing VTP domain name from NULL to serverku
Switch(config)#vtp domain "server" oke
^
% Invalid input detected at '^' marker.
Switch(config)#vtp domain "server" -ok
^
% Invalid input detected at '^' marker.
Switch(config)#vtp domain "server"
Changing VTP domain name from serverku to server
Switch(config)#vlan database "10" name "A"
^
% Invalid input detected at '^' marker.
Switch(config)#vlan database"10"name"A"
^
% Invalid input detected at '^' marker.
Switch(config)#vlan
Switch(config)#vlan 10
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
====================
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp domain satyo
Changing VTP domain name from server to satyo
Switch(config)#vtp password nugroho
Setting device VLAN database password to nugroho
Switch(config)#
==============
VTP Tranparent
==============
Switch>ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface range fa0/12
interface range not validated - command rejected
Switch(config)#interface range fa0/5
interface range not validated - command rejected
Switch(config)#interface range fa0/1
Switch(config-if-range)#switch po
Switch(config-if-range)#switch port mode t
Switch(config-if-range)#switch port mode tr
Switch(config-if-range)#switch port mode trunk
^
% Invalid input detected at '^' marker.
Switch(config-if-range)#swit
Switch(config-if-range)#switchport mo
Switch(config-if-range)#switchport mode tr
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#exit
Switch(config)#vtp mode tra
Switch(config)#vtp mode transparent
Device mode already VTP TRANSPARENT.
Switch(config)#vtp domain satyo
Changing VTP domain name from NULL to satyo
Switch(config)#vtp pas
Switch(config)#vtp password nugroho
Setting device VLAN database password to nugroho
Switch(config)#
=====================
Pengujian
=====================
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp mode server
Device mode already VTP SERVER.
Switch(config)#vtp domain satyo
Changing VTP domain name from server to satyo
Switch(config)#vtp password nugroho
Setting device VLAN database password to nugroho
Switch(config)#!!
Switch(config)#vlan 10
Switch(config-vlan)#name vlan10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name vlan20
Switch(config-vlan)#exit
Switch(config)#vlan 30
Switch(config-vlan)#name vlan30
Switch(config-vlan)#exit
Switch(config)#
======================
VTP Client
======================
Switch(vlan)#!!!!
Switch(vlan)#
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#ena
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#in
Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vtp mode client
Device mode already VTP CLIENT.
Switch(config)#vtp domain satyo
Domain name already set to satyo.
Switch(config)#vtp password nugroho
Password already set to nugroho
Switch(config)#
=============================
Post security
===========================
only valid mac-address allowed
- dynamic mac address
- static mac address
- sticky mac address
VPCS> ip 192.168.10.1/24
VPCS> ip 192.168.10.3/24
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW-01
SW-01(config)#no ip routing
SW-01(config)#int et0/0
SW-01(config-if)#switchport mode access
SW-01(config-if)#switchport port-security
SW-01(config-if)#show port-security address
^
% Invalid input detected at '^' marker.
SW-01(config-if)#sh
SW-01(config-if)#sho
SW-01(config-if)#show po
SW-01(config-if)#show port-
SW-01(config-if)#show port-s
SW-01(config-if)#show port-securt
SW-01(config-if)#show port-securi
SW-01(config-if)#show port-security address
^
% Invalid input detected at '^' marker.
SW-01(config-if)#exit
SW-01(config)#do show port-security address
Secure Mac Address Table
-----------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0050.7966.6803 SecureDynamic Et0/0 -
-----------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096
SW-01(config)#
=============
ether channel
=============
etherchannel verification
- show etherchennel summary
- show etherchannel
- show interface port-channel x
=============
Spanning tree
=============
Kalkulasi untuk menentukan pusat komunikasi yang akan
dilewati trafffic
1. lowest priority
2. lowes mac address
3. lowest bandwidth
4. Higher cost
Spanning tree status
1. root bridge
2. designed port
3. root port
4. alternative port
Spanning tree feature
- portfast
- backbond fast
- uplink fast
- BPDUguard
- BPDUfilter
- loop guard
- root guard
switch multi layer
1. portbased
2. routing
