Jumat, 31 Desember 2010

Lab 5.2.5 Configuring Dynamic NAT with SDM

Langkah 1: Buat sambungan dari PC ke router

  1. Power router.
  2. Power PC.
  3. Nonaktifkan program popup blocker apapun. Popup blocker mencegah jendela SDM dari tayangan tersebut.
  4. Hubungkan NIC PC ke FastEthernet 0 / 0 (Fa0 / 0) port pada router Cisco 1841 ISR dengan Ethernet kabel. Catatan: Sebuah router SDM selain 1841 mungkin memerlukan koneksi ke port yang berbeda untuk mengakses SDM.
  5. Konfigurasi alamat IP PC menjadi 192.168.1.2 dengan subnet mask 255.255.255.0.
  6. SDM tidak memuat secara otomatis pada router. Anda harus membuka web browser untuk mencapai SDM tersebut. Buka browser web pada PC dan terhubung ke URL berikut: http://192.168.1.1.
  7. Pada Hubungkan ke kotak dialog, masukkan admin untuk username dan cisco123 untuk memasukkan sandi. Ini dikonfigurasi di lab sebelumnya. Klik OK. Aplikasi web utama SDM akan mulai dan Anda akan diminta untuk menggunakan HTTPS. Klik Batal. Pada jendela Peringatan Keamanan, klik Ya untuk mempercayai Cisco aplikasi.
  8. Pastikan bahwa Anda menggunakan versi terbaru SDM. Layar SDM awal yang segera menampilkan setelah login menunjukkan nomor versi saat ini. Hal ini juga ditampilkan pada layar utama ditampilkan SDM di bawah ini, bersama dengan versi IOS.
Langkah 2: Konfigurasi SDM untuk menunjukkan Cisco IOS CLI perintah.
  1. Dari menu Edit SDM di jendela utama, pilih Preferensi.
  2. Periksa perintah Pratinjau sebelum pengiriman ke kotak cek router. Dengan kotak cek ini diperiksa, Anda dapat melihat Cisco IOS perintah CLI yang akan Anda gunakan untuk melakukan konfigurasi fungsi router sebelum perintah-perintah dikirim ke router. Anda dapat mempelajari tentang Cisco IOS Perintah CLI cara ini.
Langkah 3: Peluncuran Wizard NAT Dasar
  1. Dari menu Configure, klik tombol NAT untuk melihat halaman konfigurasi NAT. Klik Dasar NAT tombol radio lalu klik Launch tugas yang terpilih.
  2. Dalam Selamat datang di jendela NAT Dasar Wizard, klik Next
Langkah 4: Pilih antarmuka WAN untuk NAT
  1. Pilih Serial0/0/0 antarmuka WAN dari daftar. Centang kotak untuk kisaran alamat IP yang merupakan jaringan internal dari 192.168.1.0 ke 192.168.1.255. Ini adalah rentang yang memerlukan konversi menggunakan proses NAT.
  2. Klik Next, dan, setelah Anda telah membaca Ringkasan Konfigurasi, klik Finish.
  3. Dalam Kirim ke jendela Konfigurasi Router, meninjau perintah CLI yang dihasilkan oleh Cisco SDM. Ini adalah perintah yang akan dikirimkan ke router untuk mengkonfigurasi NAT. The perintah juga dapat dimasukkan secara manual dari CLI untuk menyelesaikan tugas yang sama. Centang kotak untuk menjalankan Simpan config. untuk startup router config. Catatan: Secara default, perintah yang Anda hanya dihasilkan hanya akan memperbarui router berjalan
    file konfigurasi saat dikirim. Jika router itu dimulai kembali, perubahan yang Anda buat akan hilang. Mencentang kotak ini akan memperbarui file konfigurasi startup juga, dan ketika router di restart, ia akan memuat perintah baru ke dalam menjalankan konfigurasi. Jika Anda memilih untuk tidak menyimpan perintah ke startup config saat ini, gunakan File> Tulis untuk Config startup opsi di SDM atau menggunakan copy running-config startup-config perintah dari CLI menggunakan sesi terminal atau Telnet.
  4. Klik Kirim untuk menyelesaikan konfigurasi router.
  5. Pada jendela Status Pengiriman Perintah, perhatikan teks yang mengatakan bahwa menjalankan config adalah berhasil disalin ke startup config. Klik OK untuk keluar wizard Basic NAT.
  6. Layar NAT akhir ini menunjukkan bahwa Interface Di dalamnya ada Fa0 / 0 dan antarmuka luar S0/0/0. The internal pribadi (Original) alamat akan diterjemahkan secara dinamis ke alamat publik eksternal.
Langkah 5: Refleksi
  1. Jika PC atau LAN dalam organisasi anda tidak membutuhkan akses Internet, apa yang Anda pikir akan menjadi salah satu cara untuk menghentikan PC dari memperoleh akses ke Internet? Jawaban : Hapus alamat IP PC yang atau jaringan yang dari daftar jaringan yang akan dikonversi oleh NAT.
  2. Pertimbangkan keterampilan yang Anda butuhkan untuk mengkonfigurasi NAT menggunakan Cisco IOS perintah CLI. Apa yang Anda berpikir keuntungan dan kerugian adalah untuk menggunakan SDM Cisco? Jawaban : Cisco SDM memungkinkan Anda mengkonfigurasi fungsi router dengan cepat dan mudah. Karena Cisco SDM menyembunyikan perintah CLI, akan sulit untuk mempelajari apa perintah CLI dan perintah Penggunaannya adalah. Karena Anda dapat mengkonfigurasi Cisco SDM untuk menunjukkan Anda Cisco IOS perintah CLI, Anda dapat belajar tentang perintah yang Anda gunakan Cisco SDM. 
  3. Mengapa Anda berpikir bahwa default, setelah perintah telah dihasilkan, adalah hanya memperbarui menjalankan file konfigurasi router saat dikirim? Mengapa tidak selalu update startup file konfigurasi sebagai baik? Apa keuntungan dan kerugian dari salah satu dari yang lain? Jawaban : Jika perubahan yang dibuat untuk menjalankan konfigurasi dan mereka menimbulkan masalah atau tidak menghasilkan hasil yang diinginkan, hal ini mungkin berguna untuk dapat langsung me-restart router dan memilikinya kembali kembali ke keadaan semula berdasarkan startup config. Kerugian dari tidak memperbarui startup config file pada saat yang sama di SDM adalah bahwa Anda harus ingat untuk melakukannya nanti atau perubahan akan hilang ketika router-restart.

Lab 5.2.3 Configuring an ISR with SDM Express

Step 1: Configure the PC to connect to the router and then launch Cisco SDM
a. Power up the router.
b. Power up the PC.
c. Disable any popup blocker programs. Popup blockers prevent SDM Express windows fromdisplaying.
d. Connect the PC NIC to the FastEthernet 0/0 port on the Cisco 1841 ISR router with the Ethernet cable.
NOTE: An SDM router other than the 1841 may require connection to different port in order to access SDM.
e. Configure the IP address of the PC to be 10.10.10.2 with a subnet mask of 255.255.255.248.
f. SDM does not load automatically on the router. You must open the web browser to reach the SDM.Open the web browser on the PC and connect to the following URL: http://10.10.10.1
NOTE 1 – If browser connection to router fails: If you cannot connect and see the login screen, check your cabling and connections and make sure the IP configuration of the PC is correct. The router may have been previously configured to an address of 192.168.1.1 on the Fa0/0 interface. Try setting the IP address of the PC to 192.168.1.2 with a subnet mask of 255.255.255.0 and connect to http://192.168.1.1 using the browser. If you have difficulty with this procedure, contact your instructor for assistance.
If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic router configuration using IOS commands.Refer to the procedure at the end of this lab or contact your instructor.
g. In the Connect to dialog box, enter cisco for the username and cisco for the password. Click OK. The main SDM web application will start and you will be prompted to use HTTPS. Click Cancel. In the Security Warning window, click Yes to trust the Cisco application.
h. In the Welcome to the Cisco SDM Express Wizard window, read the message and then click Next.
i. Verify that you are using the latest version of SDM. The initial SDM screen that displays immediately after the login shows the current version number. It is also displayed on the main SDM screen shown below, along with IOS version.
NOTE 2: If the current version is not 2.4 or higher, notify your instructor before continuing with this lab. You will need to download the latest zip file from the URL listed above and save it to the PC. From the Tools menu of the SDM GUI, use the Update SDM option to specify the location of the zip file and start the update.
NOTE 3 – If SDM Express Wizard fails to start: If you connect to the router and SDM Express starts but the SDM Express Setup Wizard shown above does not start automatically, the router may be partially configured and needs to be reset to its factory defaults. If the SDM Express main screen is displayed, choose the Reset to Factory Defaults option, repeat Steps 1a through 1e, and log in again. If the full SDM application starts (not SMD Express), choose the Reset to Factory Defaults option from the File menu on the main SDM screen, repeat Steps 1a through 1e, and log in again. If you have difficulty with this procedure, contact your instructor for assistance.
Also note that the Windows XP computer you are using must have Internet Explorer 5.5 or higher and SUN Java Runtime Environment (JRE) version 1.4.2_05 or later (or Java Virtual Machine (JVM) 5.0.0.3810). If it does not, SDM will not start. You will need to download and install JRE on the PC before continuing with the lab.

Step 2: Perform initial basic configuration
a. In the Basic Configuration window, enter the following information. When you complete the basic configuration, click Next to continue
· In the Host Name field, enter CustomerRouter.
· In the Domain Name field, enter the domain name customer.com.
· Enter the username admin and the password cisco123 for SDM Express users and Telnet users. This password gives access to SDM locally, through the console connection, or remotely using Telnet.
· Enter the enable secret password of cisco123. This entry creates an encrypted password that prevents casual users from entering privileged mode and modifying the configuration of the router using the CLI.
b. From the Router Provisioning window, click the radio button next to SDM Express and then clickNext.

Step 3: Configure the LAN IP address
In the LAN Interface Configuration window, choose FastEthernet0/0 from the Interface list. For interface FastEthernet 0/0, enter the IP address of 192.168.1.1 and subnet mask of 255.255.255.0. You can also enter the subnet mask information in a different format: entering a count of the number of binary digits or bits in the subnet mask, such as 255.255.255.0 or 24 subnet bits.

Step 4: De-select DHCP server
At this point, do not enable the DHCP server. This procedure is covered in a later section of this course. In the DHCP server configuration window, ensure that the Enable DHCP server on the LAN interface check box is cleared before proceeding. Click Next to continue.

Step 5: Configure the WAN interface
a. In the WAN Configuration window, choose Serial0/0/0 interface from the list and click the Add Connection button. The Add Connection window appears.
NOTE: With the 1841 router, the serial interface is designated by 3 digits – C/S/P, whereC=Controller#, S=Slot# and P=Port#. The 1841 has two modular slots. The designation Serial0/0/0 indicates that the serial interface module is on controller 0, in slot 0, and that the interface to be used is the first one (0). The second interface is Serial0/0/1. The serial module is normally installed in slot 0 but may be may be installed in slot 1. If this is the case, the designation for the first serial interface on the module would be Serial0/1/0 and the second would be Serial0/1/1.
b. From the Add Serial0/0/0 Connection dialog box, choose PPP from the Encapsulation list. From the Address Type list, choose Static IP Address. Enter 209.165.200.225 for the IP address and 255.255.255.224 for the Subnet mask. Click OK to continue. Notice that this subnet mask translates to a /27, or 27 bits for the mask.
c. Notice that the IP address that you just set for the serial WAN interface now appears in the Interface List. Click Next to continue.
d. Enter the IP address 209.165.200.226 as the Next Hop IP Address for the Default Route. Click Next to continue.
e. Ensure that the check box next to Enable NAT is cleared. This procedure is covered in a later section of this course. Click Next to continue.

Step 6: Enable the firewall and security settings
a. Depending on the router IOS version, the next step may be Firewall Configuration. In the Firewall Configuration window, click the radio button that enables the firewall and then click Next. The Security Configuration window appears.
b. Leave all the default security options checked in the Security Configuration window and then click Next.

Step 7: Review and complete the configuration
a. If you are not satisfied with the Cisco SDM Express Summary, click Back to fix any changes and then click Finish to commit the changes to the router.
b. Click OK after reading the Reconnection Instructions. Save these instructions to a file for future reference, if desired.
NOTE: Before the next time you connect, you will need to change the IP address of the PC to be compatible with the new address that you configured to FastEthernet 0/0. The Reconnectioninstructions are shown below.
c. When the delivery of the configuration to the router is complete. Click OK to close Cisco SDM Express.

Step 8: Reflection
a. What feature makes configuring the router easy?
b. Summarize the steps that are configured by the Cisco SDM Express
SDM router basic IOS configuration to bring up SDM
If the startup-config is erased in an SDM router, SDM will no longer come up by default when the router is restarted. It will be necessary to build a basic config as follows. Further details regarding the setup and use of SDM are can be found in the SDM Quick StartGuide:
http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_quick_start09186a0080511c89.html#wp44788
1) Set the router Fa0/0 IP address
(This is the interface that a PC will connect to using a browser to bring up SDM. The PC IP address should be set to 10.10.10.2  255.255.255.248)
NOTE: An SDM router other than the 1841 may require connection to different port in order to access SDM.
Router(config)# interface Fa0/0
Router(config-if)# ip address 10.10.10.1 255.255.255.248
Router(config-if)# no shutdown
2)  Enable the HTTP/HTTPS server of the router, using the following CiscoIOS commands:
Router(config)#ip http server
Router(config)#ip http secure-server
Router(config)#ip http authentication local
3) Create a user account with privilege level 15 (enable privileges).
Router(config)# username privilege 15 password 0
Replace and with the username and password that you want to configure.
4)  Configure SSH and Telnet for local login and privilege level 15:
Router(config)#line vty 04
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit

Lab 5.1.2 Powering Up an Integrated Services Router

Step 1 : position router and connect ground wire (Optional)
Note : this Step is optional and is required only if the router is being set up for the first time. Read through it to become familiar with the process.
a. Position the router chassis to allow unrestricted air  flow for chassis cooling. Keep at least 1inch  ( 2.5 4 c m ) of clear space beside the cooling inlet and exhaust vents. CAUTION : Do not place any items that weigh more than 10 pounds (4.5  kilograms)  on top of the chassis, and do not stack routers on top of each other.
b. Connect the chassis to a reliable earth ground using a ring terminal and size 14AWG (2 mm ) wire using these step :
NOTE: Your instructor should inform you where a reliable earth ground is
1. Strip one end of the ground wire to expose approximately 3/4 inch ( 20mm ) of conductor.
2. Crimp the 14AWG (2 mm ) green ground wire to a UL Listed / CS A certified ring terminal using a crimping tool that is recommended by the ring terminal manufacturer. The ring terminal provided on the back panel of the Cisco 1841 ISR router is suitable for a Number 6 grounding screw.
3. Attach the ring terminal to the chassis as shown in the figure below. Use a Number 2 Phillips screw driver and the screw that is supplied with the ring terminal and tighten the screw
4. Connect the other end of the ground wire to a suitable earth ground that the instructor indicates.
Step 2 : Install the Compact Flash memory card ( Optional)
NOTE: This step is optional and is required only if the router is being set up for the first time. To avoid wear on the memory card and ejector mechanism, do not actually perform this step. Read through it to become familiar with the process.
a. Attach a grounding strap to your wrist to avoid electro shock damage to the card. Seat the external Compact Flash memory card properly into the slot. This step depends on the type of router. Not all routers have flash cards.
b. If  the router has a Compact Flash memory card, check that the ejector mechanism is fully seated. Theejector button is next to the Compact Flash memory card.
c. Connect the power cable to the ISR and to the power outlet.

Step 4: Power up the ISR
a. Move the power switch on the back of the ISR to the ON position. During this step, the LEDs on the chassis turn on and off, not necessarily at the same time. The LED  activity depends on what is installed in  the ISR .
b.Observe the startup messages as they appear in the terminal emulation  program window. While these messages are appearing, do not press any keys  on the keyboard. Pressing a key interrupts the router start up process. Some examples of start up messages displayed are the amount of main memory installed and the image type of the Cisco IOS software that the computer is using. Can you find these example start up  messages in the following figure?

Step 5 : Reflection
a. Is  there anything about this procedure that is risky?
b. Why do the router cover, all modules, and cover plates need to be installed?
c. How many routers can you safely stack on top of each other ?
1) 0
2) 1
3) 2
4) 3

Lab 4.2.4 Determining PAT Translations

Langkah 1: Tentukan alamat IP komputer
  1. Buka jendela Command Prompt dengan mengklik Start> Run dan ketik cmd. Atau, Anda mungkinmklik Start> All Program> Accessories> Command Prompt. Pada tipe, prompt ipconfig perintah untuk menampilkan alamat IP dari komputer.
  2. Apa alamat IP dari komputer? Apakah ada nomor port yang ditampilkan, dan mengapa atau mengapa tidak?  Jawaban: Alamat IP seperti yang ditunjukkan untuk adapter aktif pada komputer Tidak ada nomor port akan ditampilkan, karena nomor port berhubungan dengan koneksi aktif antara proses pada beberapa perangkat.
Langkah 2: Tentukan alamat IP dari router gateway atau ISR
Periksa dengan instruktur Anda untuk mendapatkan alamat IP untuk gateway NAT ISR router.
Internal Ethernet Alamat:
Eksternal alamat Internet:
Langkah 3: Hasil baseline Tampilan netstat
  1. Pada command prompt, ketik perintah netstat-n.
  2. Apa jenis informasi yang tidak kembali perintah netstat-n? Jawaban : Aktif informasi Koneksi ditampilkan: Protokol, Lokal Alamat, Alamat Asing, Negara. IP alamat dan nomor port akan ditampilkan.
  3. Mana alamat IP yang ditemukan pada Langkah 1 muncul? Apakah ada nomor port yang terkait dengan itu? Mengapa atau mengapa tidak? Jawaban : Perintah netstat menunjukkan alamat IP lokal pada kolom Alamat Lokal. Port number mungkin atau mungkin tidak akan ditampilkan tergantung pada koneksi aktif saat ini. Catatan: Jika komputer telah diam selama beberapa saat dan tidak ada koneksi jaringan baru-baru ini dilakukan, mungkin tidak menunjukkan entri atau hanya menampilkan alamat loopback dan nomor port di Lokal dan Asing Kolom alamat (misalnya 127.0.0.1:1039)
Langkah 4: Tampilkan koneksi jaringan aktif
  1. Ping alamat www.cisco.com dan mencatat.
  2. Buka web browser dan masukkan www.cisco.com di address bar.
  3. Kembali ke jendela Command Prompt. Ketik perintah netstat-n lagi, dan kemudian ketik
    perintah tanpa opsi-n. Outputnya terlihat mirip dengan gambar berikut, tergantung pada apa aplikasi jaringan lainnya dan sambungan terbuka ketika anda mengeluarkan perintah.
  4. Apa perbedaan di antara output netstat dan perintah netstat-n?
    Jawaban : Tanpa n-opsi, alamat IP yang memutuskan untuk host nama, dan nomor protokol yang dikonversi ke nama protokol.
  5. Tulis entri koneksi untuk alamat IP klien dan alamat IP dari www.cisco.com yang
    web server. alamat IP lokal klien dan nomor port: Luar Negeri Alamat IP dan nomor port:
  6. Apakah entri netstat ada lebih kedua kalinya? Jawaban : Mungkin ya
Langkah 5: Tentukan diterjemahkan alamat
Gunakan informasi yang dicatat dalam langkah 2 dan 4 dan diagram topologi yang ditampilkan pada awal lab untuk mengisi Alamat: kolom Port.
Langkah 6: Refleksi
  1. Alamat port translation (PAT) juga disebut dengan NAT overload. Apakah yang “overload” Istilah lihat untuk? Jawaban : Menggunakan satu “kelebihan beban” alamat eksternal untuk menerjemahkan untuk alamat internal beberapa.
NAT terminologi yang digunakan dalam laboratorium mencakup empat jenis alamat: di-lokal, di dalam-global, luar-lokal, dan luar-global. Dalam banyak hubungan yang melalui router NAT, dua dari alamat sering sama. Yang dua dari empat alamat biasanya tetap tidak berubah, dan mengapa Anda berpikir bahwa ini terjadi?
Jawaban : Luar lokal dan luar global, karena alamat IP di luar atau tujuan harus tetap yang sama untuk host internal untuk dapat mencapai host yang lain di Internet.

Lab 4.1.5 Subnetting a Network

Step 1. Analyze the network

  1. perhitungkanlah berapa minimal subnet host yang dibutuhkan:
·         30 hosts
·         5 bits
b.    S ubnet terbesar harus dapat mendukung host yaitu 3 subnets
  1. Ya
Step 2. Calculate the custom subnet mask
Sekarang jumlah bit subnet ID diketahui, subnet mask dapat dihitung. Sebuah jaringan kelas C memiliki
default subnet mask dari 24 bit, atau 255.255.255.0. Apa yang akan subnet mask custom bisa?
Subnet mask kustom untuk jaringan ini akan menjadi  255.255.255.224 atau / 27
Step 3. Specify the host IP addresses
Sekarang subnet mask diidentifikasi, skema pengalamatan jaringan dapat dibuat. Pengalamatan
skema termasuk nomor subnet, alamat broadcast subnet, dan kisaran alamat IP
dialihkan ke host.
  1. Lengkapi tabel yang menunjukkan semua subnet yang mungkin untuk jaringan 192.168.1.0.
Step 4. Consider other subnetting options
Bagaimana jika ada lebih dari 30 host yang harus didukung pada porsi baik kabel atau nirkabel
jaringan. Anda bisa meminjam lebih sedikit bit, yang akan membuat subnet yang lebih sedikit, namun masing-masing akan mendukung besar jumlah host per subnet.
  1. Berapa banyak bit akan dipinjam untuk membuat empat subnet? Jawaban : 2 bit (2 ^ 2 = 4 subnet)
  2. Berapa banyak bit akan ditinggalkan untuk host pada subnet masing-masing? Jawaban : 6 bit
  3. Berapa jumlah maksimum host setiap subnet dapat mendukung? Jawaban : 2 ^ 6 = 64-2 = 62
  4. Apa yang akan subnet mask dalam desimal bertitik dan nomor slash (/ #) format?
    Jawaban : Pinjaman 2 bit akan membuat 255.255.255.192 atau / 26 subnet mask.
  5. Jika Anda mulai dengan jaringan 192.168.1.0 yang sama seperti sebelumnya dan subnet ke empat subnet, apa yang akan nomor subjaringan? Jawaban : 192.168.1.0, 192.168.1.64, 192.168.1.128, 192.168.1.192
Step 5. Reflection
  1. Apakah subnetting membantu mengurangi masalah deplesi alamat IP? Jelaskan jawaban Anda. Jawaban : Ya. Subnetting mengizinkan kita untuk menggunakan satu alamat kelas C untuk mendukung berbagai jaringan.
  2. Rough Desain Diagram Catatan mencatat bahwa subnet nirkabel akan memiliki hingga 30 PC
    menghubungkan. Dalam berpasangan atau dalam kelompok kecil, berdiskusi maupun tidak yang menciptakan situasi di mana IP alamat mungkin akan sia-sia. Apakah itu penting, dan mengapa atau mengapa tidak?
     
  3. Ada metode alternatif dari subnetting dengan CIDR dan VLSM. Apakah VLSM menjadi berharga pilihan untuk subnetting jaringan ini? Diskusikan dalam kelompok kecil

Lab 3.2.4.2 Evaluating a Cabling Upgrade Plan

Step 1: Examine the existing floor plan

a .  From the information provided on the existing floor plan, label the following items:
1) POP –Point of Presence
2) MDF – Main Distribution Facility
3  IDF – Intermediate Distribution Facility
4) vertical/Backbone Cabling
5 ) Horizontal Cabling
b . What type of cabling could be used for the vertical/back bone cabling? Explain your answer
Jawaban : Kabel yang digunakan ialah vertical backbone cable, alasannya karena jaringan yang akan dibangun terletak pada lantai dua dan jika dianalogikan posisi masing masing device kerja atau bagian kerja akan bersimpangan. Oleh karena itu kabel yang digunakan ialah vertical backbone cable dangan sambungan vertical patch panel.Step 2 :Evaluate plan for new floor space.
Any Company  has just  merged  with a small web design group and has acquired the remaining space on the second floor  to accommodate the web design team .  This  new space is represented on the diagram as the floor  space highlighted on the right side of the floor  plan.  It has been decided to add a second IDF to  support the work stations in the new area.
  1. Suggest a possible  location for the new IDF . What room / location did you choose and explain why you think it is suitable?
Jawaban : Ruangan / lokasi yang cocok untuk memasang IDF baru ialah pada telecommunication room . karena IDF sebagai fasilitas pendistribusi merupakan perangkat yang harus tersusun dengan perangkat server.
b . What type of cable would you suggest for the vertical cabling required to connect the new IDF to the existing MDF? Explain your reasons
Jawaban : Jenis cable yang digunakan untuk menghubungkan IDF dan MDF adalah Horizontal Cabling, alasannya IDF dan MDF dihubungkan untuk langsung terkoneksi ke area kerja (work area) sehingga harus menggunakan cabel horizontal.
c. The new space contains mostly offices.  Assume that each office will be provisioned with 2 data drops. Also plan for 2 drops  in the auditorium to support Internet access for presentations and training sessions. How many additional data drops need to be ordered?
Jawaban : Dibutuhkan dua data drops lagi.
d . You have been asked to determine the number of  new 24 port switches required for the new IDF. Remember to plan on approximately 25% growth. How many new switches will Company ABC need to purchase?
Jawaban : Banyaknya switch yang dibutuhkan dengan perkembangan perusahaan yang dianalisa 25% adalah 60 buah switch dengan perhitungan. Masing – masing lantai terdiri dari 24 switch dan perlutambahan untuk perkembangan sebanyak 6 buah  = 24 x 2 = 48
+ 12 = 60 buah switch
e . How many horizontal cables will terminate on patch panels in the new IDF?
Jawaban : sebanyak 32  buah kabel horizontal, termasuk pada telecommunications room.
Step3: Examine the floor space and wiring plan.
a .  What equipment other than switches would you expect to find in the new IDF?
Jawaban : Horizontal cable, switch,hub
b .  What equipment other than switches would you expect to find in the MDF?
Jawaban : Vertical cable,router.
c    Using existing cable runs, could you use UTP to connect the devices  in room 2.20 or 2 .30 directly into a switch in the MDF?
Jawaban : Ya, bisa dapat langsung digunakan.
Step 4 . Reflection
a .  Is  it better to have an IDF in this floor space or should the company run the horizontal cables for each device directly back to the existing MDF?
Jawaban : Lebih baik menggukan IDF dengan koneksi kabel horizontal untuk terhubung sebagai mediator untuk distribusi.
b. How many cables will be required from the MDF to the IDF to support the switches? Explain your answer
Jawaban : 3 buah kabel, alasannya setelah terkoneksi dengan router, dibutuhkan 3 lagi alat berupa repeater. Maka agar alat itu bisa digunakan dibutuhkan 3 lagi kabel horizontal.

Lab 1.2.3 Mapping ISP Connectivity Using Traceroute

Step 1: Run the tracert utility from a host computer

a. Verify that the host computer has a connection to the Internet.
b. Open a Command Prompt window by clicking Start > Run and typing cmd. Alternatively, you may click Start > All programs > Accessories > Command Prompt.
c.  At the prompt, type tracert and your first destination website. The output should look similar to the following:
d. Save the tracert output in a text file as follows:
1)  Right-click the title bar of the Command Prompt window and choose Edit > Select All.
2)  Right-click the title bar of the Command Prompt window again and choose Edit > Copy.
3) Open the Windows Notepad program: Start > All Programs > Accessories > Notepad.
4)  To paste the output into Notepad, choose Edit > Paste.
5) Choose File > Save As and save the Notepad file to your desktop as tracert1.txt.
e. Run tracert for each destination website and save the output in sequentially numbered files.
f. Run tracert from a different computer network, for example, from the public library or from a friend’s computer that accesses the Internet using a different ISP (for instance, cable instead of DSL). Save a copy of that output in Notepad and print it out for later reference.
Step 2: Interpret tracert outputs to determine ISP connectivity
Routes traced may go through many hops and a number of different ISPs depending on the size of your ISP and the location of the source and destination hosts. In the example output shown below, the tracert packets travel from the source PC to the local router default gateway to the ISPs Point of Presence (POP) router and then to an Internet Exchange Point (IXP). From there they pass through two Tier 2 ISP routers and then though several Tier 1 ISP routers as they move across the Internet backbone. When they leave the Tier 1 ISPs backbone, they move through another Tier 2 ISP on the way to the destination server at www.ripe.net.
a.  Open the first traceroute output file and answer the following questions.
1)  What is the IP address of your local POP router?
Jawaban : Ip address dari local POP Router adalah 192.168.190.5
2)  How many hops did the traceroute packet take on its journey from the host computer to the destination?
Jawaban : Pengambilan paket data selama proses pada tracert ada sebanyak 16 kali
3)  How many different ISPs did the traceroute packet pass through on its journey from the host computer to the destination?
Jawaban : Jumlah tracert melewati isp yang berbeda untuk sampai ketujuan ada sebanyak 5 kali adapun alamat alamat tujuan
  1. if-1-0-0-1980.mcore3.laa-losangeles.as6453.net [66.110.59.18]
  2. ix-10-0-0-0.tcore1.lvw-losangeles.as6453.net [216.6.84.49]
  3. if-10-0.core3.nto-newyork.as6453.net [216.6.57.66]
  4. if-7-0-0.core2.ad1-amsterdam.as6453.net [80.231.81.45]
  5. if-4-0.mcore3.njy-newark.as6453.net [216.6.84.2]
4)  List the IP addresses and URLs of all the devices in the traceroute output in the order that they appear on the Routes Traced worksheet.
5)  In the Network Owner column of the worksheet, identify which ISP owns each router. If the router belongs to your LAN, write “LAN”. The last two parts of the URL indicates the ISP name. For example, a router that has “sprint.net” in its URL belongs to the network of an ISP called Sprint.
6)  Did the traceroute pass through an unidentified router between two ISPs? This might be an IXP. Run the whois command utility or whois function of a visual traceroute program to identify ownership of that router. Alternatively, go to http://www.arin.net/whois to determine to whom the IP is assigned.
b.  Complete the worksheet using the traceroute output file for each of the other destination URLs.
c.  Compare your results from the different traceroute output files. Did your ISP connect to different ISPs to reach different destinations?
Jawaban : Ya, pada kasus melakukan tracert ke http://whois.arin.net/ui isp nya masing masing protocol yang berbeda salaing terkoneksi untuk mencapai tujuan yaitu hit-nxdomain.opends.com [67.215.65.132]
Dan adapun ISP yang berbeda untuk saling terkoneksi adalah
  1. xe-1-0-0.r21.newthk02.hk.bb.gin.ntt.net [129.250.3.206]
  2. p64-4-1-1.r21.tokyjp01.jp.bb.gin.ntt.net [129.250.3.1]
  3. as-0.r21.Isanca03.us.bb.gin.ntt.net [192.250.6.4]
d.  If you ran a traceroute from a different computer network, check the output for that traceroute file as well. Was the number of hops different to reach the same destination from different local ISPs? Which ISP was able to reach the destination in fewer hops?
Jawaban : Jumlah HOP untuk mencapai destination pada sebuah alamat tracert yang dituju akan tetap sama. Meskipun telah dilakukan beberapa kali test tracert akan memunculkan jumlah list hop yang sama. Maka ISP yang membutuhkan sedikit hop untuk mencapai tujuannya adalah ISP B (cable service provider)
Step 3: Map the connectivity of your ISP
a.  For each traceroute output, draw a diagram on a separate sheet of paper showing how your local ISP interconnects with other ISPs to reach the destination URL, as follows:
1)  Show all of the devices in sequence from the LAN router to the destination website server. Label all of the devices with their IP addresses.
2)  Draw a box around the local POP router that you identified, and label the box “POP”.
3)  Draw an ISP cloud around all the routers that belong to each ISP, and label the cloud with the ISP name.
4)  Draw a box around any IXP routers that you identified, and label the box “IXP”.
b. Use the Global Connectivity Map to create a combined drawing showing only ISP clouds and IXP boxes.
Worksheet for Routes Traced
Destination URL: www.ripe.net [193.0.6.139]          Total Number of Hops: 16
Router IP Address
Router URL(if any)
Network Owner(LAN, Name of ISP or IXP)
192.168.190.5

ns4.unp.ac.id
192.168.37.9
58.26.87.109
tm.net.my
66.110.59.18

losangeles.as6453.net
216.6.84.49

losangeles.as6453.net
216.6.84.2

njy-newark.as6453.net
216.6.57.66

nto-newyork.as6453.net
80.231.81.45

ad1-amsterdam.as6453.net
80.231.81.18

ad1-amsterdam.as6453.net
195.219.150.70

ad1-amsterdam.as6453.net
195.69.144.68

gw.amsix.nikrtr.ripe.net
193.0.6.139

www.ripe.net

Lab 9.5.2 Troubleshooting ACL Configuration and Placement

Step 1: Connect the equipment
  1. Connect the Fa0/0 interface of Router 1 to the Fa0/1 interface of the switch using a straight-through cable.
  2. Connect each host to the Fa0/2 switch port of the switch using a straight-through cable.
  3. Connect serial cables from Router 1 to Router 2 according to the topology diagram.
  4. Connect both hosts on Router 2 to the Fa0/0 and Fa0/1 of Router 2 using crossover cables according to the above topology.
Step 2: Load the preconfiguration on ISP
  1. See your instructor for obtaining the preconfigurations for this lab.
  2. Connect Host 1 to the console port of Router 1 to perform loading the preconfigurations using a terminal emulation program.
  3. Transfer the configuration from Host 1 to Router 1:
1) In the terminal emulation program on H1, choose Transfer > Send Text File.
2) Locate the preconfiguration file and choose Open to start the transfer of the preconfiguration to Router 1.
3) When the transfer is complete, save the configuration.

Step 3: Load the preconfiguration on HQ
Copy the preconfiguration on HQ using the process detailed in Step 2.

Step 4: Configure hosts H1 and H2
  1. Configure the Ethernet interfaces of H1 and H2 with the IP addresses and default gateways from the addressing table.
  2. Test the PC configuration by pinging the default gateway from each PC.
Step 5: Configure the web server host H3
  1. Load the Discovery LIVE CD on Host H3. The server’s Ethernet interface is preconfigured with the IP address and default gateway shown in the addressing table. If using another web server, configure the IP address and subnet mask to match that in the table.
  2. Test the PC configuration by pinging the default gateway from the PC.
Step 6: Troubleshoot the HQ router and access list 101
  1. Begin troubleshooting with the HQ router.
Access list 101 is implemented to protect the internal corporate network zone, which houses private servers and internal clients. No other network should be able to access it. Protecting the corporate network begins by specifying which traffic can exit out of the network.
b.    Examine the HQ router to find possible configuration errors. Begin by viewing the summary of access list 101. Enter the command show access-list 101.
  1. Verify reachability by pinging all systems and routers from
  2. If any errors were found, make the necessary configuration changes to HQ. Remember that access lists have to be deleted and re-entered if there is any discrepancy in the commands. E
  3. Issue the command show ip interface fa0/0.
  4. Perform the pings from Step 6c again. If the pings are not successful, continue to troubleshoot other access lists.
Step 7: Troubleshoot the HQ router and access list 102
  1. Continue troubleshooting with the HQ router. Access list 102 is implemented to limit the traffic into the corporate network
  2. Examine the HQ router to find possible configuration errors. Begin by viewing the summary of access list 102. Enter the command show access-list 102.
  3. Verify reachability by pinging all systems and routers from each system. If the access list is working correctly, H1 cannot ping H2, but all of the other pings should be successful.
Can H2 ping the web server? __________ no
Can H2 ping H1? __________ no
Can H1 ping the web server? __________ no
Can H1 ping H2? __________ no
d.    If any errors were found, make the necessary configuration changes to HQ. Remember to delete the entire access list before making the corrections. The commands must be in logical, sequential order.
  1. H2 should be able to ping H1. However, H1 should not be able to ping H2 at this point. Open a web browser, such as Windows Explorer, Netscape Navigator, or Firefox and enter the address of the web server in the address location. Verify that H2 has web access to the web server.
  2. Issue the command show ip interface fa0/0.
Is the access list applied in the correct direction on the interface? __________ yes
Step 8: Troubleshoot the HQ router and access list 111
  1. Continue troubleshooting with the HQ router. Access list 111 is implemented to protect the DMZ network.
  2. Examine the HQ router to find possible configuration errors. Begin by viewing the summary of access list 111. Enter the command show access-list 111.
  3. Verify reachability by pinging all systems and routers from each system. H1 should not be able to ping H2, but all other pings should be successful if the access list is correct.
Step 9: Troubleshoot the HQ router and access list 112
  1. Continue troubleshooting with the HQ router. Access list 112 is implemented to protect the DMZ network.
  2. Examine the HQ router to find possible configuration errors. Begin by viewing the summary of access list 112. Enter the command show access-list 112.
  3. Verify reachability by pinging all systems and routers from each system. Only H2 should be able to successful ping all locations. If the access list is correct, H1 should not be able to ping the web server or H2.
Step 10: Troubleshoot the HQ router and access list 121
  1. Continue troubleshooting with the HQ router.mAccess list 121 is implemented to deter spoofing.
  2. Examine the HQ router to find possible configuration errors. Begin by viewing the summary of access list 121. Enter the command show access-list 121.
  3. Verify reachability by pinging all systems and routers from each system. If the access list is correct, only H2 should successfully ping the web server.
  4. d. Issue the command show interface serial0/0/0.
Is the access list applied in the correct direction on the interface? __________ no
Step 11: Reflection
There were a number of configuration errors in the preconfigurations that were provided for this lab. Use this space below to write a brief description of the errors that you found.
Jawaban : The student should briefly summarize the errors encountered with the ACLs.