Kamis, 26 September 2024

Switch Security Configuration

 



Pengertian Switch Security Configuration

Switch Security Configuration atau Konfigurasi Keamanan Switchport adalah fitur keamanan yang membatasi alamat yang diizinkan untuk mengirim lalu lintas pada switchport individual. Fitur ini sangat berguna jika digunakan dengan benar, namun dapat menyebabkan masalah jika dikonfigurasi secara salah.


Langkah-langkah :

1.Di R1 ketikan :

enable
configure terminal
hostname R1
no ip domain lookup
ip dhcp excluded-address 192.168.10.1 192.168.10.9
ip dhcp excluded-address 192.168.10.201 192.168.10.202
ip dhcp pool Students
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
domain-name CCNA2.Lab-11.6.1
interface Loopback0
ip address 10.10.1.1 255.255.255.0
interface GigabitEthernet0/0/1
description Link to S1 Port 5
ip dhcp relay information trusted
ip address 192.168.10.1 255.255.255.0
no shutdown
line con 0
logging synchronous
exec-timeout 0 0

R1# show ip int brief

2.Di S1 ketikan :

Switch# config t
Switch(config)# hostname S1
S1(config)# no ip domain-lookup
S1(config)# interface f0/1
S1(config-if)# description Link to S2
S1(config-if)# interface f0/5
S1(config-if)# description Link to R1
S1(config-if)# interface f0/6
S1(config-if)# description Link to PC-A
S1(config)# ip default-gateway 
S1(config)# vlan 10
S1(config-vlan)# name Management
S1(config)# interface vlan 10
S1(config-if)# ip address 192.168.10.201 255.255.255.0
S1(config-if)# description Management SVI
S1(config-if)# no shutdown
S1(config)# vlan 333
S1(config-vlan)# name Native
S1(config-vlan)# vlan 999
S1(config-vlan)# name ParkingLot

3.Di S2 ketikan :


Switch# config t
Switch(config)#hostname 
S2(config)# no ip domain-lookup
S2(config)# interface f0/1
S2(config-if)# description Link to S1
S2(config-if)# interface f0/18
S2(config-if)# description Link to PC-B
S2(config)# ip default-gateway 192.168.10.1
S2(config)# vlan 10 
S2(config-vlan)# name Management
S2(config)# interface vlan 10
S2(config-if)# ip address 192.168.10.202 255.255.255.0
S2(config-if)# description Management SVI
S2(config-if)# no shutdown
S2(config)# vlan 333
S2(config-vlan)# name Native
S2(config-vlan)# vlan 999
S2(config-vlan)# name ParkingLot

4.kembali ke S1 

S1(config)# interface f0/1
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 333
S1# show interface trunk
S1(config)# interface f0/1
S1(config-if)# switchport nonegotiate
S1#showinterfaces f0/1 switchport | include Negotiation
S1(config)# interface range f0/5-6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config)# interface range f0/2-4 , f0/7-24, g0/1-2
S1(config-if-range)# switchport mode access
S1(config-if-range)# switchport access vlan 999
S1(config-if-range)# shutdown

5.Lalu ke S2 :

S2(config)# interface f0/1
S2(config-if)# switchport mode trunk
S2(config-if)# switchport trunk native vlan 333
S2(config)# interface f0/1
S2(config-if)# switchport nonegotiate
S2# show interfaces f0/1 switchport
S2(config)# interface f0/18
S2(config-if)# switchport mode access
S2(config-if)# switchport access vlan 10
S2(config)# interface range f0/2-17 , f0/19-24, g0/1-2
S2(config-if-range)# switchport mode access
S2(config-if-range)# switchport access vlan 999
S2(config-if-range)# shutdown

6.Di S1:

S1(config)# interface f0/6
S1(config-if)# switchport port-security
S1(config-if)# switchport port-security maximum 3
S1(config-if)# switchport port-security violation restrict
S1(config-if)# switchport port-security aging time 60
S1(config-if)# switchport port-security aging type inactiv
S1 #show port-security interface f0/6
S1 (config)# interface range f0/5-6
S1(config-if)# spanning-tree portfast
S1(config)# interface f0/6
S1(config-if)# spanning-tree bpduguard enable
S1# show spanning-tree interface f0/6 detail

7.Di S2 :

S2(config)# interface f0/18
S2(config-if)# switchport port-security
S2(config-if)#switchportport-security mac-address sticky
S2(config)# interface f0/18
S2(config-if)# switchport port-security aging time 60
S2(config-if)# switchport port-security maximum 2
S2(config-if)# switchport port-security violation protect
S2# show port-security interface f0/18
S2# show port-security address
S2(config)# ip dhcp snooping
S2(config)# ip dhcp snooping vlan 10
S2(config)# interface f0/1
S2(config-if)# ip dhcp snooping trust
2(config)# interface f0/18
S2(config-if)# ip dhcp snooping limit rate 5
S2# show ip dhcp snooping
S2# show ip dhcp snooping binding
S2(config)# interface f0/18
S2(config-if)# spanning-tree portfast
S2(config)# interface f0/18
S2(config-if)# spanning-tree bpduguard enable

link google drive
vidio 11.6.2


  • https://drive.google.com/file/d/1ZgsiLYPgS1apWGIpHFpxB33hr3kumI1A/view?usp=drivesdk
  • https://drive.google.com/file/d/1l1Hf40sjdoBY0KCHlruxgvvJFgCXk90t/view?usp=drivesdk

-

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)

pkl ke-100

Nama Siswa:  Agnia Supi Kelas:  XII TKJ 2 Ruangan PKL:  Lab 5 dan Lab C Hari/Tanggal:  Jum’at, 28 November 2025 Kegiatan: Inspeksi dan Perap...

  • REDHAT
    PENGERTIAN REDHAT  Red Hat adalah salah satu perusahaan terbesar dan dikenal untuk dedikasinya atas perangkat lunak sumber terbuka. Red Hat ...
  • instalasi Redhat di Virtualbox
      PENGERTIAN REDHAT  Red Hat adalah salah satu perusahaan terbesar dan dikenal untuk dedikasinya atas perangkat lunak sumber terbuka. Red Ha...
  • simple queue
     langkah pertama buka winbox64 lalu ke interface nyalan wlan 2 lalu ke wireless klik security profil lalu klik wifi interface di wireless kl...