Part 6. Konfigurasi Telnet dan SSH Switch Cisco

Part 6. Konfigurasi Telnet dan SSH Switch Cisco

 

A. Materi Lab :

Pada bagian ini, kita akan belajar mengenai konfigurasi Telnet dan SSH (Secure Shell) untuk tujuan remote Switch.

Perbedaan Telnet dan SSH :

Screenshot from 2017-10-06 16-12-12.png

B. Topologi :

ccc.png

C. Konfigurasi :

Pertama, kita setting IP Address beserta netmask-nya di VLAN 1 Sakti-SW1. Mengapa di VLAN 1 ? Karena secara default, semua interfaces di Sakti-SW1 akan masuk ke VLAN 1. Pembelajaran VLAN akan kita bahas di bab selanjutnya.

Sakti-SW1>enable
Sakti-SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Sakti-SW1(config)#interface vlan 1
Sakti-SW1(config-if)#no shutdown
Sakti-SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Sakti-SW1(config-if)#ip address 192.168.1.23 255.255.255.0
Sakti-SW1(config-if)#exit
Sakti-SW1(config)#

Selanjutnya, kita setting setting username dan password untuk client yang akan mengakses telnet.

Sakti-SW1(config)#username miss password 123

Lalu, setting enable secret password yang nantnya digunakan untuk masuk dari User EXEC mode ke privileged mode.

Sakti-SW1(config)#enable secret 123456

Kita setting password line vty 0 2. 0 2 menyatakan jumlah user yanng dapat mengakses

Sakti-SW1(config)#line vty 0 1
Sakti-SW1(config-line)#password misskecupbung
Sakti-SW1(config-line)#exec-timeout 5 0
Sakti-SW1(config-line)#logging synchronous
Sakti-SW1(config-line)#login local
Sakti-SW1(config-line)#exit

Keterangan :

exec-timeout 5 0 : Timeout command, sehingga jika 5 menit 0 detik tidak ada aktifitas, maka akan logout sendiri

logging syncronous : Untuk sinkronisasi output debug dan Cisco IOS sehingga tidak mengganggu pada saat konfigurasi.

login local : Agar telnet bisa diremote dari local.

 

Selanjutnya, kita bisa buat banner MOTD (Message Of The Day) kepada user yang mencoba-coba login, namun tidak memiliki otentikasi.

Sakti-SW1(config)#banner motd #Dilarang Login kecuali Admin#

Bisa dicek semua konfigurasi yang sudah kita inputkan.

Sakti-SW1#show run
Building configuration…

Current configuration : 1285 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Sakti-SW1
!
enable secret 5 $1$mERr$H7PDxl7VYMqaD3id4jJVK/
!
!
!
!
username miss privilege 1 password 0 123
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9

!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!

interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.23 255.255.255.0
!
banner motd ^CDilarang login selain Admin^C
!
!
!
line con 0
!
line vty 0 2
exec-timeout 5 0
password misskecupbung

logging synchronous
login local
line vty 3 4
login
line vty 5 15
login
!
!
!
end

Sakti-SW1#

Terakhir, kita testing melalui client.

C:\>telnet 192.168.1.23

Trying 192.168.1.23 …

OpenDilarang login selain Admin

User Access Verification
Username: miss
Password: → (Diisi password username : 123)

Sakti-SW1>enablePassword: → (Diisi passwd enable secret : 123456)

Sakti-SW1#

Jika kita sudah bisa mengkonfigurasi Switch melalui PC-Client, tandanya Telnet kita berhasil.
Selanjutnya, kita akan mencoba menggunakan SSH untuk meremote Switch kita. Masih dengan topologi yang sama. Berikut konfigurasinya :

Sakti-SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Sakti-SW1(config)#enable secret 123456
Sakti-SW1(config)#ip domain-name sakti.smk
Sakti-SW1(config)#username sakti secret smk
Sakti-SW1(config)#line vty 0 2
Sakti-SW1(config-line)#transport input ssh
Sakti-SW1(config-line)#login local
Sakti-SW1(config-line)#exit
Sakti-SW1(config)#crypto key generate rsa
The name for the keys will be: Sakti-SW1.sakti.smk
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

Sakti-SW1(config)#

Bisa dicek dengan command show run atau show running-config :

Sakti-SW1#show running-config
Building configuration…

Current configuration : 1501 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname Sakti-SW1
!
enable secret 5 $1$mERr$H7PDxl7VYMqaD3id4jJVK/
!
!
ip domain-name sakti.smk

!
username sakti secret 5 $1$mERr$XT1P0TbwImbK/WMjHHP8M1
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!

interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21

!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.1.23 255.255.255.0
!
banner motd ^CDilarang login selain Admin^C
!
!
!
!
line con 0
!
line vty 0 2
login local

transport input ssh
line vty 3 4
login
line vty 5 15
login
!
!
!
end

Sakti-SW1#

 

Bisa kita cek versi SSH nya :Bisa kita cek versi SSH nya :

Sakti-SW1#show ip ssh
SSH Enabled – version 1.99
Authentication timeout: 120 secs; Authentication retries: 3Sakti-SW1#

Terakhir, kita test dengan login dari Sakti-PC1

Packet Tracer PC Command Line 1.0
C:\>ssh -l sakti 192.168.1.23
OpenPassword: → (Password username sakti)
Dilarang login selain Admin
Sakti-SW1>enablePassword: → (Password enable secret)
Sakti-SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Sakti-SW1(config)#

 

Selesai,

Wassalamualaikum.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.