SA Bagus

https://networklessons.com/switching/dai-dynamic-arp-inspection Soal: Turn on dynamic ARP inspection on SW1 for LAN1 subnet. Create access control list that permits static IP address 192.168.10.10 for RADIUS server.  LAN1 is VLAN101 Jawaban: arp access-list RADIUS  permit ip host 192.168.10.10 mac any ip arp inspection vlan 101 ip arp inspection filter RADIUS vlan 101 Aktifkan port trusted pada port yang terhubung ke switch lain yang terpercaya untuk mengirimkan informasi ARP seperti DHCP Server. interface GigabitEthernet1/1  ip arp inspection trust Reference: https://networklessons.com/switching/dai-dynamic-arp-inspection

Soal: Turn on DHCP snooping on SW1 switch for LAN1 subnet. Use internal flash to keep DHCP snooping database. LAN1 is VLAN101 Jawaban: ip dhcp snooping ip dhcp snooping vlan 101 ip dhcp snooping database flash:dhcp.db Pilih port yang dipercaya untuk mendapatkan informasi DHCP server. interface GigabitEthernet1/1 ip dhcp snooping trust Reference: https://www.omnisecu.com/ccna-security/how-to-configure-dhcp-snooping.php

1. Install OpenLDAP Packages. yum install openldap  openldap-clients 2. Install the sssd and sssd-client packages. yum install sssd sssd-client 3. Modify /etc/openldap/ldap.conf to contain the proper server and search base information for the organization. TLS_CACERTDIR /etc/openldap/cacerts URI ldap://ldap.sabagus.com:389 BASE dc=sabagus,dc=com 4. Modify /etc/nsswitch.conf to use sss. passwd:     files sss shadow:     files sss group:      files sss 5. Configure the LDAP client by using sssd. The sssd configuration is located at /etc/sssd/sssd.conf. Example: (Here domain is set to sabagus.com) [domain/sabagus.com] autofs_provider = ldap cache_credentials = False ldap_search_base = dc=sabagus,dc=com id_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://ldap.sabagus.com:389 ldap_id_use_start_tls = False ldap_tls_cacertdir = /etc/openldap/cacerts ldap_schema = rfc2307bis ldap_auth_disabl

Install LXC packages [root@lxcserver ~]# apt-get update [root@lxcserver ~]# apt-get install lxc lxc-templates Create LXC container [root@lxcserver ~]# lxc-create -n www1 -t ubuntu Start the LXC container [root@lxcserver ~]#   lxc-start -n www1 -d Reset password LXC container [root@lxcserver ~]# chroot /var/lib/lxc/ www1 /rootfs passwd Enter the console [root@lxcserver ~]#   lxc-console -n www1 -t 0 https://www.alibabacloud.com/blog/how-to-install-and-configure-lxc-container-on-ubuntu-16-04_594090 https://unixmen.com/setup-linux-containers-using-lxc-on-ubuntu-15-04/

Blackhole VLAN merupakan salah satu L2 security pada switch untuk diterapkan pada port yang tidak digunakan sehingga bisa mengantisipasi penyalahgunaan port switch dengan memberikan VLAN yang tidak digunakan didalam jaringan. Langkah-langkah nya cukup mudah yaitu: 1. Tentukan nomor VLAN yang tidak digunakan, biasanya menggunakan nomor 999 namun bisa lainnya juga yang penting nomor VLAN tersebut tidak digunakan didalam jaringan. 2. Buat VLAN dan beri nama S1(config)#vlan 999 S1(config-vlan)#name Blackhole VLAN 3. Pasang VLAN pada port yang tidak/belum terpakai Misal seperti berikut port 10 sampai 20 tidak terpakai S1(config)#interface range fastEthernet 0/10-20 S1(config-if)#switchport access vlan 999 Kemudian sebagai tambahan shutdown juga port tersebut. S1(config-if)#shutdown Oke selesai.

Step 1. Add PostgreSQL 10 repository amazon-linux-extras install postgresql10 epel -y Step 2. Install PostgreSQL 10 yum install -y postgresql-server postgresql-devel Step 3. Initializing database /usr/bin/postgresql-setup --initdb * Initializing database in '/var/lib/pgsql/data' * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log Step 4. Start the services of PostgreSQL and start on startup. systemctl start postgresql systemctl enable postgresql Step 5. Login into Database su - postgres You can get into Postgres console by typing psql To get the help use the \h command.

Soal :  On Kremlin phone upon pressing second line-button, Ivan's phone should automatically answer the call in speakerphone mode with mute activated and Ivan should hear Kremlin’s conversation.  Jawaban: https://www.cisco.com/c/en/us/support/collaboration-endpoints/unified-ip-phone-7945g/model.html Pertama pastikan kremlin phone dan ivan's phone sudah mempunyai nomor extension dan bisa saling telpon, di tutorial kali ini tidak membahas dasar konfigurasi CME  namun langsung akan memberikan konfigurasi intercom seperti berikut ini: ephone-dn 1  number 101  label Kremlin  name Kremlin ephone-dn 3  number 103  label Ivan  name Ivan ephone-dn  10  number A01  intercom A03 label "intercom" ephone-dn  11  number A03  intercom A01 label "intercom" ephone  1  type 7945  button 1:1 2:10 ephone 3  type CIPC  button 1:3 2:11 Reference: https://www.cisco.com/c/en/us/td/

Download curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" Extract unzip awscliv2.zip Run sudo ./aws/install Reference :  https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html

$ sudo apt update $ sudo apt install software-properties-common $ sudo apt-add-repository --yes --update ppa:ansible/ansible $ sudo apt install ansible https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements

Download the JDK for Linux 32-bit or 64-bit https://mirrors.huaweicloud.com/java/jdk/ Example: Make a directory in /usr/local where java will reside and copy tarball there: sudo mkdir -p /usr/local/java Navigate to /usr/local/java: cd /usr/local/java Download with wget https://mirrors.huaweicloud.com/java/jdk/7u80-b15/jdk-7u80-linux-x64.tar.gz Extract the tarball: sudo tar xvzf  jdk-7u80-linux-x64.tar.gz Check if tarball has been successfully extracted: ls –a Find and select Java's path update-alternatives --config java Edit /etc/profile with sudo privileges: sudo vi /etc/profile Add the following lines below to the end of /etc/profile file: JAVA_HOME=/usr/local/java/jdk1.7.0_80 JRE_HOME=/usr/local/java/jdk1.7.0_80  PATH=$PATH:$JRE_HOME/bin:$JAVA_HOME/bin export JAVA_HOME export JRE_HOME export PATH Update alternatives: sudo update-alternatives --install "/usr/bin/java" "java" "/usr/local/java/jdk1.7.0_80/bin/ja

Task Project: Configure role-based access control on BR3 router: a. Create user1, user2, user3, user4 and user5 with cisco1 password. i. user1 should be authorized to issue all privileged mode commands except “show version” and “show ip route” but should be able to issue “show ip *” commands. ii. user2 should be authorized to issue all user (unprivileged) mode commands including “show version” but not “show ip route”. b. Create view-context “show_view”: i. Include “show version” command ii. Include all unprivileged commands of “show ip *” iii. Include “who” command iv. user3 should land in this context after successful authentication on local or remote console. c. Create view-context “ping_view”: i. Include “ping” command ii. Include “traceroute” command iii. user4 should land in this context after successful authentication on local or remote console. d. Create superview-context that combines these 2 contexts. user5 should land in this superview-context after s