Daftar Pertemuan
Mock Exam Info
Waktu: 170 menit
Format: Individual
Tools: Packet Tracer
Closed Book: Ya
Time Allocation
Planning: 15 menit
Implementation: 120 menit
Verification: 35 menit
Total: 170 menit
Key Topics
VLAN & Trunking
OSPF Multi-Area
PPP CHAP
ACL Implementation
NAT/PAT Configuration
Security Hardening
Pertemuan 15: Final Review & Mock Exam
Progress Pembelajaran
15/16
Simulasi Ujian Akhir Semester
Mock exam ini mensimulasikan kondisi UAS sebenarnya. Kerjakan secara individual dalam waktu 170 menit dengan environment closed book.
Tujuan Pembelajaran
Mahasiswa berlatih dengan skenario exam-like yang timed untuk mempersiapkan Ujian Akhir Semester (UAS) dan mengidentifikasi area improvement untuk final preparation.
Instruksi Mock Exam
Exam Settings
- Mode: Individual
- Durasi: 170 menit
- Environment: Closed Book
- Tools: Cisco Packet Tracer
- Documentation: Wajib
Submission Requirements
- Packet Tracer File: NIM_NAMA_MockExam.pkt
- Documentation: NIM_NAMA_MockExam.pdf
- Checklist: NIM_NAMA_Checklist.pdf
- Deadline: Saat waktu berakhir
Larangan Selama Mock Exam:
- Tidak boleh mengakses sumber luar
- Tidak boleh bekerja sama dengan peserta lain
- Hanya boleh menggunakan dokumentasi sendiri
- Tidak boleh sharing konfigurasi
Mock Exam Scenario: Enterprise Network Implementation
Scenario Overview
Scenario: Anda ditugaskan sebagai network engineer untuk mengimplementasikan jaringan enterprise untuk perusahaan "PT. ENTERPRISE SOLUTION" dengan 3 lokasi (HQ, Branch, Remote). Implementasikan seluruh requirement berikut dalam waktu 170 menit.
HQ-Main
R-HQ-MAIN
VLAN10: PC1
VLAN20: WebSrv
Area 0
VLAN20: WebSrv
Area 0
Branch-OSPF
R-BRANCH-OSPF
VLAN10: PC2
VLAN20: FTPSrv
Area 0 - ABR
VLAN20: FTPSrv
Area 0 - ABR
Remote-PPP
R-REMOTE-PPP
VLAN10: PC3
VLAN20: MailSrv
Area 1 - PPP
VLAN20: MailSrv
Area 1 - PPP
10.1.12.0/30
OSPF Area 0
10.1.23.0/30
PPP CHAP
Technical Requirements
A. IP Addressing Scheme
| Location | Network | Router Interface | IP Address | Description |
|---|---|---|---|---|
| HQ | 172.16.10.0/24 | R-HQ-MAIN G0/0 | 172.16.10.1 | LAN Headquarters |
| Branch | 172.16.20.0/24 | R-BRANCH-OSPF G0/0 | 172.16.20.1 | LAN Branch |
| Remote | 172.16.30.0/24 | R-REMOTE-PPP G0/0 | 172.16.30.1 | LAN Remote |
| WAN HQ-Branch | 10.1.12.0/30 | R-HQ-MAIN S0/0/0 | 10.1.12.1 | OSPF Area 0 |
| WAN Branch-Remote | 10.1.23.0/30 | R-BRANCH-OSPF S0/0/1 | 10.1.23.1 | PPP CHAP - Area 1 |
B. VLAN Architecture
- VLAN 10: ADMIN (PCs di semua locations)
- VLAN 20: SERVERS (Servers di semua locations)
- VLAN 99: NATIVE (Trunk links)
- PC Assignment: PC1, PC2, PC3 → VLAN 10
- Server Assignment: WebSrv, FTPSrv, MailSrv → VLAN 20
- Trunk Native: VLAN 99 pada semua trunk ports
C. Routing Protocol
- OSPF Multi-Area: Area 0 (HQ + Branch), Area 1 (Remote)
- Router ID: 1.1.1.1 (R-HQ-MAIN), 2.2.2.2 (R-BRANCH-OSPF), 3.3.3.3 (R-REMOTE-PPP)
- Process ID: 1
- ABR: R-BRANCH-OSPF sebagai Area Border Router
- Network Statements: Semua networks harus diiklankan
- Connectivity: Full connectivity required
Tugas Konfigurasi (100 Points)
1. Network Infrastructure Foundation (10 Points)
Requirements:
- Device Naming: R-HQ-MAIN, R-BRANCH-OSPF, R-REMOTE-PPP, SW-HQ-CORE, SW-BRANCH-ACCESS, SW-REMOTE-EDGE
- Basic Security:
- Enable secret: "Enterprise123!"
- Console password: "ConsoleUAS"
- VTY password: "VTYUAS456"
- SSH: username "networkadmin" password "SSHsecure789"
- Banner MOTD: "*** SECURE ZONE - ENTERPRISE NETWORK ***"
- IP Addressing: Configure semua interface sesuai scheme
- Documentation: Buat addressing table lengkap
Contoh Konfigurasi (R-HQ-MAIN):
enable
configure terminal
hostname R-HQ-MAIN
banner motd #*** SECURE ZONE - ENTERPRISE NETWORK ***#
enable secret Enterprise123!
username networkadmin secret SSHsecure789
line console 0
password ConsoleUAS
login
exit
line vty 0 4
password VTYUAS456
login local
transport input ssh
exit
ip domain-name enterprise.local
crypto key generate rsa modulus 1024
ip ssh version 2
interface gigabitethernet 0/0
ip address 172.16.10.1 255.255.255.0
no shutdown
exit
interface serial 0/0/0
ip address 10.1.12.1 255.255.255.252
clock rate 64000
no shutdown
exit
configure terminal
hostname R-HQ-MAIN
banner motd #*** SECURE ZONE - ENTERPRISE NETWORK ***#
enable secret Enterprise123!
username networkadmin secret SSHsecure789
line console 0
password ConsoleUAS
login
exit
line vty 0 4
password VTYUAS456
login local
transport input ssh
exit
ip domain-name enterprise.local
crypto key generate rsa modulus 1024
ip ssh version 2
interface gigabitethernet 0/0
ip address 172.16.10.1 255.255.255.0
no shutdown
exit
interface serial 0/0/0
ip address 10.1.12.1 255.255.255.252
clock rate 64000
no shutdown
exit
2. Advanced Switching Configuration (15 Points)
Requirements:
- VLAN Implementation: Buat VLAN 10, 20, 99 pada semua switches
- VTP Domain:
- Domain: "ENTERPRISE_DOMAIN"
- Password: "VTPmaster2024"
- SW-HQ-CORE sebagai VTP Server
- Port Assignment: Assign PCs ke VLAN 10, Servers ke VLAN 20
- Trunking: 802.1Q trunking dengan native VLAN 99
Contoh Konfigurasi (SW-HQ-CORE - VTP Server):
enable
configure terminal
hostname SW-HQ-CORE
! Buat VLAN
vlan 10
name ADMIN
exit
vlan 20
name SERVERS
exit
vlan 99
name NATIVE
exit
! VTP Configuration
vtp domain ENTERPRISE_DOMAIN
vtp password VTPmaster2024
vtp mode server
! Port Assignment
interface range fastethernet 0/1-10
switchport mode access
switchport access vlan 10
exit
interface range fastethernet 0/11-20
switchport mode access
switchport access vlan 20
exit
! Trunk Configuration
interface gigabitethernet 0/1
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan 10,20,99
exit
configure terminal
hostname SW-HQ-CORE
! Buat VLAN
vlan 10
name ADMIN
exit
vlan 20
name SERVERS
exit
vlan 99
name NATIVE
exit
! VTP Configuration
vtp domain ENTERPRISE_DOMAIN
vtp password VTPmaster2024
vtp mode server
! Port Assignment
interface range fastethernet 0/1-10
switchport mode access
switchport access vlan 10
exit
interface range fastethernet 0/11-20
switchport mode access
switchport access vlan 20
exit
! Trunk Configuration
interface gigabitethernet 0/1
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan 10,20,99
exit
3. OSPF Multi-Area Routing (25 Points)
Requirements:
- OSPF Basic: Process ID 1 pada semua routers
- Router IDs: 1.1.1.1 (HQ), 2.2.2.2 (Branch), 3.3.3.3 (Remote)
- Multi-Area Design:
- Area 0: R-HQ-MAIN dan R-BRANCH-OSPF
- Area 1: R-REMOTE-PPP
- Network Statements: Semua networks harus diiklankan
- Optimization: Passive interface pada LAN segments
Contoh Konfigurasi (R-BRANCH-OSPF - ABR):
router ospf 1
router-id 2.2.2.2
! Area 0 Networks
network 10.1.12.0 0.0.0.3 area 0
network 172.16.20.0 0.0.0.255 area 0
! Area 1 Networks
network 10.1.23.0 0.0.0.3 area 1
! Passive Interfaces
passive-interface gigabitethernet 0/0
exit
! Route Summarization (Optional)
router ospf 1
area 0 range 172.16.0.0 255.255.0.0
area 1 range 172.16.0.0 255.255.0.0
exit
router-id 2.2.2.2
! Area 0 Networks
network 10.1.12.0 0.0.0.3 area 0
network 172.16.20.0 0.0.0.255 area 0
! Area 1 Networks
network 10.1.23.0 0.0.0.3 area 1
! Passive Interfaces
passive-interface gigabitethernet 0/0
exit
! Route Summarization (Optional)
router ospf 1
area 0 range 172.16.0.0 255.255.0.0
area 1 range 172.16.0.0 255.255.0.0
exit
4. WAN Technologies Implementation (25 Points)
Requirements:
- PPP CHAP Authentication: Link antara R-BRANCH-OSPF dan R-REMOTE-PPP
- CHAP Password: "WANsecure2024"
- Authentication: Two-way authentication
- Verification: PPP session status dan CHAP authentication
Konfigurasi PPP CHAP:
! Pada R-BRANCH-OSPF:
username R-REMOTE-PPP password WANsecure2024
interface serial 0/0/1
encapsulation ppp
ppp authentication chap
exit
! Pada R-REMOTE-PPP:
username R-BRANCH-OSPF password WANsecure2024
interface serial 0/0/1
encapsulation ppp
ppp authentication chap
exit
! Verifikasi
show interfaces serial 0/0/1
show ppp session
debug ppp authentication
username R-REMOTE-PPP password WANsecure2024
interface serial 0/0/1
encapsulation ppp
ppp authentication chap
exit
! Pada R-REMOTE-PPP:
username R-BRANCH-OSPF password WANsecure2024
interface serial 0/0/1
encapsulation ppp
ppp authentication chap
exit
! Verifikasi
show interfaces serial 0/0/1
show ppp session
debug ppp authentication
5. Security Policy Enforcement (15 Points)
Requirements:
- Extended ACL:
- Block FTP traffic dari VLAN ADMIN ke VLAN IT
- Allow HTTP traffic dari VLAN SALES ke semua Servers
- Named ACL: "SECURITY-POLICY"
- NAT/PAT Configuration:
- PAT untuk semua internal hosts menggunakan interface external
- Static NAT untuk Web Server: 172.16.10.170 → 203.0.113.170
Contoh Konfigurasi:
! Extended ACL
ip access-list extended SECURITY-POLICY
deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 21
deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 20
permit tcp 172.16.20.0 0.0.0.255 any eq 80
permit ip any any
exit
! Apply ACL
interface serial 0/0/1
ip access-group SECURITY-POLICY out
exit
! NAT Configuration
ip nat inside source static 172.16.10.170 203.0.113.170
access-list 1 permit 172.16.0.0 0.0.255.255
ip nat inside source list 1 interface serial 0/0/0 overload
! NAT Interfaces
interface gigabitethernet 0/0
ip nat inside
exit
interface serial 0/0/0
ip nat outside
exit
ip access-list extended SECURITY-POLICY
deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 21
deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 20
permit tcp 172.16.20.0 0.0.0.255 any eq 80
permit ip any any
exit
! Apply ACL
interface serial 0/0/1
ip access-group SECURITY-POLICY out
exit
! NAT Configuration
ip nat inside source static 172.16.10.170 203.0.113.170
access-list 1 permit 172.16.0.0 0.0.255.255
ip nat inside source list 1 interface serial 0/0/0 overload
! NAT Interfaces
interface gigabitethernet 0/0
ip nat inside
exit
interface serial 0/0/0
ip nat outside
exit
6. Advanced Features & Optimization (10 Points)
Requirements:
- STP Optimization: SW-HQ-CORE sebagai root bridge, PortFast, BPDUGuard
- NTP Configuration: Synchronize waktu semua devices ke R-HQ-MAIN
- Logging: Enable logging dengan timestamp
- Management: SNMP monitoring (optional)
Contoh Konfigurasi:
! STP Optimization
spanning-tree vlan 1-4094 root primary
spanning-tree mode rapid-pvst
interface range fastethernet 0/1-20
spanning-tree portfast
spanning-tree bpduguard enable
exit
! NTP Configuration
ntp server 172.16.10.1
clock timezone WIB 7
! Logging
logging buffered 8192
service timestamps log datetime msec
! SNMP (Optional)
snmp-server community public RO
snmp-server community private RW
spanning-tree vlan 1-4094 root primary
spanning-tree mode rapid-pvst
interface range fastethernet 0/1-20
spanning-tree portfast
spanning-tree bpduguard enable
exit
! NTP Configuration
ntp server 172.16.10.1
clock timezone WIB 7
! Logging
logging buffered 8192
service timestamps log datetime msec
! SNMP (Optional)
snmp-server community public RO
snmp-server community private RW
Verification Commands Checklist
Wajib Disertakan dalam Dokumentasi
Basic Verification:
show running-config
show ip interface brief
show version
show interfaces status
show ip interface brief
show version
show interfaces status
VLAN & Switching:
show vlan brief
show interface trunk
show vtp status
show spanning-tree
show interface trunk
show vtp status
show spanning-tree
OSPF Routing:
show ip route
show ip route ospf
show ip ospf neighbor
show ip ospf interface brief
show ip route ospf
show ip ospf neighbor
show ip ospf interface brief
Security & Services:
show access-lists
show ip nat translations
show ppp session
show ntp status
show ip nat translations
show ppp session
show ntp status
Time Management Strategy
Phase 1: Planning & Documentation (15 Menit)
- Baca dan pahami seluruh requirements
- Buat checklist pengerjaan
- Dokumentasi IP addressing scheme
- Tentukan urutan implementasi
- Siapkan documentation template
Phase 2: Core Implementation (90 Menit)
15 menit
Basic Device Configuration
Hostname, passwords, SSH, IP addressing
20 menit
VLAN and Switching
VLAN creation, VTP, trunking, port assignment
25 menit
OSPF Routing
Multi-area OSPF, network statements, verification
30 menit
WAN and Security
PPP CHAP, ACL, NAT/PAT configuration
Phase 3: Advanced Features (30 Menit)
- NAT/PAT Configuration: 15 menit
- Advanced Features: 10 menit (STP, NTP, logging)
- Initial Testing: 5 menit (basic connectivity check)
Phase 4: Verification & Documentation (35 Menit)
- Comprehensive Testing: 15 menit (end-to-end connectivity)
- Screenshot Verification: 10 menit (all required commands)
- Final Documentation: 10 menit (organize and submit)
Golden Rule: Jangan Terjebak pada Satu Masalah!
- Jika stuck > 5 menit, tinggalkan dan lanjutkan ke task berikutnya
- Tandai tasks yang belum selesai untuk dikerjakan nanti
- Prioritize tasks berdasarkan point value
- Selalu test connectivity setelah setiap major configuration
Common Exam Mistakes to Avoid
Configuration Errors
- Lupa
no shutdownpada interfaces - Salah wildcard mask pada OSPF network statements
- Terbalik inside/outside pada NAT configuration
- Lupa implicit deny pada ACL
- Wrong VLAN assignment pada ports
Time Management Issues
- Terlalu lama pada satu task
- Tidak baca instructions carefully
- Lupa save configurations secara periodic
- Tidak test incrementally
- Panic ketika ada issues
Final Advice
"Practice Like You Exam, Exam Like You Practice"
Gunakan mock exam ini sebagai simulasi UAS sebenarnya untuk mengidentifikasi weak areas dan develop personal strategy.
Identify Weak Areas
Catat topics yang perlu review adicional
Develop Time Strategy
Tentukan personal time allocation
Stay Calm & Focused
Maintain composure selama exam