Daftar Pertemuan
Pertemuan 1 Pertemuan 2 Pertemuan 3 Pertemuan 4 Pertemuan 5 Pertemuan 6 Pertemuan 7 Pertemuan 8 Pertemuan 9 Pertemuan 10 Pertemuan 11 Pertemuan 12 Pertemuan 13 Pertemuan 14 Pertemuan 15 Pertemuan 16
Info UAS

Waktu: 170 menit

Bobot: 30%

Format: Individual

Tools: Packet Tracer

Success Factors
Read Instructions Carefully
Time Management
Test Incrementally
Save Frequently
Emergency Recovery
Technical Issue: Laporkan pengawas
Save Backup: Setiap 30 menit
Time Lost: Dapat compensation

Pertemuan 16: Ujian Akhir Semester (UAS)

Progress Pembelajaran 16/16
Ujian Akhir Semester

Ujian bersifat individual dan harus dikerjakan sendiri. Dilarang keras bekerja sama, mencontek, atau mengakses sumber luar selama ujian.

Petunjuk Ujian Akhir Semester

Informasi Waktu
  • Durasi: 170 menit
  • Waktu Mulai: [Diisi pengawas]
  • Waktu Selesai: [Diisi pengawas]
  • Bobot Nilai: 30%
  • Keterlambatan: Pengurangan nilai
Pengumpulan
  • Packet Tracer: NIM_NAMA_UAS.pkt
  • Dokumentasi: NIM_NAMA_UAS_DOC.pdf
  • Backup Config: NIM_NAMA_CONFIG_BACKUP.txt
  • Deadline: Saat waktu ujian berakhir
Larangan dan Sanksi:
  • Dilarang bekerja sama dengan peserta lain
  • Dilarang mencontek atau memberikan contekan
  • Dilarang mengakses sumber luar
  • Dilarang sharing konfigurasi
  • Dilarang menggunakan AI assistants
  • Pelanggaran = Nilai 0 + sanksi akademik

Soal UAS - Comprehensive Enterprise Network Implementation

Scenario Bisnis: PT. ENTERPRISE SOLUTION

Scenario: Anda adalah network engineer di perusahaan "PT. ENTERPRISE SOLUTION" yang memiliki 3 kantor. Implementasikan jaringan enterprise yang secure, scalable, dan reliable sesuai requirements berikut.

R-HQ-MAIN
Area 0 • NAT/PAT
R-BRANCH-OSPF
ABR • ACL
R-REMOTE-PPP
Area 1 • CHAP Auth
10.1.12.0/30
OSPF Area 0
10.1.23.0/30
PPP CHAP
Admin Department
PC1: 172.16.10.10
WebSrv: 172.16.10.170
VLAN 10 & 20
Sales Department
PC2: 172.16.20.10
FTPSrv: 172.16.20.170
VLAN 10 & 20
IT Department
PC3: 172.16.30.10
MailSrv: 172.16.30.170
VLAN 10 & 20
Keterangan Enterprise Architecture:
  • 3 Router: HQ, Branch (ABR), Remote
  • 3 Switch: Core, Access, Edge
  • 6 Devices: 3 PC + 3 Server
  • OSPF Multi-Area: Area 0 & Area 1
  • VLAN Segmentation: Admin & Servers
  • Security: ACL, NAT, CHAP
  • WAN Technologies: PPP with CHAP
  • Network Services: Web, FTP, Mail
  • Management: SSH, NTP, Logging
Technical Specifications
A. Comprehensive IP Addressing Scheme
Location Network Device/Interface IP Address Purpose
HQ Network 172.16.10.0/24 R-HQ-MAIN G0/0 172.16.10.1 LAN Gateway
172.16.10.0/24 Web Server 172.16.10.170 HTTP Services
Branch Network 172.16.20.0/24 R-BRANCH-OSPF G0/0 172.16.20.1 LAN Gateway
172.16.20.0/24 FTP Server 172.16.20.170 FTP Services
Remote Network 172.16.30.0/24 R-REMOTE-PPP G0/0 172.16.30.1 LAN Gateway
172.16.30.0/24 Mail Server 172.16.30.170 Email Services
WAN Links 10.1.12.0/30 R-HQ-MAIN S0/0/0 10.1.12.1 HQ-Branch (Area 0)
WAN Links 10.1.23.0/30 R-BRANCH-OSPF S0/0/1 10.1.23.1 Branch-Remote (Area 1)
Public IP Pool 203.0.113.0/24 NAT Pool 203.0.113.10-20 Internet Access
B. VLAN Architecture & Security Policy
VLAN Design:
  • VLAN 10 (ADMIN): User workstations across all locations
  • VLAN 20 (SERVERS): Network services and applications
  • VLAN 99 (NATIVE): Trunk links management
  • VTP Domain: "ENTERPRISE_DOMAIN"
Security Policy:
  • Block FTP from Admin to IT departments
  • Allow HTTP from Sales to all Servers
  • PPP CHAP authentication for WAN security
  • SSH-only for device management
C. Routing & Network Services
OSPF Multi-Area:
  • Area 0 (Backbone): R-HQ-MAIN, R-BRANCH-OSPF
  • Area 1 (Remote): R-REMOTE-PPP
  • Router IDs: 1.1.1.1, 2.2.2.2, 3.3.3.3
  • ABR: R-BRANCH-OSPF
Network Services:
  • Web Server: HTTP on port 80
  • FTP Server: FTP on ports 20/21
  • Mail Server: SMTP on port 25
  • NTP: Time synchronization

Tugas Konfigurasi UAS (170 Points)

1. Network Infrastructure Foundation (25 Points)
Requirements:
  • Device Naming Convention:
    • Routers: R-HQ-MAIN, R-BRANCH-OSPF, R-REMOTE-PPP
    • Switches: SW-HQ-CORE, SW-BRANCH-ACCESS, SW-REMOTE-EDGE
  • Enterprise Security Hardening:
    • Enable secret: "UAS2025Secure!"
    • Console password: "ConsoleUAS123"
    • VTY password: "VTYUAS456"
    • SSH: username "networkadmin" password "SSHsecure789"
    • Banner MOTD: "*** SECURE ZONE - UAS ENTERPRISE NETWORK ***"
  • IP Addressing: Configure semua interface sesuai enterprise scheme
  • Documentation: Comprehensive addressing table
Best Practice Example (R-HQ-MAIN):
! Basic Device Configuration
hostname R-HQ-MAIN
banner motd #*** SECURE ZONE - UAS ENTERPRISE NETWORK ***#

! Security Hardening
enable secret UAS2025Secure!
username networkadmin secret SSHsecure789

! Console & VTY Security
line console 0
  password ConsoleUAS123
  login
  exec-timeout 5 0
exit

line vty 0 4
  password VTYUAS456
  login local
  transport input ssh
  exec-timeout 5 0
exit

! SSH Configuration
ip domain-name enterprise.local
crypto key generate rsa modulus 2048
ip ssh version 2

! Interface Configuration
interface gigabitethernet 0/0
  ip address 172.16.10.1 255.255.255.0
  no shutdown
exit
2. Advanced Switching & VLAN Management (20 Points)
Requirements:
  • VLAN Implementation: Create VLAN 10, 20, 99 pada semua switches
  • VTP Domain Management:
    • Domain: "UAS_ENTERPRISE_DOMAIN"
    • Password: "VTPmaster2025"
    • SW-HQ-CORE sebagai VTP Server
    • SW-BRANCH-ACCESS & SW-REMOTE-EDGE sebagai VTP Clients
  • Port Assignment:
    • PC1, PC2, PC3 → VLAN 10 (ADMIN)
    • WebSrv, FTPSrv, MailSrv → VLAN 20 (SERVERS)
  • Trunk Configuration: 802.1Q dengan native VLAN 99
  • STP Optimization: Root bridge election, PortFast, BPDUGuard
Enterprise Switching Configuration (SW-HQ-CORE):
! VLAN Configuration
vlan 10
  name ADMIN
exit
vlan 20
  name SERVERS
exit
vlan 99
  name NATIVE
exit

! VTP Domain Management
vtp domain UAS_ENTERPRISE_DOMAIN
vtp password VTPmaster2025
vtp mode server

! Port Security & Assignment
interface range fastethernet 0/1-10
  switchport mode access
  switchport access vlan 10
  spanning-tree portfast
  spanning-tree bpduguard enable
exit

interface range fastethernet 0/11-20
  switchport mode access
  switchport access vlan 20
  spanning-tree portfast
  spanning-tree bpduguard enable
exit

! Trunk Configuration
interface gigabitethernet 0/1
  switchport mode trunk
  switchport trunk native vlan 99
  switchport trunk allowed vlan 10,20,99
  switchport nonegotiate
exit

! STP Optimization
spanning-tree vlan 1-4094 root primary
spanning-tree mode rapid-pvst
3. OSPF Multi-Area Routing Implementation (30 Points)
Requirements:
  • OSPF Process: Process ID 170 pada semua routers
  • Router IDs: 1.1.1.1 (HQ), 2.2.2.2 (Branch), 3.3.3.3 (Remote)
  • Multi-Area Design:
    • Area 0: R-HQ-MAIN dan R-BRANCH-OSPF
    • Area 1: R-REMOTE-PPP
  • ABR Configuration: R-BRANCH-OSPF sebagai Area Border Router
  • Network Statements: Semua networks harus diiklankan
  • Optimization: Passive interfaces, route summarization
Advanced OSPF Configuration (R-BRANCH-OSPF - ABR):
! OSPF Basic Configuration
router ospf 170
router-id 2.2.2.2

! Area 0 Networks (Backbone)
network 10.1.12.0 0.0.0.3 area 0
network 172.16.20.0 0.0.0.255 area 0

! Area 1 Networks (Remote)
network 10.1.23.0 0.0.0.3 area 1

! Security & Optimization
passive-interface default
no passive-interface serial 0/0/0
no passive-interface serial 0/0/1

! Route Summarization
area 0 range 172.16.0.0 255.255.0.0
area 1 range 172.16.0.0 255.255.0.0

! OSPF Authentication (Optional)
area 0 authentication message-digest
area 1 authentication message-digest

exit
4. WAN Security with PPP CHAP (10 Points)
Requirements:
  • PPP CHAP Authentication: Link antara R-BRANCH-OSPF dan R-REMOTE-PPP
  • Security Standards:
    • CHAP password: "WANsecure2025"
    • Two-way authentication
    • Encrypted password storage
  • Verification: PPP session status dan CHAP authentication debug
  • Best Practices: Use secret instead of password
Secure PPP CHAP Implementation:
! Pada R-BRANCH-OSPF:
username R-REMOTE-PPP secret WANsecure2025

interface serial 0/0/1
  encapsulation ppp
  ppp authentication chap
  ppp chap hostname R-BRANCH-OSPF
  ppp chap password 0 WANsecure2025
  no shutdown
exit

! Pada R-REMOTE-PPP:
username R-BRANCH-OSPF secret WANsecure2025

interface serial 0/0/1
  encapsulation ppp
  ppp authentication chap
  ppp chap hostname R-REMOTE-PPP
  ppp chap password 0 WANsecure2025
  no shutdown
exit

! Verification Commands
show interfaces serial 0/0/1
show ppp session
show ppp all
debug ppp authentication
5. Enterprise Security Policy Enforcement (25 Points)
Requirements:
  • Extended ACL Implementation:
    • Block FTP traffic dari VLAN ADMIN ke VLAN IT
    • Allow HTTP traffic dari VLAN SALES ke semua Servers
    • Named ACL: "UAS-SECURITY-POLICY"
    • Logging untuk monitoring purposes
  • NAT/PAT Configuration:
    • PAT untuk semua internal hosts menggunakan interface external
    • Static NAT untuk Web Server: 172.16.10.170 → 203.0.113.170
    • NAT pool untuk additional public IPs
  • Verification: Translation tables dan ACL hit counts
Comprehensive Security Implementation:
! Extended Named ACL
ip access-list extended UAS-SECURITY-POLICY
  remark "Block FTP from Admin to IT"
  deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 21 log
  deny tcp 172.16.10.0 0.0.0.255 172.16.30.0 0.0.0.255 eq 20 log
  remark "Allow HTTP from Sales to Servers"
  permit tcp 172.16.20.0 0.0.0.255 any eq 80 log
  remark "Permit all other traffic"
  permit ip any any
exit

! Apply ACL strategically
interface serial 0/0/1
  ip access-group UAS-SECURITY-POLICY out
exit

! NAT Configuration
ip nat pool PUBLIC-POOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0
ip nat inside source static 172.16.10.170 203.0.113.170
ip nat inside source list NAT-ACL pool PUBLIC-POOL overload

! NAT ACL
access-list 1 permit 172.16.0.0 0.0.255.255

! NAT Interfaces
interface gigabitethernet 0/0
  ip nat inside
exit
interface serial 0/0/0
  ip nat outside
exit
6. Advanced Enterprise Features (15 Points)
Requirements:
  • STP Enterprise Optimization:
    • SW-HQ-CORE sebagai root bridge untuk semua VLAN
    • PortFast dan BPDUGuard pada semua access ports
    • Rapid-PVST untuk fast convergence
  • NTP Configuration:
    • Synchronize waktu semua devices ke R-HQ-MAIN (172.16.10.1)
    • Timezone: WIB (UTC+7)
  • Enterprise Logging:
    • Enable logging pada semua devices
    • Timestamp semua log messages
    • Buffer size optimization
  • Optional: SNMP monitoring configuration
Enterprise Management Features:
! STP Enterprise Configuration
spanning-tree vlan 1-4094 root primary
spanning-tree mode rapid-pvst
spanning-tree extend system-id

! NTP Time Synchronization
ntp server 172.16.10.1
ntp update-calendar
clock timezone WIB 7

! Comprehensive Logging
logging buffered 16384
logging console
logging monitor
service timestamps log datetime msec
service timestamps debug datetime msec

! SNMP Monitoring (Optional)
snmp-server community public RO
snmp-server community private RW
snmp-server location "PT. ENTERPRISE SOLUTION"
snmp-server contact "Network Operations Center"
7. Final Verification & Documentation (35 Points)
Requirements:
  • Comprehensive Testing: End-to-end connectivity verification
  • Service Validation: HTTP, FTP, email services testing
  • Security Verification: ACL, NAT, authentication validation
  • Documentation: Professional technical documentation
  • Submission: Complete file package submission
Verification Commands Checklist:
! Basic Verification
show running-config
show ip interface brief
show version

! VLAN & Switching
show vlan brief
show interface trunk
show vtp status
show spanning-tree
! Routing & Services
show ip route
show ip route ospf
show ip ospf neighbor
show ip nat translations

! Security & Management
show access-lists
show ppp session
show ntp status
show logging

Grading Rubric UAS

Kategori Sub-Kategori Bobot Deskripsi Penilaian
Technical Excellence
(70%)		 Accuracy 25% Konfigurasi 100% sesuai technical requirements
Completeness 20% Semua tasks dan requirements diselesaikan
Functionality 15% Semua services operational dan functional
Enterprise Optimization
(15%)		 Best Practices 15% Implementasi enterprise best practices dan optimization
Documentation Quality
(10%)		 Completeness 6% Semua documentation sections terisi lengkap
Professionalism 4% Format rapi, structured, dan professional
Time Management
(5%)		 Efficiency 5% Penyelesaian dalam waktu 170 menit dengan pacing baik

Exam Timeline & Success Strategy

Phase 1: Strategic Planning & Design (15 Menit)
  • Baca dan analisa seluruh requirements dengan teliti
  • Buat IP addressing table yang comprehensive
  • Tentukan implementation sequence yang optimal
  • Siapkan documentation template untuk efisiensi
  • Identifikasi critical paths dan dependencies
Phase 2: Core Implementation (90 Menit)
15 menit
Basic Infrastructure

Device naming, security hardening, IP addressing

20 menit
Switching & VLAN

VLAN creation, VTP, trunking, STP optimization

25 menit
OSPF Routing

Multi-area OSPF, ABR configuration, verification

30 menit
Security & Services

PPP CHAP, ACL, NAT/PAT, service validation

Phase 3: Advanced Features & Testing (35 Menit)
  • Advanced Features: 15 menit (NTP, logging, optimization)
  • Comprehensive Testing: 15 menit (end-to-end verification)
  • Final Adjustments: 5 menit (fine-tuning dan bug fixes)
Phase 4: Verification & Documentation (30 Menit)
  • Comprehensive Verification: 15 menit (all required commands)
  • Documentation: 10 menit (screenshot dan organization)
  • Final Submission: 5 menit (file packaging dan upload)
Critical Success Factors:
  • Read Instructions Carefully: Pastikan semua requirements dipahami
  • Time Management: Jangan terjebak pada satu section terlalu lama
  • Test Incrementally: Verify setiap section setelah selesai
  • Save Frequently: Hindari kehilangan work karena technical issues
  • Document as You Go: Catat semua konfigurasi yang dilakukan
  • Stay Calm & Focused: Maintain composure selama exam

Final Submission Requirements

Packet Tracer File

NIM_NAMA_UAS.pkt

Complete Topology
Technical Documentation

NIM_NAMA_UAS_DOC.pdf

Professional Format
Configuration Backup

NIM_NAMA_CONFIG_BACKUP.txt

Text Format
Struktur Dokumentasi Teknis
  1. COVER PAGE - NIM, Nama, Kelas, Tanggal Ujian
  2. EXECUTIVE SUMMARY - Overview implementasi dan challenges
  3. TECHNICAL IMPLEMENTATION - Section-by-section configuration
  4. VERIFICATION RESULTS - Screenshot semua verification commands
  5. TESTING MATRIX - Comprehensive connectivity testing results
  6. TROUBLESHOOTING LOG - Issues dan resolution steps
  7. CONCLUSION - Refleksi dan recommendations

Selamat Menempuh Ujian Akhir Semester!

Anda telah menyelesaikan perjalanan pembelajaran Enterprise Networking. Terapkan semua knowledge dan skills yang telah dipelajari dengan confidence.

VLAN & Trunking OSPF Multi-Area PPP Security ACL & NAT Enterprise Design
Final Instructions
WAKTU MULAI:
[Diisi oleh pengawas]
WAKTU SELESAI:
[Diisi oleh pengawas]
SEMOGA SUKSES DALAM UJIAN AKHIR SEMESTER! 🎓