RSS

Show Frame-relay Map Brief

Mencoba untuk mengulang kembali skenario lab frame-relay yang ada di buku merah putih (oleh Dedi Gunawan CCIE R/S #29745). Kebetulan sedang sedikit bersemangat. Mudah-mudah semangatnya sampai tuntas di bangku ujian lab ccie. Amin…

Alon-alon asal klakon. Mensimulasikan lab yang ada di saat-saat senggang, dimulai dari lab 1 hingga lab 9. Alhasil membingungkan, alamak! Buka lagi dari lab 1, hanya cukup dengan membaca tanpa mensimulasikannya kembali. Cukup banyak variasi lab yang diberikan oleh pakcik Dedi kita ini. Tiba-tiba terlintas untuk membuat mapping atau summary dari kesembilan lab-lab dasar frame-relay tersebut.

Selesai corat-coret di atas kertas, saya coba buat dalam bentuk gambar. Melihat hasilnya nampaknya lumayan juga untuk dipostingkan dalam blog ini. Saat beralih ke materi lab berikutnya atau saat-saat lupa (pasti lupa! :D), dengan melihat gambar tersebut nantinya mudah-mudahan bisa cepat mengembalikan ingatan.

Berikut adalah ringkasannya :

Frame-relay mapping

Mantab pakcik! Kalau ada yang salah dengan mapping di atas mohon koreksinya yah pakciiikk.. Dadaaaahhh

 
Leave a comment

Posted by on December 17, 2012 in Lab Frame Relay

 

Tags: , , ,

Lab 11 JunOS : MPLS-based Layer 2 VPN on JunOS

Di lab sebelumnya kita bisa mensimulasikan MPLS L3VPN dengan menggunakan simulator JunOS atau Olive, namun tidak demikian dengan MPLS L2VPN. Untuk mensimulasikan MPLS L2VPN kita harus menggunakan perangkat real. Kali ini kita akan coba mensimulasikannya dengan menggunakan perangkat real. Cukup menggunakan perangkat kecil Juniper SRX210!! Luar biasaa…

Berikut adalah topologinya:

 

Configurasi PE1:

root@PE1# run show configuration | display set | no-more
set version 11.4R1.6
set system host-name PE1
set system root-authentication encrypted-password “$1$UPodyIdP$J.e2R/PUIWawQMnBiFECs.”
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 encapsulation ethernet-ccc
set interfaces ge-0/0/1 unit 0
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options autonomous-system 65000
set protocols mpls interface ge-0/0/0.0
set protocols bgp group int type internal
set protocols bgp group int local-address 1.1.1.1
set protocols bgp group int family l2vpn signaling
set protocols bgp group int neighbor 2.2.2.2
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set security forwarding-options family mpls mode packet-based
set routing-instances l2vpn instance-type l2vpn
set routing-instances l2vpn interface ge-0/0/1.0
set routing-instances l2vpn route-distinguisher 1.1.1.1:12
set routing-instances l2vpn vrf-target target:65000:12
set routing-instances l2vpn protocols l2vpn encapsulation-type ethernet
set routing-instances l2vpn protocols l2vpn site a site-identifier 1
set routing-instances l2vpn protocols l2vpn site a interface ge-0/0/1.0

 

Configurasi PE2:

root@PE2# run show configuration | display set | no-more
set version 10.0R1.8
set system host-name PE2
set system root-authentication encrypted-password “$1$SkCw3HZj$4c6DRqieOeo7KGDV/k4yQ.”
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 encapsulation ethernet-ccc
set interfaces ge-0/0/1 unit 0
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options autonomous-system 65000
set protocols mpls interface ge-0/0/0.0
set protocols bgp group int type internal
set protocols bgp group int local-address 2.2.2.2
set protocols bgp group int family l2vpn signaling
set protocols bgp group int neighbor 1.1.1.1
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set security forwarding-options family mpls mode packet-based
set routing-instances l2vpn instance-type l2vpn
set routing-instances l2vpn interface ge-0/0/1.0
set routing-instances l2vpn route-distinguisher 2.2.2.2:12
set routing-instances l2vpn vrf-target target:65000:12
set routing-instances l2vpn protocols l2vpn encapsulation-type ethernet
set routing-instances l2vpn protocols l2vpn site b site-identifier 2
set routing-instances l2vpn protocols l2vpn site b interface ge-0/0/1.0

 

Verifikasi pe1:

 

 

 

Verifikasi pe2:

 

 

 

BGP nya sudah established. LDP session sudah naik. L2VPN connection sudah terbentuk. Sekarang kita cek circuit yang sudah ada antara site A dengan site B. Kita test dengan ping dari PC di masing-masing site:

 

Aiihh pakcik mantaabb. Silahkan mencoba!

 

 

 
Leave a comment

Posted by on May 14, 2012 in Lab JunOS

 

Tags: , , ,

Lab 10 JunOS : ECMP Per-packet Load Balance on JunOS

Salam merdeka pakcik! Lab kali ini cukup  mudah meriah. Dari pada hilang begitu saja di ingatan, lebih  baik kita tuangkan dalam blog. Cukup menarik. Yaitu cara membuat bagaimana agar mekanisme load balance bisa terjadi ketika suatu packet dari sebuah source menuju satu destination yang next-hop nya lebih dari 1 link. Dengan catatan link tersebut memiliki cost yang sama atau ECMP (Equal Cost Multi-Path). Lalu bagaimana? Mari kita mainkan rumusnya pakcik!

Berikut topologinya :

 

Configurasi r1:

admin@r1# run show configuration | display set | no-more
set version 10.4R8.5
set system host-name r1
set system root-authentication encrypted-password “$1$tAnWXAaJ$VSHxZMiF3a3c9SzJGUKvz1″
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password “$1$uECd38oM$EEr6cLV605cGtVhekdPtC0″
set system services ssh
set system services telnet
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/1 unit 0 family inet address 13.13.13.1/24
set routing-options forwarding-table export loadbalance
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0
set policy-options policy-statement loadbalance then load-balance per-packet

 

Configurasi r2:

admin@r2# run show configuration | display set | no-more
set version 11.3R4.2
set system host-name r2
set system root-authentication encrypted-password “$1$Ymk5YVnz$5tTod1EQD9RTRbGxjPlYY0″
set system login user admin uid 2001
set system login user admin class super-user
set system login user admin authentication encrypted-password “$1$VK0/NoZH$BBeCV5QEhAOfKDK86tY5p0″
set system services ssh
set system services telnet
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/1 unit 0 family inet address 24.24.24.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0

 

Configurasi r3:

admin@r3# run show configuration | display set | no-more
set version 11.3R4.2
set system host-name r3
set system root-authentication encrypted-password “$1$eMcqxC6e$KErz9IndhkYqqOrbo7Fxh0″
set system login user admin uid 2000
set system login user admin class super-user
set system login user admin authentication encrypted-password “$1$0FCggWmy$/eCj4GfTSit1ep96TvCA10″
set system services ssh
set system services telnet
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.3/24
set interfaces ge-0/0/1 unit 0 family inet address 34.34.34.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0

 

Configurasi r4:

root@r4# run show configuration | display set | no-more
set version 11.2R4.3
set system host-name r4
set system root-authentication encrypted-password “$1$mo4uLR7Z$H8YkNX8tzE5M3rH59Pv0i1″
set system login user admin uid 2002
set system login user admin class super-user
set system login user admin authentication encrypted-password “$1$dgzDdrw1$de1yPdrMq443y8NeLmTzt0″
set system services ssh
set system services telnet
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.4/24
set interfaces ge-0/0/1 unit 0 family inet address 34.34.34.4/24
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set routing-options forwarding-table export loadbalance
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0
set policy-options policy-statement loadbalance then load-balance per-packet
set security forwarding-options family mpls mode packet-based

 

Packet akan menemui 2 link yang bandwithnya sama dari r1 menuju r4, dan begitu juga sebaliknya.

Verifikasi r1:

 

 

Verifikasi r4:

 

 

Seperti kita lihat pakcik dalam routing table dan forwarding table dari r1 menuju r4 dan sebaliknya terdapat 2 next-hop available. Mekanisme ini bisa berjalan dengan ada nya sebuah policy yang kita masukkan ke dalam forwarding table:

 

 

Naah, itulah rumusnya pakcik. Sekarang mari kita buktikan:

 

 

Terlihat ketika traceroute, packet menuju ke kedua link yang ada. Mantab kalipun!

 

 

 

 

 
Leave a comment

Posted by on May 14, 2012 in Lab JunOS

 

Tags: ,

Lab 9 JunOS : Layer 2 Circuits over MPLS on JunOS

Halo pakcik-pakcik sekalian, lamo tak basuo! Sebelumnya saya mengucapkan selamat kepada pakcik Haristo (salah satu peserta CCIE bootcamp) atas kelulusan CCIE #35356 nya. Selamat pakcik, mainkan terus!!

Udah lama ga ngonfig, mumpung ada perangkat nganggur mending kita ngelab. Perangkat yang akan digunakan adalah srx210. Merupakan low level device dari Juniper, yang biasa digunakan di small office. Tapi itulah baik hatinya Juniper, walaupun perangkatnya “printilan” tapi fiturnya pentolan. “One Single JunOS” platform!

Ok pakcik, langsung ke topologinya:

 

Configurasi PE1:

root@PE1# run show configuration | display set | no-more
set version 11.4R1.6
set system host-name PE1
set system root-authentication encrypted-password “$1$UPodyIdP$J.e2R/PUIWawQMnBiFECs.”
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 encapsulation ethernet-ccc
set interfaces ge-0/0/1 unit 0
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set protocols mpls interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set protocols l2circuit neighbor 2.2.2.2 interface ge-0/0/1.0 virtual-circuit-id 12
set security forwarding-options family mpls mode packet-based

 

Configurasi PE2:

root@PE2# run show configuration | display set | no-more
set version 10.0R1.8
set system host-name PE2
set system root-authentication encrypted-password “$1$SkCw3HZj$4c6DRqieOeo7KGDV/k4yQ.”
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/0 unit 0 family mpls
set interfaces ge-0/0/1 encapsulation ethernet-ccc
set interfaces ge-0/0/1 unit 0
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set protocols mpls interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ldp interface ge-0/0/0.0
set protocols ldp interface lo0.0
set protocols l2circuit neighbor 1.1.1.1 interface ge-0/0/1.0 virtual-circuit-id 12
set security forwarding-options family mpls mode packet-based

 

Verifikasi mpls dan ldp:

 

 

 

 

Interface mpls sudah up, dan ldp session nya sudah ok (operational). Sekarang kita cek l2circuit nya:

 

 

Sebuah circuit telah terbentuk antara PE1 dengan PE2. Jadi seolah-olah PC1 dengan PC2 terhubung melalui melalui sebuah kabel. Kita test ping dari PC1 ke PC2:

 

Mantaab pakcik. Murah kalipun.. :D

 

 
2 Comments

Posted by on May 11, 2012 in Lab JunOS

 

Tags: , ,

Lab 8 JunOS : Juniper SRX as an OSPF Router without using Zones / Policy

Perangkat yang digunakan :

R1 : SRX240

R2 : EX3200

R3 : EX3200

 

Topologi :

 

Configurasi R1 :

root@R1# run show configuration | display set
set version 10.4R8.5
set system host-name R1
set system root-authentication encrypted-password “$1$OSkDCvMS$TGZxapN9R.kWFhSs8Al2K1″
set interfaces ge-0/0/12 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/13 unit 0 family inet address 13.13.13.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/12.0
set protocols ospf area 0.0.0.0 interface ge-0/0/13.0
set security forwarding-options family mpls mode packet-based

 

Configurasi R2 :

root@R2# run show configuration | display set
set version 10.1R1.8
set system host-name R2
set system root-authentication encrypted-password “$1$ZPvPAIze$pqsOGECn9xbuztBZ7p063.”
set interfaces ge-0/0/12 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/23 unit 0 family inet address 23.23.23.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set protocols ospf area 0.0.0.0 interface ge-0/0/12.0
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0
set protocols ospf area 0.0.0.0 interface lo0.0

 

Configurasi R3 :

root@R3# run show configuration | display set
set version 10.4R1.9
set system host-name R3
set system root-authentication encrypted-password “$1$W6xDvXSa$F3XDavCGZvUwLfUYPyJRV/”
set interfaces ge-0/0/13 unit 0 family inet address 13.13.13.3/24
set interfaces ge-0/0/23 unit 0 family inet address 23.23.23.3/24
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/23.0
set protocols ospf area 0.0.0.0 interface ge-0/0/13.0

 

Verifikasi :

 

 

 

Test ping :

 

 

 

Done! Silahkan mencoba, semoga bermanfaat. Mamam dulu, dadaaaahh….

 

 
6 Comments

Posted by on February 28, 2012 in Lab JunOS

 

Tags: , , , , , ,

Lab 26 : Port-Security (Violation Action & Violation Recovery)

Topologi :

 

Cek mac address interface fa0/0 di R1 (koneksi ke SW1) :

 

Configurasi SW1 :

interface FastEthernet0/11
switchport mode access
switchport port-security
switchport port-security mac-address 000c.301d.73a0
!

 

Verifikasi :

 

Coba rubah mac-address interface fa0/0 di R1 :

 

Cek lagi di SW1 :

 

 

 

Dan port fa0/11 di SW1 pun down.

Configurasi untuk port security violation action :

 

Configurasi untuk port security violation recovery :

 

Selesai sudah buku batik ini pakcik. Many thanx to mas Dedi Gunawan. What next? Let’s see..

SALAM PAKCIK !!!

 
6 Comments

Posted by on February 17, 2012 in Lab Switching

 

Tags: , ,

Lab 25 : VLAN Access-Map

Hanya melewatkan packet ping dan telnet. Topologi :

 

Configurasi SW1 :

vlan access-map PING_TELNET 10
action forward
match ip address 100
!
vlan filter PING_TELNET vlan-list 146
!
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit tcp any any eq telnet
access-list 100 permit tcp any eq telnet any
access-list 100 permit ospf any any
!

 

Begitu aja pakciikk, murah kali lah ituuu hahahaaa…

 

 
Leave a comment

Posted by on February 17, 2012 in Lab Switching

 

Tags: , , , ,

 
Follow

Get every new post delivered to your Inbox.