Archive for the ‘Cisco’ Category
[basic-bgp] advertising & Filter prefix junOS
Sebelumnya kita sudah coba config basic-bgp 
sekarang kita coba advertise IP dari juniper.
kita bikin prefix-list IP yg akan kita advertise
=================================
ebenz@junOS# edit prefix-list export
ebenz@junOS# set 10.100.100.0/24
[edit policy-options prefix-list export]
ebenz@junOS# set 10.100.101.0/24
[edit policy-options prefix-list export]
ebenz@junOS# set 10.100.102.0/24
[edit policy-options prefix-list export]
ebenz@junOS# set 10.100.103.0/24
[edit policy-options prefix-list export]
ebenz@junOS# show
10.100.100.0/24;
10.100.101.0/24;
10.100.102.0/24;
10.100.103.0/24;
[edit policy-options prefix-list export]
ebenz@junOS#
kemudian kita null0 supaya IP tetep exist diluar (karena ini simulasi 
)
ebenz@junOS# edit routing-options static
[edit routing-options static]
ebenz@junOS# set route 10.100.100.0/24 reject
[edit routing-options static]
ebenz@junOS# set route 10.100.101.0/24 reject
[edit routing-options static]
ebenz@junOS# set route 10.100.102.0/24 reject
[edit routing-options static]
ebenz@junOS# set route 10.100.103.0/24 reject
[edit routing-options static]
ebenz@junOS# set route 10.100.104.0/24 reject
[edit routing-options static]
ebenz@junOS#
kemudian kita bikin statment untuk prefix-list
ebenz@junOS# edit policy-options
ebenz@junOS# set policy-statement export-prefix term 1 from prefix-list export
[edit policy-options]
ebenz@junOS# show
prefix-list export {
10.100.100.0/24;
10.100.101.0/24;
10.100.102.0/24;
10.100.103.0/24;
}
policy-statement export-prefix {
term 1 {
from {
prefix-list export;
}
}
}
hemm.. belum ada filtering
===================
[edit policy-options policy-statement export-prefix term 1]
ebenz@junOS# set then accept
[edit policy-options policy-statement export-prefix term 1
ebenz@junOS# show
from {
prefix-list export;
}
then accept;
[edit policy-options]
ebenz@junOS# set policy-statement export-prefix term 2 then reject
[edit policy-options]
ebenz@junOS# commit
commit complete
ebenz@junOS# show
term export-list {
from {
prefix-list export;
}
then accept;
}
term 2 {
then reject;
}
[edit policy-options policy-statement export-prefix]
ebenz@junOS# top
[edit]
ebenz@junOS# commit
commit complete
kemudian kita pasang statment pada protocol bgp
====================================
[edit protocols bgp]
ebenz@NETSOFT# edit group ASN-3030
[edit protocols bgp group ASN-3030]
ebenz@NETSOFT# show
type external;
peer-as 3030;
neighbor 172.16.0.204;
[edit protocols bgp group ASN-3030]
ebenz@NETSOFT# set export ?
Possible completions:
Export policy
( Open an expression
[ Open a set of values
[edit protocols bgp group ASN-3030]
ebenz@NETSOFT# set export export-prefix
[edit protocols bgp group ASN-3030]
ebenz@NETSOFT# commit
commit complete
kita tengok di sebrangnya apakah sudah dapet
===================================
cisco#sh ip route bgp
10.0.0.0/24 is subnetted, 4 subnets
B 10.100.102.0 [20/0] via 172.16.0.202, 00:00:16
B 10.100.103.0 [20/0] via 172.16.0.202, 00:00:16
B 10.100.100.0 [20/0] via 172.16.0.202, 00:00:16
B 10.100.101.0 [20/0] via 172.16.0.202, 00:00:16
[basic-BGP] junOS – Quagga – Cisco
Kali ini kita lagi coba2 build bgp dgn 3 router dalam 1 network yaitu 172.16.0.192/28 (tanpa filtering) just fur newbies.
JunOS : 172.16.0.202/28 ASN 2020
Quagga : 172.16.0.200/28 ASN 1010
AdvNetwork : 192.192.0.0/16
Cisco : 172.16.0.204/28 ASN 3030
AdvNetwork : 192.100.0.0/16
Kita Asumsikan bahwa quagga & Cisco sudah ready dgn config BGP nya, jadi kita tinggal coba step-step config di junOS tanpa filtering ;
config untuk peer asn 3030 (cisco)
ebenz@junOS> show bgp summary
BGP is not running
ebenz@junOS> edit
Entering configuration mode
[edit]
ebenz@junOS# edit protocols bgp
ebenz@junOS# set group ASN-3030 type external (peer as cisco)
[edit protocols bgp]
ebenz@junOS# set group ASN-3030 peer-as 3030
[edit protocols bgp]
ebenz@junOS# set group ASN-3030 neighbor 172.16.0.200
[edit protocols bgp]
ebenz@junOS# show
group ASN-3030 {
type external;
peer-as 3030;
neighbor 172.16.0.200;
}
config untuk peer asn 1010 (quagga)
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 type external
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 peer-as 1010
[edit protocols bgp]
ebenz@junOS# set group ASN-1010 neighbor 172.16.0.204
[edit protocols bgp]
ebenz@junOS# commit
commit complete
tinggal kita lihat status BGP ;
=====================
ebenz@junOS# run show bgp summary
Groups: 2 Peers: 2 Down peers: 2
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped…
172.16.0.200 3030 0 1 0 0 40 Active
172.16.0.204 1010 0 2 0 0 40 Active
hemm Active .., ups ternyata IP kebalik untuk peer 3030 harusnya IP 172.16.0.204 . Nope kita rename
=============================================================================
ebenz@junOS# edit group ASN-3030
[edit protocols bgp group ASN-3030]
ebenz@junOS# rename neighbor 172.16.0.200 to neighbor 172.16.0.204
[edit protocols bgp group ASN-3030]
ebenz@junOS# up
[edit protocols bgp]
ebenz@junOS# edit group ASN-1010
[edit protocols bgp group ASN-1010]
ebenz@junOS# rename neighbor 172.16.0.204 to neighbor 172.16.0.200
[edit protocols bgp group ASN-1010]
ebenz@junOS# commit
commit complete
[edit protocols bgp group ASN-1010]
[edit protocols bgp]
ebenz@junOS# show
group ASN-3030 {
type external;
peer-as 3030;
neighbor 172.16.0.204;
}
group ASN-1010 {
type external;
peer-as 1010;
neighbor 172.16.0.200;
}
[edit protocols bgp]
ebenz@junOS#
kita lihat status BGP nya kembali
==========================
ebenz@junOS# run show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 9 8 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Damped…
172.16.0.200 1010 4 3 0 0 12 8/9/0 0/0/0
172.16.0.204 3030 1 5 0 0 0 0/0/0 0/0/0
sebelum filtering kita coba lihat route yg di dapat dari cisco dan quagga;
======================================================
ebenz@junOS> show route advertising-protocol bgp 172.16.0.200
inet.0: 14 destinations, 19 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.16.0.0/16 172.16.0.204 3030 I
* 192.192.191.0/24 172.16.0.204 3030 I
* 192.192.192.0/24 172.16.0.204 3030 I
* 192.192.193.0/24 172.16.0.204 3030 I
* 192.192.194.0/24 172.16.0.204 3030 I
* 192.192.195.0/24 172.16.0.204 3030 I
ebenz@junOS> show route advertising-protocol bgp 172.16.0.204
inet.0: 14 destinations, 19 routes (14 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 192.100.1.0/24 172.16.0.200 1010 ?
* 192.100.2.0/24 172.16.0.200 1010 ?
* 192.100.3.0/24 172.16.0.200 1010 ?
* 192.100.4.0/24 172.16.0.200 1010 ?
* 192.100.5.0/24 172.16.0.200 1010 ?
[junOS] Filter prefix length ospf
Biasanya tidak semua prefix mau di terima kita, misalnya ada ip2 private yg tidak mau kita terima routenya.
Pada case ini misal kita mau filter prefix 20.21.22.0/24 , kita lihat dulu route sebelumnya.
ebenz@enterprise# run show route | match 20.21.22.
20.21.22.0/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.4/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.8/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.12/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.16/30 *[OSPF/150] 00:00:53, metric 21, tag 0
20.21.22.20/30 *[OSPF/150] 00:00:53, metric 21, tag 0
[edit]
ebenz@enterprise#
simple config untuk mem-filter ip di ospf ;
ebenz@enterprise# edit policy-options policy-statement ospf-filter
[edit policy-options policy-statement ospf-filter]
ebenz@enterprise# set term filter-private from neighbor 172.16.0.204
ebenz@enterprise# set term filter-private from route-filter 20.21.22.0/24 orlonger
ebenz@enterprise# set term filter-private then reject
ebenz@enterprise# set term else then accept
ebenz@enterprise# show
term filter-private {
from {
neighbor 172.16.0.204;
route-filter 20.21.22.0/24 orlonger;
}
then reject;
}
term else {
then accept;
}
[edit policy-options policy-statement ospf-filter]
kemudian import statment pada protocol ospf
ebenz@enterprise# edit protocols ospf
[edit protocols ospf]
ebenz@enterprise# set import ospf-filter
[edit protocols ospf]
ebenz@enterprise# show
import ospf-filter;
area 0.0.0.1 {
interface fe-0/0/0.0 {
hello-interval 10;
neighbor 172.16.0.204;
neighbor 172.16.0.200;
}
}
[edit protocols ospf]
ebenz@enterprise# commit
commit complete
[edit protocols ospf]
ebenz@enterprise# run clear ospf neighbor
[edit protocols ospf]
ebenz@enterprise# run show route | match 20.21.22.
[edit protocols ospf]
sudah hilang coba kita show route
ebenz@enterprise# top
[edit]
ebenz@enterprise# exit
Exiting configuration mode
ebenz@enterprise> show route
inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:56, metric 1, tag 0
> to 172.16.0.200 via fe-0/0/0.0
30.31.32.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
30.31.32.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.0/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.4/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.8/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.12/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
40.41.42.16/30 *[OSPF/150] 00:00:51, metric 21, tag 0
> to 172.16.0.204 via fe-0/0/0.0
Trunking switch Adtran & Mikrotik
VLAN-SWITCH#sh ver
ADTRAN, Inc. OS version 13.10.00
Checksum: 2054C82B, built on Tue Dec 04 13:40:18 2007
Upgrade key: 68a2fe5412a6c447084e1a4d4873d7ff
Boot ROM version 12.02.00
Checksum: C440, built on: Fri May 12 15:14:02 2006
Copyright (c) 1999-2006, ADTRAN, Inc.
Platform: NetVanta 1224ST, part number 1200504L1
Serial number G15C5195
Flash: 8388608 bytes DRAM: 16777215 bytes
VLAN-SWITCH uptime is 1 days, 2 hours, 13 minutes, 24 seconds
System returned to ROM by Hard Reset
Current system image file is “NV1224A-13-10-00.biz”
Primary boot system image file is “NV1224A-13-10-00.biz”
Backup boot system image file is “9200500-2A1202.biz”
Primary system configuration file is “startup-config”
VLAN-SWITCH#sh run int eth 0/24
Building configuration…
!
!
interface eth 0/24
description TRUNK-MIKROTIK
speed 100
no shutdown
switchport mode trunk
!
end
VLAN-SWITCH#sh run in eth 0/20
Building configuration…
!
!
interface eth 0/20
no shutdown
switchport access vlan 2
!
end
==============================================
Mikrotik Config
==============================================
[admin@MikroTik] > interface print
Flags: X – disabled, R – running, D – dynamic, S – slave
# NAME TYPE MTU
0 R ISP-PTP ether 1500
2 R DMZ ether 1500
3 R ADTRAN-TRUNK ether 1500
5 R vlan2 vlan 1500
[admin@MikroTik] > interface vlan print
Flags: X – disabled, R – running, S – slave
# NAME MTU ARP VLAN-ID INTERFACE
0 R vlan2 1500 enabled 2 ADTRAN-TRUNK
[admin@MikroTik] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.2.1.1/24 10.2.1.0 10.2.1.255 vlan2
[admin@MikroTik] > ip dhcp-server print
Flags: X – disabled, I – invalid
# NAME INT… RELAY ADDRESS-POOL LEASE-TIME ADD
0 dhcp1 vlan2 dhcp_pool2 1d
salam,
Ervin Taufik
Cisco 7200 Simulator
The 0.2.8-RC2 release is available,
New feature:
- Ethernet/ATM bridge, conforming to the RFC1483 (bridged mode). I added this because I’ve this kind of devices on my network (xDSL modem). It will require a Dynagen upgrade to be usable.
Beberapa Bugnya sudah di pacth sepertinya, harusnya sekarang lebih ringan “Mungkin” yang jujur saya belum coba. Yang sebelumnya saya coba di Intel Centrino 1,8 Ghz load cpunya 100%. Jadi jangan ragu2 silahkan mencoba : http://www.ipflow.utc.fr/blog/
salam,
Ervin Taufik
ervin andriana taufik
