Config Register is 0x4a6f6469

May 14, 2009

Lab - 140520091029

Dear Networkers.

IS-IS routing protocol dan Route Leak akan menjadi tema Lab kali ini.

Berikut topologi lab,

ISIS Route Leak Topology

Spesifikasi Lab,

 

  • Konfigurasi ISIS routing protocol
  • Terdiri dari Area-1 dan Area-2
  • ’sh ip route’ di L1 router, yaitu R2 dan R3, L1 router hanya akan menampilkan default route.
  • Konfigurasi Route Leak dari R0 sebagai L2/L1 router ke R2 dengan distribute-list,
  • izinkan prefix 192.168.4.0/24 untuk ditampilkan pada routing table R2
  • Konfigurasi Route Leak dari R1 sebagai L2/L1 router ke R3 dengan route-map,
  • izinkan prefix 192.168.1.0/24 untuk ditampilkan pada routing table R3
  • Verifikasi dengan ping

 

 

Berikut konfigurasi Cisco router berturut-turut R0 - R2 - R1 - R3,

 

R0#sh run

Building configuration…

Current configuration : 981 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 201.1.1.1 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-2-only
!
interface FastEthernet1/0
 ip address 200.1.1.2 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
router isis
 net 49.0001.4444.4444.4444.00
 redistribute isis ip level-2 into level-1 distribute-list 100
!
ip http server
ip classless
!
!
!
access-list 100 permit ip 192.168.4.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

 

R2#sh run

Building configuration…

Current configuration : 951 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
 ip router isis
 isis circuit-type level-1
!
interface Loopback1
 ip address 192.168.2.1 255.255.255.0
 ip router isis
 isis circuit-type level-1
!
interface FastEthernet0/0
 ip address 200.1.1.1 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
router isis
 net 49.0001.2222.2222.2222.00
 is-type level-1
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

 

R1#sh run

Building configuration…

Current configuration : 1020 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 202.1.1.1 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
interface FastEthernet1/0
 ip address 201.1.1.2 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-2-only
!
router isis
 net 49.0002.1111.1111.1111.00
 redistribute isis ip level-2 into level-1 route-map leaking
!
ip http server
ip classless
!
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
route-map leaking permit 10
 match ip address 1
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

 

R3#sh run

Building configuration…

Current configuration : 951 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 192.168.3.1 255.255.255.0
 ip router isis
 isis circuit-type level-1
!
interface Loopback1
 ip address 192.168.4.1 255.255.255.0
 ip router isis
 isis circuit-type level-1
!
interface FastEthernet0/0
 ip address 202.1.1.2 255.255.255.252
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
router isis
 net 49.0002.3333.3333.3333.00
 is-type level-1
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

 

Verifikasi, ’sh ip route’ pada saat Route Leak belum aktif, R2 dan R3 sebagai L1 router hanya menampilkan deafult route selain directly connected.

R2 Routing Table before Route Leak 

R3 Routing Table Before Route Leak

Selanjutnya adalah ’sh ip route’ di pada R2 dan R3 setelah Route Leak aktif. R2 routing table akan menampilkan ‘prefix bocoran’ yang diterima dari R0. Sedangkan R3 routing table akan menampilkan ‘prefix bocoran’ yang diterima dari R1.

R2 routing table after Route Leak

R3 routing table after Route Leak 

Verifikasi ping :)

R2 ping, verified !

R3 ping, verified !

 

credit: thanks to Johnson Liu, CCIE #11440 for his note about Route Leak with route-map, many thanks man :)

 

May 11, 2009

Lab - 110520091027

Hola Networkers. Gimana bro, sehat semua. Gimana di data center masih dinginkah, hehehe :) . Semoga semuanya berjalan dengan baik dan sesuai dengan tujuan.

Lab kali ini, kita akan mengkonfigurasi MPLS VPN di Cisco router. Seperti biasa, di bawah ini adalah gambar topologinya.

MPLS VPN Topology

Spesifikasi lab:

 

  • Konfigur ripv2 untuk igp di core mpls
  • Konfigur mpls
  • Konfigur bgp
  • Konfigur mp-bgp
  • Konfigur vrf vpn_A dan vrf vpn_B
  • Konfigur dan administrasi Route Distinguisher
  • Konfigur dan administrasi Route Target Export/Import
  • Konfigur ripv2 untuk routing antara Service Provider dan Customer (CEA1, CEA2, CEB1)
  • CEA2 boleh berkomunikasi dengan CEA1
  • CEB1 boleh berkomunikasi dengan CEA1
  • CEA2 tidak boleh berkomunikasi dengan CEB1
  • Verifikasi !

 

 

OK guys, ini konfigurasi lengkapnya. Berturut-turut dari kiri ke kanan sesuai gambar topologi :)

 

CEA2#sh run

Building configuration…

Current configuration : 621 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CEA2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 195.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 195.1.1.0
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

PE2#sh run

Building configuration…

Current configuration : 1506 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
ip vrf vpn_A
 rd 100:2
 route-target export 100:2
 route-target import 100:1
!
no tag-switching ip propagate-ttl
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.1.1.1 255.255.255.252
 duplex auto
 speed auto
 tag-switching ip
!
interface FastEthernet1/0
 ip vrf forwarding vpn_A
 ip address 195.1.1.2 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 2.0.0.0
 network 192.1.1.0
 no auto-summary
 !
 address-family ipv4 vrf vpn_A
 redistribute bgp 100 metric transparent
 network 195.1.1.0
 no auto-summary
 exit-address-family
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 1.1.1.1 next-hop-self
 no auto-summary
 !
 address-family vpnv4
 neighbor 1.1.1.1 activate
 neighbor 1.1.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf vpn_A
 redistribute connected
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

P#sh run

Building configuration…

Current configuration : 801 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no tag-switching ip propagate-ttl
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 192.1.1.2 255.255.255.252
 duplex auto
 speed auto
 tag-switching ip
!
interface FastEthernet1/0
 ip address 200.1.1.1 255.255.255.252
 duplex auto
 speed auto
 tag-switching ip
!
router rip
 version 2
 network 192.1.1.0
 network 200.1.1.0
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

 

 

PE1#sh run

Building configuration…

Current configuration : 1944 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
ip vrf vpn_A
 rd 100:1
 route-target export 100:1
 route-target import 100:2
 route-target import 100:3
!
ip vrf vpn_B
 rd 100:3
 route-target export 100:3
 route-target import 100:1
!
no tag-switching ip propagate-ttl
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 200.1.1.2 255.255.255.252
 duplex auto
 speed auto
 tag-switching ip
!
interface FastEthernet1/0
 ip vrf forwarding vpn_A
 ip address 196.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet2/0
 ip vrf forwarding vpn_B
 ip address 197.1.1.1 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 1.0.0.0
 network 200.1.1.0
 no auto-summary
 !
 address-family ipv4 vrf vpn_B
 redistribute bgp 100 metric transparent
 network 197.1.1.0
 no auto-summary
 exit-address-family
 !
 address-family ipv4 vrf vpn_A
 redistribute bgp 100 metric transparent
 network 196.1.1.0
 no auto-summary
 exit-address-family
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 2.2.2.2 next-hop-self
 no auto-summary
 !
 address-family vpnv4
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf vpn_B
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf vpn_A
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

CEA1#sh run

Building configuration…

Current configuration : 621 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CEA1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 196.1.1.2 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 196.1.1.0
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

CEB1#sh run

Building configuration…

Current configuration : 621 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CEB1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 197.1.1.2 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 197.1.1.0
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!

end 

 

Verifikasi konfigurasi dengan cara:

 

  • ’sh ip route’ pada masing-masing CE apakah prefix-prefix yang diinginkan sudah terdapat di routing table
  • ‘ping’ dari masing-masing CE ke prefix-prefix tersebut
  • Pastikan prefix-prefix dari Service Provider (P) tidak teradvertise ke routing table CE
  • Traceroute dari CE ke CE, jika sudah benar maka prefix Service Provider (P) tidak akan muncul di hop.
  • Verifikasi di core MPLS dengan,
  • ’sh mpls forwarding-table’
  • ’sh mpls ldp bindings’
  • ’sh mpls ldp discovery’
  • ’sh mpls ldp neighbor’
  • ’sh ip route’
  • ’sh ip bgp sum’
  • ’sh ip cef’

 

 

Berikut capture hasil verifikasi.

CEA2: no service provider prefixes 

CEA1: no service provider prefixes

CEB1: no service provider prefixes

PE2 Verification

PE2: sh ip cef

P Verification

P: sh ip cef

PE1 Verification

PE1: sh ip cef 

 

 

April 29, 2009

Lab - 290420091026

Halo Networkers :)

Lab kali ini mempunyai spesifikasi sebagai berikut

  • BGP Routing
  • Customize Local Preference, dengan tujuan
  • route ke 30.30.30.0/24 harus ‘berputar’ melalui AS 400, dan
  • route ke 40.40.40.0/24 harus ‘berputar’ melalui AS 300 

Berikut topologinya:

LocPref.V1
 

 

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 172.1.0.2 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet1/0
 ip address 1.1.1.1 255.255.255.252
 speed 100
 full-duplex
!
router rip
 version 2
 network 172.1.0.0
 no auto-summary
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.2 remote-as 300
 neighbor 1.1.1.2 route-map locpref3040 in
 neighbor 172.1.0.1 remote-as 100
 neighbor 172.1.0.1 next-hop-self
 neighbor 172.1.1.2 remote-as 100
 neighbor 172.1.1.2 next-hop-self
 no auto-summary
!
ip http server
ip classless
!
!
!
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 2 permit 40.40.40.0 0.0.0.255
route-map locpref3040 permit 10
 match ip address 1
 set local-preference 100
!
route-map locpref3040 permit 20
 match ip address 2
 set local-preference 200
!
route-map locpref3040 permit 30
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
 ip address 172.1.1.2 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet1/0
 ip address 2.2.2.1 255.255.255.252
 speed 100
 full-duplex
!
router rip
 version 2
 network 172.1.0.0
 no auto-summary
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 400
 neighbor 2.2.2.2 route-map locpref3040 in
 neighbor 172.1.0.2 remote-as 100
 neighbor 172.1.0.2 next-hop-self
 neighbor 172.1.1.1 remote-as 100
 neighbor 172.1.1.1 next-hop-self
 no auto-summary
!
ip http server
ip classless
!
!
!
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 2 permit 40.40.40.0 0.0.0.255
route-map locpref3040 permit 10
 match ip address 1
 set local-preference 200
!
route-map locpref3040 permit 20
 match ip address 2
 set local-preference 100
!
route-map locpref3040 permit 30
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end
 

 

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 20.20.20.1 255.255.255.0
!
interface Loopback1
 ip address 120.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 172.1.0.1 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet1/0
 ip address 172.1.1.1 255.255.255.252
 speed 100
 full-duplex
!
router rip
 version 2
 network 20.0.0.0
 network 120.0.0.0
 network 172.1.0.0
 no auto-summary
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 20.20.20.0 mask 255.255.255.0
 network 120.1.1.0 mask 255.255.255.0
 neighbor 172.1.0.2 remote-as 100
 neighbor 172.1.1.2 remote-as 100
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 30.30.30.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 1.1.1.2 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet1/0
 ip address 3.3.3.1 255.255.255.252
 duplex auto
 speed auto
!
router bgp 300
 no synchronization
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 neighbor 1.1.1.1 remote-as 100
 neighbor 3.3.3.2 remote-as 400
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
memory-size iomem 5
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface Loopback0
 ip address 40.40.40.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 2.2.2.2 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet1/0
 ip address 3.3.3.2 255.255.255.252
 speed 100
 full-duplex
!
router bgp 400
 no synchronization
 bgp log-neighbor-changes
 network 40.40.40.0 mask 255.255.255.0
 neighbor 2.2.2.1 remote-as 100
 neighbor 3.3.3.1 remote-as 300
 no auto-summary
!
ip http server
ip classless
!
!
!
!
!
control-plane
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

Verify route-map locpref3040 sudah berjalan dengan benar, lakukan ’sh ip bgp’ pada router-router di AS 100.

R2#sh ip bgp 

R0#sh ip bgp 

R1#sh ip bgp 

 

January 12, 2009

Lab - 120920091025

 

Full IP Reachability. Kurang lebih begitulah tema Lab kali ini. Bisa juga disebut ‘Route Tuning’ , atau bahasa Cisco Press-nya ‘Manipulating Route Traffic and Route Updates’. OK guys, topologi lab-nya bisa dilihat dibawah:

Full IP Reachability Lab
 

Goal dari Lab ini:

  • Succesful Ping dari 10.1.1.1 ke 10.5.5.5 melalui primary link melalui r1 - r2 - r4 - r5
  • Succesful Ping dari 10.1.1.1 ke 10.5.5.5 melalui backup link melalui r1 - r3 - r4 - r5 (jika primary link down!)

 

Langkah-langkah konfigurasi:

  • Konfigur ospf 1 di r1, r2, r4, r5
  • Konfigur eigrp 100 di r1, r3, r4
  • konfigur Router Redistribution untuk eigrp dan ospf di r4 dan r1 !

Konfigurasi router yang akan dicapture adalah r1 dan r4. Karena di kedua router ini route redistribution dilakukan. Yang merupakan inti dari Full IP Reachability Lab kali ini. Berikut konfigurasi r1 dan r4.

r1#sh run
Building configuration…

Current configuration : 1058 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$5M3.$.iSB9/sp87FNFoULbj7/E1
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 100.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 200.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
router eigrp 100
 redistribute ospf 1 metric 10000 100 255 1 1500
 network 200.1.1.0 0.0.0.3
 no auto-summary
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 redistribute eigrp 100 metric 20 metric-type 1 subnets
 network 10.1.1.0 0.0.0.255 area 0
 network 100.1.1.0 0.0.0.3 area 0
!
ip http server
ip classless
!
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 no login
 transport preferred all
 transport input all
 transport output all
!
end

 

r4#sh run
Building configuration…

Current configuration : 1212 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
!
!
!
interface FastEthernet0/0
 ip address 100.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 200.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 100.1.1.9 255.255.255.252
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router eigrp 100
 redistribute ospf 1 metric 10000 100 255 1 1500
 network 200.1.1.4 0.0.0.3
 no auto-summary
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 redistribute eigrp 100 metric 20 metric-type 1 subnets
 network 100.1.1.4 0.0.0.3 area 0
 network 100.1.1.8 0.0.0.3 area 0
!
ip http server
ip classless
!
!
access-list 1 permit 10.5.5.0 0.0.0.255
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
!
end

 

Pada kondisi saat ini semua konfigurasi telah diimplementasikan. Routing protocol ospf dan eigrp telah aktif di masing-masing router sesuai gambar topologi. Route redistribution antara ospf dan eigrp di r1 dan r4 juga telah terkonfigur. Langkah berikutnya adalah men-test Full IP Reachability.

Yang pertama lakukan ’sh ip route’ di r1 untuk mem-verify primary link yang aktif adalah r1 - r2 - r4 - r5 dimana route ke 10.5.5.5 akan melalui interface 100.1.1.2

r1#sh ip route 

 

Lakukan ping dari r1 ke 10.5.5.5. Ping sukses

r1#ping 10.5.5.5 

 

Lakukan traceroute ke 10.5.5.5 dari r1. Hasil capture menunjukkan paket icmp melalui primary link (r1 - r2 - r4 - r5)

r1#traceroute 10.5.5.5 

 

Lakukan extended ping dari 10.1.1.1 ke 10.5.5.5 dengan repeat count sebanyak 100x. Setelah ping terlihat sukses berjalan, maka ‘putuskan’ koneksi dengan men shutdown int di r2. Dengan tujuan agar paket icmp yang mengalir melalui primary link (r1 - r2 - r4 - r5) akan berpindah ke backup link (r1 - r3 - r4 - r5). Proses perpindahan ini dapat dilihat pada hasil capture di bawah.

Primary - Backup Link...Tested ! 

Dapat dilihat pada hasil capture diatas. Paket icmp berpindah dari primary link ke backup link. Penjelasan sederhananya:

  • Pada saat int f0/0 di r2 di ’shutdown’ maka hello packet yang digunakan ospf akan memberi tanda bahwa terjadi perubahan topologi. Yang mengakibatkan semua router akan menghitung ulang topologi networknya.
  • Pada saat yang bersamaan pula eigrp akan memberikan topologi database-nya yang mempunyai informasi best route atau successor yang bisa digunakan untuk mencapai route 10.5.5.5
  • Setelah routing table di r1 mendapatkan best path menuju route 10.5.5.5 dari eigrp maka icmp paket kembali dapat mengalir, namun kali ini mereka mengalir melalui backup link (r1 - r3 - r4 - r5)

 

Sekarang mari kita perhatikan hasil ’sh ip route’ di r1. Best path menuju route 10.5.5.5 adalah via 200.1.1.2 bukan lagi via 100.1.1.2 !

r1#sh ip route - [backup link] 

 

Dan terakhir untuk mem-verify kembali paket icmp ke 10.5.5.5 dari r1 akan melalui backup link (r1 - r3 - r4 - r5), gunakan traceroute ke 10.5.5.5

r1#traceroute 10.5.5.5 - [backup link] 

Selesai….Fin…Tamat……Done !

 

December 26, 2008

Lab - 221220081024

Ada konfigurasi lab yang gue coba selesaikan. Udah hampir 1 pekan gue berkutat untuk menyelesaikan topologi ini. Dengan Lenovo Y400 gue plus 2,5GB RAM ternyata masih gak kuat buat jalanin topologi ini :( . Alhamdulillah hari ini almamater Cisco Academy gue yaitu Brainmatics.com mengizinkan gue untuk menggunakan lab-nya. Thanks mas romi, achun, dan Brainmatics Crew. I really appreciate that ! Happy karaoke-an ya hehehehehe :)

OK, balik lagi ke topologi, ini topologi fisik dan logikalnya:

Physical Topology 

Logical Topology 

Hasil akhir yang harus dicapai adalah ping dari lo0 di R5 ke lo0 di R3 sukses !

Untuk mencapai hal itu poin-poin yang di’tuning’ pada router dan switch diantaranya:

  • Vlan
  • Trunk
  • Etherchannel
  • OSPF
  • OSPF over NBMA
  • Virtual Link ! :)
  • EIGRP
  • Route Redistribution
  • Router on a Stick
  • Frame Relay
  • Frame Relay Switching

Router dan Switch yang digunakan di Lab:

  • Cisco Router 2500 Series (Frame Relay Switching)
  • Cisco Router 2600 Series (R5 & R3)
  • Cisco Router 3600 Series (R1)
  • Cisco Router 1600 (R4)
  • Cisco Catalyst 3560 (Cat1)
  • Cisco Catalyst 2950 (Cat2)

 

Konfigurasi Cat1:

cat1-3560#sh run
Building configuration…

Current configuration : 2455 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat1-3560
!
enable secret 5 $1$TIde$ASzbNhbW1Q1z0YrHExUGh0
!
no aaa new-model
vtp domain gtntedp
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
 name vlan10
!
vlan 20
 name vlan20
!
vlan 200
 name mgs-lan
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10
 switchport mode trunk
!
interface GigabitEthernet0/1
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/2
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/3
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/4
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet0/14
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet0/15
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,20
 switchport mode trunk
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 100.1.1.1 255.255.255.0
!
interface Vlan20
 ip address 10.2.20.20 255.255.255.0
!
interface Vlan200
 ip address 192.168.88.160 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 no login
line vty 5 15
 no login
!
end

 

Konfigurasi Cat2:

cat2-2950#sh run
Building configuration…

Current configuration : 1378 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat2-2950
!
enable secret 5 $1$oJyg$iLr4Ky..QP0pApVSsNJmi0
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface Port-channel1
 switchport mode trunk
 flowcontrol send off
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/5
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/6
 switchport mode trunk
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 ip address 100.1.1.2 255.255.255.0
 no ip route-cache
!
ip http server
!
line con 0
line vty 0 4
 no login
line vty 5 15
 no login
!
!
end

 

Koonfigurasi R5:

r5-2600#sh run
Building configuration…

Current configuration : 1221 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r5-2600
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$JR4e$x9erhfWuINfiHO.QfEwFC/
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.5 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 100.1.1.11 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.2.2.5 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.2.20.5 255.255.255.0
 no snmp trap link-status
!
interface Serial0/0
 no ip address
 shutdown
!
interface Serial0/1
 no ip address
 shutdown
!
interface Serial0/2
 no ip address
 shutdown
!
router eigrp 100
 network 10.0.0.0
 no auto-summary
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 redistribute eigrp 100
 network 10.0.0.0 0.255.255.255 area 0
!
ip http server
ip classless
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
!
!
end

 

Konfigurasi R4:

r4-1600#sh run
Building configuration…

Current configuration : 602 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r4-1600
!
enable secret 5 $1$meG/$seccxiNgLFyqkTaDpF2T91
!
!
!
!
!
ip subnet-zero
!
!
!
!
interface Ethernet0
 ip address 10.2.2.4 255.255.255.0
!
interface Serial0
 ip address 10.3.3.4 255.255.255.0
 no fair-queue
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 area 1 virtual-link 10.4.4.1
 network 10.2.2.0 0.0.0.255 area 0
 network 10.3.3.0 0.0.0.255 area 1
!
ip classless
no ip http server
!
!
line con 0
line vty 0 4
 no login
!
end

 

Konfigurasi R1:

r1-3600#sh run
Building configuration…

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname r1-3600
!
enable secret 5 $1$g0TT$2tbluwWtPkwRWaELU1kis1
!
ip subnet-zero
!
!
!
!
!
interface Ethernet0/0
 ip address 10.2.20.1 255.255.255.0
 no ip directed-broadcast
!
interface Serial0/0
 ip address 10.4.4.1 255.255.255.0
 no ip directed-broadcast
 encapsulation frame-relay
 ip ospf network broadcast
 no ip mroute-cache
 no arp frame-relay
 no fair-queue
 frame-relay map ip 10.4.4.3 103 broadcast
 no frame-relay inverse-arp
!
interface Serial0/1
 ip address 10.3.3.1 255.255.255.0
 no ip directed-broadcast
 clockrate 64000
!
router eigrp 100
 network 10.0.0.0
 no auto-summary
!
router ospf 1
 redistribute eigrp 100 subnets
 network 10.3.3.0 0.0.0.255 area 1
 network 10.4.4.0 0.0.0.255 area 0
 area 1 virtual-link 4.4.4.4
!
ip classless
no ip http server
!
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 no login
!
end

 

Konfigurasi Frame Relay Switching:

frsw-2500#sh run
Building configuration…

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname frsw-2500
!
!
frame-relay switching
!
interface Ethernet0
 no ip address
 shutdown
!
interface Serial0
 no ip address
 encapsulation frame-relay
 no arp frame-relay
 no fair-queue
 clockrate 64000
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
 frame-relay intf-type dce
 frame-relay route 103 interface Serial1 301
!
interface Serial1
 no ip address
 encapsulation frame-relay
 no arp frame-relay
 clockrate 64000
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
 frame-relay intf-type dce
 frame-relay route 301 interface Serial0 103
!
no ip classless
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end

 

Konfigurasi R3:

r3-2600#sh run
Building configuration…

Current configuration : 906 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r3-2600
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$pwCi$0JcdhrHw8vfd394yaEtLH/
!
no aaa new-model
ip subnet-zero
!
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.3 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Serial0/0
 ip address 10.4.4.3 255.255.255.0
 encapsulation frame-relay
 ip ospf network broadcast
 no fair-queue
 no arp frame-relay
 frame-relay map ip 10.4.4.1 301 broadcast
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
!
interface Serial0/1
 no ip address
 shutdown
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 0
!
ip http server
ip classless
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
!
!
end 

 

Hasil tes ping dari lo0 di R5 ke lo0 di R3:

Succesful Ping ! 

 

 

March 14, 2008

EIGRP - 04

Lab EIGRP - 04 akan mengkonfigurasi autentikasi pada routing EIGRP. Topologi EIGRP - 04 lihat gambar dibawah,

Topologi EIGRP - 04 

Langkah pertama adalah men-set semua router mempunyai waktu yang sama. Gunakan tips dan tricks NTP :

R2#
R2#clock set 23:58:00 march 13 2008
R2#
*Mar 13 23:58:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:
21:04 UTC Fri Mar 1 2002 to 23:58:00 UTC Thu Mar 13 2008, configured from console by console.
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ntp master
R2(config)#

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ntp server 172.1.1.2
R1(config)#

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#ntp server 172.2.2.2
R3(config)#

Setelah semua router dipastikan mempunyai waktu yang synchronize satu dengan yang lainnya, selanjutnya konfigur CLI autentikasi pada routing EIGRP:

R2(config)#key chain auth
R2(config-keychain)#key 1

R2(config-keychain-key)#key-string ccna
R2(config-keychain-key)#accept-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R2(config-keychain-key)#send-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R2(config-keychain-key)#int s1/0
R2(config-if)#ip authentication key-chain eigrp 10 auth
R2(config-if)#
Mar 14 00:05:35.759: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is down: keychain changed
Mar 14 00:05:37.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is up: new adjacency
Mar 14 00:06:47.735: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is down: Interface Goodbye received
Mar 14 00:06:52.255: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is up: new adjacency
R2(config-if)#int s1/1
R2(config-if)#ip authentication key-chain eigrp 10 auth
R2(config-if)#
Mar 14 00:07:20.487: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is down: keychain changed
Mar 14 00:07:23.807: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is up: new adjacency
Mar 14 00:07:53.015: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is down: Interface Goodbye received
Mar 14 00:07:57.871: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is up: new adjacency
R2(config-if)#ip authentication mode eigrp 10 md5
R2(config-if)#
Mar 14 00:08:13.447: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is down: authentication mode changed
Mar 14 00:08:30.755: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is down: Interface Goodbye received
Mar 14 00:08:35.619: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Seri
al1/1) is up: new adjacency
R2(config-if)#int s1/0
R2(config-if)#ip authentication mode eigrp 10 md5
R2(config-if)#
Mar 14 00:08:53.835: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is down: authentication mode changed
Mar 14 00:09:25.787: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is down: Interface Goodbye received
Mar 14 00:09:30.543: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Seri
al1/0) is up: new adjacency

R1(config)#key chain auth
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string ccna
R1(config-keychain-key)#accept-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R1(config-keychain-key)#send-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R1(config-keychain-key)#
Mar 14 00:05:35.832: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is down: Interface Goodbye received
Mar 14 00:05:40.152: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is up: new adjacency
R1(config-keychain-key)#int s1/0
R1(config-if)#ip authentication key-chain eigrp 10 auth
R1(config-if)#
Mar 14 00:06:47.680: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is down: keychain changed
Mar 14 00:06:49.524: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is up: new adjacency
Mar 14 00:08:53.901: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is down: Auth failure
R1(config-if)#int s1/0
R1(config-if)#ip authentication mode eigrp 10 md5
R1(config-if)#
Mar 14 00:09:27.333: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Seri
al1/0) is up: new adjacency

R3(config)#key chain auth
R3(config-keychain)#key 1
R3(config-keychain-key)#key-string ccna
R3(config-keychain-key)#$accept-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R3(config-keychain-key)#send-lifetime 23:58:00 march 13 2008 01:00:00 march 14 2008
R3(config-keychain-key)#int s1/1
R3(config-if)#
Mar 14 00:07:20.495: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Seri
al1/1) is down: Interface Goodbye received
Mar 14 00:07:24.979: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Seri
al1/1) is up: new adjacency
R3(config-if)#int s1/1
R3(config-if)#ip authentication key-chain eigrp 10 auth
R3(config-if)#
Mar 14 00:07:52.851: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Seri
al1/1) is down: keychain changed
Mar 14 00:07:52.863: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Seri
al1/1) is up: new adjacency
Mar 14 00:08:13.419: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Seri
al1/1) is down: Auth failure
R3(config-if)#ip authentication mode eigrp 10 md5
R3(config-if)#
Mar 14 00:08:31.779: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Serial1/1) is up: new adjacency

 

EIGRP - 03

Topologi EIGRP - 03 akan membahas tehnik konfigurasi ‘un-equal cost path load balance’. Konfigurasi CLI routing EIGRP bisa dilihat ke EIGRP - 02. Topologi EIGRP -03 pada gambar dibawah,

Topologi EIGRP - 03 

Setelah selesai dikonfigurasi, pada perintah ’sh ip route’ di R2 terlihat bahwa routing menuju subnet 100.1.1.0/24 hanya melalui R3 atau serial1/1:

R2 one link via R3 

Padahal sebenarnya ada dua jalur untuk routing menuju subnet 100.1.1.0/24 selain R3 yang dipilih diatas, masih ada link melewati R1. Namun link melalui R1 memiliki cost yang lebih besar sehingga tidak menjadi best routes. Hal ini dapat dilihat pada perintah ’sh ip eigrp topology’, bisa dilihat pada capture dibawah,

Un-equal cost path 

Berikut konfigurasi load balance untuk dua link di atas yang ‘un-equal cost path’:

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#variance 2
R2(config-router)#^Z
R2#
*Mar  1 00:16:32.471: %SYS-5-CONFIG_I: Configured from console by console
R2#clear ip eigrp neighbors
R2#
*Mar  1 00:16:45.975: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Ser
ial1/0) is down: manually cleared
*Mar  1 00:16:45.983: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Ser
ial1/1) is down: manually cleared
*Mar  1 00:16:47.531: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Ser
ial1/1) is up: new adjacency
*Mar  1 00:16:48.707: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Ser
ial1/0) is up: new adjacency

Dengan konfigurasi diatas maka R2 sekarang sudah mempunyai dua link yang aktif untuk routing menuju subnet 100.1.1.0/24 yaitu melalui R3 dan R1. Berikut capture console R2:

R2 un-equal cost path load balance via R3 & R1 

EIGRP - 02

Konfigurasi kali ini akan melakukan tehnik men-summarized routing pada routing EIGRP. Summarized routing penting dilakukan, dengan summarized routing maka routing table tetap terjaga ukurannya tidak terlalu besar. Dan berbanding lurus dengan kerja processor yang tidak semakin berat. Pada topologi EIGRP - 02 ini R2 menggunakan 8 loopback interface dengan maksud agar terlihat perbandingan sebelum summarized routing dilakukan dan sesudahnya. Gambar topologi dapat dilihat dibawah,

Topologi EIGRP - 02 

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router eigrp 10
R2(config-router)#no auto-summary
R2(config-router)#network 172.1.1.0 0.0.0.255
R2(config-router)#network 172.2.2.0 0.0.0.255
R2(config-router)#network 10.0.0.0 0.0.0.255
R2(config-router)#network 10.0.1.0 0.0.0.255
R2(config-router)#network 10.0.2.0 0.0.0.255
R2(config-router)#network 10.0.3.0 0.0.0.255
R2(config-router)#network 10.0.4.0 0.0.0.255
R2(config-router)#network 10.0.5.0 0.0.0.255
R2(config-router)#network 10.0.6.0 0.0.0.255
R2(config-router)#network 10.0.7.0 0.0.0.255
R2(config-router)#
*Mar  1 00:48:39.723: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Ser
ial1/1) is up: new adjacency
*Mar  1 00:49:26.371: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Ser
ial1/0) is up: new adjacency

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router eigrp 10
R3(config-router)#no auto-summary
R3(config-router)#network 172.2.2.0 0.0.0.255
*Mar  1 00:52:20.563: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.2 (Ser
ial1/1) is up: new adjacency
R3(config-router)#network 100.1.1.0 0.0.0.255
R3(config-router)#
*Mar  1 00:53:15.043: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 100.1.1.1 (Fas
tEthernet0/0) is up: new adjacency

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router eigrp 10
R1(config-router)#no auto-summary
R1(config-router)#network 172.1.1.0 0.0.0.255
*Mar  1 00:55:53.183: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.2 (Ser
ial1/0) is up: new adjacency
R1(config-router)#network 100.1.1.0 0.0.0.255
R1(config-router)#
*Mar  1 00:56:05.831: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 100.1.1.3 (FastEthernet0/0) is up: new adjacency

 

Setelah konfigurasi awal ini dapat dilihat routing table pada R1 dan R3 yang belum melakukan summarisasi:

R1 no summary routing table 

R3 no summary routing table 

Berikut konfigurasi summarized routing di R2 pada kedua interface yang tersambung ke R1 dan R3,

R2(config-router)#exit
R2(config)#int s1/0
R2(config-if)#ip summary-address eigrp 10 10.0.0.0 255.255.248.0
R2(config-if)#
*Mar  1 00:59:01.003: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Serial1/0) is down: summary configured
*Mar  1 00:59:03.203: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.1.1.1 (Ser
ial1/0) is up: new adjacency
R2(config-if)#int s1/1
R2(config-if)#ip summary-address eigrp 10 10.0.0.0 255.255.248.0
R2(config-if)#
*Mar  1 01:00:09.471: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Ser
ial1/1) is down: summary configured
*Mar  1 01:00:10.139: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 172.2.2.3 (Serial1/1) is up: new adjacency

Summarized routing telah berhasil dilakukan. Berikut routing table pada R1 dan R3, dan bandingkan dengan routing table sebelum melakukan summarized routing diatas.

R1 summarized routing table 

R3 summarized routing table 

March 11, 2008

BGP - 02

Topologi BGP -02 sangat similar dengan topologi BGP -01. Namun tujuan yang ingin dicapai pada topologi BGP - 02 adalah mengkonfigurasi Routing BGP dengan menggunakan interface loopback sebagai neighbor. Gambar topologi dapat dilihat di bawah,

Topologi BGP - 02 

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#neighbor 2.2.2.2 remote-as 200
R1(config-router)#neighbor 2.2.2.2 ebgp-multihop
R1(config-router)#neighbor 2.2.2.2 update-source loopback 0
R1(config-router)#exit
R1(config)#ip route 2.2.2.2 255.255.255.255 12.1.1.2
R1(config)#
*Mar  1 05:28:47.930: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router bgp 200
R2(config-router)#neighbor 1.1.1.1 remote-as 100
R2(config-router)#neighbor 1.1.1.1 ebgp-multihop
R2(config-router)#neighbor 1.1.1.1 update-source loopback 0
R2(config-router)#neighbor 1.1.1.1 next-hop-self
R2(config-router)#neighbor 1.1.1.1 default-originate
R2(config-router)#neighbor 3.3.3.3 remote-as 200
R2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R2(config-router)#neighbor 3.3.3.3 next-hop-self
R2(config-router)#neighbor 3.3.3.3 default-originate
R2(config-router)#exit
R2(config)#ip route 1.1.1.1 255.255.255.255 12.1.1.1
R2(config)#
*Mar  1 05:27:33.898: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
R2(config)#ip route 3.3.3.3 255.255.255.255 23.1.1.3
R2(config)#
*Mar  1 05:29:14.142: %BGP-5-ADJCHANGE: neighbor 3.3.3.3 Up

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 200
R3(config-router)#neighbor 2.2.2.2 remote-as 200
R3(config-router)#neighbor 2.2.2.2 update-source loopback 0
R3(config-router)#exit
R3(config)#ip route 2.2.2.2 255.255.255.255 23.1.1.2
R3(config)#
*Mar  1 05:27:23.622: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up

 

BGP - 01

Topologi BGP - 01 mengkonfigurasi Routing BGP dengan menggunakan peer interface atau direct interface address sebagai neighbor. Gambar topologi dapat dilihat di bawah,

Topologi BGP - 01
 
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router bgp 100
R1(config-router)#neighbor 12.1.1.2 remote-as 200
R1(config-router)#network 1.1.1.1 mask 255.255.255.255
R1(config-router)#
*Mar  1 00:07:51.519: %BGP-5-ADJCHANGE: neighbor 12.1.1.2 Up

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#router bgp 200
R2(config-router)#neighbor 12.1.1.1 remote-as 100
R2(config-router)#
*Mar  1 00:10:48.903: %BGP-5-ADJCHANGE: neighbor 12.1.1.1 Up
R2(config-router)#neighbor 23.1.1.3 remote-as 200
R2(config-router)#neighbor 23.1.1.3 next-hop-self
R2(config-router)#neighbor 23.1.1.3 default-originate
R2(config-router)#network 2.2.2.2 mask 255.255.255.255
R2(config-router)#network 23.1.1.0 mask 255.255.255.0
R2(config-router)#
*Mar  1 00:17:31.939: %BGP-5-ADJCHANGE: neighbor 23.1.1.3 Up

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#router bgp 200
R3(config-router)#neighbor 23.1.1.2 remote-as 200
R3(config-router)#network 3.3.3.3 mask 255.255.255.255
R3(config-router)#
*Mar  1 00:14:21.527: %BGP-5-ADJCHANGE: neighbor 23.1.1.2 Up

 

February 13, 2008

EIGRP - 01

Materi kali ini akan membahas poin-poin:

  • Konfigurasi dasar router
  • Konfigurasi dynamic routing EIGRP
  • Kustomisasi bandwidth interface serial 1/0 di R1
  • Konfigurasi default gateway dengan command ip default-network
  • Konfigurasi default gateway dengan command ip route

Dibawah ini adalah topologi yang akan diimplementasikan.

Topologi EIGRP - 01 

Konfigurasi dasar router:

R1:
conf t
hostname R1
int loopback 0
ip address 172.30.0.1 255.255.255.0
no shut
exit
int loopback 1
ip address 172.30.1.1 255.255.255.0
no shut
exit
int s1/0
ip address 10.1.34.1 255.255.255.0
no shut
int s1/1
ip address 10.1.24.1 255.255.255.0
no shut

R2:
conf t
hostname R2
int s1/0
ip address 10.1.34.2 255.255.255.0
no shut
int s1/2
ip address 10.1.2.2 255.255.255.0
no shut

R3:
conf t
hostname R3
int s1/1
ip address 10.1.24.3 255.255.255.0
no shut
int s1/2
ip address 10.1.2.3 255.255.255.0
no shut

 
Konfigurasi dynamic routing EIGRP:

R1:
conf t
router eigrp 1
no auto-summary
network 172.30.0.0 0.0.0.255
network 10.0.0.0

R2:
conf t
router eigrp 1
no auto-summary
network 10.1.34.0 0.0.0.255
network 10.1.2.0 0.0.0.255

R3:
conf t
router eigrp 1
no auto-summary
network 10.1.24.3 0.0.0.0
network 10.1.2.0 0.0.0.255

Routing EIGRP 1 pada ketiga router sudah berjalan. Tes ping dari R1 ke int s1/2 di R2 dan ke int s1/2 di R3 sukses !

ping dari R1 ke R2 dan R3 - Routing EIGRP 1 sudah berjalan 

Pada saat ini R1 akan mempunyai dua jalur terdekat untuk menuju network 10.1.2.0/24 yaitu melalui 10.1.34.2 di Serial1/0 dan melalui 10.1.24.3 di Serial1/1, dapat dilihat pada gambar dibawah.

Dua jalur terdekat dari R1 ke network 10.1.2.0/24 

Hal ini disebabkan bandwidth yang dimiliki kedua link sama besar, yaitu 1,544 Mbps. Hal ini bisa dilihat pada command ‘sh int s1/0’ dan ‘sh int s1/1’ di R1. Seperti gambar dibawah.

Melihat bandwidth pada int S1/0 di R1 

Melihat bandwidth pada int s1/1 di R1 

Kustomisasi bandwidth pada interface Serial 1/0 di R1:

R1:
conf t
int s1/0
bandwidth 1000

Hasilnya int s1/0 di R1 akan memiliki bandwidth 1,0 Mbps.

Kustomisasi bandwidth int s1/0 di R1 menjadi 1.0 Mbps 

Sekarang, routing menuju network 10.1.2.0/24 dari R1 akan memilih jalur 10.1.24.3 di Serial1/1 karena bandwidth yang lebih tinggi. Hasilnya dapat dilihat dengan command ‘sh ip route’ di R1.

Route terbaik dari R1 ke network 10.1.2.0/24 

Sesuai dengan topologi network diawal pembahasan, implementasi ini akan me-misalkan ip loopback 0 sebagai default gateway menuju jalur public/ internet cloud.

Konfigurasi default gateway dengan ip default-network:

R1:
conf t
ip default-network 172.30.0.0

Default gateway dapat dilihat dengan command ‘sh ip route’ di masing-masing router.

status default gateway dengan ip default-network di R1

status default gateway dengan ip default-network di R2 

status default gateway dengan ip default-network di R3 

 

Konfigurasi default gateway dengan command ‘sh ip route’ (sebelumnya remove dulu ip default-network)

R1:
conf t
no ip default-network 172.30.0.0
ip route 0.0.0.0 0.0.0.0 lo0
router eigrp 1
network 0.0.0.0
 

Jika dilihat dengan ‘sh ip route’ pada tiap router, akan terlihat default gateway menuju 0.0.0.0/0 melalui  interface Loopback 0. Dapat dilihat pada gambar-gambar dibawah.

status default gateway dengan ip route di R1 

status default gateway dengan ip route di R2 

status default gateway dengan ip route di R3 

 

February 12, 2008

Frame Relay - 02

Menyambung materi Frame Relay – 01. Kali ini implementasi Frame Relay menggunakan topologi yang lebih kompleks. Seperti pada gambar topologi fisik di bawah. R2 tetap menjadi frame relay switching atau sisi provider (penyedia layanan frame relay), untuk client site ada R1 [headquarter office] dan tiga branch office yaitu, R3, R4, dan R5.

Topologi Fisik Frame Relay - 02 

Topologi logikal bisa dilihat pada gambar dibawah.

Topologi Logikal Frame Relay - 02 

R1 menggunakan sub-interface s1/0.1 yang terkoneksi point-to-point ke R3. Dan sub-interface s1/0.2 yang terkoneksi multipoint ke R4 dan R5. EIGRP digunakan sebagai routing protocol.

Yang perlu dicermati adalah penggunaan multipoint interface/sub-interface. Dengan multipoint maka sub-interface s1/0.2 hanya melihat koneksi ke R4 dan R5 sebagai satu koneksi saja bukan dua. Hal ini menyebabkan informasi routing table dari R4 tidak dapat diterima oleh R5. Karena adanya metode split horizon yang mencegah informasi routing table kembali kepada interface yang sama dari arah dating informasi routing table. Untuk menghindari hal ini, maka command ‘no ip split-horizon eigrp [as number]’ digunakan pada router yang menjadi multipoint interface/sub-interface.

R1:
conf t
int s1/0
encapsulation frame-relay
no frame-relay inverse-arp
no arp frame-relay
frame-relay lmi-type cisco
no shut
int s1/0.1 point-to-point
ip address 10.1.1.1 255.255.255.0
frame-relay interface-dlci 102

R3:
conf t
int s1/1
encapsulation frame-relay
no frame-relay inverse-arp
no arp frame-relay
frame-relay lmi-type ansi
ip address 10.1.1.3 255.255.255.0
frame-relay map ip 10.1.1.1 201 broadcast
no shut

R2 [Frame Relay Switching]:
conf t
frame-relay switching
int s1/0
encapsulation frame-relay
frame-relay intf-type dce
frame-relay lmi-type cisco
frame-relay route 102 int s1/1 201
no shut
int s1/1
encapsulation frame-relay
frame-relay intf-type dce
frame-relay lmi-type ansi
frame-relay route 201 int s1/0 102
no shut

Tes ping dari R1 ke R3 sukses ! Koneksi sudah terbentuk

ping R1 ke R3 

 

Konfigurasi untuk R1, R4, dan R5 dengan multipoint.

R1:
conf t
int s1/0.2 multipoint
ip address 172.16.1.1 255.255.255.0
frame-relay map ip 172.16.1.4 103 broadcast
frame-relay map ip 172.16.1.5 104 broadcast

R4:
conf t
int s1/2
encapsulation frame-relay
no frame-relay inverse arp
no arp frame-relay
frame-relay lmi-type q933a
ip address 172.16.1.4 255.255.255.0
frame-relay map ip 172.16.1.1 301 broadcast
frame-relay map ip 172.16.1.5 301 broadcast
no shut

R5:
conf t
int s1/3
encapsulation frame-relay
no frame-relay inverse arp
no arp frame-relay
frame-relay lmi-type q933a
ip address 172.16.1.5 255.255.255.0
frame-relay map ip 172.16.1.1 401 broadcast\
frame-relay map ip 172.16.1.4 401 broadcast
no shut

R2 [Frame Relay Switching]:
conf t
int s1/0
frame-relay route 103 int s1/2 301
frame-relay route 104 int s1/3 401
no shut
int s1/2
encapsulation frame-relay
no frame-relay inverse arp
no arp frame-relay
frame-relay intf-type dce
frame-relay lmi-type q933a
frame-relay route 301 int s1/0 103
no shut
int s1/3
encapsulation frame-relay
no frame-relay inverse arp
no arp frame-relay
frame-relay intf-type dce
frame-relay lmi-type q933a
frame-relay route 401 int s1/0 104
no shut

Tes ping dari R4 ke R5 sukses !

ping R4 ke R5 

 
Berikutnya implementasi EIGRP pada jaringan frame relay.

R1:
conf t
router eigrp 1
no auto-summary
network 10.1.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
exit
int s1/0.2
no ip split-horizon eigrp 1

R3:
conf t
router eigrp 1
no auto-summary
network 10.1.1.0 0.0.0.255

R4:
conf t
router eigrp 1
no auto-summary
network 172.16.1.0 0.0.0.255

R5:
conf t
router eigrp 1
no auto-summary
network 172.16.1.0 0.0.0.255

Tes ping dari R3 ke R4 sukses !

ping R3 ke R4 - Routing EIGRP sudah berjalan 

 

Tes ping dari R4 ke R3 sukses !

ping R4 ke R3 - Routing EIGRP sudah berjalan
 

Tes ping dari R5 ke R3 sukses !

ping R5 ke R3 - Routing EIGRP sudah berjalan 

 

January 17, 2007

OSPF

OSPF stands for Open Shortest Path First.

OSPF is a link state routing protocol. The word ‘Open’ means it is an open source routing protocol, all routers from different brand has ability to operate OSPF.

Shortest Path First means for itself, it always try to find the best path. OSPF determine their best path by calculate the cost from available links with formula: 10^8 / bandwith [bps]. Or the administrator can setup explicitly the cost with this command: router(config-if)# ip ospf cost number. The lowest cost is the best path chosen by OSPF. For example, if there is two links available on router running OSPF, first link’s cost is 1, second link’s cost is 10, then the best path is the first link.

Each router in OSPF area has its own view to all the network topology. They multicast hello packet, known as hello mechanism. With 224.0.0.5 sent by OSPF network to DR (Designated Router) and BDR (Backup Designated Router) and 224.0.0.6 sent by DR and BDR to OSPF network. Resulting fast convergence times for each router in that area.

Click ospf.jpg to see image

scenario:

Router-1:
E0/1 192.168.1.1/24
S0/1 172.16.15.5/30 DCE
Lo1 1.1.1.1/24

Router-2:
S0/1 10.15.21.9/30 DCE
Lo2 2.2.2.2/24

Router-3:
S0/1 100.100.1.9/30 DCE
Lo3 3.3.3.3/24

Router-4:
S0/1 128.128.1.5/30 DCE
Lo4 4.4.4.4/24

Router-5:
Lo5 5.5.5.5/24

Router-1 is connected to access-point 192.168.1.11/24 inside the LAN there is one PC availabe with IP address 192.168.1.12/24.
Setup this topology with OSPF single area! 

 

console:

Router-1:

router> enable

router# conf t

router(config)# hostname Router-1

Router-1(config)# enable password pass

Router-1(config)# service password-encryption

Router-1(config)# enable secret passwd

Router-1(config)# banner motd #

                           —!!! Router-1 Restricted Shell !!!—#

Router-1(config)# line vty 0 4

Router-1(config-line)# password telnet

Router-1(config-line)# login

Router-1(config-line)# exit

Router-1(config)# int e0/1

Router-1(config-if)# ip address 192.168.1.1 255.255.255.0

Router-1(config-if)# no shut

Router-1(config-if)# exit

Router-1(config)# int s0/1

Router-1(config-if)# ip address 172.16.15.5 255.255.255.252

Router-1(config-if)# clock rate 64000

Router-1(config-if)# no shut

Router-1(config-if)# exit

Router-1(config)# int loopback 1

Router-1(config-if)# ip address 1.1.1.1 255.255.255.0

Router-1(config-if)# no shut

Router-1(config-if)# exit

Router-1(config)# router ospf 5

Router-1(config-router)# network 172.16.15.4 0.0.0.3 area 0

Router-1(config-router)# network 192.168.1.0 0.0.0.255 area 0

Router-1(config-router)# network 1.1.1.0 0.0.0.255 area 0

Router-1(config-router)# ^Z

Router-1#

 

Router-2:

router> enable

router# conf t

router(config)# hostname Router-2

Router-2(config)# enable password pass

Router-2(config)# service password-encryption

Router-2(config)# enable secret passwd

Router-2(config)# banner motd #

                           —!!! Router-2 Restricted Shell !!!—#

Router-2(config)# line vty 0 4

Router-2(config-line)# password telnet

Router-2(config-line)# login

Router-2(config-line)# exit

Router-2(config)# int s0/0

Router-2(config-if)# ip address 172.16.15.6 255.255.255.252

Router-2(config-if)# no shut

Router-2(config-if)# exit

Router-2(config)# int s0/1

Router-2(config-if)# ip address 10.15.21.9 255.255.255.252

Router-2(config-if)# clock rate 64000

Router-2(config-if)# no shut

Router-2(config-if)# exit

Router-2(config)#  int loopback 2

Router-2(config-if)# ip address 2.2.2.2 255.255.255.0

Router-2(config-if)# no shut

Router-2(config-if)# exit

Router-2(config)# router ospf 5

Router-2(config-router)# network 172.16.15.4 0.0.0.3 area 0

Router-2(config-router)# network 10.15.21.8 0.0.0.3 area 0

Router-2(config-router)# network 2.2.2.0 0.0.0.255 area 0

Router-2(config-router)# ^Z

Router-2#

 

Router-3:

router> enable

router# conf t

router(config)# hostname Router-3

Router-3(config)# enable password pass

Router-3(config)# service password-encryption

Router-3(config)# enable secret passwd

Router-3(config)# banner motd #

                           —!!! Router-3 Restricted Shell !!!—#

Router-3(config)# line vty 0 4

Router-3(config-line)# password telnet

Router-3(config-line)# login

Router-3(config-line)# exit

Router-3(config)# int s0/0

Router-3(config-if)# ip address 10.15.21.10 255.255.255.252

Router-3(config-if)# no shut

Router-3(config-if)# exit

Router-3(config)# int s0/1

Router-3(config-if)# ip address 100.100.1.9 255.255.255.252

Router-3(config-if)# clock rate 64000

Router-3(config-if)# no shut

Router-3(config-if)# exit

Router-3(config)# int loopback 3

Router-3(config-if)# ip address 3.3.3.3 255.255.255.0

Router-3(config-if)# no shut

Router-3(config-if)# exit

Router-3(config)# router ospf 5

Router-3(config-router)# network 10.15.21.8 0.0.0.3 area 0

Router-3(config-router)# network 100.100.1.8 0.0.0.252 area 0

Router-3(config-router)# network 3.3.3.0 0.0.0.255 area 0

Router-3(config-router)# ^Z

Router-3# 

 

Router-4:

router> enable

router# conf t

router(config)# hostname Router-4

Router-4(config)# enable password pass

Router-4(config)# service password-encryption

Router-4(config)# enable secret passwd

Router-4(config)# banner motd #

                           —!!! Router-4 Restricted Shell !!!—#

Router-4(config)# line vty 0 4

Router-4(config-line)# password telnet

Router-4(config-line)# login

Router-4(config-line)# exit

Router-4(config)# int s0/0

Router-4(config-if)# ip address 100.100.1.10 255.255.255.252

Router-4(config-if)# no shut

Router-4(config-if)# exit

Router-4(config)# int s0/1

Router-4(config-if)# ip address 128.128.1.5 255.255.255.252

Router-4(config-if)# no shut

Router-4(config-if)# exit

Router-4(config)# int loopback 4

Router-4(config-if)# ip address 4.4.4.4 255.255.255.0

Router-4(config-if)# no shut

Router-4(config-if)# exit

Router-4(config)# router ospf 5

Router-4(config-router)# network 100.100.1.8 0.0.0.3 area 0

Router-4(config-router)# network 128.128.1.4 0.0.0.3 area 0

Router-4(config-router)# network 4.4.4.0 0.0.0.255 area 0

Router-4(config-router)# ^Z

Router-4#

 

Router-5:

router> enable

router# conf t

router(config)# hostname Router-5

Router-5(config)# enable password pass

Router-5(config)# service password-encryption

Router-5(config)# enable secret passwd

Router-5(config)# banner motd #

                                  —!!! Router-5 Restricted Shell !!!—#

Router-5(config)# line vty 0 4

Router-5(config-line)# password telnet

Router-5(config-line)# login

Router-5(config-line)# exit

Router-5(config)# int s0/0

Router-5(config-if)# ip address 128.128.1.6 255.255.255.252

Router-5(config-if)# no shut

Router-5(config-if)# exit

Router-5(config)# int loopback 5

Router-5(config-if)# ip loopback 5.5.5.5 255.255.255.0

Router-5(config-if)# no shut

Router-5(config-if)# exit

Router-5(config)# router ospf 5

Router-5(config-router)# network 128.128.1.4 0.0.0.3 area 0

Router-5(config-router)# network 5.5.5.0 0.0.0.255 area 0

Router-5(config-router)# ^Z

Router-5#


January 4, 2007

Basic Router Configuration

Now I will write about basic router configuration (BRC).
BRC is the first thing ‘must-do’ when working with router.
Points of BRC includes:

  1. setting up hostname
  2. enable password (plain text)
  3. service password-encryption (make it encrypted)
  4. enable secret (password with MD5, higher priority than enable password)
  5. setting up banner
  6. setting up telnet
  7. turning on all interfaces connected to other router or network devices (very usefull for CDP)

 
console:

router> enable

router# conf t

router(config)# hostname router-1

router-1(config)# enable password pass

router-1(config)# service password-encryption

router-1(config)# enable secret passwd

router-1(config)# banner motd #

                           —!!! Restricted Shell !!!— #

router-1(config)# line vty 0 4

router-1(config-line)# password cisco

router-1(config-line)# login

router-1(config-line)# exit

router-1(config)# int s0/0

router-1(config-if)# no shut

router-1(config-if)# exit

router-1(config)# int s0/1

router-1(config-if)# no shut

router-1(config-if)# exit

router-1(config)# int e0/1

router-1(config-if)# no shut

router-1(config-if)# exit

router-1(config)# int fa0/1

router-1(config-if)# no shut

router-1(config-if)# exit

router-1(config)#
 






















Get free blog up and running in minutes with Blogsome
Theme designed by Minz Meyer