1.
2
3.
4.
5.
Basic Installation Cacti
•May 28, 2009 • Leave a CommentBasic Installation Cacti
Update Debian
apt-get update && apt-get upgrade
Install Some Software tools
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++
installing php package
apt-get install php5 php5-apache2-mod-bt php5-auth-pam php5-dev php5-mysql php5-odbc php5-snmp php5-xmlrpc php5-snmp php5-sqlite php5-gd php5-imap
installing mysql
apt-get install mysql-server mysql-client libmysqlclient15-dev
fery-deb:~# groupadd cacti
fery-deb:~# useradd -g cacti cactiuser
fery-deb:~# mysql
mysql> set password for root@localhost=password(‘fery123′);
mysql> create database cactidb;
mysql> grant all on cactidb.* to root;
mysql> grant all on cactidb.* to root@localhost;
mysql> grant all on cactidb.* to cactiuser;
mysql> grant all on cactidb.* to cactiuser@localhost;
mysql> set password for cactiuser@localhost=password(‘fery123′);
mysql> exit
Installing snmp
apt-get install snmp snmpd snmptrapfmt
fery-deb:~# dpkg -l | grep snmpd
ii snmpd 5.2.3-7etch4 NET SNMP (Simple Network Management Protocol
fery-deb:~#
testing snmp services command :
fery-deb:~# snmpwalk -v 1 -c comunity-name 10.10.2.200
atau
fery-deb:~# snmpwalk -v 1 -c public localhost
installing rrdtool
apt-get install rrdcollect rrdtool rrdtool-tcl
pastikan services rrdtools sudah terinstall
fery-deb:~# dpkg -l | grep rrdtool
Installing Cacti
apt-get install cacti cacti-cactid
pastikan passwod sama dengan mysql databases;
akses
http://servercacti/cacti
Login = admin with password default admin
setting paths
- RRDTool Binary Path < sesuai dengan path rrdtools nya. path yang lain biasanya default
Console -> Devices -> (Edit) UNTUK LOCALHOST
SNMP Community = public
SNMP Version = Version 1 << untuk Device lain sesuaikan dengan versi masing2x
pastikan >> SNMP Information (muncul informasi SNMP )
untuk menambah Device yang akan dimonitoring
Console -> Devices >> Add >>
- pastikan SNMP community sesuai dengan perangkat yang akan di monitoring
- Pastikan SNMP Version sesuai dengan perangkat yang akan di monitoring
- Jika Status sudah up brarti semuanya berjalan dengan normal
- Lihat Hasil Graphic dalam 5 menit biasanya sudah muncul atau bisa dicustome sendiri
Udah gitu aja basic instalasinya, kalo mau lebih advance dengan Addons nya lagi bisa exporing sendiri kan 
http://www.cacti.net
Thanks,
Configure OSPF Multiple Area with Stub Network and Redistibute to EIGRP
•April 2, 2009 • Leave a CommentPada lab kita kali ini, kita akan membangun OSPF Multiple Area dan melakukan Redistribute Antara Routing Protokol yaitu OSPF dan EIGRP. Disini kita juga membuat skenario pada network OSPF yaitu, bagaimana agar network pada suatu area, tidak mem broadcast network nya ke area yang lain. tapi tetap dapat mengakses area 0 atau network backbone.
langkah pertama kita membangun Jaringan OSPF
1. Pada Area 0 melibatkan Router = R-1, R2, R-3
2. Pada Area 1 melibatkan Router = R-1 dan R-6
3. Masing-masing Router memiliki Router Id sesuai dengan Nama nya misalnya R-1 maka Router-idnya adalah : 1.1.1.1
Topology Lengkapnya disini
Kalo Full Configuration Script nya disini
Basic Konfigurasi Network OSPF pada Masing – Masing Router adalah :
Pada Router 1
R-1#
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 stub no-summary
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0
!
R-1#
Pada Router 2
R-2#
!
router ospf 1
router-id 2.2.2.2
network 50.0.0.0 0.0.0.255 area 0
!
R-2#
Pada Router 3
R-3#
!
router ospf 1
router-id 3.3.3.3
network 60.0.0.0 0.0.0.255 area 0
!
R-3#
sekarang kita akan melihat sample routing table, Sebelum Stub Area dijalankan.
Pada Router 1
configurasi OSPF sebelum Stub Area 1 dijalankan
router ospf 1
router-id 1.1.1.1
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0
R-1 Mendapat Update Route dari R-6 di Area 1, Perhatikan kita mendapatkan Update mengenai Network 10, 20 dan network 30. Selanjutnya kita ingin agar network di Area 1 tidak Broadcast ke Area 0 dan tidak di Redistribute ke jaringan EIGRP 10. Cara yang paling sederhana dengan mengaktifkan Area 1 Stub. Dengan Demikian Stub tidak akan memberikan update routing ke External Area nya. tapi agar Area 1 di R-6 tetap bisa mengakses Network Backbone maka kita buatkan Default Route
Ini adalah Routing Table sebelum stub area dijalankan
R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
20.0.0.0/24 is subnetted, 1 subnets
O 20.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
10.0.0.0/24 is subnetted, 1 subnets
O 10.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
30.0.0.0/24 is subnetted, 1 subnets
O 30.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
R-1#
R-1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:37 60.0.0.2 Serial1/1
2.2.2.2 0 FULL/ – 00:00:39 50.0.0.2 Serial1/0
6.6.6.6 1 FULL/DR 00:00:37 40.0.0.2 FastEthernet2/0 << R-6
R-1#
dari informasi update route diatas kita juga mendapatkan update dari network EIGRP Kita juga mendapatkan Full Routing Update di R-6 yang berada pada Area 1
R-6#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
O IA 50.0.0.0 [110/65] via 40.0.0.1, 00:02:05, FastEthernet1/0
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0.2
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0.1
60.0.0.0/24 is subnetted, 1 subnets
O IA 60.0.0.0 [110/65] via 40.0.0.1, 00:02:05, FastEthernet1/0
30.0.0.0/24 is subnetted, 1 subnets
C 30.0.0.0 is directly connected, FastEthernet0/0.3
R-6#
R-6#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/BDR 00:00:35 40.0.0.1 FastEthernet1/0
R-6#
Stub Area, Adalah sebuah area yang tidak menerima Update dari external Route kecuali Default routenya, tapi bisa menerima update route dari area yang sama misalnya hanya berada pada area 1. Stub area ini berfungsi ketika Customer terhubung melalui ASBR (autonomous system border routers) ke Area 0, dan ingin mendapatkan Best Route dari Area 0, Tapi Backbone Area (Area 0) tidak mendapatkan routing update tentang Customer Area atau Area 1.
Pada Router 6 diatas kita mendapatkan Full Routing Update tentang semua network yang terhubung, dan Core backbone juga mendapatkan Route Update tentang semua network di R-1 pada Area 1
Nah sekarang kita akan mengaktifkan Stub Area di ASBR (R-1)
R-1#
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 stub no-summary
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0
!
R-1#
dan kita lihat Routing table pada R-1
R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
R-1#
R-1#
R-1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:31 60.0.0.2 Serial1/1
2.2.2.2 0 FULL/ – 00:00:35 50.0.0.2 Serial1/0
R-1#
disini kita lihat bahwa Network Area 1 sudah tidak ada, dan OSPF neighborship ke R-6 tidak muncul juga perhatikan R-6, juga tidak mendapatkan routing update kecuali pada area yang sama yaitu area 1
R-6#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is 40.0.0.1 to network 0.0.0.0
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0.2
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0.1
30.0.0.0/24 is subnetted, 1 subnets
C 30.0.0.0 is directly connected, FastEthernet0/0.3
S* 0.0.0.0/0 [1/0] via 40.0.0.1
R-6#
tapi kita tetap bisa terhubung ke network 60, di Area 0 berkat default route
R-6#ping 60.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/52/152 ms
R-6#
Redistibute OSPF dan EIGRP
OK, kita sudah membangun jaringan OSPF, sekarang kita akan mengaktifkan Routing EIGRP AS 10 yang akan melibatkan R-2, R-3, R-4 dan R-5.
Pada Router 2
R-2#
!
router eigrp 10
network 70.0.0.0
auto-summary
!
R-2#
R-2#
Pada Router 3
R-3#
!
router eigrp 10
network 80.0.0.0
no auto-summary
!
R-3#
Pada Router 4
R-4#
R-4#
!
router eigrp 10
network 70.0.0.0
network 200.1.1.0
auto-summary
!
R-4#
R-4#
Pada Router 5
R-5#
R-5#
!
router eigrp 10
network 80.0.0.0
network 200.1.1.0
auto-summary
!
R-5#
R-5#
Ok, sekarang Routing EIGRP 10 sudah terbentuk, nah bagaimana agar dua routing protokol OSPF dan EIGRP yang memiliki cara perhitungan best route yang berbeda ini, dapat saling bertukar informasi routing. Maka disinilah kita melakukan redistribute antar Routing Protokol, yang akan melibatkan R-2 dan R-3 karena kedua router inilah yang berada di tengah antara OSPF dan EIGRP
Konfigurasi Redistribute nya jadi begini,
Pada Router 2
R-2
!
router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 70.0.0.0
auto-summary
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 50.0.0.0 0.0.0.255 area 0
!
Pada Router 3
R-3
!
router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 80.0.0.0
no auto-summary
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 60.0.0.0 0.0.0.255 area 0
!
kurang lebih penjelaskan nya begini ;
router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 70.0.0.0
auto-summary
Saya ingin me Redistibusikan network OSPF ke network EIGRP 10 dengan proses ID 1, dan saya memberikan nilai bandwith matric 1500 dengan delay 0, reability matric 100 % atau 255 dan effective bandwidth 1 dan saya memberikan nilai MTU 1500
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 60.0.0.0 0.0.0.255 area 0
Pada Router ospf 1, saya ingin meredistibusikan network eigrp dengan AS 10 dengan subnetnya dan memberikan nilai metrik untuk routing eigrp tersebut 100 , dan memberikan jenis metric-type 1
atau exernal metric.
hahaha.. kurang lebih begitu..
kita akan melihat show route dari R-4 dan R-1 setelah dilakukan redistribute , perhatikan bahwa Pada R-1 kita mendapatkan Update tentang Network 200.1.1.0 atau network EIGRP 10, juga pada R-4 kita mendapatkan update routing external dari OSPF.
R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
70.0.0.0/24 is subnetted, 1 subnets
O E2 70.0.0.0 [110/100] via 50.0.0.2, 00:45:12, Serial1/0
O E2 200.1.1.0/24 [110/100] via 50.0.0.2, 00:06:21, Serial1/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
R-1#
R-4#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
D EX 50.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 70.0.0.0/24 is directly connected, Serial1/0
D 70.0.0.0/8 is a summary, 01:28:46, Null0
C 200.1.1.0/24 is directly connected, FastEthernet2/0
40.0.0.0/24 is subnetted, 1 subnets
D EX 40.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
60.0.0.0/24 is subnetted, 1 subnets
D EX 60.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
R-4#
Pada R-1 kita mendapatkan Update tentang Network 200.1.1.0
kita coba traceroute dari R-6 ke network 200.1.1.0
R-6>traceroute 200.1.1.1
Type escape sequence to abort.
Tracing the route to 200.1.1.1
1 40.0.0.1 48 msec 64 msec 20 msec
2 50.0.0.2 68 msec 56 msec 28 msec
3 70.0.0.2 108 msec 36 msec *
R-6>
Nah dsini kita sudah men setup basic network OSPF single Area, Multiple Area dan Stub Area. Kita juga telah membangun Network EIGRP lalu me Redistibusikan ke network OSPF.
Thanks
Fery Junaedi.
Setup Cisco VPN Client
•March 31, 2009 • Leave a CommentSetup Cisco VPN Client
Pada Tulisan sebelumnya, kita sudah membangun Cisco VPN Server dengan menggunakan SDM. Kali ini kita akan melakukan Setup Cisco VPN Client. Cisco VPN Client berfungsi Sebagai Interfacing yang akan membentuk VPN Connection dari Cisco VPN Server ke Client. Dengan Mendial IP address WAN dari VPN Server, dan memasukan username dan password yang sudah di define di VPN Server maka kita sudah terhubung ke VPN Server dan paket data yang lewat viaVPN akan di Encripted secara aman.
Nah disini, kita menganggap proses instalasi Cisco VPN Client sudah selesai, dan kita akan melakukan setup selanjutnya.
Untuk Mudah nya silahkan lihat Disini
Konfigurasi Easy VPN Server menggunakan Cisco SDM
•March 31, 2009 • 2 CommentsKonfigurasi Easy VPN Server menggunakan Cisco SDM
Easy VPN Server, adalah sebuah istilah yang digunakan oleh cisco dari services Remote VPN Server yang dijalankan Router Cisco.
Secara sederhana cara kerja Remote VPN Server adalah bagaimana memberikan keleluasaan pada pengguna agar tetap dapat mengakses jaringan internal perusahaan mereka dan dapat bekerja secara remote / jarak jauh secara aman.
Cara kerjanya cukup sederhana, kita menjalankan Services Remote VPN server di router cisco,yang nantinya user yang terhubung internet dengan menggunakan jaringan Provider lain,akan men dial VPN server dan memasukan username dan password yang sudah di define di Remote VPN Server. Ketika Authentikasi berhasil dilakukan maka Remote VPN Server akan menyuntikan IP Address dan DNS baru ke client tersebut dengan demikian maka client tersebut sudah terhubung dan dapat mengakses jaringan private yang telah di define dibelakang router.
Saya sendiri pada awalnya sangat bingung sekali, bagaimana mengingat begitu banyak command yang aneh-aneh untuk membangun VPN Server ini, karena memahami secara teknis bagaimana proses enkripsi, authentikasi dan bagaimana paket data yang lewat di enkripsi dan didekripsi kembali cukup membingungkan… hahaha
Beruntung Cisco menciptakan GUI Interface untuk mengkonfigurasi cisco secara lebih mudah, yaitu Cisco Security Device Manager (SDM). Kita bisa mendownlad dan menginstall SDM, kalo anda binggung silahkan googling aja.
biasanya cukup berat untuk download langsung via cisco, jadi saya sarankan untuk cari sendiri dengan menggunakan
keyword : SDM-V25.zip . cukup banyak bertebaran di rapidshare.com atau di 4shared.com
Satu lagi, ketika anda sudah berhasil menjalankan services Remote VPN Server, jika and menggunakan windows Silahkan anda menginstall aplikasi Remote VPN Client. Umumnya karena kita membangun mengunakan cisco maka kita juga gunakan cisco VPN Client. Silahkan cari di google versi terbaru keywordnya : VPN Client 5.0.03.zip yang saya gunakan. Jika anda belum pernah sama sekali menggunakan VPN CLient tersebut, tentunya anda masih binggung bagaimana menghubungkan dari VPN Server yang sudah berjalan menggunakan VPN Client ini. Tenang saja, saya juga sudah membuatkan sedikit panduan bagaimana mensetting dan testing VPN Client di Disini
Oiya gan ada yang lupa, setelah SDM terinstall pastikan list berikut sudah dilakukan :
Di sisi Aplikasi
1. Pastikan Java sudah terinstall di pc anda
2. pastikan anda tidak memblok popup tampilan SDM pada browser.
Di sisi Router :
1. setting ip address minimum agar bisa di askes via SDM
2. aktifkan ip http server
3. aktifkan aaa-new model
4. define minimal ada satu username dan privelege level 15
baiklah, ilustrasinya sigitu aja silahkan dicoba gan,
Yang Paling Penting Dokumentasi Cara Setting VPN Via SDM nya Disini
Full Konfigurasinya setelah di Generate via SDM disini :
RT-Jakarta#show run
Building configuration…
!
hostname RT-Jakarta
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
ip name-server 202.47.78.8
ip name-server 202.47.78.9
!
username fery privilege 15 secret 5 $1$m4eM$WC4j4KekWukubo4Oia2OG.
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group fery-g
key fery123
dns 202.47.78.8 202.47.78.9
pool SDM_POOL_1
acl 101
include-local-lan
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group fery-g
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_2
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set fery-transform-set esp-aes esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set fery-transform-set
set isakmp-profile sdm-ike-profile-1
!
interface FastEthernet1/0
description *** WAN ***
ip address 202.47.77.24x 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** LAN ***$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
duplex auto
speed auto
!
ip local pool SDM_POOL_1 192.168.10.1 192.168.10.100
ip classless
ip route 0.0.0.0 0.0.0.0 202.47.77.241
ip http server
no ip http secure-server
!
logging alarm informational
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
!
RT-Jakarta#
OSPF Multiple Area With Virtual Link
•March 24, 2009 • 1 CommentOSPF Multiple Area With Virtual Link
Dari beberapa Internal Routing Protokol yang ada, seperti RIP, IGRP, EIGRP, maka OSPF lah yang cukup rumit dalam pembuatan rule dan implementasinya. karena OSPF adalah routing Protokol yang Futuristik.
Pemahaman yang mendasar mengenai bagaimana proses OSPF neighborship terbentuk, istilah / terminology yang digunakan seperti Link State Update (LSU), Links State Advertisement (LSA), Link State Database (LSD) dan bagaimana konsep DR / BDR bekerja, akan sangat membantu sekali dalam melakukan trobleshooting jika terjadi masalah pada jaringan OSPF.
Pada Topologi Lab yang kita bangun kali ini, saya membuat skenario jaringan yang terdiri dari beberapa area, yaitu Area 0 (Backbone) , Area 1 dan Area 2. Secara Default, Setiap Area Harus memilik koneksi langsung ke Area 0 atau Area Backbone.
disini kita memiliki beberapa router, dimana pada R-3 dan R-4 tidak memiliki koneksi langsung ke Area 0, dengan demikian R-3 dan R-4 tidak mendapatkan routing update dari R-2 dan R-1. Solusinya adalah kita akan membuatkan virtual link dari R-2 ke R-3 seolah2x membuat tunnel yang menghubungkan antara area 0 dan area 2 disini kita tampilkan full configuration dari setiap router
note :
- interface loopback nantinya berfungsi sebagai Router-ID
- pada ip route diawali dengan IA << ini adalah ospf inter area
- untuk menguji apakah virtual link bekerja, kita bisa melakukan ping
dari R-4 di area 2 ke R-1 di area 0
Klik ini untuk melihat Topology Network :
Full Configuration :
********************************************************************************
R-1
********************************************************************************
R-1#show run
Building configuration…
!
hostname R-1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
description *** LAN RT-1 ***
ip address 192.168.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** TO WAN ***
ip address 10.8.8.212 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
!
end
R-1#
R-1#
R-1#show ip protocols
Routing Protocol is “ospf 1″
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.20.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.1.1 0.0.0.0 area 0
192.168.10.0 0.0.0.255 area 0
192.168.20.0 0.0.0.255 area 0
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:09:06
2.2.2.2 110 00:09:06
Distance: (default is 110)
R-1#
R-1#show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet1/0 192.168.20.1 YES manual up up
FastEthernet1/1 192.168.10.1 YES manual up up
Loopback0 1.1.1.1 YES manual up up
R-1#
R-1#
R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.20.2, 00:09:11, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 192.168.20.2, 00:09:11, FastEthernet1/0
O IA 192.168.30.0/24 [110/2] via 192.168.20.2, 00:09:11, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/4] via 192.168.20.2, 00:09:11, FastEthernet1/0
C 192.168.10.0/24 is directly connected, FastEthernet1/1
O IA 192.168.40.0/24 [110/3] via 192.168.20.2, 00:09:11, FastEthernet1/0
C 192.168.20.0/24 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.8.8.0 is directly connected, FastEthernet1/1
O IA 192.168.50.0/24 [110/4] via 192.168.20.2, 00:09:12, FastEthernet1/0
R-1#
R-1#
********************************************************************************
R-2
********************************************************************************
R-2#show run
Building configuration…
!
hostname R-2
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-1 **
ip address 192.168.20.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** TO RT-3 **
ip address 192.168.30.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
area 1 virtual-link 3.3.3.3
network 2.2.2.2 0.0.0.0 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 1
!
end
R-2#show ip protocols
Routing Protocol is “ospf 1″
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
2.2.2.2 0.0.0.0 area 0
192.168.20.0 0.0.0.255 area 0
192.168.30.0 0.0.0.255 area 1
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:10:23
192.168.20.1 110 00:10:23
Distance: (default is 110)
R-2#
R-2#show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet1/0 192.168.20.2 YES manual up up
FastEthernet1/1 192.168.30.2 YES manual up up
Loopback1 2.2.2.2 YES manual up up
R-2#
R-2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.20.1, 00:10:38, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.30.1, 00:10:48, FastEthernet1/1
C 192.168.30.0/24 is directly connected, FastEthernet1/1
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/3] via 192.168.30.1, 00:10:38, FastEthernet1/1
O 192.168.10.0/24 [110/2] via 192.168.20.1, 00:10:38, FastEthernet1/0
O IA 192.168.40.0/24 [110/2] via 192.168.30.1, 00:10:38, FastEthernet1/1
C 192.168.20.0/24 is directly connected, FastEthernet1/0
O IA 192.168.50.0/24 [110/3] via 192.168.30.1, 00:10:38, FastEthernet1/1
R-2#
********************************************************************************
RT-3
********************************************************************************
RT-3#show run
Building configuration…
!
hostname RT-3
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-2 ***
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** RO RT-4 ***
ip address 192.168.40.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
area 1 virtual-link 2.2.2.2
network 3.3.3.3 0.0.0.0 area 1
network 192.168.30.0 0.0.0.255 area 1
network 192.168.40.0 0.0.0.255 area 2
!
end
RT-3#
RT-3#
RT-3#
RT-3#show ip protocols
Routing Protocol is “ospf 1″
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 3.3.3.3
It is an area border router
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
3.3.3.3 0.0.0.0 area 1
192.168.30.0 0.0.0.255 area 1
192.168.40.0 0.0.0.255 area 2
Routing Information Sources:
Gateway Distance Last Update
2.2.2.2 110 00:11:24
4.4.4.4 110 00:11:44
192.168.20.1 110 00:11:24
Distance: (default is 110)
RT-3#
RT-3#
RT-3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 192.168.30.2, 00:11:28, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.30.2, 00:11:28, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback1
C 192.168.30.0/24 is directly connected, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 192.168.40.2, 00:11:48, FastEthernet1/1
O 192.168.10.0/24 [110/3] via 192.168.30.2, 00:11:28, FastEthernet1/0
C 192.168.40.0/24 is directly connected, FastEthernet1/1
O 192.168.20.0/24 [110/2] via 192.168.30.2, 00:11:28, FastEthernet1/0
O 192.168.50.0/24 [110/2] via 192.168.40.2, 00:11:48, FastEthernet1/1
RT-3#
RT-3#
RT-3#
********************************************************************************
RT-4
********************************************************************************
RT-4#show run
Building configuration…
!
hostname RT-4
!
interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-3 ***
ip address 192.168.40.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.50.1 255.255.255.0
duplex auto
speed auto
no keepalive
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 2
network 192.168.40.0 0.0.0.255 area 2
network 192.168.50.0 0.0.0.255 area 2
!
end
RT-4#
RT-4#
RT-4#
RT-4#show ip protocols
Routing Protocol is “ospf 1″
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 4.4.4.4
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
4.4.4.4 0.0.0.0 area 2
192.168.40.0 0.0.0.255 area 2
192.168.50.0 0.0.0.255 area 2
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:12:02
Distance: (default is 110)
RT-4#
RT-4#
RT-4#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/4] via 192.168.40.1, 00:12:10, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/3] via 192.168.40.1, 00:12:10, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2] via 192.168.40.1, 00:12:30, FastEthernet1/0
O IA 192.168.30.0/24 [110/2] via 192.168.40.1, 00:12:30, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
O IA 192.168.10.0/24 [110/4] via 192.168.40.1, 00:12:10, FastEthernet1/0
C 192.168.40.0/24 is directly connected, FastEthernet1/0
O IA 192.168.20.0/24 [110/3] via 192.168.40.1, 00:12:10, FastEthernet1/0
C 192.168.50.0/24 is directly connected, FastEthernet1/1
RT-4#
RT-4#
********************************************************************************
********************************************************************************
RT-4#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:36 192.168.40.1 FastEthernet1/0
RT-4#
RT-4#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:36 192.168.40.1 FastEthernet1/0
RT-4#
RT-3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 0 FULL/ - - 192.168.30.2 OSPF_VL0
2.2.2.2 1 FULL/BDR 00:00:34 192.168.30.2 FastEthernet1/0
4.4.4.4 1 FULL/BDR 00:00:37 192.168.40.2 FastEthernet1/1
RT-3#
R-2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.20.1 1 FULL/DR 00:00:34 192.168.20.1 FastEthernet1/0
3.3.3.3 0 FULL/ - - 192.168.30.1 OSPF_VL0
3.3.3.3 1 FULL/DR 00:00:31 192.168.30.1 FastEthernet1/1
R-2#
R-1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:37 192.168.20.2 FastEthernet1/0
R-1#
Installing VPN Client di Ubuntu
•March 20, 2009 • Leave a CommentInstalling VPN Client di Ubuntu
Banyak cara untuk melakukan koneksi ke Cisco VPN Server. Standartnya kita menggunakan Cisco VPN Client. tapi pada linux kita juga dapat melakukan vpn dengan menginstall vpn client untuk dapat terhubung ke Cisco VPN Server.
root@Gaban:/home/fery# apt-get install vpnc
root@Gaban:/home/fery# cd /etc/vpnc/
root@Gaban:/etc/vpnc# cp example.conf cs-vpn.conf
root@Gaban:/etc/vpnc# pico cs-vpn.conf
IPSec gateway (disini IP addess vpn server)
IPSec ID (yang ini group name VPN server)
IPSec secret (yang ini passwod dari group tersebut)
#Xauth username myUserName << dimatikan juga boleh
perintah untuk mengaktifkan VPN Client
root@Gaban:/etc/vpnc# vpnc cs-vpn
Enter username for 202.47.77.246: fery << masukkan username
Enter password for fery@202.47.77.246: << masukkan password
VPNC started in background (pid: 7118)… << vpn sudah terbentuk
root@Gaban:/etc/vpnc#
cek dengan melakukan ping ke LAN dari Router VPN Server
root@Gaban:/etc/vpnc# ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=254 time=9.73 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=254 time=22.7 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=254 time=13.4 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=254 time=11.9 ms
— 192.168.100.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 9.737/14.485/22.778/4.971 ms
root@Gaban:/etc/vpnc#
cek telnet kesalah satu Router dibelakang Router dibelakang VPN Server
root@Gaban:/etc/vpnc# telnet 192.168.100.2
Trying 192.168.100.2…
Connected to 192.168.100.2.
Escape character is ‘^]’.
User Access Verification
Username: fery
Password:
Jakarta>
Cara Matikan Koneksi VPN
root@Gaban:/etc/vpnc# vpnc-disconnect
Terminating vpnc daemon (pid: 7118)
root@Gaban:/etc/vpnc#
Configure Site-to-Site IPSec VPN
•March 18, 2009 • Leave a CommentConfigure Site-to-Site IPSec VPN
Network Topology :
Running Configuration Script ;
JAKARTA#show run
Building configuration…
Current configuration : 1578 bytes
!
!
hostname JAKARTA
!
enable secret 5 $1$1HnK$WK8y86i/tdidazXthnuVi1
!
crypto isakmp policy 1
encr aes
authentication pre-share
crypto isakmp key fery123 address 20.20.20.1
!
!
crypto ipsec transform-set FERY esp-aes esp-sha-hmac
!
crypto map MAP 1 ipsec-isakmp
set peer 20.20.20.1
set transform-set FERY
set pfs group2
match address 101
!
!
interface Tunnel0
description *** TUNNEL TO BANDUNG ***
ip address 192.168.100.1 255.255.255.0
tunnel source FastEthernet1/1
tunnel destination 20.20.20.1
crypto map MAP
!
interface FastEthernet1/0
description *** LAN ***
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet1/1
description *** TO ISP ***
ip address 10.10.10.1 255.255.255.0
crypto map MAP
!
ip route 20.20.20.0 255.255.255.0 10.10.10.2
ip route 192.168.20.0 255.255.255.0 192.168.100.2
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
!
JAKARTA#
JAKARTA#show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet1/0 192.168.10.1 YES NVRAM up up
FastEthernet1/1 10.10.10.1 YES NVRAM up up
Tunnel0 192.168.100.1 YES manual up up
JAKARTA#
*******************************************************************************
BANDUNG#show run
Building configuration…
Current configuration : 1639 bytes
!
hostname BANDUNG
!
enable secret 5 $1$.J4i$66Xm1vwYI85PL5YE/UdZw/
!
crypto isakmp policy 1
encr aes
authentication pre-share
crypto isakmp key fery123 address 10.10.10.1
!
!
crypto ipsec transform-set FERY esp-aes esp-sha-hmac
!
crypto map MAP 1 ipsec-isakmp
set peer 10.10.10.1
set transform-set FERY
set pfs group2
match address 101
!
interface Tunnel0
description *** TUNNEL TO JAKARTA ***
ip address 192.168.100.2 255.255.255.0
tunnel source FastEthernet1/1
tunnel destination 10.10.10.1
crypto map MAP
!
interface FastEthernet1/0
description *** CONNECTION TO LAN ***
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet1/1
description *** CONNECTION TO ISP ***
ip address 20.20.20.1 255.255.255.0
crypto map MAP
!
ip route 0.0.0.0 0.0.0.0 20.20.20.2
ip route 10.10.10.0 255.255.255.0 20.20.20.2
ip route 192.168.10.0 255.255.255.0 192.168.100.1
!
access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!
end
BANDUNG#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet1/0 192.168.20.1 YES NVRAM up up
FastEthernet1/1 20.20.20.1 YES NVRAM up up
Tunnel0 192.168.100.2 YES manual up up
BANDUNG#
BANDUNG#
*******************************************************************************
Verification Command
*******************************************************************************
JAKARTA#show crypto session
Crypto session current status
Interface: FastEthernet1/1
Session status: UP-ACTIVE
Peer: 20.20.20.1 port 500
IKE SA: local 10.10.10.1/500 BANDUNG 20.20.20.1/500 Active
IPSEC FLOW: permit ip 192.168.10.0/255.255.255.0 192.168.20.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.10.0/255.255.255.0 192.168.20.0/255.255.255.0
Active SAs: 2, origin: crypto map
JAKARTA#
JAKARTA#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
20.20.20.1 10.10.10.1 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
JAKARTA#show crypto ipsec sa
interface: FastEthernet1/1
Crypto map tag: MAP, local addr 10.10.10.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
BANDUNG ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
current_peer 20.20.20.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 24, #pkts encrypt: 24, #pkts digest: 24
#pkts decaps: 24, #pkts decrypt: 24, #pkts verify: 24
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 10.10.10.1, BANDUNG crypto endpt.: 20.20.20.1
path mtu 1500, ip mtu 1500
current outbound spi: 0x24C882F1(617120497)
….
….
JAKARTA#
*******************************************************************************
BANDUNG#show crypto session
Crypto session current status
Interface: FastEthernet1/1
Session status: UP-ACTIVE
Peer: 10.10.10.1 port 500
IKE SA: local 20.20.20.1/500 BANDUNG 10.10.10.1/500 Active
IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.10.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip 192.168.20.0/255.255.255.0 192.168.10.0/255.255.255.0
Active SAs: 2, origin: crypto map
BANDUNG#
BANDUNG#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
20.20.20.1 10.10.10.1 QM_IDLE 1001 0 ACTIVE
IPv6 Crypto ISAKMP SA
BANDUNG#
BANDUNG#
BANDUNG#
BANDUNG#show crypto ipsec sa
interface: FastEthernet1/1
Crypto map tag: MAP, local addr 20.20.20.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0)
BANDUNG ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
current_peer 10.10.10.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 24, #pkts encrypt: 24, #pkts digest: 24
#pkts decaps: 24, #pkts decrypt: 24, #pkts verify: 24
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 20.20.20.1, BANDUNG crypto endpt.: 10.10.10.1
path mtu 1500, ip mtu 1500
current outbound spi: 0x26162F42(638988098)
BANDUNG#
Cisco Banner
•March 18, 2009 • Leave a CommentCisco Banner
Sebagai Pelengkap kita bisa membuat banner, yaitu semacam pesan singkat yang muncul di saat kita melakukan telnet ke router, selain itu juga dapat menambahkan keterangan bahwa sedang mengakses router tersebut dan juga sebagai peringatan agar orang yang tidak memiliki akses ke router tidak mencoba login.
Banner dimulai dari karakter asteriks *, dan diakhiri dengan karakter itu juga.
Fery-Router(config)#banner motd *
Enter TEXT message. End with the character ‘*’.
—————————————————————————–
Router Fery, Jika Anda Tidak memiliki Otoritas, Dilarang Login
—————————————————————————–
Saat ini anda sedang mengakses $(hostname).$(domain)
Saat ini anda sedang mengakses line $(line)
$(line-desc)
—————————————————————————–
Router Fery, Jika Anda Tidak memiliki Otoritas, Dilarang Login
—————————————————————————–
*
Fery-Router(config)#exi
Fery-Router#exit
Press RETURN to get started.
—————————————————————————–
Router Fery, Jika Anda Tidak memiliki Otoritas, Dilarang Login
—————————————————————————–
Saat ini anda sedang mengakses Fery-Router.
Saat ini anda sedang mengakses line 0
—————————————————————————–
Router Fery, Jika Anda Tidak memiliki Otoritas, Dilarang Login
—————————————————————————–
User Access Verification
Password:
Fery-Router>
AAA, Authentication , Authorization, Accounting
•March 18, 2009 • Leave a CommentAAA
Authentication , Authorization, Accounting
Implementasi Cisco AAA,
Authentication : Mem validasi apakah anda memiliki ototitas untuk mengakses router,
Authorization : Mendefinisikan apa saja yang bisa anda lakukan di router tersebut,
Accounting : Mencatat Semua aktifitas yang anda lakukan di router.
Perintah AAA :
Fery-Router(config)#aaa new-model
Fery-Router(config)#aaa authentication login default enable
Fery-Router(config)#aaa authentication enable default enable line
Fery-Router(config)#username fery privilege 15 secret fery1234512345
Fery-Router(config)#
