cincin all

•May 28, 2009 • Leave a Comment

1.

masputih1

2

rb1044

3.

rl1137y

4.
rl1747

5.

womenbands

Basic Installation Cacti

•May 28, 2009 • Leave a Comment

Basic Installation Cacti

Update Debian
apt-get update && apt-get upgrade

Install Some Software tools
apt-get install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.3-dev libpcre3 libpopt-dev linux-kernel-headers lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++

installing php package
apt-get install php5 php5-apache2-mod-bt php5-auth-pam php5-dev php5-mysql php5-odbc php5-snmp php5-xmlrpc php5-snmp php5-sqlite php5-gd php5-imap

installing mysql
apt-get install mysql-server mysql-client libmysqlclient15-dev
fery-deb:~# groupadd cacti
fery-deb:~# useradd -g cacti cactiuser
fery-deb:~# mysql
mysql> set password for root@localhost=password(‘fery123’);
mysql> create database cactidb;
mysql> grant all on cactidb.* to root;
mysql> grant all on cactidb.* to root@localhost;
mysql> grant all on cactidb.* to cactiuser;
mysql> grant all on cactidb.* to cactiuser@localhost;
mysql> set password for cactiuser@localhost=password(‘fery123’);
mysql> exit

Installing snmp

apt-get install snmp snmpd snmptrapfmt
fery-deb:~# dpkg -l | grep snmpd
ii snmpd 5.2.3-7etch4 NET SNMP (Simple Network Management Protocol
fery-deb:~#

testing snmp services command :
fery-deb:~# snmpwalk -v 1 -c comunity-name 10.10.2.200
atau
fery-deb:~# snmpwalk -v 1 -c public localhost

installing rrdtool
apt-get install rrdcollect rrdtool rrdtool-tcl
pastikan services rrdtools sudah terinstall
fery-deb:~# dpkg -l | grep rrdtool

Installing Cacti
apt-get install cacti cacti-cactid

pastikan passwod sama dengan mysql databases;
akses
http://servercacti/cacti

Login = admin with password default admin

setting paths
– RRDTool Binary Path < sesuai dengan path rrdtools nya. path yang lain biasanya default
Console -> Devices -> (Edit) UNTUK LOCALHOST
SNMP Community = public
SNMP Version = Version 1 << untuk Device lain sesuaikan dengan versi masing2x
pastikan >> SNMP Information (muncul informasi SNMP )

untuk menambah Device yang akan dimonitoring

Console -> Devices >> Add >>
– pastikan SNMP community sesuai dengan perangkat yang akan di monitoring
– Pastikan SNMP Version sesuai dengan perangkat yang akan di monitoring
– Jika Status sudah up brarti semuanya berjalan dengan normal

– Lihat Hasil Graphic dalam 5 menit biasanya sudah muncul atau bisa dicustome sendiri

Udah gitu aja basic instalasinya, kalo mau lebih advance dengan Addons nya lagi bisa exporing sendiri kanūüôā

http://www.cacti.net

Thanks,

Configure OSPF Multiple Area with Stub Network and Redistibute to EIGRP

•April 2, 2009 • Leave a Comment

Pada lab kita kali ini, kita akan membangun OSPF Multiple Area dan melakukan Redistribute Antara Routing Protokol yaitu OSPF dan EIGRP. Disini kita juga membuat skenario pada network OSPF yaitu, bagaimana agar network pada suatu area, tidak mem broadcast network nya ke area yang lain. tapi tetap dapat mengakses area 0 atau network backbone.

langkah pertama kita membangun Jaringan OSPF
1. Pada Area 0 melibatkan Router = R-1, R2, R-3
2. Pada Area 1 melibatkan Router = R-1 dan R-6
3. Masing-masing Router memiliki Router Id sesuai dengan Nama nya misalnya R-1 maka Router-idnya adalah : 1.1.1.1

Topology Lengkapnya disini

Kalo Full Configuration Script nya disini
Basic Konfigurasi Network OSPF pada Masing – Masing Router adalah :

Pada Router 1
R-1#

!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 stub no-summary
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0
!
R-1#
Pada Router 2
R-2#
!
router ospf 1
router-id 2.2.2.2
network 50.0.0.0 0.0.0.255 area 0
!
R-2#

Pada Router 3
R-3#
!
router ospf 1
router-id 3.3.3.3
network 60.0.0.0 0.0.0.255 area 0
!
R-3#

sekarang kita akan melihat sample routing table, Sebelum Stub Area dijalankan.

Pada Router 1
configurasi OSPF sebelum Stub Area 1 dijalankan

router ospf 1
router-id 1.1.1.1
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0

R-1 Mendapat Update Route dari R-6 di Area 1, Perhatikan kita mendapatkan Update mengenai Network 10, 20 dan network 30. Selanjutnya kita ingin agar network di Area 1 tidak Broadcast ke Area 0 dan tidak di Redistribute ke jaringan EIGRP 10. Cara yang paling sederhana dengan mengaktifkan Area 1 Stub. Dengan Demikian Stub tidak akan memberikan update routing ke External Area nya. tapi agar Area 1 di R-6 tetap bisa mengakses Network Backbone maka kita buatkan Default Route

Ini adalah Routing Table sebelum stub area dijalankan

R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
20.0.0.0/24 is subnetted, 1 subnets
O 20.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
10.0.0.0/24 is subnetted, 1 subnets
O 10.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
30.0.0.0/24 is subnetted, 1 subnets
O 30.0.0.0 [110/2] via 40.0.0.2, 00:00:13, FastEthernet2/0
R-1#

R-1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:37 60.0.0.2 Serial1/1
2.2.2.2 0 FULL/ – 00:00:39 50.0.0.2 Serial1/0
6.6.6.6 1 FULL/DR 00:00:37 40.0.0.2 FastEthernet2/0 << R-6
R-1#

dari informasi update route diatas kita juga mendapatkan update dari network EIGRP Kita juga mendapatkan Full Routing Update di R-6 yang berada pada Area 1

R-6#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
O IA 50.0.0.0 [110/65] via 40.0.0.1, 00:02:05, FastEthernet1/0
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0.2
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0.1
60.0.0.0/24 is subnetted, 1 subnets
O IA 60.0.0.0 [110/65] via 40.0.0.1, 00:02:05, FastEthernet1/0
30.0.0.0/24 is subnetted, 1 subnets
C 30.0.0.0 is directly connected, FastEthernet0/0.3
R-6#

R-6#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 FULL/BDR 00:00:35 40.0.0.1 FastEthernet1/0
R-6#

Stub Area, Adalah sebuah area yang tidak menerima Update dari external Route kecuali Default routenya, tapi bisa menerima update route dari area yang sama misalnya hanya berada pada area 1. Stub area ini berfungsi ketika Customer terhubung melalui ASBR (autonomous system border routers) ke Area 0, dan ingin mendapatkan Best Route dari Area 0, Tapi Backbone Area (Area 0) tidak mendapatkan routing update tentang Customer Area atau Area 1.

Pada Router 6 diatas kita mendapatkan Full Routing Update tentang semua network yang terhubung, dan Core backbone juga mendapatkan Route Update tentang semua network di R-1 pada Area 1

Nah sekarang kita akan mengaktifkan Stub Area di ASBR (R-1)

R-1#
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
area 1 stub no-summary
network 40.0.0.0 0.0.0.255 area 1
network 50.0.0.0 0.0.0.255 area 0
network 60.0.0.0 0.0.0.255 area 0
!
R-1#

dan kita lihat Routing table pada R-1

R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
R-1#
R-1#

R-1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:31 60.0.0.2 Serial1/1
2.2.2.2 0 FULL/ – 00:00:35 50.0.0.2 Serial1/0
R-1#

disini kita lihat bahwa Network Area 1 sudah tidak ada, dan OSPF neighborship ke R-6 tidak muncul juga perhatikan R-6, juga tidak mendapatkan routing update kecuali pada area yang sama yaitu area 1

R-6#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is 40.0.0.1 to network 0.0.0.0

20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0.2
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0.1
30.0.0.0/24 is subnetted, 1 subnets
C 30.0.0.0 is directly connected, FastEthernet0/0.3
S* 0.0.0.0/0 [1/0] via 40.0.0.1
R-6#

tapi kita tetap bisa terhubung ke network 60, di Area 0 berkat default route
R-6#ping 60.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/52/152 ms
R-6#

Redistibute OSPF dan EIGRP

OK, kita sudah membangun jaringan OSPF, sekarang kita akan mengaktifkan Routing EIGRP AS 10 yang akan melibatkan R-2, R-3, R-4 dan R-5.

Pada Router 2
R-2#
!
router eigrp 10
network 70.0.0.0
auto-summary
!
R-2#
R-2#

Pada Router 3
R-3#
!
router eigrp 10
network 80.0.0.0
no auto-summary
!
R-3#

Pada Router 4
R-4#
R-4#
!
router eigrp 10
network 70.0.0.0
network 200.1.1.0
auto-summary
!
R-4#
R-4#

Pada Router 5
R-5#
R-5#
!
router eigrp 10
network 80.0.0.0
network 200.1.1.0
auto-summary
!
R-5#
R-5#

Ok, sekarang Routing EIGRP 10 sudah terbentuk, nah bagaimana agar dua routing protokol OSPF dan EIGRP yang memiliki cara perhitungan best route yang berbeda ini, dapat saling bertukar informasi routing. Maka disinilah kita melakukan redistribute antar Routing Protokol, yang akan melibatkan R-2 dan R-3 karena kedua router inilah yang berada di tengah antara OSPF dan EIGRP

Konfigurasi Redistribute nya jadi begini,

Pada Router 2
R-2

!
router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 70.0.0.0
auto-summary
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 50.0.0.0 0.0.0.255 area 0
!

Pada Router 3
R-3
!
router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 80.0.0.0
no auto-summary
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 60.0.0.0 0.0.0.255 area 0
!

kurang lebih penjelaskan nya begini ;

router eigrp 10
redistribute ospf 1 metric 1500 0 255 1 1500
network 70.0.0.0
auto-summary

Saya ingin me Redistibusikan network OSPF ke network EIGRP 10 dengan proses ID 1, dan saya memberikan nilai bandwith matric 1500 dengan delay 0, reability matric 100 % atau 255 dan effective bandwidth 1 dan saya memberikan nilai MTU 1500

router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 10 subnets metric 100 metric-type 1
network 60.0.0.0 0.0.0.255 area 0

Pada Router ospf 1, saya ingin meredistibusikan network eigrp dengan AS 10 dengan subnetnya dan memberikan nilai metrik untuk routing eigrp tersebut 100 , dan memberikan jenis metric-type 1
atau exernal metric.

hahaha.. kurang lebih begitu..

kita akan melihat show route dari R-4 dan R-1 setelah dilakukan redistribute , perhatikan bahwa Pada R-1 kita mendapatkan Update tentang Network 200.1.1.0 atau network EIGRP 10, juga pada R-4 kita mendapatkan update routing external dari OSPF.

R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
C 50.0.0.0 is directly connected, Serial1/0
70.0.0.0/24 is subnetted, 1 subnets
O E2 70.0.0.0 [110/100] via 50.0.0.2, 00:45:12, Serial1/0
O E2 200.1.1.0/24 [110/100] via 50.0.0.2, 00:06:21, Serial1/0
40.0.0.0/24 is subnetted, 1 subnets
C 40.0.0.0 is directly connected, FastEthernet2/0
60.0.0.0/24 is subnetted, 1 subnets
C 60.0.0.0 is directly connected, Serial1/1
R-1#

R-4#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

50.0.0.0/24 is subnetted, 1 subnets
D EX 50.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 70.0.0.0/24 is directly connected, Serial1/0
D 70.0.0.0/8 is a summary, 01:28:46, Null0
C 200.1.1.0/24 is directly connected, FastEthernet2/0
40.0.0.0/24 is subnetted, 1 subnets
D EX 40.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
60.0.0.0/24 is subnetted, 1 subnets
D EX 60.0.0.0 [170/2218496] via 70.0.0.1, 00:06:37, Serial1/0
R-4#

Pada R-1 kita mendapatkan Update tentang Network 200.1.1.0

kita coba traceroute dari R-6 ke network 200.1.1.0
R-6>traceroute 200.1.1.1

Type escape sequence to abort.
Tracing the route to 200.1.1.1

1 40.0.0.1 48 msec 64 msec 20 msec
2 50.0.0.2 68 msec 56 msec 28 msec
3 70.0.0.2 108 msec 36 msec *
R-6>

Nah dsini kita sudah men setup basic network OSPF single Area, Multiple Area dan Stub Area. Kita juga telah membangun Network EIGRP lalu me Redistibusikan ke network OSPF.

Thanks

Fery Junaedi.

Setup Cisco VPN Client

•March 31, 2009 • Leave a Comment

Setup Cisco VPN Client

Pada Tulisan sebelumnya, kita sudah membangun Cisco VPN Server dengan menggunakan SDM. Kali ini kita akan melakukan Setup Cisco VPN Client. Cisco VPN Client berfungsi Sebagai Interfacing yang akan membentuk VPN Connection dari Cisco VPN Server ke Client. Dengan Mendial IP address WAN dari VPN Server, dan memasukan username dan password yang sudah di define di VPN Server maka kita sudah terhubung ke VPN Server dan paket data yang lewat viaVPN akan di Encripted secara aman.

Nah disini, kita menganggap proses instalasi Cisco VPN Client sudah selesai, dan kita akan melakukan setup selanjutnya.

Untuk Mudah nya silahkan lihat Disini

Konfigurasi Easy VPN Server menggunakan Cisco SDM

•March 31, 2009 • 2 Comments

Konfigurasi Easy VPN Server menggunakan Cisco SDM


Easy VPN Server, adalah sebuah istilah yang digunakan oleh cisco dari services Remote VPN Server yang dijalankan Router Cisco.
Secara sederhana cara kerja Remote VPN Server adalah bagaimana memberikan keleluasaan pada pengguna agar tetap dapat mengakses jaringan internal perusahaan mereka dan dapat bekerja secara remote / jarak jauh secara aman.

Cara kerjanya cukup sederhana, kita menjalankan Services Remote VPN server di router cisco,yang nantinya user yang terhubung internet dengan menggunakan jaringan Provider lain,akan men dial VPN server dan memasukan username dan password yang sudah di define di Remote VPN Server. Ketika Authentikasi berhasil dilakukan maka Remote VPN Server akan menyuntikan IP Address dan DNS baru ke client tersebut dengan demikian maka client tersebut sudah terhubung dan dapat mengakses jaringan private yang telah di define dibelakang router.

Saya sendiri pada awalnya sangat bingung sekali, bagaimana mengingat begitu banyak command yang aneh-aneh untuk membangun VPN Server ini, karena memahami secara teknis bagaimana proses enkripsi, authentikasi dan bagaimana paket data yang lewat di enkripsi dan didekripsi kembali cukup membingungkan… hahaha

Beruntung Cisco menciptakan GUI Interface untuk mengkonfigurasi cisco secara lebih mudah, yaitu Cisco Security Device Manager (SDM). Kita bisa mendownlad dan menginstall SDM, kalo anda binggung silahkan googling aja.
biasanya cukup berat untuk download langsung via cisco, jadi saya sarankan untuk cari sendiri dengan menggunakan
keyword : SDM-V25.zip . cukup banyak bertebaran di rapidshare.com atau di 4shared.com

Satu lagi, ketika anda sudah berhasil menjalankan services Remote VPN Server, jika and menggunakan windows Silahkan anda menginstall aplikasi Remote VPN Client. Umumnya karena kita membangun mengunakan cisco maka kita juga gunakan cisco VPN Client. Silahkan cari di google versi terbaru keywordnya : VPN Client 5.0.03.zip yang saya gunakan. Jika anda belum pernah sama sekali menggunakan VPN CLient tersebut, tentunya anda masih binggung bagaimana menghubungkan dari VPN Server yang sudah berjalan menggunakan VPN Client ini. Tenang saja, saya juga sudah membuatkan sedikit panduan bagaimana mensetting dan testing VPN Client di Disini

Oiya gan ada yang lupa, setelah SDM terinstall pastikan list berikut sudah dilakukan :

Di sisi Aplikasi
1. Pastikan Java sudah terinstall di pc anda
2. pastikan anda tidak memblok popup tampilan SDM pada browser.

Di sisi Router :
1. setting ip address minimum agar bisa di askes via SDM
2. aktifkan ip http server
3. aktifkan aaa-new model
4. define minimal ada satu username dan privelege level 15

baiklah, ilustrasinya sigitu aja silahkan dicoba gan,

Topologinya Lengkapnya Disini

Yang Paling Penting Dokumentasi Cara Setting VPN Via SDM nya Disini

Full Konfigurasinya setelah di Generate via SDM disini :

RT-Jakarta#show run
Building configuration…
!
hostname RT-Jakarta
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
ip name-server 202.47.78.8
ip name-server 202.47.78.9

!
username fery privilege 15 secret 5 $1$m4eM$WC4j4KekWukubo4Oia2OG.
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group fery-g
key fery123
dns 202.47.78.8 202.47.78.9
pool SDM_POOL_1
acl 101
include-local-lan
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group fery-g
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_2
client configuration address respond
virtual-template 2
!
!
crypto ipsec transform-set fery-transform-set esp-aes esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set fery-transform-set
set isakmp-profile sdm-ike-profile-1
!
interface FastEthernet1/0
description *** WAN ***
ip address 202.47.77.24x 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** LAN ***$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
duplex auto
speed auto
!
ip local pool SDM_POOL_1 192.168.10.1 192.168.10.100
ip classless
ip route 0.0.0.0 0.0.0.0 202.47.77.241
ip http server
no ip http secure-server
!
logging alarm informational
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
!
RT-Jakarta#

OSPF Multiple Area With Virtual Link

•March 24, 2009 • 1 Comment

OSPF Multiple Area With Virtual Link

Dari beberapa Internal Routing Protokol yang ada, seperti RIP, IGRP, EIGRP, maka OSPF lah yang cukup rumit dalam pembuatan rule dan implementasinya. karena OSPF adalah routing  Protokol yang Futuristik.

Pemahaman yang mendasar mengenai bagaimana proses OSPF neighborship terbentuk, istilah / terminology yang digunakan seperti Link State Update (LSU), Links State Advertisement (LSA), Link State Database (LSD) dan bagaimana konsep DR / BDR bekerja,  akan sangat membantu sekali dalam melakukan trobleshooting jika terjadi masalah pada jaringan OSPF.

Pada Topologi Lab yang kita bangun kali ini, saya membuat skenario jaringan yang terdiri dari beberapa area, yaitu Area 0 (Backbone) , Area 1 dan Area 2. Secara Default, Setiap Area Harus memilik koneksi langsung ke Area 0 atau Area Backbone.

disini kita memiliki beberapa router, dimana pada R-3 dan R-4 tidak memiliki koneksi langsung ke Area 0, dengan demikian R-3 dan R-4 tidak mendapatkan routing update dari R-2 dan R-1. Solusinya adalah kita akan membuatkan virtual link dari R-2 ke R-3 seolah2x membuat tunnel yang menghubungkan antara area 0 dan area 2  disini kita tampilkan full configuration dari setiap router

note :
– interface loopback nantinya berfungsi sebagai Router-ID
– pada ip route diawali dengan IA << ini adalah ospf inter area
– untuk menguji apakah virtual link bekerja, kita bisa melakukan ping
dari R-4 di area 2  ke R-1 di area 0

Klik ini untuk melihat Topology Network :

Full Configuration :

********************************************************************************
R-1
********************************************************************************
R-1#show run
Building configuration…
!
hostname R-1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
description *** LAN RT-1 ***
ip address 192.168.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** TO WAN ***
ip address 10.8.8.212 255.255.255.0 secondary
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 192.168.10.0 0.0.0.255 area 0
network 192.168.20.0 0.0.0.255 area 0
!
end

R-1#
R-1#

R-1#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.20.1
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.1.1 0.0.0.0 area 0
192.168.10.0 0.0.0.255 area 0
192.168.20.0 0.0.0.255 area 0
Routing Information Sources:
Gateway         Distance      Last Update
3.3.3.3              110      00:09:06
2.2.2.2              110      00:09:06
Distance: (default is 110)

R-1#

R-1#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down
FastEthernet1/0            192.168.20.1    YES manual up                    up
FastEthernet1/1            192.168.10.1    YES manual up                    up
Loopback0                  1.1.1.1         YES manual up                    up
R-1#
R-1#

R-1#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 192.168.20.2, 00:09:11, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/3] via 192.168.20.2, 00:09:11, FastEthernet1/0
O IA 192.168.30.0/24 [110/2] via 192.168.20.2, 00:09:11, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 192.168.20.2, 00:09:11, FastEthernet1/0
C    192.168.10.0/24 is directly connected, FastEthernet1/1
O IA 192.168.40.0/24 [110/3] via 192.168.20.2, 00:09:11, FastEthernet1/0
C    192.168.20.0/24 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
C       10.8.8.0 is directly connected, FastEthernet1/1
O IA 192.168.50.0/24 [110/4] via 192.168.20.2, 00:09:12, FastEthernet1/0
R-1#
R-1#

********************************************************************************
R-2
********************************************************************************
R-2#show run
Building configuration…
!
hostname R-2
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-1 **
ip address 192.168.20.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** TO RT-3 **
ip address 192.168.30.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
area 1 virtual-link 3.3.3.3
network 2.2.2.2 0.0.0.0 area 0
network 192.168.20.0 0.0.0.255 area 0
network 192.168.30.0 0.0.0.255 area 1
!
end

R-2#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
It is an area border router
Number of areas in this router is 2. 2 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
2.2.2.2 0.0.0.0 area 0
192.168.20.0 0.0.0.255 area 0
192.168.30.0 0.0.0.255 area 1
Routing Information Sources:
Gateway         Distance      Last Update
3.3.3.3              110      00:10:23
192.168.20.1         110      00:10:23
Distance: (default is 110)

R-2#

R-2#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down
FastEthernet1/0            192.168.20.2    YES manual up                    up
FastEthernet1/1            192.168.30.2    YES manual up                    up
Loopback1                  2.2.2.2         YES manual up                    up
R-2#

R-2#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 192.168.20.1, 00:10:38, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback1
3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 192.168.30.1, 00:10:48, FastEthernet1/1
C    192.168.30.0/24 is directly connected, FastEthernet1/1
4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/3] via 192.168.30.1, 00:10:38, FastEthernet1/1
O    192.168.10.0/24 [110/2] via 192.168.20.1, 00:10:38, FastEthernet1/0
O IA 192.168.40.0/24 [110/2] via 192.168.30.1, 00:10:38, FastEthernet1/1
C    192.168.20.0/24 is directly connected, FastEthernet1/0
O IA 192.168.50.0/24 [110/3] via 192.168.30.1, 00:10:38, FastEthernet1/1
R-2#

********************************************************************************
RT-3
********************************************************************************
RT-3#show run
Building configuration…
!
hostname RT-3
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-2 ***
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
description *** RO RT-4 ***
ip address 192.168.40.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
area 1 virtual-link 2.2.2.2
network 3.3.3.3 0.0.0.0 area 1
network 192.168.30.0 0.0.0.255 area 1
network 192.168.40.0 0.0.0.255 area 2
!
end

RT-3#
RT-3#
RT-3#

RT-3#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 3.3.3.3
It is an area border router
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
3.3.3.3 0.0.0.0 area 1
192.168.30.0 0.0.0.255 area 1
192.168.40.0 0.0.0.255 area 2
Routing Information Sources:
Gateway         Distance      Last Update
2.2.2.2              110      00:11:24
4.4.4.4              110      00:11:44
192.168.20.1         110      00:11:24
Distance: (default is 110)

RT-3#
RT-3#

RT-3#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/3] via 192.168.30.2, 00:11:28, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 192.168.30.2, 00:11:28, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback1
C    192.168.30.0/24 is directly connected, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/2] via 192.168.40.2, 00:11:48, FastEthernet1/1
O    192.168.10.0/24 [110/3] via 192.168.30.2, 00:11:28, FastEthernet1/0
C    192.168.40.0/24 is directly connected, FastEthernet1/1
O    192.168.20.0/24 [110/2] via 192.168.30.2, 00:11:28, FastEthernet1/0
O    192.168.50.0/24 [110/2] via 192.168.40.2, 00:11:48, FastEthernet1/1
RT-3#
RT-3#
RT-3#

********************************************************************************
RT-4
********************************************************************************
RT-4#show run
Building configuration…
!
hostname RT-4
!
interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet1/0
description *** TO RT-3 ***
ip address 192.168.40.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.50.1 255.255.255.0
duplex auto
speed auto
no keepalive
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 2
network 192.168.40.0 0.0.0.255 area 2
network 192.168.50.0 0.0.0.255 area 2
!
end

RT-4#
RT-4#
RT-4#

RT-4#show ip protocols
Routing Protocol is “ospf 1”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 4.4.4.4
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
4.4.4.4 0.0.0.0 area 2
192.168.40.0 0.0.0.255 area 2
192.168.50.0 0.0.0.255 area 2
Routing Information Sources:
Gateway         Distance      Last Update
3.3.3.3              110      00:12:02
Distance: (default is 110)

RT-4#
RT-4#

RT-4#show ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/4] via 192.168.40.1, 00:12:10, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O IA    2.2.2.2 [110/3] via 192.168.40.1, 00:12:10, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/2] via 192.168.40.1, 00:12:30, FastEthernet1/0
O IA 192.168.30.0/24 [110/2] via 192.168.40.1, 00:12:30, FastEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback4
O IA 192.168.10.0/24 [110/4] via 192.168.40.1, 00:12:10, FastEthernet1/0
C    192.168.40.0/24 is directly connected, FastEthernet1/0
O IA 192.168.20.0/24 [110/3] via 192.168.40.1, 00:12:10, FastEthernet1/0
C    192.168.50.0/24 is directly connected, FastEthernet1/1
RT-4#
RT-4#

********************************************************************************
********************************************************************************

RT-4#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/DR         00:00:36    192.168.40.1    FastEthernet1/0
RT-4#

RT-4#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/DR         00:00:36    192.168.40.1    FastEthernet1/0
RT-4#

RT-3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† 0¬†¬† FULL/¬† –¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† –¬†¬†¬†¬†¬†¬†¬† 192.168.30.2¬†¬†¬† OSPF_VL0
2.2.2.2           1   FULL/BDR        00:00:34    192.168.30.2    FastEthernet1/0
4.4.4.4           1   FULL/BDR        00:00:37    192.168.40.2    FastEthernet1/1
RT-3#

R-2#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.20.1      1   FULL/DR         00:00:34    192.168.20.1    FastEthernet1/0
3.3.3.3¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† 0¬†¬† FULL/¬† –¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† –¬†¬†¬†¬†¬†¬†¬† 192.168.30.1¬†¬†¬† OSPF_VL0
3.3.3.3           1   FULL/DR         00:00:31    192.168.30.1    FastEthernet1/1
R-2#

R-1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/BDR        00:00:37    192.168.20.2    FastEthernet1/0
R-1#

Installing VPN Client di Ubuntu

•March 20, 2009 • Leave a Comment

Installing VPN Client di Ubuntu

Banyak cara untuk melakukan koneksi ke Cisco VPN Server. Standartnya kita menggunakan Cisco VPN Client. tapi pada linux kita juga dapat melakukan vpn dengan menginstall vpn client untuk dapat terhubung ke Cisco VPN Server.

root@Gaban:/home/fery# apt-get install vpnc
root@Gaban:/home/fery# cd /etc/vpnc/
root@Gaban:/etc/vpnc# cp example.conf cs-vpn.conf
root@Gaban:/etc/vpnc# pico cs-vpn.conf

IPSec gateway (disini IP addess vpn server)
IPSec ID (yang ini group name VPN server)
IPSec secret (yang ini passwod dari group tersebut)
#Xauth username myUserName  << dimatikan juga boleh

perintah untuk mengaktifkan VPN Client
root@Gaban:/etc/vpnc# vpnc cs-vpn
Enter username for 202.47.77.246: fery    << masukkan username
Enter password for fery@202.47.77.246:   << masukkan password
VPNC started in background (pid: 7118)…¬† << vpn sudah terbentuk
root@Gaban:/etc/vpnc#

cek dengan melakukan ping ke LAN dari Router VPN Server
root@Gaban:/etc/vpnc# ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.
64 bytes from 192.168.100.2: icmp_seq=1 ttl=254 time=9.73 ms
64 bytes from 192.168.100.2: icmp_seq=2 ttl=254 time=22.7 ms
64 bytes from 192.168.100.2: icmp_seq=3 ttl=254 time=13.4 ms
64 bytes from 192.168.100.2: icmp_seq=4 ttl=254 time=11.9 ms

— 192.168.100.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 9.737/14.485/22.778/4.971 ms
root@Gaban:/etc/vpnc#

cek telnet kesalah satu Router dibelakang Router dibelakang VPN Server
root@Gaban:/etc/vpnc# telnet 192.168.100.2
Trying 192.168.100.2…
Connected to 192.168.100.2.
Escape character is ‘^]’.

User Access Verification

Username: fery
Password:

Jakarta>

Cara Matikan Koneksi VPN
root@Gaban:/etc/vpnc# vpnc-disconnect
Terminating vpnc daemon (pid: 7118)
root@Gaban:/etc/vpnc#

 
Follow

Get every new post delivered to your Inbox.