ntp
NTP
R1(config)#clock timezone UTC +7
R1(config)#do clock set 11:17:00 March 26 2015
R1(config)#ntp master
R2(config)#clock timezone UTC +7
R2(config)#do show clock
*07:04:03.547 UTC Fri Mar 1 2002
R2(config)#ntp server 10.0.0.1
R2(config)#end
R2#
R2#show ntp associations
address ref clock st when poll reach delay offset disp
*~10.0.0.1 127.127.7.1 8 22 64 377 32.6 -481.9 79.3
* master (synced), # master (unsynced), + selected, – candidate, ~ configured
R2#show ntp associations detail
10.0.0.1 configured, our_master, sane, valid, stratum 8
ref ID 127.127.7.1, time D8BE0763.21CDCC35 (11:19:47.132 UTC Thu Mar 26 2015)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 95.642
delay 32.58 msec, offset -481.9078 msec, dispersion 79.33
precision 2**18, version 3
org time D8BE079F.24EE1E78 (11:20:47.144 UTC Thu Mar 26 2015)
rcv time D8BE07A0.08A821A6 (11:20:48.033 UTC Thu Mar 26 2015)
xmt time D8BE079F.F93DF58B (11:20:47.973 UTC Thu Mar 26 2015)
filtdelay = 60.20 32.58 56.17 55.39 60.32 84.15 88.03 88.15
filtoffset = -859.45 -481.91 -461.94 -453.79 -452.02 -391.93 -225.92 -45.77
filterror = 0.03 1.01 1.02 1.04 1.05 1.07 1.08 1.10
R2#show ntp status
Clock is synchronized, stratum 9, reference is 10.0.0.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is D8BE07A0.08A821A6 (11:20:48.033 UTC Thu Mar 26 2015)
clock offset is -481.9078 msec, root delay is 32.58 msec
root dispersion is 561.28 msec, peer dispersion is 79.33 msec
R2#
Eigrp ipv4
Eigrp
==================================================================
R4(config)#int f0/0
R4(config-if)#ip add 10.44.0.4 255.255.255.0
R4(config-if)#no sh
R4(config-if)#exit
R4(config)#int e1/2
R4(config-if)#ip add 10.34.0.4 255.255.255.0
R4(config-if)#no sh
R4(config-if)#exi
R4(config)#router eigrp 777
R4(config-router)#network 4.0.0.0
R4(config-router)#network 10.0.0.0
R4(config-router)#do show ip eigrp interface
EIGRP-IPv4 Interfaces for AS(777)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Lo0 0 0/0 0/0 0 0/0 0 0
Fa0/0 0 0/0 0/0 0 0/0 0 0
Et1/2 0 0/0 0/0 0 0/0 0 0
R4(config-router)#do show ip protocol
*** IP Routing is NSF aware ***
Routing Protocol is “eigrp 777” <================================================
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP-IPv4 Protocol for AS(777)
Metric weight K1=1, K2=0, K3=1, K4=0, K5=0
NSF-aware route hold timer is 240
Router-ID: 4.4.4.4
Topology : 0 (base)
Active Timer: 3 min
Distance: internal 90 external 170
Maximum path: 4
Maximum hopcount 100
Maximum metric variance 1
Automatic Summarization: disabled <=========== otomatis disable by Default kalau pake IOS yang 15.x version
Maximum path: 4
Routing for Networks:
4.0.0.0
10.0.0.0
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
R4(config-router)#no auto-summary
R4(config-router)#end
=====================================================================================
R3 :
R3#conf t
R3(config)#int e1/2
R3(config-if)#ip add 10.34.0.3 255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#int e1/1
R3(config-if)#ip add 10.23.0.3 255.255.255.0
R3(config-if)#no sh
R3(config-if)#exit
R3(config)#router eigrp 777
R3(config-router)#network 10.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#
*Feb 8 11:13:18.411: %DUAL-5-NBRCHANGE: EIGRP-IPv4 777: Neighbor 10.34.0.4 (Ethernet1/2) is up: new adjacency
R3(config-router)#exit
R3(config-if)#do show ip rout
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/409600] via 10.34.0.4, 00:03:09, Ethernet1/2
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
D 10.11.0.0/24 [90/309760] via 10.23.0.2, 00:00:22, Ethernet1/1
D 10.12.0.0/24 [90/307200] via 10.23.0.2, 00:00:22, Ethernet1/1
C 10.23.0.0/24 is directly connected, Ethernet1/1
L 10.23.0.3/32 is directly connected, Ethernet1/1
C 10.34.0.0/24 is directly connected, Ethernet1/2
L 10.34.0.3/32 is directly connected, Ethernet1/2
D 10.44.0.0/24 [90/284160] via 10.34.0.4, 00:03:09, Ethernet1/2
R3(config-if)#do show ip eirgp nei
^
% Invalid input detected at ‘^’ marker.
R3(config-if)#do show ip ei nei
EIGRP-IPv4 Neighbors for AS(777)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.23.0.2 Et1/1 12 00:01:28 108 648 0 7
0 10.34.0.4 Et1/2 12 00:04:14 1081 5000 0 4
R3(config-if)#
========================================================================
R2#conf t
R2(config)#int e1/1
R2(config-if)#ip add 10.23.0.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#int e1/0
R2(config-if)#ip add 10.12.0.2 255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit
R2(config)#router eigrp 777
R2(config-router)#network 10.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#exit
=====================================================================
R1#conf t
R1(config)#int f0/0
R1(config-if)#ip add 10.11.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#int e1/0
R1(config-if)#ip add 10.12.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#router eigrp 777
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#router eigrp 777
R1(config-router)#network 1.0.0.0
R1(config-router)#exit
R1(config)#^Z
R1#ping 4.4.4.4 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/142/192 ms
ipv4 DHCP
IP DHCP
R2(config)#ip dhcp pool OUR-Pool
R2(dhcp-config)#network 10.0.0.0 255.255.255.0
R2(dhcp-config)#default-router 10.0.0.2
R2(dhcp-config)#dns-server 8.8.8.8
R2(dhcp-config)#lease 2
R2(dhcp-config)#exit
R2(config)#ip dhcp excluded-address 10.0.0.1 10.0.0.24
R2(config)#end
R2#show ip dhcp pool
Pool OUR-Pool :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 0
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
10.0.0.1 10.0.0.1 – 10.0.0.254 0
==============================================================================================
R1(config)#int f0/0
R1(config-if)#ip address dhcp
R1(config-if)#end
R1#
*Mar 1 00:07:16.691: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Mar 1 00:07:24.779: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.0.0.25, mask 255.255.255.0, hostname R1
R1#show dhcp server
DHCP server: ANY (255.255.255.255)
Leases: 1
Offers: 1 Requests: 1 Acks : 1 Naks: 0
Declines: 0 Releases: 0 Query: 0 Bad: 0
DNS0: 8.8.8.8, DNS1: 0.0.0.0
Subnet: 255.255.255.0
R1#show ip route | begin Gateway
Gateway of last resort is 10.0.0.2 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [254/0] via 10.0.0.2
====================================================================================================
R2#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.0.0.25 0063.6973.636f.2d63. Mar 03 2002 01:22 AM Automatic
3030.312e.3231.6238.
2e30.3030.302d.4661.
302f.30
PC :
PC1>
PC1> ip dhcp
DDORA IP 10.0.0.26/24 GW 10.0.0.2
PC1> ping 10.0.0.2
84 bytes from 10.0.0.2 icmp_seq=1 ttl=255 time=19.001 ms
84 bytes from 10.0.0.2 icmp_seq=2 ttl=255 time=29.002 ms
84 bytes from 10.0.0.2 icmp_seq=3 ttl=255 time=29.002 ms
84 bytes from 10.0.0.2 icmp_seq=4 ttl=255 time=29.002 ms
84 bytes from 10.0.0.2 icmp_seq=5 ttl=255 time=29.002 ms
DNS ipv4
DNS ipv4
==================================================================================
R2(config)#ip dns server
R2(config)#ip host server1.bubba.com 10.2.2.2
R2(config)#int loopback 6783
R2(config-if)#ip add 10.2.2.2 255.255.255.255
R2(config-if)#^Z
R2#ping server1.bubba.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2#
===============================================================
R1(config)#ip domain lookup
R1(config)#do ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/76/96 ms
R1(config)#ip name-server 10.0.0.2
R1(config)#ip route
R1(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.2
R1(config)#end
R1#
*Mar 1 00:15:12.887: %SYS-5-CONFIG_I: Configured from console by console
R1#debug ip udp
UDP packet debugging is on
R1#ping server1.bubba.com
Translating “server1.bubba.com”…domain server (10.0.0.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/68/120 ms
R1#
*Mar 1 00:18:18.059: UDP: Random local port generated 56090, network 1
*Mar 1 00:18:18.059: Reserved port 56090 in Transport Port Agent for UDP IP type 1
*Mar 1 00:18:18.063: UDP: sent src=10.0.0.1(56090), dst=10.0.0.2(53), length=43
*Mar 1 00:18:18.119: UDP: rcvd src=10.0.0.2(53), dst=10.0.0.1(56090), length=59
*Mar 1 00:18:18.123: Released port 56090 in Transport Port Agent for IP type 1
SSH ipv4
SSH ipv4
R2(config)#username admin privilege 15 secret cisco
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh
R2(config-line)#exit
R2(config)#ip domain-name kacanggoreng.com
R2(config)#do show run | include domain
no ip domain lookup
ip domain name kacanggoreng.com
======================================================
R1#ssh -l admin 10.0.0.2
Password:
=====================================================
R1#ssh -l admin 10.0.0.2
Password:
R2#show tcp bri
TCB Local Address Foreign Address (state)
67ACE3B4 10.0.0.2.22 10.0.0.1.16050 ESTAB
==============================================================
R2#show run
username admin privilege 15 secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
===============================================================
3 way handshake
Backup Configurasi File & IOS Image :
Backup Configurasi File & IOS Image :
SW2#sh flash
TFTPd32 & FTP Filezilla <– Software FTP
Cara konfigurasi file
dari run config ke ftp
#copy running-config tftp:
#Address or name of remote host []? 192.168.1.100 <— IP FTP Server
Destination filenae [sw2-config]? SW2.txt <– nama file yang di config dan di simpan di ftp server
=======================================================================================
Backup IOS image
SW2#sh version
sebelum Upgrade IOS kita harus backup
SW2#sh flash:?
SW2#copy flash:c3560-ipservicek9-mz.122.-55.SE5.bin tftp:
Addess or name of remote host []? 192.168.1.100
Destination filename [c3560-ipservicek9-mz.122.-55.SE5.bin]? <– Enter saja [Default]
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! <– proses backup berjalan
===============================================================
Upgrade IOS Image
dari FTP / TFTP server ke flash cisco device.
sh flash:
liat space flash
================================
Delete isi flash
SW2#delete flash:?
sw2#c3560-ipservicek9-mz.122.-55.SE5.bin
Delete filename [c3560-ipservicek9-mz.122.-55.SE5.bin] ?
delete flash:c3560-ipservicek9-mz.122.-55.SE5.bin? [confirm]
SW2#sh flash:/
liat saja sudah terhapus apa blm
==================================
waktunya untuk upgrade karena space flash sudah cukup
Upgrade IOS Image
dari FTP / TFTP server ke flash cisco device.
SW2#copy ftp://cisco:cisco@192.168.1.100 flash:
source filename []? copy saja nama IOS image dari FTP server trus paste-kan disana
Destination filename [c3560-ipservicek9-mz.122.-55.SE7.bin]?
Accessing ftp://cisco:cisco@192.168.1.100/c3560-ipservicek9-mz.122.-55.SE7.bin…
Loading c3560-ipservicek9-mz.122.-55.SE7.bin!!!!!!!! <— Proses loading upgrade dari ftp ke flash
* Erase startup-config = supaya bersih tidak config apapun
untuk upgarde berjalan harus restart
SW2#reload
* IOS <— ios image ini memang harus di restart
ISSU = in-server software upgrade dimana kita upgrade itu traffic tetap jalan dmn kita tdk perlu reload
cisco cat6500 mempunya 2 prosesor ( supervisor engine ) yang mempunya redunancy
AXR 9000
CSR X
=======
RECOVERY Operation System IOS cisco
rommon 1 > tftpdnld
isikan parameter yang ada disana
tftpdnld
IP_ADDRESS: 192.168.1.1
IP_SUBNET_MASK: 255.255.255.0
DEFAULT_GATEWAY: 192.168.1.1
TFTP_SERVER: 192.168.1.100
TFTP_FILE: c1841-advipservicesk9-mz.124.15.T1.bin
rommon 10 ? tftpdnld
dir flash:
rommon 10 > boot
==== Recovery IOS ada 2
Tftpdnld <——-> Tftp ( IP )
xmodem <——-> Cable Console
Foundation : What is a Network ?
Foundation : What is a Network ?
apa itu network ??
– fungsi internetwork
– Chunks ( PDU ) yang membuat internetwork
– applikasi yang digunakan untuk network
– design simple network
– osi vs tcp/ip
=========================================
apa itu internet network
1. adalah sebuah platform untuk transfer sebuah data dari titik point A ke point B > Communication
2. digunakan untuk business to deliver information ex, Bank, SP Trading etc.
========================================
Network Component :
Medium = Perangkat
Router
Switch
Cable = UTP, STP, Fiber, Coaxial
PC
Server
NIC
==========================================
Aplikasi yang menggunakan Network
Web Browser = HTTP
Database Applikasi
Instant Messenger
E-mail
Online Games : CS online PB
========================================
Consideration for Network Aplikasi:
Speed
Delay = traffic-nya banyak
Avaibility= suatu network dimana component ada yang fail tetapi servicenya masih jalan
1. Redunancy
Link (backup)
scalability = adalah ukuran network untuk berkembang dan menjadi besar tanpa harus konfigurasi yang intens
( maksudnya contoh sudah ada switch poe – 2 thaun kedpn kita punya voip artinya tidak perlu ganti sw baru).
CSMA/CD = carrir send multipleport access / collusion detection = adalah policy aturan untuk pc saat mengirim data pada saat tertentu
hanya boleh saat tertentu.
==================================================
OSI vs TCP
* pada jaman dolo network tidak ada standart – dolo pake priopetery
dolo pake namanya EDI = electronic data interchange, adalah dolo kalau mau tukar informasi harus 1 brand
===========================
Application L7 = GUI
Presentation L6= Format Data
Session L5 = kalau login saya sebagian Admin, kamu di login sebagai guest itu kita berada di session berapa
Transport L4 = Multiplexing
Network L3 = logical addressing atau IP -address
Data-Link L2 = Physical addressing – mac address
Physical L1 = Biner > 101110 dari gelobang digital menjadi 1012, suatu layer yang bertanggu jawab terhadap mengubahan data
menjadi biner
===============================
L4 OSI – Transport Layer =
* Multiplexing
* Using Ports
* Established End to End Connectivity
Reliable -> TCP = contoh Download ( 3 way handshake )
Unrealiable -> UDP = Real time, Video steaming, Youtube, cisco webex
*L4 PDU = Segment
===================================
L3 OSI – Network Layer =
* Logical addressing
* Provide connectivity and pilihan jalur > ROuting
L3 PDU > Packet
=====================================
L2 OSI – Data Lin
* Physical Addressing
* Typically Has error detection > CRC
* L2 PDU -> Frame (chunk )
============================
L1 OSI – Physical
* Bertanggung jawab untuk meng-translate any medium (perangkat) signal menjadi binary
* Related to cabling
Coax, Twisted pair, UTP STP
Fiber
*L1 PDU > bits
Static vs Dynamic Routing
Routing Technology :
Static vs Dynamic Routing
=================================
Routing Protocol = adalah bahasa ngobrol antar router
Static vs Dynamic Routing Overview
Routing Protocol Classficafication
Distance Vector Routing
Routing Loop dan Prevention Mechanism
Link State Routing
=======================================
Perbedaan Static & Dynamic
Static – konfigurasi Router secara manual, dalam artian kita arahkan next hop kemana
– Large Network = banyak konfig
+ static route tidak mengkonsumsi bandwitdh (tdk butuh bandwitdh tambahan)
Dynamic – mekanisme dimana router sebenernya saling ngobrol antar router lain bahasa ngobrol disebut (Routing Protocol)
+ Good for Large Network Deployment
– di butuhkan Bandwitdh tambahan untuk komunikasi router ke router lain-nya.
====================================================
Routing Protocol Classification
1. IGP = interior gateway protocol adalah tidak bisa handle routing table yang sangat banyak (- 100 MB)
IGP = digunakan antar HQ – Branch
1. Distance Vector = adalah informasi routing hanya disampaikan sebelahan ( tetangga )
*RIPv1, RIPv2
*IGRP, Eigrp
2. Link-state
*OSPF & IS-IS
2. EGP = Exterior gateway protcol adalah Routing Protocol yang bisa di handle yang sangat besar (+ 100 MB ) contoh Internet
BGP -> BGP, BGP adalah Routing table yang di design untuk menangani Routing yang sangat besar
Service Provider memakai BGP
====================
Distance Vector Routing.
.ciri2 distance vector tidak perlu algoritma yang rumit dia hanya butuh informas dari router lain
1. Routing by rumor
2. Routing akan bergantung hanya pada Router sebelah ( Neighbor ) tetangga untuk Routing
3. dengan menggunakan Distance vector Router tidak mempunyai gambar Topology yang lengkap
4. cara deploy nya, memakai update, setiap Periodical L3 Routing information update 30 detik akan update
5. umum-nya hanya di gunakan atau baiknya digunakan untuk Small network Deployment
6. Prone atau cendrung pada L3 mempunya Routing Loops.
===========================================
Routing-Loop Prevention Mechanism.
1. Maximum Hop = di atas 15 router dia tidak bisa mengenali router lagi max 15
2. Split-Horizon = ( jgn sotoy ) adalah kalau terima update dari suatu interface misalnya network x dari port 1 maka saya tidak
boleh mengirimkan balik ke port 1 (blocking).
bila ttl=255 habis paket akan di drop.
3. Trigger Update= adalah ketika ada masalah atau ada yang putus, dia tidak menunggu giliran untuk update setiap router,
bila dia detect dia langsung kabarin, dengan menggunkan Trigger update dpt menghindar Routing – Loops.
4. Holdown Timers = adalah dimana Network ada yg putus, tidak langsung di hapus di routing table akan di tunggu sampai kembali
5. Route Poisoning
==============================================
Link state Routing adalah
1. suatu algorimat di IGP atau bahasa ngobrol dimana setiap router akan memiliki gambar penuh dengan
topology -nya
– kekurangannya membutuhkan Resources-nya yang sangat besar karena mempunyai seluruh network & topology
2. sangat cocok untuk network yang skalanya besar.
link state routing akan kalkulasi ulang bila terjadi putus
karena ketika network lengkap akan terhindar dari Routing – loops
RIP Routing
Routing Technology :
RIP Routing.
Routing Technology : RIP Routing
– Rip Overview
– RIPv1 vs RIPv2 Comparison
– How RIP Works?
– Routing Protocol Convergence
– RIP Convergence
– RIP Advantage / Disadvantege
– Rip Routing Configuration & Verification.
===========================================
Static Protocol = – config manual
+ tidak makan Bandwitdh
Dynamic Protocol = sesama router akan ngobrol untuk memberi informasi network yg dimiliki masing2 Router.
===========================================
RIP Overview
– Routing Information Protocol.
– Open Standart based on IGP.
* RFC-nya 2453 “RIPv2”
– Category Distance Vector Protocol.
– Rip ngobrolnya pake UDP untuk L4 Transport
* UDP Port 520 untuk multicast Destination 224.0.0.9
* catatan : perhatikan firewall agar udp port 520 terbuka, kalau nggk, nggk bisa ngobrol
======================
RIPv1 vs RIPv2
RIPv1
* Classfull (maksudnya dia harus sama semua Subnetnya, maka semua network di dalam tolopogy harus 1 subnet)
* Contoh : 192.168.1.0/27 maka semua network dalam topology harus /27
* ketika update menyetarkan Subnetmask : > 192.168.1.0/27
* Menggunakan Broadcast untuk Updates
RIPv2
* Classless ( ketika update akan menyertakan subnet-masknya )
Contoh : 192.168.1.0 <– contoh update tanpa subnetmask
* Support VLSM
* Menggunakan Multicast Updates
* Triggered Update (tidak nunggu giliran untuk update data kalau terjadi putus)
* Authentication
============================================
RIPv1 = > proses update, maka akan dikirim pakai Broadcast S-MAC -> D-MAC (Broadcast) tidak efektif
RIPv2 = > data dikirim pakai multicast (lebih spesifik)
=================
Cara kerja RIP?, sama dengan protocol Distace Vector
Ripv2 cara kerja lebih cepat convegence-nya karena kalau ada yang putus dia punya
trigger update (tdk nunggu giliran update)
==========
c : directly connected = lebih baik
R : read
=======================================================================================================
ketika sudah convegence dimana semua Router memiliki routing table masing2 router
(R1)f0/1————12.0/24———–f0/2-(R2)-f0/3——-23.0/24———–f0/3(R3)
| | |
f0/0| |f0/0 |f0/0
| | |
| | |
| | |
| | |
| | |
| | |
10.0/24 20.0/24 30.0/24
========================================================================================================
cara kerja rip routing
R1 R2 R3
c: 192.168.10.0/24 f0/0 c : 12.0/24 f0/2 c : 30.0/24 f0/0
c: 192.168.12.0/24 f0/0 c : 20.0/24 f0/0 c : 23.0/24 f0/3
R: 192.168.20.0/24 [120/1] R2, f0/1 c : 23.0/24 f0/3 R : 10.0/24 [120/2]R2, f0/3
R: 192.168.23.0/24 [120/1] R2, f0/1 R : 10.0/24 [120/1] 192.168.12.1 f0/2 R : 20.0/24 [120/1]R2, f0/3
R: 192.168.30.0/24 [120/2] R2, f0/1 R : 30.0/24 [120/1] 192.168.23.3 f0/3 R : 12.0/24 [120/1]R2. f0/3
*update akan selalu dilakukan secara periodik setiap 30 detik, yang di upate adalah seluruh
routing table itulah adalah karakterisitik distance vector.
*Routing by Rumor adalah dimana R1 sangat bergantung pada router sebelahnya R2 untuk mendapatkan informasi2 yang didapat selain R2
R1 percaya aja apa yang info2 dikasih dengan R2, karena dia nggk ada jaminan kalau informasi yang diberikan R2 itu adalah akurat
===================================================
pemilihan jalur RIP itu bedasarkan Lowest Hop-count jalur terpendek
setiap router menghitung 1 one hop.
====================
Router Protocol Convergence
seberapa cepat dia bisa melalkukan kalkulasi network kalau ada yang putus
Convergence = Proses router untuk setuju untuk menentukan jalur terbaik untuk ke destination
Reconvergence proses router untuk setuju untuk menentukan jalur BARU terbaik setelah / bila network putus
contoh : kabel Putus, Router software hang /crash
slow/Long Convergence = maka terjadi adalah permasalahn yang muncun lama
fast/short Convrgence = bila ada masalah munculnya lebih cepat
=============
Rip convergence
RIp convergence based pada 4 waktu
update timer = 30 detik
Invalid timer = 60 detik
Holddown timer = 60 deitk
flush timer = waktu penalty 90 detik
=========
Rip advantage & Disadvantage
Advantage
* Vendor Independent = kita nggk perlu 1 merek
* Implemented on nearly every IP Router
* Simple to configure
Dis
* limit hanya 15 router
* converge very slow
=================
ROuting Protocol Concept 2
27 – ROuting Protocol Concept
===============================
RIP
– Ford Pinto
– it’s not gonna be fast or smooth or quick but work well from point a to point b no care the car looks like
– A default Advertise 30 sec <–Hello time (advertimese timer )
– 90 sec sebelum router menentukan sebelahnya mati, (hold) memberikan waktu to recovery but COST
– metric = is how to routing protocol to figure out the best to REACH destination
(HOP Count) next Router
don’t care the BANDWitdh IT’s CRAZY
Support everywhere
cisco think RIP is terrible Protocol, we can do better
==================================================================================
Improve RIP with IGRP
IGRP improve metric, hop, delay and speed
Hello 90 sec
Delay 270
IGRP is DEAD
=================================================================================
OSPF most Popular protocol in the world
Corvete
– Default Hello Timer 10 sec
– beauty of ospf
– metric = COST = BANDWITDH
====================================================================================
IS – IS
compatator to OSPF
TCP/R
OSI BETA
is – is was routing protocol OSI better than OSPF (because politik and mafia)
=============================================================================
EIGRP
A Ferrari
CISCO to CISCO ( Priopetary )
Good Speed
Really easy to configure
equal load balancing
GREAT Metric = BW + Delay + Realible + Load + MTU ( K-formula)
Routing Technology :
EIGRP
Eigrp Overview
Eigrp = Enhanced Interior Gateway Routing Protocol
* Sussessor dari IGRP
* CIsco Proprietary “Hybrid” Protocol Hybrid = gabungan dari DV & LS
* Both DV & Link state behaviour
* Really “Advance Distance vector”
Classless Protocol
* Membawa Subnet mask dan Support VLSM and Summarization
knp harus menggunakan EIGRP ?? kalau kita meng-design network
Eigrp memilih bedasarkan jalur ?
Eigrp = BW = bandwitdh terbesar
Delay = by defalut Router 100ms
Load
Reliability
Fast Convergence:
lebih cepat
Active Backup-Route = dimana kalau ada link putus jalur akan di belokan tanpa harus re-kalkulasi ulang
Eigrp = mengunakan multicast dengan menggunakan 224.0.0.10
====================================================================================================
BGP = Border Gateway Protocol
Router protocol for INTERNET dimana banyak Handle thousand router
BGP = > ISP / Enterprise
=====================================================================================================
dapatkan router menjalankan multiple routing protocol pada saat bersamaan ? YES
Administrive Distance adalah above the matric how believable is run protocol
LOWER NUMBER (Administatviv Distance ) is BETTER maksudnya bila ada multiple routing protocol,
semua kan cara penghitungannya berbeda2 dimana Eigrp menting dengan cost, bw+delay+mtu
dan rip menghitung dengan Hop count
jadi untuk menjalankanya dan mana yang di pilih adalah diliat dari Administattive distancenya
==============================
Eigrp – 90
OSPF – 110
IGRP – 100
BGP – 20
Static – 1
IS – IS – 115
================================
Static = cost = 0 is directly connected interface
Membuat Cisco Router Menjadi Sebagai Switch Frame Relay
Mungkin ada teman-teman sekalian yang belum mengetahui kalau Router Cisco dapat dikonfigurasi agar berfungsi sebagai Switch Frame Relay khusus yang bertindak sebagai DCE. Pada Router Cisco yang dikonfigurasi sebagai Switch Frame Relay, frame dari Frame Relay PVC masuk pada sebuah interface incoming dan di-Switch-kan/switching ke interface outgoing dari Switch Frame Relay PVC. Selama proses ini, DLCI yang dimasukkan ke dalam frame akan diteruskan dan digantikan oleh DLCI keluaran.
Proses pen-swithcingan Frame Relay dilakukan sepenuhnya di Layer 2, Jalur/koneksi yang terbentuk yang akan dilalui oleh paket frame diaktifkan berdasarkan Tabel Rute Frame Relay rute yang dibangun (hampir sama halnya dengan Routing Tabel). Disini saya menggunakan contoh sederhana yang digambarkan pada Gambar 1, dimana 3 router terhubung ke Router (RO_FR) yang berfungsi sebagai Switch Frame Relay. Pada percobaan ini saya menggunakan GNS3 0.8.1 VirtualBox Edition untuk melakukan simulasi dengan detail sebagai berikut ini :
- 1 unit EtherSwitch Router ((RO_FR), (IOS nya menggunakan IOS Cisco Router C3745-ADVENTERPRISEK9-M), Version 12.4(25), yang akan kita fungsikan sebagai Frame Relay Switch.
- 3 unit Router C2691 (R1,R2 dan R3) (Cisco IOS Software, 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(25c)), yang berfungsi sebagai router di sisi pelanggan/user.
Gambar 1. Router Sebagai Switch Frame Relay
Disini saya akan menjelaskan cara mengkonfigurasi Router yang difungsikan sebagai Switch Frame Relay saja, untuk router yang disisi pelanggan/user tidak akan saya jelaskan disini.
Untuk mengkonfigurasi router Cisco sebagai switch Frame Relay, ikuti langkah-langkah konfigurasi yang tercantum di bawah ini:
Langkah 1
Aktifkan Frame Relay switching pada router menggunakan perintah frame-relay switching dalam mode konfigurasi global.
Contoh :
RO-FR(config)#frame-relay switching
Langkah 2
Masuk ke mode konfigurasi interface pada Interface Serial yang mau dijadikan sebagai Interface Switch Frame Relay. Konfigurasi Interface Serial tersebut sebagai DCE dengan memberi clockrate dan dilanjutkan dengan command frame-relay intf-type dce dan membuat encapsulasi frame relay.
Contoh :
RO-FR(config-if)#clockrate 64000 RO-FR(config-if)#frame-relay intf-type dce RO-FR(config-if)#encapsulation frame-relay
Langkah 3
Konfigurasi Frame Relay switching pada pada interface serial menggunakan command “frame-relay route” “nomor dlci sumber yang terhubung ke router pelanggan” “Interface Serial yang terhubung ke pelanggan” “nomor dlci tujuan yang terhubung ke router pelanggan“.
Contoh :
RO-FR(config-if)#frame-relay route 102 interface serial 0/1 201 RO-FR(config-if)#frame-relay route 103 interface serial 0/2 301
Perhatikan dan ingat bahwa switch frame Relay hanya dapat dikonfigurasi pada interface fisik serial.
Untuk List Configurasinya secara lengakap dapat kita lihat sebagai berikut :
Konfigurasi Pada Interface Serial 0/0 :
RO-FR(config)#frame-relay switching
RO-FR(config)#interface s 0/0
RO-FR(config-if)#clockrate 64000
RO-FR(config-if)#encapsulation frame-relay
RO-FR(config-if)#frame-relay intf-type dce
RO-FR(config-if)#frame-relay route 102 interface serial 0/1 201
RO-FR(config-if)#frame-relay route 103 interface serial 0/2 301
RO-FR(config-if)#no shutdown
Konfigurasi Pada Interface Serial 0/1 :
RO-FR(config-if)#interface serial 0/1
RO-FR(config-if)#clockrate 64000
RO-FR(config-if)#encapsulation frame-relay
RO-FR(config-if)#frame-relay intf-type dce
RO-FR(config-if)#frame-relay route 201 interface serial 0/0 102
RO-FR(config-if)#frame-relay route 203 interface serial 0/2 302
RO-FR(config-if)#no shutdown
Konfigurasi Pada Interface Serial 0/2 :
RO-FR(config-if)#interface serial 0/2
RO-FR(config-if)#clockrate 64000
RO-FR(config-if)#encapsulation frame-relay
RO-FR(config-if)#frame-relay intf-type dce
RO-FR(config-if)#frame-relay route 301 interface serial 0/0 103
RO-FR(config-if)#frame-relay route 302 interface serial 0/1 203
RO-FR(config-if)#no shutdown
Selanjutnya kita lakukan verifikasi hasil konfigurasi kita dengan cara sebagai berikut :
RO-FR#show frame-relay route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial0/0 102 Serial0/1 201 active
Serial0/0 103 Serial0/2 301 active
Serial0/1 201 Serial0/0 102 active
Serial0/1 203 Serial0/2 302 active
Serial0/2 301 Serial0/0 103 active
Serial0/2 302 Serial0/1 203 active
Demikianlah sekilas penjelasan dari saya, semoga bermanfaat bagi kita semua, jika ada yang kurang mengerti dengan penjelasan diatas, silahkan ditanya dan kami akan berusaha menjawabnya dengan semampunya.
source http://teknonesia.com/2011/12/membuat-cisco-router-menjadi-sebagai-switch-frame-relay/
31 – Routing Configuring and Applying Extended Access control list :
================================================================================
#Permit / Deny [ PORT ] [SOURCE] [Destionation]#
R1(config)#access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.128 0.0.0.127
R1(config)#access-list 100 permit ip any any
================================================================================
ICMP, TCP, UDP, IP
IP is EVERYTHING all protocol
=================================================================================
CONFIG
R1(config)#access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.128 0.0.0.127
R1(config)#access-list 100 permit ip any any
R1(config)#do show ip access-list
#acesssl-list 100 permit ip any (source) any (destination)#
=======================================
APPLY
R1(config)#int f0/0
R1(config-if)#ip access-group 100 in
R1(config)#show ip access-list
=============
Best Practice
=============
R1(config)#ip access-list extended 100
R1(config)#?
R1(config-ext-nacl)#11 deny tcp 192.168.1.50 0.0.0.0 192.168.2.50 0.0.0.0 eq 80
R1(config-ext-nacl)#12 deny tcp 192.168.1.50 0.0.0.0 192.168.2.50 0.0.0.0 eq 443
R1(config)#show ip access-list
========================================
PROTOCOL | source | destination
tcp 192.168.1.50 0.0.0.0 192.168.2.50 0.0.0.0
========================================
tcp =
21 – ftp
22 – ssh
23 – telnet
25 – smtp
53 – dns server
80 – http
110 – pop3 (email cliet)
143 – imap4 (email cliet)
443 – https
UDP =
53 – dns client
69 – tftp
icmp – echo
echo-reply (echo + echo reply = PING)
IP = all ip
================================================================
CONFIG
R2(config)#ip access-list extended R3_TELNET_SSH
R2(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.127 host 10.1.1.1 eq 22
R2(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.127 host 10.1.1.1 eq 23
cara lain
R2(config-ext-nacl)#permit tcp 192.168.2.0 0.0.0.127 host 10.1.1.1 range 22 23
R1(config)#show ip access-list
R2(config-ext-nacl)#DENY ip 192.168.2.0 0.0.0.127 host 10.1.1.1
R2(config-ext-nacl)#do sh ip access
R2(config-ext-nacl)#permit ip any any
R2(config-ext-nacl)#do sh ip access
========================================
APPLY
R2(config)#int f0/0
R2(config-if)#ip access-group R3_TELNET_SSH in
==============================
R1#show run | section interface
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
duplex auto
speed auto
interface Serial0/0
ip address 10.1.1.6 255.255.255.252
clock rate 2000000
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
R1#show run | section interface
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
duplex auto
speed auto
interface Serial0/0
ip address 10.1.1.6 255.255.255.252
clock rate 2000000
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
R1(config-if)#no ip access-group 100 in
R1(config)#ip access-list extended NO_WAN_FOR_YOU
R1(config-ext-nacl)#deny ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco’s EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco’s GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol
R1(config-ext-nacl)#deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.3
R1(config-ext-nacl)#deny ip 192.168.1.0 0.0.0.255 10.1.1.4 0.0.0.3
R1(config-ext-nacl)#do sh ip access
Extended IP access list 100
10 deny ip 192.168.1.0 0.0.0.255 192.168.2.128 0.0.0.127 (519 matches)
11 deny tcp host 192.168.1.50 host 192.168.2.50 eq www
12 deny tcp host 192.168.1.50 host 192.168.2.50 eq 443
20 permit ip any any (5 matches)
Extended IP access list NO_WAN_FOR_YOU
10 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.3
20 deny ip 192.168.1.0 0.0.0.255 10.1.1.4 0.0.0.3
R1(config-ext-nacl)#
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#do sh ip access
Extended IP access list 100
10 deny ip 192.168.1.0 0.0.0.255 192.168.2.128 0.0.0.127 (519 matches)
11 deny tcp host 192.168.1.50 host 192.168.2.50 eq www
12 deny tcp host 192.168.1.50 host 192.168.2.50 eq 443
20 permit ip any any (5 matches)
Extended IP access list NO_WAN_FOR_YOU
10 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.3
20 deny ip 192.168.1.0 0.0.0.255 10.1.1.4 0.0.0.3
30 permit ip any any
==
R1(config)#int f0/0
R1(config-if)#ip access-group NO_WAN_FOR_YOU in
Switching Understanding VLANs and Trunks
Switching
Understanding VLANs and Trunks :
=====================================
* Multiple Collision Domains
* One Broadcast Domain
* One IP NETWORK (subnet)
* One Failure Domain
* Limited Security
======================================
VLAN Foundation :
Logically Group Users
Segment Broadcast Domain
Subnet Correlation
Access Control
QoS
======================================
Trunks ( cisco ) = do carries all vlan
other vendor ( Tagged ) = do carries all vlan
[PING][VLAN][MAC]
=====================================
Switching – Managing Port Security
Switching – Managing Port Security
=============================
Trunks = are not valid for port security
Trunks = allow information vlan
Access Port = adalah normal port dimana stuff seperti pc, printer, server
Access artinya 1 vlan yang expected that 1 device will be attached
mode dynamic = i will change between access port or trunk port depending what pluggin in
untuk enable membuat jadi port-security kita harus make sure to setup a ACCESS port
sticky port = adalah allows you to take what is currently mac-address then make it them permanently on mac-address switch
=====
default command = if i turn on port security by default it’s only allow 1 mac address, by default the violation mode is shutdown
default command don’t showing up on run config
=======================================================
switchport mode access
switchport port-security ?
switchport port-security maximum 1 <– mengizinkan 1 mac address yang telah tercolok pd saat itu
CBTSwitch(config)#int e0/1
CBTSwitch(config-if)#switchport mode access
CBTSwitch(config-if)#switchport port-security maximum 1
CBTSwitch(config-if)#switchport port-security violation shutdown (violation) adalah apa yg akan di lakukan bila dia liat lebih dari maximum 1 (policy)
CBTSwitch(config-if)#switchport port-security mac-address
CBTSwitch(config-if)#switchport port-security mac-address sticky
CBTSwitch(config-if)#switchport port-security mac-address 8bb8.123A.234A <- contoh
=======================
show mac address-table
======================= untuk melihat semua data mac address didalam switch
CBTSwitch(config-if)#do sh run int e0/1
CBTSwitch(config-if)#switchport port-security (enter) sekarang kita enable to learning mac address
CBTSwitch(config-if)#do sh run int e0/1
===============================================================================
cacatan bila kita bikin sticky saat itu berjalan di running-config oleh karea itu kita harus save
CBTSwitch#copy run start
===========================================================================
cara verifikasi
CBTSwitch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Et0/1 1 1 0 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096
============================================================================
CBTSwitch#show port-security address
Secure Mac Address Table
—————————————————————————–
Vlan Mac Address Type Ports Remaining Age
(mins)
—- ———– —- —– ————-
1 0050.7966.6801 SecureSticky Et0/1 –
—————————————————————————–
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096
=============================================================================
CBTSwitch#show port-security interface ethernet 0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0050.7966.6801:1
Security Violation Count : 0
=============================================================================
shutdown = untuk clear <err-disable> dimana sebelumnya telah tercolok yang bukan mac-address sebelumnya
dan menyalakan kembali port security
OSPF Concept Review & Neigh communication
OSPF Concept Review & Neigh communication
ABR = Area Border Router =adalah istilah diamna R1 yang terhubung ke router /area lainnya
ABR melakukan 2 hal :
1. Route Summarization = making routing table small
allows to take all bunches of network and kecil advertisement
2. fault containent = jika ada router yang mati di lanjutkan ke area 0 intface lainnya
untuk memisahkan kalau ada router di area 1 atau x disitu
hal itu sangat bagus, karena kalau ada router yg mati diarea salah satu, tida
tidak di adevertise ke area lainnya.
Autonomouse System Boundary Router (ASBR) ospf = adalah menghubungkan network ke luar dari area ospf
contoh : eigrp, RIP, Internet
2.ABR & ASBR = hanya router berdua yang bisa summarize
beberapa rules akan rusak akan bengkok = metric
router-id sangat penting sekali, karena kalau ada area yang mau join tp ngk ke area 0, jadi
nyambung ke area 2 atau x mereka bisa pake VPN tunnel atau VL, jadi R3 ke R2 supaya bisa dibaca
abr-nya di area0 kalau R3 tidak pke router-id berarti pake highest Ip yang tebesar,
lalu bila ada kejadiaan router3 di tambah IP yang lebih tinggi dari sebelumnya makan (R1 area 0)
coba manggil HELLO tp ip-nya tidak sesuai maka akan di putus VPN tunnellnya.
UNDERSTAND OSPF nei Relationship
1. tentukan ROuter-ID
1. router Id adalah nama /identitas
2. IP yg terbesar akan jadi router-id kalau tidak ada router-id
loopback ( logical) beat physical interface kalau ip address physical mai
loopback lebih stabil karena ngk mati
2. tambah interface ke link-state database
(dedicated by network command)
3. Send hello message on chosen inteface
1. setiap 10 sec on Broadcast/ p -2-p network
2. setiap 30 sec on NMBA = non border multi area network
SETIAP NGIRIM HELLO PAKET ini yang dibawa : (best troubelshoot)
1. Router ID
2. Hello and DEAD TIMERS*
3. Network MASK*
4. AREA ID*
5. Neigbors
6. Router Priority
7. DR/BDR ip address (DR inti cuma FULL NEIBORELATHINSHIP) BDR backup. kalau ada yang putus
pasti akan di kirim ke DR, dari DR akan di advertise ke laiinya
8. Authentication Password*
ynag tanda * adalah dimana nanti membuat kecocokan di ospf tetangga.
4. RECEIVE HELLO
1. cek hello / dead interval
2. cek netmask
3. cek area id
4. cek authentication
5. SEND REPLY HELLO.
apakah saya ada didalam list tetangga di dalam paket HELLO ?
1. jika ya, reset dead timer
2. jika tidak, add as new neihgboor.
6. MASTER – slave relationship determined
1.ditentukan dengan “PRIOPITY” router-id break t
2. master kirim DATABASE DESCRIPTION (DBD) paket
isi DBD = cliff notes of link-STATE DATABASE
3. Slave send it DBD paket.
7. DBD adalah ACKNOWLEDGE and REVIEWED
slave request detail ( LINK-STATE REQUEST – LSR)
MASTER send update ( link state UPDATE LSU)
MASTER request DETAIL ( LSR)
SLAVE sends UPDATE (LSU)
maksudnya adalaah diaman R1 atau R2 dalam List nei ada yang kurang network-nya
jadi tolong kirim lagi detail.
* saling kirim balik supaya detailnya lengkap
istilahnya gw nggk punya nih network ini, tolo kirimin lagi
begitupun sebalikanya
8. NEIGHBORS are SYNCHRONIZED
**** FULL STATE ***
CARA TROUBLESHOOTing OSPF
1 DOWN STATE = nothing is working
INIT = inizilating (rebbot) dimana dia nerima pesan, lalu cari yang compatble jika iya dia akan
lakukan ini
2. 2 way = not move on dimana ada 2 interface yang 1 ke DR central, yng 1 lagi blm compatible
jadi pada 2 way yang artinya not move on
jila milih move on
3. EXstart
Echange
Loading
update
request
update
request
==========
waktunya untuk ke DijKSTRA SPF Algorithem
kenapa harus DEBUG, karena pasti ada yang salah atau broken makanya harus di debug untuk melihat proses
What is Trunking ?
What is Trunking ?
what trunking does ? is tagged each packet that sent accross wire/link with special 4 BYTE TAG
| 3 bit | VLAN |
|Priority| |
\ /
\ /
\ /
| D | S | 4 |—————–| FCS |
|MAC|MAC| BYTE| EThernet Frame | |
|—|—| TAG |—————–|—–|
Priority = Class Of Services
Vlan = 1 – 4096
802.1Q = Standart of Industry
ISL = Made by Cisco
Native VLAN = Untagged / Management / not tagged
CDP, Telnet, SSH is consider Untagged (native vlan)
if trunk received data, that’s not have tag on it it will automaticaly part of NATIVE VLAN
==============================================================================================
IP Phone mengerti trunk / tagged ( 802.1Q )
komputer nggak ngerti vlan atau tagged
pastikan native vlan harus sama kalau di configure antara 2 device tersebut kalau tidak bakal native vlan mismatch
=================================================================================================
VTP
VLAN Trunking Protocol
VLAN Pruning
Routing Protocol Concept
27 – ROuting Protocol Concept
===============================
RIP
– Ford Pinto
– it’s not gonna be fast or smooth or quick but work well from point a to point b no care the car looks like
– A default Advertise 30 sec <–Hello time (advertimese timer )
– 90 sec sebelum router menentukan sebelahnya mati, (hold) memberikan waktu to recovery but COST
– metric = is how to routing protocol to figure out the best to REACH destination
(HOP Count) next Router
don’t care the BANDWitdh IT’s CRAZY
Support everywhere
cisco think RIP is terrible Protocol, we can do better
=====================================
Improve RIP with IGRP
IGRP improve metric, hop, delay and speed
Hello 90 sec
Delay 270
IGRP is DEAD
=====================================
OSPF most Popular protocol in the world
Corvete
– Default Hello Timer 10 sec
– beauty of ospf
– metric = COST = BANDWITDH
==============================================================================
IS – IS
lawan dari to OSPF
TCP/R
OSI BETA
is – is was routing protocol OSI better thatn OSPF (because politik and mafia)
===================================================================================
EIGRP
A Ferrari
CISCO to CISCO ( Priopetary )
Good Speed
Really easy to configure
equal load balancing
GREAT Metric = BW + Delay + Realible + Load + MTU ( K-formula)
==============================================================
BGP = Border Gateway Protocol
Router protocol for INTERNET dimana banyak Handle thousand router
BGP = > ISP / Enterprise
==================
dapatkan router menjalankan multiple routing protocol pada saat bersamaan ? YES
Administrive Distance adalah above the matric how believable is run protocol
LOWER NUMBER (Administatviv Distance ) is BETTER maksudnya bila ada multiple routing protocol,
semua kan cara penghitungannya berbeda2 dimana Eigrp menting dengan cost, bw+delay+mtu
dan rip menghitung dengan Hop count
jadi untuk menjalankanya dan mana yang di pilih adalah diliat dari Administattive distancenya
==============================
Eigrp – 90
OSPF – 110
IGRP – 100
BGP – 20
Static – 1
IS – IS – 115
================================
Static = cost = 0 is directly connected interface
Cisco Foundation – How Application Speak – TCP – UDP
Cisco Foundation – How Application Speak – TCP – UDP
* UDP = “I hope it gets there”
* TCP = “I know it got there” 3 way handshake, ack
nslookup = adalah untuk utility to ask question of DNS
=======================================================================
ACKnowlegdemnet = to be make sure that every single packet that received
komputer ———–Sync————–>> http://www.cbtnuggets.com
syn = Hei, cbt nuggets, i would like to start discusstion with you, are ok with that ?
http://www.cbtnuggets.com
komputer : <———————syn, Ack——————————- Yes, i am ok with that
Sync, Ack
Sync= i got yours!
Ack= and this mine! ( http://www.cbtnuggets.com
komputer : ————————–Ack———————————-> http://www.cbtnuggets.com
TCP 3 way handshake = every single time your start a session that build that 3 way handshake
Cisco Switching – Day to Day
Switching :
Cisco Switching – Day to Day
======================================
Collusion = Slow speed
100Mpbs -> Hardcode (key device) = Server, Router, IP Suvelaince Camera (100Mpbs)
Hardcore = any key device it fit in 100Mbps arrow
1000gbite gunakan AUTO, biarkan Turn on AUTO karena akan menyelesaikan segala-nya
=================================================================================
cara membuat HARDCODE Speed
CBTSwitch#
CBTSwitch<config>#int fa0/16
CBTSwitch<config-if>#speed 100
CBTSwitch<config-if>#duplex full
dari device switch ke komputernya atau dari device ke device
===================================================================================
AUTO MDIX (medium dependent interface crossover)= bisa kabel apa aja straight atau cross ke end host / device lainnya
tetapi kalau mau jadiin Hardcore kita harus menggunakan kabel yang benar!
=======================================================================================================
if somebody says the NETWORK slow
cek troubleshoot
CBTSwtich#sh int f0/18
R1#show interfaces f0/0
FastEthernet0/0 is up, line protocol is up <================================= int up dan physical up
Hardware is i82543 (Livengood), address is ca01.218c.0008 (bia ca01.218c.0008)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX <================================================= liat ini
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of “show interface” counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 21313123 bits/sec, 0 packets/sec <===== cek ini bila network slow
5 minute output rate 213123213 bits/sec, 0 packets/sec <==== cek ini bila network slow
24242313 packets input, 0 bytes
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
71 packets output, 9444 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets <==== LIAT Collisions, collision adalah ada collions normal online
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred <==== dan liat late collisions
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
==================================================================================================
*di dalam REAL WORLD switch / lingkungan switch cisco tidak akan pernah ada collision karena
*FULL DUPLEX BOTH SIDE contoh selama di setting HARDCODE (Camera IP dan Switch cisco) mereka dapat
send 100Mpbs dan received 100Mpbs pada saat yang sama tidak akan pernah terjadi collision dan seharusnya.
lalu cek lagi dengan spesifik
CBTSwitch#sh run int f0/16
jika terus berlanjut lakukan UP arrow at the time
CBTSwitch#sh run int f0/16 <— ini maksudnya up arrow at the time
jika berlanjut berarti bermasalah
===================================================================================================
there is
* Normal Collision = (Dunia HUB)jika collision mau terjadi akan muncul di utama 32byte FRAME
Normal Collion = always happened in 1st 32 bytes framE at the time
* LATE COLLISION = are always indicated off duplex mismatch
bila ada packet detected yang berbeda contoh 1500byte lalu dari tempat lain 7534byte pada saat bersamman disitu mulai terjadi
mismatch duplax.
======================================================================================================
CRC = Circle Redunancy Check (HASH) dimana every single frame that send it, adalah little piece adalah yg pastikan adanya HASH
yang jalan di Packet dimana sebelum packet dikirimkan point a to b, Jika Algoritma ada yang berubah dan CRC akan match
dan mungkin akan memutuskan BAD PACKET.
jika kita melihat bounce of CRC bisa dpastikan BAD CABLE
=======================================================================================================
show mac address-table
cara handy
show mac address-table | i 1010
1 0000.5e00.0101 DYNAMIC Fa0/18 <— menandakan mac add itu ada di port 18
=======================================================================================================
* if Network slow > Chek Speed & duplex
* Understanding KEY INTERFACE COUNTER
* Finding Devices > MAC ADDRESS TABLE
semua yg di denger dari video, sorry kalau ada salah denger
Routing – Understand and Configuring OSPF
28 Routing – Understand and Configuring OSPF
================================================
OSPF
OSPF menggunakan HELLO PACKET
Hello pakcet = adalah dimana router ingin mencari teman atau tetangga untuk saling tukar routing table
Hello setiap= 10 sec
Dead = 40 sec
jika ospf tidak menerima hear from neibor dalam waktu 40 sec dia akan memutuskan that neighbor is DEAD
( offline atau Unreachable )
OSPF is ReALLY picky about Relationship
– if TIMER not match jika router r1 ke r2 tidak akan terima, jadi harus match timer
– AREA must match,
perbedaan antara RIP dan OSPF
RIP = Broadcast
Rip = screaming R1 to R2 yelling
Rip = no ack dimana that anybody got that
Rip = no followed up dimana pesan di terma atau tidak/ yellingnya di terima atau tidak (received)
Rip = cuma broadcast hope will gets there
============================================
Network = 1. Identifies what interfaces to send packet on
2. Identifies what networks to advertise
=============================================
the Bigger routing table = Slow Route
Area Summarization =
OSPF Tau tentang semua topology didalamnya
1. Turn on OSPF
2. Tell it what interface to use= network 1. identifies what interfaces to send hello paket on
2. indetifies what network to advertise
3. waht the magic happen!
Timer
Area
Authentication
harus sama Subnet
passive-interface fastEthernet 0/0 = adalah dimana nyalakan hello message ke port khusus (static port)
passive-interface default = turn off all hello messages on all interfaces, no more hello messages anyware
no passive-interface = everything now pasif, nothing send hello messages unless admin open
===================================
di cbt nuggets
passive-inteface default untuk matikan semua hello ke semua interface lalu
no passive-interface serial 0/0 <– yang ini dinyalakan untuk menyalakan hello paket
step 1. passive-interface = di-mati-KAN
step 2. no passive-interface = dinyalakan
ANYWhere you SEND HELLO PAKET that POTENTIAL neighbor relationship conform
==================================
192.168.2.0 0.0.0.255
jika ada lebih network yang mau di advertise pake ini, 192.168.0.0 0.0.255.255
jika kalau mau advertise network yang sekarang, dan advertise untuk masa depan 0.0.0.0 255.255.255.255 ( not good) cisco said don’t doit
Best Practise
network 192.168.1.1 0.0.0.0
network 192.168.2.1 0.0.0.0 (seperti SNIPER EXACTILY this interface) langsung turn ON OSPF
=====================
no 1 untuk troubleshooting ospf
show ip ospf neighbor
show ip cpd nei
show ip route
show ip protocol <— untuk melihat protocol apa yang di pakai
110 AD <– the believe ability of OSPF
R1#debug ip ospf packet = untuk melihat data paket yang terkirim