Interworking BGP Cisco with Juniper

this is my new BGP lab


with combining Cisco dynamips and Olive Junos using Logical router to prevent Olive multiple folder
this Lab running on FreeBSD 7.1
and the scenario

1. Since I've got trouble with OSPF on my QEMU so I use static route for IBGP peering
2. Use BGP regular expression for advertise route with no AS-path at R2
3. Change the origin route advertised out at R2
4. Set network originate 192.168.0.0/16 as Primary and 172.17.0.0/16 as Backup at R3 and vice versa at LR-1
5. Use BGP confederation on AS 8000
6. Set loadbalance on AS 2500

this lab contains
1. BGP loadbalancing
2. MED, Localpreference, regular expression tuning
3. BGP confederation
4. BGP prepending

Traceroute my PC

















Traceroute logical router

















#sh ip bgp at R2


















#sh ip bgp at R4

















root#run show route LR-4

















root#run show route LR-7















if you want to see my configuration you can download from

http://sioduy.100webspace.net/

for the next post maybe i will post multicast IPv6 routing using XORP (eXtensible Open Router Platform)

Multilayer switching

mumpung sambil nunggu donlotan ios yang baru posting-posting lagi ah

kali ini akan posting multilayer switch

ini topologi nya sedikit perkembangan dan perubahan dikit dari yang udah ada
topologi ini memakai IOS c3640-is-mz.124-16.bin untuk tiap-tiap switch

konfigurasinya bisa di liat di
http://sioduy.100webspace.net/Multilayer%20Switching/

seputar komputerku

Komputer butut tapi masih lumayan buat emulasi router
jalan di atas prosesor SEMPRON 64 Tm 2800+ 1600Mhz clockspeed
dengan memory DDR1 2 GB lumayan buat jalanin 7 emulasi router cisco 3640 series untuk jalanin BGP IPv6 di GNS3 meskipun akhirnya hampir ga kuat jalaninnya
peer sering down, sering kehilangan tabel routing nya karena prosesor uda 100% bahkan sepertinya mo meledak. pernah kepikiran untuk export file .net GNS3 ke dynagen di FreeBSD 7.1 AMD64.

BGP IPv6 Configuration

konfigurasi BGP IPv6 dari topologi sebelumnya
IOS yang digunakan adalah c3640-jk9s-mz.124-16.bin
bila ada kesalahan atau tuning konfigurasi mohon untuk dikomentari

R0

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
interface Loopback0
description LOCAL NETWORK
ip address 10.10.1.1 255.255.255.0
ipv6 address 2001:D30:67::1/64
!
interface Loopback1
description LOCAL NETWORK
ip address 10.10.2.1 255.255.255.0
ipv6 address 2001:D30:66::1/64
!
interface FastEthernet0/0
no switchport
description TO R1
ip address 10.1.12.1 255.255.255.252
ipv6 address 2001:D30:77::1/126
!
interface FastEthernet0/1
no switchport
description TO R2
ip address 10.1.13.1 255.255.255.252
ipv6 address 2001:D30:76::1/126
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
router bgp 5500
bgp log-neighbor-changes
neighbor 2001:D30:76::3 remote-as 5500
neighbor 2001:D30:77::3 remote-as 5500
!
address-family ipv4
no neighbor 2001:D30:76::3 activate
no neighbor 2001:D30:77::3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv6
neighbor 2001:D30:76::3 activate
neighbor 2001:D30:77::3 activate
network 2001:D30:67::/64
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end

======================================================

R1


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
interface FastEthernet0/0
no switchport
ip address 10.1.24.1 255.255.255.252
ipv6 address 2001:5C0:77::1/126
!
interface FastEthernet0/1
no switchport
ip address 10.1.12.2 255.255.255.252
ipv6 address 2001:D30:77::3/126
!
interface FastEthernet0/2
no switchport
ip address 10.1.14.1 255.255.255.252
ipv6 address 2001:D30:75::1/126
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
router bgp 5500
no synchronization
bgp default local-preference 700
bgp log-neighbor-changes
neighbor 2001:5C0:77::3 remote-as 777
no neighbor 2001:5C0:77::3 activate
neighbor 2001:D30:75::3 remote-as 5500
no neighbor 2001:D30:75::3 activate
neighbor 2001:D30:77::1 remote-as 5500
no neighbor 2001:D30:77::1 activate
no auto-summary
!
address-family ipv6
neighbor 2001:5C0:77::3 activate
neighbor 2001:D30:75::3 activate
neighbor 2001:D30:77::1 activate
neighbor 2001:D30:77::1 next-hop-self
exit-address-family
!
ip http server
no ip http secure-server
!
!
control-plane
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


===========================================================

R2


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
interface FastEthernet0/0
no switchport
ip address 10.1.13.2 255.255.255.252
ipv6 address 2001:D30:76::3/126
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
no switchport
ip address 10.1.14.2 255.255.255.252
ipv6 address 2001:D30:75::3/126
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Ethernet1/0
ip address 10.1.34.1 255.255.255.252
half-duplex
ipv6 address 2001:5C0:76::1/126
!
interface Vlan1
no ip address
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor 2001:5C0:76::3 remote-as 777
no neighbor 2001:5C0:76::3 activate
neighbor 2001:D30:75::1 remote-as 5500
no neighbor 2001:D30:75::1 activate
neighbor 2001:D30:76::1 remote-as 5500
no neighbor 2001:D30:76::1 activate
no auto-summary
!
address-family ipv6
neighbor 2001:5C0:76::3 activate
neighbor 2001:5C0:76::3 route-map LOCAL_PREF in
neighbor 2001:D30:75::1 activate
neighbor 2001:D30:76::1 activate
neighbor 2001:D30:76::1 next-hop-self
exit-address-family
!
ip http server
no ip http secure-server
!
!
route-map LOCAL_PREF permit 10
match ipv6 address ROUTE_R3
set local-preference 1000
!
route-map LOCAL_PREF permit 20
match ipv6 address ROUTE_R1
set local-preference 10
!
route-map LOCAL_PREF permit 30
!
!
!
ipv6 access-list ROUTE_R3
permit ipv6 2001:5C3:2::/64 any
!
ipv6 access-list ROUTE_R1
permit ipv6 2001:D33:63::/64 any
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


==========================================================


R3

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
no switchport
ip address 10.1.24.2 255.255.255.252
ipv6 address 2001:5C0:77::3/126
!
interface FastEthernet0/2
no switchport
ip address 10.1.52.1 255.255.255.252
ipv6 address 2001:D31:77::1/126
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor 2001:5C0:77::1 remote-as 5500
no neighbor 2001:5C0:77::1 activate
neighbor 2001:D31:77::3 remote-as 911
no neighbor 2001:D31:77::3 activate
no auto-summary
!
address-family ipv6
neighbor 2001:5C0:77::1 activate
neighbor 2001:D31:77::3 activate
exit-address-family
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


==========================================================


R4


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
no switchport
ip address 10.1.42.1 255.255.255.252
ipv6 address 2001:5C0:75::1/126
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Ethernet1/0
ip address 10.1.34.2 255.255.255.252
half-duplex
ipv6 address 2001:5C0:76::3/126
!
interface Vlan1
no ip address
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor 2001:5C0:75::3 remote-as 771
no neighbor 2001:5C0:75::3 activate
neighbor 2001:5C0:76::1 remote-as 5500
no neighbor 2001:5C0:76::1 activate
no auto-summary
!
address-family ipv6
neighbor 2001:5C0:75::3 activate
neighbor 2001:5C0:76::1 activate
exit-address-family
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


=============================================================

R5


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
interface Loopback0
ip address 150.20.1.1 255.255.255.0
ipv6 address 2001:D32:1::1/64
!
interface Loopback1
ip address 150.20.2.1 255.255.255.0
ipv6 address 2001:D32:2::1/64
!
interface Loopback2
ip address 150.20.3.1 255.255.255.0
ipv6 address 2001:D32:3::1/64
!
interface Loopback3
ip address 150.20.4.1 255.255.255.0
ipv6 address 2001:D32:4::1/64
!
interface Loopback4
ip address 192.168.2.1 255.255.255.0
ipv6 address 2001:5C3:2::1/64
!
interface FastEthernet0/0
no switchport
ip address 10.1.52.2 255.255.255.252
ipv6 address 2001:D31:77::3/126
!
interface FastEthernet0/1
!
interface FastEthernet0/2
no switchport
ip address 10.1.62.2 255.255.255.252
ipv6 address 2001:D31:76::3/126
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
router bgp 911
no synchronization
bgp log-neighbor-changes
neighbor 2001:D31:76::1 remote-as 771
no neighbor 2001:D31:76::1 activate
neighbor 2001:D31:77::1 remote-as 777
no neighbor 2001:D31:77::1 activate
no auto-summary
!
address-family ipv6
neighbor 2001:D31:76::1 activate
neighbor 2001:D31:77::1 activate
network 2001:5C3:2::/64
redistribute connected route-map BGP6
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
route-map BGP6 permit 100
match ipv6 address IP6
!
!
!
ipv6 access-list IP6
permit ipv6 2001:D32:1::/64 any
permit ipv6 2001:D32:2::/64 any
permit ipv6 2001:D32:3::/64 any
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


==========================================================

R6

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
interface Loopback0
ip address 200.10.1.1 255.255.255.0
ipv6 address 2001:5C2:1::1/64
!
interface Loopback1
ip address 200.10.2.1 255.255.255.0
ipv6 address 2001:5C2:2::1/64
!
interface Loopback2
ip address 200.10.3.1 255.255.255.0
ipv6 address 2001:5C2:3::1/64
!
interface Loopback3
ip address 172.17.63.1 255.255.255.0
ipv6 address 2001:D33:63::1/64
!
interface FastEthernet0/0
no switchport
ip address 10.1.42.2 255.255.255.252
ipv6 address 2001:5C0:75::3/126
!
interface FastEthernet0/1
no switchport
ip address 10.1.62.1 255.255.255.252
ipv6 address 2001:D31:76::1/126
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
router bgp 771
no synchronization
bgp log-neighbor-changes
neighbor 2001:5C0:75::1 remote-as 777
no neighbor 2001:5C0:75::1 activate
neighbor 2001:D31:76::3 remote-as 911
no neighbor 2001:D31:76::3 activate
no auto-summary
!
address-family ipv6
neighbor 2001:5C0:75::1 activate
neighbor 2001:D31:76::3 activate
network 2001:D33:63::/64
redistribute connected route-map BGP6
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
route-map BGP6 permit 100
match ipv6 address IP6
!
!
!
ipv6 access-list IP6
permit ipv6 2001:5C2:1::/64 any
permit ipv6 2001:5C2:2::/64 any
permit ipv6 2001:5C2:3::/64 any
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


============================================================

BGP IPv6 Verification and Testing

Mari kita lanjutkan untuk melihat hasil dari konfigurasi topologi pada postingan yang lalu ada beberapa tambahan pada topologi di atas yakni saya menambahkan network 2001:d30:67::1/64 untuk di advertise oleh R0

R3#show ip bgp ipv6 un neighbors 2001:d31:77::3 advertised-routes
BGP table version is 26, local router ID is 10.1.52.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 2001:5C2:1::/64 2001:D31:77::3 0 911 771 ?
*> 2001:5C2:2::/64 2001:D31:77::3 0 911 771 ?
*> 2001:5C2:3::/64 2001:D31:77::3 0 911 771 ?
*> 2001:5C3:2::/64 2001:D31:77::3 0 0 911 i
*> 2001:D30:67::/64 2001:5C0:77::1 0 5500 i
*> 2001:D32:1::/64 2001:D31:77::3 0 0 911 ?
*> 2001:D32:2::/64 2001:D31:77::3 0 0 911 ?
*> 2001:D32:3::/64 2001:D31:77::3 0 0 911 ?
*> 2001:D33:63::/64 2001:D31:77::3 0 911 771 i

Total number of prefixes 9



R0#show ip bgp ipv6 unicast 2001:D32:2::1/64
BGP routing table entry for 2001:D32:2::/64, version 8
Paths: (2 available, best #2, table Global-IPv6-Table)
Not advertised to any peer
777 771 911
2001:D30:76::3 from 2001:D30:76::3 (10.1.34.1)
Origin incomplete, metric 0, localpref 100, valid, internal
777 911
2001:D30:77::3 from 2001:D30:77::3 (10.1.24.1)
Origin incomplete, metric 0, localpref 700, valid, internal, best


mari kita coba ping ke salah satu network yang sudah di advertise

R0#ping ipv6 2001:5c2:2::1 source 2001:d30:67::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:5C2:2::1, timeout is 2 seconds:
Packet sent with a source address of 2001:D30:67::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 284/390/628 ms

Alhamdulillah ping nya bisa....

trus coba lagi di traceroute

R0#traceroute ipv6

Target IPv6 address: 2001:5c3:2::1
Source address: 2001:d30:67::1
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]: 4
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]: 5
Priority [0]:
Port Number [33434]:
Type escape sequence to abort.
Tracing the route to 2001:5C3:2::1

1 2001:D30:76::3 48 msec 48 msec 112 msec ==> AS 5500 via IBGP
2 2001:5C0:76::3 264 msec 76 msec 136 msec ==> AS 777
3 2001:5C0:75::3 260 msec 348 msec 284 msec ==> AS 771
4 2001:5C3:2::1 284 msec 356 msec 308 msec ==> AS 911

Alhamdulillah kluar hasilnya

BGP IPv6 with GNS3

Hmm setelah berguru ke Jeremy akhirnya saya sedikit mengerti tentang BGP

kalo gitu langsung to de poin

ini topologi BGP IPv6 pertamaku
karena uda capek ngetiknya kapan-kapan lagi saya posting konfigurasinya

tapi jangan kuatir sekarang saya posting hasil show ip bgp nya

R0#show ip bgp ipv6 unicast
BGP table version is 11, local router ID is 10.10.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i2001:5C2:1::/64 2001:D30:76::3 0 100 0 777 771 ?
*>i 2001:D30:77::3 0 700 0 777 911 771 ?
* i2001:5C2:2::/64 2001:D30:76::3 0 100 0 777 771 ?
*>i 2001:D30:77::3 0 700 0 777 911 771 ?
* i2001:5C2:3::/64 2001:D30:76::3 0 100 0 777 771 ?
*>i 2001:D30:77::3 0 700 0 777 911 771 ?
*>i2001:5C3:2::/64 2001:D30:76::3 0 1000 0 777 771 911 i
* i 2001:D30:77::3 0 700 0 777 911 i
*> 2001:D30:67::/64 :: 0 32768 i
* i2001:D32:1::/64 2001:D30:76::3 0 100 0 777 771 911 ?
*>i 2001:D30:77::3 0 700 0 777 911 ?
* i2001:D32:2::/64 2001:D30:76::3 0 100 0 777 771 911 ?
*>i 2001:D30:77::3 0 700 0 777 911 ?
* i2001:D32:3::/64 2001:D30:76::3 0 100 0 777 771 911 ?
*>i 2001:D30:77::3 0 700 0 777 911 ?
* i2001:D33:63::/64 2001:D30:76::3 0 10 0 777 771 i
*>i 2001:D30:77::3 0 700 0 777 911 771 i

R0#show ipv6 route
IPv6 Routing Table - 18 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2001:5C2:1::/64 [200/0]
via 2001:D30:77::3
B 2001:5C2:2::/64 [200/0]
via 2001:D30:77::3
B 2001:5C2:3::/64 [200/0]
via 2001:D30:77::3
B 2001:5C3:2::/64 [200/0]
via 2001:D30:76::3
C 2001:D30:66::/64 [0/0]
via ::, Loopback1
L 2001:D30:66::1/128 [0/0]
via ::, Loopback1
C 2001:D30:67::/64 [0/0]
via ::, Loopback0
L 2001:D30:67::1/128 [0/0]
via ::, Loopback0
C 2001:D30:76::/126 [0/0]
via ::, FastEthernet0/1
L 2001:D30:76::1/128 [0/0]
via ::, FastEthernet0/1
C 2001:D30:77::/126 [0/0]
via ::, FastEthernet0/0
L 2001:D30:77::1/128 [0/0]
via ::, FastEthernet0/0
B 2001:D32:1::/64 [200/0]
via 2001:D30:77::3
B 2001:D32:2::/64 [200/0]
via 2001:D30:77::3
B 2001:D32:3::/64 [200/0]
via 2001:D30:77::3
B 2001:D33:63::/64 [200/0]
via 2001:D30:77::3
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0

Modern VLAN

sebelumnya saya mohon mangaps dulu menunda posting instalasi OLIVE JUNOS di FReeBSD 7.0 part 2 tapi tutorial install OlIVE JUNOS uda h banyak di google kapan-kapan saya lanjutkan

mari kita lanjutkan topik nya
emang apa bedanya Modern VLAN ama Legacy VLAN ???
mengutip omongannya jeremy cioara #CCIE guru saya :D
katanya kalo Modern VLAN itu ga perlu router lagi buat hubungin network2 di dalam VLAN
katanya udah ga jaman lagi, bottlenecknya ada di jalur trunk ke router
kalo di catalis 3500 uda bisa modern VLAN dan alhamdulillah bisa ku coba di 3640 Series
istilah kerenya adalah SVI aka Switch Virtual Interface
intinya SVI dibuat dengan menambahkan interface VLAN dalam cisco switch

oke sekarang mari kita lihat topologi sederhana di bawah ini
pada topologi sederhana diatas R0 berfungsi sebagai switch sekaligur router untuk menjalan kan NAT dan DHCP Server Switch R1 ngikut Trunk ke R0
port 1 R0 terhubung ke router R3 dan router R3 seolah-olah terhubung ke server


berikut konfiugurasi SVI.net

autostart = False
[localhost:7200]
workingdir = E:\New Folder
[[2621]]
image = E:\ios\c2600-ik9s-mz.122-40a.BIN
idlepc = 0x80342788
ghostios = True
chassis = 2621
[[1710]]
image = E:\ios\C1700-K2.BIN
ram = 32
idlepc = 0x8016f138
chassis = 1710
[[3640]]
image = E:\ios\c3640-is-mz.124-16.BIN
idlepc = 0x604a3f2c
ghostios = True
chassis = 3640
[[ROUTER R4]]
model = 2621
console = 2003
f0/0 = R1 f0/7

[[ROUTER R5]]
model = 2621
console = 2004
f0/0 = R0 f0/3

[[ROUTER R6]]
model = 1710
console = 2005
f0 = R3 f0/1

[[ROUTER R0]]
model = 3640
console = 2000
cnfg = E:\SVI-2\R0.cfg
slot0 = NM-16ESW
f0/1 = R3 f0/0
f0/3 = R5 f0/0
f0/13 = R1 f0/13

[[ROUTER R1]]
model = 3640
console = 2001
cnfg = E:\SVI-2\R1.cfg
slot0 = NM-16ESW
f0/7 = R4 f0/0
f0/13 = R0 f0/13

[[ROUTER R3]]
model = 2621
console = 2002
f0/0 = R0 f0/1
f0/1 = R6 f0

konfigurasi Switch R0.cfg

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-SVI
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.129
ip dhcp excluded-address 192.168.5.1 192.168.5.129
!
ip dhcp pool 0
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
ip dhcp pool 1
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
no switchport
ip address 172.17.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 10
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport access vlan 20
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan20
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
router ospf 1
log-adjacency-changes
network 172.17.1.0 0.0.0.3 area 0
!
ip http server
!
!
ip nat inside source list 10 interface FastEthernet0/1 overload
ip nat inside source list 20 interface FastEthernet0/1 overload
!
access-list 10 permit 192.168.2.0 0.0.0.255
access-list 20 permit 192.168.5.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

mari kita jelaskan konfigurasi Switch R0 diatas

untuk mengaktifkan SVI perlu dibuat virtual interface VLAN pada konfigurasi diatas di buat interface Vlan 10 dan Vlan 20

R0#(config)interface Vlan 10
R0#(config)interface Vlan 20

setelah itu create database Vlan biar port pada switch bisa di seting vlan yang kita inginkan

R0#vlan database
R0#(Vlan-database)Vlan 10 name zenislev
R0#(Vlan-database)Vlan 20 name hoshun

pada port 1 bisa dilihat port tersebut memiliki IP address mestinya port switch tidak bisa di beri IP address, untuk mengaktifkan nya cukup dengan 1 perintah

R0#(config)interface f0/1
R0#(config-if)no switchport

dengan perintah tersebut port tersebut dapat di beri IP address bahkan dapat untuk menjalankan routing protokol seperti OSPF,RIP,EIGRP bahkan BGP. Pada posting berikutnya akan saya tunjukkan bahwa port tersebut dapat menjalankan BGP IPv6

kita lanjutkan dengan mengaktifkan DHCP server
untuk mengaktifkan DHCP Server di cisco cukup dengan perintah

R0#(config)service dhcp

kemudian dhcp dapat di konfigurasi seperti pada konfigurasi DHCP Server di atas
yang membedakan DHCP server di FreeBSD/Linux ato yang lainnya adalah untuk range DHCP
di cisco range DHCP di definisikan dengan range IP yang tidak ingin kita otomatiskan

R0#(config)ip dhcp excluded-address 192.168.2.1 192.168.2.129
dengan konfigurasi diatas nantinya range IP DHCP nya dimulai dari 192.168.2.130 - 254

selanjutnya mengaktifkan NAT
untuk ip nat outside di konfigurasikan ke interface f0/1 dan ip nat inside-nya di konfigurasika ke interface Vlan10 dan Vlan20 bisa dilihat pada konfigurasi di atas
kebetulan NAT yang saya gunakan adalah NAT static overload, sebenarnya untuk VLAN 20 ingin saya gunakan untuk NATPOOL tapi karena waktu itu disuruh nganterin ibu jadi tak samakan aja dengan VLAN 10

WOOOwwww !!! 1 Switch bisa untuk VLAN, DHCP Server bahkan jadi Router juga

untuk router R3 yang menghubungkan ke server menggunakan routing OSPF

Legacy VLAN with GNS3

ya setelah lama ga posting sekarang saatnya aktif nulis lagi

kali ini enaknya bikin topik cara bikin Legacy VLAN di cisco. tapi bukan cisco hardware beneran tapi pake GNS3

mari kita lihat contoh topologi sederhana yang saya buat

router R1 dan router R2 dihubungkan dengan frame relay network
R1 terhubung ke port 1 framerelay switch dengan DLCI 101 dan R2 terhubung ke port 2 DLCI 201

routing protokol yang digunakan adalah ospf

berikut dibawah ini konfigurasinya

untuk konfigurasi file legacy_VLAN.net nya

autostart = False
[localhost:7200]
workingdir = E:\New Folder
[[2621]]
image = E:\ios\c2600-ik9s-mz.122-40a.BIN
idlepc = 0x80342788
ghostios = True
chassis = 2621
[[3640]]
image = E:\ios\c3640-is-mz.124-16.BIN
idlepc = 0x604a3f2c
ghostios = True
chassis = 3640
[[ROUTER R1]]
model = 2621
console = 2037
s0/0 = FR0 1
f0/0 = SW1 f0/1
[[ROUTER R2]]
model = 2621
console = 2038
s0/0 = FR0 2
f0/0 = SW3 f0/1
[[FRSW FR0]]
1:101 = 2:201
2:201 = 1:101
[[ROUTER SW1]]
model = 3640
console = 2034
slot0 = NM-16ESW
f0/1 = R1 f0/0
f0/4 = PC2 f0/0
f0/7 = PC1 f0
f0/13 = SW2 f0/13
[[ROUTER SW3]]
model = 3640
console = 2036
slot0 = NM-16ESW
f0/1 = R2 f0/0
f0/3 = PC5 f0/0
[[ROUTER SW2]]
model = 3640
console = 2035
slot0 = NM-16ESW
f0/4 = PC4 f0
f0/7 = PC3 f0/0
f0/13 = SW1 f0/13

[localhost:7201]
workingdir = E:\New Folder
udp = 10100
[[2621]]
image = E:\ios\c2600-ik9s-mz.122-40a.BIN
idlepc = 0x803f4dc0
ghostios = True
chassis = 2621
[[1710]]
image = E:\ios\C1700-K2.BIN
ram = 32
ghostios = True
idlepc = 0x8016f138
chassis = 1710
[[ROUTER PC2]]
model = 2621
console = 2041
idlepc = 0x80342788
f0/0 = SW1 f0/4
[[ROUTER PC3]]
model = 2621
console = 2042
idlepc = 0x80342788
f0/0 = SW2 f0/7
[[ROUTER PC1]]
model = 1710
console = 2045
f0 = SW1 f0/7
[[ROUTER PC4]]
model = 1710
console = 2046
f0 = SW2 f0/4
[[ROUTER PC5]]
model = 2621
console = 2022
f0/0 = SW3 f0/3

file SW1.cfg

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport access vlan 15
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
ip http server
!

!
control-plane
!
!
alias exec c conf t
alias exec s sh ip int br
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

file SW2.cfg

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
switchport access vlan 10
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport access vlan 15
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
ip http server
!
!
control-plane
!
!
alias exec c conf t
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end


file R1.cfg


!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
!
memory-size iomem 15
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.129
ip dhcp excluded-address 192.168.3.1 192.168.3.129
!
ip dhcp pool 1
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
ip dhcp pool 2
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
call rsvp-sync
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.15
encapsulation dot1Q 15
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.101 point-to-point
ip address 10.10.7.1 255.255.255.0
no arp frame-relay
frame-relay interface-dlci 101
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.10.7.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 1
network 192.168.3.0 0.0.0.255 area 1
!
ip classless
ip http server
!
!
dial-peer cor custom
!
!
alias exec c conf t
alias exec s sh ip int br
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end


konfigurasi router R2 file R2.cfg

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
!
memory-size iomem 15
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.4.1 192.168.4.129
!
ip dhcp pool 3
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
!
!
call rsvp-sync
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.4.1 255.255.255.0
!
interface Serial0/0
bandwidth 512000
no ip address
encapsulation frame-relay
clock rate 512000
!
interface Serial0/0.201 point-to-point
ip address 10.10.7.2 255.255.255.0
no arp frame-relay
frame-relay interface-dlci 201
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
network 10.10.7.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 1
!
ip classless
ip http server
!
!
dial-peer cor custom
!
!
alias exec c conf t
alias exec s sh ip int br
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end

untuk konfigurasi Switch 3 sama dengan konfigurasi Switch 1 da Switch 2

sedangkan untuk User2nya menggunakan konfigurasi ip dhcp
pada testing di atas Cisco 1700 tidak bisa dikonfigurasi ip dhcp nya

PC1#(config)int f0/0
PC1#(config-if)ip address dhcp
PC1#(config-if)no shut

test posting gan

test ....