Archive for category vyatta
Membuat VLAN dengan menggunakan Vyatta dan Hub
PC low-end dan Hub adalah dua device yang dianggap sebagai legacy equipment dalam pengertian device yang dianggap ketinggalan, yang dianggap tidak mampu untuk membuat suatu network yang handal dan komplek, sebenarnya kedua peralatan ini dapat kita jadikan sistem yang cukup baik dan powerful, dengan konsep yang sebenarnya sangat sederhana dan mudah dimengerti serta bisa dilakukan oleh para pemula maupun para expert di network.
Memang diantara peralatan yang dihubungkan oleh hub masih tetap terjadi broadcast dikarenakan hub tidak bisa mengenali frame dan sifatnya hanya sebagai penerus sinyal elektrik atau sebagai repeater dengan multiport, dikarenakan hub beroperasi pada layer 1 atau physical dari OSI layer sehingga seluruh frame akan di broadcast ke seluruh port, berbeda dengan switch yang mampu membagi collision domain per port karena switch mempunyai kemampuan mengenali frame dan mengetahui MAC address dari peralatan yang terhubung dengannya dan menyimpan MAC address tiap device tersebut pada MAC address tabel, sehingga switch hanya akan meneruskan frame menuju port dimana terdapat MAC address dari peralatan yang menjadi tujuan dan tidak menuju port lain. Dan jika menggunakan Managable Switch seperti Cisco, 3COM, Allied Tellesyns atau vendor lain, switch seperti ini tidak hanya mampu memecah collision domain tetapi juga langsung memecah broadcast domain dikarenakan kemampuannya melakukan grouping port dan melakukan VLAN tagging terhadap frame yang masuk melalui port tersebut.
Bagaimana kalau VLAN tagging dilakukan oleh device pengirim sebelum dikirim menuju hub dan antar device yang saling berhubungan masing ethernet card-nya dibuat sub interface sehingga frame yang keluar langsung di enkapsulasi berdasarkan encapsulation dot1Q sesuai dengan VLAN ID yang dibuat, jadi sub interface yang di tag dengan VLAN ID yang samalah yang bisa berkomunikasi secara langsung, walaupun broadcast tetap terjadi dikarenakan device yang digunakan adalah hub tetapi hubungan antara peralatan harus melalui fungsi routing.
Penyebab broadcast di network antara lain disebabkan karena kerja protocol, antara lain protocol ARP yang mencari MAC dalam upaya membentuk frame di layer 2, routing protocol untuk membentuk rouitng tabel, maupun sebabkan oleh virus.
Sehingga bagaimana agar agar broadcast dari routing protocol tidak di-advertise ke LAN yang ada dibawah router, ini kita bisa lakukan dengan menjadikan interface router yang berhubungan ke LAN sebagai passive interface
Terdapat banyak routing protocol antara lain RIP, RIPv2, IGRP, EIGRP, OSPF. RIP dan OPSF adalah routing protocol bersifat open standard dalam artian bebas dipergunakan diperalatan mana saja dan didukung oleh banyak platform, seperti Linux, UNIX, Cisco, Junifer dan lain-lain. Sedangkan IGRP dan EIGRP adalah dua routing protocol yang merupakan proprietary dari Cisco dan hanya didukung oleh peralatan buatan Cisco, tentu dikarenakan kita menggunakan open source maka kita akan menggunakan routing protocol open standard yaitu antara RIP dan OSPF.
Untuk RIP, routing protocol ini akan mengirimkan update seluruh routing tabelnya setiap 30 detik dengan cara di-broadcast (255.255.255.255), walaupun tidak terjadi perubahan topologi.
Sedangkan OSPF hanya akan mengirimkan update routing tabel jika terjadi perubahan topologi, dan untuk memelihara hubungan antar router yang saling bersebelahan OSPF menggunakan hello packet yang secara default dikirim setiap 10 detik, walaupun paket hello ini dikirim setiap 10 detik pada segmen multiaccess dan point to point. Tetapi tidak sebesar ukuran tabel routing yang dikirimkan oleh RIP. Keuntungan lain dari OSPF adalah konvergensi yang cepat dan skalabilitas untuk implementasi jaringan yang lebih besar.
Untuk lebih jelasnya mari kita lihat contoh topologi dibawah ini
R1 adalah Router yang berhubungan dengan internet atau merupakan router backbone dari jaringan kita dalam menuju internet, router ini mempunyai 2 interface satu yang menuju internet dan satu lagi yang menuju jaringan lokal, pada interface yang berhubungan dengan internet kita langsung berikan IP address dan pada Interface yang berhubungan dengan jaringan lokal akan kita buat sub interface (vif) dan langsung di enkapsulasi dengan encapsulation dot1Q
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 address 222.124.194.2/27
vyatta@vyatta# set interfaces ethernet eth1 vif 2 address 192.168.2.1/30
vyatta@vyatta# set interfaces ethernet eth1 vif 3 address 192.168.2.5/30
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 222.124.194.1
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.0/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.4/30
vyatta@vyatta# set protocols ospf log-adjacency-changes
vyatta@vyatta# set protocols ospf default-information originate
vyatta@vyatta# set service nat rule 1 outbound-interface eth0
vyatta@vyatta# set service nat rule 1 type masquerade
vyatta@vyatta# show
Pada Router R2 berhubungan dengan R1 melalui sub interface pada eth0 dengan vif 2, sedangkan pada eth1 kita buat 3 sub interface yaitu vif 2 untuk berhubungan dengan R4, vif 3 untuk berhubungan dengan R5 dan vif 4 untuk berhubungan dengan R6.
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.2/30
vyatta@vyatta# set interfaces ethernet eth1 vif 2 address 192.168.2.9/30
vyatta@vyatta# set interfaces ethernet eth1 vif 3 address 192.168.2.13/30
vyatta@vyatta# set interfaces ethernet eth1 vif 4 address 192.168.2.17/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.0/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.8/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.12/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.16/30
vyatta@vyatta#
Router R3 berhubungan dengan R1 melalui sub interface pada eth0 dengan vif 3, sedangkan pada eth1 kita buat 3 sub interface yaitu vif 2 untuk berhubungan dengan R7, vif 3 untuk berhubungan dengan R8 dan vif 4 untuk berhubungan dengan R9.
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 3 address 192.168.2.6/30
vyatta@vyatta# set interfaces ethernet eth1 vif 2 address 192.168.2.21/30
vyatta@vyatta# set interfaces ethernet eth1 vif 3 address 192.168.2.25/30
vyatta@vyatta# set interfaces ethernet eth1 vif 4 address 192.168.2.29/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.4/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.20/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.24/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.28/30
vyatta@vyatta#
Pada Router 4
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.10/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.3.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.8/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.3.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Pada Router 5
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 3 address 192.168.2.14/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.4.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.12/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.4.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Pada Router 6
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.18/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.5.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.16/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.5.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Pada Router 7
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.22/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.6.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.20/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.6.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Pada Router 8
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.26/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.7.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.24/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.7.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Pada Router 8
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 vif 2 address 192.168.2.30/30
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.8.1/24
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.28/30
vyatta@vyatta# set protocols ospf area 0 network 192.168.8.0/24
vyatta@vyatta# set protocols ospf passive-interface eth1
[edit]
vyatta@vyatta#
Setelah semua selesai pada user mode tiap router coba ketikkan perintah show ip route dan lihat apakah telah terbentuk routing tabel keseluruh network, lakukan perintah traceroute ke masing-masing alamat network yang ada sehingga kita mengetahui path yang digunakan dalam mencapai tujuan/destination, dan pada PC yang terdapat pada LAN coba lakukan instalasi protocol analyzer wireshark www.wireshark.org untuk mengetahui apakah ada routing protocol yang di broadcast ke local area network. Thanks to vyatta http://vyatta.org great and powerful
Download pdf
membangun-vlan-dengan-pc-butut-dan-hub
Routing antara Vyatta dan Quagga pada Centos 5.2 dengan Protocol OSPF
[root@quagga ~]# cd /etc/quagga/
[root@quagga quagga]# ls
bgpd.conf.sample ospfd.conf.sample vtysh.conf zebra.conf.sample
bgpd.conf.sample2 ripd.conf.sample vtysh.conf.sample
ospf6d.conf.sample ripngd.conf.sample zebra.conf
[root@quagga quagga]#
[root@quagga quagga]# mv zebra.conf zebra.conf.backup
[root@quagga quagga]# cp zebra.conf.sample zebra.conf
[root@quagga quagga]# cp ospfd.conf.sample ospfd.conf
[root@quagga quagga]#
[root@quagga quagga]# vi /etc/services
————————————————cut——————————————————–
# Ports numbered 2600 through 2606 are used by the zebra package without
# being registred. The primary names are the registered names, and the
# unregistered names used by zebra are listed as aliases.
hpstgmgr 2600/tcp zebrasrv # HPSTGMGR
hpstgmgr 2600/udp # HPSTGMGR
discp-client 2601/tcp zebra # discp client
discp-client 2601/udp # discp client
discp-server 2602/tcp ripd # discp server
discp-server 2602/udp # discp server
servicemeter 2603/tcp ripngd # Service Meter
servicemeter 2603/udp # Service Meter
nsc-ccs 2604/tcp ospfd # NSC CCS
————————————————cut——————————————————–
[root@quagga quagga]# telnet 127.0.0.1 2601
Trying 127.0.0.1…
Connected to quagga.ragahdo.net (127.0.0.1).
Escape character is ‘^]’.
Hello, this is Quagga (version 0.98.6).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
Router> enable
Password:
Router# configure t
Router# configure terminal
Router(config)# interface eth0
Router(config-if)# ip address 192.168.1.99/24
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface eth1
Router(config-if)# ip address 192.168.2.1/24
Router(config-if)# no shutdown
Router(config-if)# exit
Router(config)# interface lo
Router(config-if)# ip address 10.0.0.1/32
Router(config-if)# exit
Router(config)# hostname quagga-unsri
quagga-unsri(config)# enable password kayarayaselamanya
quagga-unsri(config)# password matimasuksurga
quagga-unsri(config)# exit
quagga-unsri# show running-config
Current configuration:
!
hostname quagga-unsri
password matimasuksurga
enable password kayarayaselamanya
!
interface eth0
ip address 192.168.1.99/24
ipv6 nd suppress-ra
!
interface eth1
ip address 192.168.2.1/24
ipv6 nd suppress-ra
!
interface lo
ip address 10.0.0.1/32
!
interface sit0
ipv6 nd suppress-ra
!
!
–More-
quagga-unsri# copy running-config startup-config
Configuration saved to /etc/quagga/zebra.conf
quagga-unsri# exit
Connection closed by foreign host.
[root@quagga quagga]# telnet 127.0.0.1 2604
Trying 127.0.0.1…
Connected to quagga.ragahdo.net (127.0.0.1).
Escape character is ‘^]’.
Hello, this is Quagga (version 0.98.6).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
ospfd> enable
ospfd# configure terminal
ospfd(config)# router ospf
ospfd(config-router)# network 192.168.1.0/24 area 0
ospfd(config-router)# network 192.168.2.0/24 area 0
ospfd(config-router)# network 10.0.0.1/32 area 0
ospfd(config-router)# router-id 10.0.0.1
ospfd(config-router)# exit
ospfd(config)# hostname ospf-unsri
ospf-unsri(config)# enable password raffaragahdo
ospf-unsri(config)# password palembanglampungsetiapsabtu
ospf-unsri(config)# exit
ospf-unsri# show running-config
Current configuration:
!
hostname ospf-unsri
password palembanglampungsetiapsabtu
enable password raffaragahdo
log stdout
!
!
!
interface eth0
!
interface eth1
!
interface lo
!
interface sit0
!
router ospf
ospf router-id 10.0.0.1
network 10.0.0.1/32 area 0.0.0.0
network 192.168.1.0/24 area 0.0.0.0
network 192.168.2.0/24 area 0.0.0.0
!
line vty
!
end
ospf-unsri# copy run startup-config
Configuration saved to /etc/quagga/ospfd.conf
ospf-unsri#
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Thu Apr 29 22:42:44 2010
vyatta@vyatta:~$ configure
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.2.2/24
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.3.1/24
[edit]
vyatta@vyatta# set interfaces loopback lo address 10.0.0.2/32
[edit]
vyatta@vyatta# set protocols ospf area 0 network 192.168.2.0/24
[edit]
vyatta@vyatta# set protocols ospf area 0 network 192.168.3.0/24
[edit]
vyatta@vyatta# set protocols ospf area 0 network 10.0.0.2/32
[edit]
vyatta@vyatta# set protocols ospf log-adjacency-changes
[edit]
vyatta@vyatta# set protocols ospf parameters router-id 10.0.0.2
[edit]
vyatta@vyatta# set system host-name vyatta-unsri
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta# exit
exit
vyatta@vyatta:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.0.0.1/32 [110/20] via 192.168.2.1, eth0, 00:02:07
O 10.0.0.2/32 [110/10] is directly connected, lo, 00:02:20
C>* 10.0.0.2/32 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
O>* 192.168.1.0/24 [110/20] via 192.168.2.1, eth0, 00:02:07
O 192.168.2.0/24 [110/10] is directly connected, eth0, 00:02:26
C>* 192.168.2.0/24 is directly connected, eth0
O 192.168.3.0/24 [110/10] is directly connected, eth1, 00:02:20
C>* 192.168.3.0/24 is directly connected, eth1
vyatta@vyatta:~$ show ip ospf neighbor detail
Neighbor 10.0.0.1, interface address 192.168.2.1
In the area 0.0.0.0 via interface eth0
Neighbor priority is 1, State is Full, 6 state changes
Most recent state change statistics:
Progressive change 3m44s ago
DR is 192.168.2.1, BDR is 192.168.2.2
Options 2 *|-|-|-|-|-|E|*
Dead timer due in 29.211s
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission on
Thread Link State Update Retransmission on
vyatta@vyatta:~$
[root@quagga quagga]# telnet 127.0.0.1 2604
Trying 127.0.0.1…
Connected to quagga.ragahdo.net (127.0.0.1).
Escape character is ‘^]’.
Hello, this is Quagga (version 0.98.6).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password:
ospf-unsri> enable
Password:
ospf-unsri# show ip ospf neighbor detail
Neighbor 10.0.0.2, interface address 192.168.2.2
In the area 0.0.0.0 via interface eth1
Neighbor priority is 1, State is Full, 5 state changes
DR is 192.168.2.1, BDR is 192.168.2.2
Options 2 *|-|-|-|-|-|E|*
Dead timer due in 00:00:34
Database Summary List 0
Link State Request List 0
Link State Retransmission List 0
Thread Inactivity Timer on
Thread Database Description Retransmision off
Thread Link State Request Retransmission on
Thread Link State Update Retransmission on
ospf-unsri#
Integrasi Inherent dan Internet dengan memanfaatkan routing OSPF dan Default Routing dengan Vyatta (Case Study AMIK-STMIK Riau)
Pada Router Inherent Perguruan Tinggi
Login ke router
login as: vyatta
vyatta@167.205.148.26’s password:
Linux vyatta 2.6.26-1-486-vyatta #1 SMP Fri Feb 27 01:04:20 GMT 2009 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Mon Dec 7 08:39:26 2009
Masuk ke Configuration Mode
vyatta@vyatta:~$ configure
[edit]
Beri nama hostname pada router
vyatta@vyatta# set system host-name router-inherent
[edit]
Set IP address pada tiap interface
vyatta@vyatta# set interfaces ethernet eth0 address 167.205.182.206/30
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 167.205.148.25/29
[edit]
vyatta@vyatta# set interfaces loopback lo address 118.98.240.208/32
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Set routing protocol OSPF
vyatta@vyatta# set protocols ospf area 69 network 167.205.182.204/30
[edit]
vyatta@vyatta# set protocols ospf area 69 network 167.205.148.24/29
[edit]
vyatta@vyatta# set protocols ospf area 69 network 118.98.240.208/32
[edit]
vyatta@vyatta# set protocols ospf log-adjacency-changes
[edit]
vyatta@vyatta# set protocols ospf parameters router-id 118.98.240.208
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Aktifkan ssh dan https
vyatta@vyatta# set service ssh allow-root false
[edit]
vyatta@vyatta# set service ssh port 22
[edit]
vyatta@vyatta# set service https
[edit]
vyatta@vyatta# commit
Generating a 1024 bit RSA private key
..++++++
……………………………..++++++
writing new private key to ‘/etc/lighttpd/server.pem’
—–
Stopping web server: lighttpd.
Starting web server: lighttpd.
Stopping PAGER server
Starting PAGER server
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Pada Router Inherent-Internet
Login pada router
login as: vyatta
vyatta@167.205.148.26’s password:
Linux vyatta 2.6.26-1-486-vyatta #1 SMP Fri Feb 27 01:04:20 GMT 2009 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Mon Dec 7 08:39:26 2009
Masuk ke Configuration Mode
vyatta@vyatta:~$ configure
[edit]
Beri nama hostname pada router
vyatta@vyatta# set system host-name router-inherent-internet
[edit]
Set IP address pada tiap interface
vyatta@vyatta# set interfaces ethernet eth0 address 167.205.148.26/29
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 202.152.41.102/29
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Set routing protocol OSPF
vyatta@vyatta# set protocols ospf area 69 network 167.205.148.24/29
[edit]
vyatta@vyatta# set protocols ospf area 69 network 202.152.41.96/29
[edit]
vyatta@vyatta# set protocols ospf log-adjacency-changes
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Aktifkan ssh dan https
vyatta@vyatta# set service ssh allow-root false
[edit]
vyatta@vyatta# set service ssh port 22
[edit]
vyatta@vyatta# set service https
[edit]
vyatta@vyatta# commit
Generating a 1024 bit RSA private key
..++++++
……………………………..++++++
writing new private key to ‘/etc/lighttpd/server.pem’
—–
Stopping web server: lighttpd.
Starting web server: lighttpd.
Stopping PAGER server
Starting PAGER server
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Buat default routing menuju internet
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 202.152.41.97
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Buat NAT menuju ke Inherent dan ke internet
vyatta@vyatta# set service nat rule 1 description NAT-Inherent
[edit]
vyatta@vyatta# set service nat rule 1 outbound-interface eth0
[edit]
vyatta@vyatta# set service nat rule 1 type masquerade
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta# set service nat rule 2 description NAT-to-Internet
[edit]
vyatta@vyatta# set service nat rule 2 outbound-interface eth1
[edit]
vyatta@vyatta# set service nat rule 2 type masquerade
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta#
Pada web server kita ubah gateway menuju ke IP 202.152.41.102/29 sehingga server kita tetap mempunyai satu gateway, adapun routing menuju ke internet akan di belokkan router kita menuju IP 202.152.41.97/29. Selamat mencoba :)..
Download pdf
integrasi-inherent-dan-internet-dengan-memanfaatkan-routing OSPF
Integrasi Inherent dan Internet menggunakan Routing OSPF, NAT, Port Forwarding, Load Balancing, Webproxy dengan satu mesin Vyatta (Case Study Univ Muhammadyah Palembang)
login as: vyatta
vyatta@167.205.145.50’s password:
Linux vyatta 2.6.26-1-486-vyatta #1 SMP Fri Feb 27 01:04:20 GMT 2009 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Fri Nov 20 01:06:43 2009
Masuk ke configuration mode
vyatta@vyatta:~$ configure
[edit]
Set IP address untuk tiap-tiap interfaces
vyatta@vyatta# set interfaces ethernet eth0 address 192.168.0.2/24
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 192.168.1.2/24
[edit]
vyatta@vyatta# set interfaces ethernet eth2 address 167.205.145.50/29
[edit]
vyatta@vyatta# set interfaces ethernet eth2 address 167.205.145.51/29
[edit]
vyatta@vyatta# set interfaces ethernet eth2 address 167.205.145.52/29
[edit]
vyatta@vyatta# set interfaces ethernet eth3 address 192.168.49.1/24
[edit]
Set Routing Protocol OSPF, disini kita akan mengatur alamat network yang menggunakan OSPF yaitu alamat network 167.205.145.48/29 dan alamat network 118.98.240.189/32 dan ingat jangan pernah meng-advertise alamat IP Private ke Network Inherent.
vyatta@vyatta# set protocols ospf log-adjacency-changes
[edit]
vyatta@vyatta# set protocols ospf parameters router-id 118.98.240.189
[edit]
vyatta@vyatta# set protocols ospf parameters router-id 118.98.240.189
[edit]
vyatta@vyatta# set protocols ospf area 69 network 167.205.145.48/29
[edit]
vyatta@vyatta# set protocols ospf area 69 network 118.98.240.189/32
[edit]
Aktifkan webgui untuk vyatta sehingga kita bisa melakukan administrasi mesin vyatta tidak hanya melalui console teapi juga melalui web. Anda bisa membuka https://alamat-ip-dari-mesin-vyatta misal https://167.205.145.50
vyatta@vyatta# set service https
[edit]
vyatta@vyatta# commit
Generating a 1024 bit RSA private key
….++++++
………..++++++
writing new private key to ‘/etc/lighttpd/server.pem’
—–
Stopping web server: lighttpd.
Starting web server: lighttpd.
Stopping PAGER server
saveStarting PAGER server
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Set NAT menuju ke inherent
vyatta@vyatta# set service nat rule 10 description NAT-to-Inherent
[edit]
vyatta@vyatta# set service nat rule 10 outbound-interface eth2
[edit]
vyatta@vyatta# set service nat rule 10 type masquerade
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Sampai sini kita sudah bisa mengakses Inherent tetapi berada dalam kondisi NAT
Sekarang bagaimana jika kita ingin agar server kita juga bisa diakses dari inherent dengan mempergunakan IP address yang dialokasikan oleh pengelola inherent sesuai dengan IP address untuk local node kita, padahal server kita ke mempunyai IP Private, disini kita akan memperlakukan satu teknik lagi, yang dikenal dengan IP Forwarding jika kita ingin meneruskan seluruh traffic dari inherent ke server kita, dan Port Forwarding jika kita ingin meneruskan traffic ke port tertentu saja misal vyatta hanya akan meneruskan ke mesin local jika ada request menuju ke port 80 (http). Disini kita akan memperlakukan teknik Port Forwarding. Contoh disini kita menginginkan agar alamat IP server local 192.168.49.2 bisa diakses dari inherent dengan IP address 167.205.145.51 dengan protocol http (Port 80).
vyatta@vyatta# set service nat rule 20 description DNAT-to-Webserver1-from-inherent
[edit]
vyatta@vyatta# set service nat rule 20 type destination
[edit]
vyatta@vyatta# set service nat rule 20 destination address 167.205.145.51
[edit]
vyatta@vyatta# set service nat rule 20 inbound-interface eth2
[edit]
vyatta@vyatta# set service nat rule 20 protocol tcp
[edit]
vyatta@vyatta# set service nat rule 20 destination port 80
[edit]
vyatta@vyatta# set service nat rule 20 inside-address address 192.168.49.2
[edit]
vyatta@vyatta# set service nat rule 20 inside-address port 80
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Nah sekarang bagaimana jika kita mempunyai alat Vicon untuk melakukan telekonferensi, Komunikasi voice dan video ini mempergunakan protocol UDP sebagai protocol transport-nya, nah disini kita akan melakukan IP Forwarding, artinya meneruskan seluruh traffic tanpa perlu memperhatikan traffic tersebut mempergunakan protocol transport apa dan nomor port berapa sebagai destination port-nya.
vyatta@vyatta# set service nat rule 30 description DNAT-to-Vicon-from-inherent
[edit]
vyatta@vyatta# set service nat rule 30 type destination
[edit]
vyatta@vyatta# set service nat rule 30 destination address 167.205.145.52
[edit]
vyatta@vyatta# set service nat rule 30 inbound-interface eth2
[edit]
vyatta@vyatta# set service nat rule 30 inside-address address 192.168.49.3
[edit]
vyatta@vyatta#
Nah pada saat anda memberikan IP pada vicon berikanlah IP Private 192.168.49.3, dan sampai disini berarti baik webserver dan vicon kita sudah bisa berkomunikasi 2 arah dalam artian bisa mengakses dan bisa diakses dari jaringan inherent
Selanjutnya bagaimana kita bisa memanfaatkan IP public pada modem ADSL kita untuk bisa diberikan ke webserver kita, sebenarnya teknik yang dipergunakan sama seperti sebelumnya yaitu teknik Port Forwarding. Pada permodelan network ini kita anggap IP Address 192.168.0.2 dan IP Address 192.168.1.2 adalah IP Public
vyatta@vyatta# set service nat rule 40 description DNAT-from-ISP1-to-webserver1
[edit]
vyatta@vyatta# set service nat rule 40 type destination
[edit]
vyatta@vyatta# set service nat rule 40 destination address 192.168.0.2
[edit]
vyatta@vyatta# set service nat rule 40 protocol tcp
[edit]
vyatta@vyatta# set service nat rule 40 destination port 80
[edit]
vyatta@vyatta# set service nat rule 40 inbound-interface eth0
[edit]
vyatta@vyatta# set service nat rule 40 inside-address address 192.168.49.2
[edit]
vyatta@vyatta# set service nat rule 40 inside-address port 80
[edit]
Nah sekarang server tersebut juga sudah bisa di akses dari internet dengan mempergunakan IP Public, lakukan pendaftaran ke http://pandi.or.id agar server tersebut bisa diakses dengan mempergunakan nama domain
Sekarang kita akan memanfaatkan IP Public satu yaitu lagi 192.168.1.2 untuk diberikan ke server kita yang lain, bisa jadi server ini akan kita jadikan mail server ataupun server yang lain sesuai dengan kebutuhan kita. Dan ingat jika anda ingin menjadikan server ini sebagai mail server, mau tidak mau yang harus anda lakukan adalah melakukan pendaftaran domain ke http://pandi.or.id karena mail server harus mempunyai MX record sehingga MTA dari mail server lain bisa mengirim email ke server kita (komunikasi antar mail server). Tetapi untuk contoh disini kita masih mempergunakan port 80 karena kita ingin agar server kita ini juga berfungsi penyedia layanan web dan bisa dimanfaatkan untuk layanan e-learning dan lain-lain.
vyatta@vyatta# set service nat rule 50 description DNAT-from-ISP2-to-webserver2
[edit]
vyatta@vyatta# set service nat rule 50 type destination
[edit]
vyatta@vyatta# set service nat rule 50 destination address 192.168.1.2
[edit]
vyatta@vyatta# set service nat rule 50 protocol tcp
[edit]
vyatta@vyatta# set service nat rule 50 destination port 80
[edit]
vyatta@vyatta# set service nat rule 50 inbound-interface eth0
[edit]
vyatta@vyatta# set service nat rule 50 inside-address address 192.168.49.4
[edit]
vyatta@vyatta# set service nat rule 50 inside-address port 80
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Kemudian lakukan NAT menuju ke internet melalui ISP1 supaya user pada LAN bisa mengakses layanan internet
vyatta@vyatta# set service nat rule 60 description NAT-to-Internet-via-ISP1
[edit]
vyatta@vyatta# set service nat rule 60 destination address 0.0.0.0/0
[edit]
vyatta@vyatta# set service nat rule 60 outbound-interface eth0
[edit]
vyatta@vyatta# set service nat rule 60 type masquerade
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Sama seperti diatas lakukan NAT sekali lagi menuju ke internet melalui ISP2
vyatta@vyatta# set service nat rule 70 description NAT-to-Internet-via-ISP2
[edit]
vyatta@vyatta# set service nat rule 70 destination address 0.0.0.0/0
[edit]
vyatta@vyatta# set service nat rule 70 outbound-interface eth1
[edit]
vyatta@vyatta# set service nat rule 70 type masquerade
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Set default gateway baik yang melalui ISP1 dan ISP2
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 192.168.0.1
[edit]
vyatta@vyatta# set protocols static route 0.0.0.0/0 next-hop 192.168.1.1
[edit]
Sekarang kita akan mencoba melihat routing table yang terbentuk
vyatta@vyatta#exit
[edit]
vyatta@vyatta:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
S>* 0.0.0.0/0 [1/0] via 192.168.0.1, eth0
* via 192.168.1.1, eth1
O 118.98.240.189/32 [110/10] is directly connected, lo, 00:59:56
C>* 118.98.240.189/32 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
O 167.205.145.48/29 [110/10] is directly connected, eth2, 01:15:48
C>* 167.205.145.48/29 is directly connected, eth2
C>* 192.168.0.0/24 is directly connected, eth0
C>* 192.168.1.0/24 is directly connected, eth1
O>* 192.168.5.0/24 [110/20] via 167.205.145.49, eth2, 01:15:47
C>* 192.168.49.0/24 is directly connected, eth3
vyatta@vyatta:~$
[edit]
Note:
Perlu dicatat disini, karena ini merupakan simulasi dengan VMware maka maka routing table yang terbentuk terbatas pada network-network yang ada pada simulasi ini. Routing Table akan terbentuk lebih banyak lagi jika kita sudah menghubungkan router ini ke real system.
Set load balancing baik melalui eth0 maupun eth1
vyatta@vyatta:~$configure
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth0 failure-count 5
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth0 nexthop 192.168.0.1
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth0 ping 192.168.0.1
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth1 failure-count 4
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth1 nexthop 192.168.1.1
[edit]
vyatta@vyatta# set load-balancing wan interface-health eth1 ping 192.168.1.1
[edit]
Set rule (pengaturan) dari load balancing agar traffic yang berasal eth3 (LAN) bisa diarahkan keluar melalui eth0 dan eth1, berikan rule 10
vyatta@vyatta# set load-balancing wan rule 10 inbound-interface eth3
[edit]
vyatta@vyatta# set load-balancing wan rule 10 interface eth0 weight 2
[edit]
vyatta@vyatta# set load-balancing wan rule 10 interface eth1 weight 1
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta#
Set lagi rule (pengaturan) dari load balancing seperti diatas, kali ini berikan rule 20
vyatta@vyatta# set load-balancing wan rule 20 inbound-interface eth3
[edit]
vyatta@vyatta# set load-balancing wan rule 20 interface eth0 weight 2
[edit]
vyatta@vyatta# set load-balancing wan rule 20 interface eth1 weight 1
[edit]
vyatta@vyatta# commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Jika anda menjadikan server pada alamat IP 192.168.49.2 sebagai DNS local maka pada mesin vyatta arahkan name server menuju IP tersebut
vyatta@vyatta# set system name-server 192.168.49.2
[edit]
Untuk menghemat penggunaan bandwidth maka Vyatta juga bisa dijadikan webproxy yang bisa menyimpan web cache, dan karena seluruh traffic dari LAN akan menuju alamat IP 192.168.49.1 maka alamat IP ini berfungsi sebagai default gateway untuk LAN tersebut, atur listen-address untuk menggunakan IP tersebut.
vyatta@vyatta# set service webproxy listen-address 192.168.49.1
[edit]
vyatta@vyatta# commit
Restarting Squid HTTP Proxy 3.0: squid3.
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
Lakukan updating terhadap webproxy
vyatta@vyatta# exit
exit
vyatta@vyatta:~$ update webproxy blacklists
Warning: No url-filtering blacklist installed
Would you like to download a default blacklist? [confirm][y]
–2009-11-22 20:51:06– ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
=> `/tmp/blacklists.gz’
—————————————-cut———————————————–
Masuk lagi ke configure mode buat pengaturan untuk web proxy ini
vyatta@vyatta:~$ configure
[edit]
Alokasikan besarnya cache webproxy pada hardisk, nilai yang kita buat dalam ukuran MB, contoh angka 100000 berarti 100000 MB. Lakukan sesuai dengan ketersediaan space yang tersedia pada hardisk anda.
vyatta@vyatta # set service webproxy cache-size 100000
[edit]
Set auto update seminggu sekali supaya tidak terlalu membebani bandwidth
vyatta@vyatta # set service webproxy url-filtering squidguard auto-update weekly
[edit]
Set alamat url yang tidak kita izinkan untuk diakses, misal link game pada facebook, karena konsumsi bandwidth yang cukup besar
vyatta@vyatta # set service webproxy url-filtering squidguard local-block apps.facebook.com
[edit]
Set kategori yang bersifat pornografi dan perjudian maupun kategori yang dilarang lainnya, tetapi anda harus hati-hati dan cukup bijak terhadap content ini, karena beberapa fakultas seperti fakultas kedokteran memerlukan keyword sex untuk menunjang pembelajaran mereka dalam mencari literatur, jurnal dan lain sebagainya
vyatta@vyatta# set service webproxy url-filtering squidguard block-category sex
[edit]
Redirect-url berguna untuk membelokkan traffic jika ada user mengakses content yang termasuk dalam kategori yang dilarang tadi, misal dibelokkan menuju ke official site kita: www.unsri.ac.id
vyatta@vyatta # set service webproxy url-filtering squidguard redirect-url www.unsri.ac.id
[edit]
vyatta@vyatta # commit
[edit]
vyatta@vyatta # save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta #
Demikianlah desain dari network ini kami (Tim ICT Unsri) buat sebagai bentuk kepedulian kami terhadap kemajuan bersama berdasarkan asas Tri Dharma Perguruan Tinggi. Bagaimana kita membuat suatu system yang handal berdasarkan kondisi existing dari network tersebut dan tetap memperhatikan aspek low cost, low requirement and still meet with user requirement but powerful dengan memanfaatkan Vyatta Open Source (Thanks to Vyatta http://vyatta.org) dan low end PC (PC Butut). Terhadap Universitas lain yang berada di bawah sub local node Palembang-UNSRI, kami sangat terbuka untuk saling membantu dalam perancangan network, berdikusi, dan saling berbagi. Let share and discuss guy..remember IT not cost centre
Download pdf
integrasi-inherent-dan-internet-menggunakan-routing-ospf-case-UMP
Perbandingan Singkat (Brief Comparison) perintah Cisco dan Vyatta
Mode:
| Cisco Prompt | Nama Mode | Vyatta Prompt | Nama Mode |
| Router> | User Mode | vyatta@vyatta:~$ | Operational Mode |
| Router# | Privilege Mode | vyatta@vyatta# | Configurationmode |
| Router(config)# | Global Configuration Mode |
|
—– VYATTA OPERATIONAL MODE COMMANDS —– |
||
| ping traceroute show arp show ip ospf neighbor show ip ospf database show ip ospf neighbor detail show ip ospf border-routers show ip route show ip route ospf show ip route connected show ip route rip show ip route static show ip interfaces |
ping traceroute show arp show ip ospf neighbor show ip ospf database show ip ospf neighbor detail show ip ospf border-routers show ip route show ip route ospf show ip route connected show ip route rip show ip route static show interfaces |
|
|
—– VYATTA CONFIGURATION MODE COMMANDS —– |
||
| SAVE | ||
| copy run start | save | |
| SHOW | ||
| show running-config | show | |
| HELP | ||
| ? | ? | |
| SET SERVICE | ||
| ip http server line vty 0 4 password crypto key generate rsa (only on some IOS versions) |
set service https set service telnet set service ssh |
|
| DHCP | ||
| ip dhcp pool mydhcp
network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 192.168.100.1 ip dhcp excluded-address 192.168.0.1 192.168.0.10 |
set service dhcp-server shared-network-name mydhcp
set service dhcp-server shared-network-name mydhcp subnet 192.168.0.0/24 set service dhcp-server shared-network-name mydhcp subnet 192.168.0.0/24 default-router 192.168.0.1 set service dhcp-server shared-network-name mydhcp subnet 192.168.0.0/24 dns-server 192.168.100.1 set service dhcp-server shared-network-name mydhcp subnet 192.168.0.0/24 exclude 192.168.0.1 set service dhcp-server shared-network-name mydhcp subnet 192.168.0.0/24 exclude 192.168.0.10 |
|
| SET SYSTEM | ||
| ip domain-name hostname username …password… ntp server ip name-server terminal monitor clock timezone |
set system domain-name set system host-name set system login set system ntp-server set system name-server set system syslog console set system time-zone |
|
| logging logging facility logging trap |
set system syslog host set system syslog host … facility set system syslog host….facility…level…. |
|
| SET PROTOCOLS … | ||
| INTERFACES interface fastEthernet 0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto description LAN no shutdown |
set interfaces ethernet eth0 address 192.168.1.1/24
set interfaces ethernet eth0 duplex auto set interfaces ethernet eth0 speed auto set interfaces ethernet eth0 description LAN |
|
| OSPF router ospf 1 network 192.168.1.0 0.0.0.255 area 1 log-adjacency-changes router-id 192.168.1.1 |
set protocols ospf area 1 network 192.168.1.0/24
set protocols ospf log-adjacency-changes set protocols ospf parameters router-id 192.168.1.1 |
|
| STATIC ip route 0.0.0.0 0.0.0.0 192.168.0.1 |
set protocols static route 0.0.0.0/0 next-hop 192.168.0.1 | |
| RIP router rip network 192.168.1.0 |
set protocols rip network 192.168.1.0/24 | |
| SNMP snmp-server community … ro|rw snmp-server community … ACL snmp-server location snmp-server contact |
set protocols snmp community … authorization ro|rw set protocols snmp community … client set protocols snmp location set protocols snmp contact |
|
Routing protocol OSPF dengan Vyatta untuk sub local node INHERENT ke local node UNSRI
Routing, adalah sebuah proses untuk mem-forward paket data dari satu network menuju network lain. Dengan Routing kita dapat membuat dua atau lebih network yang berbeda saling berkomunikasi. Untuk melakukan hal ini, diperlukan suatu peralatan yang disebut router. Pada saat router menerima suatu packet data maka router akan membaca alamat yang menjadi tujuan berdasarkan header yang terdapat pada packet, setelah router mengetahui kemana alamat yang akan dituju maka router akan melihat routing table Dengan routing table inilah maka router akan tahu kemana ia akan meneruskan packet data tersebut.
Routing table menyimpan informasi mengenai network yang terhubung dengannya (Connected Networks) maupun netwok yang tidak terhubung dengannya (Remote networks). Connected networks adalah network yang terhubung dengan salah satu interface pada router. Remote networks adalah network yang tidak terhubung langsung dengan salah interface pada router. Routing Table bisa dibentuk dengan berbagai macam cara yaitu dengan Static Routing maupun Dynamic Routing.
Static Routing adalah Routing Table yang dibentuk dengan cara di-entry secara manual oleh network administrator, sedangkan Dynamic Routing adalah Routing Table yang dibentuk secara otomatis dengan menggunakan dynamic routing protocols.
Dynamic Routing Protocol dibagi kedalam dua kategori yaitu IGP (Interior Gateway Protocols)  dan EGP (Exterior Gateway Protocol)
Interior Gateway Protocols (IGPs) adalah protocol yang melakukan routing didalam satu autonomous systems sedangkan Exterior Gateway Protocol (EGPs) adalah protocol yang melakukan routing antar autonomous systems
IGPs dibagi ke dalam dua kategori lagi yaitu
- distance-vector
- link-state protocols
Distance-vector protocol antara lain:
- Routing Information Protocol (RIP)
- Interior Gateway Routing Protocol (IGRP)
- Enhanced IGRP (EIGRP)
Link-state protocols antara lain
- Open Shortest Path First (OSPF)
- Intermediate System-to-Intermediate System (IS-IS).
EGPs
Border Gateway Protocol (BGP).
Inherent (Indonesia Higher Education Network) memilih menggunakan protocol OSPF dikarenakan selain OSPF merupakan protocol open system yang bisa digunakan pada router buatan suatu vendor tertentu maupun router yang dibangun dengan software open source, selain itu dikarenakan OSPF menggunakan Link State Algortitma yaitu jika suatu router yang dikonfigurasi dengan link-state routing protocol maka router tersebut akan membuat suatu “complete view” dari sebuah topologi dengan cara mengumpulkan informasi dari seluruh router. Sehingga mempunyai “the best path” atau jalan terbaik keseluruh network tujuan dalam suatu topologi.
Dalam membuat suatu complete view suatu router harus mencapai kondisi convergence yaitu kondisi dimana seluruh routing table berada dalam kondisi “state of consistency”. Suatu network disebut sudah convergence jika seluruh router sudah mempunyai routing table yang lengkap dan akurat terhadap network. Sedangkan untuk mencapai kondisi convergence, suatu router membutuhkan convergence time yaitu waktu yang dibutuhkan router untuk berbagi infomasi, melakukan kalkulasi “the best paths“, dan melakukan update terhadap routing tables. Secara Umum, RIP and IGRP mempunyai time converge yang lambat, sedangkan EIGRP and OSPF mempunyai time converge yang lebih cepat.
OSPF dikonfigurasi dengan menggunakan perintah router ospf process-id. Process-id adalah nilai antara 1 and 65535 yang dipilih oleh network administrator. Nilai Process-id bersifat local maksudnya tidak mempengaruhi OSPF routers untuk membangun hubungan dengan router yang bersebelahan. Di dalam topologi inherent, pengelola menggunakan area-id untuk dijadikan process-id
R1(config)#router ospf <process-id>
Router(config-router)#network network-address wildcard-mask area area-id
OSPF network menggunakan gabungan network-address, wildcard-mask dan area-id
Contoh:
R1’s FastEthernet 0/0 interface mempunyai alamat nerwork 167.205.182.124/30. Subnet mask untuk interface ini /30 atau 255.255.255.252. Untuk mendapatkan subnet masknya kurangkan nilai 255.255.255.255 dengan 255.255.255.252, hasil dari pengurangan tersebut menghasilkan wildcard mask
255.255.255.255
- 255.255.255.252 Subtract the subnet mask
——————-
0. 0. 0. 15 Wildcard mask
Area-id merujuk ke OSPF area. OSPF area kumpulan dari routers yang saling berbagi informasi link-state. Seluruh routers pada area yang sama harus mempunyai informasi link-state yang sama pada link-state databases-nya.
OSPF router ID digunakan sebagai identitas unik tiap router pada OSPF. Router ID secara simpel ada sebuah IP address. Routers menentukan ID didasarkan 3 kriteria yaitu:
- Menggunakan IP address yang dikonfigurasi dengan perintah OSPF router-id
- Jika router-id tidak dikonfigurasi, maka router akan memilih IP address tertinggi pada interface loopback.
- Jika interfaces loopback tidak ada yang dikonfigurasi maka router akan memilih IP address tertinggi dari interface fisik.
Adapun Interface Loopback adalah Interface yang bersifat logic atau virtual, interface ini tidak ada dalam bentuk fisik, dan sama halnya dengan interface fisik, interface ini mendapat perlakuan yang sama dengan interface fisik, antara lain mendapat alamat IP dan Subnet Mask seperti halnya kita memberikan IP pada Interface fisik, dan karena bersifat logic tentu interface ini tidak akan mengalami kondisi down seperti Interface fisik, sehingga ia merupakan suatu interface yang aktif setiap saat, dan kalau interface ini di-set dengan diberikan IP maka routing protokol OSPF akan menjadikan alamat IP pada interface loopback ini sebagai Router-ID untuk router tersebut. Dan ia bukan interface yang menghubungkan suatu network ke router, interface ini hanya membutuhkan satu alamat IP sehingga di konfigurasi dengan subnet mask bernilai 255.255.255.255 atau semua bit bernilai 1 atau dalam bentuk prefix yaitu /32
Router dengan Software Open Source Vyatta
(Konfigurasi oleh PT yang terhubung)
Download iso versi terbaru dari Vyatta pada http://vyatta.org (Thanks to Vyatta). Burning ke CD, kemudian booting PC yang akan dijadikan router dari CD ROM (vyatta sangat hemat resource, pengalaman menunjukkan dengan Pentium 4 RAM 256 dan Hardisk 40 GB, Vyatta menunjukkan performance yang cukup baik).
Masukkan username vyatta dan password vyatta (default)
login as: vyatta
password:
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Tue Nov 17 07:06:54 2009
Lakukan instalasi
vyatta@vyatta:~$ install-system
Welcome to the Vyatta install program. This script
will walk you through the process of installing the
Vyatta image to a local hard drive.
Would you like to continue? (Yes/No) [Yes]: yes
Probing drives: OK
Looking for pre-existing RAID groups…none found.
The Vyatta image will require a minimum 1000MB root.
Would you like me to try to partition a drive automatically
or would you rather partition it manually with parted? If
you have already setup your partitions, you may skip this step.
Partition (Auto/Union/Parted/Skip) [Auto]:
I found the following drives on your system:
sda 8590MB
Install the image on? [sda]:
This will destroy all data on /dev/sda.
Continue? (Yes/No) [No]: yes
How big of a root partition should I create? (1000MB - 8590MB) [8590]MB:
Creating filesystem on /dev/sda1: OK
Mounting /dev/sda1
Copying system image files to /dev/sda1:OK
I found the following configuration files
/opt/vyatta/etc/config/config.boot
Which one should I copy to sda? [/opt/vyatta/etc/config/config.boot]:
Masukkan password yang diinginkan
Would you like to set the passwords for system users (Yes/No) [Yes]: yes
Enter root password:
Retype root password:
Enter vyatta password:
Retype vyatta password:
I need to install the GRUB boot loader.
I found the following drives on your system:
sda 8590MB
Which drive should GRUB modify the boot partition on? [sda]:
Setting up grub: OK
Done!
vyatta@vyatta:~$
Karena masih dalam keadaan booting dari live CD, lakukan reboot.
Setelah reboot masukkan username vyatta dan password yang kita buat tadi.
Ketik configure untuk masuk ke configuration mode
vyatta@vyatta:~$ configure
[edit]
Set IP sesuai yang didapatkan dari pengelola jaringan inherent
vyatta@vyatta# set interfaces ethernet eth0 address 167.205.182.126/30
[edit]
vyatta@vyatta# set interfaces ethernet eth1 address 167.205.145.9/29
[edit]
vyatta@vyatta# set interfaces loopback lo address 118.98.240.184/32
[edit]
Set routing protocol OSPF
vyatta@vyatta# set protocols ospf log-adjacency-changes
[edit]
vyatta@vyatta# set protocols ospf parameters router-id 118.98.240.184
[edit]
vyatta@vyatta# set protocols ospf area 69 network 167.205.182.124/30
[edit]
vyatta@vyatta# set protocols ospf area 69 network 167.205.145.8/29
[edit]
vyatta@vyatta# set protocols ospf area 69 network 118.98.240.184/32
[edit]
Aktifkan konfigurasi
vyatta@vyatta# commit
[edit]
Simpan konfigurasi
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta# exit
vyatta@vyatta:~$
Melihat routing table yang terbentuk
vyatta@vyatta:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
OÂ 118.98.240.184/32 [110/10] is directly connected, lo, 00:03:32
C>* 118.98.240.184/32 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
OÂ 167.205.145.8/29 [110/10] is directly connected, eth1, 00:03:32
C>* 167.205.145.8/29 is directly connected, eth1
OÂ 167.205.182.124/30 [110/10] is directly connected, eth0, 00:03:37
C>* 167.205.182.124/30 is directly connected, eth0
Melihat database routing
vyatta@vyatta:~$ show ip ospf database
OSPF Router with ID (118.98.240.184)
Router Link States (Area 0.0.0.69)
Link ID ADV Router Age Seq# CkSum Link count
118.98.240.184Â 118.98.240.184Â 1236 0×80000003 0xf738 3
167.205.182.125 167.205.182.125 1276 0×80000006 0×8e10 1
Net Link States (Area 0.0.0.69)
Link ID ADV Router Age Seq# CkSum
167.205.182.125 167.205.182.125 1277 0×80000001 0xa33a
Melihat ospf interface
vyatta@vyatta:~$ show ip ospf interface
eth0 is up
ifindex 2, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST>
Internet Address 167.205.182.126/30, Broadcast 167.205.182.127, Area 0.0.0.69
MTU mismatch detection:enabled
Router ID 118.98.240.184, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 167.205.182.125, Interface Address 167.205.182.125
Backup Designated Router (ID) 118.98.240.184, Interface Address 167.205.182.126
Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in 9.124s
Neighbor Count is 1, Adjacent neighbor count is 1
eth1 is up
ifindex 3, MTU 1500 bytes, BW 0 Kbit <UP,BROADCAST,RUNNING,MULTICAST>
Internet Address 167.205.145.9/29, Broadcast 167.205.145.15, Area 0.0.0.69
MTU mismatch detection:enabled
Router ID 118.98.240.184, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 118.98.240.184, Interface Address 167.205.145.9
No backup designated router on this network
Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in 9.124s
Neighbor Count is 0, Adjacent neighbor count is 0
lo is up
ifindex 1, MTU 16436 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
Internet Address 118.98.240.184/32, Area 0.0.0.69
MTU mismatch detection:enabled
Router ID 118.98.240.184, Network Type LOOPBACK, Cost: 10
Transmit Delay is 1 sec, State Loopback, Priority 1
No designated router on this network
No backup designated router on this network
Multicast group memberships: <None>
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in inactive
Neighbor Count is 0, Adjacent neighbor count is 0
Melihat ospf neighbor
vyatta@vyatta:~$ show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
167.205.182.125Â 1 Full/DRÂ 33.834s 167.205.182.125 eth0:167.205.182.126Â 0Â 0Â 0
vyatta@vyatta:~$
Download pdf
routing-protocol-ospf-dengan-vyatta-untuk-sub-local-node-UNSRI
Administrasi Vyatta dengan Web GUI
Bagaimana mengadministrasi Vyatta dengan menggunakan GUI, bagi yang sudah terbiasa dengan perintah console baik itu di CLI Cisco, Linux dengan Shell Command hal tersebut bukanlah suatu permasalahan yang berarti tetapi bagi yang belum terbiasa dan belum mengerti konsep fundamental dari network yang baik tentu akan mengalami sedikit kerepotan. Untuk mengadministrasi vyatta dengan GUI dapat dilakukan dengan mudah yaitu dengan cara mengaktifkannya dulu pada console (lagi-lagi console pucing dech…:) ), dan disini kita menggunakan Vyatta versi 5.0.2 (thanks to Vyatta - http://vyatta.org).
login as: vyatta
vyatta@192.168.0.1’s password:
Linux vyatta 2.6.26-1-486-vyatta #1 SMP Fri Feb 27 01:04:20 GMT 2009 i686
Welcome to Vyatta.
This system is open-source software. The exact distribution terms for
each module comprising the full system are described in the individual
files in /usr/share/doc/*/copyright.
Last login: Sat Oct 24 10:12:25 2009 from 192.168.0.199
vyatta@vyatta:~$ configure
[edit]
vyatta@vyatta# set service https
[edit]
vyatta@vyatta# commit
No configuration changes to commit
[edit]
vyatta@vyatta# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@vyatta#
Seterusnya buka web browser ketikkan http://192.168.01 ( atau sesuai dengan IP yang kita berikan pada mesin vyatta kita. Setelah tampil pada web browser masukkan username dan password kemudian login.
InterVLAN Routing dengan Vyatta
VLAN dibuat dengan encapsulation dot 1Q berdasarkan IEEE 802.1Q, yaitu terjadi peristiwa tagging oleh switch pada header frame ethernet, berupa VLAN ID, dan dengan tag yang terdapat pada header frame inilah maka switch akan melihat port mana saja yang mempunyai VLAN ID yang sama dengan frame tersebut, frame hanya akan diteruskan menuju port yang di set dengan VLAN ID yang sama dan tidak akan diteruskan menuju port dengan VLAN ID yang berbeda, dengan metode inilah maka terjadilah segmentasi LAN berdasarkan port pada switch, sehingga broadcast yang dihasilkan oleh salah satu host tidak akan diteruskan menuju port dengan VLAN ID yang berbeda atau hanya akan diteruskan ke port dengan VLAN ID yang sama, sehingga terjadi efisiensi pemakaian bandwidth. Kondisi inilah yang membuat VLAN seolah-olah mempunyai banyak LAN dalam pengertian logical tetapi sebenarnya berada dalam satu LAN dalam pengertian physical.
LAN-LAN yang berbeda pada VLAN ini harus mempunyai alamat network yang berbeda, sesuai dengan prinsip dasar di network, maka jika ada dua atau lebih alamat network yang berbeda ingin berkomunikasi maka harus melakukan peristiwa routing. Pada peralatan Cisco, routing antar VLAN bisa dilakukan oeh switch itu sendiri asalkan switch tersebut mempunyai fasilitas routing yaitu Layer 3 Switch, jadi ada switch yang hanya mendukung layer 2 dan ada switch yang mendukung layer 3, tentu dari sisi praktis layer 3 switch lebih praktis, dalam artian kita bisa membuat VLAN sekaligus melakukan routing sehingga antar VLAN yang berbeda tadi bisa berkomunikasi, tetapi dari sisi cost, peralatan switch layer 3 mempunyai harga yang lebih mahal dari switch layer 2.
Sebaliknya jika kita menggunakan switch layer 2 dalam membuat VLAN, kita untuk membuat antar VLAN yang berbeda tadi berkomunikasi atau dengan kata lain melakukan routing antar VLAN maka kita harus menggunakan peralatan tambahan berupa router, tentu dari sisi cost, itu berarti harus ada investasi tambahan peralatan yaitu router. Dari situlah kita berpikir bagaimana membuat jaringan yang handal, efisiensi terhadap cost, tentu sekilas kita melihat seolah ada sesuatu yang berlawanan, (“man uji wong pelembang ado rego ado barang”).
Sebenarnya dua hal itu bukanlah dua hal yang bertentangan asal kita mengerti prinsip keilmuan secara fundamental (back to fundamental back to philosophy), mengerti sebenarnya apa yang terjadi, sehingga mengerti apa yang harus kita lakukan. Ada banyak software opensource yang mendukung encapsulation dot 1 q, antara lain adalah Vyatta (http://vyatta.org - thanks to Vyatta), Vyatta bisa di download secara gratis dan tidak membutuhkan hardware dengan klasifikasi tinggi, dari pengalaman yang sudah dilakukan Vyatta bisa dijalankan pada Pentium III RAM 128 MB dengan harga second dibawah 1 juta rupiah, dan mempunyai kinerja cukup baik (man dipikir-pikir sebenernyo katek yang murah, sebab ilmunyo yang mahal, ilmunyo ini yang betahun-tahun nyarinyo, kopi begelas-gelas nak Cappucino pulok, rokok bebungkus-bungkus, DjiSamSoe pulok, singgonyo dak teritung lagi nilai investasi). Pada studi kasus ini dipergunakan Catalyst 2960-24TT untuk membuat VLAN dan Vyatta versi 5.0.2 untuk Inter VLAN Routing. Untuk lebih jelas mari kita lihat topologi dibawah ini.
Topologi
Pada Studi kasus ini kita akan membuat 5 VLAN
- VLAN 2 labnetwork
- VLAN 3 labrobotika
- VLAN 4 labelektronika
- VLAN 100 webserver
- VLAN 101 databaseserver
VLAN 1 tidak dibuat karena sudah ada secara default dan nanti akan digunakan sebagai VLAN Manajemen
Untuk skema pengalamatan
- 192.168.1.0/24 untuk VLAN Manajemen
- 192.168.2.0/24 untuk VLAN labnetwork
- 192.168.3.0/24 untuk VLAN labrobotika
- 192.168.100.0/24 untuk VLAN webserver
- 192.168.101.0/24 untuk VLAN databaseserver
Pada Cisco Switch
Switch>enable
Switch#configure terminal
Switch(config)#interface range fastEthernet 0/1 - 24
Switch(config-if-range)#shutdown
Switch(config-if-range)#exit
Switch(config)#interface range gigabitEthernet 1/1 - 2
Switch(config-if-range)#shutdown
Switch(config-if-range)#exit
Switch(config)#exit
Switch#vlan database
Switch(vlan)#vtp server
Device mode already VTP SERVER.
Switch(vlan)#vtp domain unsri
Switch(vlan)#vtp password kayarayaselamanyamatimasuksurga
Switch(vlan)#vlan 2 name labnetwork
Switch(vlan)#vlan 3 name labrobotika
Switch(vlan)#vlan 4 name labelektronika
Switch(vlan)#vlan 100 name webserver
Switch(vlan)#vlan 101 name databaseserver
Switch(vlan)#exit
Switch#configure terminal
Switch(config)#hostname VLAN-UNSRI
VLAN-UNSRI(config)#interface vlan 1
VLAN-UNSRI(config-if)#ip address 192.168.1.1 255.255.255.0
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/1
VLAN-UNSRI(config-if)#switchport access vlan 2
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/2
VLAN-UNSRI(config-if)#switchport access vlan 2
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/3
VLAN-UNSRI(config-if)#switchport access vlan 3
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/4
VLAN-UNSRI(config-if)#switchport access vlan 3
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/5
VLAN-UNSRI(config-if)#switchport access vlan 4
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/6
VLAN-UNSRI(config-if)#switchport access vlan 4
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/23
VLAN-UNSRI(config-if)#switchport access vlan 100
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#interface fastEthernet 0/24
VLAN-UNSRI(config-if)#switchport access vlan 101
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config)#interface gigabitEthernet 1/1
VLAN-UNSRI(config-if)#switchport mode trunk
VLAN-UNSRI(config-if)#switchport trunk native vlan 1
VLAN-UNSRI(config-if)#no shutdown
VLAN-UNSRI(config-if)#exit
VLAN-UNSRI(config)#exit
VLAN-UNSRI#copy running-config startup-config
VLAN-UNSRI#
VYATTA routerVLAN
vyatta@routerVLAN:~$
Masuk ke configure mode
vyatta@routerVLAN:~$configure
Set interface pada Ethernet eth2 yang akan di pergunakan sebagai komunikasi native vlan1
vyatta@routerVLAN#set interface Ethernet eth2 address 192.168.1.1/24
Set eth2 sebagai vlan interface 2
vyatta@routerVLAN#set interface Ethernet eth2 vif 2 address 192.168.2.1/24
Set eth2 sebagai vlan interface 3
vyatta@routerVLAN#set interface Ethernet eth2 vif 3 address 192.168.3.1/24
Set eth2 sebagai vlan interface 4
vyatta@routerVLAN#set interface Ethernet eth2 vif 4 address 192.168.4.1/24
Set eth2 sebagai vlan interface 100
vyatta@routerVLAN#set interface Ethernet eth2 vif 100 address 192.168.100.1/24
Set eth2 sebagai vlan interface 101
vyatta@routerVLAN#set interface Ethernet eth2 vif 101 address 192.168.101.1/24
Set DHCP untuk masing VLAN sehingga setiap computer otomatis akan mendapatkan IP sesuai dengan VLAN masing-masing
DHCP untuk VLAN2
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN2 subnet 192.168.2.0/24 default-router 192.168.2.1
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN2 subnet 192.168.2.0/24 start 192.168.2.2 stop 192.168.2.254
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN2 subnet 192.168.2.0/24 dns-server 192.168.100.2
DHCP untuk VLAN3
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN3 subnet 192.168.3.0/24 default-router 192.168.3.1
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN3 subnet 192.168.3.0/24 start 192.168.2.2 stop 192.168.3.254
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN3 subnet 192.168.3.0/24 dns-server 192.168.100.2
DHCP untuk VLAN4
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN4 subnet 192.168.4.0/24 default-router 192.168.4.1
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN4 subnet 192.168.4.0/24 start 192.168.4.2 stop 192.168.4.254
vyatta@routerVLAN#set service dhcp-server shared-network-name VLAN4 subnet 192.168.4.0/24 dns-server 192.168.100.2
Set firewall supaya database server hanya bisa diakses oleh Webserver, dan hanya dizinkan untuk mengakses port 3306 yang merupakan port buat MySQL server
vyatta@routerVLAN#set firewall name dbsafe rule 1 description to-database-server
vyatta@routerVLAN#set firewall name dbsafe rule 1 destination address 192.168.101.2
vyatta@routerVLAN#set firewall name dbsafe rule 1 destination port 3306
vyatta@routerVLAN#set firewall name dbsafe rule 1 source address 192.168.100.2
vyatta@routerVLAN#set firewall name dbsafe rule 1 protocol tcp
vyatta@routerVLAN#set firewall name dbsafe rule 1 action accept
vyatta@routerVLAN#set firewall name dbsafe rule 2 description to-database-server
vyatta@routerVLAN#set firewall name dbsafe rule 2 destination address 192.168.101.2
vyatta@routerVLAN#set firewall name dbsafe rule 2 source address 0.0.0.0/0
vyatta@routerVLAN#set firewall name dbsafe rule 1 protocol all
vyatta@routerVLAN#set firewall name dbsafe rule 1 action drop
vyatta@routerVLAN#commit
vyatta@routerVLAN#save
Sistem ini bisa di-implementasikan di perkantoran dengan banyak departemen dan banyak user.
IBGP-EBGP-RIP-OSPF-Default Routing-NAT menggunakan Vyatta
Addressing Scheme
| Host | Subnet | First Host | Last Host | Broadcast | Available
Host |
|
|
1 |
254 |
172.16.0.0/24 | 172.16.0.1/24 | 172.16.0.254/24 | 172.16.0.255/24 |
254 |
|
2 |
126 |
172.16.1.0/25 | 172.16.1.1/128 | 172.16.1.126/128 | 172.16.1.127/128 |
126 |
|
3 |
60 |
172.16.1.128/26 | 172.16.1.129/26 | 172.16.1.190/26 | 172.16.1.191/26 |
62 |
|
4 |
30 |
172.16.1.192/27 | 172.16.1.193/27 | 172.16.1.222/27 | 172.16.1.223/27 |
30 |
|
5 |
2 |
172.16.1.224/30 | 172.16.1.225/30 | 172.16.1.226/30 | 172.16.1.227/30 |
2 |
|
6 |
2 |
172.16.1.228/30 | 172.16.1.229/30 | 172.16.1.230/30 | 172.16.1.231/30 |
2 |
|
7 |
2 |
172.16.1.232/30 | 172.16.1.233/30 | 172.16.1.234/30 | 172.16.1.235/30 |
2 |
|
8 |
2 |
172.16.1.236/30 | 172.16.1.237/30 | 172.16.1.238/30 | 172.16.1.239/30 |
2 |
|
9 |
2 |
172.16.1.240/30 | 172.16.1.241/30 | 172.16.1.242/30 | 172.16.1.243/30 |
2 |
|
10 |
2 |
172.16.1.244/30 | 172.16.1.245/30 | 172.16.1.246/30 | 172.16.1.247/30 |
2 |
|
11 |
2 |
172.16.1.248/30 | 172.16.1.249/30 | 172.16.1.250/30 | 172.16.1.251/30 |
2 |
|
12 |
2 |
172.16.1.252/30 | 172.16.1.253/32 | 172.16.1.254/32 | 172.16.1.255/32 |
2 |
|
13 |
2 |
172.16.2.0/30 | 172.16.2.1/30 | 172.16.2.2/30 | 172.16.2.3/30 |
2 |
|
14 |
2 |
172.16.2.4/30 | 172.16.2.5/30 | 172.16.2.6/30 | 172.16.2.7/30 |
2 |
|
15 |
2 |
172.16.2.8/30 | 172.16.2.9/30 | 172.16.2.10/30 | 172.16.2.11/30 |
2 |
|
16 |
2 |
172.16.2.12/30 | 172.16.2.13/30 | 172.16.2.14/30 | 172.16.2.15/30 |
2 |
|
17 |
2 |
172.16.2.16/30 | 172.16.2.17/30 | 172.16.2.18/30 | 172.16.2.19/30 |
2 |
|
18 |
2 |
172.16.2.20/30 | 172.16.2.21/30 | 172.16.2.22/30 | 172.16.2.23/30 |
2 |
|
19 |
2 |
172.16.2.24/30 | 172.16.2.25/30 | 172.16.2.26/30 | 172.16.2.27/30 |
2 |
On Cisco Router
Router>
Masuk ke Privilege Mode
Router>enable
Masuk ke Global Configuration Mode
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Set hostname
Router(config)#hostname NetworkLab-Unsri
Masuk ke interface fastEthernet 0/1
NetworkLab-Unsri(config)#interface fastEthernet 0/1
Set IP pada Interface fastEthernet 0/1
NetworkLab-Unsri(config-if)#ip address 202.146.180.228 255.255.255.248
Set interface fastEthernet 0/1 sebagai NAT outside
NetworkLab-Unsri(config-if)#ip nat outside
Set interface fastEthernet 0/1 agar Up
NetworkLab-Unsri(config-if)#no shutdown
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
Keluar dari fastEthernet 0/1
NetworkLab-Unsri(config-if)#exit
Masuk ke interface fastEthernet 0/0
NetworkLab-Unsri(config)#interface fastEthernet 0/0
Set IP pada Interface fastEthernet 0/1
NetworkLab-Unsri(config-if)#ip address 192.168.5.1 255.255.255.0
Set interface fastEthernet 0/1 sebagai NAT inside
NetworkLab-Unsri(config-if)#ip nat inside
Set interface agar fastEthernet 0/1 Up
NetworkLab-Unsri(config-if)#no shutdown
Keluar dari fastEthernet 0/1
NetworkLab-Unsri(config-if)#exit
Set NAT overload agar seluruh paket yang masuk ke fastEthernet 0/0 dan keluar dari fastEthernet 0/1 di translasi menuju IP public 202.146.180.228
NetworkLab-Unsri(config)#ip nat inside source list 1 interface fastEthernet 0/1 overload
Set access list agar mengizinkan seluruh paket data lewat menuju interface fastEthernet 0/1
NetworkLab-Unsri(config)#access-list 1 permit any
Set default routing
NetworkLab-Unsri(config)#ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1
Set routing protocol RIP
NetworkLab-Unsri(config)#router rip
NetworkLab-Unsri(config-router)#network 192.168.5.0
Set agar routing protocol RIP bisa meng-advertise default routing yang dibuat diatas, sehingga begitu ada paket data menuju ke suatu alamat yang tidak terdapat pada routing tabel maka paket tersebut tidak di-discard (dibuang) tetapi akan diteruskan melalui interface fastEthernet 0/1 pada router Cisco
NetworkLab-Unsri(config-router)#default-information originate
Tekan Control+Z agar langsung bisa kembali ke privilege mode
NetworkLab-Unsri(config-router)#^Z
%SYS-5-CONFIG_I: Configured from console by console
Simpan konfigurasi yang sudah dibuat
NetworkLab-Unsri#copy run startup-config
Destination filename [startup-config]?
Building configuration…
[OK]
NetworkLab-Unsri#
On R1 Vyatta
Masuk ke configure mode
vyatta@R1:~$ configure
[edit]
Berikan hostname
vyatta@R1# set system host-name R1
[edit]
Set IP pada Interface
vyatta@R1# set interfaces ethernet eth0 address 192.168.5.13/24
[edit]
vyatta@R1# set interfaces ethernet eth1 address 172.16.2.22/30
[edit]
vyatta@R1# set interfaces loopback lo address 172.16.2.25/30
[edit]
Set SSH agar bisa diremote
vyatta@R1# set service ssh allow-root true
[edit]
vyatta@R1# set service ssh port 22
[edit]
Set routing protocol RIP
vyatta@R1# set protocols rip network 192.168.5.0/24
[edit]
vyatta@R1# set protocols rip network 172.16.2.20/30
[edit]
vyatta@R1# set protocols rip network 172.16.2.24/30
[edit]
Aktifkan konfigurasi
vyatta@R1# commit
[edit]
Simpan konfigurasi
vyatta@R1# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R1#
On R2 Vyatta
Masuk ke configure mode
vyatta@R2:~$ configure
[edit]
Set Hostname pada R2
vyatta@R2# set system host-name R2
[edit]
vyatta@R2# set interfaces ethernet eth0 address 172.16.2.21/30
[edit]
vyatta@R2# set interfaces ethernet eth1 address 172.16.2.14/30
[edit]
vyatta@R2# set interfaces ethernet eth2 address 172.16.1.225/30
[edit]
vyatta@R2# set interfaces ethernet eth3 address 172.16.1.229/30
[edit]
vyatta@R2# set interfaces loopback lo address 172.16.2.17/30
[edit]
Set Routing Protocol RIP
vyatta@R2# set protocols rip network 172.16.1.224/30
[edit]
vyatta@R2# set protocols rip network 172.16.1.228/30
[edit]
vyatta@R2# set protocols rip network 172.16.2.20/30
[edit]
Redistribute BGP pada RIP
vyatta@R2# set protocols rip redistribute bgp
[edit]
vyatta@R2#
Set Routing Protocol BGP sebagai Interior BGP
vyatta@R2# set protocols bgp 1 network 172.16.2.12/30
[edit]
vyatta@R2# set protocols bgp 1 network 172.16.2.16/30
[edit]
vyatta@R2# set protocols bgp 1 neighbor 172.16.2.13 remote-as 1
[edit]
vyatta@R2# set protocols bgp 1 neighbor 172.16.2.13 nexthop-self
[edit]
vyatta@R2# set protocols bgp 1 neighbor 172.16.2.13 nexthop-self
[edit]
Redistribute RIP pada BGP
vyatta@R2# set protocols bgp 1 redistribute rip
[edit]
Aktifkan konfigurasi
vyatta@R2# commit
[edit]
Simpan konfigurasi
vyatta@R2# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R2#
On R3 Vyatta
Masuk ke configure mode
vyatta@R3:~$ configure
[edit]
Set Hostname
vyatta@R3# set system host-name R3
[edit]
Set IP pada Interface
vyatta@R3# set interfaces ethernet eth0 address 172.16.1.193/27
[edit]
vyatta@R3# set interfaces ethernet eth1 address 172.16.1.226/30
[edit]
Set SSH
vyatta@R3# set service ssh allow-root true
[edit]
vyatta@R3# set service ssh port 22
[edit]
Set Routing Protocol RIP
vyatta@R3# set protocols rip network 172.16.1.192/27
[edit]
vyatta@R3# set protocols rip network 172.16.1.224/30
[edit]
Set interface ethernet eth0 sebagai passive-interface
vyatta@R3# set protocols rip passive-interface eth0
[edit]
Aktifkan konfigurasi
vyatta@R3# commit
[edit]
Simpan konfigurasi
vyatta@R3# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R3#
On R4 Vyatta
vyatta@R4:~$ configure
[edit]
vyatta@R4# set system host-name R4
[edit]
vyatta@R4# set interfaces ethernet eth0 address 172.16.1.129/26
[edit]
vyatta@R4# set interfaces ethernet eth1 address 172.16.1.230/30
[edit]
vyatta@R4# set service ssh allow-root true
[edit]
vyatta@R4# set service ssh port 22
[edit]
vyatta@R4# set protocols rip network 172.16.1.128/26
[edit]
vyatta@R4# set protocols rip network 172.16.1.228/30
[edit]
vyatta@R4# set protocols rip passive-interface eth0
[edit]
vyatta@R4# commit
[edit]
vyatta@R4# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R4#
On R5 Vyatta
Set Hostname
vyatta@R5# set system host-name R5
[edit]
Set IP pada Interface
vyatta@R5# set interfaces ethernet eth0 address 172.16.2.13/30
[edit]
vyatta@R5# set interfaces ethernet eth1 address 172.16.2.5/30
[edit]
vyatta@R5# set interfaces loopback lo address 172.16.2.9/30
[edit]
Set routing protocol BGP
vyatta@R5# set protocols bgp 1 network 172.16.2.4/30
[edit]
vyatta@R5# set protocols bgp 1 network 172.16.2.8/30
[edit]
vyatta@R5# set protocols bgp 1 network 172.16.2.12/30
[edit]
vyatta@R5#
IBGP
vyatta@R5# set protocols bgp 1 neighbor 172.16.2.14 remote-as 1
[edit]
vyatta@R5# set protocols bgp 1 neighbor 172.16.2.14 nexthop-self
[edit]
EBGP
vyatta@R5# set protocols bgp 1 neighbor 172.16.2.6 remote-as 2
[edit]
vyatta@R5# set protocols bgp 1 neighbor 172.16.2.6 nexthop-self
[edit]
Aktifkan konfigurasi
vyatta@R5# commit
[edit]
Simpan konfigurasi
vyatta@R5# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R5#
On R6 Vyatta
Masuk ke configure mode
vyatta@R6:~$ configure
[edit]
Set Hostname
vyatta@R6# set system host-name R6
[edit]
Set IP pada Interface
vyatta@R6# set interfaces ethernet eth0 address 172.16.2.6/30
[edit]
vyatta@R6# set interfaces ethernet eth1 address 172.16.1.253/30
[edit]
vyatta@R6# set interfaces loopback lo address 172.16.2.1/30
[edit]
Set SSH
vyatta@R6# set service ssh allow-root true
[edit]
vyatta@R6# set service ssh port 22
[edit]
Set Routing Protocol BGP
vyatta@R6# set protocols bgp 2 network 172.16.1.252/30
[edit]
vyatta@R6# set protocols bgp 2 network 172.16.2.0/30
[edit]
vyatta@R6# set protocols bgp 2 network 172.16.2.4/30
[edit]
Set Routing Protocol BGP sebagai Interior BGP
vyatta@R6# set protocols bgp 2 neighbor 172.16.1.254 remote-as 2
[edit]
vyatta@R6# set protocols bgp 2 neighbor 172.16.1.254 nexthop-self
[edit]
Set Routing Protocol BGP sebagai Exterior BGP
vyatta@R6# set protocols bgp 2 neighbor 172.16.2.5 remote-as 1
[edit]
vyatta@R6# set protocols bgp 2 neighbor 172.16.2.5 nexthop-self
[edit]
Aktifkan konfigurasi
vyatta@R6# commit
[edit]
Simpan Konfigurasi
vyatta@R6# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R6#
On R7 Vyatta
Masuk ke configure mode
vyatta@R7:~$ configure
[edit]
Set Hostname
vyatta@R7# set system host-name R7
[edit]
Set SSH
vyatta@R7# set service ssh allow-root true
[edit]
vyatta@R7# set service ssh port 22
[edit]
Set IP pada Interface
vyatta@R7# set interfaces ethernet eth0 address 172.16.1.254/30
[edit]
vyatta@R7# set interfaces ethernet eth1 address 172.16.1.245/30
[edit]
vyatta@R7# set interfaces ethernet eth2 address 172.16.1.233/30
[edit]
vyatta@R7# set interfaces ethernet eth3 address 172.16.1.237/30
[edit]
Set Routing Protocol OSPF
vyatta@R7# set protocols ospf area 0 network 172.16.1.232/30
[edit]
vyatta@R7# set protocols ospf area 0 network 172.16.1.236/30
[edit]
vyatta@R7# set protocols ospf area 0 network 172.16.1.244/30
[edit]
Redistribute BGP pada OSPF
vyatta@R7# set protocols ospf redistribute bgp
[edit]
set BGP
vyatta@R7# set protocols bgp 2 network 172.16.1.248/30
[edit]
vyatta@R7# set protocols bgp 2 network 172.16.1.252/30
[edit]
Set BGP sebagai Interior BGP
vyatta@R7# set protocols bgp 2 neighbor 172.16.1.253 remote-as 2
[edit]
vyatta@R7# set protocols bgp 2 neighbor 172.16.1.253 nexthop-self
[edit]
Redistribute OSPF pada BGP
vyatta@R7# set protocols bgp 2 redistribute ospf
[edit]
Redistribute Connected pada BGP
vyatta@R7# set protocols bgp 2 redistribute connected
[edit]
Aktifkan konfigurasi
vyatta@R7# commit
[edit]
Simpan konfigurasi
vyatta@R7# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R7#
On R8 Vyatta
Masuk ke configure mode
vyatta@R8:~$ configure
[edit]
Set Hostname
vyatta@R8# set system host-name R8
[edit]
Set IP pada interface
vyatta@R8# set interfaces ethernet eth0 address 172.16.1.1/25
[edit]
vyatta@R8# set interfaces ethernet eth1 address 172.16.1.234/30
[edit]
Set SSH
vyatta@R8# set service ssh allow-root true
[edit]
vyatta@R8# set service ssh port 22
[edit]
Set Routing Protocol OSPF
vyatta@R8# set protocols ospf area 0 network 172.16.1.0/25
[edit]
vyatta@R8# set protocols ospf area 0 network 172.16.1.232/30
[edit]
Set Interface eth0 sebagai passive-interface
vyatta@R8# set protocols ospf passive-interface eth0
[edit]
Aktifkan konfigurasi
vyatta@R8# commit
No configuration changes to commit
[edit]
Simpan Konfigurasi
vyatta@R8# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R8#
On R9 Vyatta
vyatta@vyatta:~$ configure
[edit]
Set IP pada interface
vyatta@R9# set interfaces ethernet eth0 address 172.16.0.1/24
[edit]
vyatta@R9# set interfaces ethernet eth1 address 172.16.1.238/30
[edit]
Set SSH
vyatta@R9# set service ssh allow-root true
[edit]
vyatta@R9# set service ssh port 22
[edit]
Set routing protocol OSPF
vyatta@R9# set protocols ospf area 0 network 172.16.0.0/24
[edit]
vyatta@R9# set protocols ospf area 0 network 172.16.1.236/30
[edit]
Set Interface eth0 sebagai passive-interface
vyatta@R9# set protocols ospf passive-interface eth0
[edit]
Aktifkan konfigurasi
vyatta@R9# commit
[edit]
Simpan Konfigurasi
vyatta@R9# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R9#
On R10 Vyatta
Masuk ke configure mode
vyatta@R10:~$ configure
[edit]
Set Hostname
vyatta@R10# set system host-name R10
[edit]
Set IP pada Interface
vyatta@R10# set interfaces ethernet eth0 address 172.16.1.246/30
[edit]
vyatta@R10# set interfaces ethernet eth1 address 10.0.0.1/24
[edit]
vyatta@R10# set interfaces loopback lo address 172.16.2.241/30
[edit]
Set SSH
vyatta@R10# set service ssh allow-root true
[edit]
vyatta@R10# set service ssh port 22
[edit]
Set routing protocol OSPF
vyatta@R10# set protocols ospf area 0 network 172.16.1.240/30
[edit]
vyatta@R10# set protocols ospf area 0 network 172.16.1.244/30
[edit]
vyatta@R10# set protocols ospf area 0 network 10.0.0.0/24
[edit]
Set Interface eth1sebagai passive-interface
vyatta@R10#set protocols ospf passive-interface eth1
[edit]
Aktifkan konfigurasi
vyatta@R10# commit
[edit]
Simpan konfigurasi
vyatta@R10# save
Saving configuration to ‘/opt/vyatta/etc/config/config.boot’…
Done
[edit]
vyatta@R10#
Melihat Routing Tabel
Setelah seluruh router selesai dikonfigurasi maka kita bisa melihat routing table yang terbentuk pada tiap-tiap router dengan cara menjalankan perintah show ip route
Routing Tabel pada R1 Vyatta
vyatta@R1:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
R>* 10.0.0.0/24 [120/2] via 172.16.2.21, eth1, 01:25:14
C>* 127.0.0.0/8 is directly connected, lo
R>* 172.16.0.0/24 [120/2] via 172.16.2.21, eth1, 01:25:13
R>* 172.16.1.0/25 [120/2] via 172.16.2.21, eth1, 01:25:13
R>* 172.16.1.128/26 [120/3] via 172.16.2.21, eth1, 01:54:17
R>* 172.16.1.192/27 [120/3] via 172.16.2.21, eth1, 01:55:49
R>* 172.16.1.224/30 [120/2] via 172.16.2.21, eth1, 01:57:11
R>* 172.16.1.228/30 [120/2] via 172.16.2.21, eth1, 01:57:11
R>* 172.16.1.232/30 [120/2] via 172.16.2.21, eth1, 01:20:14
R>* 172.16.1.236/30 [120/2] via 172.16.2.21, eth1, 01:20:10
R>* 172.16.1.241/32 [120/2] via 172.16.2.21, eth1, 00:07:43
R>* 172.16.1.244/30 [120/2] via 172.16.2.21, eth1, 01:20:10
R>* 172.16.1.248/30 [120/2] via 172.16.2.21, eth1, 01:33:15
R>* 172.16.1.252/30 [120/2] via 172.16.2.21, eth1, 01:50:41
R>* 172.16.2.0/30 [120/2] via 172.16.2.21, eth1, 01:50:39
R>* 172.16.2.4/30 [120/2] via 172.16.2.21, eth1, 01:52:31
R>* 172.16.2.8/30 [120/2] via 172.16.2.21, eth1, 01:52:28
R>* 172.16.2.12/30 [120/2] via 172.16.2.21, eth1, 01:57:11
R>* 172.16.2.16/30 [120/2] via 172.16.2.21, eth1, 01:57:11
C>* 172.16.2.20/30 is directly connected, eth1
C>* 172.16.2.24/30 is directly connected, lo
C>* 192.168.5.0/24 is directly connected, eth0
vyatta@R1:~$
Routing Tabel pada R2 Vyatta
vyatta@R2:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
B>* 10.0.0.0/24 [200/0] via 172.16.2.13, eth1, 01:24:56
C>* 127.0.0.0/8 is directly connected, lo
B>* 172.16.0.0/24 [200/0] via 172.16.2.13, eth1, 01:24:56
B>* 172.16.1.0/25 [200/0] via 172.16.2.13, eth1, 01:24:56
R>* 172.16.1.128/26 [120/2] via 172.16.1.230, eth3, 01:54:00
R>* 172.16.1.192/27 [120/2] via 172.16.1.226, eth2, 01:55:32
C>* 172.16.1.224/30 is directly connected, eth2
C>* 172.16.1.228/30 is directly connected, eth3
B>* 172.16.1.232/30 [200/0] via 172.16.2.13, eth1, 01:19:55
B>* 172.16.1.236/30 [200/0] via 172.16.2.13, eth1, 01:19:55
B>* 172.16.1.241/32 [200/0] via 172.16.2.13, eth1, 00:07:21
B>* 172.16.1.244/30 [200/0] via 172.16.2.13, eth1, 01:19:55
B>* 172.16.1.248/30 [200/0] via 172.16.2.13, eth1, 01:32:57
B>* 172.16.1.252/30 [200/1] via 172.16.2.13, eth1, 01:50:23
B>* 172.16.2.0/30 [200/1] via 172.16.2.13, eth1, 01:50:23
B>* 172.16.2.4/30 [200/1] via 172.16.2.13, eth1, 01:52:13
B>* 172.16.2.8/30 [200/1] via 172.16.2.13, eth1, 01:52:13
C>* 172.16.2.12/30 is directly connected, eth1
C>* 172.16.2.16/30 is directly connected, lo
C>* 172.16.2.20/30 is directly connected, eth0
R>* 172.16.2.24/30 [120/2] via 172.16.2.22, eth0, 01:56:55
R>* 192.168.5.0/24 [120/2] via 172.16.2.22, eth0, 01:38:16
vyatta@R2:~$
Routing Tabel pada R3 Vyatta
vyatta@R3:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
R>* 10.0.0.0/24 [120/2] via 172.16.1.225, eth1, 01:24:20
C>* 127.0.0.0/8 is directly connected, lo
R>* 172.16.0.0/24 [120/2] via 172.16.1.225, eth1, 01:24:19
R>* 172.16.1.0/25 [120/2] via 172.16.1.225, eth1, 01:24:19
R>* 172.16.1.128/26 [120/3] via 172.16.1.225, eth1, 01:53:23
C>* 172.16.1.192/27 is directly connected, eth0
C>* 172.16.1.224/30 is directly connected, eth1
R>* 172.16.1.228/30 [120/2] via 172.16.1.225, eth1, 01:54:55
R>* 172.16.1.232/30 [120/2] via 172.16.1.225, eth1, 01:19:20
R>* 172.16.1.236/30 [120/2] via 172.16.1.225, eth1, 01:19:16
R>* 172.16.1.241/32 [120/2] via 172.16.1.225, eth1, 00:06:49
R>* 172.16.1.244/30 [120/2] via 172.16.1.225, eth1, 01:19:16
R>* 172.16.1.248/30 [120/2] via 172.16.1.225, eth1, 01:32:21
R>* 172.16.1.252/30 [120/2] via 172.16.1.225, eth1, 01:49:47
R>* 172.16.2.0/30 [120/2] via 172.16.1.225, eth1, 01:49:45
R>* 172.16.2.4/30 [120/2] via 172.16.1.225, eth1, 01:51:37
R>* 172.16.2.8/30 [120/2] via 172.16.1.225, eth1, 01:51:34
R>* 172.16.2.12/30 [120/2] via 172.16.1.225, eth1, 01:54:55
R>* 172.16.2.16/30 [120/2] via 172.16.1.225, eth1, 01:54:55
R>* 172.16.2.20/30 [120/2] via 172.16.1.225, eth1, 01:54:55
R>* 172.16.2.24/30 [120/3] via 172.16.1.225, eth1, 01:54:55
C>* 192.168.1.96/28 is directly connected, lo
R>* 192.168.5.0/24 [120/3] via 172.16.1.225, eth1, 01:37:40
vyatta@R3:~$
Routing Tabel pada R4 Vyatta
vyatta@R4:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
R>* 10.0.0.0/24 [120/2] via 172.16.1.229, eth1, 01:23:51
C>* 127.0.0.0/8 is directly connected, lo
R>* 172.16.0.0/24 [120/2] via 172.16.1.229, eth1, 01:23:50
R>* 172.16.1.0/25 [120/2] via 172.16.1.229, eth1, 01:23:50
C>* 172.16.1.128/26 is directly connected, eth0
R>* 172.16.1.192/27 [120/3] via 172.16.1.229, eth1, 01:52:54
R>* 172.16.1.224/30 [120/2] via 172.16.1.229, eth1, 01:52:54
C>* 172.16.1.228/30 is directly connected, eth1
R>* 172.16.1.232/30 [120/2] via 172.16.1.229, eth1, 01:18:51
R>* 172.16.1.236/30 [120/2] via 172.16.1.229, eth1, 01:18:47
R>* 172.16.1.241/32 [120/2] via 172.16.1.229, eth1, 00:06:20
R>* 172.16.1.244/30 [120/2] via 172.16.1.229, eth1, 01:18:47
R>* 172.16.1.248/30 [120/2] via 172.16.1.229, eth1, 01:31:52
R>* 172.16.1.252/30 [120/2] via 172.16.1.229, eth1, 01:49:18
R>* 172.16.2.0/30 [120/2] via 172.16.1.229, eth1, 01:49:16
R>* 172.16.2.4/30 [120/2] via 172.16.1.229, eth1, 01:51:08
R>* 172.16.2.8/30 [120/2] via 172.16.1.229, eth1, 01:51:05
R>* 172.16.2.12/30 [120/2] via 172.16.1.229, eth1, 01:52:54
R>* 172.16.2.16/30 [120/2] via 172.16.1.229, eth1, 01:52:54
R>* 172.16.2.20/30 [120/2] via 172.16.1.229, eth1, 01:52:54
R>* 172.16.2.24/30 [120/3] via 172.16.1.229, eth1, 01:52:54
C>* 192.168.1.16/28 is directly connected, lo
R>* 192.168.5.0/24 [120/3] via 172.16.1.229, eth1, 01:37:11
vyatta@R4:~$
Routing Tabel pada R5 Vyatta
vyatta@R5:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
B>* 10.0.0.0/24 [20/0] via 172.16.2.6, eth1, 01:23:21
C>* 127.0.0.0/8 is directly connected, lo
B>* 172.16.0.0/24 [20/0] via 172.16.2.6, eth1, 01:23:21
B>* 172.16.1.0/25 [20/0] via 172.16.2.6, eth1, 01:23:21
B>* 172.16.1.128/26 [200/2] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.1.192/27 [200/2] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.1.224/30 [200/1] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.1.228/30 [200/1] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.1.232/30 [20/0] via 172.16.2.6, eth1, 01:18:21
B>* 172.16.1.236/30 [20/0] via 172.16.2.6, eth1, 01:18:21
B>* 172.16.1.241/32 [20/0] via 172.16.2.6, eth1, 00:05:50
B>* 172.16.1.244/30 [20/0] via 172.16.2.6, eth1, 01:18:21
B>* 172.16.1.248/30 [20/0] via 172.16.2.6, eth1, 01:31:21
B>* 172.16.1.252/30 [20/1] via 172.16.2.6, eth1, 01:48:51
B>* 172.16.2.0/30 [20/1] via 172.16.2.6, eth1, 01:48:51
C>* 172.16.2.4/30 is directly connected, eth1
C>* 172.16.2.8/30 is directly connected, lo
C>* 172.16.2.12/30 is directly connected, eth0
B>* 172.16.2.16/30 [200/1] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.2.20/30 [200/1] via 172.16.2.14, eth0, 01:50:46
B>* 172.16.2.24/30 [200/2] via 172.16.2.14, eth0, 01:50:46
B>* 192.168.5.0/24 [200/2] via 172.16.2.14, eth0, 01:36:36
vyatta@R5:~$
Routing Tabel pada R6 Vyatta
vyatta@R6:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
B>* 10.0.0.0/24 [200/20] via 172.16.1.254, eth1, 01:23:05
C>* 127.0.0.0/8 is directly connected, lo
B>* 172.16.0.0/24 [200/20] via 172.16.1.254, eth1, 01:23:05
B>* 172.16.1.0/25 [200/20] via 172.16.1.254, eth1, 01:23:05
B>* 172.16.1.128/26 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.1.192/27 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.1.224/30 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.1.228/30 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.1.232/30 [200/1] via 172.16.1.254, eth1, 01:18:04
B>* 172.16.1.236/30 [200/1] via 172.16.1.254, eth1, 01:18:04
B>* 172.16.1.241/32 [200/20] via 172.16.1.254, eth1, 00:05:24
B>* 172.16.1.244/30 [200/1] via 172.16.1.254, eth1, 01:18:04
B>* 172.16.1.248/30 [200/1] via 172.16.1.254, eth1, 01:31:20
C>* 172.16.1.252/30 is directly connected, eth1
C>* 172.16.2.0/30 is directly connected, lo
C>* 172.16.2.4/30 is directly connected, eth0
B>* 172.16.2.8/30 [20/1] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.2.12/30 [20/1] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.2.16/30 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.2.20/30 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 172.16.2.24/30 [20/0] via 172.16.2.5, eth0, 01:48:53
B>* 192.168.5.0/24 [20/0] via 172.16.2.5, eth0, 01:35:53
vyatta@R6:~$
Routing Tabel pada R7 Vyatta
vyatta@R7:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.0.0.0/24 [110/20] via 172.16.1.246, eth1, 01:27:59
C>* 127.0.0.0/8 is directly connected, lo
O>* 172.16.0.0/24 [110/20] via 172.16.1.238, eth3, 01:27:59
O>* 172.16.1.0/25 [110/20] via 172.16.1.234, eth2, 01:27:58
B>* 172.16.1.128/26 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.1.192/27 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.1.224/30 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.1.228/30 [200/0] via 172.16.1.253, eth0, 01:30:34
O 172.16.1.232/30 [110/10] is directly connected, eth2, 01:28:05
C>* 172.16.1.232/30 is directly connected, eth2
O 172.16.1.236/30 [110/10] is directly connected, eth3, 01:28:05
C>* 172.16.1.236/30 is directly connected, eth3
O>* 172.16.1.241/32 [110/20] via 172.16.1.246, eth1, 00:04:41
O 172.16.1.244/30 [110/10] is directly connected, eth1, 01:28:10
C>* 172.16.1.244/30 is directly connected, eth1
C>* 172.16.1.248/30 is directly connected, lo
C>* 172.16.1.252/30 is directly connected, eth0
B>* 172.16.2.0/30 [200/1] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.4/30 [200/1] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.8/30 [200/1] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.12/30 [200/1] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.16/30 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.20/30 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 172.16.2.24/30 [200/0] via 172.16.1.253, eth0, 01:30:34
B>* 192.168.5.0/24 [200/0] via 172.16.1.253, eth0, 01:30:34
vyatta@R7:~$
Routing Tabel pada R8 Vyatta
vyatta@R8:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.0.0.0/24 [110/30] via 172.16.1.233, eth1, 01:27:31
C>* 127.0.0.0/8 is directly connected, lo
O>* 172.16.0.0/24 [110/30] via 172.16.1.233, eth1, 01:27:31
O 172.16.1.0/25 [110/10] is directly connected, eth0, 01:44:46
C>* 172.16.1.0/25 is directly connected, eth0
O>* 172.16.1.128/26 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.1.192/27 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.1.224/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.1.228/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O 172.16.1.232/30 [110/10] is directly connected, eth1, 01:44:41
C>* 172.16.1.232/30 is directly connected, eth1
O>* 172.16.1.236/30 [110/20] via 172.16.1.233, eth1, 01:27:37
O>* 172.16.1.241/32 [110/30] via 172.16.1.233, eth1, 00:04:14
O>* 172.16.1.244/30 [110/20] via 172.16.1.233, eth1, 01:27:37
O>* 172.16.2.0/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.4/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.8/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.12/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.16/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.20/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 172.16.2.24/30 [110/20] via 172.16.1.233, eth1, 01:23:22
O>* 192.168.5.0/24 [110/20] via 172.16.1.233, eth1, 01:23:22
vyatta@R8:~$
Routing Tabel pada R9 Vyatta
vyatta@R9:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O>* 10.0.0.0/24 [110/30] via 172.16.1.237, eth1, 01:25:48
C>* 127.0.0.0/8 is directly connected, lo
O 172.16.0.0/24 [110/10] is directly connected, eth0, 01:40:57
C>* 172.16.0.0/24 is directly connected, eth0
O>* 172.16.1.0/25 [110/30] via 172.16.1.237, eth1, 01:25:47
O>* 172.16.1.128/26 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.1.192/27 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.1.224/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.1.228/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.1.232/30 [110/20] via 172.16.1.237, eth1, 01:25:54
O 172.16.1.236/30 [110/10] is directly connected, eth1, 01:40:52
C>* 172.16.1.236/30 is directly connected, eth1
O>* 172.16.1.241/32 [110/30] via 172.16.1.237, eth1, 00:02:31
O>* 172.16.1.244/30 [110/20] via 172.16.1.237, eth1, 01:25:54
O>* 172.16.2.0/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.4/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.8/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.12/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.16/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.20/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 172.16.2.24/30 [110/20] via 172.16.1.237, eth1, 01:21:40
O>* 192.168.5.0/24 [110/20] via 172.16.1.237, eth1, 01:21:40
vyatta@R9:~$
Routing Tabel pada R10 Vyatta
vyatta@R10:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
O 10.0.0.0/24 [110/10] is directly connected, eth1, 01:34:39
C>* 10.0.0.0/24 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo
O>* 172.16.0.0/24 [110/30] via 172.16.1.245, eth0, 01:23:45
O>* 172.16.1.0/25 [110/30] via 172.16.1.245, eth0, 01:23:44
O>* 172.16.1.128/26 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.1.192/27 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.1.224/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.1.228/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.1.232/30 [110/20] via 172.16.1.245, eth0, 01:23:51
O>* 172.16.1.236/30 [110/20] via 172.16.1.245, eth0, 01:23:51
C>* 172.16.1.240/30 is directly connected, lo
O 172.16.1.244/30 [110/10] is directly connected, eth0, 01:34:44
C>* 172.16.1.244/30 is directly connected, eth0
O>* 172.16.2.0/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.4/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.8/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.12/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.16/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.20/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 172.16.2.24/30 [110/20] via 172.16.1.245, eth0, 01:19:37
O>* 192.168.5.0/24 [110/20] via 172.16.1.245, eth0, 01:19:37
vyatta@R10:~$