Home > BOOTCAMP, QOS > HARI 6 QOS ,Security dan IP Services

HARI 6 QOS ,Security dan IP Services

December 9, 2011 Leave a comment Go to comments

******************

Lab 1. Match IP Precedence
Lab 2. Priority Queuing
Lab 4. MQC Bandwidth
Lab 5. LLQ
Lab 6. Traffic Shapping
Lab 7. Legacy Frame Relay Traffic Shaping
Lab 8. MQC Frame Relay Traffic Shaping
Lab 9. Legacy Commited Access Rate
Lab 10. MQC Policing

*******************

Model QOS :

Best Effort QOS : no QOS

IntServ : Reservasi andwidth untuk paket terterntu ( RSVP)

Diffserv  : dibagi per kelas. Critical, Voice dll

Policying : yang kelebihan limit di drop

Shaping : jika kelebihan, akan di buffer

**********************

  • Classification: Each class-oriented QoS mechanism has to support some type of classification.
  • Marking: This is used to mark packets based on classification and metering or both.
  • Congestion Management: Each interface must have a queuing mechanism to prioritize transmission of packets.
  • Congestion Avoidance: This is used to drop packets early to avoid congestion later in the network.
  • Policing and Shaping: This is used to enforce a rate limit based on the metering (excess traffic is either dropped, marked, or delayed).
  • Link Efficiency: This is used to improve bandwidth efficiency through compression and link fragmentation and interleaving

**********************

Rangkuman yang lebih mudah dipahami : cheat sheet PacketLife.net

http://media.packetlife.net/media/library/19/QoS.pdf

***********************

IP PRECEDENCE

 IP PRECEDENCE LEVEL PRECEDENCE DECIMAL VALUE TOS LEVEL

0

0

0

0

 Routine 0 0-31

0

0

1

1

 Priority 32 32 – 63

0

1

0

2

 immediate 64 64 – 95

0

1

1

3

 Flash 96 96 – 127

1

0

0

4

 Flash Override 128 128 – 159

1

0

1

5

 Critical 160 160 – 191

1

1

0

6

 Internetwork Control 192 192 – 223

1

1

1

7

 Network Control 224 224 – 225

*************************

Jika tidak ingin menghafal list diatas, tinggal ketikan command di cisco ” sh ip presedence ?

R2(config-cmap)#match ip precedence ?

Enter up to 4 precedence values separated by white-spaces

critical                                 Match packets with critical precedence (5)

flash                                    Match packets with flash precedence (3)

flash-override  Match packets with flash override precedence (4)

immediate                        Match packets with immediate precedence (2)

internet                             Match packets with internetwork control precedence (6)

network                             Match packets with network control precedence (7)

priority                               Match packets with priority precedence (1)

routine                                Match packets with routine precedence (0)

****************************************

LAB 1 MATCH IP PRECEDENCE

Skenario : uji coba mendefinisikan match precendence untuk pengecekan .

Note : percobaan melakukan kirim paket sebanyak 50 kali untuk precedence level 3 ( nilai decimal 96 )

 

VERIFIKASI :

dengan melakukan extended ping dengan type of service tertentu

R1#ping

Protocol [ip]:

Target IP address: 12.12.12.2

Repeat count [5]: 50

Datagram size [100]:

Type of service [0]: 96

…..

Sending 50, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (50/50), round-trip min/avg/max = 16/45/164 ms

***************************************

R2#sho policy-map int f0/0

FastEthernet0/0

Service-policy input: LATIHAN

Class-map: QOS0 (match-all)

9 packets, 1026 bytes

5 minute offered rate 0 bps

Match: ip precedence 0

Class-map: QOS1 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 1

Class-map: QOS2 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 2

Class-map: QOS3 (match-all)

      50 packets, 5700 bytes

      5 minute offered rate 0 bps

      Match: ip precedence 3

Class-map: QOS4 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 4

Class-map: QOS5 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 5

Class-map: QOS6 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 6

Class-map: QOS7 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 7

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any


*******************

LAB 2 Priority Queuing

Priority Queuing menggunakan 4 metode antrian

1. High : queue dengan prioritas utama/tertinggi

2. Medium : queue dengan prioritas kedua

3. Normal : trafik default tanpa ada prioritas

4. Low : merupakan queue dengan prioritas terendah

Skenario :

- Semua IP trafik dari Lo0 R1 ke Lo0 R2 diassign menjadi Low Queue

- Semua Trafik HTTP diassign menjadi Medium Queue

- Semua Trafik TFTP dalam Normal Queue

- Semua trafik selain diatas diassign sebagai Low Queue

Langkah pertama adalah Define priority List :

 

R1#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#priority-list  1 protocol ip normal list 100

R1(config)#priority-list 1 protocol ip medium tcp 80

R1(config)#priority-list 1 protocol ip high tcp 23

R1(config)#priority-list 1 default low

 

 R1(config)#access-lis 100 permit icmp any any echo

R1(config)#access-list 100 permit icmp any any echo-reply

 

biar gak terlalu banyak notifikasi !!!

!!! disable CDP dan Keepalive!!!!!!!

VERIFIKASI  

R1(config)#do sh queueing priority

Current DLCI priority queue configuration:

Current priority queue configuration:

 

List   Queue  Args

1      low    default

1      normal protocol ip          list 100

1      medium protocol ip          tcp port www

1      high   protocol ip          tcp port telnet

R1(config)#no cdp run

R1(config)#int f0/0

R1(config)#no cdp run

R1(config)#int f0/0

R1(config-if)#no keepalive

 

R1(config-if)#do ping

Protocol [ip]:

Target IP address: 12.12.12.2

Extended commands [n]: y

Source address or interface: 12.12.12.1

…..

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:

Packet sent with a source address of 12.12.12.1

!!!!!

R1(config-if)#

*Mar  1 00:56:41.995: PQ: FastEthernet0/0 output (Pk size/Q 114/2)

*Mar  1 00:56:42.027: PQ: FastEthernet0/0: ip (s=12.12.12.1, d=12.12.12.2) -> normal

*Mar  1 00:56:42.027: PQ: FastEthernet0/0 output (Pk size/Q 114/2)

*Mar  1 00:56:42.135: PQ: FastEthernet0/0: ip (s=12.12.12.1, d=12.12.12.2) -> normal

*Mar  1 00:56:42.139: PQ: FastEthernet0/0 output (Pk size/Q 114/2)

R1(config-if)#

*Mar  1 00:56:42.147: PQ: FastEthernet0/0: ip (s=12.12.12.1, d=12.12.12.2) -> normal

 

Setting web server dan login telnet di R2

R2(config)#ip http server  !! router sebagai web server

R2(config)#line vty 0 4

R2(config-line)#password cisco

R2(config-line)#login



R1#telnet 12.12.12.2 80

Trying 12.12.12.2, 80 … Open

 

*Mar  1 01:15:16.395: PQ: FastEthernet0/0: ip (tcp 80) -> medium

*Mar  1 01:15:16.395: PQ: FastEthernet0/0 output (Pk size/Q 60/1)

*Mar  1 01:15:16.635: PQ: FastEthernet0/0: ip (tcp 80) -> medium

)

 

R1#telnet 12.12.12.2

Trying 12.12.12.2 … Open

 

 

User Access Verification

 

Password:

*Mar  1 01:16:58.359: PQ: FastEthernet0/0: ip (tcp 23) -> high

*Mar  1 01:16:58.363: PQ: FastEthernet0/0 output (Pk size/Q 60/0)

*Mar  1 01:16:58.583: PQ: FastEthernet0/0: ip (tcp 23) -> high

*Mar  1 01:16:58.583: PQ: FastEthernet0/0 output (Pk size/Q 60/0)

 

Terlihat masing-masing priority list -nya sudah berjalan sesuai dengan yang sudah didefinisikan di awal.

*************************

LAB 3 RSVP

RSVP bertujuan untuk menyiapkan / reservasi bandwidth untuk keperluan tertentu, sehingga aplikasi/aktifitas port tertentu mendapatkan jaminan bandiwdth yang diinginkan, di contohkan dibawah adalah reserve 64 kbps untuk aktifitas telnet.

Konfigurasi R1

R1(config)#int lo 0

R1(config-if)#ip add 1.1.1.1 255.255.255.0


R1(config-if)#router eigrp 1

R1(config-router)#net 0.0.0.0

*Mar  1 01:19:10.251: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 12.12.12.2 (FastEthernet0/0) is up: new adjacency

R1(config-router)#int f0/0

R1(config-if)#ip rsvp bandwidth 64 64

R1(config)#ip rsvp sender-host 2.2.2.2 1.1.1.1 tcp 23 65535 10 1

  

R1(config)#

R1(config)#do sh ip rsvp                                       

RSVP: enabled (on 1 interface(s))

Rate Limiting: disabled

  Max msgs per interval: 4

  Interval length (msec): 20

  Max queue size: 500

  Max msgs per second: 200

 

Refresh Reduction: disabled

  ACK delay (msec): 250

  Initial retransmit delay (msec): 1000

  Local epoch: 0xCCD1AC

  Message IDs: in use 0, total allocated 0, total freed 0

 

Neighbors: 2

  RSVP encap: 1 UDP encap: 0 RSVP and UDP encap: 0

 

Local policy:

COPS:

 

Generic policy settings:

    Default policy: Accept all

    Preemption:     Disabled

 

 ***********************************************

BAB 4 MQC bandwidth

class-map match-all DHCP

match protocol dhcp

class-map match-all HTTP

match protocol http

class-map match-all TFTP

match protocol tftp

!

policy-map LATIHAN

class HTTP

bandwidth percent 50

class TFTP

bandwidth percent 20

class DHCP

bandwidth percent 10

class class-default

bandwidth percent 20

!

interface FastEthernet0/0

ip addr 12.12.12.1 255.255.255.0

max-reserved-bandwidth 100

service-policy output LATIHAN

VERIFIKASI

R2#show policy-map interface f0/0

FastEthernet0/0

Service-policy input: LATIHAN

Class-map: QOS0 (match-all)

1 packets, 174 bytes

5 minute offered rate 0 bps

Match: ip precedence 0

Class-map: QOS1 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 1

Class-map: QOS2 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 2

Class-map: QOS3 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 3

Class-map: QOS4 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 4

Class-map: QOS5 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 5

Class-map: QOS6 (match-all)

65 packets, 4775 bytes

5 minute offered rate 0 bps

Match: ip precedence 6

Class-map: QOS7 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip precedence 7

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

Service-policy output: QoS

Class-map: TELNET (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: none

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 640 (kbps) Burst 16000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

329 packets, 22773 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

LAB 5 LLQ

R2#sh run int f0/0

interface FastEthernet0/0

ip address 12.12.12.1 255.255.255.0

service-policy output QoS


VERIFIKASI

R2(config-if)#do sh policy-map interface f0/0

FastEthernet0/0

Service-policy output: QoS

Class-map: TELNET (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: none

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 640 (kbps) Burst 16000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

557 packets, 43070 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any


 

LAB 6 TRAFFIC Shapping

 

R2(config-if)#do sh run int f0/0


interface FastEthernet0/0

 ip address 12.12.12.2 255.255.255.0

 traffic-shape rate 640000 80000 0 1000

 

R2(config-if)#do sh traffic-shape

 

Interface   Fa0/0

       Access Target    Byte   Sustain   Excess    Interval  Increment Adapt

VC     List   Rate      Limit  bits/int  bits/int  (ms)      (bytes)   Active

-             640000    10000  80000     0         125       10000     -  

R2(config-if)#do ping 12.12.12.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

R2(config-if)#do sh traffic-shape statistics

                  Acc. Queue Packets   Bytes     Packets   Bytes     Shaping

I/F               List Depth                     Delayed   Delayed   Active

Fa0/0                   0     28        2237      0         0         no

 

***************************************

LAB 7 Legacy Frame Relay Traffic Shaping

SKENARIO : Traffic shapping Pada Frame-relay

interface Serial0/0
ip address 12.12.12.1 255.255.255.0
encapsulation frame-relay
no fair-queue
clock rate 2000000
frame-relay class FRTS
frame-relay traffic-shaping
frame-relay map ip 12.12.12.2 102
!
map-class frame-relay FRTS
frame-relay cir 640000
frame-relay bc 80000

VERIFIKASI 

R1#sh traffic-shape

Interface Se0/0
Access Target Byte Sustain Excess Interval Increment Adapt
VC List Rate Limit bits/int bits/int (ms) (bytes) Active
102 640000 10000 80000 0 125 10000 -

*******************************************

LAB 8 MQC Frame Relay Traffic Shaping

SKENARIO : MQC di Frame relay

policy-map LATIHAN
class class-default
shape average 640000 80000 0
!
interface Serial0/0
ip address 12.12.12.1 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay class FRTS
frame-relay map ip 12.12.12.2 102
!
map-class frame-relay FRTS
service-policy output LATIHAN

R2
interface Serial0/0
ip address 12.12.12.1 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay class FRTS
frame-relay map ip 12.12.12.1 201
!
map-class frame-relay FRTS
service-policy output LATIHAN

VERIFIKASI

R1#sh policy-map int s0/0
Serial0/0: DLCI 102 -

Service-policy output: LATIHAN

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
640000/640000 10000 80000 0 125 10000

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
– 0 0 0 0 0 no

**********************

LAB 9 Legacy Commited Access Rate

 

interface FastEthernet0/0

 ip address 12.12.12.2 255.255.255.0

 duplex auto

 speed auto

 traffic-shape rate 640000 80000 0 1000

end

 

R2(config-if)#no traffic-shape rate 640000 80000 0 1000

R2(config-if)#$00 10000 10000 conform-action transmit exceed-action drop    

R2(config-if)#do ping 12.12.12.1 re 15

 

Type escape sequence to abort.

Sending 15, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:

!!!!!!!!!!!!!!!

Success rate is 100 percent (15/15), round-trip min/avg/max = 20/45/132 ms

R2(config-if)#do sh int f0/0 rate-limit

FastEthernet0/0

  Input

    matches: all traffic

      params:  640000 bps, 10000 limit, 10000 extended limit

      conformed 28 packets, 2872 bytes; action: transmit

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 3352ms ago, current burst: 0 bytes

      last cleared 00:00:50 ago, conformed 0 bps, exceeded 0 bps

 

*********************

 

LAB 10 MQC Policing

 

 

 

****************

Lab 2 HSRP

 

 

 

 

interface FastEthernet0/0

ip address 12.12.12.1 255.255.255.0
duplex auto
speed auto
standby 1 ip 12.12.12.12
standby 1 preempt
standby 1 authentication md5 key-string cisco
!
interface Serial0/0
ip address 13.13.13.1 255.255.255.0
clock rate 2000000

R2

interface FastEthernet0/0
ip address 12.12.12.2 255.255.255.0

 standby 1 ip 12.12.12.12
standby 1 priority 110
standby 1 preempt
standby 1 authentication md5 key-string cisco

!
interface Serial0/0
ip address 23.23.23.2 255.255.255.0
clock rate 2000000

interface Serial0/1
no ip address
shutdown
clock rate 2000000

router eigrp 1
network 0.0.0.0
no auto-summary

VERIFIKASI

R1#sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   100  P Standby  12.12.12.2      local           12.12.12.12

Setelah inf 0/0 R2 dimatikan

R1(config-if)#do sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   100  P Active   local           unknown         12.12.12.12

R1(config-if)#

 

LAB 3 HSRP – Track Route

 

R2(config-if)#do sh standby brief

P indicates configured to preempt.

|

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   110  P Active   local           12.12.12.1      12.12.12.12

R2(config-if)#standby 1 track 1 decrement 20

R2(config)#track 1 ip route 3.3.3.3/32 reachability

R2(config-track)#int f0/0

R2(config-if)#standby 1 track 1 decrement 20

POSISI Active dengan priority 110

R2(config-if)#do sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   110  P Active   local           12.12.12.1      12.12.12.12

R2(config-if)#do sh ip route

….

o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

D       3.3.3.3 [90/2297856] via 23.23.23.3, 00:02:01, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

C       23.23.23.0 is directly connected, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C       12.12.12.0 is directly connected, FastEthernet0/0

13.0.0.0/24 is subnetted, 1 subnets

D       13.13.13.0 [90/2195456] via 12.12.12.1, 00:02:01, FastEthernet0/0

R2(config-if)#

Mematikan  lo R3 3.3.3.3

R2(config-if)#

*Mar  1 00:57:19.483: %TRACKING-5-STATE: 1 ip route 3.3.3.3/32 reachability Down->Up

*Mar  1 00:57:21.579: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

*Mar  1 00:58:04.483: %TRACKING-5-STATE: 1 ip route 3.3.3.3/32 reachability Up->Down

*Mar  1 00:58:06.711: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak

*Mar  1 00:58:16.711: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

*Mar  1 00:58:28.051: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

R1 Jadi Standby 

R1(config-if)#do sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   100  P Active   local           12.12.12.2      12.12.12.12

R2(config-if)#do sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   90   P Standby  12.12.12.1      local           12.12.12.12

Lo R3 dinyalakan kembali :

R2(config-if)#do sh

*Mar  1 01:00:04.483: %TRACKING-5-STATE: 1 ip route 3.3.3.3/32 reachability Down->Up

R2(config-if)#do sh st

*Mar  1 01:00:06.799: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

Terlihat R2 kembali menjadi Standby dan R1 menjadi Active

R2(config-if)#do sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   110  P Active   local           unknown         12.12.12.12

*************************

LAB 4 HSRP IP SLA

Skenario : Uji Coba lab

R1

interface FastEthernet0/0

ip address 12.12.12.2 255.255.255.0

standby 1 ip 12.12.12.12

standby 1 priority 110

standby 1 preempt

standby 1 authentication md5 key-string cisco

standby 1 track 1 decrement 20

end

R2(config)#ip sla monitor 1

R2(config-sla-monitor)#type echo protocol ipicmpEcho 3.3.3.3

R2(config-sla-monitor-echo)#timeout 2000

R2(config-sla-monitor-echo)#frequency 3

R2(config-sla-monitor-echo)#exit

R2(config)#ip sla monitor schedule 1 start-time now

R2(config)#track 1 rtr 1

VERIFIKASI

Saat lo 0 di R3 dimatikan, R2 akan menjadi Backup karena priority berkurang 90.

R2(config-track)#do sh standby brief

     P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP    

Fa0/0       1   110  P Active   local           12.12.12.1      12.12.12.12   

R2(config-track)#

*Mar  1 00:31:51.059: %TRACKING-5-STATE: 1 rtr 1 state Up->Down

*Mar  1 00:31:51.799: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak

R2(config-track)#do sh standby br

*Mar  1 00:32:01.799: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

R2(config-track)#do sh standby brief

    P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP    

Fa0/0       1   90   P Standby  12.12.12.1      local           12.12.12.12 

*******************

Lab 5 HSRP Load Balance

 

Note : PC 1 dan 2 berbeda Gateway

PC1 : 12.12.12.101 Gw 12.12.12.11

PC 2 : 12.12.12.102 Gw 12.12.12.12

R1

interface FastEthernet0/0

ip address 12.12.12.1 255.255.255.0

duplex auto

speed auto

standby 1 ip 12.12.12.12

standby 1 preempt

standby 1 authentication md5 key-string cisco

standby 2 ip 12.12.12.11

standby 2 priority 110

standby 2 preempt

standby 2 authentication md5 key-string cisco

R2

interface FastEthernet0/0

ip address 12.12.12.2 255.255.255.0

duplex auto

speed auto

standby 1 ip 12.12.12.12

standby 1 priority 110

standby 1 preempt

standby 1 authentication md5 key-string cisco

standby 1 track 1 decrement 20

standby 2 ip 12.12.12.11

standby 2 preempt

standby 2 authentication md5 key-string cisco

VERIFIKASI

Dari kedua PC bisa ping  ujung 3.3.3.3 melalui route yang berbeda.

R2#sh standby brief

P indicates configured to preempt.

Interface   Grp Prio P State    Active          Standby         Virtual IP

Fa0/0       1   110  P Active   local           12.12.12.1      12.12.12.12

Fa0/0       2   100  P Standby  12.12.12.1      local           12.12.12.11

**********************

LAB 6 VRRP

Current configuration : 183 bytes

!

interface FastEthernet0/0

ip address 12.12.12.1 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 12.12.12.12

vrrp 1 priority 110

vrrp 1 authentication md5 key-string cisco

end

R1(config-if)#do sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Fa0/0              1   110 3570       Y  Master  12.12.12.1      12.12.12.12

!

interface FastEthernet0/0

ip address 12.12.12.2 255.255.255.0

duplex auto

speed auto

vrrp 1 ip 12.12.12.12

vrrp 1 authentication md5 key-string cisco

end

R2(config-if)#do sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Fa0/0              1   100 3609       Y  Backup  12.12.12.1      12.12.12.12

Shutdwon Int f0/0 R1

R2(config-if)#do sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Fa0/0              1   100 3609       Y  Backup  12.12.12.1      12.12.12.12

R2(config-if)#

*Mar  1 00:23:08.343: %TRACKING-5-STATE: 1 rtr 1 state Down->Up

R2(config-if)#

*Mar  1 00:23:16.739: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master

R2(config-if)#do sh v

*Mar  1 00:23:30.155: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 12.12.12.1 (FastEthernet0/0) is down: holding time expired

R2(config-if)#do sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Fa0/0              1   100 3609       Y  Master  12.12.12.2      12.12.12.12

Dikembalikan :

R1(config-if)#no shut

R1(config-if)#

*Mar  1 00:26:02.007: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup

R1(config-if)#

*Mar  1 00:26:03.999: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

*Mar  1 00:26:05.579: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master

R1(config-if)#

*************************

LAB 7 VRRP Track Route

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

D       3.3.3.3 [90/2297856] via 13.13.13.3, 00:03:14, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

D       23.23.23.0 [90/2195456] via 12.12.12.2, 00:03:14, FastEthernet0/0

12.0.0.0/24 is subnetted, 1 subnets

C       12.12.12.0 is directly connected, FastEthernet0/0

13.0.0.0/24 is subnetted, 1 subnets

C       13.13.13.0 is directly connected, Serial0/0

R1(config-track)#track 1 ip route 3.3.3.3/32 reachability

R1(config-track)#int f0/0

R1(config-if)#vrrp 1 track 1 decrement 20

Shutdon lo 3 3.3.3.3.

*Mar  1 00:31:28.343: %TRACKING-5-STATE: 1 rtr 1 state Up->Down

R2(config-if)#

*Mar  1 00:31:38.091: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master

R2(config-if)#do sh vrrp brief

Interface          Grp Pri Time  Own Pre State   Master addr     Group addr

Fa0/0              1   100 3609       Y  Master  12.12.12.2      12.12.12.12

**********************

Lab 10 GLBP – Load Balancing – Track route

Skenario

R1

interface FastEthernet0/0

ip address 12.12.12.1 255.255.255.0

duplex auto

speed auto

glbp 1 ip 12.12.12.12

end

R1(config-if)#do sh glbp brief

Interface   Grp  Fwd Pri State    Address         Active router   Standby router

Fa0/0       1    -   100 Standby  12.12.12.12     12.12.12.2      local

Fa0/0       1    1   -   Listen   0007.b400.0101  12.12.12.2      -

Fa0/0       1    2   -   Active   0007.b400.0102  local          

R2

interface FastEthernet0/0

ip address 12.12.12.2 255.255.255.0

duplex auto

speed auto

glbp 1 ip 12.12.12.12

end

R2(config-if)#do sh glbp brief

Interface   Grp  Fwd Pri State    Address         Active router   Standby router

Fa0/0       1    -   100 Active   12.12.12.12     local           12.12.12.1

Fa0/0       1    1   -   Active   0007.b400.0101  local           -

Fa0/0       1    2   -   Listen   0007.b400.0102  12.12.12.1      -

 

R2(config-if)#no glbp 1 ip 12.12.12.12

R2(config-if)#no glbp 1 ip 12.12.12.12

*Mar  1 01:07:54.755: %GLBP-6-FWDSTATECHANGE: FastEthernet0/0 Grp 1 Fwd 1 state Active -> Init

*Mar  1 01:07:54.759: %GLBP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Disabled

R2(config-if)#glbp 1 ip 12.12.12.12  

R2(config-if)#do s

*Mar  1 01:08:51.867: %GLBP-6-FWDSTATECHANGE: FastEthernet0/0 Grp 1 Fwd 1 state Listen -> Active

R2(config-if)#     

 

********************

LAB 14 EEM – Embedded Event Manager

Skenario :  memberikan perintah secara automatis pada router untuk melakukan suatu hal ( reload, shutdown interface dsb) jika sesuatu terjadi.

!

event manager applet WatchLo0

event syslog pattern “Interface Loopback0.* down” period 1

action 2.0 cli command “enable”

action 2.1 cli command “config t”

action 2.2 cli command “int lo 0″

action 2.3 cli command “no shut”

action 3.0 cli command “lansung dihidupkan kembali oleh cisco bot :p “

!

end

R1(config-applet)#int lo 0

R1(config-if)#shutdown

R1(config-if)#

*Mar  1 00:12:29.171: %LINK-5-CHANGED: Interface Loopback0, changed state to administratively down

*Mar  1 00:12:29.511: %HA_EM-6-LOG: WatchLo0: langsung dihidupkan kembali oleh cisco bot :p

*Mar  1 00:12:31.407: %LINK-3-UPDOWN: Interface Loopback0, changed state to up

 

**********************

Lab 15 NETFLOW ( liat di postingan ini aja kali ya :)

***********************

 

NAT

 

LAB 5 Dynamic NAT (Sequence)

R1

 R1(config)#int f0/0

R1(config-if)#ip add 12.12.12.1 255.255.255.0

R1(config-if)#ip nat out

R1(config-if)#int lo 0

R1(config-if)#ip add 10.10.10.1 255.255.255.0

R1(config-if)#ip add 10.10.10.2 255.255.255.0 sec

R1(config-if)#ip add 10.10.10.3 255.255.255.0 sec

R1(config-if)#ip add 10.10.10.4 255.255.255.0 sec

R1(config-if)#ip add 10.10.10.5 255.255.255.0 sec

R1(config-if)#ip nat inside

 

R1(config-if)#ip route 0.0.0.0 0.0.0.0 12.12.12.2

 

R1(config)#ip nat pool TES 20.20.20.1 20.20.20.5 prefix-length 24

R1(config)#ip nat inside source list 1 pool TES

R1(config)#access-list 1 permit 10.10.10.2

R1(config)#access-list 1 permit 10.10.10.3

R1(config)#access-list 1 permit 10.10.10.4

R1(config)#access-list 1 permit 10.10.10.5

R1(config)#access-list 1 permit 10.10.10.1

 

 

 

Verifikasi :

 

R1(config)#do ping 2.2.2.2 so 10.10.10.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/60/128 ms

R1(config)#

*Mar  1 00:12:57.159: NAT: s=10.10.10.4->20.20.20.1, d=2.2.2.2 [20]

*Mar  1 00:12:57.283: NAT*: s=2.2.2.2, d=20.20.20.1->10.10.10.4 [20]

*Mar  1 00:12:57.287: NAT: s=10.10.10.4->20.20.20.1, d=2.2.2.2 [21]

*Mar  1 00:12:57.387: NAT*: s=2.2.2.2, d=20.20.20.1->10.10.10.4 [21]

*Mar  1 00:12:57.391: NAT: s=10.10.10.4->20.20.20.1, d=2.2.2.2 [22]

*Mar  1 00:12:57.415: NAT*: s=2.2.2.2, d=20.20.20.1->10.10.10.4 [22]

*Mar  1 00:12:57.419: NAT: s=10.10.10.4->20.20.20.1, d=2.2.2.2 [23]

*Mar  1 00:12:57.439: NAT*: s=2.2.2.2, d=20.20.20.1->10.10.10.4 [23]

*Mar  1 00:12:57.439: NAT: s=10.10.10.4->20.20.20.1, d=2.2.2.2 [24]

R1(config)#

*Mar  1 00:12:57.455: NAT*: s=2.2.2.2, d=20.20.20.1->10.10.10.4 [24]

R1(config)#do ping 2.2.2.2 so 10.10.10.5

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/84/168 ms

R1(config)#

*Mar  1 00:13:11.751: NAT: s=10.10.10.5->20.20.20.2, d=2.2.2.2 [25]

*Mar  1 00:13:11.915: NAT*: s=2.2.2.2, d=20.20.20.2->10.10.10.5 [25]

*Mar  1 00:13:11.919: NAT: s=10.10.10.5->20.20.20.2, d=2.2.2.2 [26]

*Mar  1 00:13:12.035: NAT*: s=2.2.2.2, d=20.20.20.2->10.10.10.5 [26]

*Mar  1 00:13:12.039: NAT: s=10.10.10.5->20.20.20.2, d=2.2.2.2 [27]

*Mar  1 00:13:12.135: NAT*: s=2.2.2.2, d=20.20.20.2->10.10.10.5 [27]

*Mar  1 00:13:12.135: NAT: s=10.10.10.5->20.20.20.2, d=2.2.2.2 [28]

*Mar  1 00:13:12.151: NAT*: s=2.2.2.2, d=20.20.20.2->10.10.10.5 [28]

*Mar  1 00:13:12.155: NAT: s=10.10.10.5->20.20.20.2, d=2.2.2.2 [29]

R1(config)#

*Mar  1 00:13:12.175: NAT*: s=2.2.2.2, d=20.20.20.2->10.10.10.5 [29]

R1(config)#do ping 2.2.2.2 so 10.10.10.2

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/62/148 ms

R1(config)#

*Mar  1 00:13:43.939: NAT: s=10.10.10.2->20.20.20.3, d=2.2.2.2 [30]

*Mar  1 00:13:44.079: NAT*: s=2.2.2.2, d=20.20.20.3->10.10.10.2 [30]

*Mar  1 00:13:44.083: NAT: s=10.10.10.2->20.20.20.3, d=2.2.2.2 [31]

*Mar  1 00:13:44.179: NAT*: s=2.2.2.2, d=20.20.20.3->10.10.10.2 [31]

*Mar  1 00:13:44.183: NAT: s=10.10.10.2->20.20.20.3, d=2.2.2.2 [32]

*Mar  1 00:13:44.203: NAT*: s=2.2.2.2, d=20.20.20.3->10.10.10.2 [32]

*Mar  1 00:13:44.207: NAT: s=10.10.10.2->20.20.20.3, d=2.2.2.2 [33]

*Mar  1 00:13:44.231: NAT*: s=2.2.2.2, d=20.20.20.3->10.10.10.2 [33]

*Mar  1 00:13:44.231: NAT: s=10.10.10.2->20.20.20.3, d=2.2.2.2 [34]

R1(config)#

*Mar  1 00:13:44.251: NAT*: s=2.2.2.2, d=20.20.20.3->10.10.10.2 [34]

R1(config)#do ping 2.2.2.2 so 10.10.10.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/73/192 ms

R1(config)#

*Mar  1 00:13:48.979: NAT: s=10.10.10.1->20.20.20.4, d=2.2.2.2 [35]

*Mar  1 00:13:49.167: NAT*: s=2.2.2.2, d=20.20.20.4->10.10.10.1 [35]

*Mar  1 00:13:49.171: NAT: s=10.10.10.1->20.20.20.4, d=2.2.2.2 [36]

*Mar  1 00:13:49.271: NAT*: s=2.2.2.2, d=20.20.20.4->10.10.10.1 [36]

*Mar  1 00:13:49.275: NAT: s=10.10.10.1->20.20.20.4, d=2.2.2.2 [37]

*Mar  1 00:13:49.303: NAT*: s=2.2.2.2, d=20.20.20.4->10.10.10.1 [37]

*Mar  1 00:13:49.307: NAT: s=10.10.10.1->20.20.20.4, d=2.2.2.2 [38]

*Mar  1 00:13:49.331: NAT*: s=2.2.2.2, d=20.20.20.4->10.10.10.1 [38]

*Mar  1 00:13:49.331: NAT: s=10.10.10.1->20.20.20.4, d=2.2.2.2 [39]

R1(config)#

*Mar  1 00:13:49.343: NAT*: s=2.2.2.2, d=20.20.20.4->10.10.10.1 [39]

 

 

R1(config)#do sh ip nat trans

Pro Inside global      Inside local       Outside local      Outside global

— 20.20.20.4         10.10.10.1         —                —

— 20.20.20.3         10.10.10.2         —                —

— 20.20.20.1         10.10.10.4         —                —

— 20.20.20.2         10.10.10.5         —                —

Advertisement
Categories: BOOTCAMP, QOS

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.