Scribd
Upload
28 views34 pages

JNCIA JunOS Lab Guide Bootcamp 1659739031

Uploaded by

RafaelTotola
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views34 pages

JNCIA JunOS Lab Guide Bootcamp 1659739031

Uploaded by

RafaelTotola
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

JNCIA-Junos Bootcamp

Foryanto Jaya Wiguna


[email protected]
CCNA, CCNP, CCIE-Wr, JNCIA-JunOS, JNCIA-Cloud, JNCIS-ENT, JNCIP-DC
JNCIA-Junos Bootcamp

DAFTAR ISI
Lab 1 User Interface Options ……………………………………………………………... 1
Lab 2 Initial Configuration …………………………………………………………………. 5
Lab 3 Secondary System Configuration ………………………………………………... 7
Lab 4 Operational Monitoring and Maintenance ………………................................. 11
Lab 5 VLAN Tagging and Logical Systems …………………………………………….. 15
Lab 6 Routing Fundamentals ……………………………………………………………... 20
Lab 7 Routing Policy and Firewall Filters ………………………………………………. 23
Lab 8 Challenge Lab ………………………………………………………………………... 27
JNCIA-Junos Bootcamp

Lab 1
User Interface Options

JUNOS Topology

Terhubung ke Router Juniper VMWare Workstation:


• Anda dapat melakukan ssh/telnet ke JunOS VMWare yang sudah di buat
dengan IP interface management em0 unit 0 pada masing- masing router.

Hostname Interface em0 Address


Junos1 192.168.0.1
Junos2 192.168.0.2
Junos3 192.168.0.3
Junos4 192.168.0.4

Page 1
JNCIA-Junos Bootcamp

Logging In
• Jika user bukan root maka bisa langsung masuk ke mode CLI
Amnesiac (ttyd0)

login: lab
Password:

--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC


lab>

• Jika anda masuk sebagai root maka pertama anda akan masuk ke mode shell.
Untuk masuk ke mode CLI anda harus ketik cli
Amnesiac (ttyd0)

login: root
Password:

--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC


root@%
root@% cli
root>

Mode CLI
• Mode Operational: digunakan untuk memonitor dan toubleshoot software,
network connectivity, dan hardware
login: lab
Password:

--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC


lab>

• Mode Configuration: digunakan untuk mengkonfigurasi perangkat, termasuk


didalamnya interface, protocol, akses user, dan system hardware properties
lab> configure
Entering configuration mode

[edit]
lab#

Command Bantuan
• Menggunakan command “?”
lab> ?
Possible completions:
clear Clear information in the system
configure Manipulate software configuration information
file Perform file operations
help Provide help information
...

lab> clear ?
Possible completions:
arp Clear address resolution information
bfd Clear Bidirectional Forwarding Detection
information
bgp Clear Border Gateway Protocol information
cli Clear command-line interface settings
dhcp Clear DHCP information

Page 2
JNCIA-Junos Bootcamp

• Menggunakan command help


lab> help topic ?
Possible completions:
access Network access control
accounting-options Accounting data collection
applications Application protocols
bgp Border Gateway Protocol
bridge-domains Layer 2 bridging domains
chassis Platform

lab> help reference ?


Possible completions:
access Network access control
accounting-options Accounting data collection
applications Application protocols
bgp Border Gateway Protocol
bridge-domains Layer 2 bridging domains
chassis Platform

• Menggunakan tombol Spacebar untuk melengkapi command


lab> sh<space>ow i<space>
Possible completions:
<[Enter]> Execute this command
<interface-name> Name of physical or logical interface
dsc
em0

• Menggunakan tombol Tab untuk melengkapi command dan variable


[edit policy-options]
lab# show policy-statement t<tab>his-is-my-policy
then accept;

[edit policy-options]
lab#

Melakukan editing command


• Menggunakan tombol Ctrl+a untuk memindahkan cursor langsung ke depan
• Menggunakan tombol Ctrl+b untuk memindahkan cursor satu huruf ke belakang
• Menggunakan tombol Ctrl+e untuk memindahkan cursor langsung ke depan
• Menggunakan tombol Ctrl+f untuk memindahkan cursor satu huruf ke depan

Penggunaan | (Pipe)
• Pipe (|)digunakan untuk memanipulasi output dari sebuah command.
lab> show interfaces terse | ?
Possible completions:
count Count occurrences
display Show additional kinds of information
except Show only text that does not match a pattern
find Search for first occurrence of pattern
hold Hold text without exiting the --More-- prompt
last Display end of output only
match Show only text that matches a pattern
no-more Don't paginate output

Page 3
JNCIA-Junos Bootcamp

request Make system-level requests


resolve Resolve IP addresses
save Save output text to file
trim Trim specified number of columns from start of line

root@R1> show interfaces terse | match em0


em0 up up

root@R1>

Masuk ke Mode Configuration


• Menggunakan perintah configure untuk masuk ke mode configuration
lab> configure
lab#

• Menggunakan perintah configure exclusive menyebabkan user lain tidak bisa


masuk ke mode configuration
lab> configure exclusive
lab#

• Menggunakan perintah configure private menyebabkan user lain bisa masuk


ke mode configuration, tetapi ketika setiap melakukan konfigurasi dan commit
maka yang ter-commit hanya konfigurasi masing-masing user.
lab> configure private
lab#

Reset Router Juniper (Memuat Konfigurasi Factory)


lab> configure
lab# load factory default
lab# set system root-authentication plain-text-password
New password:
Retype new password:

lab# commit
lab# exit
lab>

Page 4
JNCIA-Junos Bootcamp

Lab 2
Initial Configuration

Lab Topology

Initial Configuration
• Konfigurasi password root (sebaiknya diseragamkan dengan lab123)
• Konfigurasi Hostname Konfigurasi system time
• Konfigurasi Protokol remote akses
• Konfigurasi interface
Amnesiac (ttyd0)

login: root
Password:
--- JUNOS 12.1R1.9 built 2012-03-24 12:52:33 UTC
root@% cli
root> configure
root# set system root-authentication plain-text-password
New password:
Retype new password:

root# set system host-name R1


root# set system time-zone Asia/Jakarta
root# run set date 201111131515.00
root# set system services telnet
root# set system services ssh
root# set system services ftp
root# set system services web-management http interface em0.0
root# set interfaces em0.0 family inet address 192.168.0.1/24
root# commit and-quit

Page 5
JNCIA-Junos Bootcamp

root@R1> show interfaces terse


Interface Admin Link Proto Local Remote
dsc up up
em0 up up
em0.0 up up inet 192.168.0.1/24
em1 up up
em2 up up
em3 up up
em4 up up
em5 up up
gre up up
ipip up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet
lsi up up
mtun up up
pimd up up
pime up up
tap up up

root@R1>

Page 6
JNCIA-Junos Bootcamp

Lab 3
Secondary System Configuration

Lab Topology

Konfigurasi User Atentikasi


• Menggunakan Radius dan TACACS+
Autentikasi Server IP Secret
Radius 192.168.0.200 lab123
TACAS+ 192.168.0.200 lab123

[edit]
root@R1> configure
root@R1# edit system
root@R1# set radius-server 192.168.0.200 secret lab123
root@R1# set tacplus-server 192.168.0.200 secret lab123
root@R1# set authentication-order radius
root@R1# set authentication-order tacplus
root@R1# commit

root@R1# show system authentication-order


authentication-order [ radius tacplus ];

• Menggunakan Local Database


Username Password Class
root lab123 Super-user
lab lab123 Super-user

Page 7
JNCIA-Junos Bootcamp

[edit]
root@R1# top
root@R1# set authentication-order password
root@R1# set system root-authentication plain-text-password
New password:
Retype new password:
root@R1# edit system login
root@R1# set user lab class super-user authentication plain-text-password
New password:
Retype new password:

root@R1# top
root@R1# commit

Konfigurasi System Logging dan Tracing


• Ini adalah default Konfigurasi Syslog pada juniper.
root@R1# top
root@R1# show system syslog
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}

[edit]
root@R1#

• Contoh konfigurasi tambahan pada syslog


root@R1# top
root@R1# edit system syslog
root@R1# set host 192.168.1.5 any notice
root@R1# set host 192.168.1.5 authorization info

root@R1# edit file config-changes


root@R1# set change-log info
root@R1# set archive files 3 size 10m no-world-readable
root@R1# set archive transfer-interval 5
root@R1# set archive archive-sites "ftp://[email protected]:/" password
lab123
root@R1# commit
root@R1# top
root@R1#

• Monitor konfigurasi syslog


root@R1# top
root@R1# exit
root@R1> show log config-changes
root@R1>

Page 8
JNCIA-Junos Bootcamp

Konfigurasi Traceoptions
• Konfigurasi Traceoptions. Traceoptions digunakan untuk mengumpulkan
informasi log yang terjadi pada protocol.
root@R1# top
root@R1# edit protocols ospf
root@R1# set traceoptions file ospf-trace replace size 128k
root@R1# set traceoptions file ospf-trace files 10 no-stamp
root@R1# set traceoptions file ospf-trace no-world-readable
root@R1# set traceoptions flag event detail
root@R1# set traceoptions flag error detail
root@R1# commit
root@R1# top
root@R1#

• Monitoring Traceoptions
root@R1# top
root@R1# show protocols ospf
traceoptions {
file ospf-trace replace size 128k files 10 no-stamp no-world-readable;
flag event detail;
flag error detail;
}

[edit]

root@R1# top
root@R1# exit
root@R1> monitor start ospf-trace
root@R1>

Konfigurasi NTP
• Konfigurasi NTP
root@R1# edit system ntp
root@R1# set boot-server 192.168.0.200
root@R1# set server 192.168.0.200
root@R1# commit
root@R1# top
root@R1#

• Monitoring NTP
root@R1# top
root@R1# show system ntp
boot-server 192.168.0.200;
server 192.168.0.200;

root@R1# run show ntp associations


root@R1#

Konfigurasi Archiving Configuration


• Konfigurasi Archiving
root@R1# top
root@R1# edit system archival configuration
root@R1# set transfer-on-commit archive-sites "ftp://[email protected]:/"
password lab123
root@R1# commit
root@R1# top
root@R1#

Page 9
JNCIA-Junos Bootcamp

• Monitoring Konfigurasi Archiving


root@R1# top
root@R1# show system archival
configuration {
transfer-on-commit;
archive-sites {
"ftp://[email protected]:/" password "$9$ZuGi.Pfzn6A.mO1hcle"; ##
SECRET-DATA
}
}

[edit]
root@R1#

• Lihat Archiving yang sudah terkirim


root@R1# top
root@R1# exit
root@R1> file list /var/transfer/config detail

Konfigurasi Simple Network Management Protocol (SNMP)


• Konfigurasi SNMP
root@R1# top
root@R1# edit snmp
root@R1# set description "Router Juniper"
root@R1# set location "Gedung A - Rack 5"
root@R1# set contact "Doni - vendor"
root@R1# set community juniper authorization read-only
root@R1# set community juniper clients 192.168.0.0/24

root@R1# set trap-group my-juniper version v2


root@R1# set trap-group my-juniper categories chassis
root@R1# set trap-group my-juniper categories link
root@R1# set trap-group my-juniper targets 192.168.0.200
root@R1# commit
root@R1# top

root@R1# show snmp


description "Router Juniper";
location "Gedung A - Rack 5";
contact "Doni - vendor";
community juniper {
authorization read-only;
clients {
192.168.0.0/24;
}
}
trap-group my-juniper {
version v2;
categories {
chassis;
link;
}
targets {
192.168.0.200;
}
}

[edit]
root@R1#

Page 10
JNCIA-Junos Bootcamp

Lab 4
Operational Monitoring and Maintenance

Lab Topology

Monitoring menggunakan CLI


• Monitoring Chasis menggunakan perintah show. Pada monitor
• Monitoring Interface menggunakan perintah show dan monitor
• Melihat utilitas network menggunakan perintah ping dan traceroute
root@R1> show chassis ?
Possible completions:
alarms Show alarm status
craft-interface Show craft interface status
environment Show component status and temperature
fpc Show Flexible PIC Concentrator status
hardware Show installed hardware components
location Show physical location of chassis
mac-addresses Show media access control addresses
pic Show Physical Interface Card state, type, and uptime
routing-engine Show Routing Engine status
temperature-thresholds Show chassis temperature threshold settings
...

root@R1> show chassis hardware


Hardware inventory:
Item Version Part number Serial number Description
Chassis JN021208AA J2300
Routing Engine REV 07 750-009992 AA07310158 RE-J.1
FPC 0 REV 06 750-010739 AC07310069 FPC
PIC 0 2x FE, 2x Serial
Power Supply 0

root@R1> show chassis environment


Class Item Status Measurement
Temp Routing Engine OK 46 degrees C / 114 degrees F
Fans Jseries CPU fan OK Spinning at normal speed
Power Power Supply 0 Present

Page 11
JNCIA-Junos Bootcamp

root@R1> show interfaces terse


Interface Admin Link Proto Local Remote
dsc up up
em0 up up
em0.0 up up inet 192.168.1.1/24
em1 up up
em2 up up
em3 up up
em4 up up
em5 up up
gre up up
ipip up up
lo0 up up
lo0.16384 up up inet 127.0.0.1 --> 0/0
lo0.16385 up up inet
lsi up up
mtun up up
pimd up up
pime up up
tap up up

root@R1> show interfaces em0.0 extensive


Logical interface em0.0 (Index 67) (SNMP ifIndex 18) (Generation 138)
Flags: SNMP-Traps Encapsulation: ENET2
Traffic statistics:
Input bytes : 0
Output bytes : 42
Input packets: 0
Output packets: 1
Local statistics:
Input bytes : 0
Output bytes : 42
Input packets: 0
Output packets: 1
Protocol inet, MTU: 1504, Generation: 148, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.0/24, Local: 192.168.0.1, Broadcast: 192.168.0.255,
Generation: 148

root@R1> monitor interface em0.0


R1 Seconds: 13 Time: 22:34:02
Delay: 0/0/1
Interface: em0.0, Enabled, Link is Up
Flags: SNMP-Traps
Encapsulation: ENET2
Local statistics: Current delta
Input bytes: 66318 [1770]
Output bytes: 42 [0]
Input packets: 725 [17]
Output packets: 1 [0]
Traffic statistics:
Input bytes: 66318 [1770]
Output bytes: 42 [0]
Input packets: 725 [17]
Output packets: 1 [0]
Protocol: inet, MTU: 1500, Flags: Is-Primary

Next='n', Quit='q' or ESC, Freeze='f', Thaw='t', Clear='c', Interface='i'

Page 12
JNCIA-Junos Bootcamp

• Lakukan Ping dan traceroute ke server


root@R1> ping 192.168.0.200
PING 192.168.0.200 (192.168.0.200): 56 data bytes
64 bytes from 192.168.0.200: icmp_seq=0 ttl=64 time=4.160 ms
64 bytes from 192.168.0.200: icmp_seq=1 ttl=64 time=0.010 ms
^C
--- 192.168.0.200 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.010/2.085/4.160/2.075 ms

root@R1> traceroute 192.168.0.200


traceroute to 192.168.0.200 (192.168.0.200), 30 hops max, 40 byte packets
1 192.168.0.200 (192.168.0.200) 3.715 ms 0.101 ms 0.045 ms

• Untuk uji coba telnet ini, coba lakukan telnet melalui PC anda masing-masing
menuji router anda masing masing.

Upgrade/Downgrade Junos Software


• Cara mudah agar anda dapat mengirimkan paket junos ke dalam juniper adalah
dengan menjalankan filezilla (FTP client), karena dengan perintah yang sudah
anda lakukan set system services ftp maka router juniper sudah
bertindak sebagai FTP server.
• Pastikan kapasitas dari Flash Memory router mencukupi untuk menambahkan
junos baru
• Setelah ftp ke juniper router berhasil, transferlah junos baru ke direktori /var/tmp
pada juniper.

lab> show version


Model: j2300
JUNOS Software Release [8.1R4.3] (Export edition)

lab> show version


Model: j2300
JUNOS Software Release [8.1R4.3] (Export edition)

Page 13
JNCIA-Junos Bootcamp

lab> request system software add /var/tmp/junos-jseries-8.5R4.3-export.tgz ?


Possible completions:
<[Enter]> Execute this command
best-effort-load Load succeeds if at least one statement is valid
delay-restart Don't restart processes
no-copy Don't save copies of package files
no-validate Don't check compatibility with current configuration
reboot Reboot system after adding package
unlink Remove the package after successful installation
validate Check compatibility with current configuration
| Pipe through a command
lab> request system software add /var/tmp/junos-jseries-8.5R4.3-export.tgz no-copy
no-validate unlink reboot

Page 14
JNCIA-Junos Bootcamp

Lab 5
VLAN Tagging and Logical Systems

Pengalamatan: Pengalamatan pada lab berikut nya ini sangat khas dan
mempermudah student untuk memahami lebih mudah topologi kami. Misalkan anda
menghubungkan Router-1 dengan Router-2 maka IP Address yang digunakan untuk
interkoneksi antar router tersebut adalah 12.12.12.0/24, 1 mengindikasikan router-1
dan 2 mengindikasikan router-2.

Sub-Interface: Pada juniper untuk assign sebuah interface dapat menggunakan


interface utama atau bisa dikatakan tanpa sub interface (menggunakan unit 0). Jika
anda menggunakan teknologi lain sehingga membentuk sub interface maka biasanya
nomor sub-interface disamakan dengan virtual circuit yang terbentuk. Misalkan jika
anda membuat sebuah vlan tagging maka nomor sub-interface disamakan dengan
nomor VLAN. Dengan demikian maka setiap sub-interface akan memiliki subnet IP
address yang berbeda-beda.

Logical Systems: Logical-sytems pada juniper adalah sebuah fitur pada juniper
membentuk sebuah logika router (router virtual) didalam router fisik. Dengan ini maka
pengguna dapat membentuk banyak virtual router di dalam router fisik. Setiap logika
router akan memiliki table routing dan forwarding yang berberda bagi masing-masing
logika router. Sekarang pertanyaannya bagaimana membentuk koneksi dengan
topologi yang complex didalam router agar router tersebut dapat kita gunakan untuk
belajar?. Caranya adalah untuk interkoneksi kita dapat menggunakan vlan-tagging
untuk masing-masing interkoneksi.

Konfigurasi Interface Tunggal


Em0 12.12.12.0/24 em0 em0 78.78.78.0/24 em0
R1 R2 R7 R8

em0 34.34.34.0/24 em0 em0 90.90.90.0/24 em0


R3 R4 R9 R10

em0 56.56.56.0/24 em0 em0 112.112.112.0/24 em0


R5 R6 R11 R12

• Dengan menggunakan topologi diatas coba lakukan konfigurasi interface agar


masing-masing router dapat terhubung dan dapat melakukan komunikasi
• Gunakan perintah ping dari masing-masing router ke router tetangganya.
• Interface menggunakan unit 0 (interface tunggal)

root@R1> configure
root@R1# delete interfaces em0
root@R1# set interfaces em0.0 family inet address 12.12.12.1/24
root@R1# commit and-quit

root@R1> ping 12.12.12.2 count 5


PING 12.12.12.2 (12.12.12.2): 56 data bytes
64 bytes from 12.12.12.2: icmp_seq=0 ttl=64 time=5.416 ms

Page 15
JNCIA-Junos Bootcamp

64 bytes from 12.12.12.2: icmp_seq=1 ttl=64 time=0.014 ms


64 bytes from 12.12.12.2: icmp_seq=2 ttl=64 time=0.493 ms
64 bytes from 12.12.12.2: icmp_seq=3 ttl=64 time=0.825 ms
64 bytes from 12.12.12.2: icmp_seq=4 ttl=64 time=0.781 ms

--- 12.12.12.2 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.014/1.506/5.416/1.976 ms

root@R1>

Konfigurasi Interface VLAN-Tagging


• Tetap menggunakan topologi diatas, yang bebeda adalah jika tadi menggunakan
interface tunggal sekarang anda diminta untuk membentuk sub -interface
dengan nomor vlan yang unik. Misalkan jika router-1 terhubung dengan router-2
maka vlan-id yang digunakan adalah 12. Begitu juga dengan router lainnya
tinggal diganti sesuai nomor routernya.

root@R1> configure
root@R1# delete interfaces em0
root@R1# set interfaces em0 vlan-tagging
root@R1# set interfaces em0.12 vlan-id 12
root@R1# set interfaces em0.12 family inet address 12.12.12.1/24

root@R1# commit and-quit


root@R1> ping 12.12.12.2 count 5 rapid
PING 12.12.12.2 (12.12.12.2): 56 data bytes
!!!!!
--- 12.12.12.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.361/0.860/2.592/0.867 ms

Konfigurasi Logical Systems


Seperti yang sudah dijelaskan sebelumnya, bahwa Logical Systems digunakan untuk
menciptakan sebuah banyak Router Virtual pada router fisik. Dibawah ini adalah
Topologi yang akan kita ciptakan dengan menggunakan Logical Systems. Berikut ini
adalah aturan yang perlu anda ketahui:
• Setiap Logical System harus memiliki nama yang berbeda (misalkan R1, R2, R2,
dan seterusnya)
• Gunakanlah interface em0 untuk management dan interface em1 s.d em5 untuk
menciptakan koneksi antar logical system (Virtual Router).
• Setiap satu koneksi antar logical system harus menggunakan vlan-id yang sama
• Jika satu vlan-id sudah digunakan, tidak boleh dipakai untuk interkoneksi yang
lain.
• Tiap router yang terhubung harus menggunakan interface yang berbeda.
Misalkan pada R1 menggunakan em1 maka pada R2 tidak boleh menggunakan
em1 lagi, bisa dipilih em2 misalnya.

Page 16
JNCIA-Junos Bootcamp

Lo0.4:4.4.4.4/32
RE A0
DEFAULT OS PF A
ROUTE R4
4
4.0/2 Em4.24
24 .24.2 Em4.34
ISP
12.12.12.0/24 .24
Em2 34.34.34.0/24
R1 Em1.12 Em2.12 R2 Em2. 23.23
23 .23.0
/24 Em3.34
Lo0.1:1.1.1.1/32 Lo0.2:2.2.2.2/32 Em3
.23
R3
Lo0.3:3.3.3.3/32

root@R1> configure
root@olive# load factory-default
root@olive# set system host-name olive
root@olive# set system root-authentication plain-text-password
New password:
Retype new password:

root@olive# set system services telnet


root@olive# set system services ssh
root@olive# set system services ftp
root@olive# set system services web-management http interface em0
root@olive# set interfaces em0.0 family inet address 192.168.0.1/24
root@olive# set interfaces em0 description "### Management Student-1 ###"
root@olive# set interfaces em1 vlan-tagging
root@olive# set interfaces em2 vlan-tagging
root@olive# set interfaces em3 vlan-tagging
root@olive# set interfaces em4 vlan-tagging
root@olive# set interfaces em5 vlan-tagging
root@olive# commit

root@olive# top edit logical-systems R1


root@olive# set interfaces lo0.1 family inet address 1.1.1.1/32
root@olive# set interfaces em1.12 vlan-id 12
root@olive# set interfaces em1.12 family inet address 12.12.12.1/24
root@olive# commit

root@olive# top edit logical-systems R2


root@olive# set interfaces lo0.2 family inet address 2.2.2.2/32
root@olive# set interfaces em2.12 vlan-id 12
root@olive# set interfaces em2.12 family inet address 12.12.12.2/24
root@olive# set interfaces em2.23 vlan-id 23
root@olive# set interfaces em2.23 family inet address 23.23.23.2/24
root@olive# set interfaces em2.24 vlan-id 24
root@olive# set interfaces em2.24 family inet address 24.24.24.2/24
root@olive# commit

root@olive# top edit logical-systems R3


root@olive# set interfaces lo0.3 family inet address 3.3.3.3/32
root@olive# set interfaces em3.23 vlan-id 23
root@olive# set interfaces em3.23 family inet address 23.23.23.3/24
root@olive# set interfaces em3.34 vlan-id 34
root@olive# set interfaces em3.34 family inet address 34.34.34.3/24
root@olive# commit

root@olive# top edit logical-systems R4

Page 17
JNCIA-Junos Bootcamp

root@olive# set interfaces lo0.4 family inet address 4.4.4.4/32


root@olive# set interfaces em4.24 vlan-id 24
root@olive# set interfaces em4.24 family inet address 24.24.24.4/24
root@olive# set interfaces em4.34 vlan-id 34
root@olive# set interfaces em4.34 family inet address 34.34.34.4/24
root@olive# commit

root@olive# top edit system login


root@olive# set class R1 logical-system R1 permissions all
root@olive# set class R2 logical-system R2 permissions all
root@olive# set class R3 logical-system R3 permissions all
root@olive# set class R4 logical-system R4 permissions all

root@olive# set user R1 class R1 authentication plain-text-password


New password:
Retype new password:

root@olive# set user R2 class R2 authentication plain-text-password


New password:
Retype new password:

root@olive# set user R3 class R3 authentication plain-text-password


New password:
Retype new password:

root@olive# set user R4 class R4 authentication plain-text-password


New password:
Retype new password:

root@olive# top commit

Setelah anda melakukan konfigurasi diatas dengan benar, maka dari PC anda masing-
masing dapat melakukan telnet ke masing-masing Virtual Router tersebut seolah-olah
setiap Virtual Router adalah Router Fisik yang terpisah. INGAT: ketika anda sudah
masuk ke masing-masing virtual router, anda hanya boleh melakukan konfigurasi
protocol. Penggantian IP Address hanya bisa dilakukan di Main Router. Berikut cara
telnet ke R1 untuk Router Student-1.

Contoh diatas, Masuk ke R1 pada Router Student-1. Maka jika kita coba lihat interface
pada R1 adalah sbb:

R1@olive:R1> show interfaces terse


Interface Admin Link Proto Local Remote
em1
em1.12 up up inet 12.12.12.1/24

Page 18
JNCIA-Junos Bootcamp

lo0
lo0.1 up up inet 1.1.1.1 --> 0/0

R1@olive:R1>

Coba lakukan verifikasi apakan masing-masing interface yang terhubung langsung


dengan tetangganya dapat saling terhubung dengan menggunakan perintah ping.
R1@olive:R1> ping 12.12.12.2 count 5
PING 12.12.12.2 (12.12.12.2): 56 data bytes
64 bytes from 12.12.12.2: icmp_seq=0 ttl=64 time=0.721 ms
64 bytes from 12.12.12.2: icmp_seq=1 ttl=64 time=0.717 ms
64 bytes from 12.12.12.2: icmp_seq=2 ttl=64 time=0.708 ms
64 bytes from 12.12.12.2: icmp_seq=3 ttl=64 time=0.651 ms
64 bytes from 12.12.12.2: icmp_seq=4 ttl=64 time=0.905 ms

--- 12.12.12.2 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.651/0.740/0.905/0.086 ms

R1@olive:R1>

Page 19
JNCIA-Junos Bootcamp

Lab 6
Routing Fundamentals

Lab Topology
Lo0.4:4.4.4.4/32
EA 0
F AR
DEFAULT OSP
ROUTE R4
4
4.0/2 Em4.24
24 .24.2 Em4.34
ISP
12.12.12.0/24 .24
Em2 34.34.34.0/24
R1 Em1.12 Em2.12 R2 Em2. 23.23
23 .23.0
/ 24 Em3.34
Lo0.1:1.1.1.1/32 Lo0.2:2.2.2.2/32 Em3
.23
R3
Lo0.3:3.3.3.3/32

Di Lab sebelumnya, anda sudah melakukan konfigurasi awal sehingga di Lab ini anda
tinggal mengaktifkan Routing protocol pada masing-masing router sehingga dapat
berkomunikasi satu sama lain.

Scenario kali ini, R1 bertindak sebagai ISP sementara R2, R3, dan R4 adalah client
yang berjalan diatasnya routing protocol OSPF. R2 menuju ISP (R1) menggunakan
Default Route sehingga anda harus meredistribusi Routing Protocol static pada sisi ISP
ke Routing Protocol OSPF pada sisi client.

Konfigurasi Default Route (Static)


Lakukanlah konfigurasi Default Route pada R1 dan R2.
R1@olive:R1> configure
R1@olive:R1# top edit routing-options
R1@olive:R1# set static route 0.0.0.0/0 next-hop 12.12.12.2
R1@olive:R1# commit and-quit

R2@olive:R2> configure
R2@olive:R2# edit routing-options
R2@olive:R2# set static route 0.0.0.0/0 next-hop 12.12.12.1
R2@olive:R2# commit and-quit

Lakukan verifikasi dengan melakukan ping ke loopback masing-masing Router yang


bertetangga.
R1@olive:R1> ping 2.2.2.2 count 10 rapid
PING 2.2.2.2 (2.2.2.2): 56 data bytes
!!!!!!!!!!
--- 2.2.2.2 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.456/0.575/0.896/0.118 ms

R1@olive:R1>

R2@olive:R2> ping 1.1.1.1 count 10 rapid


PING 1.1.1.1 (1.1.1.1): 56 data bytes
!!!!!!!!!!

Page 20
JNCIA-Junos Bootcamp

--- 1.1.1.1 ping statistics ---


10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.262/0.295/0.505/0.071 ms

R2@olive:R2>

Konfigurasi Routing Protocol OSPF


Lakukanlah konfigurasi OSPF pada R2, R3, dan R4 dengan menggunakan Area 0
(Backbone Area)
R2@olive:R2> configure
R2@olive:R2# edit protocols ospf area 0
R2@olive:R2# set interface lo0.2
R2@olive:R2# set interface em2.24
R2@olive:R2# set interface em2.23
R2@olive:R2# commit and-quit

R3@olive:R3> configure
R3@olive:R3# edit protocols ospf area 0
R3@olive:R3# set interface lo0.3
R3@olive:R3# set interface em3.23
R3@olive:R3# set interface em3.34
R3@olive:R3# commit and-quit

R4@olive:R4> configure
R4@olive:R4# edit protocols ospf area 0
R4@olive:R4# set interface lo0.4
R4@olive:R4# set interface em4.24
R4@olive:R4# set interface em4.34
R4@olive:R4# commit and-quit

Sekarang coba anda verifikasi masing-masing router untuk memonitor apakan OSPF
sudah berhasil aktif dengan benar.
R2@olive:R2> show route protocol ospf

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

3.3.3.3/32 *[OSPF/10] 00:03:08, metric 1


> to 23.23.23.3 via em2.23
4.4.4.4/32 *[OSPF/10] 00:03:08, metric 1
> to 24.24.24.4 via em2.24
34.34.34.0/24 *[OSPF/10] 00:03:08, metric 2
to 23.23.23.3 via em2.23
> to 24.24.24.4 via em2.24
224.0.0.5/32 *[OSPF/10] 00:06:58, metric 1
MultiRecv

R2@olive:R2>

R3@olive:R3> show route protocol ospf

inet.0: 15 destinations, 19 routes (15 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[OSPF/10] 00:03:54, metric 1


> to 23.23.23.2 via em3.23
4.4.4.4/32 *[OSPF/10] 00:03:59, metric 1
> to 34.34.34.4 via em3.34
24.24.24.0/24 *[OSPF/10] 00:03:54, metric 2
> to 34.34.34.4 via em3.34

Page 21
JNCIA-Junos Bootcamp

to 23.23.23.2 via em3.23


224.0.0.5/32 *[OSPF/10] 00:05:50, metric 1
MultiRecv

R3@olive:R3>

R4@olive:R4> show route protocol ospf

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[OSPF/10] 00:04:13, metric 1


> to 24.24.24.2 via em4.24
3.3.3.3/32 *[OSPF/10] 00:04:18, metric 1
> to 34.34.34.3 via em4.34
23.23.23.0/24 *[OSPF/10] 00:04:13, metric 2
to 24.24.24.2 via em4.24
> to 34.34.34.3 via em4.34
224.0.0.5/32 *[OSPF/10] 00:05:08, metric 1
MultiRecv

R4@olive:R4>

Sekarang lakukan ping ke masing-masing loopback dalam satu area.


R2@olive:R2> ping 3.3.3.3 count 20 rapid
PING 3.3.3.3 (3.3.3.3): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 3.3.3.3 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.011/1.325/3.049/0.633 ms

R2@olive:R2> ping 4.4.4.4 count 20 rapid


PING 4.4.4.4 (4.4.4.4): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 4.4.4.4 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.465/1.186/2.038/0.473 ms

R2@olive:R2>

Konfigurasi IGP Tracing.


R2@olive:R2> configure
R2@olive:R2# edit protocols ospf
R2@olive:R2# set traceoptions file ospf-trace
R2@olive:R2# set traceoptions flag all
R2@olive:R2# commit and-quit
R2@olive:R2> show log ospf-trace

Page 22
JNCIA-Junos Bootcamp

Lab 7
Routing Policy and Firewall Filters

Lab Topology
Lo0.4:4.4.4.4/32
EA 0
F AR
DEFAULT OSP
ROUTE R4
4
4.0/2 Em4.24
24 .24.2 Em4.34
ISP
12.12.12.0/24 .24
Em2 34.34.34.0/24
R1 Em1.12 Em2.12 R2 Em2. 23.23
23 .23.0
/ 24 Em3.34
Lo0.1:1.1.1.1/32 Lo0.2:2.2.2.2/32 Em3
.23
R3
Lo0.3:3.3.3.3/32

Pada lab sebelumnya, Router Client yang menggunakan protocol OSPF masih belum
bisa berkomunikasi dengan ISP (R1) karena Routing Protocol Static masih belum
diredistribusi kedalam protocol OSPF. Pada lab 8 ini, anda akan mempelajari
bagaimana meredistribusikan Protocol Static tersebut kedalam Protocol OSPF dengan
menggunakan Routing Policy.

Redistribusi Menggunakan Routing Policy


• Anda harus tau, bahwa secara default OSPF tidak mengexport routing selain
OSPF ke dalam routing table nya.
• Redistribusi pada Router R2: Menggunakan Routing Policy untuk advertise
Static Route kedalam OSPF
• Kenapa dilakukan di R2?, karena R2 adalah Batas (Border) antara Static dan
OSPF
R2@olive:R2> configure
R2@olive:R2# edit policy-options policy-statement static-to-ospf
R2@olive:R2# set term 1 from protocol static
R2@olive:R2# set term 1 then accept

R2@olive:R2# show
term 1 {
from protocol static;
then accept;
}

R2@olive:R2# top edit protocols ospf


R2@olive:R2# set export static-to-ospf
R2@olive:R2# commit and-quit

Page 23
JNCIA-Junos Bootcamp

Sekarang, coba anda lakukan verifikasi pada masing-masing R3 dan R4 anda akan
menerima advertise (iklan route) dari R2 sebuah default route.
R3@olive:R3> show route

inet.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[OSPF/150] 00:02:03, metric 0, tag 0


> to 23.23.23.2 via em3.23
2.2.2.2/32 *[OSPF/10] 00:02:03, metric 1
> to 23.23.23.2 via em3.23
3.3.3.3/32 *[Direct/0] 03:48:32
> via lo0.3
4.4.4.4/32 *[OSPF/10] 00:02:08, metric 1
> to 34.34.34.4 via em3.34
23.23.23.0/24 *[Direct/0] 00:02:48
> via em3.23
23.23.23.3/32 *[Local/0] 00:02:48
Local via em3.23
24.24.24.0/24 *[OSPF/10] 00:02:03, metric 2
to 34.34.34.4 via em3.34
> to 23.23.23.2 via em3.23
34.34.34.0/24 *[Direct/0] 00:02:48
> via em3.34
34.34.34.3/32 *[Local/0] 00:02:48
Local via em3.34
224.0.0.5/32 *[OSPF/10] 01:10:41, metric 1
MultiRecv

R3@olive:R3>

Pada tampilan diatas terlihat routing default route sudah di redistribusi kedalam OSPF.
Sekarang anda lakukan ping dari router R3 dan R4 menuju ke Loopback Router ISP.
R3@olive:R3> ping 1.1.1.1 count 5
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=63 time=2.093 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=63 time=1.140 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=63 time=1.087 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=63 time=1.185 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=63 time=1.253 ms

--- 1.1.1.1 ping statistics ---


5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.087/1.352/2.093/0.375 ms

R3@olive:R3>

Begitu juga, seharusnya jika anda melakukan ping dari Router ISP menuju R3 dan R4
akan berhasil.
R1@olive:R1> ping 3.3.3.3 count 10 rapid
PING 3.3.3.3 (3.3.3.3): 56 data bytes
!!!!!!!!!!
--- 3.3.3.3 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.805/0.938/1.341/0.174 ms

R1@olive:R1> ping 4.4.4.4 count 10 rapid


PING 4.4.4.4 (4.4.4.4): 56 data bytes
!!!!!!!!!!

Page 24
JNCIA-Junos Bootcamp

--- 4.4.4.4 ping statistics ---


10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.802/0.939/1.531/0.223 ms

R1@olive:R1>

Konfigurasi Firewall Filter


• Pada scenario kali ini, anda diminta untuk melakukan blok ping menuju loopback
ISP dari R3 dan R4 tetapi jika dilakukan telnet masih berhasil.
• Lakukan lah filtering di Router R2, dan terapkan firewall tersebut pada interface
em2.12 out.
R2@olive:R2> configure
R2@olive:R2# edit firewall family inet filter icmp-filter
R2@olive:R2# set term 1 from destination-address 1.1.1.1
R2@olive:R2# set term 1 from protocol icmp
R2@olive:R2# set term 1 then reject
R2@olive:R2# set term 2 then accept
R2@olive:R2# top edit interfaces em2.12 family inet filter
R2@olive:R2# set output icmp-filter
R2@olive:R2# commit and-quit
R2@olive:R2>

R2@olive:R2> show configuration firewall


family inet {
filter icmp-filter {
term 1 {
from {
destination-address {
1.1.1.1/32;
}
protocol icmp;
}
then {
reject;
}
}
term 2 {
then accept;
}
}
}

R2@olive:R2>

Setelah anda melakukan konfigurasi diatas. Sekarang saatnya melakukan verifikasi.


Cobalah anda melakukan ping ke IP Loopback R1 (ISP) dari R3 dan R4 akan terlihat
Protocol ICMP di blokir namun ketikan dilakukan telnet masih bisa masuk.
R3@olive:R3> ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
36 bytes from 23.23.23.2: Communication prohibited by filter
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 3aca 0 0000 3f 01 10c4 23.23.23.3 1.1.1.1

36 bytes from 23.23.23.2: Communication prohibited by filter


Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 3acf 0 0000 3f 01 10bf 23.23.23.3 1.1.1.1

^C
--- 1.1.1.1 ping statistics ---

Page 25
JNCIA-Junos Bootcamp

2 packets transmitted, 0 packets received, 100% packet loss

R3@olive:R3> telnet 1.1.1.1


Trying 1.1.1.1...
Connected to 1.1.1.1.
Escape character is '^]'.

olive (ttyp4)

login:

Page 26
JNCIA-Junos Bootcamp

Lab 8
Challenge Lab

Lab Topology

OSPF Area 0 OSPF Area 1


RIP (NSSA)

Lo0.1:1.1.1.1/32 Lo0.2:2.2.2.2/32 Lo0.3:3.3.3.3/32 Lo0.4:4.4.4.4/32


12.12.12.0/24 23.23.23.0/24 34.34.34.0/24
R1 Em1.12 Em2.12 R2 Em2.23 Em3.23 R3 Em3.34 Em4.34 R4
Static Route:
40.40.40.1/32
40.40.40.2/32
40.40.40.3/32
40.40.40.4/32

Topologi kali ini berbeda dari sebelumnya, sehinggal protocol yang sudah anda
implementasikan dan policy firewall yang sudah di terapkan harus di hapus. Kemudian
koneksi antara R2 dan R4 boleh anda disable atau jangan di terapkan pada Routing
Protocol apapun nantinya.

R1@olive:R1# top delete routing-options static


R1@olive:R1# commit

R2@olive:R2# top delete routing-options static


R2@olive:R2# top delete protocols ospf
R2@olive:R2# top delete policy-options policy-statement static-to-ospf
R2@olive:R2# top delete interfaces em2.12 family inet filter
R2@olive:R2# top delete firewall
R2@olive:R2# set interfaces em2.24 disable
R2@olive:R2# commit

R3@olive:R3# delete protocols ospf


R3@olive:R3# commit

R4@olive:R4# delete protocols ospf


R4@olive:R4# set interfaces em4.24 disable
R4@olive:R4# commit

Konfigurasi RIP pada R1 dan R2


• Buatlah sebuah routing policy yang mengizinkan Protocol direct pada R1
(interface lo0.1 dan em1.12) dan mengizinkan Protocol RIP, karena secara
default pada junos software Protocol tersebut akan di reject
• Buatlah sebuah routing policy yang mengizinkan Protocol direct pada R2
(interface lo0.2 dan em2.12) dan mengizinkan Protocol RIP, karena secara
default pada junos software Protocol tersebut akan di reject
• Setelah membuat routing policy tersebut, kemudian lakukan export policy pada
protocol RIP.

R1@olive:R1# top edit policy-options policy-statement rip-to-rip


R1@olive:R1# set term 1 from protocol direct
R1@olive:R1# set term 1 from interface lo0.1
R1@olive:R1# set term 1 from interface em1.12

Page 27
JNCIA-Junos Bootcamp

R1@olive:R1# set term 1 then accept


R1@olive:R1# set term 2 from protocol rip
R1@olive:R1# set term 2 then accept

R1@olive:R1# top edit protocols rip


R1@olive:R1# set group 1 neighbor lo0.1
R1@olive:R1# set group 1 neighbor em1.12
R1@olive:R1# set group 1 export rip-to-rip
R1@olive:R1# commit and-quit

R2@olive:R2# edit policy-options policy-statement rip-to-rip


R2@olive:R2# set term 1 from protocol direct
R2@olive:R2# set term 1 from interface em2.12
R2@olive:R2# set term 1 then accept
R2@olive:R2# set term 2 from protocol rip
R2@olive:R2# set term 2 then accept

R2@olive:R2# top edit protocols rip


R2@olive:R2# set group 1 neighbor em2.12
R2@olive:R2# set group 1 export rip-to-rip
R2@olive:R2# commit and-quit

R2@olive:R2> show route protocol rip

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[RIP/100] 00:00:47, metric 2, tag 0


> to 12.12.12.1 via em2.12
224.0.0.9/32 *[RIP/100] 00:00:47, metric 1
MultiRecv

R2@olive:R2>

Konfigurasi OSPF area 0 pada R2 dan R3


• Aktifkan ospf area 0 pada interface lo0.2 dan em2.23 di R2
• Aktifkan ospf area 0 pada interface lo0.3 dan em3.23 di R3
R2@olive:R2# edit protocols ospf area 0
R2@olive:R2# set interface lo0.2
R2@olive:R2# set interface em2.23
R2@olive:R2# commit and-quit

R3@olive:R3# edit protocols ospf area 0


R3@olive:R3# set interface lo0.3
R3@olive:R3# set interface em3.23
R3@olive:R3# commit and-quit

R2@olive:R2> show route protocol ospf

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

3.3.3.3/32 *[OSPF/10] 00:00:31, metric 1


> to 23.23.23.3 via em2.23
224.0.0.5/32 *[OSPF/10] 00:25:54, metric 1
MultiRecv

R2@olive:R2>

Page 28
JNCIA-Junos Bootcamp

Konfigurasi OSPF area 1 NSSA pada R3 dan R4


• Aktifkan ospf area 1 NSSA pada interface em3.34 di R3
• Aktifkan ospf area 1 NSSA pada interface lo0.4 dan em4.34 di R4
R3@olive:R3# top edit protocols ospf area 1
R3@olive:R3# set nssa
R3@olive:R3# set interface em3.34
R3@olive:R3# commit and-quit

R4@olive:R4# edit protocols ospf area 1


R4@olive:R4# set nssa
R4@olive:R4# set interface lo0.4
R4@olive:R4# set interface em4.34
R4@olive:R4# commit and-quit

R4@olive:R4> show route protocol ospf

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[OSPF/10] 00:00:02, metric 2


> to 34.34.34.3 via em4.34
3.3.3.3/32 *[OSPF/10] 00:00:02, metric 1
> to 34.34.34.3 via em4.34
23.23.23.0/24 *[OSPF/10] 00:00:02, metric 2
> to 34.34.34.3 via em4.34
224.0.0.5/32 *[OSPF/10] 00:00:47, metric 1
MultiRecv

R4@olive:R4> show ospf database

OSPF database, Area 0.0.0.1


Type ID Adv Rtr Seq Age Opt Cksum Len
Router 3.3.3.3 3.3.3.3 0x80000008 20 0x20 0x72cc 36
Router *4.4.4.4 4.4.4.4 0x80000003 19 0x20 0xed30 48
Network *34.34.34.4 4.4.4.4 0x80000002 19 0x20 0x6d37 32
Summary 2.2.2.2 3.3.3.3 0x80000001 25 0x20 0xfa2f 28
Summary 3.3.3.3 3.3.3.3 0x80000001 135 0x20 0xc264 28
Summary 23.23.23.0 3.3.3.3 0x80000001 135 0x20 0x18d4 28

R4@olive:R4>

Redistribusi RIP dan OSPF Area 0 di R2


• Buat sebuah routing policy yang mengizinkan Protocol RIP masuk ke dalam
Protocol OSPF (begitu juga sebaliknya)
• Kemudian terapkan pada masing-masing routing protocol
R2@olive:R2# top edit policy-options policy-statement rip-to-ospf
R2@olive:R2# set term 1 from protocol rip
R2@olive:R2# set term 1 then accept

R2@olive:R2# top edit policy-options policy-statement ospf-to-rip


R2@olive:R2# set term 1 from protocol ospf
R2@olive:R2# set term 1 then accept

R2@olive:R2# top
R2@olive:R2# set protocols ospf export rip-to-ospf
R2@olive:R2# set protocols rip group 1 export ospf-to-rip
R2@olive:R2# commit and-quit

Page 29
JNCIA-Junos Bootcamp

Jika periksa routing table pada R3 maka loopback 1.1.1.1 terlihat di R1.
R3@olive:R3> show route

inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[OSPF/150] 00:01:05, metric 2, tag 0


> to 23.23.23.2 via em3.23
2.2.2.2/32 *[OSPF/10] 00:01:05, metric 1
> to 23.23.23.2 via em3.23
3.3.3.3/32 *[Direct/0] 07:13:20
> via lo0.3
4.4.4.4/32 *[OSPF/10] 00:01:10, metric 1
> to 34.34.34.4 via em3.34
23.23.23.0/24 *[Direct/0] 00:01:50
> via em3.23
23.23.23.3/32 *[Local/0] 00:01:50
Local via em3.23
34.34.34.0/24 *[Direct/0] 00:01:50
> via em3.34
34.34.34.3/32 *[Local/0] 00:01:50
Local via em3.34
224.0.0.5/32 *[OSPF/10] 00:16:52, metric 1
MultiRecv

R3@olive:R3>

Redistribusi Static dan OSPF Area 1 NSSA di R4


• Buat beberapa dummy static route pada R4 sesuai gambar
• Kemudian redistribusi static route tersebut ke OSPF Area 1 NSSA
R4@olive:R4> configure
R4@olive:R4# edit routing-options
R4@olive:R4# set static route 40.40.40.1/32 discard
R4@olive:R4# set static route 40.40.40.2/32 discard
R4@olive:R4# set static route 40.40.40.3/32 discard
R4@olive:R4# set static route 40.40.40.4/32 discard

R4@olive:R4# top edit policy-options policy-statement static-to-ospf


R4@olive:R4# set term 1 from protocol static
R4@olive:R4# set term 1 then accept

R4@olive:R4# top
R4@olive:R4# set protocols ospf export static-to-ospf
R4@olive:R4# commit and-quit

Lakukan verifikasi pada Router R3, akan terlihat external Route dari Static Route
R3@olive:R3> show route protocol ospf

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[OSPF/150] 00:02:06, metric 2, tag 0


> to 23.23.23.2 via em3.23
2.2.2.2/32 *[OSPF/10] 00:02:06, metric 1
> to 23.23.23.2 via em3.23
4.4.4.4/32 *[OSPF/10] 00:02:11, metric 1
> to 34.34.34.4 via em3.34
40.40.40.1/32 *[OSPF/150] 00:02:11, metric 0, tag 0
> to 34.34.34.4 via em3.34

Page 30
JNCIA-Junos Bootcamp

40.40.40.2/32 *[OSPF/150] 00:02:11, metric 0, tag 0


> to 34.34.34.4 via em3.34
40.40.40.3/32 *[OSPF/150] 00:02:11, metric 0, tag 0
> to 34.34.34.4 via em3.34
40.40.40.4/32 *[OSPF/150] 00:02:11, metric 0, tag 0
> to 34.34.34.4 via em3.34
224.0.0.5/32 *[OSPF/10] 00:26:58, metric 1
MultiRecv

R3@olive:R3> show ospf database

OSPF database, Area 0.0.0.0


Type ID Adv Rtr Seq Age Opt Cksum Len
Router 2.2.2.2 2.2.2.2 0x80000019 167 0x22 0xe080 48
Router *3.3.3.3 3.3.3.3 0x80000015 166 0x22 0xff57 48
Network *23.23.23.3 3.3.3.3 0x80000006 166 0x22 0xa824 32
Summary *4.4.4.4 3.3.3.3 0x80000001 171 0x22 0x809f 28
Summary *34.34.34.0 3.3.3.3 0x80000009 171 0x22 0x5c65 28

OSPF database, Area 0.0.0.1


Type ID Adv Rtr Seq Age Opt Cksum Len
Router *3.3.3.3 3.3.3.3 0x80000011 171 0x20 0x60d5 36
Router 4.4.4.4 4.4.4.4 0x8000000c 172 0x20 0xe131 48
Network 34.34.34.4 4.4.4.4 0x80000004 172 0x20 0x6939 32
Summary *2.2.2.2 3.3.3.3 0x80000003 166 0x20 0xf631 28
Summary *3.3.3.3 3.3.3.3 0x80000002 693 0x20 0xc065 28
Summary *23.23.23.0 3.3.3.3 0x80000004 211 0x20 0x12d7 28
NSSA 40.40.40.1 4.4.4.4 0x80000001 212 0x28 0x2be5 36
NSSA 40.40.40.2 4.4.4.4 0x80000001 212 0x28 0x21ee 36
NSSA 40.40.40.3 4.4.4.4 0x80000001 212 0x28 0x17f7 36
NSSA 40.40.40.4 4.4.4.4 0x80000001 212 0x28 0xd01 36
OSPF AS SCOPE link state database
Type ID Adv Rtr Seq Age Opt Cksum Len
Extern 1.1.1.1 2.2.2.2 0x80000002 212 0x22 0xa8fa 36
Extern *40.40.40.1 3.3.3.3 0x80000001 171 0x22 0xbf5d 36
Extern *40.40.40.2 3.3.3.3 0x80000001 171 0x22 0xb566 36
Extern *40.40.40.3 3.3.3.3 0x80000001 171 0x22 0xab6f 36
Extern *40.40.40.4 3.3.3.3 0x80000001 171 0x22 0xa178 36

R3@olive:R3>

Sekarang coba anda amati, jika anda berada di R4. Apakah anda dapat mencapai
R1????. Ini menarik, karena 1.1.1.1 tidak terlihat pada R4.
R4@olive:R4> show route protocol ospf

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[OSPF/10] 00:00:22, metric 2


> to 34.34.34.3 via em4.34
3.3.3.3/32 *[OSPF/10] 00:00:28, metric 1
> to 34.34.34.3 via em4.34
23.23.23.0/24 *[OSPF/10] 00:00:28, metric 2
> to 34.34.34.3 via em4.34
224.0.0.5/32 *[OSPF/10] 00:49:39, metric 1
MultiRecv

R4@olive:R4>

Page 31
JNCIA-Junos Bootcamp

Coba anda lakukan ping ke 1.1.1.1, harusnya tidak berhasil karena rute menuju 1.1.1.1
tersebut tidak terlihat.
R4@olive:R4> ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

R4@olive:R4>

Maka apa yang harus anda lakukan?. Yang perlu anda lakukan adalah meng-advertise
0/0 (default route) sebagai LSA type 7 kedalam area 1 pada R3.
R3@olive:R3# top edit protocols ospf
R3@olive:R3# set area 1 nssa default-lsa type-7 default-metric 10
R3@olive:R3# commit and-quit

Sekarang coba anda lakukan kembali verifikasi pada R4, maka akan terlihat route
0.0.0.0 menuju network yang tidak terlihat pada routing table.
R4@olive:R4> show route protocol ospf

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)


+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[OSPF/150] 00:01:19, metric 11, tag 0


> to 34.34.34.3 via em4.34
2.2.2.2/32 *[OSPF/10] 00:01:19, metric 2
> to 34.34.34.3 via em4.34
3.3.3.3/32 *[OSPF/10] 00:01:28, metric 1
> to 34.34.34.3 via em4.34
23.23.23.0/24 *[OSPF/10] 00:01:28, metric 2
> to 34.34.34.3 via em4.34
224.0.0.5/32 *[OSPF/10] 00:58:25, metric 1
MultiRecv

Sekarang mari kita lakukan ping kembali dari R4 menuju R1.


R4@olive:R4> ping 1.1.1.1 count 20 rapid
PING 1.1.1.1 (1.1.1.1): 56 data bytes
!!!!!!!!!!!!!!!!!!!!
--- 1.1.1.1 ping statistics ---
20 packets transmitted, 20 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.631/0.850/1.506/0.277 ms

R4@olive:R4>

Page 32

You might also like