Juniper | Junos-JCNA Day-1
Junniper Open Learning
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=EDU-JUN-WBT-JOL-JNCIA-JUNOS
Link LAB:
https://labs.fernanda.id/store/public/auth/login/offline?link=https%3A%2F%2Flabs.fernanda.id%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview&error=&success=
Username: user4
Pass : P@ssw0rd
----------------------------------------------------------------------------------------------------------------------
1.Unix Mode (tidak bisa lakukan akses konfigurasi router)
root@% ls
root@% pwd
root@% cd /
root@% cd /root/
2.Operational Mode (bs melakukan monitoring, ntuk melihat konfigurasi coomand
apa sj yg kt lakukan, i.e ping, )
Untuk masuk confogurasi operation mode gunakan cli
root@%cli
root>show interface ters
root>show
root>show
3.Configuration Mode / Edit Mode (bs melakukan untuk melakukan konfigurasi di Juniper )
root> configure
root# set system root-authentication plain-text-password
---------
1. Configure Biasa: (bebberpa user akses ruter yg sama diwaktu yg sama, ada 1 user commit konfig, mk user yg lain bakal ikut ke commit konfigurasi kandidat nya.
2. Configure Private (masing2 user punya candidat configya masing-masing, kekuranganya tdk bisa commit confirmed
3.Configure Exclusive (hanya boleh config dan commit hanya 1 user/orang, harus kluar dl baru user yg lain bisa config).
root@R1# run request system reboot
REPLACE (sepesifik):
root@R1# replace pattern 12.12.12.1/24 with 12.12.12.2/2
RENAME
rename interfaces ge-0/0/0.0 family inet address 12.12.12.1/24 to address 12.12.12.2/2
RESTART / SHUTDOWN
root@R2> request system power-off
root@R2> request system reboot
RESET FACTORY
root@R2> request system zeroize
root@R2# load factory-default
fungsinya setinganya doang direset ke factory reset. cara ini masih bs rollback
root@R2# show | compare rollback ?
Possible completions:
0 2024-07-27 03:47:24 UTC by root via cli
1 2024-07-27 03:25:23 UTC by root via cli
2 2024-07-27 02:46:55 UTC by root via other
[edit]
root@R2# show | compare rollback 1
root@R2# rollback 2
root@R1> show system uptime
Current time: 2024-07-27 03:58:11 UTC
System booted: 2024-07-27 02:45:13 UTC (01:12:58 ago)
Protocols started: 2024-07-27 02:46:50 UTC (01:11:21 ago)
Last configured: 2024-07-27 03:54:51 UTC (00:03:20 ago) by root
3:58AM up 1:13, 1 user, load averages: 0.07, 0.13, 0.50
root@R1# set system time-zone Asia/Jakarta
CARA-1:RESET PASSWORD:
1. Power ON
2. tekan SPASI
3. boot -s
4. ketik: recovery
5. masukin Password Baru
6. commit
CARA-2: RESET PASSWORD:
1. Power ON
2. bisa CTR-C
3.Pilh No.5 (more-option)
4. Pilih no.2 (Recovery Mode -[c]LI
5. masukin Password Baru
6. commit
----------------------
LAB
s.id/jncia-study-guide
https://docs.google.com/document/d/1Fqde0fgzVFJuRfLiWWmaqJhgG6l8Ghrvpo3RDB8Sino/edit?pli=1#heading=h.h4aws2l7zfk
FTP
root@R-1# set system services ftp
[edit]
root@R-1# commit
NTP SERVER
set system time-zone Asia/Jakarta
set system ntp server 10.10.10.1
set system ntp boot-server 10.10.10.1
TELNET
root@R-01# set system services telnet
root@R-01# run telnet 1.1.1.1
Set Passwprd:
root> configure
Entering configuration mode
The configuration has been changed but not committed
[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:
root@R1-Juniper-01# set system login user aguna class super-user
root@R1-Juniper-01# set system login user aguna authentication plain-text-password
New password:
Retype new password:
root@R1-Juniper-01# commit
commit complete
---------------IMAGE-------------------
UUID: da9cf959-f0ca-4194-8fdb-db609c905c39
Qemu Options: -machine type=pc,accel=kvm -serial mon:stdio -nographic
Config Script: config_vmx.py
VERIFIKASI CONFIGURATION (USER)
root@R-01# run show configuration system login | display set
RENAME
Misalnya username aguna3 diganti aguna 4
aguna@R-Juniper-01# edit system login
aguna@R-Juniper-01# rename user aguna3 to user aguna4
VERIFIKASI TEST SSH
aguna@R-Juniper-01# run ssh aguna4@172.16.1.1
Rename Username ( REPLACE)
aguna@R-Juniper-01# edit
system log
aguna@R-Juniper-01# replace pattern aguna2 with aguna22
root@R1# set route 2.2.2.2/32 next-hop 12.12.12.2
root@R2# set routing-options static route 0.0.0.0/0 next-hop 12.12.12.1
set routing-options static route 2.2.2.2/32 qualified-next-hop 21.21.21.2 preference 6
root@R1> show route protocol static
root@R1> show route terse
root@R3> show interfaces terse | match "ge|lo" | match "inet"
root@R4# show protocols ospf
SHUTDOWN INTERFACE ge-0/0/0
root@R1# set interfaces ge-0/0/0 disable
root@R1# commit
root@R2# delete interfaces ge-0/0/0 disable
commit
PING 2.2.2.2 (2.2.2.2): 1500 data bytes
!!!!!
------
set interfaces ge-0/0/0 unit 0 family inet address 192.168.2.254/24
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/30
root@R4# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
}
[edit]
R-02# run show interfaces terse | except down | match ge-0
R-02# run show configuration | no-more
R-02# run show configuration | display set | no-more
R-02# show | display set
R-02> show configuration interfaces ge-0/0/0
R-02> show configuration interfaces ge-0/0/0 | display set
R-02> show configuration protocols bgp | display set
R-02> show configuration | display set
Sebelumnya IP add nya sudah diconfig, ternyata salah, kita mau IP ini di edit. Sebelum di edit, kita Verifikasi dulu.
VERIFIKASI:
R-02# run show configuration interfaces ge-0/0/1 | display set
set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.254/24
Kemudian, kita lakukan edit
R-02# edit interfaces ge-0/0/1
R-02# insert unit 0 family inet address 192.168.2.254/24
[edit interfaces ge-0/0/1]
aguna@R-Juniper-02 commit
commit complete
insert interfaces ge-0/0/1 unit 0 family inet address 192.168.3.254/24 before address 192.168.2.254/24
Kemudian Edit IP
Misalnya IP sebelumnya 192.168.22.254/24, diganti ke IP 192.168.2.254/24
root@R-02# edit address 192.168.22.254/24
commit
Lalu verifikasi ada 2 IP, ynagn satunya dihapus.
Hapus IP interface
root@R-02# delete interfaces ge-0/0/1 unit 0 family inet address 192.168.2.254/24
root@R-02# commit
--------------------
Backup & Restore Configurasi
Backup
aguna@R-Juniper-01# save config-17-07-2024
Wrote 34 lines of configuration to 'config-17-07-2024'
aguna@R-Juniper-01# run file list
/var/home/aguna/:
.ssh/
config-17-07-2024
----------------------------
Restore
aguna@R-Juniper-01# load override config-17-07-2024
aguna@R-Juniper-01# commit
aguna@R-Juniper-01# load merge config-17-07-2024
VERIFIKASI OSPF
root@R3# run show ospf neighbor instance all
root@R3# run show ospf statistics
Cek nilai MTU
root@R3> show interfaces ge-0/0/0
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 137, SNMP ifIndex: 515
Link-level type: Ethernet, MTU: 1514, MRU: 1522, Speed: 1000mbps,
Ubah Nilai MTU
set protocols ospf area 0 interface ge-0/0/0 mtu 1514
Mengatur router DR dan BDR OSPF di Juniper
Prioriti tertinggi jadi DR (default 128) vilai mulai dari 0 - 255
Cek DR/BDR
root@R3# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 DR 0.0.0.0 3.3.3.3 4.4.4.4 1
ge-0/0/2.0 BDR 0.0.0.0 7.7.7.7 3.3.3.3 1
lo0.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0
Ubah type OSPF dari broadcast to point to point
root@R3#set protocol ospf area 0 interface ge-0/0/0 interface p2p
cek OSPF Database
root@R3# run show ospf database
shutdown inetrface
root@R3# set interfaces ge-0/0/0 disable
Hidupkna interface
root@R3# delete set interfaces ge-0/0/0 disable
Cek rate bandwidth
root@R3# run show interfaces ge-0/0/0 | match rate
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
root@R3# run show interfaces ge-0/0/1 | match Speed
-CEK ARE- OSPF--
root@R3# show protocols ospf
traceoptions {
file ospf.log size 1m files 10;
flag error;
}
area 0.0.0.0 {
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
interface ge-0/0/2.0;
interface ge-0/0/0.0;
}
[edit]
root@R3# delete protocols ospf area 0.0.0.0 interface ge-0/0/0.0
[edit]
root@R3# set protocols ospf area 0.0.0.1 interface ge-0/0/0.0
[edit]
root@R3# commit
}
VERIFIKASI
root@R3# show protocols ospf
traceoptions {
file ospf.log size 1m files 10;
flag error;
}
area 0.0.0.0 {
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
interface ge-0/0/2.0;
}
area 0.0.0.1 {
interface ge-0/0/0.0;
}
SUDAH BEDA AREA
root@R1# set protocols ospf area 0.0.0.1 nssa no-summaries
root@R3# set protocols ospf area 0.0.0.1 nssa no-summaries default-lsa default-metric 10
cek spesifikasi bandwidth port
show chassis hardwar detail
-----IS-IS-------
Leve1 1 (area non backbone)
Level 2 (area backbone)
dulu = OSI Model & TCP / IP
OSI Layer vs TCP/IP Layer
Sekarang TCP/IP Layer
level 1, hanya bisa 1 area, level 2 bisa beda area.
anatar area yg berbeda harus level2,
fungsi are: buat bikin
NIlai IS-IS priority mulai dari 0 s/d 127 (default 64)
IS-IS OSPF
IIH (IS-IS Hello) Mirip OSPF Hello
CSNP (Complete Squence NUmber PDU) Mirip OSPF DBD
PSNP (Partial Squence NUmber PDU) Mirip OSPF LSUpdate
DIS (Designedet Intermediated System Router) | DR(Designedet Router)
------BACKUP CONFIG junos ---------------
root@R7#set system archival configuration transfer-interval 1440
root@R7#set system archival configuration archive-sites sftp://admin@192.168.31.254/Backup_Juniper password [password server]
show system archival
---------------------------day-2-----------
R3
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set interfaces ge-0/0/1 unit 0 family inet address 34.34.34.3/24
set interfaces ge-0/0/2 unit 0 family inet address 37.37.37.3/24
R4
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set interfaces ge-0/0/0 unit 0 family inet address 34.34.34.4/24
set interfaces ge-0/0/1 unit 0 family inet address 45.45.45.4/24
R5
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces ge-0/0/0 unit 0 family inet address 45.45.45.5/24
R7
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces ge-0/0/1 unit 0 family inet address 37.37.37.7/24
----------------------------OSPF--------
R3
set routing-options router-id 3.3.3.3
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
R4
set routing-options router-id 4.4.4.4
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
!
R5
set routing-options router-id 5.5.5.5
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
!
R7
set routing-options router-id 7.7.7.7
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
!
------
root@R3# set protocols ospf traceoptions file ospf.log size 1m files 10
root@R3# set protocols ospf traceoptions flag error
root@R3# run show log ospf.log
-------------------------
run show interface ge-0/0/0
set protocol ospf area 0 interface ge-0/0/0 interface p2p
run show ospf statistic
run show ospf neig
delete interface ge-0/0/4 disable
================ is-is =======================
R5
set interfaces ge-0/0/1 unit 0 family inet address 56.56.56.5/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 0 family iso address 49.0001.0050.0050.5005.00
R6
set interfaces ge-0/0/0.0 family inet address 56.56.56.6/24
set interfaces ge-0/0/0.0 family iso
set interfaces ge-0/0/1.0 family inet address 67.67.67.6/24
set interfaces ge-0/0/1.0 family iso
set interfaces lo0.0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0001.0060.0600.6006.00
R7
set interfaces ge-0/0/0.0 family inet address 67.67.67.7/24
set interfaces ge-0/0/0.0 family iso
set interfaces lo0 unit 0 family iso address 49.0002.0070.0700.7007.00
-----
R5
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
R6
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
R7
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
VERIFIKASI:
root@R5# run show route protocol isis
root@R7# run show isis route
root@R7> show isis database detail
--------------------
----------LOG-------
root@R7# set protocols isis traceoptions file isis.log size 5m files 10
root@R7# set protocols isis traceoptions flag error
root@R7# commit
root@R7# run show log isis.log
----------LANUUT-----
R7
set interfaces ge-0/0/2.0 family inet address 78.78.78.7/24
set interfaces ge-0/0/2.0 family iso
set protocols isis interface ge-0/0/2.0 level 2 disable
R8
set interfaces ge-0/0/0.0 family inet address 78.78.78.8/24
set interfaces ge-0/0/0.0 family iso
set interfaces lo0.0 family inet address 8.8.8.8/32
set interfaces lo0.0 family iso address 49.0002.0080.0800.8008.00
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface lo0.0 passive
set protocols isis interface lo0.0 level 2 disable
VER
root@R7# run show isis adjacency
root@r8# run ping 5.5.5.5
Kode Area ISIS
Example: set interfaces lo0 unit 0 family iso address 49.0002.0070.0700.7007.00
49 = Kode AFI (klo bs disamaan smua router
0002= Kode area (mirip seperti OSPF)
0070.0700.7007 = System ID
00 = Shellector ID
VERIFIKASI:
root@R5# run show route protocol isis
root@R7# run show isis route
root@R7> show isis database detail
----------LOG-------
root@R7# set protocols isis traceoptions file isis.log size 5m files 10
root@R7# set protocols isis traceoptions flag error
root@R7# commit
root@R7# run show log isis.log
------ Routing Policy--------
import : routingan masuk
export : routing keluar
Default Policy
OSPF:
export = Only expor to OSPF
Import = Accept All
ISIS:
export = Only expor to OSPF
Import = Accept All
---------------
#sho policy-options
--------ROUTUNG POLICY / redistribute-----------
R5
--MEMBOCORIN OSPF KE ISIS
set protocols isis export REDISTRIBUTE-OSPF
set policy-options policy-statement REDISTRIBUTE-OSPF term 1 from protocol ospf
set policy-options policy-statement REDISTRIBUTE-OSPF term 1 then accept
set policy-options policy-statement REDISTRIBUTE-OSPF term 2 from protocol direct
set policy-options policy-statement REDISTRIBUTE-OSPF term 2 then accept
VERIRFIKASI
root@R5# show | display set | match REDISTRIBUTE-OSPF
R5
--MEMBOCORIN ISIS KE OSPF--
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 1 from protocol isis
set policy-options policy-statement REDISTRIBUTE-ISIS term 1 then accept
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 from protocol direct
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 then accept
VERIRFIKASI
root@R5# show | display set | match REDISTRIBUTE-ISIS
root@R5# show policy-options
--ROUTING-POLCIY---
192.168.0.0/16 orlonger artinya: semua segment mulai dari 192.168.0.0/16 s/d 192.168.255.254/32
192.168.0.0/16 prefix-length-range /24-/30 artinya: yg kena itu 192.168.0.0/24 sampe 192.168.0.254/32
0.0.0.0/0 prefix-length-range /21-/24 : artinya : IP berpapun yg prefci /24-/26 akam kena impact.
6.6.6.6/32 exact (percis untuk IP ini)
longer= lebih
orlonger=samadengan atau lebih dari
set
EXAMPLE CONFIG:
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 from router-filter 6.6.6.6/32 exact
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 67.67.67.0/24 orlonger
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 192.168.0.0/16 prefix-length-range /24-/30set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 0.0.0./0 prefix-length-range /21-/24
policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 10.0.0./8 prefix-length-range /24-/26
--NEXT---APPLY---
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from protocol isis
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 then accept
REDISTRIBUTI STATIC TO OSPF
set protocols ospf export REDIST-STATIC
set policy-options policy-statement REDIST-STATIC term STATIC from protocol static
set policy-options policy-statement REDIST-STATIC term STATIC then accept
Posting Komentar untuk "Juniper | Junos-JCNA Day-1"