Junos-JCNA | Day-1
Junniper Open Learning
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=11478
https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=EDU-JUN-WBT-JOL-JNCIA-JUNOS
Link LAB:
https://labs.fernanda.id/store/public/auth/login/offline?link=https%3A%2F%2Flabs.fernanda.id%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview&error=&success=
Username: user4
Pass : P@ssw0rd
---------------------------------------------------------------------------------------------------------
Basic Config
root# set system root-authentication plain-text-password
Configure ada 3
1. Configure Biasa: (bebberpa user akses ruter yg sama diwaktu yg sama, ada 1 user commit konfig, mk user yg lain bakal ikut ke commit konfigurasi kandidat nya.
2. Configure Private (masing2 user punya candidat configya masing-masing, kekuranganya tdk bisa commit confirmed
3.Configure Exclusive (cuman boleh config dan commit hanya 1 orang, harus kluar dl baru user yg lain keluar).
root@R1# run request system reboot
REPLACE (sepesifik):
root@R1# replace pattern 12.12.12.1/24 with 12.12.12.2/2
RENAME
rename interfaces ge-0/0/0.0 family inet address 12.12.12.1/24 to address 12.12.12.2/2
RESTART / SHUTDOWN
root@R2> request system power-off
root@R2> request system reboot
RESET FACTORY
root@R2> request systemzeroize
root@R2# load factory-default
fungsinya setinganya doang direset ke factory reset. cara ini masih bs rollback
ROLLBACK
root@R2# show | compare rollback ?
Possible completions:
0 2024-07-27 03:47:24 UTC by root via cli
1 2024-07-27 03:25:23 UTC by root via cli
2 2024-07-27 02:46:55 UTC by root via other
[edit]
root@R2# show | compare rollback 1
root@R2#rollback 2
--
root@R1> show system uptime
Current time: 2024-07-27 03:58:11 UTC
System booted: 2024-07-27 02:45:13 UTC (01:12:58 ago)
Protocols started: 2024-07-27 02:46:50 UTC (01:11:21 ago)
Last configured: 2024-07-27 03:54:51 UTC (00:03:20 ago) by root
3:58AM up 1:13, 1 user, load averages: 0.07, 0.13, 0.50
root@R1# set system time-zone Asia/Jakarta
CARA-1:RESET PASSWORD:
1. Power ON
2. tekan SPASI
3. boot -s
4. ketik: recovery
5. masukin Password Baru
6. commit
CARA-2: RESET PASSWORD:
1. Power ON
2. bisa CTR-C
3.Pilh No.5 (more-option)
4. Pilih no.2 (Recovery Mode -[c]LI
5. masukin Password Baru
6. commit
----------------------
LAB
https://docs.google.com/document/d/1Fqde0fgzVFJuRfLiWWmaqJhgG6l8Ghrvpo3RDB8Sino/edit?pli=1#heading=h.h4aws2l7zfk
NTP SERVER
set system time-zone Asia/Jakarta
set system ntp server 10.10.10.1
set system ntp boot-server 10.10.10.1
-----------
-----IMAGE--
UUID: da9cf959-f0ca-4194-8fdb-db609c905c39
Qemu Options: -machine type=pc,accel=kvm -serial mon:stdio -nographic
Config Script: config_vmx.py
Routing Static
root@R1# edit routing-options static
root@R1# set route 2.2.2.2/32 next-hop 12.12.12.2
atau .....>
root@R1# set routing-options static route 2.2.2.2/32 next-hop 12.12.12.2
root@R2# set routing-options static route 0.0.0.0/0 next-hop 12.12.12.1
-------------
set routing-options static route 2.2.2.2/32 next-hop 12.12.12.2 (priority, karna prefence default 5)
set routing-options static route 2.2.2.2/32 qualified-next-hop 21.21.21.2 preference 6
VERIFIKASI:
root@R1> show configuration | find "routing"
root@R1> show route protocol static
root@R1> show route terse
root@R3> show interfaces terse | match "ge|lo" | match "inet"
root@R4# show protocols ospf
-----------
SHUTDOWN INTERFACE ge-0/0/0
root@R1# set interfaces ge-0/0/0 disable
root@R1# commit
Mengaktifkan kembali UP (no shut)
root@R2# delete interfaces ge-0/0/0 disable
commit
root@R1# run ping 2.2.2.2 rapid size 1500
PING 2.2.2.2 (2.2.2.2): 1500 data bytes
!!!!!
--------OSPF--------
root@R4# show protocols ospf
area 0.0.0.0 {
interface ge-0/0/0.0;
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
}
[edit]
root@R4#
------------- cek config interface-----
root@R4# run show configuration interfaces
----PING----
root@R5> ping 7.7.7.7 record-route count 100
VERIFIKASI OSPF
root@R3# run show ospf neighbor instance all
root@R3# run show ospf statistics
-------
Cek nilai MTU
root@R3> show interfaces ge-0/0/0
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 137, SNMP ifIndex: 515
Link-level type: Ethernet, MTU: 1514, MRU: 1522, Speed: 1000mbps,
Ubah Nilai MTU
set protocols ospf area 0 interface ge-0/0/0 mtu 1514
Mengatur router DR dan BDR OSPF di Juniper
Prioriti tertinggi jadi DR (default 128) vilai mulai dari 0 - 255
Cek DR/BDR
root@R3# run show ospf interface
Interface State Area DR ID BDR ID Nbrs
ge-0/0/1.0 DR 0.0.0.0 3.3.3.3 4.4.4.4 1
ge-0/0/2.0 BDR 0.0.0.0 7.7.7.7 3.3.3.3 1
lo0.0 DRother 0.0.0.0 0.0.0.0 0.0.0.0 0
Ubah type OSPF dari broadcast to point to point
root@R3#set protocol ospf area 0 interface ge-0/0/0 interface p2p
cek OSPF Database
root@R3# run show ospf database
shutdown inetrface
root@R3# set interfaces ge-0/0/0 disable
Hidupkna interface
root@R3# delete set interfaces ge-0/0/0 disable
Cek rate bandwidth
root@R3# run show interfaces ge-0/0/0 | match rate
Input rate : 0 bps (0 pps)
Output rate : 0 bps (0 pps)
root@R3# run show interfaces ge-0/0/1 | match Speed
-CEK ARE- OSPF--
root@R3# show protocols ospf
traceoptions {
file ospf.log size 1m files 10;
flag error;
}
area 0.0.0.0 {
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
interface ge-0/0/2.0;
interface ge-0/0/0.0;
}
[edit]
root@R3# delete protocols ospf area 0.0.0.0 interface ge-0/0/0.0
[edit]
root@R3# set protocols ospf area 0.0.0.1 interface ge-0/0/0.0
[edit]
root@R3# commit
}
VERIFIKASI
root@R3# show protocols ospf
traceoptions {
file ospf.log size 1m files 10;
flag error;
}
area 0.0.0.0 {
interface ge-0/0/1.0;
interface lo0.0 {
passive;
}
interface ge-0/0/2.0;
}
area 0.0.0.1 {
interface ge-0/0/0.0;
}
SUDAH BEDA AREA
root@R1# set protocols ospf area 0.0.0.1 nssa no-summaries
root@R3# set protocols ospf area 0.0.0.1 nssa no-summaries default-lsa default-metric 10
cek spesifikasi bandwidth port
show chassis hardwar detail
-----IS-IS-------
Leve1 1 (area non backbone)
Level 2 (area backbone)
dulu = OSI Model & TCP / IP
OSI Layer vs TCP/IP Layer
Sekarang TCP/IP Layer
level 1, hanya bisa 1 area, level 2 bisa beda area.
anatar area yg berbeda harus level2,
fungsi are: buat bikin
NIlai IS-IS priority mulai dari 0 s/d 127 (default 64)
IS-IS OSPF
IIH (IS-IS Hello) Mirip OSPF Hello
CSNP (Complete Squence NUmber PDU) Mirip OSPF DBD
PSNP (Partial Squence NUmber PDU) Mirip OSPF LSUpdate
DIS (Designedet Intermediated System Router) | DR(Designedet Router)
------BACKUP CONFIG junos ---------------
root@R7#set system archival configuration transfer-interval 1440
root@R7#set system archival configuration archive-sites sftp://admin@192.168.31.254/Backup_Juniper password [password server]
show system archival
---------------------------day-2-----------
R3
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set interfaces ge-0/0/1 unit 0 family inet address 34.34.34.3/24
set interfaces ge-0/0/2 unit 0 family inet address 37.37.37.3/24
R4
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set interfaces ge-0/0/0 unit 0 family inet address 34.34.34.4/24
set interfaces ge-0/0/1 unit 0 family inet address 45.45.45.4/24
R5
set interfaces lo0 unit 0 family inet address 5.5.5.5/32
set interfaces ge-0/0/0 unit 0 family inet address 45.45.45.5/24
R7
set interfaces lo0 unit 0 family inet address 7.7.7.7/32
set interfaces ge-0/0/1 unit 0 family inet address 37.37.37.7/24
----------------------------OSPF--------
R3
set routing-options router-id 3.3.3.3
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
R4
set routing-options router-id 4.4.4.4
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
!
R5
set routing-options router-id 5.5.5.5
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0
!
R7
set routing-options router-id 7.7.7.7
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
!
------
root@R3# set protocols ospf traceoptions file ospf.log size 1m files 10
root@R3# set protocols ospf traceoptions flag error
root@R3# run show log ospf.log
-------------------------
run show interface ge-0/0/0
set protocol ospf area 0 interface ge-0/0/0 interface p2p
run show ospf statistic
run show ospf neig
delete interface ge-0/0/4 disable
================ is-is =======================
R5
set interfaces ge-0/0/1 unit 0 family inet address 56.56.56.5/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 0 family iso address 49.0001.0050.0050.5005.00
R6
set interfaces ge-0/0/0.0 family inet address 56.56.56.6/24
set interfaces ge-0/0/0.0 family iso
set interfaces ge-0/0/1.0 family inet address 67.67.67.6/24
set interfaces ge-0/0/1.0 family iso
set interfaces lo0.0 family inet address 6.6.6.6/32
set interfaces lo0 unit 0 family iso address 49.0001.0060.0600.6006.00
R7
set interfaces ge-0/0/0.0 family inet address 67.67.67.7/24
set interfaces ge-0/0/0.0 family iso
set interfaces lo0 unit 0 family iso address 49.0002.0070.0700.7007.00
-----
R5
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
R6
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
R7
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface lo0.0 level 1 disable
VERIFIKASI:
root@R5# run show route protocol isis
root@R7# run show isis route
root@R7> show isis database detail
--------------------
----------LOG-------
root@R7# set protocols isis traceoptions file isis.log size 5m files 10
root@R7# set protocols isis traceoptions flag error
root@R7# commit
root@R7# run show log isis.log
----------LANUUT-----
R7
set interfaces ge-0/0/2.0 family inet address 78.78.78.7/24
set interfaces ge-0/0/2.0 family iso
set protocols isis interface ge-0/0/2.0 level 2 disable
R8
set interfaces ge-0/0/0.0 family inet address 78.78.78.8/24
set interfaces ge-0/0/0.0 family iso
set interfaces lo0.0 family inet address 8.8.8.8/32
set interfaces lo0.0 family iso address 49.0002.0080.0800.8008.00
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface lo0.0 passive
set protocols isis interface lo0.0 level 2 disable
VER
root@R7# run show isis adjacency
root@r8# run ping 5.5.5.5
Kode Area ISIS
Example: set interfaces lo0 unit 0 family iso address 49.0002.0070.0700.7007.00
49 = Kode AFI (klo bs disamaan smua router
0002= Kode area (mirip seperti OSPF)
0070.0700.7007 = System ID
00 = Shellector ID
VERIFIKASI:
root@R5# run show route protocol isis
root@R7# run show isis route
root@R7> show isis database detail
----------LOG-------
root@R7# set protocols isis traceoptions file isis.log size 5m files 10
root@R7# set protocols isis traceoptions flag error
root@R7# commit
root@R7# run show log isis.log
------ Routing Policy--------
import : routingan masuk
export : routing keluar
Default Policy
OSPF:
export = Only expor to OSPF
Import = Accept All
ISIS:
export = Only expor to OSPF
Import = Accept All
---------------
#sho policy-options
--------ROUTUNG POLICY / redistribute-----------
R5
--MEMBOCORIN OSPF KE ISIS
set protocols isis export REDISTRIBUTE-OSPF
set policy-options policy-statement REDISTRIBUTE-OSPF term 1 from protocol ospf
set policy-options policy-statement REDISTRIBUTE-OSPF term 1 then accept
set policy-options policy-statement REDISTRIBUTE-OSPF term 2 from protocol direct
set policy-options policy-statement REDISTRIBUTE-OSPF term 2 then accept
VERIRFIKASI
root@R5# show | display set | match REDISTRIBUTE-OSPF
R5
--MEMBOCORIN ISIS KE OSPF--
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 1 from protocol isis
set policy-options policy-statement REDISTRIBUTE-ISIS term 1 then accept
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 from protocol direct
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 then accept
VERIRFIKASI
root@R5# show | display set | match REDISTRIBUTE-ISIS
root@R5# show policy-options
--ROUTING-POLCIY---
192.168.0.0/16 orlonger artinya: semua segment mulai dari 192.168.0.0/16 s/d 192.168.255.254/32
192.168.0.0/16 prefix-length-range /24-/30 artinya: yg kena itu 192.168.0.0/24 sampe 192.168.0.254/32
0.0.0.0/0 prefix-length-range /21-/24 : artinya : IP berpapun yg prefci /24-/26 akam kena impact.
6.6.6.6/32 exact (percis untuk IP ini)
longer= lebih
orlonger=samadengan atau lebih dari
set
EXAMPLE CONFIG:
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 2 from router-filter 6.6.6.6/32 exact
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 67.67.67.0/24 orlonger
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 192.168.0.0/16 prefix-length-range /24-/30set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 0.0.0./0 prefix-length-range /21-/24
policy-options policy-statement REDISTRIBUTE-ISIS term 3 from router-filter 10.0.0./8 prefix-length-range /24-/26
--NEXT---APPLY---
set protocols ospf export REDISTRIBUTE-ISIS
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 from protocol isis
set policy-options policy-statement REDISTRIBUTE-ISIS term 3 then accept
REDISTRIBUTI STATIC TO OSPF
set protocols ospf export REDIST-STATIC
set policy-options policy-statement REDIST-STATIC term STATIC from protocol static
set policy-options policy-statement REDIST-STATIC term STATIC then accept
Posting Komentar untuk "Junos-JCNA | Day-1"