Disable / Enable Interface Pada Juniper

To disable interface:
root@Juniper# set interfaces ge-0/0/1.0 disable  << This is cisco equivalent of “shutdown”

To enable interface:
root@Juniper# delete interfaces ge-0/0/1.0 disable  << This is cisco equivalent of “no shutdown”

Verification:
root@Juniper# run show interfaces ge-0/0/1.0 terse

 

Untuk meyakinkan config nya setelah disable lakukan commit, dan juga setelah delete disable lakukan commit kembali.

Advertisements

Juniper vs Cisco Commands

Cisco Command Juniper Command Co-Ordinating Definition
show run sh configuration Show running configuration
sh ver sh ver Show version
show ip interface brief show interface terse displays the status of interfaces configured for IP
show interface [intfc] show interfaces [intfc] detail displays the interface configuration, status and statistics.
show controller intfc show interfaces intfc extensive displays information about a physical port device
show interface | incl (proto|Desc) show interfaces description displays the interface configuration, status and statistics
show ip route show route displays summary information about entries in the routing table
show ip bgp summary show bgp summary displays the status of all Border Gateway Protocol (BGP) connections
show ip bgp net mask show route protocol bgp prefix will show you how that route is being advertised, look for the first line
show ip bgp net mask longer-prefixes show route range prefix will show you how that route is being advertised, look for the first line
show ip bgp regexp AS-regexp show route aspath-regexp “AS-regexp” displays routes matching the autonomous system (AS) path regular expression
show ip bgp neighbors neigh received-routes show route receive-protocol bgp neigh

show route source-gateway neigh protocol bgp

Shows whether a neighbor supports the route refresh capability
show ip bgp neighbor neigh advertised-routes show route advertising-protocol bgp neigh Shows whether a neighbor supports the route refresh capability
show clns neighbors show isis adjacency displays both ES and IS neighbors
show clns interface show isis interface shows specific information about each interface
show ip route isis show isis routes displays the current state of the the routing table
show isis topology show isis spf displays a list of all connected routers in all areas
show ip ospf interface show ospf neighbor shows neighbor ID, Priority, IP, & State if the neighbor router, dead time.
show ip ospf interface show ospf interface shows neighbor id, pri, state, dead time, address and interface
show ip route ospf show ospf route display the current state of the routing table
show ip ospf database show ospf database display list of information related to the OSPF database for a specific communication server
show version show version, show system uptime display the system hardware config., software version, and name and source of configuration files and boot images
show diags show chasis hardware displays power-on diagnostics status
show processes cpu show system process displays utilization statistics
show tech-support request support info displays the current software image, configuration, controllers, counters, stacks, interfaces, memory and buffers
show logging show log messages display the state of logging to the syslog
show route-map name show policy name displayall route-maps configured or only the one specified
show ip prefix-list name show policy name display information about a prefix list or prefix list entries
show ip community-list list configure,
show policy-options community name
display routes that are permitted by BGP community list
show environment all show chassis  environment displays temperature and voltage information on the console
ping dest ping dest rapid (for cisco like output)
ping dest (for unix like output)
to check to see if a destination is alive
ping (setting source int) ping dest bypass-routing to check to see if a destination is alive
terminal monitor monitor start messages Change console terminal settings
terminal no monitor monitor stop Change console terminal settings
terminal length 0 set cli screen-length 0 sets the length for displaying command output

Sumber

MTU & Tipe Encapsulation Pada Juniper

MTU in Juniper for MX Series Routers

Interface Type Default Media MTU (Bytes) Maximum MTU (Bytes) Default IP Protocol MTU (Bytes)
Gigabit Ethernet 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)
10-Gigabit Ethernet 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)
Multi-Rate Ethernet 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)
Tri-Rate Ethernet 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)
Channelized SONET/SDH OC3/STM1 (Multi-Rate) 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)
DS3/E3 (Multi-Rate) 1514 9192 1500 (IPv4), 1488 (MPLS), 1497 (ISO)

MTU in Juniper for ACX Series Routers

Interface Type Default Media MTU (Bytes) Maximum MTU (Bytes) Default IP Protocol MTU (Bytes)
Gigabit Ethernet 1514 9192 1500 (IPv4), 1497 (ISO)
10-Gigabit Ethernet 1514 9192 1500 (IPv4), 1497 (ISO)

Encapsulation Overhead by Encapsulation Type

Interface Encapsulation Encapsulation Overhead (Bytes)
802.1Q/Ethernet 802.3 21
802.1Q/Ethernet Subnetwork Access Protocol (SNAP) 26
802.1Q/Ethernet version 2 18
ATM Cell Relay 4
ATM permanent virtual connection (PVC) 12
Cisco HDLC 4
Ethernet 802.3 17
Ethernet circuit cross-connect (CCC) and virtual private LAN service (VPLS) 4
Ethernet over ATM 32
Ethernet SNAP 22
Ethernet translational cross-connect (TCC) 18
Ethernet version 2 14
Extended virtual local area network (VLAN) CCC and VPLS 4
Extended VLAN TCC 22
Frame Relay 4
PPP 4
VLAN CCC 4
VLAN VPLS 4
VLAN TCC 22

Basic Config Router Juniper

Konfigurasi System Name
set system host-name [NAMA ROUTER]

Mengaktifkan Telnet
set system services telnet

Untuk konfigurasi banyaknya session telnet yang digunakan dan lamanya idle-timeout session telnet, gunakan command berikut :

[edit system services]
telnet {connection-limit limit;
rate-limit limit;}

  • connection-limit limit— Jumlah maksimal simultan koneksi (1 sampai 250). Standarnya adalah 75.
  • rate-limit limit— Jumlah maksimal koneksi per menit (1 sampai 250). Standarnya adalah 150.

Mengaktifkan SSH
root#  set system services ssh root-login deny
root#  set system services ssh rate-limit 10

Konfigurasi NTP
Konfigurasi node yang berperan sebagai NTP server didalam network :
set system ntp boot-server 192.14.4.2
set system ntp server 192.14.4.2 prefer
set system ntp server 192.14.4.23
set system ntp source-address [IP LOOPBACK]

Verifikasi status NTP server yang digunakan dengan menggunakan command :
show ntp associations

Konfigurasi Interface
set interfaces [port] speed 100m
set interfaces [port] link-mode full-duplex

Konfigurasi System (loopback) Address
set interfaces lo0 unit 0 family inet address [IP LOOPBACK]

Konfigurasi IP Address di Interface
set interfaces [port] description “LINK To NPE-01”
set interfaces [port]unit [vlan]
set interfaces [port]unit [vlan] family inet address 192.25.6.246/30

Interface Tagging
set interfaces [port] description “[deskripsi]”
set interfaces [port] flexible-vlan-tagging
set interfaces [port] mtu 2020
set interfaces [port] encapsulation flexible-ethernet-services

Interface Port Acces
set interfaces [port] unit [VLAN]
set interfaces [port] unit [VLAN] description “[deskripsi]”
set interfaces [port] unit [VLAN] vlan-id [VLAN]

Konfigurasi OSPF Area
set protocols ospf traffic-engineering
set protocols ospf reference-bandwidth 10g
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 hello-interval 5
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 dead-interval 15
set protocols ospf area 0.0.0.0 interface xe-0/0/0.0 authentication md5 1 key “PASSWORD”

Konfigurasi Prefix list
set policy-options prefix-list [PREFIX NAME] 192.14.3.0/24

Konfigurasi Limitasi Bandwidth
set firewall family ccc filter 1MBPS interface-specific
set firewall family ccc filter 1MBPS term 1 then policer 1M
set firewall family ccc filter 1MBPS term 1 then accept
set firewall policer 1M if-exceeding bandwidth-limit 1024000
set firewall policer 1M if-exceeding burst-size-limit 20120
set firewall policer 1M then discard

Router BGP OpenIXP (NiCE) DOWN

Sekitar pukul 20:42 hari Jumat 12 Januari 2018, dapat broadcast bahwa router BGP OpenIXP di Gedung Cyber (Cisco 7609) terjadi pemutusan jaringan dikarenakan adanya penambahan konfigurasi filtering untuk port 5678 yang merupakan port untuk Mikrotik Network Discovery Protocol (MNDP), mungkin saking banyaknya user yang pakai perangkat mikorik untuk terhubung ke Router NiCE ini dan lupa ataupun sengaja mengaktifkan fitur ip neighbors (MNDP) ini sehingga menyebabkan kenaikan load cpu yang cukup significant. 

MNDP ini memungkinkan untuk mencari perangkat lawan yang sama-sama support MNDP atau CDP (Cisco Discovery Protocol) ataupun LLDP di L2 broadcast domain.

Broadcast info tersebut diakhiri dengan pesan berikut :

Mohon untuk disampaikan ke rekan-rekan yang menggunakan mikrotik untuk men disable Network Discovey Protocol dan menonaktifkan aplikasi “The DUDE” pada jaringannya masing-masing

MikroTik Neighbour Discovery Protocol Setup

Submenu level : /ip neighbor discovery

Property Description

name (read-onlyname)- interface name for reference
discover (yes | no; default: yes) – defines if discover is enabled or disabled

Example

To disable MNDP protocol on Public interface:

[admin@MikroTik] ip neighbor discovery> set Public discover=no
[admin@MikroTik] ip neighbor discovery> print
  # NAME      DISCOVER
  0 Public    no
  1 Local     yes

Listing the Discovered Neighbours

Submenu level : /ip neighbor

Property Description

interface (read-onlyname) – local interface the neighbor is connected to
address (read-onlyaddress) – IP address of the neighbor router
mac-address (read-onlymac-address) – MAC-address of the neighbor router
identity (read-onlystring) – identity of the neighbour router
version (read-onlystring) – router version of the neighbour router
unpack (read-only: none | simple | compress-headers | compress-all) – identifies if the interface of the neighbour router is unpacking ‘Packed Packets’

Example

To view the table of discovered neighbours:

[admin@MikroTik] ip neighbor> print
  # INTERFACE ADDRESS         MAC-ADDRESS       IDENTITY   VERSION
  0 eth100... 10.5.2.100      00:04:EA:C6:0E:6F HP_10.5... Revisio...
  1 jevg_v... 10.5.1.1        00:40:96:58:20:14 0040965... Cisco 3...
  2 local_... 10.5.5.50       00:40:63:C1:23:C4 10.5.7.1   2.7rc4
  3 local_... 10.5.5.51       00:E0:C5:6E:23:25 GW_10.5... 2.7rc4
[admin@MikroTik] ip neighbor> print detail
  0 interface=eth100-temp address=10.5.2.100 mac-address=00:04:EA:C6:0E:6F
    identity="HP_10.5.2.100 Basement(0004ea-c60e40)" platform="HP 2524"
    version="Revision F.02.11 /sw/code/build/info(f00)" unpack=none age=12s

  1 interface=jevg_vlan2 address=10.5.1.1 mac-address=00:40:96:58:20:14
    identity="004096582014platform="AIR-BR350"
    version="Cisco 350 Series Bridge 11.21" unpack=none age=34s

  2 interface=local_vlan5 address=10.5.5.50 mac-address=00:40:63:C1:23:C4
    identity="10.5.7.1" platform="MikroTik" version="2.7rc4" unpack=none
    age=48s

  3 interface=local_vlan5 address=10.5.5.51 mac-address=00:E0:C5:6E:23:25
    identity="GW_10.5.51.1" platform="MikroTik" version="2.7rc4" unpack=none
    age=45s

[admin@MikroTik] ip neighbor>

As you can see, not only MikroTik RouterOS routers were discovered, but HP Procurve 2524 switch and Cisco 350 Series Wireless Bridge

 

Sumber.

Basic config BDCOM S2510-B Ethernet Switch

  • setting hostname
    hostname [name of switch]
  • vlan configuration
    vlan 10
    name Management
  • telnet configuration
    line vty 0 4
    login authentication default
    login authorization default
  • time & ntp configuration
    clocktime coniguration
    Time-zone WIB 7
    ntp server [ip ntp server]
  • lldp configuration (show of neighborship devices)
    lldp run
  • ip configuration
    interface Vlan 10
    ip address 10.11.12.13 255.255.255.0
  • interface configuration
    interface GigabitEthernet0/9

    description  Port Trunk
    switchport mode trunk

    switchport trunk vlan-allowed [all / x]

    interface GigabitEthernet0/1
    description Port Access
    switchport mode access
    switchport pvid (vlan id)
  • ip routing
    ip default-gateway
  • banner message
     text ****************************************
     text *      User Access Verification     *
     text *      Login authentication    *
     text ****************************************
  • save configuration
    write
  • QnQ port configuration
    interface GigaEthernet0/1
    description “Port access to user ”
    switchport pvid 200

    interface GigaEthernet0/9
    description “Port trunk to POP”
    switchport trunk vlan-allowed 10,200

    switchport mode dot1q-tunnel-uplink

 

Penjelasan SPAN, RSPAN, dan ERSPAN untuk Port-Mirroring

Postingan kali ini merupakan translate dari artikel resmi cisco disini, dengan tujuan agar lebih mudah dipahami oleh kita yang kurang paham bahasa mesin (baca:inggris).

Pendahuluan :
Switch port Analyzer (SPAN) merupakan sebuah sistem yang memiliki kemampuan untuk memantau trafik pada sebuah jaringan dengan cara yang efisien, sistem ini bekerja dengan cara me-replikasi  ke salah satu port atau bahkan lebih pada sebuah interface switch yang akan kita pantau trafiknya. Dengan kemampuannya me-replikasi sebuah interface SPAN dapat digunakan untuk troubleshoot atau analisa trafik yang berlalu-lalang pada sebuah interface yang dituju tanpa mengganggu interface yang sedang bekerja, biasanya dalam lingkup network engineer kegiatan ini biasa disebut dengan port mirroring.

Pada cisco SPAN ada 3 kategori yang membedakan dalam hal lingkup kerjanya :

Continue reading “Penjelasan SPAN, RSPAN, dan ERSPAN untuk Port-Mirroring”