Embed Size (px)
Citation preview
Belajar Mengkonfigurasi IP over IP tunnel
Di Junos http://iwing.wordpress.com
Berhubung masih nobitol makanya masih script kiddies, maklum baru belajar hehehehe...........@_@
--------------------------------------------------------------------------------------------
! Topology yang digunakan !
--------------------------------------------------------------------------------------------
Nb: cnc2, cnc3 and cnc4 using OSPF
cnc1, tunnel and cnc5 using RIP
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc1 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc1# show
## Last changed: 2010-07-06 23:00:41 UTC
version 8.4R4.2;
system {
host-name cnc1;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$rQy0ZTV0$A1hVDjhzF2niCbd/4MI0K."; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.10.1/24;
}
}
}
fxp2 {
unit 0 {
family inet {
address 192.168.80.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
}
protocols {
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp0.0;
neighbor fxp2.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}
[edit]
iwing@cnc1#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc2 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc2# show
## Last changed: 2010-07-06 22:56:40 UTC
version 8.4R4.2;
system {
host-name cnc2;
root-authentication {
encrypted-password "$1$QeV0HEqD$DcAIEpD8DU94YaIzoqsfo/"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$a1HVR5jH$yoUbW1IOcAHOdAQCahOpy0"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.10.2/24;
}
}
}
fxp1 {
unit 0 {
family inet {
address 192.168.20.1/24;
}
}
}
ipip {
unit 0 {
tunnel {
source 192.168.20.1;
destination 192.168.30.2;
}
family inet {
address 192.168.100.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}
routing-options {
router-id 2.2.2.2;
autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp1.0;
}
}
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp0.0;
neighbor ipip.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}
[edit]
iwing@cnc2#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc3 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc3# show
## Last changed: 2010-07-06 22:45:23 UTC
version 8.4R4.2;
system {
host-name cnc3;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$nBU.RVsT$LMG9TWM9OUQZGvInqYfEu1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.30.1/24;
}
}
}
fxp1 {
unit 0 {
family inet {
address 192.168.20.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 3.3.3.3/32;
}
}
}
}
routing-options {
router-id 3.3.3.3;
autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp0.0;
interface fxp1.0;
}
}
}
[edit]
iwing@cnc3#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc4 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc4# show
## Last changed: 2010-07-06 22:52:22 UTC
version 8.4R4.2;
system {
host-name cnc4;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$a4h8jH/6$WNgvFOgNFh2cnvlaHnZms1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.30.2/24;
}
}
}
fxp2 {
unit 0 {
family inet {
address 192.168.40.1/24;
}
}
}
ipip {
unit 0 {
tunnel {
source 192.168.30.2;
destination 192.168.20.1;
}
family inet {
address 192.168.100.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 4.4.4.4/32;
}
}
}
}
routing-options {
router-id 4.4.4.4;
autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp0.0;
interface fxp1.0;
}
}
rip {
group ripiwing {
export advertise-rip-routes;
neighbor ipip.0;
neighbor fxp2.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}
[edit]
iwing@cnc4#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc5 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc5# show
## Last changed: 2010-07-06 22:57:17 UTC
version 8.4R4.2;
system {
host-name cnc5;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$nBU.RVsT$LMG9TWM9OUQZGvInqYfEu1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp2 {
unit 0 {
family inet {
address 192.168.40.2/24;
}
}
}
fxp4 {
unit 0 {
family inet {
address 192.168.90.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 5.5.5.5/32;
}
}
}
}
protocols {
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp2.0;
neighbor fxp4.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}
[edit]
iwing@cnc5#
------------------------------------------------------------------------------------------------
! How to check (run show interface) !
------------------------------------------------------------------------------------------------
Physical interface: ipip, Enabled, Physical link is Up
Interface index: 11, SNMP ifIndex: 9
Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Input packets : 0
Output packets: 0
Logical interface ipip.0 (Index 66) (SNMP ifIndex 24)
Flags: Point-To-Point SNMP-Traps 0x4000
IP-Header 192.168.20.1:192.168.30.2:4:df:64:00000000
Encapsulation: IPv4-NULL
Input packets : 7
Output packets: 9
Protocol inet, MTU: 1480
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.100/24, Local: 192.168.100.2
------------------------------------------------------------------------------------------------
Physical interface: ipip, Enabled, Physical link is Up
Interface index: 11, SNMP ifIndex: 9
Type: IPIP, Link-level type: IP-over-IP, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: SNMP-Traps
Input packets : 0
Output packets: 0
Logical interface ipip.0 (Index 66) (SNMP ifIndex 24)
Flags: Point-To-Point SNMP-Traps 0x4000
IP-Header 192.168.20.1:192.168.30.2:4:df:64:00000000
Encapsulation: IPv4-NULL
Input packets : 7
Output packets: 9
Protocol inet, MTU: 1480
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.100/24, Local: 192.168.100.2
------------------------------------------------------------------------------------------------
! How to check (run show route) !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc1# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:16:37
> via lo0.0
2.2.2.2/32 *[RIP/100] 00:16:26, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
5.5.5.5/32 *[RIP/100] 00:16:26, metric 4, tag 0
> to 192.168.10.2 via fxp0.0
192.168.10.0/24 *[Direct/0] 00:16:37
> via fxp0.0
192.168.10.1/32 *[Local/0] 00:16:37
Local via fxp0.0
192.168.20.0/24 *[RIP/100] 00:16:26, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
192.168.40.0/24 *[RIP/100] 00:16:26, metric 3, tag 0
> to 192.168.10.2 via fxp0.0
192.168.80.0/24 *[Direct/0] 00:16:37
> via fxp2.0
192.168.80.1/32 *[Local/0] 00:16:37
Local via fxp2.0
192.168.90.0/24 *[RIP/100] 00:16:26, metric 4, tag 0
> to 192.168.10.2 via fxp0.0
192.168.100.0/24 *[RIP/100] 00:16:26, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
224.0.0.9/32 *[RIP/100] 00:13:16, metric 1
MultiRecv
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
[edit]
iwing@cnc1#
[edit]
iwing@cnc2# run show route
inet.0: 17 destinations, 19 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[RIP/100] 00:12:35, metric 2, tag 0
> to 192.168.10.1 via fxp0.0
2.2.2.2/32 *[Direct/0] 00:14:00
> via lo0.0
3.3.3.3/32 *[OSPF/10] 00:12:54, metric 10
> to 192.168.20.2 via fxp1.0
4.4.4.4/32 *[OSPF/10] 00:12:54, metric 20
> to 192.168.20.2 via fxp1.0
[RIP/100] 00:12:53, metric 2, tag 0
> to 192.168.100.2 via ipip.0
5.5.5.5/32 *[RIP/100] 00:12:53, metric 3, tag 0
> to 192.168.100.2 via ipip.0
192.168.10.0/24 *[Direct/0] 00:14:00
> via fxp0.0
192.168.10.2/32 *[Local/0] 00:14:00
Local via fxp0.0
192.168.20.0/24 *[Direct/0] 00:14:00
> via fxp1.0
192.168.20.1/32 *[Local/0] 00:14:00
Local via fxp1.0
192.168.30.0/24 *[OSPF/10] 00:12:54, metric 20
> to 192.168.20.2 via fxp1.0
[RIP/100] 00:12:53, metric 2, tag 0
> to 192.168.100.2 via ipip.0
192.168.40.0/24 *[RIP/100] 00:12:53, metric 2, tag 0
> to 192.168.100.2 via ipip.0
192.168.80.0/24 *[RIP/100] 00:12:35, metric 2, tag 0
> to 192.168.10.1 via fxp0.0
192.168.90.0/24 *[RIP/100] 00:12:53, metric 3, tag 0
> to 192.168.100.2 via ipip.0
192.168.100.0/24 *[Direct/0] 00:12:53
> via ipip.0
192.168.100.1/32 *[Local/0] 00:14:00
Local via ipip.0
224.0.0.5/32 *[OSPF/10] 00:14:04, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:06:32, metric 1
MultiRecv
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
[edit]
iwing@cnc2#
[edit]
iwing@cnc3# run show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2.2.2.2/32 *[OSPF/10] 00:12:08, metric 10
> to 192.168.20.1 via fxp1.0
3.3.3.3/32 *[Direct/0] 00:12:29
> via lo0.0
4.4.4.4/32 *[OSPF/10] 00:12:13, metric 10
> to 192.168.30.2 via fxp0.0
192.168.20.0/24 *[Direct/0] 00:12:29
> via fxp1.0
192.168.20.2/32 *[Local/0] 00:12:29
Local via fxp1.0
192.168.30.0/24 *[Direct/0] 00:12:29
> via fxp0.0
192.168.30.1/32 *[Local/0] 00:12:29
Local via fxp0.0
224.0.0.5/32 *[OSPF/10] 00:12:33, metric 1
MultiRecv
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
[edit]
iwing@cnc3#
[edit]
iwing@cnc4# run show route
inet.0: 17 destinations, 19 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[RIP/100] 00:11:20, metric 3, tag 0
> to 192.168.100.1 via ipip.0
2.2.2.2/32 *[OSPF/10] 00:11:37, metric 20
> to 192.168.30.1 via fxp0.0
[RIP/100] 00:11:37, metric 2, tag 0
> to 192.168.100.1 via ipip.0
3.3.3.3/32 *[OSPF/10] 00:11:42, metric 10
> to 192.168.30.1 via fxp0.0
4.4.4.4/32 *[Direct/0] 00:12:38
> via lo0.0
5.5.5.5/32 *[RIP/100] 00:12:36, metric 2, tag 0
> to 192.168.40.2 via fxp2.0
192.168.10.0/24 *[RIP/100] 00:11:37, metric 2, tag 0
> to 192.168.100.1 via ipip.0
192.168.20.0/24 *[OSPF/10] 00:11:42, metric 20
> to 192.168.30.1 via fxp0.0
[RIP/100] 00:11:37, metric 2, tag 0
> to 192.168.100.1 via ipip.0
192.168.30.0/24 *[Direct/0] 00:12:38
> via fxp0.0
192.168.30.2/32 *[Local/0] 00:12:38
Local via fxp0.0
192.168.40.0/24 *[Direct/0] 00:12:38
> via fxp2.0
192.168.40.1/32 *[Local/0] 00:12:38
Local via fxp2.0
192.168.80.0/24 *[RIP/100] 00:11:20, metric 3, tag 0
> to 192.168.100.1 via ipip.0
192.168.90.0/24 *[RIP/100] 00:12:36, metric 2, tag 0
> to 192.168.40.2 via fxp2.0
192.168.100.0/24 *[Direct/0] 00:11:42
> via ipip.0
192.168.100.2/32 *[Local/0] 00:12:38
Local via ipip.0
224.0.0.5/32 *[OSPF/10] 00:12:40, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:06:53, metric 1
MultiRecv
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
[edit]
iwing@cnc4#
[edit]
iwing@cnc5# run show route
inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[RIP/100] 00:13:34, metric 4, tag 0
> to 192.168.40.1 via fxp2.0
4.4.4.4/32 *[RIP/100] 00:15:02, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
5.5.5.5/32 *[Direct/0] 00:15:23
> via lo0.0
192.168.10.0/24 *[RIP/100] 00:13:53, metric 3, tag 0
> to 192.168.40.1 via fxp2.0
192.168.30.0/24 *[RIP/100] 00:15:02, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
192.168.40.0/24 *[Direct/0] 00:15:23
> via fxp2.0
192.168.40.2/32 *[Local/0] 00:15:23
Local via fxp2.0
192.168.80.0/24 *[RIP/100] 00:13:34, metric 4, tag 0
> to 192.168.40.1 via fxp2.0
192.168.90.0/24 *[Direct/0] 00:15:23
> via fxp4.0
192.168.90.1/32 *[Local/0] 00:15:23
Local via fxp4.0
192.168.100.0/24 *[RIP/100] 00:14:04, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
224.0.0.9/32 *[RIP/100] 00:09:38, metric 1
MultiRecv
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
[edit]
iwing@cnc5#
------------------------------------------------------------------------------------------------
! How to check (ping and traceroute) !
------------------------------------------------------------------------------------------------
"Sekian dulu, semoga bermanfaat dan salam sedogedoi", saya mau belajar lagi teorinya T_T, kalau
ada yang keliru tolong beritahu saya, terima kasih... @_@ “CMIIW”
