Belajar Mengkonfigurasi GRE tunnel

Di Junos
http://iwing.wordpress.com

Berhubung masih nobitol makanya masih script kiddies, maklum baru belajar hehehehe...........@_@
--------------------------------------------------------------------------------------------
! Topology yang digunakan !
--------------------------------------------------------------------------------------------

Nb: cnc2, cnc3 and cnc4 using OSPF

cnc1, tunnel and cnc5 using RIP

------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc1 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc1# show
## Last changed: 2010-07-06 23:00:41 UTC
version 8.4R4.2;
system {
host-name cnc1;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2001;
class super-user;
authentication {
encrypted-password "$1$rQy0ZTV0$A1hVDjhzF2niCbd/4MI0K."; ## SECRET-DATA
}
 }
}
services {
ftp;
ssh;
telnet;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.10.1/24;
}
}
}
fxp2 {
unit 0 {
family inet {
address 192.168.80.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 1.1.1.1/32;
}
}
}
}
protocols {
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp0.0;
neighbor fxp2.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}

[edit]
iwing@cnc1#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc2 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc2# show
## Last changed: 2010-07-06 22:56:40 UTC
version 8.4R4.2;
system {
host-name cnc2;
root-authentication {
encrypted-password "$1$QeV0HEqD$DcAIEpD8DU94YaIzoqsfo/"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$a1HVR5jH$yoUbW1IOcAHOdAQCahOpy0"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
telnet;
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.10.2/24;
}
}
}
fxp1 {
unit 0 {
family inet {
address 192.168.20.1/24;
}
}
}
gre {
unit 0 {
tunnel {
source 192.168.20.1;
destination 192.168.30.2;
}
family inet {
address 192.168.100.1/24;
}
}
}
lo0 {
 unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}
routing-options {
router-id 2.2.2.2;
autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp1.0;
}
}
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp0.0;
neighbor ipip.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}

[edit]
iwing@cnc2#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc3 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc3# show
## Last changed: 2010-07-06 22:45:23 UTC
version 8.4R4.2;
system {
host-name cnc3;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$nBU.RVsT$LMG9TWM9OUQZGvInqYfEu1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
 }
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.30.1/24;
}
}
}
fxp1 {
unit 0 {
family inet {
address 192.168.20.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 3.3.3.3/32;
}
}
}
}
routing-options {
router-id 3.3.3.3;
autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp0.0;
interface fxp1.0;
}
}
}

[edit]
iwing@cnc3#

------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc4 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc4# show
## Last changed: 2010-07-06 22:52:22 UTC
version 8.4R4.2;
system {
host-name cnc4;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
 message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$a4h8jH/6$WNgvFOgNFh2cnvlaHnZms1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp0 {
unit 0 {
family inet {
address 192.168.30.2/24;
}
}
}
fxp2 {
unit 0 {
family inet {
address 192.168.40.1/24;
}
}
}
gre {
unit 0 {
tunnel {
source 192.168.30.2;
destination 192.168.20.1;
}
family inet {
address 192.168.100.2/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 4.4.4.4/32;
}
}
}
}
routing-options {
router-id 4.4.4.4;
 autonomous-system 100;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface fxp0.0;
interface fxp1.0;
}
}
rip {
group ripiwing {
export advertise-rip-routes;
neighbor ipip.0;
neighbor fxp2.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}

[edit]
iwing@cnc4#
------------------------------------------------------------------------------------------------
! Konfigurasi Router cnc5 !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc5# show
## Last changed: 2010-07-06 22:57:17 UTC
version 8.4R4.2;
system {
host-name cnc5;
root-authentication {
encrypted-password "$1$rdYbfs2s$UfeiORYzSrjvML7X.mIHy0"; ## SECRET-DATA
}
login {
message "\n\n!========================================================!\n
\n!Router cnc, maintened by:iwing !\n
\n!Access to this device is limited to authorized user only!\n
\n!WARNING!!!:ALL unathourized access is prohibited. !\n
\n!========================================================!\n\n";
user iwing {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$nBU.RVsT$LMG9TWM9OUQZGvInqYfEu1"; ## SECRET-DATA
}
}
}
services {
ftp;
ssh;
web-management {
http {
port 80;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
 any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
fxp2 {
unit 0 {
family inet {
address 192.168.40.2/24;
}
}
}
fxp4 {
unit 0 {
family inet {
address 192.168.90.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 5.5.5.5/32;
}
}
}
}
protocols {
rip {
group ripiwing {
export advertise-rip-routes;
neighbor fxp2.0;
neighbor fxp4.0;
}
}
}
policy-options {
policy-statement advertise-rip-routes {
term 1 {
from protocol [ direct rip ];
then accept;
}
}
}

[edit]
iwing@cnc5#
------------------------------------------------------------------------------------------------
! How to check (run show interface) !
------------------------------------------------------------------------------------------------
Physical interface: gre, Enabled, Physical link is Up
Interface index: 10, SNMP ifIndex: 8
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Input packets : 0
Output packets: 0

Logical interface gre.0 (Index 70) (SNMP ifIndex 27)

Flags: Point-To-Point SNMP-Traps 0x4000
IP-Header 192.168.30.2:192.168.20.1:47:df:64:0000000000000000
Encapsulation: GRE-NULL
Copy-tos-to-outer-ip-header: Off
Input packets : 41
Output packets: 45
Protocol inet, MTU: 1476
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.100/24, Local: 192.168.100.1,
Broadcast: 192.168.100.255

Physical interface: gre, Enabled, Physical link is Up

Interface index: 10, SNMP ifIndex: 8
Type: GRE, Link-level type: GRE, MTU: Unlimited, Speed: Unlimited
Device flags : Present Running
Interface flags: Point-To-Point SNMP-Traps
Input packets : 0
Output packets: 0

Logical interface gre.0 (Index 66) (SNMP ifIndex 27)

Flags: Point-To-Point SNMP-Traps 0x4000
IP-Header 192.168.20.1:192.168.30.2:47:df:64:0000000000000000
Encapsulation: GRE-NULL
Copy-tos-to-outer-ip-header: Off
Input packets : 39
Output packets: 41
Protocol inet, MTU: 1476
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 192.168.100/24, Local: 192.168.100.2,
Broadcast: 192.168.100.255

------------------------------------------------------------------------------------------------
! How to check (run show route) !
------------------------------------------------------------------------------------------------
[edit]
iwing@cnc1# run show route

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[Direct/0] 00:09:55

> via lo0.0
2.2.2.2/32 *[RIP/100] 00:09:49, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
5.5.5.5/32 *[RIP/100] 00:01:51, metric 4, tag 0
> to 192.168.10.2 via fxp0.0
192.168.10.0/24 *[Direct/0] 00:09:55
> via fxp0.0
192.168.10.1/32 *[Local/0] 00:09:55
Local via fxp0.0
192.168.20.0/24 *[RIP/100] 00:09:49, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
192.168.40.0/24 *[RIP/100] 00:01:51, metric 3, tag 0
> to 192.168.10.2 via fxp0.0
192.168.80.0/24 *[Direct/0] 00:09:55
> via fxp2.0
192.168.80.1/32 *[Local/0] 00:09:55
 Local via fxp2.0
192.168.90.0/24 *[RIP/100] 00:01:51, metric 4, tag 0
> to 192.168.10.2 via fxp0.0
192.168.100.0/24 *[RIP/100] 00:01:55, metric 2, tag 0
> to 192.168.10.2 via fxp0.0
224.0.0.9/32 *[RIP/100] 00:10:00, metric 1
MultiRecv

__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)

[edit]
iwing@cnc1#

[edit]
iwing@cnc2# run show route

inet.0: 17 destinations, 19 routes (17 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[RIP/100] 00:11:46, metric 2, tag 0

> to 192.168.10.1 via fxp0.0
2.2.2.2/32 *[Direct/0] 00:12:12
> via lo0.0
3.3.3.3/32 *[OSPF/10] 00:10:41, metric 10
> to 192.168.20.2 via fxp1.0
4.4.4.4/32 *[OSPF/10] 00:10:41, metric 20
> to 192.168.20.2 via fxp1.0
[RIP/100] 00:01:55, metric 2, tag 0
> to 192.168.100.2 via gre.0
5.5.5.5/32 *[RIP/100] 00:01:55, metric 3, tag 0
> to 192.168.100.2 via gre.0
192.168.10.0/24 *[Direct/0] 00:12:12
> via fxp0.0
192.168.10.2/32 *[Local/0] 00:12:12
Local via fxp0.0
192.168.20.0/24 *[Direct/0] 00:12:12
> via fxp1.0
192.168.20.1/32 *[Local/0] 00:12:12
Local via fxp1.0
192.168.30.0/24 *[OSPF/10] 00:10:41, metric 20
> to 192.168.20.2 via fxp1.0
[RIP/100] 00:01:55, metric 2, tag 0
> to 192.168.100.2 via gre.0
192.168.40.0/24 *[RIP/100] 00:01:55, metric 2, tag 0
> to 192.168.100.2 via gre.0
192.168.80.0/24 *[RIP/100] 00:11:46, metric 2, tag 0
> to 192.168.10.1 via fxp0.0
192.168.90.0/24 *[RIP/100] 00:01:55, metric 3, tag 0
> to 192.168.100.2 via gre.0
192.168.100.0/24 *[Direct/0] 00:01:59
> via gre.0
192.168.100.1/32 *[Local/0] 00:01:59
Local via gre.0
224.0.0.5/32 *[OSPF/10] 00:12:19, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:02:00, metric 1
MultiRecv

__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)

[edit]
iwing@cnc2#

[edit]
iwing@cnc3# run show route

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

2.2.2.2/32 *[OSPF/10] 00:09:02, metric 10

> to 192.168.20.1 via fxp1.0
3.3.3.3/32 *[Direct/0] 00:09:58
> via lo0.0
4.4.4.4/32 *[OSPF/10] 00:09:08, metric 10
> to 192.168.30.2 via fxp0.0
192.168.20.0/24 *[Direct/0] 00:09:58
> via fxp1.0
192.168.20.2/32 *[Local/0] 00:09:58
Local via fxp1.0
192.168.30.0/24 *[Direct/0] 00:09:58
> via fxp0.0
192.168.30.1/32 *[Local/0] 00:09:58
Local via fxp0.0
224.0.0.5/32 *[OSPF/10] 00:10:03, metric 1
MultiRecv

__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)

[edit]
iwing@cnc3#

[edit]
iwing@cnc4# run show route

inet.0: 17 destinations, 19 routes (17 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[RIP/100] 00:02:18, metric 3, tag 0

> to 192.168.100.1 via gre.0
2.2.2.2/32 *[OSPF/10] 00:10:26, metric 20
> to 192.168.30.1 via fxp0.0
[RIP/100] 00:02:18, metric 2, tag 0
> to 192.168.100.1 via gre.0
3.3.3.3/32 *[OSPF/10] 00:10:26, metric 10
> to 192.168.30.1 via fxp0.0
4.4.4.4/32 *[Direct/0] 00:11:21
> via lo0.0
5.5.5.5/32 *[RIP/100] 00:11:19, metric 2, tag 0
> to 192.168.40.2 via fxp2.0
192.168.10.0/24 *[RIP/100] 00:02:18, metric 2, tag 0
> to 192.168.100.1 via gre.0
192.168.20.0/24 *[OSPF/10] 00:10:26, metric 20
> to 192.168.30.1 via fxp0.0
[RIP/100] 00:02:18, metric 2, tag 0
> to 192.168.100.1 via gre.0
192.168.30.0/24 *[Direct/0] 00:11:21
> via fxp0.0
192.168.30.2/32 *[Local/0] 00:11:21
Local via fxp0.0
192.168.40.0/24 *[Direct/0] 00:11:21
> via fxp2.0
192.168.40.1/32 *[Local/0] 00:11:21
Local via fxp2.0
192.168.80.0/24 *[RIP/100] 00:02:18, metric 3, tag 0
> to 192.168.100.1 via gre.0
192.168.90.0/24 *[RIP/100] 00:11:19, metric 2, tag 0
> to 192.168.40.2 via fxp2.0
192.168.100.0/24 *[Direct/0] 00:02:18
> via gre.0
192.168.100.2/32 *[Local/0] 00:02:18
Local via gre.0
224.0.0.5/32 *[OSPF/10] 00:11:27, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:02:18, metric 1
MultiRecv

__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)

[edit]
iwing@cnc4#

[edit]
iwing@cnc5# run show route

inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

1.1.1.1/32 *[RIP/100] 00:01:51, metric 4, tag 0

> to 192.168.40.1 via fxp2.0
4.4.4.4/32 *[RIP/100] 00:10:14, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
5.5.5.5/32 *[Direct/0] 00:10:36
> via lo0.0
192.168.10.0/24 *[RIP/100] 00:01:51, metric 3, tag 0
> to 192.168.40.1 via fxp2.0
192.168.30.0/24 *[RIP/100] 00:10:14, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
192.168.40.0/24 *[Direct/0] 00:10:37
> via fxp2.0
192.168.40.2/32 *[Local/0] 00:10:37
Local via fxp2.0
192.168.80.0/24 *[RIP/100] 00:01:51, metric 4, tag 0
> to 192.168.40.1 via fxp2.0
192.168.90.0/24 *[Direct/0] 00:10:36
> via fxp4.0
192.168.90.1/32 *[Local/0] 00:10:36
Local via fxp4.0
192.168.100.0/24 *[RIP/100] 00:01:51, metric 2, tag 0
> to 192.168.40.1 via fxp2.0
224.0.0.9/32 *[RIP/100] 00:10:40, metric 1
MultiRecv

__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)

[edit]
iwing@cnc5#

------------------------------------------------------------------------------------------------
! How to check (ping and traceroute) !
------------------------------------------------------------------------------------------------
"Sekian dulu, semoga bermanfaat dan salam sedogedoi", saya mau belajar lagi teorinya T_T, kalau
ada yang keliru tolong beritahu saya, terima kasih... @_@ “CMIIW”