EIGRP ..................................................................................................

8
Teori Dasar EIGRP ............................................................................................. 10

Lab 1. EIGRP Konfigurasi Dasar ....................................................................... 12

Lab 2. EIGRP Filtering Distribute List ................................................................ 14

Lab 3. EIGRP Filtering Prefix List – In ............................................................... 16

Lab 4. EIGRP Filtering Prefix List – Out ............................................................. 20

Lab 5. EIGRP Filtering ACL (Ganjil & Genap)..................................................... 22

Lab 6. EIGRP Filtering AD ................................................................................. 24

Lab 7. EIGRP Authentication ............................................................................ 26

Lab 8. EIGRP Summarization ........................................................................... 28

Lab 9. EIGRP Unicast Update ........................................................................... 30

Lab 10. EIGRP Summary Address (Default Route) ........................................... 32

Lab 11. EIGRP Redistribution – RIP .................................................................. 34

Lab 12. EIGRP Redistribution – OSPF ............................................................... 37

Lab 13. EIGRP Mindah Jalur ( Delay ) ............................................................... 38

Lab 14. EIGRP Mindah Jalur ( Bandwidth) ...................................................... 42

Lab 15. EIGRP Equal Load Balancing ................................................................ 44

Lab 16. EIGRP Unequal Load Balancing ............................................................ 47

Lab 17. EIGRP Stub Default (Connected + Summary) ..................................... 50

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 1

Lab 18. EIGRP Stub Connected .......................................................................53

Lab 19. EIGRP Stub Summary ........................................................................54

Lab 20. EIGRP Stub Static ..............................................................................55

Lab 21. EIGRP Stub Redistributed .................................................................56

Lab 22. EIGRP Stub Receive-Only ..................................................................57

Lab 23. EIGRP Named Config .........................................................................59

Lab 24. EIGRP OTP (Over the Top) .................................................................62

OSPF ................................................................................................ 67
Teori Dasar OSPF ........................................................................................... 68

Lab 1. OSPF Virtual Link ..................................................................................71

Lab 2. OSPF Gre Tunnel ..................................................................................84

Lab 3. OSPF Standard Area .............................................................................88

Lab 4. OSPF Stub Area ....................................................................................93

Lab 5. OSPF Totally Stub Area ........................................................................96

Lab 6. OSPF NSSA Area ...................................................................................98

Lab 7. OSPF External Route Type 1 ................................................................ 105

Lab 8. OSPF Filtering Distribute List ............................................................... 109

Lab 9. OSPF Sumarization – Internal Route....................................................113

Lab 10. OSPF Summarization – External Route ..............................................117

Lab 11. OSPF Redistribution - Default route ..................................................122

Lab 12. OSPF Redistribution – Static .............................................................. 124

Lab 13. OSPF Redistribution – Connected......................................................125

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 2

Lab 14. OSPF Redistribution – RIP ..................................................................127

Lab 15. OSPF Redistribution – EIGRP ............................................................. 128

Lab 16. OSPF Mindah Jalur .............................................................................129

Lab 17. OSPF Authentication ..........................................................................134

Lab 18. VRF Lite .............................................................................................. 136

IPV6 .................................................................................................. 141

Lab 1. Dasar IPv6 ............................................................................................ 142

Lab 2. IPV6 Routing Static Routing .................................................................148

Lab 3. IPV6 Routing RIPng ..............................................................................152

Lab 4. IPV6 Routing OSPFv3 Dasar Konfig ......................................................156

Lab 5. IPV6 Routing Redistribution RIPnG ke OSPFv3 ....................................159

Lab 6. IPV6 Routing EIGRP IPv6 Dasar Konfig .................................................163

Lab 7. IPV6 Tunnel IPv6ip ...............................................................................165

Lab 8. IPV6 Tunnel GRE IP ..............................................................................170

Lab 9. IPV6 Tunnel 6to4..................................................................................171

Lab 10. IPV6 Tunnel ISATAP ...........................................................................173

Lab 11. IPV6 Tunnel Auto-Tunnel ...................................................................176

BGP................................................................................................. 177
Lab 1. iBGP Peering ........................................................................................178

Lab 2. iBGP Peering Loopback ........................................................................181

Lab 3. EBGP Peering .......................................................................................184

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 3

Lab 4. BGP Next-Hop-Self ...............................................................................189

Lab 5. BGP Authentication .............................................................................191

Lab 6. BGP Route Reflector ............................................................................192

Lab 7. BGP Attribute ( Origin) .........................................................................196

Lab 8. BGP Attribute (Community).................................................................198

Lab 9. BGP Attribute (Communtiy List) .......................................................... 206

Lab 10. BGP Attribute (Aggregator) ............................................................... 210

Lab 11. BGP Dualhoming – ISP sama .............................................................. 213

Lab 12. BGP Multihoming 2 ISP Berbeda .......................................................224

VPN Technologies ............................................................ 229

Lab 1. GRE Tunnel ........................................................................................... 230

Lab 2. IPSec Tunnel Mode ..............................................................................235

DMVPN ........................................................................................ 239

DMVPN – Phase (Teori) ..................................................................................240

Lab 1. Phase 1 Dynamic Mapping...................................................................241

Lab 2. Phase 1 With EIGRP .............................................................................246

Lab 3. Phase 1 With OSPF ...............................................................................249

Lab 4. Phase 1 With IPSec...............................................................................252

Lab 5. Phase 2 Dynamic Mapping...................................................................255

Lab 6. Phase 2 With EIGRP .............................................................................258

Lab 7. Phase 2 With OSPF ...............................................................................261

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 4

Lab 8. Phase 3 Dynamic Mapping...................................................................263

Lab 9. Phase 3 With EIGRP .............................................................................265

Lab 10. Phase 3 With OSPF .............................................................................267

MPLS ................................................................................................ 270

Lab 1. MPLS Backbone....................................................................................271

Lab 2. MPLS VPN............................................................................................. 278

Lab 3. MPLS VPN – PE CE Static Routing ........................................................282

VXLAN .......................................................................................... 284

VXLAN Topology ............................................................................................. 285

Konfigurasi VXLAN Static Peer........................................................................285

Konfigurasi VXLAN Flood ................................................................................291

Network Automation................................................... 297

Automation With Paramiko .................................................................... 298

Introduction Paramiko ...................................................................................298

Import Appliance Ubuntu to GNS3 ................................................................ 298

Paramiko Installation......................................................................................302
Initial Configuration ........................................................................................303
Basic Script Paramiko .....................................................................................305
Backup Config with Paramiko ........................................................................307
Backup Config Multiple Device ......................................................................310

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 5

Embedded Event Manager (EEM) ........................................................... 314

Konfigurasi Event Syslog.................................................................................314

Konfigurasi Event OSPF Adjacency (Email).....................................................317

Konfigurasi Event CLI ......................................................................................319

Konfigurasi Scheduling Events .......................................................................321

IP SLA With EEM Script ...................................................................................334

Switching Technologies .......................................................... 337

Lab 1. Vlan dan Trunk .....................................................................................338

Lab 2. InterVlan Routing .................................................................................342

Lab 3. SPAN (Switch Port Analyzer) ................................................................ 348

Lab 4. RSPAN ( Remote SPAN) ........................................................................350

Lab 5. STP Features : Portfast ........................................................................352

Lab 6. STP Features : UplinkFast ....................................................................354

Lab 7. STP Features : BPDU Guard .................................................................358

Lab 8. STP Features : BPDU Filter ...................................................................360

Lab 9. STP Features : Root Guard ...................................................................361

Lab 10. MSTP (Multiple Spanning Tree) ......................................................... 364

Lab 11. RSTP (Rapid Spanning Tree) ............................................................... 367

Lab 12. Etherchannel Mode on ......................................................................369

Lab 13. Etherchannel PagP .............................................................................371

Lab 14. Etherchannel LACP .............................................................................374

Lab 15. Etherchannel Layer 3 .........................................................................377

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 6

Lab 16. Port Security - Default Violation ........................................................379

Lab 17. Port Security - Violation Recovery .....................................................381

Lab 18. Port Security - Violation Action ......................................................... 382

Lab 19. HSRP (Hot Standby Router Protocol) .................................................384

Lab 20. HSRP Track Route ..............................................................................388

Lab 21. HSRP With IP SLA ...............................................................................390

Lab 22. HSRP Load Balancing..........................................................................392

Lab 23. VRRP (Virtual Router Redudancy Protocol) .......................................393

Lab 24. VRRP Track Route ..............................................................................395

Lab 25. VRRP With IP SLA ...............................................................................397

Lab 26. VRRP Load Balancing .........................................................................399

Lab 27. GLBP (Gateway Load Balancing Protocol) .........................................400

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 7

 EIGRP
( Enhanced Interior Gateway Routing Protocol )

“Hidup itu seperti mengendarai sebuah sepeda. Untuk menjaga

keseimbangan, kamu harus terus bergerak”.
Albert Einstein

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 8

 EIGRP
EIGRP Basic Configuration
EIGRP Filtering - Distribute List
EIGRP Filtering - Prefix List
EIGRP Filtering - Access List
EIGRP Filtering - Administrative Distance
EIGRP Summarization
EIGRP Unicast Update
EIGRP Default Route – Summary Address
EIGRP Redistribution – RIP
EIGRP Redistribution – OSPF
EIGRP Path Selection – Delay
EIGRP Path Selection – Bandwidth
EIGRP Equal Load Balancing
EIGRP Unequal Load Balancing
EIGRP Stub – Connected + Summary
EIGRP Stub – Connected
EIGRP Stub – Summary
EIGRP Stub – Static
EIGRP Stub – Redistributed

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 9

 EIGRP
(Enhanced Interior Gateway Routing Protocol)

Teori Dasar
EIGRP merupakan distance vector protocol dan cisco roprietary.
Menggunakan algoritma DUAL (Diffusing Update Algorithm).
Berikut ini ciri-ciri routing protocol EIGRP :
• Advanced distance vector/hybrid routing protocol
• Multicast or unicast for exchange information use port 88
• Administrative distance 90
• Classless routing protocol support VLSM/CIDR.
• Support IPv6
• Rich metric (bandwidth, delay, load and reliability)
• Very fast convergence
• Equal and Unequal Load balancing
• 100% loop-free
Dinamakan advanced distance vector atau hybrid routing protocol
karena EIGRP tidak seperti RIP yang:
• No neighbor discovery
• Periodic updates
• Vulnerable to loops
• Simple metric (hop count)
Cisco menambahkan fitur-fitur dari link state pada EIGRP sehingga
dapat mengatasi masalah-masalah RIP. Pada router yang menjalankan
EIGRP akan mempunyai 3 database(tabel):
EIGRP neighbor table
• List semua directly connected neighbor
• Next-hop router
• Interface
EIGRP topology table
• List semua route yang dipelajari dari semua EIGRP neighbor
• Destination
• Metric

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 10

Routing table
• Best route dari EIGRP topology table

Successor and Feasible Successor

• Successor = best path to destination
• Feasible Successor = backup link to destination

EIGRP Packets
1) Hello Packet
• Untuk discover dan recovery neighbor serta membentuk adjency.
• Jika penerima membalas dengan hello packet maka terjadi
adjency. Jika penerima tidak mengirim hello packet dalam X
waktu (hold time), maka adjency akan didrop.
• Setelah adjency terbentuk, akan melakukan exchange routing
information yang akan disimpan di topology table. Best path
dari topology table akan disave di routing table.
• Reliable
2) Update Packet
• Berisi informasi routing
• Dapat dikirim secara unicast atau multicast
• Reliable
3) Query Packet
• Dikirim jika suatu router EIGRP kehilangan informasi tentang
suatu network, maka query akan dikirim ke neighbor untuk
mendapat informasi tentang neighbor yang hilang tadi.
4) Reply Packet
• Response dari query packet
5) ACK Packet
• Dikirim sebagai pemberitahuan bahwa telah menerima update
packet.
• Dikirim secara unicast.
6) No Auto-Summary
Digunakan untuk menyertakan subnetmask dalam advertise
network.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 11

Lab 1. EIGRP – Konfig Dasar

Konfigurasi ip address pada setiap router seperti berikut ini.

R1
R1(config)#int gigabitEthernet 1/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int loopback 0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#no shutdown
R1(config)#router eigrp 10
R1(config-router)#network 1.1.1.1 0.0.0.0
R1(config-router)#network 12.12.12.1 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#interface gigabitEthernet 1/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
!
R2(config)#int fastEthernet 0/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int loopback 0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config)#router eigrp 10
R2(config-router)#network 2.0.0.0
R2(config-router)#network 12.12.12.2 0.0.0.0
R2(config-router)#network 23.23.23.2 0.0.0.0
R2(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 12

R3
R3(config)#int fastEthernet 0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#int loopback 0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config)#router eigrp 10
R3(config-router)#network 3.3.3.3 0.0.0.0
R3(config-router)#network 23.23.23.3 0.0.0.0
R3(config-router)#no auto-summary

Cek routing tabel pada Router 1. Pastikan ping ke router lain berhasil.
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/130816] via 12.12.12.2, 00:07:04, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156416] via 12.12.12.2, 00:02:20, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 00:07:04, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/28 ms
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 13

 Lab 2. EIGRP – Filtering – Distribute List

Digunakan untuk memfilter network berdasarkan route network yang

masuk dan keluar interface. Pada topologi dibawah, tujuannya agar ip
loopback 2.2.2.2 tidak ada dalam routing tabel R1.
Cara pertama : filter network menggunakan access list pada R1
dengan distribute IN. Pada lab ini, kita masih menggunakan lab
sebelumnya.

R1
R1(config)#access-list 1 deny 2.2.2.2
R1(config)#access-list 1 permit any
!
R1(config)#router eigrp 10
R1(config-router)#distribute-list 1 in gigabitEthernet 1/0
R1(config-router)#exit
Kemudian cek pada routing tabelnya. Pastikan IP 2.2.2.2 sudah tidak lagi
terdapat dalam routing tabelnya.
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156416] via 12.12.12.2, 01:18:53, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 01:23:38, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0
Cara kedua : filter network menggunakan access list pada R2 dengan
distribute OUT. Kita hapus terlebih dahulu konfigurasi distribute IN.
R1
R1(config)#router eigrp 10
R1(config-router)#no distribute-list 1 in GigabitEthernet 1/0
Pastikan ip loopback 2.2.2.2 sudah muncul lagi dalam tabel routing R1.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 14

R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/130816] via 12.12.12.2, 00:02:05, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156416] via 12.12.12.2, 01:25:50, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 01:30:34, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

lalu pada R2 ketik perintah berikut ini

R2
R2(config)#access-list 1 deny 2.2.2.2
R2(config)#access-list 1 permit any
R2(config)#router eigrp 10
R2(config-router)#distribute-list 1 out GigabitEthernet 1/0

Cek lagi routing tabelnya, maka IP loopback 2.2.2.2 sudah tidak ada
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156416] via 12.12.12.2, 01:36:09, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 01:40:53, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 15

 Lab 3. EIGRP – Filtering – Prefix List – In

Filtering menggunakan prefix list digunakan jika kita ingin memfilter

berdasarkan netmasknya, misal network pada R3 dengan prefix /24 - /28 akan
diblok, selain itu akan ditampilkan.

R1
R1(config)#interface gigabitEthernet 1/0
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
!
R1(config)#router eigrp 10
R1(config-router)#network 12.12.12.1 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#int fastEthernet 0/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
!
R2(config)#int gigabitEthernet 1/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
!
R2(config)#router eigrp 10
R2(config-router)#network 12.12.12.2 0.0.0.0
R2(config-router)#network 23.23.23.2 0.0.0.0
R2(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 16

Buat beberapa IP loopback yang bervariatif untuk difilter.
R3
R3(config)#int fastEthernet 0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
!
R3(config)#int loopback 0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
!
R3(config-if)#int loopback 1
R3(config-if)#ip add 3.3.3.17 255.255.255.240
!
R3(config-if)#int loopback 2
R3(config-if)#ip add 3.3.3.33 255.255.255.248
!
R3(config-if)#int loopback 3
R3(config-if)#ip add 3.3.3.100 255.255.255.224
!
R3(config-if)#int loopback 4
R3(config-if)#ip add 3.3.3.150 255.255.255.252
!
R3(config-if)#int loopback 5
R3(config-if)#ip add 3.3.3.200 255.255.255.240
!
R3(config)#router eigrp 10
R3(config-router)#network 0.0.0.0
R3(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 17

Kita cek tabel routing R1

R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156416] via 12.12.12.2, 02:33:14, GigabitEthernet1/0
D 3.3.3.16/28 [90/156416] via 12.12.12.2, 00:04:50, GigabitEthernet1/0
D 3.3.3.32/29 [90/156416] via 12.12.12.2, 00:04:50, GigabitEthernet1/0
D 3.3.3.96/27 [90/156416] via 12.12.12.2, 00:04:50, GigabitEthernet1/0
D 3.3.3.148/30 [90/156416] via 12.12.12.2, 00:04:50, GigabitEthernet1/0
D 3.3.3.192/28 [90/156416] via 12.12.12.2, 00:04:50, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 02:37:58, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

R2
R2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 02:40:44, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156160] via 23.23.23.3, 02:35:40, FastEthernet0/0
D 3.3.3.16/28 [90/156160] via 23.23.23.3, 00:07:16, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:07:16, FastEthernet0/0
D 3.3.3.96/27 [90/156160] via 23.23.23.3, 00:07:16, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:07:16, FastEthernet0/0
D 3.3.3.192/28 [90/156160] via 23.23.23.3, 00:07:16, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 18

Konfigurasi prefix list filtering pada R2
R2
R2(config)#ip prefix-list EIGRP
R2(config)#ip prefix-list EIGRP_IN seq 10 deny 3.3.3.0/24 le 28
R2(config)#ip prefix-list EIGRP_IN seq 20 permit 0.0.0.0/0 le 32
R2(config)#router eigrp 10
R2(config-router)#distribute-list prefix EIGRP_IN in

Kita cek tabel routing. Pastikan network 3.3.3.x dengan prefix antara 24
sampai 28 sudah tidak ada. Yang ada hanyalah prefix antara 29 sampai
30.
R2
R2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 02:54:54, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
D 3.3.3.3/32 [90/156160] via 23.23.23.3, 02:49:50, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:21:26, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:21:26, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 19

Lab 4. EIGRP – Filtering – Prefix List – Out

Jika sebelumnya memakai prefix IN, sekarang menggunakan OUT.

Tujuannya agar network pada R3 dengan prefix 28 sampai 30 diblok,
selain itu ditampilkan. Hapus konfigurasi prefix list IN sebelumnya.

R2
R2(config)#router eigrp 10
R2(config-router)#no distribute-list prefix EIGRP_IN in

Pastikan semua networking muncul pada tabel routing.

R2
R2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 00:51:20, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156160] via 23.23.23.3, 00:51:20, FastEthernet0/0
D 3.3.3.16/28 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.96/27 [90/156160] via 23.23.23.3, 00:42:54, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.192/28 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 20

Konfigurasi prefix list filtering OUT pada R3.
R3
R3(config)#ip prefix-list EIGRP_OUT seq 10 deny 3.3.3.0/24 ge 28 le 30
R3(config)#ip prefix-list EIGRP_OUT seq 20 permit 0.0.0.0/0 le 32
R3(config)#router eigrp 10
R3(config-router)#distribute-list prefix EIGRP_OUT out

Pastikan Network 3.3.3.x yang memiliki prefix 28 sampai 30 di blok dan tidak
ada di dalam routing tabel R1 dan R2.
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 3.3.3.3/32 [90/156416] via 12.12.12.2, 00:16:58, GigabitEthernet1/0
D 3.3.3.96/27 [90/156416] via 12.12.12.2, 00:08:33, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 00:16:58, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 21

 Lab 5. EIGRP – Filtering – ACL

Kita akan menggunakan metode filtering berdasarkan IP Genap dan IP Ganjil,

sebelum itu hapus dulu konfigurasi prefix-list out pada R3.
R3
R3(config)#no ip prefix-list EIGRP_OUT seq 10 deny 3.3.3.0/24 ge 28 le 30
R3(config)#no ip prefix-list EIGRP_OUT seq 20 permit 0.0.0.0/0 le 32
!
R3(config)#router eigrp 10
R3(config-router)#distribute-list prefix EIGRP_OUT out

Cek kembali routing table pada R2, pastikan semua loopback R3 masuk semua.
R2
R2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 00:51:20, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156160] via 23.23.23.3, 00:51:20, FastEthernet0/0
D 3.3.3.16/28 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.96/27 [90/156160] via 23.23.23.3, 00:42:54, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
D 3.3.3.192/28 [90/156160] via 23.23.23.3, 00:03:18, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0
Kita mulai filter route yang genap.
R2
R2(config)#access-list 1 permit 0.0.0.0 255.255.255.254
R2(config)#router eigrp 10
R2(config-router)#distribute-list 1 in fastEthernet 0/0
Kita cek tabel routingnya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 22

 R2
R2(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 00:59:00, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.16/28 [90/156160] via 23.23.23.3, 00:10:59, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:10:59, FastEthernet0/0
D 3.3.3.96/27 [90/156160] via 23.23.23.3, 00:50:35, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:10:59, FastEthernet0/0
D 3.3.3.192/28 [90/156160] via 23.23.23.3, 00:10:59, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

Sekarang kita filtering yang ganjil

R2
R2(config)#no access-list 1 permit 0.0.0.0 255.255.255.254
R2(config)#access-list 1 permit 0.0.0.1 255.255.255.254

Tunggu sebentar dan berikut hasilnya

R2
R2(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 01:02:51, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156160] via 23.23.23.3, 01:02:51, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 23

Lab 6. EIGRP – Filtering – AD

Cara filtering lain adalah dengan merubah nilai AD suatu route menjadi 255
(unreachable). Misalnya kita menginginkan agar IP Loopback R3 tidak lagi
dimunculkan dalam routing table R2 dan R1, yaitu dengan diset nilai
administrative distancenya menjadi 255.

Hapus konfigurasi filtering sebelummya pada R2

R2
R2(config)#no access-list 1 permit 0.0.0.1 255.255.255.254
R2(config)#router eigrp 10
R2(config-router)#no distribute-list 1 in FastEthernet 0/0

Kondisi awal sebelum filtering :

R2
R2(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/130816] via 12.12.12.1, 01:17:02, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156160] via 23.23.23.3, 01:17:02, FastEthernet0/0
D 3.3.3.16/28 [90/156160] via 23.23.23.3, 00:09:09, FastEthernet0/0
D 3.3.3.32/29 [90/156160] via 23.23.23.3, 00:09:09, FastEthernet0/0
D 3.3.3.96/27 [90/156160] via 23.23.23.3, 00:09:09, FastEthernet0/0
D 3.3.3.148/30 [90/156160] via 23.23.23.3, 00:09:09, FastEthernet0/0
D 3.3.3.192/28 [90/156160] via 23.23.23.3, 00:09:09, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 24

 Konfigurasikan nilai AD yang paling besar yakni 255 pada network 3.3.3.0
R2
R2(config)#access-list 1 permit 3.3.3.0 0.0.0.255
!
R2(config)#router eigrp 10
R2(config-router)#distance 255 0.0.0.0 255.255.255.255 1

Perintah “3.3.3.0 0.0.0.255” artinya dari IP Address 3.3.3.0 – 3.3.3.255 akan

dirubah nilai AD nya menjadi 255 (unreachable).

Cek lagi pada R2

R2
R2#sh ip route
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

Yup ip loopback R1 (1.1.1.1) sudah tidak terdapat lagi dalam routing tabel
Router R3.
R1
R1#sh ip route 2.2.2.2
% Network not in table
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 25

 Lab 7. EIGRP – Authentication

Pada EIGRP hanya ada MD5 authentication, tidak ada clear text authentication
R1
R1(config)#key chain EIGRP
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string CCNP
R1(config-keychain-key)#exit
!
R1(config)#int gigabitEthernet 1/0
R1(config-if)#ip authentication mode eigrp 10 md5
R1(config-if)#ip authentication key-chain eigrp 10 EIGRP

R2
R2(config)#key chain EIGRP
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string CCNP
R1(config-keychain-key)#exit
!
R2(config)#int gigabitEthernet 1/0
R2(config-if)#ip authentication mode eigrp 10 md5
R2(config-if)#ip authentication key-chain eigrp 10 EIGRP

Verifikasi :
R1
R1#debug eigrp packets
EIGRP Packets debugging is on
(UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB,
SIAQUERY, SIAREPLY)
R1#
*Jul 8 10:06:56.543: EIGRP: Sending HELLO on GigabitEthernet1/0
*Jul 8 10:06:56.543: AS 10, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
*Jul 8 10:06:56.723: EIGRP: Sending HELLO on Loopback0
*Jul 8 10:06:56.723: AS 10, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 26

*Jul 8 10:06:56.723: EIGRP: Received HELLO on Loopback0 nbr 1.1.1.1
*Jul 8 10:06:56.723: AS 10, Flags 0x0, Seq 0/0 idbQ 0/0
*Jul 8 10:06:56.723: EIGRP: Packet from ourselves ignored
R1#
*Jul 8 10:06:57.851: EIGRP: received packet with MD5 authentication, key id
=1
*Jul 8 10:06:57.851: EIGRP: Received HELLO on GigabitEthernet1/0 nbr
12.12.12.2
*Jul 8 10:06:57.851: AS 10, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
peerQ un/rely 0/0

Kalau kita capture menggunakan Wireshark hasilnya seperti ini :

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 27

 Lab 8. EIGRP – Summarization

Dengan summarization, maka beberapa route akan dijadikan satu, untuk itu
kita perlu membuat beberapa ip yang nantinya akan di summarize, pada lab
sebelumnya pada R3 kita sudah membuat beberapa ip loopback sekarang
tinggal kita summarize saja.

Kondisi Awal :
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/130816] via 12.12.12.2, 00:00:17, GigabitEthernet1/0
3.0.0.0/8 is variably subnetted, 6 subnets, 5 masks
D 3.3.3.3/32 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
D 3.3.3.16/28 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
D 3.3.3.32/29 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
D 3.3.3.96/27 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
D 3.3.3.148/30 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
D 3.3.3.192/28 [90/156416] via 12.12.12.2, 00:00:16, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 00:00:17, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

Konfigurasikan summarization di router R3

R3
R3(config)#int fastEthernet 0/0
R3(config-if)#ip summary-address eigrp 10 3.3.3.0 255.255.255.0 5

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 28

Cek lagi di router R1
R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/130816] via 12.12.12.2, 00:11:58, GigabitEthernet1/0
3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/156416] via 12.12.12.2, 00:06:18, GigabitEthernet1/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 00:11:58, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

R1
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/36 ms

R1#ping 3.3.3.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/39/44 ms

R1#ping 3.3.3.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/28 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 29

 Lab 9. EIGRP – Unicast Update

Secara default, EIGRP melakukan upate secara multicast (224.0.0.10), pada lab
kali ini kita akan merubahnya menjadi unicast update.

R1
R1#debug ip packet detail
IP packet debugging is on (detailed)
*Mar 1 00:30:36.883: IP: s=12.12.12.2 (GigabitEthernet1/0), d=224.0.0.10,
len 60, rcvd 2, proto=88
*Mar 1 00:30:37.331: IP: s=12.12.12.1 (local), d=224.0.0.10
(FastEthernet1/0), len 60, sending broad/multicast, proto=88

Untuk merubah menjadi unicast (link R1-R2)

R1
R1(config)#router eigrp 10
R1(config-router)#neighbor 12.12.12.2 GigabitEthernet 1/0

R2
R2(config)#router eigrp 10
R2(config-router)#neighbor 12.12.12.1 GigabitEthernet 1/0

Selanjutnya cek kembali dan pastikan updatenya sudah berubah dari 224.0.0.10
menjadi ke ip neighbornya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 30

R1
R1#debug ip packet detail
*Mar 1 02:22:06.027: IP: s=12.12.12.1 (local), d=12.12.12.2
(GigabitEthernet1/0), len 60, sending, proto=88
*Mar 1 02:22:06.099: IP: tableid=0, s=12.12.12.2 (GigabitEthernet1/0),
d=12.12.12.1 (FastEthernet1/0), routed via RIB
*Mar 1 02:22:06.103: IP: s=12.12.12.2 (GigabitEthernet1/0), d=12.12.12.1
(FastEthernet1/0), len 60, rcvd 3, proto=88

Atau kalau kita capture menggunakan Wireshark hasilnya seperti ini Before.

After

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 31

Lab 10. EIGRP – Default Route – Summary Address

Default route juga bisa didistribusikan melalui EIGRP sehingga masing- masing
router tidak perlu membuat konfigurasi default route satu satu secara
manual.

R3
R3(config)#interface fastEthernet 0/0
R3(config-if)#no ip summary-address eigrp 10 3.3.3.3 255.255.255.0
R3(config-if)#ip summary-address eigrp 10 0.0.0.0 0.0.0.0
R3(config-if)#exit

R3
R3#sh ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
D* 0.0.0.0/0 is a summary, 00:16:28, Null0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/156160] via 23.23.23.2, 00:35:25, FastEthernet0/0
3.0.0.0/8 is variably subnetted, 11 subnets, 5 masks
C 3.3.3.3/32 is directly connected, Loopback0
C 3.3.3.16/28 is directly connected, Loopback1
C 3.3.3.32/29 is directly connected, Loopback2
C 3.3.3.96/27 is directly connected, Loopback3
C 3.3.3.148/30 is directly connected, Loopback4
C 3.3.3.192/28 is directly connected, Loopback5
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/30720] via 23.23.23.2, 00:35:25, FastEthernet0/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 32

 R2
R2#sh ip route
D* 0.0.0.0/0 [90/30720] via 23.23.23.3, 00:18:56, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet1/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, FastEthernet0/0

R2
R2#show ip route 3.3.3.3
% Network not in table
R2#show ip route 3.3.3.17
% Network not in table
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/32 ms
R2#ping 3.3.3.17
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.17, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/17/24 ms

Sebelum lanjut ke lab berikutnya hapus konfigurasi summary addressnya

terlebih dahulu.

R3
R3(config)#int fastEthernet 0/0
R3(config-if)#no ip summary-address eigrp 10 0.0.0.0 0.0.0.0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 33

 Lab 11. EIGRP – Redistribution – RIP

Buat ip yang akan diadvertise ke RIP yang kemudian di redistribute ke EIGRP

R1
R1(config)#int loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config)#int loopback 1
R1(config-if)#ip add 100.100.100.100 255.255.255.255

Advertise ke RIP
R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 100.100.100.100
R1(config-router)#network 1.1.1.1
R1(config-router)#no auto-summary
R1(config-router)#exit

Redistribute ke dalam EIGRP

R1
R1(config)#router eigrp 10
R1(config-router)#redistribute rip

Cek di R3
R3
R3#show ip route eigrp
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/28416] via 23.23.23.2, 00:31:40, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 34

Setelah kita coba, network 100.100.100.100 dan 1.1.1.1 tidak kelihatan.
Kenapa ? karena metricnya belum diset.

R1
router eigrp 10
redistribute rip metric ?
<1-4294967295> Bandwidth metric in Kbits per second

redistribute rip metric 1000000 ?

<0-4294967295> EIGRP delay metric, in 10 microsecond units

redistribute rip metric 1000000 10 ?

<0-255> EIGRP reliability metric where 255 is 100% reliable

redistribute rip metric 1000000 10 255 ?

<1-255> EIGRP Effective bandwidth metric (Loading) where 255 is 100%
loaded

redistribute rip metric 1000000 10 255 1 ?

<1-65535> EIGRP MTU of the path

redistribute rip metric 1000000 10 255 1 1500

Abaikan nilai diatas, gunakan nilai berikut.

R1
R1(config)#router eigrp 10
R1(config-router)#redistribute rip metric 1 1 1 1 1

Secara metric berbeda namun secara fungsi dan jalannya routing tidak akan ada
bedanya karena sifatnya eksternal route. Yang penting metricnya harus diisi,
berapapun nilainya tidak ada pengaruhnya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 35

Cek di R3

R3
R3#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/2560005376] via 23.23.23.2, 00:06:47, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/156160] via 23.23.23.2, 01:22:00, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/30720] via 23.23.23.2, 01:22:00, FastEthernet0/0
100.0.0.0/32 is subnetted, 1 subnets
D EX 100.100.100.100
[170/2560005376] via 23.23.23.2, 00:06:47, FastEthernet0/0

R3
R3#ping 100.100.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/41/64 ms
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/32/76 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 36

 Lab 12. EIGRP – Redistribution – OSPF

Hapus routing RIP sebelumnya dan diganti dengan routing OSPF

R1
R1#conf t
R1(config)#no router rip
R1(config)#router ospf 10
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 100.100.100.100 0.0.0.0 area 0
R1(config-router)#exit

Redistribute ke dalam EIGRP

R1
R1(config)#router eigrp 10
R1(config-router)#redistribute ospf 10 metric 1 1 1 1 1
Cek di R3
R3
R3#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/2560005376] via 23.23.23.2, 00:03:39, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/156160] via 23.23.23.2, 01:58:03, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/30720] via 23.23.23.2, 01:58:03, FastEthernet0/0
100.0.0.0/32 is subnetted, 1 subnets
D EX 100.100.100.100
[170/2560005376] via 23.23.23.2, 00:03:39, FastEthernet0/0

R3
R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/56 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 37

 Lab 13. EIGRP – Mindah Jalur – Delay

Dalam situasi normal, trafik R1 ke Lo R3 langsung menuju router R3 melalui

interface G1/0 karena bandwidth Gigabitethernet lebih besar. Agar trafik
melewati router R2 dulu maka parameter metric delay bisa rubah. Kita cek
tabel routing R1:

R1
R1#sh ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via "eigrp 10", distance 90, metric 130816, type internal
Redistributing via eigrp 10
Last update from 13.13.13.3 on GigabitEthernet1/0, 00:00:15 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:00:15 ago, via GigabitEthernet1/0
Route metric is 130816, traffic share count is 1
Total delay is 5010 microseconds, minimum bandwidth is 1000000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1

Kita cek jalur menuju ip loopback 3.3.3.3 dari R1.

R1
R1#traceroute 3.3.3.3
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 13.13.13.3 16 msec 12 msec 8 msec
Kita bisa melakukan pengecekan pada EIGRP topologinya untuk memastikan
ada berapa jalur menuju ke 3.3.3.3

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 38

 R1
R1#sh ip eigrp topology 3.3.3.3 255.255.255.255
IP-EIGRP (AS 10): Topology entry for 3.3.3.3/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 130816
Routing Descriptor Blocks:
13.13.13.3 (GigabitEthernet1/0), from 13.13.13.3, Send flag is 0x0
Composite metric is (130816/128256), Route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 5010 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
12.12.12.2 (FastEthernet0/0), from 12.12.12.2, Send flag is 0x0
Composite metric is (156416/130816), Route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 5110 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2

Terlihat diatas bahwasanya bandwidth G1/0 (1000000) lebih cepat dibanding

pada Fastethernet (100000) sedangkan nilai delay Gigabitethenet (5010) juga
lebih kecil dibanding delay Fastethernet (5110). Untuk merubah jalurnya, kita
memanipulasi nilai metricnya dengan merubah delay.
R1
R1(config)#interface g1/0
R1(config-if)#delay 1000000

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 39

Selanjutnya cek kembali EIGRP Topologinya
R1
R1#sh ip eigrp topology 3.3.3.3 255.255.255.255
IP-EIGRP (AS 10): Topology entry for 3.3.3.3/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 156416
Routing Descriptor Blocks:
12.12.12.2 (FastEthernet0/0), from 12.12.12.2, Send flag is 0x0
Composite metric is (156416/130816), Route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 5110 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
13.13.13.3 (GigabitEthernet1/0), from 13.13.13.3, Send flag is 0x0
Composite metric is (256130560/128256), Route is Internal
Vector metric:
Minimum bandwidth is 1000000 Kbit
Total delay is 10005000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1

Terlihat diatas bahwasanya delaynya menjadi semakin besar. Sekarang kita cek
apakah routenya sudah berpindah melalui Fastethernet atau tidak.
R1
R1#sh ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via "eigrp 10", distance 90, metric 156416, type internal
Redistributing via eigrp 10
Last update from 12.12.12.2 on FastEthernet0/0, 00:14:03 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 12.12.12.2, 00:14:03 ago, via FastEthernet0/0
Route metric is 156416, traffic share count is 1
Total delay is 5110 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 40

 R1
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/44 ms

R1
R1#traceroute 3.3.3.3
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 12.12.12.2 8 msec 36 msec 20 msec
2 23.23.23.3 32 msec 32 msec 28 msec

Sekarang, sudah pindah jalurnya lewat R2 dulu baru ke R3

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 41

 Lab 14. EIGRP – Mindah Jalur – Bandwidth

Selain nilai delay, bisa juga merubah nilai bandwidthnya, misalkan bandwidth
int G1/0nya diset 10Mbps saja, sehingga lebih rendah dibanding Fastethernet
(100Mbps).

R1
R1(config)#interface gigabitEthernet 1/0
R1(config-if)#no delay 1000000

R1
R1(config)#interface gigabitEthernet 1/0
R1(config-if)#bandwidth 10

R1
R1#sh ip eigrp topology 3.3.3.3 255.255.255.255
IP-EIGRP (AS 10): Topology entry for 3.3.3.3/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 156416
Routing Descriptor Blocks:
12.12.12.2 (FastEthernet0/0), from 12.12.12.2, Send flag is 0x0
Composite metric is (156416/130816), Route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 5110 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
13.13.13.3 (GigabitEthernet1/0), from 13.13.13.3, Send flag is 0x0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 42

 Composite metric is (256128256/128256), Route is Internal
Vector metric:
Minimum bandwidth is 10 Kbit
Total delay is 5010 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1

R1
R1# sh ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/156160] via 12.12.12.2, 00:09:17, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156416] via 12.12.12.2, 00:09:17, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/28416] via 12.12.12.2, 00:09:17, FastEthernet0/0

R1
R1#traceroute 3.3.3.3
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 12.12.12.2 24 msec 16 msec 24 msec
2 23.23.23.3 32 msec 36 msec 28 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 43

 Lab 15. EIGRP – Equal Load Balancing
Secara default EIGRP akan menerapkan load balancing pada link yang
equal. Pada topologi dibawah dari R1 menuju R3 dapat
menggunakan 2 jalur dan semuanya FastEthernet.

Buatlah topologi diatas dan lakukan konfigurasi berikut ini :

R1
R1(config)#int f0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int f0/1
R1(config-if)#ip add 13.13.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#ex
R1(config)#router eigrp 1
R1(config-router)#net 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#int f0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int f0/1
R2(config-if)#ip add 24.24.24.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int lo0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 44

R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config)#router eigrp 1
R2(config-router)#network 0.0.0.0
R2(config-router)#no auto-summary

R3
R3(config)#int f0/0
R3(config-if)#ip add 13.13.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#int f0/1
R3(config-if)#ip add 34.34.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#int lo0
R3(config-if)#ip add
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config)#router eigrp 1
R3(config-router)#network 0.0.0.0
R3(config-router)#no auto-summary

R4
R4(config)#int f0/0
R4(config-if)#ip add 24.24.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#int f0/1
R4(config-if)#ip add 34.34.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.255
R4(config)#router eigrp 1
R4(config-router)#network 0.0.0.0
R4(config-router)#no auto-summary

Selanjutnya cek routing tabelnya

R1
R1#sh ip route eigrp
34.0.0.0/24 is subnetted, 1 subnets
D 34.34.34.0 [90/30720] via 13.13.13.3, 00:00:13, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/156160] via 12.12.12.2, 00:32:08, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 45

 D 3.3.3.3 [90/156160] via 13.13.13.3, 00:02:03, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/158720] via 13.13.13.3, 00:00:13, FastEthernet0/1
[90/158720] via 12.12.12.2, 00:00:13, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
D 24.24.24.0 [90/30720] via 12.12.12.2, 00:00:21, FastEthernet0/0

Seperti yang terlihat diatas, 2 jalur digunakan secara bersamaan untuk menuju
ke loopback0 R4 (Equal Cost Load Balancing) yakni via R2 (12.12.12.2) dan R3
(13.13.13.3)
R1
R1#sh ip route 4.4.4.4 255.255.255.255
Routing entry for 4.4.4.4/32
Known via "eigrp 1", distance 90, metric 158720, type internal
Redistributing via eigrp 1
Last update from 12.12.12.2 on FastEthernet0/0, 00:05:50 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:05:50 ago, via FastEthernet0/1
Route metric is 158720, traffic share count is 1
Total delay is 5200 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
12.12.12.2, from 12.12.12.2, 00:05:50 ago, via FastEthernet0/0
Route metric is 158720, traffic share count is 1
Total delay is 5200 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 46

 Lab 16. EIGRP – Unequal Load Balancing

Pada link yang unequal, maka load balancing tidak aktif dan hanya
akan menggunakan satu link. Masih memakai topologi sebelumnya.
Sebelumnya ubah bandwidth interface fa0/0 menjadi 1000Kbit agar
tidak equal dengan fa0/1.

R1
R1(config)#int f0/0
R1(config-if)#bandwidth 1000
R1(config-if)#exit

Cek pada routing tabelnya dan didapati hanya satu jalur yang dilewati yakni
melalui R3.
R1
R1#sh ip route eigrp
34.0.0.0/24 is subnetted, 1 subnets
D 34.34.34.0 [90/30720] via 13.13.13.3, 00:01:42, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/161280] via 13.13.13.3, 00:01:42, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156160] via 13.13.13.3, 00:13:30, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/158720] via 13.13.13.3, 00:01:42, FastEthernet0/1
24.0.0.0/24 is subnetted, 1 subnets
D 24.24.24.0 [90/33280] via 13.13.13.3, 00:01:42, FastEthernet0/1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 47

Berikutnya kita cek dulu di eigrp topologinya yang masih menyimpan tentang
jalur lain yang kita rubah bandwidthnya menjadi lebih kecil.

R1
R1#sh ip eigrp topology 4.4.4.4/32
IP-EIGRP (AS 1): Topology entry for 4.4.4.4/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 158720
Routing Descriptor Blocks:
13.13.13.3 (FastEthernet0/1), from 13.13.13.3, Send flag is 0x0
Composite metric is (158720/156160), Route is Internal
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 5200 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
12.12.12.2 (FastEthernet0/0), from 12.12.12.2, Send flag is 0x0
Composite metric is (2693120/156160), Route is Internal
Vector metric:
Minimum bandwidth is 1000 Kbit
Total delay is 5200 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Perhatikan nilai metric nya, untuk mencari nilai varience yang akan kita
masukkan, maka 2693120 dibagi 158720 = 16,9 maka nilai varience yang diset
adalah 17 (pembulatan harus keatas untuk nilai berapapun)

R1
R1(config)#router eigrp 1
R1(config-router)#variance 17

Hasil akhir
R1
R1#sh ip route eigrp
34.0.0.0/24 is subnetted, 1 subnets
D 34.34.34.0 [90/30720] via 13.13.13.3, 00:00:55, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 48

 D 2.2.2.2 [90/161280] via 13.13.13.3, 00:00:55, FastEthernet0/1
[90/2690560] via 12.12.12.2, 00:00:55, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/156160] via 13.13.13.3, 00:00:55, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
D 4.4.4.4 [90/158720] via 13.13.13.3, 00:00:55, FastEthernet0/1
[90/2693120] via 12.12.12.2, 00:00:55, FastEthernet0/0
24.0.0.0/24 is subnetted, 1 subnets
D 24.24.24.0 [90/33280] via 13.13.13.3, 00:00:55, FastEthernet0/1

R1
R1#sh ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "eigrp 1", distance 90, metric 158720, type internal
Redistributing via eigrp 1
Last update from 12.12.12.2 on FastEthernet0/0, 00:02:10 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:02:10 ago, via FastEthernet0/1
Route metric is 158720, traffic share count is 120
Total delay is 5200 microseconds, minimum bandwidth is 100000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
12.12.12.2, from 12.12.12.2, 00:02:10 ago, via FastEthernet0/0
Route metric is 2693120, traffic share count is 7
Total delay is 5200 microseconds, minimum bandwidth is 1000 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2

Seperti yang terlihat sekarang 2 jalur digunakan secara bersamaan, namun

dengan pembagian setiap 7 paket dkirimkan melalui link utama, maka
berikutnya 1 paket dkirimkan ke link kedua.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 49

 Lab 17. EIGRP Stub (Connected + Summary)

Router stub hanya akan mengadvertise directly connected dan summary

route.
a. Connected : router stub hanya mengadvertise network yang connected saja.
b. Summary : router stub hanya mengadvertise network yang di summary saja.
Lakukan konfigurasi berikut.
R1
R1(config)#int loopback0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config)#int gigabitEthernet 1/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#router eigrp 1
R1(config-router)#network 12.12.12.1 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#int loopback0
R2(config-if)#ip add 2.2.0.2 255.255.255.0
R2(config)#int loopback1
R2(config-if)#ip add 2.2.1.2 255.255.255.0
R2(config)#int loopback2
R2(config-if)#ip add 2.2.2.2 255.255.255.0
R2(config)#int loopback3
R2(config-if)#ip add 2.2.3.2 255.255.255.0
R2(config)#int gigabitEthernet 1/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int fastEthernet 0/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#ip summary-address eigrp 1 2.2.0.0 255.255.252.0 5
R2(config)#router eigrp 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 50

 R2(config-router)#redistribute static
R2(config-router)#redistribute rip metric 1 1 1 1 1
R2(config-router)#network 12.12.12.2 0.0.0.0
R2(config-router)#network 23.23.23.2 0.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#eigrp stub
R2(config)#ip route 1.1.1.1 255.255.255.255 12.12.12.1
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 2.2.0.0
R2(config-router)#network 2.2.1.0
R2(config-router)#network 2.2.2.0
R2(config-router)#network 2.2.3.0

R3
R3(config)#int fastEthernet 0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#router eigrp 1
R3(config-router)#network 23.23.23.3 0.0.0.0
R3(config-router)#no auto-summary

R3
R3#sh ip route
2.0.0.0/22 is subnetted, 1 subnets
D 2.2.0.0 [90/2560002816] via 23.23.23.2, 00:01:19, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/28416] via 23.23.23.2, 00:01:19, FastEthernet0/0

Pada routing table, hanya ada Connected dan Summary aja

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 51

R2
R2#sh run | section eigrp
ip summary-address eigrp 1 2.2.0.0 255.255.252.0 5
router eigrp 1
redistribute static
redistribute rip metric 1 1 1 1 1
network 12.12.12.2 0.0.0.0
network 23.23.23.2 0.0.0.0
no auto-summary
eigrp stub connected summary

Defaultnya connected dan summary kalau kita tidak mendefine manual option
stubnya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 52

 Lab 18. EIGRP Stub Connected

Router stub hanya akan mengadvertise directly connected route.

Lanjutkan lab sebelumnya. Hapus dulu perintah eigrp stub
sebelumnya.

R2
R2(config)#router eigrp 1
R2(config-router)#no eigrp stub
R2(config-router)#eigrp stub connected
R2(config-router)#exit

R3
R3#sh ip route
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/28416] via 23.23.23.2, 00:01:19, FastEthernet0/0

Pada routing tabel, hanya ada network yang Connected aja.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 53

 Lab 19. EIGRP Stub Summary

Router stub hanya akan mengadvertise summary route.

R2
R2(config)#router eigrp 1
R2(config-router)#no eigrp stub connected
R2(config-router)#eigrp stub summary

R3
R3#sh ip route
2.0.0.0/22 is subnetted, 1 subnets
D 2.2.0.0 [90/2560002816] via 23.23.23.2, 00:00:58, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0

Pada routing table, hanya ada network hasil summary aja.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 54

Lab 20. EIGRP Stub Static

Router stub akan mengadvertise static route

R2
R2(config)#router eigrp 1
R2(config-router)#no eigrp stub summary
R2(config-router)#eigrp stub static

R3
R3#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/28416] via 23.23.23.2, 00:01:01, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0

Pada routing table, hanya ada network hasil redistribute static aja.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 55

 Lab 21. EIGRP Stub Redistributed

Router stub akan mengadvertise redistributed route.

R2
R2(config)#router eigrp 1
R2(config-router)#no eigrp stub static
R2(config-router)#eigrp stub redistributed

R3
R3#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/28416] via 23.23.23.2, 00:00:49, FastEthernet0/0
2.0.0.0/24 is subnetted, 4 subnets
D EX 2.2.0.0 [170/2560002816] via 23.23.23.2, 00:00:49, FastEthernet0/0
D EX 2.2.1.0 [170/2560002816] via 23.23.23.2, 00:00:49, FastEthernet0/0
D EX 2.2.2.0 [170/2560002816] via 23.23.23.2, 00:00:49, FastEthernet0/0
D EX 2.2.3.0 [170/2560002816] via 23.23.23.2, 00:00:49, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0

Pada routing table, hanya ada network hasil redistribute aja.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 56

 Lab 22. EIGRP Stub Receive-Only

Receive-only yaitu router yang menjadi stub tidak akan mengadvertise network
apapun hanya menerima saja. Lanjutan lab sebelumnya. Hapus dulu
perintah eigrp stub sebelumnya.

R2
R2(config)#router eigrp 1
R2(config-router)#no eigrp stub redistributed
R2(config-router)#eigrp stub receive-only

R3
R3#sh ip route
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0

R2
R2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
S 1.1.1.1 [1/0] via 12.12.12.1
2.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 2.2.0.0/24 is directly connected, Loopback0
D 2.2.0.0/22 is a summary, 00:24:01, Null0
C 2.2.1.0/24 is directly connected, Loopback1
C 2.2.2.0/24 is directly connected, Loopback2
C 2.2.3.0/24 is directly connected, Loopback3
23.0.0.0/24 is subnetted, 1 subnets
C 23.23.23.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 57

R1
R1#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 58

 Lab 23. EIGRP Named Config

Pada router dengan IOS Version diatas 15.x ada fitur baru yaitu named config
eigrp. Atau bahasa simple nya mengkonfigurasi eigrp dengan metode nama.
Berikut konfigurasinya
R1
R1(config)#int e0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#exit
!
R1(config)#router eigrp R1
R1(config-router)#address-family ipv4 unicast autonomous-system 123
R1(config-router-af)#network 1.1.1.1 0.0.0.0
R1(config-router-af)#network 12.12.12.1 0.0.0.0

R2
R2(config)#interface e0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#exit
R2(config)#interface e0/1
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
!
R2(config)#router eigrp R2
R2(config-router)#address-family ipv4 unicast autonomous-system 123

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 59

R2(config-router-af)#network 2.2.2.2 0.0.0.0
R2(config-router-af)#network 12.12.12.2 0.0.0.0
R2(config-router-af)#network 23.23.23.2 0.0.0.0

R3
R3(config)#int lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#exit
R3(config)#int e0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#router eigrp R3
R3(config-router)#address-family ipv4 unicast autonomous-system 123
R3(config-router-af)#network 3.3.3.3 0.0.0.0
R3(config-router-af)#network 23.23.23.3 0.0.0.0

Verifikasi routing table

R1
R1(config)#do sh ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/1024640] via 12.12.12.2, 00:07:51, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/1536640] via 12.12.12.2, 00:01:51, Ethernet0/0
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/1536000] via 12.12.12.2, 00:07:45, Ethernet0/0

R2
R2#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/1024640] via 12.12.12.1, 00:08:46, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/1024640] via 23.23.23.3, 00:02:46, Ethernet0/1

R3
R3(config)#do sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/1536640] via 23.23.23.2, 00:04:09, Ethernet0/0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/1024640] via 23.23.23.2, 00:04:09, Ethernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 60

 12.0.0.0/24 is subnetted, 1 subnets
D 12.12.12.0 [90/1536000] via 23.23.23.2, 00:04:09, Ethernet0/0

Cek ping
R3
R3(config)#do ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3(config)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3(config)#do ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 61

Lab 24. EIGRP OTP (Over The Top)

Jika kita punya kebutuhan untuk menghubungkan router yang tidak

terhubung langsung dengan router kita dan terpisah oleh ISP, maka kita bisa
menggunakan fitur EIGRP Over The Top. Berikut Konfigurasinya.
R1
R1(config)#int loopback0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#int e0/0
R1(config-if)#ip add 14.14.14.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 14.14.14.4

R2
R2(config)#int loopback0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config)#int e0/0
R2(config-if)#ip add 24.24.24.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#ip route 0.0.0.0 0.0.0.0 24.24.24.4

R3
R3(config)#int loopback0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#ex
R3(config)#int e0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 62

 R3(config-if)#ip add 34.34.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#ex
R3(config)#ip route 0.0.0.0 0.0.0.0 34.34.34.4

R4
R4(config)#int e0/0
R4(config-if)#ip add 14.14.14.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#int e0/1
R4(config-if)#ip add 24.24.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#int e0/2
R4(config-if)#ip add 34.34.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit

Untuk EIGRP OTP ini hanya bisa dilakukan pada versi IOS 15.x keatas yang support
EIGRP Named Configuration. Untuk konfigurasi EIGRP OTP ada dua options :
• Setiap router konek satu sama lain (full-mesh)
• Satu router dijadikan pusat remote-neighbor (mirip seperti BGP Route-reflector)

Untuk lab ini kita akan menggunakan yang Opsi kedua yaitu menjadikan R1
menjadi routereflector. Coba ping dulu ke ip neighbor pastikan berhasil.
R1
R1#ping 24.24.24.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.24.24.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R1#ping 34.34.34.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 34.34.34.3, timeout is 2 seconds:
!!!!!

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 63

Mulai Konfigurasi EIGRP OTP nya :
R1
R1(config)#router eigrp IDN
R1(config-router)#address-family ipv4 unicast autonomous-system 123
R1(config-router-af)#remote-neighbors source Ethernet0/0 unicast-listen lisp-
encap 123
R1(config-router-af)#af-interface Ethernet0/0
R1(config-router-af-interface)#no next-hop-self
R1(config-router-af-interface)#no split-horizon
R1(config-router-af)#network 1.1.1.1 0.0.0.0
R1(config-router-af)#network 14.14.14.0 0.0.0.255
R1(config-router-af)#exit-address-family

R2
R2(config)#router eigrp IDN
R2(config-router)#address-family ipv4 unicast autonomous-system 123
R2(config-router-af)#neighbor 14.14.14.1 Ethernet0/0 remote 2 lisp-encap
123
R2(config-router-af)#network 2.2.2.2 0.0.0.0
R2(config-router-af)#network 24.24.24.2 0.0.0.0
R2(config-router-af)#exit-address-family

R3
R3(config)#router eigrp IDN
R3(config-router)#address-family ipv4 unicast autonomous-system 123
R3(config-router-af)#neighbor 14.14.14.1 Ethernet0/0 remote 2 lisp-encap
123
R3(config-router-af)#network 3.3.3.3 0.0.0.0
R3(config-router-af)#network 34.34.34.3 0.0.0.0
R3(config-router-af)#exit-address-family

Pastikan interface LISP 123 sudah “up” di R2 dan R3

R2
R2#sh ip interface brief | i up
Ethernet0/0 24.24.24.2 YES manual up up
LISP123 2.2.2.2 YES unset up up
Loopback0 2.2.2.2 YES manual up up

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 64

 R3
R3#sh ip int brief | i up
Ethernet0/0 34.34.34.3 YES manual up up
LISP123 3.3.3.3 YES unset up up
Loopback0 3.3.3.3 YES manual up up

Cek juga apakah EIGRP Neighbornya sudah “up”

R1
R1#sh ip eigrp neighbors
EIGRP-IPv4 VR(IDN) Address-Family Neighbors for AS(123)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 34.34.34.3 Et0/0 14 00:05:42 9 100 0 3
0 24.24.24.2 Et0/0 14 00:08:35 6 100 0 4

Cek routing table nya dan lakukan ping

R2
R2#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/94501211] via 14.14.14.1, 00:11:00, LISP123
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/94501211] via 34.34.34.3, 00:08:07, LISP123
R3
R3#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/94501211] via 14.14.14.1, 00:08:17, LISP123
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/94501211] via 24.24.24.2, 00:08:17, LISP123

R2
R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 65

R3
R3#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
Akhirnya berhasil..

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 66

 OSPF
(Open Shortest Path First)

"Janganlah pernah menyerah ketika Anda masih mampu

berusaha lagi. Tidak ada kata berakhir sampai Anda
berhenti mencoba
(Brian Dyson)."

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 67

Teori Dasar
OSPF adalah salah satu routing link state yang artinya setiap router yang
menjalankan routing protocol OSPF akan memiliki informasi yang lengkap
tentang topologi jaringan yang ada.
OSPF sering digunakan pada jaringan skala besar karena keunggulan OSPF
yang memungkinkan untuk mencapai converge yang besar.
Berikut ini ciri-ciri routing protocol OSPF :
• Open Standard.
• Link-State routing protocol.
• Using SPF/Dijkstra Algorithm.
• Multicast for exchange information use port 89.
• Administrative distance 110.
• Classless routing protocol support VLSM/CIDR.
• Support IPv6.
• Metric using cost.
• Fast convergence.
• Equal load balancing only.
• Using areas (backbone area and non-backbone areas).
• Link-state mengetahui peta keseluruhan (topology) dalam jaringan
untuk menentukan shortest path.

Link = interface dari router

State = ke router neighbor mana interface tadi terhubung.
Link state router bekerja dengan mengirim link-state advertisement
(LSA) ke router link-state lain dan disimpan di link-state database
(LSDB). LSA seperti puzzle yang membentuk LSDB. LSDB adalah

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 68

gambaran keseluruhan jaringan yang kita sebut topology. Ketika LSDB
sudah lengkap, maka OSPF akan menghitung shortest path.
OSPF bekerja dengan konsep area. Area yang harus ada pada OSPF
adalah area 0 atau backbone area. Area-area lain (non-backbone
area) yang ingin terhubung, harus melalui backbone area.

Pembagian area ini bertujuan untuk memanajemen traffic dan

mengurangi resources yang dipakai oleh router. Ada beberapa
jenis router dalam OSPF.
• Backbone router = router dalam backbone area. Area Border
Router (ABR) = router dalam 2 area.
• Autonomous System Border Router (ASBR) = router yang
terhubung ke network lain yang menjalankan routing yang
berbeda.
OSPF menggunakan metric yang disebut cost. Cost dihitung
88berdasarkan bandwidth suatu interface.
Cost = reference bandwidth / interface bandwidth
Default reference bandwidth =100Mbit, tapi ini bisa diubah karena
saat ini sudah ada interface yang sampai giga.
Setiap LSA mempunyai aging timer yaitu batas waktu berlaku.
Defaultnya LSA valid selama 30 menit. Setelah itu akan expire dan
dikirim lagi LSA baru dengan sequence number yang lebih tinggi.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 69

 OSPF
OSPF Virtual Link
OSPF Gre Tunnel
OSPF Standard Area
OSPF Stub Area
OSPF Totally Stub Area
OSPF NSSA Area
OSPF External Route Type 1
OSPF Filtering Distribute List
OSPF Sumarization – Internal Route
OSPF Summarization – External Route
OSPF Redistribution - Default route
OSPF Redistribution – Static
OSPF Redistribution – Connected
OSPF Redistribution – RIP
OSPF Redistribution – EIGRP
OSPF Mindah Jalur
OSPF Authentication
VRF Lite

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 70

Lab 1. OSPF Virtual Link

Nah Gaesss Pada lab kali ini topologi area nya adalah : Area 0 – Area 1 – Area
2 – Area 3. Dimana Area 2 dan Area 3 tidak tersambung langsung ke Area 0,
padahal syarat utamanya adalah semua area selain area 0 harus tersambung
ke Area 0. Untuk itu ada beberapa solusi yang kesemuanya adalah hanya
bersifat sementara, tidak boleh dijadikan permanen, yaitu :
1. Virtual link
2. GRE Tunnel
Dan kita akan mulai dari Virtual Link, dalam hal ini akan ada pembuatan 2
virtual link, yakni dari Area 2 ke Area 0, kemudian dari Area 3 ke Area 0
R1
R1#config terminal
!
R1(config)#interface lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
!
R1(config-if)#int f0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
!
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 12.12.12.1 0.0.0.0 area 1
R1(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 71

R2
R2#config terminal
!
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#no shutdown
R2(config-if)#exit
!
R2(config)#int fa0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
!
R2(config)#int g1/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
!
R2(config)#router ospf 2
R2(config-router)#router-id 2.2.2.2
R2(config-router)#net 2.2.2.2 0.0.0.0 area 1
R2(config-router)#net 12.12.12.2 0.0.0.0 area 1
R2(config-router)#net 23.23.23.2 0.0.0.0 area 2
R2(config-router)#exit

R3
R3#config terminal
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#exit
!
R3(config)#int g1/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
!

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 72

R3(config)#router ospf 3
R3(config-router)#router-id 3.3.3.3
R3(config-router)#net 3.3.3.3 0.0.0.0 area 3
R3(config-router)#net 23.23.23.3 0.0.0.0 area 2

Cek routing table pada R1,R2,R3

R1
R1(config)#do sh ip ro
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.12.12.2, 00:05:57, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
R1(config)#

R2
R2(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/2] via 12.12.12.1, 00:06:08, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.2/32 is directly connected, FastEthernet0/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.2/32 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 73

 R3
R3(config)#do sh ip route
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.3/32 is directly connected, GigabitEthernet1/0

Jadi apabila ingin menggunakan area lain selain area 0, maka tersebut harus
terhubung dengan area 0, apabila nih dimana kondisi area tersebut memang
tidak memungkinkan untuk terhubung langsung dengan area 0 maka harus
menggunakan yang nama nya metode (vitual link) jadi sebelum di konfigurasi
virtual link maka table routing tidak lengkap, R1 tidak mendapat routing
information pada R3.

Pada topologi di atas hanya R1 yang tersambung dengan area0, sedangkan R2

dan R3 tidak, makan berikut kita harus mengkonfigurasi kan virtual link agar
setiap area Backbone mendapat informasi dari area yang tidak terhubung
langsung, berikut konfigurasi nya :
Konfigurasi virtual link :
‘area area-id virtual link router-id’
Jadi Router-Id ini bisa merupakan IP yang valid pada sebuah router atau angka
decimal lain dengan format ipv4 , Untuk R2 dimana terdapat area 2
didalamnya yang tidak terhubung langsung dengan area 0, maka virtual link
dibuat melalui area 1 sebagai jembatannya.

R1
R1(config)#router ospf 1
R1(config-router)#area 1 virtual-link 2.2.2.2
R1(config-router)#exit

R2
R2(config)#router ospf 2
R2(config-router)#area 1 virtual-link 1.1.1.1
R2(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 74

Jika Virtual-Link sudah Established maka akan muncul notifikasi seperti ini :

R1(config)#
*Jul 8 01:21:39.007: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on OSPF_VL0
from LOADING to FULL, Loading Done
R1(config)#
R2(config)#
*Jul 8 01:21:38.751: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on OSPF_VL0
from LOADING to FULL, Loading Done
R2(config)#

Selanjutnya kita cek lagi tabel routing nya :

R1
R1(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.12.12.2, 01:20:21, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:05:22, FastEthernet0/0

Kita lihat network area 2 yakni 23.23.23.0 sudah masuk ke dalam routing
tabel, namun network area 3 tampaknya belum muncul.

Berikutnya kita konfigurasikan virtual link pada R3 dimana terdapat area 3

didalamnya. Untuk terhubung ke area 0, maka area 2 digunakan sebagai
jembatannya.

R2
R2(config)#router ospf 2
R2(config-router)#area 2 virtual-link 3.3.3.3
R2(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 75

 R3
R3(config)#router ospf 3
R3(config-router)#area 2 virtual-link 2.2.2.2
R3(config-router)#exit
R3(config)#
Kemudian cek kembali routing table nya :

R1
R1(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.12.12.2, 01:27:47, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:00:16, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:12:48, FastEthernet0/0

Kita bisa melihat pada R1 sudah mengenali semua network pada Area1, Area 2
dan Area 3.
R2
R2(config)#do sh ip ro
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 12.12.12.1, 00:15:58, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2] via 23.23.23.3, 00:03:37, GigabitEthernet1/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.2/32 is directly connected, FastEthernet0/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.2/32 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 76

 R3
R3(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 23.23.23.2, 00:04:41, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 23.23.23.2, 00:04:41, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:04:41, GigabitEthernet1/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.3/32 is directly connected, GigabitEthernet1/0

Cek apakah Virtual-Link sudah UP :

R3
R3(config)#do sh ip ospf virtual-link
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 2, via interface GigabitEthernet1/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 77

R2
R2(config)#do sh ip ospf virtual-link
Virtual Link OSPF_VL1 to router 3.3.3.3 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 2, via interface GigabitEthernet1/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/4, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
Virtual Link OSPF_VL0 to router 1.1.1.1 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface FastEthernet0/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:09
Adjacency State FULL (Hello suppressed)
Index 1/3, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 78

 R1
R1(config)#do sh ip ospf virtual-link
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface FastEthernet0/0
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
Index 1/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

Cek Database OSPF pada semua router

R1
R1(config)#do sh ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 1319 0x80000005 0x009C45 2
2.2.2.2 2.2.2.2 1 (DNA) 0x80000003 0x00C4C9 2
3.3.3.3 3.3.3.3 2 (DNA) 0x80000002 0x00D3F2 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
2.2.2.2 1.1.1.1 1971 0x80000003 0x001F0E
2.2.2.2 2.2.2.2 6 (DNA) 0x80000001 0x00FA31
3.3.3.3 3.3.3.3 7 (DNA) 0x80000001 0x00AE75
12.12.12.0 1.1.1.1 685 0x80000004 0x00BD53
12.12.12.0 2.2.2.2 6 (DNA) 0x80000001 0x00A56A
23.23.23.0 2.2.2.2 6 (DNA) 0x80000001 0x0018D6
23.23.23.0 3.3.3.3 7 (DNA) 0x80000001 0x00F9F0
Router Link States (Area 1)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 79

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1318 0x80000005 0x009146 1
2.2.2.2 2.2.2.2 1319 0x80000007 0x009C17 2

Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

12.12.12.1 1.1.1.1 1971 0x80000003 0x0048BA

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 685 0x80000004 0x0041EF
3.3.3.3 2.2.2.2 574 0x80000001 0x00D650
23.23.23.0 2.2.2.2 1326 0x80000001 0x0018D6

R2
R2(config)#do sh ip ospf database

OSPF Router with ID (2.2.2.2) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 1 (DNA) 0x80000005 0x009C45 2
2.2.2.2 2.2.2.2 616 0x80000003 0x00C4C9 2
3.3.3.3 3.3.3.3 1 (DNA) 0x80000002 0x00D3F2 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

2.2.2.2 1.1.1.1 652 (DNA) 0x80000003 0x001F0E
2.2.2.2 2.2.2.2 1363 0x80000001 0x00FA31
3.3.3.3 3.3.3.3 6 (DNA) 0x80000001 0x00AE75
12.12.12.0 1.1.1.1 1375 (DNA) 0x80000003 0x00BF52
12.12.12.0 2.2.2.2 1363 0x80000001 0x00A56A
23.23.23.0 2.2.2.2 1363 0x80000001 0x0018D6
23.23.23.0 3.3.3.3 6 (DNA) 0x80000001 0x00F9F0
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 80

1.1.1.1 1.1.1.1 1358 0x80000005 0x009146 1
2.2.2.2 2.2.2.2 1357 0x80000007 0x009C17 2

Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
12.12.12.1 1.1.1.1 2010 0x80000003 0x0048BA

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 724 0x80000004 0x0041EF
3.3.3.3 2.2.2.2 611 0x80000001 0x00D650
23.23.23.0 2.2.2.2 1363 0x80000001 0x0018D6

Router Link States (Area 2)

Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 616 0x80000006 0x00F198 1
3.3.3.3 3.3.3.3 616 0x80000006 0x00B3CD 1

Net Link States (Area 2)

Link ID ADV Router Age Seq# Checksum
23.23.23.2 2.2.2.2 1642 0x80000003 0x00E6ED

Summary Net Link States (Area 2)

Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 1353 0x80000001 0x0033FB
2.2.2.2 2.2.2.2 1363 0x80000001 0x00FA31
3.3.3.3 3.3.3.3 623 0x80000001 0x00AE75
12.12.12.0 2.2.2.2 1363 0x80000001 0x00A56A
R3
R3(config)#do sh ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 2 (DNA) 0x80000005 0x009C45 2
2.2.2.2 2.2.2.2 1 (DNA) 0x80000003 0x00C4C9 2
3.3.3.3 3.3.3.3 624 0x80000002 0x00D3F2 1

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 81

2.2.2.2 1.1.1.1 653 (DNA) 0x80000003 0x001F0E
2.2.2.2 2.2.2.2 747 (DNA) 0x80000001 0x00FA31
3.3.3.3 3.3.3.3 630 0x80000001 0x00AE75
12.12.12.0 1.1.1.1 1376 (DNA) 0x80000003 0x00BF52
12.12.12.0 2.2.2.2 747 (DNA) 0x80000001 0x00A56A
23.23.23.0 2.2.2.2 747 (DNA) 0x80000001 0x0018D6
23.23.23.0 3.3.3.3 630 0x80000001 0x00F9F0

Router Link States (Area 2)

Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 625 0x80000006 0x00F198 1
3.3.3.3 3.3.3.3 624 0x80000006 0x00B3CD 1

Net Link States (Area 2)

Link ID ADV Router Age Seq# Checksum
23.23.23.2 2.2.2.2 1652 0x80000003 0x00E6ED

Summary Net Link States (Area 2)

Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 1362 0x80000001 0x0033FB
2.2.2.2 2.2.2.2 1372 0x80000001 0x00FA31
3.3.3.3 3.3.3.3 630 0x80000001 0x00AE75
12.12.12.0 2.2.2.2 1372 0x80000001 0x00A56A

Router Link States (Area 3)

Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 630 0x80000004 0x007990 1
Summary Net Link States (Area 3)

Link ID ADV Router Age Seq# Checksum

1.1.1.1 3.3.3.3 620 0x80000001 0x001F0B
2.2.2.2 3.3.3.3 620 0x80000001 0x00E640
12.12.12.0 3.3.3.3 620 0x80000001 0x009179
23.23.23.0 3.3.3.3 630 0x80000001 0x00F9F0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 82

Cek ping ke semua router :
R3
R1(config)#do ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R1(config)#do ping 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/24 ms

R1(config)#do ping 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/34/48 ms
R1(config)#

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 83

 Lab 2. OSPF GRE Tunnel

Jika sebelumnya menggunakan virtual-link, untuk saat ini tersedia

alternatifnya bisa juga menggunakan metode GRE_Tunnel agar dimana area-
area yang tidak terhubung langsung dengan BACKBONE atau area 0 maka
dengan cara ini bisa saling terhubung kembali, Hapus dulu untuk konfigurasi
nya dan kita melanjutkan lab sebelum nya :

R1
R1(config)#router ospf 1
R1(config-router)#no area 1 virtual-link 2.2.2.2
R1(config-router)#exit

R2
R2(config)#router ospf 2
R2(config-router)#no area 1 virtual-link 1.1.1.1
R2(config-router)#no area 2 virtual-link 3.3.3.3
R2(config-router)#exit

R3
R3(config)#router ospf 3
R3(config-router)#no area 2 virtual-link 2.2.2.2
R3(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 84

Oke sudah kita hapus konfigurasi virtual-link nya, selanjutnya kita akan
konfigurasi GRE Tunnel nya :

R1
R1(config)#int tunnel 1
R1(config-if)#ip add 102.102.102.1 255.255.255.0
R1(config-if)#tunnel source 12.12.12.1
R1(config-if)#tunnel destination 12.12.12.2
R1(config-if)#exit
!
R1(config)#router ospf 1
R1(config-router)#net 102.102.102.1 0.0.0.0 area 0
R1(config-router)#exit

R2
R2(config)#int tunnel 1
R2(config-if)#ip add 102.102.102.2 255.255.255.0
R2(config-if)#tunnel source 12.12.12.2
R2(config-if)#tunnel destination 12.12.12.1
R2(config-if)#exit
R2(config)#router ospf 2
R2(config-router)#network 102.102.102.2 0.0.0.0 area 0
R2(config-router)#exit

R1
R1(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.12.12.2, 01:08:05, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/1001] via 102.102.102.2, 00:02:15, Tunnel1
102.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 102.102.102.0/24 is directly connected, Tunnel1
L 102.102.102.1/32 is directly connected, Tunnel1
Network Area 2 sudah masuk ke dalam routing table, namun Area 3 masih
belum nih temen-temen, kita harus membuat tunnel lagi pada R2 dan R3.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 85

 R2
R2(config)#int tunnel 2
R2(config-if)#tunnel source 23.23.23.2
R2(config-if)#tunnel destination 23.23.23.3
R2(config-if)#ip add 203.203.203.2 255.255.255.0
R2(config-if)#exit
!
R2(config)#router ospf 2
R2(config-router)#network 203.203.203.2 0.0.0.0 area 0
R2(config-router)#exit

R3
R3(config)#int tunnel 2
R3(config-if)#tunnel source 23.23.23.3
R3(config-if)#tunnel destination 23.23.23.2
R3(config-if)#ip add 203.203.203.3 255.255.255.0
R3(config-if)#exit
!
R3(config)#router ospf 3
R3(config-router)#network 203.203.203.3 0.0.0.0 area 0
R3(config-router)#exit

Cek kembali :

R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.12.12.2, 01:30:02, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/2001] via 102.102.102.2, 00:07:33, Tunnel1
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/1001] via 102.102.102.2, 00:24:12, Tunnel1
O 203.203.203.0/24 [110/2000] via 102.102.102.2, 00:17:43, Tunnel1

R2
R2(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 102.102.102.1, 00:23:33, Tunnel1
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/1001] via 203.203.203.3, 00:06:59, Tunnel2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 86

R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2001] via 203.203.203.2, 00:09:26, Tunnel2
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/1001] via 203.203.203.2, 00:09:26, Tunnel2
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/1001] via 203.203.203.2, 00:09:26, Tunnel2
102.0.0.0/24 is subnetted, 1 subnets
O 102.102.102.0 [110/2000] via 203.203.203.2, 00:09:26, Tunnel2

Test Ping :
R1
R1(config)#do ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1(config)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/24 ms
R1(config)#do ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/88 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 87

 Lab 3. OSPF Standar Area

Pada Lab kali ini kita akan membuat beberapa area berbeda serta route lain
selain ospf yakni EIGRP. Tujuannya untuk dapat mengetahui LSA tipe berapa
saja yang ada dan digunakan oleh OSPF.

R1
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
!
R1(config-if)#int lo1
R1(config-if)#ip add 100.100.100.1 255.255.255.255
!
R1(config-if)#int lo2
R1(config-if)#ip add 100.100.100.2 255.255.255.255
!
R1(config-if)#int lo3
R1(config-if)#ip add 100.100.100.3 255.255.255.255
!
R1(config-if)#int lo4

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 88

R1(config-if)#ip add 100.100.100.4 255.255.255.255
!
R1(config-if)#int lo5
R1(config-if)#ip add 100.100.100.5 255.255.255.255
!
R1(config-if)#int lo6
R1(config-if)#ip add 100.100.100.6 255.255.255.255
!
R1(config-if)#int lo7
R1(config-if)#ip add 100.100.100.7 255.255.255.255
!
R1(config)#int fa0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no sh
!
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 100.100.100.1 0.0.0.0 area 100
R1(config-router)#network 100.100.100.2 0.0.0.0 area 100
R1(config-router)#network 100.100.100.3 0.0.0.0 area 100
R1(config-router)#network 12.12.12.1 0.0.0.0 area 0
R1(config-router)#redistribute eigrp 10 subnets
R1(config-router)#exit
!
R1(config)#router eigrp 10
R1(config-router)#network 100.100.100.4 0.0.0.0
R1(config-router)#network 100.100.100.5 0.0.0.0
R1(config-router)#network 100.100.100.6 0.0.0.0
R1(config-router)#network 100.100.100.7 0.0.0.0
R1(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 89

R2
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
!
R2(config)#int fa0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no sh
!
R2(config)#int g1/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no sh
!
R2(config)#router ospf 2
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 2.2.2.2 0.0.0.0 area 1
R2(config-router)#network 12.12.12.2 0.0.0.0 area 0
R2(config-router)#network 23.23.23.2 0.0.0.0 area 1

R3
R3(config)#int lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
!
R3(config-if)#int g1/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no sh
!
R3(config)#router ospf 3
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 3.3.3.3 0.0.0.0 area 1
R3(config-router)#network 23.23.23.3 0.0.0.0 area 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 90

R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:27:45, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:27:45, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0

* Perhatikan perbedaan Route Kode dilihat R3 di atas.

• Route 2.2.2.2 , itu muncul sebagai Tipe Route ‘O’ (Normal OSPF Route)
• Route 100.100.100.1 , ia muncul sebagai Tipe Route ‘OIA’ (OSPF Inter-Area
Route)
• Route 100.100.100.4, ia muncul sebagai Tipe Route ‘0E2’ (OSPF External
Route Type 2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 91

R3
R3(config)#do sh ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 1) → LSA Type 1

Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 1889 0x80000004 0x005E19 2
3.3.3.3 3.3.3.3 1877 0x80000003 0x004D1F 2

Net Link States (Area 1) → LSA Type 2

Link ID ADV Router Age Seq# Checksum
23.23.23.2 2.2.2.2 1889 0x80000001 0x00EAEB

Summary Net Link States (Area 1) → LSA Type 3

Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 1211 0x80000001 0x0033FB
12.12.12.0 2.2.2.2 1006 0x80000002 0x00A36B
100.100.100.1 2.2.2.2 1211 0x80000001 0x0039CB
100.100.100.2 2.2.2.2 1211 0x80000001 0x002FD4
100.100.100.3 2.2.2.2 1211 0x80000001 0x0025DD

Summary ASB Link States (Area 1) --- > LSA Type 4

Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 1211 0x80000001 0x001B14

Type-5 AS External Link States --- > LSA Type 5

Link ID ADV Router Age Seq# Checksum Tag
100.100.100.4 1.1.1.1 1347 0x80000002 0x0081E8 0
100.100.100.5 1.1.1.1 1347 0x80000002 0x0077F1 0
100.100.100.6 1.1.1.1 1347 0x80000002 0x006DFA 0
100.100.100.7 1.1.1.1 1347 0x80000002 0x006304 0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 92

Lab 4. OSPF Stub Area

• Stub artinya ujung, merupakan router atau area yang paling ujung atau
sisi paling akhir dan tidak memiliki cabang lain serta tidak memiliki jalan
lain untuk menuju jaringan dengan segmen lain.

• Semua external route LSA tipe 4 dan tipe 5 (network dari routing lain yang
diresdribute ke dalam OSPF) tidak dimasukkan dalam routing tabel

• Sebagai gantinya digunakanlah default route untuk menuju ke network-

network tersebut

• Hal ini akan mengurangi kinerja CPU dan memori router, mengurangi
jumlah routing tabel

• Dikonfigurasikan di semua router yang ada dalam stub area.

R2
R2(config)#router ospf 2
R2(config-router)#area 1 stub
R2(config-router)#exit
*Jul 8 16:44:41.562: %OSPF-5-ADJCHG: Process 2, Nbr 3.3.3.3 on
GigabitEthernet1/0 from FULL to DOWN, Neighbor Down: Adjacency forced
to reset
R2(config)#

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 93

R3
R3(config)#router ospf 3
R3(config-router)#area 1 stub
R3(config-router)#exit
R3(config)#
*Jul 8 16:46:37.322: %OSPF-5-ADJCHG: Process 3, Nbr 2.2.2.2 on
GigabitEthernet1/0 from LOADING to FULL, Loading Done
R3(config)#

R3
R3(config)#do sh ip route ospf
O*IA 0.0.0.0/0 [110/2] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:01:52, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:01:52, GigabitEthernet1/0

Muncul Gateway Default Route (0.0.0.0/0) sebagai ganti utk menuju network2
External route.
Bila sebelumnya terdapat routing berikut
O E2 100.100.100.4 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 00:16:25, GigabitEthernet1/0
Nah sekarang sudah di hapus nih dan tidak ada lagi terdapat dalam routing
table nya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 94

R3
R3(config)#do sh ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 1) --- > LSA Type 1

Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 337 0x8000000F 0x007CF0 2
3.3.3.3 3.3.3.3 336 0x8000000E 0x006BF6 2
Net Link States (Area 1) --- > LSA Type 2
Link ID ADV Router Age Seq# Checksum
23.23.23.3 3.3.3.3 336 0x80000001 0x00D003
Summary Net Link States (Area 1) --- > LSA Type 3
Link ID ADV Router Age Seq# Checksum
0.0.0.0 2.2.2.2 442 0x80000001 0x0075C0
1.1.1.1 2.2.2.2 442 0x8000000A 0x003FE8
12.12.12.0 2.2.2.2 442 0x8000000B 0x00AF58
100.100.100.1 2.2.2.2 442 0x8000000A 0x0045B8
100.100.100.2 2.2.2.2 442 0x8000000A 0x003BC1
100.100.100.3 2.2.2.2 442 0x8000000A 0x0031CA

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 95

Lab 5. OSPF Totally Stub Area

• Lebih sadis dari Stub Area, karena kini benar – benar totally stub
• Bukan hanya Exernal Route saja, bahkan internal route dari OSPF area lain
juga tidak dimasukkan dalam routing table
• Konfigurasi hanya dilakukan pada router ABR saja, tidak di semua router
dalam stub area
• Router R2 merupakan ABR (Area Border Router) yang menghubungkan
area 0 dan stub area 1

R2
R2(config)#router ospf 2
R2(config-router)#no area 1 stub
R2(config-router)#area 1 stub no-summary
R2(config-router)#exit

R3
R3(config)#do sh ip route ospf
O*IA 0.0.0.0/0 [110/2] via 23.23.23.2, 00:36:51, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:36:51, GigabitEthernet1/0
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:16:30, GigabitEthernet1/0
Maka pada OSPF Tottaly Stub Area tidak lagi terdapat dalam routing tablenya,.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 96

R3
R3(config)#do sh ip ospf database

OSPF Router with ID (3.3.3.3) (Process ID 3)

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count

2.2.2.2 2.2.2.2 1219 0x80000012 0x0076F3 2
3.3.3.3 3.3.3.3 1387 0x8000000F 0x0069F7 2

Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

23.23.23.3 3.3.3.3 1387 0x80000002 0x00CE04

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

0.0.0.0 2.2.2.2 1216 0x80000003 0x0071C2

Dalam OSPF database, semua LSA Type 3 kecuali default route dihapus,
sehingga yang sebelumnya link berikut masih ada, sekarang sudah tidak lagi
terdapat dalam OSPF Database nya.
12.12.12.0 2.2.2.2 442 0x8000000B 0x00AF58
100.100.100.1 2.2.2.2 442 0x8000000A 0x0045B8
100.100.100.2 2.2.2.2 442 0x8000000A 0x003BC1
100.100.100.3 2.2.2.2 442 0x8000000A 0x0031CA

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 97

Lab 6. OSPF Not So Stubby Area

• Seperti stub area tapi masih bisa nego-nego sedikit alias bisa digoyang

• Kalau pada stub dan totally stub area, maka External route benar-benar
tidak diterima ataupun dikirimkan, nah bila diinginkan pada area stub
masih bisa mengirim external route maka solusinya menggunakan NSSA.

• Namun External Route ini tidak sebagai LSA Type 5, melainkan dalam
bentuk LSA Type 7, karena memang LSA Type 3,4,5 benar – benar dibatasi
pada stub area jadi alternatifnya diakali menggunakan LSA Type 7

• Dan bila diinginkan Internal Route OSPF dari area lain masih bisa
diterima, maka solusinya juga menggunakan NSSA.

• Dikonfigurasikan pada semua router pada area stub

Tambahkan dulu routing external RIP yang diredistribute ke OSPF di router
R3 area stub.

R3
R3(config)#int lo1
R3(config-if)#ip add 33.33.33.1 255.255.255.255
!
R3(config-if)#int lo2
R3(config-if)#ip add 33.33.33.2 255.255.255.255
!
R3(config-if)#int lo3
R3(config-if)#ip add 33.33.33.3 255.255.255.255
!
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 33.33.33.0
R3(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 98

 !
R3(config)#router ospf 3
R3(config-router)#redistribute rip subnets

Selanjutnya Konfigurasikan NSSA, dengan menghapus area 1 stub pada

sebelum nya

R2
R2(config)#router ospf 2
R2(config-router)#no area 1 stub
R2(config-router)#area 1 nssa
R2(config-router)#exit

R3
R3(config-router)#no area 1 stub
R3(config-router)#area 1 nssa
R3(config-router)#exit

Cek kembali routing table nya,.

R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:00:28, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:00:28, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:00:28, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:00:28, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:00:28, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:00:28, GigabitEthernet1/0

Jos mantab... Internal Area dari OSPF Area 100 bisa diterima dengan baik di
stub router R3,.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 99

 R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 06:10:11, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:02:48, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:02:48, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E2 33.33.33.1 [110/20] via 12.12.12.2, 00:02:47, FastEthernet0/0
O E2 33.33.33.2 [110/20] via 12.12.12.2, 00:02:47, FastEthernet0/0
O E2 33.33.33.3 [110/20] via 12.12.12.2, 00:02:47, FastEthernet0/0
Wuiihhh mantabbb…..External Route RIP dari R3 sudah bisa diterima di router
R1
Meski demikian, kita harus memperhatikan jika belum ada default routenya,
sehingga R3 belum bisa ping ke IP 100.100.100.4 – 100.100.100.7 yang
merupakan network EIGRP di R1 yang di redistribute ke OSPF.

R3
R3(config)#do ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3(config)#

Maka kita perlu menambahkan konfigurasi berikut cukup pada router ABR nya
saja yakni dalam hal ini router R2.

R2
R2(config)#router ospf 2
R2(config-router)#area 1 nssa default-information-originate
R2(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 100

Selanjutnya cek kembali pada routing tabel nya pada R3.

R3
R3(config)#do sh ip route ospf
O*N2 0.0.0.0/0 [110/1] via 23.23.23.2, 00:09:06, GigabitEthernet1/0
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:23:13, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:23:13, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:23:13, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:23:13, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:23:13, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:23:13, GigabitEthernet1/0

Nah sekarang sudah muncul kan untuk default route (0.0.0.0/0) , sekarang kita
akan coba tes ping kembali,.

R3
R3#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/29/52 ms
!
R3#ping 100.100.100.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
!
R3#ping 100.100.100.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/27/36 ms
!
R3#ping 100.100.100.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.7, timeout is 2 seconds:

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 101

 !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/29/36 ms
R3#

kalau kemudian diinginkan internal route OSPF area lain tidak ditampilkan
dalam database, namun masih bisa tetap mengirimkan External Route RIP nya,
maka tambahkan nosummary pada router ABR R2

R2
R2(config)#router ospf 2
R2(config-router)#area 1 nssa no-summary
R2(config-router)#exit
R2(config)#
maka pada R3 sudah tidak lagi terdapat routing inter area dan digantikan
dengan default route saja

R3
R3(config)#do sh ip route ospf
Gateway of last resort is 23.23.23.2 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/2] via 23.23.23.2, 00:01:54, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:40:26, GigabitEthernet1/0

R3
R3(config)#do ping 100.100.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/32 ms
R3(config)#do ping 100.100.100.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/36 ms
R3(config)#do ping 100.100.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/40 ms
R3(config)#do ping 100.100.100.4

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 102

 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/32/36 ms
R3(config)#do ping 100.100.100.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/30/36 ms
R3(config)#do ping 100.100.100.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/37/56 ms
R3(config)#do ping 100.100.100.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/36 ms

Dan pastikan juga route external RIP dari R3 masih bisa di terima R1
R1
R1(config)#do sh ip route ospf
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 07:15:08, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 01:07:45, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 01:07:45, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E2 33.33.33.1 [110/20] via 12.12.12.2, 01:07:44, FastEthernet0/0
O E2 33.33.33.2 [110/20] via 12.12.12.2, 01:07:44, FastEthernet0/0
O E2 33.33.33.3 [110/20] via 12.12.12.2, 01:07:44, FastEthernet0/0
Tes ping ke semua network 33.33.33.1-3/32,.

R1
R1(config)#do ping 33.33.33.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.1, timeout is 2 seconds:

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 103

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/35/56 ms
!
R1(config)#do ping 33.33.33.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/35/44 ms
R1(config)#do ping 33.33.33.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/40/56 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 104

Lab 7. OSPF External Route Tipe-1

• Routing yang berasal dari routing protocol lain diberikan label dalam tabel
routing dengan label “OE2” yang berarti merupakan hasil redistribute
dengan menggunakan metric type 2.

• Redistribute pada OSPF ada 2 macam, yaitu redistribute metric type 1 dan
redistribute metric type 2

• Perbedaan keduanya terletak pada cost yang akna diberikan kepada

setiap network hasil redistribute tersebut.

• Redistribute type 1 akan memberikan cost pada sebuah network yang

merupakan hasil penjumlahan cost internal dan juga cost external.

• Sedangkan, redistribute type 2 akan memberikan cost pada sebuah

network hanya cost external dan tidak memperdulikan cost internal.
Hapus konfig NSSA pada R2 dan R2.

R2
R2(config)#router ospf 2
R2(config-router)#no area 1 nssa no-summary
R2(config-router)#no area 1 nssa
R2(config-router)#exit

R3
R3(config)#router ospf 3
R3(config-router)#no area 1 nssa
R3(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 105

 Kondisi awal :

R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 09:49:43, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:02:37, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:02:37, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E2 33.33.33.1 [110/20] via 12.12.12.2, 00:02:32, FastEthernet0/0
O E2 33.33.33.2 [110/20] via 12.12.12.2, 00:02:32, FastEthernet0/0
O E2 33.33.33.3 [110/20] via 12.12.12.2, 00:02:32, FastEthernet0/0

R2
R2(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 12.12.12.1, 00:21:32, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 23.23.23.3, 00:20:56, GigabitEthernet1/0
33.0.0.0/32 is subnetted, 3 subnets
O E2 33.33.33.1 [110/20] via 23.23.23.3, 00:20:56, GigabitEthernet1/0
O E2 33.33.33.2 [110/20] via 23.23.23.3, 00:20:56, GigabitEthernet1/0
O E2 33.33.33.3 [110/20] via 23.23.23.3, 00:20:56, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/2] via 12.12.12.1, 00:21:32, FastEthernet0/0
O IA 100.100.100.2 [110/2] via 12.12.12.1, 00:21:32, FastEthernet0/0
O IA 100.100.100.3 [110/2] via 12.12.12.1, 00:21:32, FastEthernet0/0
O E2 100.100.100.4 [110/20] via 12.12.12.1, 00:21:32, FastEthernet0/0
O E2 100.100.100.5 [110/20] via 12.12.12.1, 00:21:32, FastEthernet0/0
O E2 100.100.100.6 [110/20] via 12.12.12.1, 00:21:32, FastEthernet0/0
O E2 100.100.100.7 [110/20] via 12.12.12.1, 00:21:32, FastEthernet0/0

Perhatikan Code E2 pada tabel routing di R1 dan R2 diatas. Dan perhatikan

bagian [110/20], 110 menunjukkan administrator distance OSPF, sedangkan
20 menunjukkan metric yang digunakan oleh R2 menuju network tersebut.
Metricnya sama baik ketika route tersebut di R1 ataupun R2. Selanjutnya kita
ubah agar menjadi External Type 1 gunakan salah satu cara saja ya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 106

R3 -- > Cara Pertama
R3(config)#router ospf 3
R3(config-router)#redistribute rip subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics
R3(config-router)#redistribute rip subnets metric-type 1
R3(config-router)#exit

R3 -- > Cara Ke Dua

R3(config)#route-map TIPE-SATU
R3(config-route-map)#set metric-type ?
external IS-IS external metric
internal IS-IS internal metric or Use IGP metric as the MED for BGP
type-1 OSPF external type 1 metric
type-2 OSPF external type 2 metric

R3(config-route-map)#set metric-type type-1

R3(config-route-map)#exit
R3(config)#
R3(config)#router ospf 3
R3(config-router)#redistribute rip subnets route-map TIPE-SATU
R3(config-router)#exit

R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 10:49:50, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 01:02:44, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 01:02:44, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/22] via 12.12.12.2, 00:02:50, FastEthernet0/0
O E1 33.33.33.2 [110/22] via 12.12.12.2, 00:02:50, FastEthernet0/0
O E1 33.33.33.3 [110/22] via 12.12.12.2, 00:02:50, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 107

R2
R2(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 12.12.12.1, 01:09:19, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 23.23.23.3, 01:08:43, GigabitEthernet1/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/21] via 23.23.23.3, 00:08:49, GigabitEthernet1/0
O E1 33.33.33.2 [110/21] via 23.23.23.3, 00:08:49, GigabitEthernet1/0
O E1 33.33.33.3 [110/21] via 23.23.23.3, 00:08:49, GigabitEthernet1/0

Terlihat bahwa code Route nya berubah menjadi E1 dan nilai Metric nya
berubah dan berbeda pada setiap Router.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 108

 Lab 8. OSPF Filtering – Distribute List

R1 telah membuat beberapa network /32 yang kemudian diadvertise ke

OSPF dan EIGRP, selanjutnya route ganjil akan difilter oleh R2. Kemudian,
kita lihat apakah ada pengaruhnya terhadap R3. Kondisi awal :

R2
R2(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 12.12.12.1, 03:17:26, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 23.23.23.3, 03:16:50, GigabitEthernet1/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/21] via 23.23.23.3, 00:04:47, GigabitEthernet1/0
O E1 33.33.33.2 [110/21] via 23.23.23.3, 00:04:47, GigabitEthernet1/0
O E1 33.33.33.3 [110/21] via 23.23.23.3, 00:04:47, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/2] via 12.12.12.1, 03:17:26, FastEthernet0/0
O IA 100.100.100.2 [110/2] via 12.12.12.1, 03:17:26, FastEthernet0/0
O IA 100.100.100.3 [110/2] via 12.12.12.1, 03:17:26, FastEthernet0/0
O E2 100.100.100.4 [110/20] via 12.12.12.1, 03:17:26, FastEthernet0/0
O E2 100.100.100.5 [110/20] via 12.12.12.1, 03:17:26, FastEthernet0/0
O E2 100.100.100.6 [110/20] via 12.12.12.1, 03:17:26, FastEthernet0/0
O E2 100.100.100.7 [110/20] via 12.12.12.1, 03:17:26, FastEthernet0/0
Konfigurasikan Filtering Distribute List Agar yang Boleh Lewat Hanya IP Genap
Saja,.

R2
R2(config)#access-list 1 permit 0.0.0.0 255.255.255.254
R2(config)#router ospf 2
R2(config-router)#distribute-list 1 in
R2(config-router)#exit
Cek kembali

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 109

 R2
R2(config)#do sh ip route ospf
33.0.0.0/32 is subnetted, 1 subnets
O E1 33.33.33.2 [110/21] via 23.23.23.3, 00:01:20, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.2 [110/2] via 12.12.12.1, 00:01:20, FastEthernet0/0
O E2 100.100.100.4 [110/20] via 12.12.12.1, 00:01:20, FastEthernet0/0
O E2 100.100.100.6 [110/20] via 12.12.12.1, 00:01:20, FastEthernet0/0

Nah yang paling penting nih dan diperhatikan ospf databasenya yang tidak
berubah meski sudah di filter, hal tersebut dikarenakan pada OSPF semua
router dlam satu area memiliki database yang sama dan coba kalian cek di
router lain ya gaesss.

R1
R1(config)#do sh ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 1809 0x8000001D 0x00901B 2
2.2.2.2 2.2.2.2 778 0x8000001B 0x002596 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

12.12.12.2 2.2.2.2 1533 0x80000018 0x00E503

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

2.2.2.2 2.2.2.2 1285 0x80000019 0x00CA49
3.3.3.3 2.2.2.2 526 0x80000007 0x00CA56
23.23.23.0 2.2.2.2 526 0x80000007 0x000CDC
100.100.100.1 1.1.1.1 1809 0x80000019 0x001DD4
100.100.100.2 1.1.1.1 1809 0x80000019 0x0013DD
100.100.100.3 1.1.1.1 1809 0x80000019 0x0009E6
Summary ASB Link States (Area 0)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 110

Link ID ADV Router Age Seq# Checksum
3.3.3.3 2.2.2.2 526 0x80000007 0x00B26E
Router Link States (Area 100)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1809 0x8000001C 0x00FF5C 3
Summary Net Link States (Area 100)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 1809 0x80000019 0x001705
2.2.2.2 1.1.1.1 1809 0x80000018 0x00F423
3.3.3.3 1.1.1.1 552 0x80000007 0x00F231
12.12.12.0 1.1.1.1 1809 0x80000018 0x009567
23.23.23.0 1.1.1.1 552 0x80000007 0x0034B7
Summary ASB Link States (Area 100)
Link ID ADV Router Age Seq# Checksum
3.3.3.3 1.1.1.1 552 0x80000007 0x00DA49
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
33.33.33.1 3.3.3.3 1105 0x80000002 0x00555A 0
33.33.33.2 3.3.3.3 1105 0x80000002 0x004B63 0
33.33.33.3 3.3.3.3 1105 0x80000002 0x00416C 0
100.100.100.4 1.1.1.1 1809 0x80000019 0x0053FF 0
100.100.100.5 1.1.1.1 1809 0x80000019 0x004909 0
100.100.100.6 1.1.1.1 1809 0x80000019 0x003F12 0
100.100.100.7 1.1.1.1 1809 0x80000019 0x00351B 0

R3
R3(config)#do sh ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 3)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 812 0x80000024 0x003422 2
3.3.3.3 3.3.3.3 634 0x80000021 0x002D1E 2
Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
23.23.23.3 3.3.3.3 634 0x80000013 0x008E31
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 812 0x80000008 0x002503
12.12.12.0 2.2.2.2 812 0x80000008 0x009771
100.100.100.2 2.2.2.2 812 0x80000008 0x0021DB

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 111

 Summary ASB Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 812 0x80000007 0x000F1A
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
33.33.33.1 3.3.3.3 1137 0x80000002 0x00555A 0
33.33.33.2 3.3.3.3 1137 0x80000002 0x004B63 0
33.33.33.3 3.3.3.3 1137 0x80000002 0x00416C 0
100.100.100.4 1.1.1.1 1845 0x80000019 0x0053FF 0
100.100.100.5 1.1.1.1 1845 0x80000019 0x004909 0
100.100.100.6 1.1.1.1 1845 0x80000019 0x003F12 0
100.000.100.7 1.1.1.1 1845 0x80000019 0x00351B 0

Semua router dalam satu area yang sama memiliki OSPF database nya yang
sama dan beriklut routing table dari R3,.

R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 03:34:02, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 03:34:02, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 03:34:02, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 5 subnets
O IA 100.100.100.2 [110/3] via 23.23.23.2, 03:34:02, GigabitEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 03:33:52, GigabitEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 03:33:52, GigabitEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 03:33:52, GigabitEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 03:33:52, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 112

 Lab 9. OSPF Sumarization – Internal Router

Ada dua cara untuk melakukan summarization :

• Dikonfigurasi pada Router ABR (LSA Type 3) → Internal Route menggunakan
perintah “area xx range”
• Dikonfigurasi pada Router ASBR (LSA Type 5) → External Route
menggunakan perintah “summary-address”
OSPF Internal Route Summarization pada konfig sebelumnya pada R1 ada
beberapa network yang sudah diadvertise ke area 100 dan ini berarti R1
sudah menjadi ABR karena menjembatani area 0 dengan area 100.

R1
R1(config)#do sh run | section ospf
R1(config)#router ospf 1
R1(config)# router-id 1.1.1.1
R1(config)# redistribute eigrp 10 subnets
R1(config)# network 1.1.1.1 0.0.0.0 area 0
R1(config)#network 12.12.12.1 0.0.0.0 area 0
R1(config)#network 100.100.100.1 0.0.0.0 area 100
R1(config)#network 100.100.100.2 0.0.0.0 area 100
R1(config)#network 100.100.100.3 0.0.0.0 area 100
Hapus terlebih dahulu untuk konfigurasi access-list distribute list pada R2

R2
R2(config)#no access-list 1 permit 0.0.0.0 255.255.255.254
R2(config)#router ospf 2
R2(config-router)#no distribute-list 1 in
R2(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 113

Lalu cek routing tabel pada R3

R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 04:10:36, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 04:10:36, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 04:10:36, GigabitEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:04:13, GigabitEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 04:10:36, GigabitEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:04:13, GigabitEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 04:10:26, GigabitEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 04:10:26, GigabitEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 04:10:26, GigabitEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 04:10:26, GigabitEthernet1/0
Konfigurasikan summarization di R1,.

R1
R1(config)#router ospf 1
R1(config-router)#area 100 range 100.100.100.0 255.255.255.248
R1(config-router)#exit

Cek lagi R3
R3
R3(config)#do sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 05:05:46, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 05:05:46, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 05:05:46, GigabitEthernet1/0
100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 100.100.100.0/29 [110/3] via 23.23.23.2, 00:27:35, GigabitEthernet1/0
O E2 100.100.100.4/32
[110/20] via 23.23.23.2, 05:05:36, GigabitEthernet1/0
O E2 100.100.100.5/32
[110/20] via 23.23.23.2, 05:05:36, GigabitEthernet1/0
O E2 100.100.100.6/32

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 114

 [110/20] via 23.23.23.2, 05:05:36, GigabitEthernet1/0
O E2 100.100.100.7/32
[110/20] via 23.23.23.2, 05:05:36, GigabitEthernet1/0

Nah sudah ter summary kan network 100.100.100.0 nya. Cek di R1.
R1
R1(config)#do sh ip ro
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 00:29:19, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:29:19, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:29:19, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/22] via 12.12.12.2, 00:29:19, FastEthernet0/0
O E1 33.33.33.2 [110/22] via 12.12.12.2, 00:29:19, FastEthernet0/0
O E1 33.33.33.3 [110/22] via 12.12.12.2, 00:29:19, FastEthernet0/0
100.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O 100.100.100.0/29 is a summary, 00:29:19, Null0
C 100.100.100.1/32 is directly connected, Loopback1
C 100.100.100.2/32 is directly connected, Loopback2
C 100.100.100.3/32 is directly connected, Loopback3
C 100.100.100.4/32 is directly connected, Loopback4
C 100.100.100.5/32 is directly connected, Loopback5
C 100.100.100.6/32 is directly connected, Loopback6
C 100.100.100.7/32 is directly connected, Loopback7
Pada OSPF, discard route akan otomatis muncul bila summary route
dikonfigurasikan. Hal tersebut untuk menghindari terjadinya adanya forwarding
loop, bila ingin dihapuskan, maka konfigurasikan berikut.

R1
R1(config)#router ospf 1
R1(config-router)#no discard-route
R1(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 115

R1
R1(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 00:17:40, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:17:40, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.12.12.0/24 is directly connected, FastEthernet0/0
L 12.12.12.1/32 is directly connected, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:17:40, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/22] via 12.12.12.2, 00:17:40, FastEthernet0/0
O E1 33.33.33.2 [110/22] via 12.12.12.2, 00:17:40, FastEthernet0/0
O E1 33.33.33.3 [110/22] via 12.12.12.2, 00:17:40, FastEthernet0/0
100.0.0.0/32 is subnetted, 7 subnets
C 100.100.100.1 is directly connected, Loopback1
C 100.100.100.2 is directly connected, Loopback2
C 100.100.100.3 is directly connected, Loopback3
C 100.100.100.4 is directly connected, Loopback4
C 100.100.100.5 is directly connected, Loopback5
C 100.100.100.6 is directly connected, Loopback6
C 100.100.100.7 is directly connected, Loopback7

Dan discard route null0 pun sudah di tiadakan,.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 116

Lab 10. OSPF Sumarization – External Route

OSPF External Route Summarization, pada konfig sebelumnya pada R3 ada

beberapa network yang sudah diadvertise ke RIP dan kemudian di
redistribute. Dan ini berarti R3 sudah menjadi ASBR karena menjembatani
area 0 dengan routing protocol lain,.

R3
R3(config)#do sh run | section rip
redistribute rip metric-type 1 subnets
router rip
version 2
network 33.0.0.0
no auto-summary
!
R3(config)#do sh run | section ospf
router ospf 3
router-id 3.3.3.3
redistribute rip metric-type 1 subnets
network 3.3.3.3 0.0.0.0 area 1
network 23.23.23.3 0.0.0.0 area 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 117

Cek routing tabel R1
R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 00:53:12, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:53:12, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:53:12, FastEthernet0/0
33.0.0.0/32 is subnetted, 3 subnets
O E1 33.33.33.1 [110/22] via 12.12.12.2, 00:53:12, FastEthernet0/0
O E1 33.33.33.2 [110/22] via 12.12.12.2, 00:53:12, FastEthernet0/0
O E1 33.33.33.3 [110/22] via 12.12.12.2, 00:53:12, FastEthernet0/0

Konfigurasikan External Route Summarization di R3

R3
R3(config)#router ospf 3
R3(config-router)#summary-address 33.33.33.0 255.255.255.240
R3(config-router)#exit

Cek kembali di R1

R1
R1(config)#do sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 12.12.12.2, 00:56:57, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/3] via 12.12.12.2, 00:56:57, FastEthernet0/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.23.23.0 [110/2] via 12.12.12.2, 00:56:57, FastEthernet0/0
33.0.0.0/28 is subnetted, 1 subnets
O E1 33.33.33.0 [110/22] via 12.12.12.2, 00:01:13, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 118

Sekarang kita cek di R3.

R3
R3(config)#do sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 06:58:11, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 06:58:11, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 06:58:11, GigabitEthernet1/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.3/32 is directly connected, GigabitEthernet1/0
33.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 33.33.33.0/28 is a summary, 00:03:11, Null0
C 33.33.33.1/32 is directly connected, Loopback1
C 33.33.33.2/32 is directly connected, Loopback2
C 33.33.33.3/32 is directly connected, Loopback3
100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 100.100.100.0/29 [110/3] via 23.23.23.2, 02:20:00,
GigabitEthernet1/0
O E2 100.100.100.4/32
[110/20] via 23.23.23.2, 06:58:01, GigabitEthernet1/0
O E2 100.100.100.5/32
[110/20] via 23.23.23.2, 06:58:01, GigabitEthernet1/0
O E2 100.100.100.6/32
[110/20] via 23.23.23.2, 06:58:01, GigabitEthernet1/0
O E2 100.100.100.7/32
[110/20] via 23.23.23.2, 06:58:01, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 119

Nah disitukan ada null0 lagi seperti sebelum nya, untuk menghapusnnya
konfigurasi seperti ini :

R3
R3(config)#router ospf 3
R3(config-router)#no discard-route
R3(config-router)#exit

Cek kembali untuk R3

R3
R3(config)#do sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, GigabitEthernet1/0
L 23.23.23.3/32 is directly connected, GigabitEthernet1/0
33.0.0.0/32 is subnetted, 3 subnets
C 33.33.33.1 is directly connected, Loopback1
C 33.33.33.2 is directly connected, Loopback2
C 33.33.33.3 is directly connected, Loopback3
100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O IA 100.100.100.0/29 [110/3] via 23.23.23.2, 00:01:03,
GigabitEthernet1/0
O E2 100.100.100.4/32
[110/20] via 23.23.23.2, 00:01:03, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 120

 O E2 100.100.100.5/32
[110/20] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
O E2 100.100.100.6/32
[110/20] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
O E2 100.100.100.7/32
[110/20] via 23.23.23.2, 00:01:03, GigabitEthernet1/0
Sudah tidak ada gaessss, sulap kan haha….. dan coba cek ping kembali yaa
apakah masih bisa ???

R1
R1(config)#do ping 33.33.33.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/57/96 ms
R1(config)#do ping 33.33.33.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/24 ms
R1(config)#do ping 33.33.33.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/32 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 121

Lab 11. OSPF Redistribute – Default Route

Kali ini kita akan belajar untuk mendistribusikan default route ke semua
router. Pada R1 hapus routing eigrp 10 lalu jangan diadvertise ke OSPF
karena nantinya akan digunakan untuk pengetesan tes ping menuju route
yang tidak terdapat dalam routing tabelnya.

R1
R1(config)#no router eigrp 10
R1(config)#router ospf 10
R1(config-router)#no redistribute eigrp 10 subnets
R1(config-router)#no area 100 range 100.100.100.0 255.255.255.248
R1(config-router)#default-information originate always
R1(config-router)#exit
R1(config)#

R3
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:10:50, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:10:55, GigabitEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:10:55, GigabitEthernet1/0
100.0.0.0/29 is subnetted, 1 subnets
O IA 100.100.100.0 [110/3] via 23.23.23.2, 00:10:50, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 122

R3
R3#sh ip route ospf
Gateway of last resort is 23.23.23.2 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 23.23.23.2, 00:02:09, FastEthernet1/0
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:05:50, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:05:50, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:05:50, FastEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:02:23, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:02:23, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:02:23, FastEthernet1/0

R3
R3#sh ip route 100.100.100.4
% Subnet not in table

R3
R3#ping 100.100.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/60/96 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 123

Lab 12. OSPF Redistribute – Static

Buat static route dari R2 menuju ke salah satu loopback R1, kemudian
redistribute kedalam OSPF

R2
R2(config)#ip route 100.100.100.4 255.255.255.255 12.12.12.1
R2(config)#route ospf 2
R2(config-router)#redistribute static subnets
R2(config-router)#exit

R3
R3#sh ip route ospf
O*E2 0.0.0.0/0 [110/1] via 23.23.23.2, 00:11:06, FastEthernet1/0
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:14:47, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:14:47, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:14:47, FastEthernet1/0
100.0.0.0/32 is subnetted, 4 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:11:20, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:11:20, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:11:20, FastEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 00:02:08, FastEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 124

 Lab 13. OSPF Redistribute – Connected

Hapus konfigurasi sebelum nya ya gaess …..

R1
R1(config)#router ospf 1
R1(config-router)#no default-information originate always
R1(config-router)#exit

R2
R2(config)#no ip route 100.100.100.4 255.255.255.255 12.12.12.1
R2(config)#router ospf 2
R2(config-router)#no redistribute static subnets
R2(config-router)#exit

R1
R1(config)#router ospf 1
R1(config-router)#redistribute connected
% Only classful networks will be redistributed
Cek di R3 gaesss….
R3
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 00:25:02, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 00:25:02, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 00:25:02, FastEthernet1/0
100.0.0.0/32 is subnetted, 3 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 00:21:35, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 00:21:35, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 00:21:35, FastEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 125

 Ternyata tidak muncul apa-apa temen-teme, mengacu pada massage yang
muncul sebelumnya.
% Only classful networks will be redistributed

R1
R1(config)#router ospf 1
R1(config-router)#redistribute connected ?
metric Metric for redistributed routes
metric-type OSPF/IS-IS exterior metric type for redistributed routes
nssa-only Limit redistributed routes to NSSA areas
route-map Route map reference
subnets Consider subnets for redistribution into OSPF
tag Set tag for routes redistributed into OSPF
<cr>
R1(config-router)#redistribute connected subnets
R1(config-router)#exit

Cek Lagi di R3,.

R3
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 01:47:44, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 01:47:44, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 01:47:44, FastEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 01:44:17, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 01:44:17, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 01:44:17, FastEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 01:20:09, FastEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 01:20:09, FastEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 01:20:09, FastEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 01:20:09, FastEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 126

Lab 14. OSPF Redistribution – RIP

R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 100.100.100.0
R1(config-router)#no auto-summary
R1(config-router)#exit
!
R1(config)#router ospf 1
R1(config-router)#no redistribute connected subnets
R1(config-router)#redistribute rip subnets
R1(config-router)#exit

Cek di R3…..

R3
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 01:53:47, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 01:53:47, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 01:53:47, FastEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 01:50:20, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 01:50:20, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 01:50:20, FastEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 00:00:05, FastEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 00:00:05, FastEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 00:00:05, FastEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 00:00:05, FastEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 127

Lab 15. OSPF Redistribution - EIGRP

R1
R1(config)#no router rip
R1(config)#router eigrp 10
R1(config-router)#network 100.100.100.4 0.0.0.7
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#router ospf 1
R1(config-router)#redistribute eigrp 10 subnets
R1(config-router)#exit

Cek Di R3 Kembali,…
R3
R3#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 23.23.23.2, 02:03:26, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.23.23.2, 02:03:26, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.12.12.0 [110/2] via 23.23.23.2, 02:03:26, FastEthernet1/0
100.0.0.0/32 is subnetted, 7 subnets
O IA 100.100.100.1 [110/3] via 23.23.23.2, 01:59:59, FastEthernet1/0
O IA 100.100.100.2 [110/3] via 23.23.23.2, 01:59:59, FastEthernet1/0
O IA 100.100.100.3 [110/3] via 23.23.23.2, 01:59:59, FastEthernet1/0
O E2 100.100.100.4 [110/20] via 23.23.23.2, 00:03:28, FastEthernet1/0
O E2 100.100.100.5 [110/20] via 23.23.23.2, 00:03:28, FastEthernet1/0
O E2 100.100.100.6 [110/20] via 23.23.23.2, 00:03:28, FastEthernet1/0
O E2 100.100.100.7 [110/20] via 23.23.23.2, 00:03:28, FastEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 128

Lab 16. OSPF Mindah Jalur

R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int gigabitEthernet 2/0
R1(config-if)#ip add 13.13.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#network 0.0.0.0 255.255.255.255 area 0
R1(config-router)#auto-cost reference-bandwidth 1000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 129

R2
R2(config)#int fastEthernet 0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int gigabitEthernet 3/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#exit
R2(config)#router ospf 2
R2(config-router)#network 0.0.0.0 255.255.255.255 area 0
R2(config-router)#auto-cost reference-bandwidth 1000
% OSPF: Reference bandwidth is changed.
Please ensure reference bandwidth is consistent across all routers

R3
R3(config)#int gIgabitEthernet 2/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#int Gigabitethernet 3/0
R3(config-if)#ip add 13.13.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#int loopback 0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#exit
R3(config)#router ospf 3
R3(config-router)#network 0.0.0.0 255.255.255.255 area 0
R3(config-router)#auto-cost reference-bandwidth 1000

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 130

R1
R1(config)#do traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 13.13.13.3 8 msec 88 msec 12 msec
2 23.23.23.2 40 msec 32 msec 32 msec

R1
R1#show ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via "ospf 1", distance 110, metric 3, type intra area
Last update from 13.13.13.3 on GigabitEthernet2/0, 00:41:25 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 2.2.2.2, 00:41:25 ago, via GigabitEthernet2/0
Route metric is 3, traffic share count is 1

Nah menurut informasi di atas nih temen-temen, jalur yang mengarah ke R2

itu melalui R3 terlebih dahulu, kenapaaaa ?? karena OSPF menggunakan
bandwidth,. Dimana link gigabitethernet tentu nya lebih di pilih di banding
dengan melalui interface fastethernet, selanjutnya perhatikan pada bagian
metric nya yang bernilai 3, nilai 3 di dapatkan dari penjumlahan berikut.
(metric Link gigabitethernet R1-R3) + (metric link gigabitethernet R3-R2) +
(metric loopback R3,.
1 + 1 + 1 =3
Nilai 1 berasal dari pembagian 1000.000.000 : 1000.000.000 (reference
bandwidth nya sudah di rubah menjadi 1000Mbps), berikutnya kita shutdown
terleih dahulu interface Gigabitethernet nya sehingga link akan menggunakan
interface fastethernet nya

R1
R1(config)#int g2/0
R1(config-if)#shutdown
R1(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 131

 R1
R1(config)#do traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 12.12.12.2 56 msec 64 msec 20 msec

R1
R1#show ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 12.12.12.2 on FastEthernet0/0, 00:02:57 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 2.2.2.2, 00:02:57 ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1

Perhatikan pada metric nya yakni 11 merupakan penambahan link

fastethernet R1-R2+link Lopback R3 (10+1). Nilai 10 didapat dari hasil
pembagian 100.000.000:100.000.000 = 10
Nah sekarang coba kita no shutdown lagi interface gigabitethernet nya,.
R1
R1(config)#int g2/0
R1(config-if)#no shutdown
R1(config-if)#exit

Dan pastikan jalur yang di lewati R1 untuk menuju R2 melewati R3 kembali,

R1
R1(config)#do sh ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via "ospf 1", distance 110, metric 3, type intra area
Last update from 13.13.13.3 on GigabitEthernet2/0, 00:00:08 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 2.2.2.2, 00:00:08 ago, via GigabitEthernet2/0
Route metric is 3, traffic share count is 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 132

Selanjutnya kita akan rubah bandwith Gigabitethernet menjadi 1000 agar ospf
akan lewat langsung ke R2, walaupun arah R2 itu link nya adalah fastethernet,
karena Fastethernet bandwith nya adallah 100.000 sedangkan gigabitethernet
kita rubah menjadi 1000,.

R1
R1(config-if)#int g2/0
R1(config-if)#bandwidth 1000

Maka jalur akan berpindah langsung lewat R2 tidak melewati R3,.

R1
R1(config)#do sh ip route 2.2.2.2
Routing entry for 2.2.2.2/32
Known via "ospf 1", distance 110, metric 11, type intra area
Last update from 12.12.12.2 on FastEthernet0/0, 00:01:25 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 2.2.2.2, 00:01:25 ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 133

Lab 17. OSPF Authentication

Dalam OSPF ada dua pilihan untuk authentication,.

• Plaintext Authentication
• MD5 Authentication
Konfigurasi Plaintext authentication pada R1 dan R2 Terlebih dahulu,.
R1
R1(config)#int f0/0
R1(config-if)#ip ospf authentication
R1(config-if)#ip ospf authentication-key CCNP
R1(config-if)#exit
*Jul 22 00:56:31.959: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on
FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

R2
R2(config)#int f0/0
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key CCNP
R2(config-if)#EXIT
R2(config)#
*Jul 22 00:57:32.551: %OSPF-5-ADJCHG: Process 2, Nbr 1.1.1.1 on
FastEthernet0/0 from LOADING to FULL, Loading Done

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 134

 Perintah “IP OSPF AUTHENTICATION” berfungsi untuk mengaktifkan
plaintext authentication pada interface,.

R1
R1#show ip ospf interface f0/0 | include authentication
Simple password authentication enabled

R2
R2#show ip ospf interface f0/0 | include authentication
Simple password authentication enabled

Terlihat bahwa authentication untuk plaintext ini adallah jenis authentication

yang sangat simple. Nah sekarang kita akan coba untuk yang authentication
MD5 pada R2 dan R3

R2
R2(config)#int g2/0
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 CCNP

R3
R3(config)#int g3/0
R3(config-if)#ip ospf authentication message-digest
R3(config-if)#ip ospf message-digest-key 1 md5 CCNP
Verifikasi apakah di R2 dan R3 sudah aktif untuk authentication MD5

R2
R2#show ip ospf int g2/0 | include authentication
Message digest authentication enabled

R3
R3#show ip ospf int g3/0 | include authentication
Message digest authentication enabled

Jouuzzzz sudah aktif untuk md5 nya gaesss……

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 135

Lab 18. VRF Lite

Oke Guysss pada lab kita kali ini adallah VRF (Virtual Routing and Forwarding)
teknologi yang memungkinkan kita membuat dua segment IP Address yang
sama di dua interface router yang berbeda tapi, di Routing table yang
berbeda. VRF yang dijalankan tanpa MPLS disebut dengan VRF Lite,.

Oke langsung aja nih gasskeuunnn Buat VRF dan Daftarkan Interface ke
dalam VRF nya masing masing, sama seperti daftarin vlan ke interface
switch,.

ISP
R5#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#hostname ISP
ISP(config)#ip vrf KIRI
ISP(config-vrf)#exit
ISP(config)#ip vrf KANAN
ISP(config-vrf)#exit
ISP(config)#int f0/0
ISP(config-if)#ip vrf forwarding KIRI
ISP(config-if)#ip add 192.168.1.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
!
ISP(config)#int f0/1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 136

 ISP(config-if)#ip vrf forwarding KANAN
ISP(config-if)#ip add 192.168.1.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
!
ISP(config)#int g1/0
ISP(config-if)#ip vrf forwarding KIRI
ISP(config-if)#ip address 192.168.2.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
!
ISP(config)#int g2/0
ISP(config-if)#ip vrf forwarding KANAN
ISP(config-if)#ip address 192.168.2.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config-if)#exit
!

Dan kita akan konfigurasi IP dan Advertise ke OSPF

R1
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#int loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#exit
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#exit

R2
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.3 255.255.255.0
R2(config-if)#no sh
R2(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 137

R2(config)#int loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#exit
R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 0.0.0.255 area 0
R2(config-router)#network 2.2.2.2 0.0.0.0 area 0
R2(config-router)#exit

R3
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int g1/0
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#int loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#exit
R3(config)#router ospf 1
R3(config-router)#network 192.168.2.0 0.0.0.255 area 0
R3(config-router)#network 3.3.3.3 0.0.0.0 area 0

R4
R4(config)#conf t
R4(config)#int g1/0
R4(config-if)#ip address 192.168.2.3 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#int loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.255
R4(config-if)#exit
R4(config)#router ospf 1
R4(config-router)#network 192.168.2.0 0.0.0.255 area 0
R4(config-router)#network 4.4.4.4 0.0.0.0 area 0
R4(config-router)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 138

 Nah sekarang kita akan konfigurasi OSPF di sisi router ISP

ISP
ISP(config)#router ospf 1 vrf KIRI
ISP(config-router)#network 192.168.1.0 0.0.0.255 area 0
ISP(config-router)#network 192.168.2.0 0.0.0.255 area 0
ISP(config-router)#
ISP(config-router)#router ospf 2 vrf KANAN
ISP(config-router)#network 192.168.1.0 0.0.0.255 area 0
ISP(config-router)#network 192.168.2.0 0.0.0.255 area 0

Verifikasi gaaesss….

ISP
ISP(config)#do sh vrf
Name Default RD Protocols Interfaces
KANAN <not set> ipv4 Fa0/1
Gi2/0
KIRI <not set> ipv4 Fa0/0
Gi1/0

ISP
ISP#sh ip route vrf KIRI
Routing Table: KIRI
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 192.168.1.1, 00:14:16, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.2.1, 00:14:16, GigabitEthernet1/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/0
L 192.168.1.2/32 is directly connected, FastEthernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet1/0
L 192.168.2.2/32 is directly connected, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 139

 ISP
ISP#sh ip route vrf KANAN
Routing Table: KANAN
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.1.3, 00:06:25, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 192.168.2.3, 00:05:42, GigabitEthernet2/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/1
L 192.168.1.2/32 is directly connected, FastEthernet0/1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet2/0
L 192.168.2.2/32 is directly connected, GigabitEthernet2/0

Cek ping untuk sesama VRF kiri….

R1
R1(config)#do ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/431/884 ms

Sekarang kita akan cek ke beda VRF gaesss….

R1
R1(config)#do ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Mantab selamat mencoba………

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 140

 IPV6
(Internet Protocol Versi 6)

"Ada saat-saat yang baik, ada masa-masa sulit,

tetapi tidak pernah ada masa-masa buruk."
- Steve Jobs

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 141

 Lab 1. Dasar IPv6

1a. Link-Local Unicast Address (automatic)

Mengaktifkan IPv6, karena secara default tidak diaktifkan

R1
R1(config)#ipv6 unicast-routing

R2
R2(config)#ipv6 unicast-routing

Khusus pada Switch L3, modulnya ipv6 nya harus diload terlebih dahulu

Sample
SW(config)#sdm prefer dual-ipv4-ipv6 default

SELANJUTNYA HARUS RELOAD

Setiap kali kita setting IPv6 pada sebuah interface, maka Link-Local Unicast
Address akan muncul secara otomatis pada interface tersebut. Namun kita bisa
juga mengkonfigurasikannya secara manual. Nilainya selalu diawali dengan
FE80::/10.
Perintah berikut akan membuat Link-Local Unicast Address secara otomatis
pada interface setiap kita mengaktifkan interface tersebut untuk konfigurasi
IPv6.

R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ipv6 enable
R1(config)#no sh
R1(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 142

 R2
R2(config)#int fastEthernet 0/0
R2(config-if)#ipv6 address autoconfig
R2 (config-if)#no sh

Kemudian cek interfacenya

R1
R1#sh ipv6 interface f0/0 | i link-local
IPv6 is tentative, link-local address is FE80::C801:4FF:FEFC:8 [TEN]
No Virtual link-local address(es):

R1
R1#sh ipv6 int brief
FastEthernet0/0 [administratively down/down]
FE80::C801:4FF:FEFC:8
FastEthernet0/1 [administratively down/down]
unassigned
GigabitEthernet1/0 [administratively down/down]
Unassigned

Berikut penjelasan nilai link-local address yang didapat dari nilai mac-
address.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 143

R2
R2#sh ipv6 int brief
FastEthernet0/0 [administratively down/down]
FE80::C802:5FF:FE0C:8
FastEthernet0/1 [administratively down/down]
unassigned
GigabitEthernet1/0 [administratively down/down]
Unassigned

R2
R2#sh int f0/0
FastEthernet0/0 is administratively down, line protocol is down
Hardware is i82543 (Livengood), address is ca02.050c.0008 (bia
ca02.050c.0008)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 144

 1b. Global Unicast Address
R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ipv6 address
R1(config-if)#ipv6 address 12::1/126
R1(config-if)#no shutdown
R1(config-if)#exit

R1
R1(config)#do show ipv6 int brief
FastEthernet0/0 [up/up]
FE80::C801:4FF:FEFC:8
12::1

R2
R2(config)#int f0/0
R2(config-if)#ipv6 address 12::2/126
R2(config-if)#no shutdown
R2(config-if)#exit

R2
R2(config)#do sh ipv6 int brief
FastEthernet0/0 [up/up]
FE80::C802:5FF:FE0C:8
12::2

Coba lakukan tes ping

R1
R1(config)#do ping 12::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/15/36 ms

R2
R2(config)#do ping 12::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/16/20 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 145

 1c. EUI-64 Address
R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ipv6 add 21::/64 eui
R1(config-if)#ipv6 add 21::/64 eui-64
R1(config-if)#exit

R1
R1(config)#do sh ipv6 int brief
FastEthernet0/0 [up/up]
FE80::C801:4FF:FEFC:8
12::1
21::C801:4FF:FEFC:8

R2
R2(config)#interface f0/0
R2(config-if)#ipv6 address 21::/64 eui-64

R2
R2(config)#do sh ipv6 int brief
FastEthernet0/0 [up/up]
FE80::C802:5FF:FE0C:8
12::2
21::C802:5FF:FE0C:8

Cek ping
R1
R1(config)#do ping 21::C802:5FF:FE0C:8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 21::C802:5FF:FE0C:8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/26/52
ms

R2
R2(config)#do ping 21::C801:4FF:FEFC:8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 21::C801:4FF:FEFC:8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20
ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 146

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 147
 Lab 2. IPv6 Routing – Static

Konfigurasikan ipv6 address dan loopback pada R1 dan R2

R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ipv6 address 12::1/126
R1(config-if)#no shutdown
R1(config-if)#exit
!
R1(config)#int lo0
R1(config-if)#ipv6 address 1::1/128
R1(config-if)#exit

R2
R2(config)#int fastEthernet 0/0
R2(config-if)#ipv6 address 12::2/126
R2(config-if)#no shutdown
R2(config-if)#exit
!
R2(config)#int loopback0
R2(config-if)#ipv6 address 2::2/128
R2(config-if)#exit

Buat static routing pada router R2

R2
R2(config)#ipv6 route 1::1/128 12::1

Lakukan tes ping :

R2
R2(config)#do ping 1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/15/24 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 148

Buat static routing pada router R1
R1
R1(config)#ipv6 route 2::2/128 12::2

Lakukan tes ping

R1
R1(config)#do ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms
Selanjutnya bagaimana misalkan static routingnya via interface bukan
menggunakan ip seperti diatas, mari dicoba. Hapus static routing
konfigurasi sebelumnya

R1
R1(config)#no ipv6 route 2::2/128 12::2
### Konfigurasikan static routing via interface ###
R1(config)#ipv6 route 2::2/128 f0/0

Lakukan tes ping

R1
R1(config)#do ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Ups.. gak bias, Kita harus menambahkan link-local addressnya jika ingin
menggunakan interface. Hapus konfigurasi sebelumnya dan tambahkan
link-local address.

R1
R1(config)#no ipv6 route 2::2/128 f0/0
R1(config)#ipv6 route 2::2/128 f0/0 FE80::C802:5FF:FE0C:8

R2
R2(config)#do sh ipv6 int f0/0 | i link-local
IPv6 is enabled, link-local address is FE80::C802:5FF:FE0C:8
No Virtual link-local address(es):

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 149

 Lakukan tes ping
R1
R1(config)#do ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/20/24
ms

Bandingkan routingnya menggunakan link-local dan IP

R1
R1(config)#do sh ipv6 route
IPv6 Routing Table - Default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC 1::1/128 [0/0]
via Loopback0, receive
S 2::2/128 [1/0]
via FE80::C802:5FF:FE0C:8, FastEthernet0/0
C 12::/126 [0/0]
via FastEthernet0/0, directly connected
L 12::1/128 [0/0]
via FastEthernet0/0, receive
C 21::/64 [0/0]
via FastEthernet0/0, directly connected
L 21::C801:4FF:FEFC:8/128 [0/0]
via FastEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

R2
R2(config)#do sh ipv6 route
IPv6 Routing Table - Default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 150

 O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S 1::1/128 [1/0]
via 12::1
LC 2::2/128 [0/0]
via Loopback0, receive
C 12::/126 [0/0]
via FastEthernet0/0, directly connected
L 12::2/128 [0/0]
via FastEthernet0/0, receive
C 21::/64 [0/0]
via FastEthernet0/0, directly connected
L 21::C802:5FF:FE0C:8/128 [0/0]
via FastEthernet0/0, receive
L FF00::/8 [0/0]
via Null0, receive

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 151

 Lab 3. IPv6 Routing – RIPnG
Sekarang gunakan topologi berikut ini :

Konfigurasi ipv6 address dasar

R1
R1(config)#ipv6 unicast-routing
R1(config)#int f0/0
R1(config-if)#ipv6 address 12::1/126
R1(config-if)#no shutdown
R1(config-if)#int lo0
R1(config-if)#ipv6 address 1::1/128

R2
R2(config)#ipv6 unicast-routing
R2(config)#int f0/0
R2(config-if)#ipv6 address 12::2/126
R2(config-if)#no shutdown
R2(config-if)#int f0/1
R2(config-if)#ipv6 address 23::2/126
R2(config-if)#no shutdown
R2(config-if)#int lo0
R2(config-if)#ipv6 address 2::2/128

R3
R3(config)#ipv6 unicast-routing
R3(config)#int f0/0
R3(config-if)#ipv6 address 23::3/126
R3(config-if)#no shutdown
R3(config-if)#int lo0
R3(config-if)#ipv6 address 3::3/128

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 152

Konfigurasikan RIP pada masing-masing interface
R1
R1(config)#interface f0/0
R1(config-if)#ipv6 rip IDN enable
R1(config-if)#exit
R1(config)#!
R1(config)#interface lo0
R1(config-if)#ipv6 rip IDN enable
R1(config-if)#exit

R2
R2(config)#interface f0/0
R2(config-if)#ipv6 rip IDN enable
R2(config-if)#exit
R2(config)#interface f0/1
R2(config-if)#ipv6 rip IDN enable
R2(config-if)#exit
R2(config)#interface lo0
R2(config-if)#ipv6 rip IDN enable
R2(config-if)#exit

R3
R3(config)#interface f0/0
R3(config-if)#ipv6 rip IDN enable
R3(config-if)#exit
R3(config)#interface lo0
R3(config-if)#ipv6 rip IDN enable
R3(config-if)#exit

R1
R1(config)#do sh ipv6 route rip
R 2::2/128 [120/2]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
R 3::3/128 [120/3]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
R 23::/126 [120/2]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 153

Lakukan cek ping
R1
R1(config)#do ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/17/48 ms

R1(config)#do ping 3::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/34/40 ms

R1
R1#sh ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "rip IDN"
Interfaces:
Loopback0
FastEthernet0/0
Redistribution:
None

R1
R1#sh ipv6 rip IDN
RIP process "IDN", port 521, multicast-group FF02::9, pid 261
Administrative distance is 120. Maximum paths is 16
Updates every 30 seconds, expire after 180
Holddown lasts 0 seconds, garbage collect after 120
Split horizon is on; poison reverse is off
Default routes are not generated
Periodic updates 26, trigger updates 4
Interfaces:
Loopback0
FastEthernet0/0
Redistribution:
None

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 154

R1
R1#debug ipv6 rip
RIP Routing Protocol debugging is on
R1#
*Jul 10 17:08:54.451: RIPng: Packet waiting
*Jul 10 17:08:54.451: RIPng: response received from FE80::C802:7FF:FE3B:8
on FastEthernet0/0 for IDN
*Jul 10 17:08:54.451: src=FE80::C802:7FF:FE3B:8 (FastEthernet0/0)
*Jul 10 17:08:54.451: dst=FF02::9
*Jul 10 17:08:54.451: sport=521, dport=521, length=92
*Jul 10 17:08:54.451: command=2, version=1, mbz=0, #rte=4
*Jul 10 17:08:54.451: tag=0, metric=1, prefix=12::/126
*Jul 10 17:08:54.451: tag=0, metric=1, prefix=23::/126
*Jul 10 17:08:54.451: tag=0, metric=1, prefix=2::2/128
*Jul 10 17:08:54.451: tag=0, metric=2, prefix=3::3/128

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 155

Lab 4. IPv6 Routing – OSPFv3

Hapus terlebih dahulu konfigurasi RIP sebelumnya

R1-R2-R3
R1(config)#no ipv6 router rip IDN
R2(config)#no ipv6 router rip IDN
R3(config)#no ipv6 router rip IDN

Konfigurasikan OSPFv3
R1
R1(config)#ipv6 router ospf 10
R1(config-rtr)#
*Jul 10 17:16:45.195: %OSPFv3-4-NORTRID: OSPFv3 process 10 could not
pick a router-id,
please configure manually
R1(config-rtr)#router
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#exit
!
R1(config)#interface f0/0
R1(config-if)#ipv6 ospf 10 area 0
R1(config-if)#exit
!
R1(config)#interface lo0
R1(config-if)#ipv6 ospf 10 area 0
R1(config-if)#exit

R2
R2(config)#ipv6 router ospf 10
R2(config-rtr)#
*Jul 10 17:21:07.707: %OSPFv3-4-NORTRID: OSPFv3 process 10 could not
pick a router-id,
please configure manually

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 156

R2(config-rtr)#router
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#exit
R2(config)#interface f0/0
R2(config-if)#ipv6 ospf 10 area 0
R2(config-if)#
*Jul 10 17:21:51.455: %OSPFv3-5-ADJCHG: Process 10, Nbr 1.1.1.1 on
FastEthernet0/0 from LOADING to FULL, Loading Done
R2(config-if)#interface f0/1
R2(config-if)#ipv6 ospf 10 area 0
R2(config-if)#interface lo0
R2(config-if)#ipv6 ospf 10 area 0
R2(config-if)#exit

R3
R3(config)#ipv6 router ospf 10
R3(config-rtr)#
*Jul 10 17:24:34.535: %OSPFv3-4-NORTRID: OSPFv3 process 10 could not
pick a router-id,
please configure manually
R3(config-rtr)#router-id 3.3.3.3
R3(config-rtr)#exit
R3(config)#interface f0/0
R3(config-if)#ipv6 ospf 10 area 0
*Jul 10 17:25:02.283: %OSPFv3-5-ADJCHG: Process 10, Nbr 2.2.2.2 on
FastEthernet0/0 from LOADING to FULL, Loading Done
R3(config-if)#interface lo0
R3(config-if)#ipv6 ospf 10 area 0
R3(config-if)#exit

Cek routing table

R1
R1(config)#do show ipv6 route ospf
O 2::2/128 [110/1]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
O 3::3/128 [110/2]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
O 23::/126 [110/2]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 157

R2
R2(config)#do show ipv6 ospf neighbor
Neighbor ID Pri State Dead Time Interface ID Interface
3.3.3.3 1 FULL/BDR 00:00:32 4 FastEthernet0/1
1.1.1.1 1 FULL/DR 00:00:35 4 FastEthernet0/0

R2
R2(config)#do sh ipv6 ospf database
OSPFv3 Router with ID (2.2.2.2) (Process ID 10)
Router Link States (Area 0)
ADV Router Age Seq# Fragment ID Link count Bits
1.1.1.1 668 0x80000004 0 1 None
2.2.2.2 476 0x80000006 0 2 None
3.3.3.3 465 0x80000003 0 1 None
Net Link States (Area 0)
ADV Router Age Seq# Link ID Rtr count
1.1.1.1 667 0x80000001 4 2
2.2.2.2 476 0x80000001 5 2
Link (Type-8) Link States (Area 0)
ADV Router Age Seq# Link ID Interface
2.2.2.2 631 0x80000001 5 Fa0/1
3.3.3.3 477 0x80000001 4 Fa0/1
1.1.1.1 864 0x80000001 4 Fa0/0
2.2.2.2 667 0x80000001 4 Fa0/0
Intra Area Prefix Link States (Area 0)

ADV Router Age Seq# Link ID Ref-lstype Ref-LSID

1.1.1.1 667 0x80000003 0 0x2001 0
1.1.1.1 669 0x80000001 4096 0x2002 4
2.2.2.2 477 0x80000003 0 0x2001 0
2.2.2.2 477 0x80000001 5120 0x2002 5
3.3.3.3 469 0x80000001 0 0x2001 0

R1#ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/20 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 158

Lab 5. IPv6 Routing – Redistributed RIPng OSPF

Untuk cara redistributed baik di Ipv4 dan Ipv6 caranya hampir sama.
Berikut konfigurasinya :
R1
R1(config)#ipv6 unicast-routing
R1(config)#int f0/0
R1(config-if)#ipv6 address 12::1/126
R1(config-if)#no shutdown
R1(config-if)#int lo0
R1(config-if)#ipv6 address 1::1/128

R2
R2(config)#ipv6 unicast-routing
R2(config)#int f0/0
R2(config-if)#ipv6 address 12::2/126
R2(config-if)#no shutdown
R2(config-if)#int f0/1
R2(config-if)#ipv6 address 23::2/126
R2(config-if)#no shutdown
R2(config-if)#int lo0
R2(config-if)#ipv6 address 2::2/128

R3
R3(config)#ipv6 unicast-routing
R3(config)#int f0/0
R3(config-if)#ipv6 address 23::3/126
R3(config-if)#no shutdown
R3(config-if)#int lo0
R3(config-if)#ipv6 address 3::3/128

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 159

Lakukan advertise sesuai topology
R1
R1(config)#ipv6 unicast-routing
R1(config)#ipv6 router ospf 10
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#exit
R1(config)#interface f0/0
R1(config-if)#ipv6 ospf 10 area 0
R1(config-if)#interface lo0
R1(config-if)#ipv6 ospf 10 area 0
R1(config-if)#exit

R2
R2(config)#ipv6 unicast-routing
R2(config)#ipv6 router ospf 10
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#exit
R2(config)#ipv6 router rip IDN
R2(config-rtr)#exit
R2(config)#interface f0/0
R2(config-if)#ipv6 ospf 10 area 0
R2(config-if)#interface f0/1
R2(config-if)#ipv6 rip IDN enable
R2(config)#int lo0
R2(config-if)#ipv6 ospf 10 area 0
R2(config-if)#exit

R3
R3(config)#ipv6 unicast-routing
R3(config)#ipv6 router rip IDN
R3(config-rtr)#exit
R3(config)#interface f0/0
R3(config-if)#ipv6 rip IDN enable
R3(config-if)#interface lo0
R3(config-if)#ipv6 rip IDN enable
R3(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 160

Lakukan command berikut ini untuk meredistributed
R2
R2(config)#ipv6 router ospf 10
R2(config-rtr)#redistribute rip IDN
R2(config-rtr)#exit
!
R2(config)#ipv6 router rip IDN
R2(config-rtr)#redistribute ospf 10 metric 1
R2(config-rtr)#exit

Cek routing table dan lakukan ping

R1
R1(config)#do sh ipv6 route ospf
IPv6 Routing Table - Default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O 2::2/128 [110/1]
via FE80::C802:4FF:FEF0:38, GigabitEthernet2/0
OE2 3::3/128 [110/20]
via FE80::C802:4FF:FEF0:38, GigabitEthernet2/0
R1(config)#

R3
R3(config)#do sh ipv6 route rip
IPv6 Routing Table - Default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 1::1/128 [120/2]
via FE80::C802:4FF:FEF0:54, GigabitEthernet2/0
R3(config)#

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 161

Dan kita akan melakukan pengecekan dengan cara ping agar lebih yakin
lagi ya gaesss…
R1
R1(config)#do ping 3::3 source 1::1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
Packet sent with a source address of 1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/44/60
ms

R3
R3(config)#do ping 1::1 source 3::3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
Packet sent with a source address of 1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/44/60
ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 162

Lab 6. IPv6 Routing – EIGRP

Hapus terlebih dahulu konfigurasi OSPF sebelumnya pada semua router

R1, R2, R3
R1(config)#no ipv6 router ospf 10
R2(config)#no ipv6 router ospf 10
R3(config)#no ipv6 router ospf 10

R1
R1(config)#ipv6 router eigrp 10
R1(config-rtr)#router-id 1.1.1.1
R1(config-rtr)#no shutdown--→ mengaktifkan routing eigrp
R1(config)#interface f0/0
R1(config-if)#ipv6 eigrp 10
R1(config-if)#interface lo0
R1(config-if)#ipv6 eigrp 10
R1(config-if)#exit
R1(config)#
*Jul 10 19:03:46.779: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10:
NeighborFE80::C802:7FF:FE3B:8 (FastEthernet0/0) is up: new adjacency

R2
R2(config)#ipv6 router eigrp 10
R2(config-rtr)#router-id 2.2.2.2
R2(config-rtr)#no shutdown
R2(config-rtr)#exit
R2(config)#interface f0/0
R2(config-if)#ipv6 eigrp 10
R2(config-if)#exit
R2(config)#
*Jul 10 19:03:46.803: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 10:
Neighbor FE80::C801:7FF:FE2C:8 (FastEthernet0/0) is up: new adjacency
R2(config)#interface f0/1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 163

R2(config-if)#ipv6 eigrp 10
R2(config-if)#interface lo0
R2(config-if)#ipv6 eigrp 10
R2(config-if)#exit

R3
R3(config)#ipv6 router eigrp 10
R3(config-rtr)#router-id 3.3.3.3
R3(config-rtr)#no shutdown
R3(config-rtr)#exit
R3(config)#interface f0/0
R3(config-if)#ipv6 eigrp 10
R3(config-if)#interface lo0
R3(config-if)#ipv6 eigrp 10
R3(config-if)#exit

Cek Routing Table

R1
R1(config)#do sh ipv6 route eigrp
D 2::2/128 [90/156160]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
D 3::3/128 [90/158720]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0
D 23::/126 [90/30720]
via FE80::C802:7FF:FE3B:8, FastEthernet0/0

Lakukan tes ping

R1
R1(config)#do ping 2::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/20 ms

R1
R1(config)#do ping 3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/39/48
ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 164

Lab 7. IPv6 Tunnel – IPv6IP

IPv6 dan IPv4 tidak compatible satu sama lain, maka agar IPv6 dan IPv4
bisa hidup berdampingan salah satunya kita bisa menggunakan tunneling.
Untuk lab kali ini kita akan menggunakan static point – to – point
tunneling, ada dua metode yang bisa kita gunakan :
- Manual Tunnel (IPv6IP)
- GRE Tunnel
Berikut konfigurasinya, kita konfigurasi dasar terlebih dahulu :
R1
R1(config)#int fastEthernet 0/0
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#int loopback0
R1(config-if)#ipv6 address 1::1/128
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 12.12.12.0
R1(config-router)#no auto-summary
R1(config-router)#exit

R2
R2(config)#int fastEthernet 0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#int fastEthernet 0/1
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 165

 R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#network 12.12.12.0
R2(config-router)#network 23.23.23.0
R2(config-router)#no auto-summary
R2(config-router)#exit

R3
R3(config)#int f0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#int lo0
R3(config-if)#ipv6 address 3::3/128
R3(config-if)#exit
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#network 23.23.23.0
R3(config-router)#no auto-summary
R3(config-router)#exit

Konfigurasi Tunnel
R1
R1(config)#int tunnel 0
R1(config-if)#ipv6 address 13::1/64
R1(config-if)#tunnel source 12.12.12.1
R1(config-if)#tunnel destination 23.23.23.3
R1(config-if)#tunnel mode ipv6ip
R1(config-if)#exit

R3
R3(config)#int tunnel 0
R3(config-if)#ipv6 address 13::2/64
R3(config-if)#tunnel source 23.23.23.3
R3(config-if)#tunnel destination 12.12.12.1
R3(config-if)#tunnel mode ipv6ip
R3(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 166

 R1
R1#sh ipv6 int brief
Loopback0 [up/up]
FE80::C801:5FF:FE31:8
1::1
Tunnel0 [up/up]
FE80::C0C:C01
13::1

R3
R3#sh ipv6 interface brief
Loopback0 [up/up]
FE80::C803:5FF:FE4F:8
3::3
Tunnel0 [up/up]
FE80::1717:1703
13::2

R1
R1#sh int tunnel 0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport IPv6/IP
0 unknown protocol drops

R3
R3#sh int tunnel 0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport IPv6/IP
0 unknown protocol drops

Cek ping antar rip tunnel

R1
R1#ping 13::2
Sending 5, 100-byte ICMP Echos to 13::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/32 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 167

 R3
R3#ping 13::1
Sending 5, 100-byte ICMP Echos to 13::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/44 ms

Konfigurasi Routing ke IP Loopback

R1
R1(config)#ipv6 route 3::3/128 13::2
R3
R3(config)#ipv6 route 1::1/128 13::1

R1
R1#sh ipv6 route
IPv6 Routing Table - Default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
LC 1::1/128 [0/0]
via Loopback0, receive
S 3::3/128 [1/0]
via 13::2
C 13::/64 [0/0]
via Tunnel0, directly connected
L 13::1/128 [0/0]
via Tunnel0, receive
L FF00::/8 [0/0]
via Null0, receive
R3
R3#sh ipv6 route
IPv6 Routing Table - Default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
S 1::1/128 [1/0]

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 168

 via 13::1
LC 3::3/128 [0/0]
via Loopback0, receive
C 13::/64 [0/0]
via Tunnel0, directly connected
L 13::2/128 [0/0]
via Tunnel0, receive
L FF00::/8 [0/0]
via Null0, receive

Cek ping
R1
R1#ping 3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/33/40
ms

R3
R3#ping 1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/40/40
ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 169

 Lab 8. IPv6 Tunnel GRE IP

Hapus terlebih dahulu konfigurasi tunnel mode ipv6 ip pada interface

tunnel R1 dan R2 karena by default interface tunnel jika tidak di define
manual, maka tunnel modenya adalah GRE.
R1
R1(config)#int tunnel 0
R1(config-if)#no tunnel mode ipv6ip
R1(config-if)#exit

R3
R3(config)#int tunnel 0
R3(config-if)#no tunnel mode ipv6ip
R3(config-if)#exit

Cek apakah sudah berubah menjadi GRE

R1
R1(config)#do show interface tunnel0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport GRE/IP
0 unknown protocol drops

R3
R3(config)#do show int tunnel0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport GRE/IP
0 unknown protocol drops

R1(config)#do ping 3::3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/27/40 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 170

Lab 9. IPv6 Tunnel 6to4

Nah kali ini Selain menggunakan static point-to-point kita juga bisa
menggunakan Dynamic Multipoint Nih Gaeeesss, tunneling ituuu.
Kelemahan dari dynamic multipoint ini kita tidak bisa menggunakan
protocol routing IGP seperti : OSPF, RIP, EIGRP.
Ada dua metode yang akan kita bahas yaitu :
- 6to4
- ISATAP (Intra Site Automatic Tunnel Addressing Protocol)
Hapus konfigurasi tunnel dan static routing bekas lab sebelumnya yaaaaa
R1 dan R3
R1(config)#no interface tunnel 0
R1(config)#no ipv6 route 3::3/128 13::2
R3(config)#no interface tunnel 0
R3(config)#no ipv6 route 1::1/128 13::1

R1
R1(config)#interface tunnel 0
R1(config-if)#tunnel mode ipv6ip 6to4
R1(config-if)#ipv6 address 2002:C0C:C01::1/64
R1(config-if)#tunnel source 12.12.12.1
R1(config-if)#exit
R1(config)#ipv6 route 2002::/16 tun0

R3
R3(config)#int tunnel 0
R3(config-if)#tunnel mode ipv6ip 6to4
R3(config-if)#tunnel source 23.23.23.3
R3(config-if)#ipv6 address 2002:1717:1703::3/64
R3(config-if)#exit
R3(config)#ipv6 route 2002::/16 tunnel 0

Mari kita akan melakukan pengecekan di R1 dan R3

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 171

 R1
R1(config)#do sh int tunnel0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport IPv6 6to4
0 unknown protocol drops
R1(config)#

R3
R3(config)#do sh int tunnel0 | i protocol
Tunnel0 is up, line protocol is up
Tunnel protocol/transport IPv6 6to4
0 unknown protocol drops
R3(config)#

Verifikasi Dengan Cara Ping…….

R1
R1(config)#do ping 3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/21/52 ms

R3
R3(config)#do ping 1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/47/56 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 172

Lab 10. IPv6 Tunnel ISATAP
Oke guys sebelum masuk ke lab ini kita harus menghapus konfigurasi
sebelumnya,……
R1 Dan R3
R1(config)#no interface tunnel 0
R1(config)#no ipv6 route 3::3/128 2002:1717:1703::3
!
R3(config)#no interface tunnel 0
R3(config)#no ipv6 route 1::1/128 2002:C0C:C01::1

R1
R1(config)#interface tunnel 13
R1(config-if)#tunnel mode ipv6ip isatap
R1(config-if)#tunnel source 12.12.12.1
R1(config-if)#ipv6 address 13::/64 eui-64
R1(config-if)#exit

R3
R3(config)#interface tunnel 31
R3(config-if)#tunnel mode ipv6ip isatap
R3(config-if)#tunnel source 23.23.23.3
R3(config-if)#ipv6 address 13::/64 eui-64
R3(config-if)#exit

Kita cek Interface IPV6 nya,…

R1
R1(config)#do show ipv6 int brief
Tunnel13 [up/up]
FE80::5EFE:C0C:C01
13::5EFE:C0C:C01

R3
R3(config)#do show ipv6 int brief
Tunnel31 [up/up]
FE80::5EFE:1717:1703
13::5EFE:1717:1703

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 173

Sudah terbuat ya teman-teman, kita akan cek ping …
R3
R3(config)#do ping 13::5EFE:C0C:C01 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13::5EFE:C0C:C01, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms

R1
R1(config)#do ping 13::5EFE:1717:1703 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13::5EFE:1717:1703, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/33/60 ms

Sekarang kita akan konfigurasi Routing NYA….

R1 Dan R3
R1(config)#ipv6 route 3::3/128 13::5EFE:1717:1703
R3(config)#ipv6 route 1::1/128 13::5EFE:C0C:C01

R1
R1(config)#do show int tunnel 13 | i protocol
Tunnel13 is up, line protocol is up
Tunnel protocol/transport IPv6 ISATAP
0 unknown protocol drops

R3
R3(config)#do show int tunnel 31 | i protocol
Tunnel31 is up, line protocol is up
Tunnel protocol/transport IPv6 ISATAP
0 unknown protocol drops

R1
R1(config)#do ping 3::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/37/72 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 174

Lab 11. IPv6 Tunnel Auto-Tunnel
Hapussss terlebih dahulu ya interface tunnel dan routing static nya gaessss…
R1 Dan R3
R1(config)#no interface tunnel 13
R1(config)#no ipv6 route 3::3/128 13::5EFE:1717:1703
R3(config)#no interface tunnel 31
R3(config)#no ipv6 route 1::1/128 13::5EFE:C0C:C01

R1
R1(config)#interface tunnel 13
R1(config-if)#tunnel mode ipv6ip auto-tunnel
R1(config-if)#tunnel source 12.12.12.1
R1(config-if)#exit

R3
R3(config)#interface tunnel 31
R3(config-if)#tunnel mode ipv6ip auto-tunnel
R3(config-if)#tunnel source 23.23.23.3
R3(config-if)#exit

R1
R1(config)#do show ipv6 int brief
Tunnel13 [up/up]
FE80::C0C:C01
::12.12.12.1

R3
R3(config)#do show ipv6 int brief
Tunnel31 [up/up]
FE80::1717:1703
::23.23.23.3

R1
R1(config)#do ping ::23.23.23.3
Sending 5, 100-byte ICMP Echos to ::23.23.23.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/52 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 175

 R3
R3(config)#do ping ::12.12.12.1
Sending 5, 100-byte ICMP Echos to ::12.12.12.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/18/36 ms

Cek interface Tunnel,..

R1
R1(config)#do show int tunnel 13 | i protocol
Tunnel13 is up, line protocol is up
Tunnel protocol/transport IPv6 auto-tunnel
0 unknown protocol drops

R3
R3(config)#do show int tunnel 31 | i protocol
Tunnel31 is up, line protocol is up
Tunnel protocol/transport IPv6 auto-tunnel
0 unknown protocol drops

Sekarang kita akan konfigurasi Routing nya,,..

R1
R1(config)#ipv6 route 3::3/128 ::23.23.23.3
R1(config)#do ping 3::3
Sending 5, 100-byte ICMP Echos to 3::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/42/60 ms

R3
R3(config)#ipv6 route 1::1/128 ::12.12.12.1
R3(config)#do ping 1::1
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/48 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 176

 BGP
(Border Gateway Protocol)

"Barangsiapa tidak mau merasakan pahitnya belajar, dia akan

merasakan hinanya kebodohan sepanjang hidupnya."
(Imam Syafi'i rahimahullah)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 177

Lab 1. Konfigurasi Dasar iBGP Peering

Untuk peering BGP, kita bisa menggunakan IP Loopback untuk iBGP dan
Internal Physical untuk eBGP. Kita akan melakukan peering dari IP Inteface
physical untuk membuat eBGP. Router R1 dan R2 harus dalam 1 AS number
yang sama yakni AS 12.
R1
R1(config)#int f0/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no sh
R1(config)#router bgp 12
R1(config-router)#neighbor 12.12.12.2 remote-as 12

R2
R2(config)#int f0/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no sh
R2(config)#router bgp 12
R2(config-router)#neighbor 12.12.12.1 remote-as 12
Tunggulah beberapa saat hingga muncul seperti ini
*Jul 18 13:59:08.511: %BGP-5-ADJCHANGE: neighbor 12.12.12.1 Up

Verifikasi

R1
R1#sh ip bgp summary
BGP router identifier 12.12.12.1, local AS number 12
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
12.12.12.2 4 12 44 44 1 0 0 00:42:50 0

Pastikan pada bagian State/PfxRcd terdapat nilainya walaupun 0. Selanjutnya

kita akan coba lakukan advertise suatu route ke BGP.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 178

R1
R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config)#router bgp 12
R1(config-router)#network 1.1.1.1 mask 255.255.255.255

R2
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config)#router bgp 12
R2(config-router)#network 2.2.2.2 mask 255.255.255.255

R1
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/20 ms

R1
R1#sh ip bgp summary
BGP router identifier 12.12.12.1, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 264 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 504 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 904 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
12.12.12.2 4 12 98 98 3 0 0 01:36:38 1

Sebelumnya pada bagian State/PfxRcd sudah muncul nilai 0, saat ini sudah
berganti muncul nilai 1, yang artinya kita menerima 1 route yang diadvertise
BGP oleh router lain.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 179

 R1
R1#sh ip bgp
BGP table version is 3, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 12.12.12.2 0 100 0 i

Selanjutnya kita cek, apakah route tersebut sudah muncul dalam routing
tabelnya.
R1
R1#sh ip route bgp
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/0] via 12.12.12.2, 00:10:15

Tes ping ke route tersebut

R1
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms

R2
R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/20 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 180

 Lab 2. iBGP Peering – Loopback

Kita akan melakukan Peer dengan IP Loopback. Pastikan IP Loopbacknya harus

bisa diping terlebih dahulu. Hapus konfigurasi sebelumnya, sebelum dilanjutkan
ke konfigurasi berikutnya.
R1 dan R2
R1(config)#no router bgp 12
R2(config)#no router bgp 12
Agar loopbacknya bisa di ping, gunakan IGP (RIP,OSPF,EIGRP) ataupun static
route.

R1
R1(config)#router eigrp 10
R1(config-router)#network 1.1.1.1 0.0.0.0
R1(config-router)#network 12.12.12.1 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#router eigrp 10
R2(config-router)#network 2.2.2.2 0.0.0.0
R2(config-router)#network 12.12.12.2 0.0.0.0
R2(config-router)#no auto-summary

R2
R2(config)#do ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms

Konfigurasi BGP Peernya dengan menambahkan update-source loopback 0, jika

tidak ditambahkan, maka yang digunakan updatenya adalah ip interface
physical sehingga bpg adjencencynya akan bermasalah.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 181

 R1
R1(config)#router bgp 12
R1(config-router)#neighbor 2.2.2.2 remote-as 12
R1(config-router)#neighbor 2.2.2.2 update-source loopback 0

R2
R2(config)#router bgp 12
R2(config-router)#neighbor 1.1.1.1 remote-as 12
R2(config-router)#neighbor 1.1.1.1 update-source loopback 0

Pastikan BGP adjacencynya sudah up

R2
R2(config)#do show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 12
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
1.1.1.1 4 12 0 0 0 0 0 never Active

Pastikan pada bagian state/ PfxRcdnya bernilai 0. Perhatikan juga ip

neighbornya bukan lagi ip physicalnya melainkan ip loopbacknya. Kita buat ip
loopback baru untuk diadvertise ke BGP
R1
R1(config)#int loopback 11
R1(config-if)#ip add 11.11.11.11 255.255.255.255
R1(config-if)#exit
R1(config)#router bgp 12
R1(config-router)#network 11.11.11.11 mask 255.255.255.255

R2
R2(config)#int lo22
R2(config-if)#ip add 22.22.22.22 255.255.255.255
R2(config-if)#exit
R2(config)#router bgp 12
R2(config-router)#network 22.22.22.22 mask 255.255.255.255

Kita pastikan route tersebut sudah diadvertise sehingga nilai state/ PfxRcd nya
menjadi 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 182

R1
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 12
BGP table version is 3, main routing table version 3
2 network entries using 264 bytes of memory
2 path entries using 104 bytes of memory
3/2 BGP path/bestpath attribute entries using 504 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 904 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
2.2.2.2 4 12 8 8 3 0 0 00:05:39 1

R1
R1#sh ip bgp
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i

Kita cek routing tabelnya

R1
R1#sh ip route bgp
22.0.0.0/32 is subnetted, 1 subnets
B 22.22.22.22 [200/0] via 2.2.2.2, 00:05:44

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 183

 LAB 3. eBGP Peering

Kita akan belajar konfigurasi e-BGP Peersnya, yaitu antara R2 dan R3. Kali ini
kita akan menggunakan ip physical sebagai bgp peersnya. Tambahkan satu
router dan konfigurasi IP addressnya dibawah.

Konfigurasi IP address pada f1/0 di Router 2

R2
R2(config)#int f1/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown

Konfigurasi IP Address pada router 3

R3
R3(config)#int f0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#int loopback0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#exit

Konfigurasi BGP
R2
R2(config)#router bgp 12
R2(config-router)#neighbor 23.23.23.3 remote-as 3

R3
R3(config)#router bgp 3
R3(config-router)#neighbor 23.23.23.2 remote-as 12
R3(config-router)#network 3.3.3.3 mask 255.255.255.255

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 184

 Cek BGP Peernya
R3
R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 3
BGP table version is 4, main routing table version 4
3 network entries using 396 bytes of memory
3 path entries using 156 bytes of memory
4/3 BGP path/bestpath attribute entries using 672 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 1280 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
23.23.23.2 4 12 7 5 4 0 0 00:02:15 2

Terlihat sudah ada 2 route

R3
R3#sh ip bgp
BGP table version is 4, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 3.3.3.3/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 23.23.23.2 0 12 i
*> 22.22.22.22/32 23.23.23.2 0 0 12 i

Lakukan tes ping

R3
R3#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 185

 Ups, gak bisa di ping. Cek disisi R1
R1
R1#sh ip bgp
BGP table version is 3, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* i3.3.3.3/32 23.23.23.3 0 100 0 3 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
Kita bisa melihat bahwa route BGP dari R3 (3.3.3.3) tidak ada tanda > bestnya.
Hal tersebut dikarenakan IP Next Hopnya tidak reachable dari R1. Yang
menyebabkan ketika paket ping dikirim dan sampai ke R1, R1 tidak mengetahui
cara untuk mengembalikan paket icmp tersebut ke R3.

Kita cek routing table di R1

R1
R1#sh ip route bgp
22.0.0.0/32 is subnetted, 1 subnets
B 22.22.22.22 [200/0] via 2.2.2.2, 03:05:04
Kita bisa melihat bahwa tidak satupun route yang berasal dari R3 baik itu
interface loopback maupun physicalnya. Terutama IP 23.23.23.3 yang menjadi
next hop menuju ke 3.3.3.3

Ada beberapa cara yang bisa dilakukan, salah satunya adalah mengadvertise
network 23.23.23.0 ke BGP pada R2.
R2
R2(config)#router bgp 12
R2(config-router)#network 23.23.23.0 mask 255.255.255.0

Cek lagi di sisi R1

R1
R1#sh ip bgp
BGP table version is 5, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 186

 Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.3/32 23.23.23.3 0 100 0 3 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
*>i23.23.23.0/24 2.2.2.2 0 100 0 i

Kita bisa melihat telah muncul route 23.23.23.0 serta pada route 3.3.3.3 sudah
muncul tanda > best yang dikarenakan next hopnya sudah reachable.
Kita coba lakukan tes ping kembali dari R3.
R3
R3#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/44 ms

Akhirnya berhasil reply. Sekarang kita melakukan ping dari R1.

R1
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Ternyata hasilnya time out… sekarang gunakan source yang ipnya sudah
diketahui R3. Cek dulu IPnya R1 yang dikenali oleh R3 apa saja.
R3
R3#show ip route
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
11.0.0.0/32 is subnetted, 1 subnets
B 11.11.11.11 [20/0] via 23.23.23.2, 00:10:51
22.0.0.0/32 is subnetted, 1 subnets
B 22.22.22.22 [20/0] via 23.23.23.2, 00:10:51
23.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 23.23.23.0/24 is directly connected, FastEthernet0/0
L 23.23.23.3/32 is directly connected, FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 187

Ternyata hanya ip 11.11.11.11 saja, maka gunakan sebagai sourcenya.
R1
R1#ping 3.3.3.3 source 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/44 ms

Kita lakukan ping dengan menambahkan ping source. Cara yang sama bisa
dilakukan yaitu mengadvertise network 12.12.12.0 ke BGP pada R1.

R1
R1(config)#router bgp 12
R1(config-router)#network 12.12.12.0 mask 255.255.255.0

Cek di R3 terlebih dahulu, pastikan network 12.12.12.0 sudah dikenali

R3
R3#sh ip route bgp
22.0.0.0/32 is subnetted, 1 subnets
B 22.22.22.22 [20/0] via 23.23.23.2, 02:28:19
11.0.0.0/32 is subnetted, 1 subnets
B 11.11.11.11 [20/0] via 23.23.23.2, 02:28:19
12.0.0.0/24 is subnetted, 1 subnets
B 12.12.12.0 [20/0] via 23.23.23.2, 00:01:51

Lakukan tes ping kembali dari R1 tanpa menggunakan source

R1
R1(config)#do ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/35/40 ms

Hasilnya langsung reply

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 188

 LAB 4. BGP Next-Hop-Self

Kita hapus terlebih dahulu konfigurasi routing BGP dan EIGRP pada konfigurasi
sebelumnya.

R1,R2
R1(config)#no router bgp 12
R1(config)#no router eigrp 10

R3
R3(config)#no router bgp 3
Kita konfigurasi BGP Peer melalui Physical Interface dan advertise satu network
pada R3.
R1
R1(config)#router bgp 12
R1(config-router)#neighbor 12.12.12.2 remote-as 12

R2
R2(config)#router bgp 12
R2(config-router)#neighbor 12.12.12.1 remote-as 12
R2(config-router)#neighbor 23.23.23.3 remote-as 3

R3
R3(config)#router bgp 3
R3(config-router)#neighbor 23.23.23.2 remote-as 12
R3(config-router)#network 3.3.3.3 mask 255.255.255.255

R1
R1(config)#do show ip bgp
BGP table version is 1, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i3.3.3.3/32 23.23.23.3 0 100 0 3 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 189

 Kita tidak menemukan tanda > best pada route 3.3.3.3 yang dikarenakan next-
hopnya tidak reachable. Solusinya yaitu kita jadikan R2 sebagai next-hop R1
untuk menuju ke R3.
R2
R2(config)#router bgp 12
R2(config-router)#neighbor 12.12.12.1 next-hop-self

Kita cek lagi disisi R1

R1
R1(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i3.3.3.3/32 12.12.12.2 0 100 0 3 i

Jika kita perhatikan bahwasanya ip next hop sudah berubah dari R3 menjadi R2
sehingga kita bisa melakukan ping dari R1
R1
R1(config)#do sh ip route bgp
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [200/0] via 12.12.12.2, 00:05:17

Sudah muncul di routing table 1. Meski demikian tetap saja R3 tidak bisa di ping
dari R1, karena walaupun R1 mempunyai routing tabel ke R3, namun tidak
dengan R3 yang tidak memiliki route sama sekali terhadap R1.

Untuk itu, kita bisa melakukan advertise ke salah satu ip R1 ke BGP untuk
dijadikan sebagai source saat ping ke R3.
R1
R1(config)#router bgp 12
R1(config-router)#network 1.1.1.1 mask 255.255.255.255

Sehingga hasil akhirnya sebagai berikut.

R1
R1#ping 3.3.3.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/44 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 190

 LAB 5. BGP Authentication

Konfigurasi BGP
R1
R1(config)#router bgp 12
R1(config-router)#neighbor 12.12.12.2 password CCNPJOS

R2
R2(config)#router bgp 12
R2(config-router)#neighbor 12.12.12.1 password CCNPJOS

Pengecekan
R1
R1(config)#do sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
12.12.12.2 4 12 59 62 5 0 0 00:00:31
1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 191

 LAB 6. BGP Route Reflector

Pada i-BGP, peernya harus full mesh artinya

• R1 peers ke R2, R3, R4
• R2 peers ke R1, R3, R4
• R3 peers ke R1, R2, R4
• R4 peers ke R1, R2, R3
Kita membuat Route Reflector agar ketika ada router baru, satu persatu tidak
harus peers ke R1, R2, R3 dan R4. Solusinya yaitu menjadikan salah satu
routernya menjadi route reflector. Hapus konfigurasi BGP pada lab
sebelumnya dan tambahkan 1 router baru.

R1 dan R2
R1(config)#no router bgp 12
R2(config)#no router bgp 12

R3
R3(config)#no router bgp 3

Kita konfigurasi IP pada R3 dan R4

R3
R3(config)#int f1/0
R3(config-if)#ip add 34.34.34.3 255.255.255.0
R3(config-if)#no shutdown

R4
R4(config)#int f0/0
R4(config-if)#ip address 34.34.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.255
R4(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 192

Kita konfigurasi BGP dan EIGRP Routingnya pada masing-masing router
R1
R1(config)#router eigrp 10
R1(config-router)#network 1.1.1.1 0.0.0.0
R1(config-router)#network 12.12.12.1 0.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#router bgp 1234
R1(config-router)#neighbor 2.2.2.2 remote-as 1234
R1(config-router)#neighbor 2.2.2.2 update lo0
R1(config-router)#neighbor 2.2.2.2 route-reflector-client
R1(config-router)#neighbor 3.3.3.3 remote-as 1234
R1(config-router)#neighbor 3.3.3.3 update lo0
R1(config-router)#neighbor 3.3.3.3 route-reflector-client
R1(config-router)#neighbor 4.4.4.4 remote-as 1234
R1(config-router)#neighbor 4.4.4.4 update lo0
R1(config-router)#neighbor 4.4.4.4 route-reflector-client
R1(config-router)#exit
R2
R2(config)#router eigrp 10
R2(config-router)#network 2.2.2.2 0.0.0.0
R2(config-router)#network 12.12.12.2 0.0.0.0
R2(config-router)#network 23.23.23.2 0.0.0.0
R2(config-router)#no auto-summary
R2(config)#router bgp 1234
R2(config-router)#neighbor 1.1.1.1 remote-as 1234
R2(config-router)#neighbor 1.1.1.1 update-source lo0
R2(config-router)#exit
R3
R3(config)#router eigrp 10
R3(config-router)#network 23.23.23.3 0.0.0.0
R3(config-router)#network 34.34.34.3 0.0.0.0
R3(config-router)#network 3.3.3.3 0.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#exit
R3(config)#router bgp 1234
R3(config-router)#neighbor 1.1.1.1 remote-as 1234
R3(config-router)#neighbor 1.1.1.1 update-source lo0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 193

 R4
R4(config)#router eigrp 10
R4(config-router)#network 4.4.4.4 0.0.0.0
R4(config-router)#network 34.34.34.4 0.0.0.0
R4(config-router)#no auto-summary
R4(config-router)#exit
R4(config)#router bgp 1234
R4(config-router)#neighbor 1.1.1.1 remote-as 1234
R4(config-router)#neighbor 1.1.1.1 update-source lo0
R4(config-router)#exit

Pengecekan :
R1
R1#sh ip bgp summary
BGP router identifier 11.11.11.11, local AS number 1234
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
2.2.2.2 4 1234 4 4 1 0 0 00:02:33 0
3.3.3.3 4 1234 4 4 1 0 0 00:02:31 0
4.4.4.4 4 1234 4 4 1 0 0 00:02:34 0

R2
R2#sh ip bgp summary
BGP router identifier 22.22.22.22, local AS number 1234
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
1.1.1.1 4 1234 10 10 1 0 0 00:08:58 0

Sebagai pengetesan, kita advertise suatu route di salah satu router dan kita
pastikan bisa ping dari semua router.
R4
R4(config)#interface Loopback44
R4(config-if)#ip address 44.44.44.44 255.255.255.255
R4(config)#router bgp 1234
R4(config-router)#network 44.44.44.44 mask 255.255.255.255
Kita cek pada setiap router mengenai route yang diadvertise oleh R4

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 194

R1
R1#sh ip bgp 44.44.44.44
BGP routing table entry for 44.44.44.44/32, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Flag: 0x820
Advertised to update-groups:
1
Local, (Received from a RR-client)
4.4.4.4 (metric 161280) from 4.4.4.4 (44.44.44.44)
Origin IGP, metric 0, localpref 100, valid, internal, best

R3
R3#sh ip bgp 44.44.44.44
BGP routing table entry for 44.44.44.44/32, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Flag: 0x820
Not advertised to any peer
Local
4.4.4.4 (metric 156160) from 1.1.1.1 (11.11.11.11)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 44.44.44.44, Cluster list: 11.11.11.11

Kita cek ping

R2
R2#ping 44.44.44.44
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 44.44.44.44, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/36 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 195

LAB 7. BGP Attribute (Origin)

Origin adalah attribute yang digunakan untuk pemilihan jalur pada BGP.
Advertise network loopback 11 pada R1 ke dalam RIP, kita redistribute ke BGP
dan hapus R4 dari RR-Client R1 dan konfig EBGP pada R3 dan R4.

R1
R1#sh ip int br | i up
FastEthernet0/0 12.12.12.1 YES NVRAM up up
Loopback0 1.1.1.1 YES NVRAM up up
Loopback11 11.11.11.11 YES NVRAM up up

R1
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#network 11.11.11.11
R1(config-router)#no auto-summary
R1(config-router)#router bgp 1234
R1(config-router)#redistribute rip
R1(config-router)#no neighbor 4.4.4.4 remote-as 1234
R1(config-router)#exit

R3
R3(config)#router bgp 1234
R3(config-router)#neighbor 34.34.34.4 remote-as 4
R3(config-router)#neighbor 1.1.1.1 next-hop-self
R3(config-router)#exit

R4
R4(config)#no router bgp 1234
R4(config)#router bgp 4
R4(config-router)#neighbor 34.34.34.3 remote-as 1234
R4(config-router)#network 44.44.44.44 mask 255.255.255.255

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 196

Hasil akhirnya bisa dilihat di R3, show ip bgp
R3
R3#sh ip bgp
BGP table version is 6, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*>i11.11.11.11/32 1.1.1.1 0 100 0 ?
*> 44.44.44.44/32 34.34.34.4 0 04i

Catatan :

i = route yang berasal dari BGP (eBGP/iBGP) yang diadvertise melalui perintah
network x.x.x mask y.y.y.y

e = route yang berasal dari protocol EGP (saat ini sudah tidak ada protocol tsb)

? = route yang berasal dari protocol lain (Static/RIP/OSPF/EIGRP) yang

diredistribute kedalam BGP.

R3 untuk menuju network 11.11.11.11/32 ada code “ ?” nilai origin dari

routenya adalah “?” karena berasal dari protocol routing RIP yang
diredistribute kedalam BGP

R3 untuk menuju network 44.44.44.44/32 adalah via “4 i” yang artinya Next

AS Pathnya adalah AS 4 dan nilai origin dari routenya adalah i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 197

 LAB 8. BGP Attribute (Community)

BGP Community digunakan untuk menambahka informasi tambahan pada

setiap prefix yang diadvertise ke router tetangga yang menjalankan BGP. Ada 4
community default yang bisa kita gunakan atau bisa juga menggunakan nilai
numerik.
Untuk topologi sebelumnya, cabut kabel antara R3dan R4 lalu colok kabel
antara R3 dan R4, kemudian colok kabel dari R2 ke R4 sesuai topologi,
kemudian hapus config bekas lab sebelumnya.

R1,R2,R3
R1(config)#no router bgp 1234
R2(config)#no router bgp 1234
R3(config)#no router bgp 1234

R3
R3(config)#default int f0/1

R4
R4(config)#default int f0/0
R4(config)#default int lo44
R4(config)#no int lo0
R4(config)#no router bgp 4
R4(config)#no router eigrp 10

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 198

Kita konfigurasikan IP Address pada R2 dan R4
R2
R2(config)#int g1/0
R2(config-if)#ip add 24.24.24.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int lo22
R2(config-if)#ip add 22.22.22.22 255.255.255.255

R4
R4(config)#int g1/0
R4(config-if)#ip add 24.24.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.255

Kita konfigurasi BGP pada semua router. Disini R2 berperan sebagai route
reflector server
R1
R1(config)#router bgp 123
R1(config-router)#network 11.11.11.11 mask 255.255.255.255
R1(config-router)#neighbor 2.2.2.2 remote-as 123
R1(config-router)#neighbor 2.2.2.2 update-source Loopback0

R2
R2(config)#router bgp 123
R2(config-router)#neighbor 1.1.1.1 remote-as 123
R2(config-router)#neighbor 1.1.1.1 up lo0
R2(config-router)#neighbor 1.1.1.1 route-reflector-client
R2(config-router)#neighbor 1.1.1.1 next-hop-self
R2(config-router)#neighbor 3.3.3.3 remote-as 123
R2(config-router)#neighbor 3.3.3.3 update lo0
R2(config-router)#neighbor 3.3.3.3 route-reflector-client
R2(config-router)#neighbor 3.3.3.3 next-hop-self
R2(config-router)#neighbor 24.24.24.4 remote-as 4
R2(config-router)#network 22.22.22.22 mask 255.255.255.255

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 199

 R3
R3(config)#int lo33
R3(config-if)#ip add 33.33.33.33 255.255.255.255
R3(config)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 remote-as 123
R3(config-router)#neighbor 2.2.2.2 up lo0
R3(config-router)#network 33.33.33.33 mask 255.255.255.255

R4
R4(config)#router bgp 4
R4(config-router)#neighbor 24.24.24.2 remote-as 123
R4(config-router)#network 4.4.4.4 mask 255.255.255.255
R4(config-router)#exit

Kita cek bgp route di R1 dan R4

R1
R1#sh ip bgp
BGP table version is 6, local router ID is 11.11.11.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
*>i33.33.33.33/32 3.3.3.3 0 100 0 i

R4
R4(config)#do show ip bgp
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 11.11.11.11/32 24.24.24.2 0 123 i
*> 22.22.22.22/32 24.24.24.2 0 0 123 i
*> 33.33.33.33/32 24.24.24.2 0 123 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 200

Selanjutnya, kita set community ‘no-export’ di R1 (no Export tidak diadvertise
ke e BGP)
R1
R1(config)#access-list 1 permit host 11.11.11.11
R1(config)#route-map NO-EXPORT
R1(config-route-map)#match ip address 1
R1(config-route-map)#set community no-export
R1(config-route-map)#router bgp 123
R1(config-router)#neighbor 2.2.2.2 route-map NO-EXPORT out
R1(config-router)#neighbor 2.2.2.2 send-community

Marilah kita cek bgp route R3 dan R4, kemudian kita bandingkan hasilnya.
Pastikan network 11.11.11.11/32 sudah tidak ada.

R3
R3(config)#do sh ip bgp
BGP table version is 5, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i
*>i11.11.11.11/32 1.1.1.1 0 100 0 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i
*> 33.33.33.33/32 0.0.0.0 0 32768 i

R4
R4(config)#do show ip bgp
BGP table version is 6, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 24.24.24.2 0 0 123 i
*> 33.33.33.33/32 24.24.24.2 0 123 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 201

Kita cek apakah pada prefix terdapat informasi tambahan yaitu no-export
R2
R2(config)#do show ip bgp 11.11.11.11
BGP routing table entry for 11.11.11.11/32, version 6
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised
to EBGP peer)
Flag: 0x880
Advertised to update-groups:
1
Local, (Received from a RR-client)
1.1.1.1 (metric 156160) from 1.1.1.1 (11.11.11.11)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-export
Sekarang, kita gentian ke community “no-advertise” di R3 (no-export tidak
diadvertise ke i-BGP/e-BGP)
R3
R3(config)#access-list 1 permit host 33.33.33.33
R3(config)#route-map NO-ADVERTISE
R3(config-route-map)#match ip address 1
R3(config-route-map)#set community no-advertise
R3(config-route-map)#router bgp 123
R3(config-router)#neighbor 2.2.2.2 route-map NO-ADVERTISE out
R3(config-router)#neighbor 2.2.2.2 send-community
R3(config-router)#exit

Kita cek BGP route di R1 dan R4, lalu kita pastikan bahwa network
33.33.33.33/32 sudah tidak ada.
R1
R1(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 2.2.2.2 0 100 0 4 i
*> 11.11.11.11/32 0.0.0.0 0 32768 i
*>i22.22.22.22/32 2.2.2.2 0 100 0 i

R4
R4(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 22.22.22.22/32 24.24.24.2 0 0 123 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 202

 R2
R2(config)#do show ip bgp 33.33.33.33
BGP routing table entry for 33.33.33.33/32, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised
to any peer)
Flag: 0x880
Not advertised to any peer
Local, (Received from a RR-client)
3.3.3.3 (metric 156160) from 3.3.3.3 (33.33.33.33)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: no-advertise
Kita melihat bahwa “local-AS” di R1 (diadvertise hanya di confederation i BGP
saja). Artinya kita konfigurasi i BGP (R1,R2, & R3) harus kita ubah dari Route
Reflector menjadi Confederation.

Untuk topologi physicalnya masih sama tetapi untuk topologi logical menjadi
seperti diatas. Kita konfigurasikan BPG Confederation pada R1, R2, R3

R1
R1(config)#no router bgp 123
R1(config)#router bgp 12
R1(config-router)#bgp confederation identifier 123
R1(config-router)#network 11.11.11.11 mask 255.255.255.255
R1(config-router)#neighbor 12.12.12.2 remote-as 12
R1(config-router)#access list 2 permit host 11.11.11.11
R1(config)#route-map LOCAL-AS
R1(config-route-map)#match ip address 2
R1(config-route-map)#set community local-AS
R1(config-route-map)#router bgp 12
R1(config-router)#neighbor 12.12.12.2 route-map LOCAL
R1(config-router)#neighbor 12.12.12.2 route-map LOCAL-AS out
R1(config-router)#neighbor 12.12.12.2 send-community

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 203

 R2
R2(config)#router bgp 12
R2(config-router)#bgp confederation identifier 123
R2(config-router)#bgp confederation peers 3
R2(config-router)#neighbor 24.24.24.4 remote-as 4
R2(config-router)#neighbor 12.12.12.1 remote-as 12
R2(config-router)#neighbor 12.12.12.1 next-hop-self
R2(config-router)#neighbor 23.23.23.3 remote-as 3
R2(config-router)#neighbor 23.23.23.3 next-hop-self
R2(config-router)#network 22.22.22.22 mask 255.255.255.255

R3
R3(config)#no router bgp 123
R3(config)#router bgp 3
R3(config-router)#bgp confederation identifier 123
R3(config-router)#bgp confederation peers 12
R3(config-router)#neighbor 23.23.23.2 remote-as 12
R3(config-router)#network 33.33.33.33 mask 255.255.255.255

Kita cek bgp route di R2 dan R3, pastikan network 11.11.11.11/32 sudah tidak
ada.
R2
R2#sh ip bgp
BGP table version is 5, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 24.24.24.4 0 0 4 i
*>i11.11.11.11/32 12.12.12.1 0 100 0 i
*> 22.22.22.22/32 0.0.0.0 0 32768 i
*> 33.33.33.33/32 23.23.23.3 0 100 0 (3) i

R3#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 23.23.23.2 0 100 0 (12) 4 i
*> 22.22.22.22/32 23.23.23.2 0 100 0 (12) i
*> 33.33.33.33/32 0.0.0.0 0 32768 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 204

R2
R2#sh ip bgp 11.11.11.11
BGP routing table entry for 11.11.11.11/32, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised
outside local AS)
Not advertised to any peer
Local
12.12.12.1 from 12.12.12.1 (11.11.11.11)
Origin IGP, metric 0, localpref 100, valid, confed-internal, best
Community: local-AS

Kesimpulannya :
• Internet : advertise prefix kemanapun gak ada
• No-advertise : jangan advertise network kemanapun
• No-export : jangan advertise network ke e BGP manapun
• Local AS : jangan advertise network ke luar SUB-AS ( Berlaku untuk BGP
Confederation )

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 205

LAB 9. BGP Attribute ( Community LIST )

Selain menggunakan teknik sebelumnya, kita juga bisa menggunakan numerik

community, terlebih dahulu kita hapus konfig BGP dan EIGRP pada lab
sebelumnya.

R1-R4
R1(config)#no router eigrp 10
R2(config)#no router eigrp 10
R1(config)#no router bgp 12
R2(config)#no router bgp 12
R3(config)#no router eigrp 10
R3(config)#no router bgp 3
R4(config)#no router bgp 4

Konfigurasikan BGP pada semua router

R1
R1(config)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 remote-as 2
R1(config-router)#exit

R2
R2(config)#router bgp 2
R2(config-router)#neighbor 12.12.12.1 remote-as 1
R2(config-router)#neighbor 23.23.23.3 remote-as 3
R2(config-router)#neighbor 24.24.24.4 remote-as 4
R3
R3(config)#router bgp 3
R3(config-router)#neighbor 23.23.23.2 remote-as 2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 206

 R4
R4(config)#router bgp 4
R4(config-router)#neighbor 24.24.24.2 remote-as 2
R4(config-router)#network 4.4.4.4 mask 255.255.255.255
R4(config-router)#exit

Kita cek apakah R2 (ISP 2) mendapatkan prefix dari customer (R4)

R2
R2(config)#do sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 24.24.24.4 0 04i

Ok sudah ada, sekarang kita lanjut konfigurasi communitynya.

R2
R2(config)#ip community-list 1 permit 2:24
R2(config)#route-map P
R2(config)#route-map PREPEND permit
R2(config-route-map)#match community 1
R2(config-route-map)#set as prepend 2 2 2 2
R2(config-route-map)#exit
R2(config)#route-map PREPEND permit 20

Kemudian kita terapkan ke R3 (ISP3)

R2
R2(config)#router bgp 2
R2(config-router)#neighbor 23.23.23.3 route-map PREPEND out
R2(config-router)#exit

Kemudian kita konfigurasi di bagian router customer

R4
R4(config)#ip prefix-list Loopback permit 4.4.4.4/32
R4(config)#route-map PREPEND_COMMUNITY permit 10
R4(config-route-map)#match ip address prefix-list LOOPBACK
R4(config-route-map)#set community 2:24
R4(config-route-map)#exit
R4(config)#route-map PREPEND_COMMUNITY permit 20
R4(config-route-map)#exit
R4(config)#router bgp 4
R4(config-router)#neighbor 24.24.24.2 route-map

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 207

 PREPEND_COMMUNITY out
R4(config-router)#neighbor 24.24.24.2 send-community
R4(config-router)#exit
R4(config)#do clear ip bgp *

Kita verifikasi pada R2

R2
R2(config)#do show ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
1 2
24.24.24.4 from 24.24.24.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 131096
Untuk nilai communitynya masih menggunakan 32 bit dalam bentuk
decimal. Untuk merubah kedalam 16 bit, kita tulis command dibawah ini.

R2
R2(config)#ip bgp-community new-format

Kita verifikasi kembali

R2
R2(config)#do sh ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.4/32, version 7
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
4
24.24.24.4 from 24.24.24.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: 2:24

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 208

Kita cek pada R3, pastikan network 4.4.4.4 untuk AS-Prependnya
sudah ditambahkan
R3
R3(config)#do sh ip bgp
BGP table version is 7, local router ID is 33.33.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 4.4.4.4/32 23.23.23.2 0222224i

Berhasil,…

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 209

LAB 10. BGP Aggregator

Kita masih menggunakan topologi pada lab sebelumnya. Kita tambahkan

beberapa ip loopback di R4 yang nantinya akan di aggregate.

R4
R4(config)#int lo1
R4(config-if)#ip add 4.1.1.1 255.255.255.255
R4(config-if)#int lo2
R4(config-if)#ip add 4.2.1.1 255.255.255.255
R4(config-if)#int lo3
R4(config-if)#ip add 4.3.1.1 255.255.255.255
R4(config-if)#int lo4
R4(config-if)#ip add 4.4.1.1 255.255.255.255
R4(config-if)#int lo5
R4(config-if)#ip add 4.5.1.1 255.255.255.255
R4(config-if)#int lo6
R4(config-if)#ip add 4.6.1.1 255.255.255.255

Kita advertise ke BGP

R4
R4(config)#router bgp 4
R4(config-router)#network 4.1.1.1 mask 255.255.255.255
R4(config-router)#network 4.2.1.1 mask 255.255.255.255
R4(config-router)#network 4.3.1.1 mask 255.255.255.255
R4(config-router)#network 4.4.1.1 mask 255.255.255.255
R4(config-router)#network 4.5.1.1 mask 255.255.255.255
R4(config-router)#network 4.6.1.1 mask 255.255.255.255

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 210

Kemudian kita cek pada R2
R2
R2(config)#do sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.1.1.1/32 24.24.24.4 0 04i
*> 4.2.1.1/32 24.24.24.4 0 04i
*> 4.3.1.1/32 24.24.24.4 0 04i
*> 4.4.1.1/32 24.24.24.4 0 04i
*> 4.4.4.4/32 24.24.24.4 0 04i
*> 4.5.1.1/32 24.24.24.4 0 04i
*> 4.6.1.1/32 24.24.24.4 0 04i
Kita lakukan aggregate di R4
R4
R4(config)#router bgp 4
R4(config-router)#aggregate-address 4.0.0.0 255.248.0.0
Kita cek kembali BGP Route di R2
R2
R2(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.0.0.0/13 24.24.24.4 0 04i
*> 4.1.1.1/32 24.24.24.4 0 04i
*> 4.2.1.1/32 24.24.24.4 0 04i
*> 4.3.1.1/32 24.24.24.4 0 04i
*> 4.4.1.1/32 24.24.24.4 0 04i
*> 4.4.4.4/32 24.24.24.4 0 04i
*> 4.5.1.1/32 24.24.24.4 0 04i
*> 4.6.1.1/32 24.24.24.4 0 04i

R2
R2(config)#do show ip bgp 4.0.0.0/13
BGP routing table entry for 4.0.0.0/13, version 14
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
4, (aggregated by 4 4.4.4.4)
24.24.24.4 from 24.24.24.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
Community: 2:24

Kita lakukan aggregate single route di R4

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 211

 R4
R4(config)#router bgp 4
R4(config-router)#aggregate-address 4.0.0.0 255.248.0.0 summary-only

Kita cek kembali BGP Route di R2

R2(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 4.0.0.0/13 24.24.24.4 0 0 4 i

Berikutnya kita konfigurasikan Aggregate Suppress Map di R4

R4
R4(config)#access-list 1 permit host 4.2.1.1
R4(config)#access-list 1 permit host 4.3.1.1
R4(config)#access-list 1 permit host 4.4.1.1
R4(config)#access-list 1 deny any

R4(config)#do show ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 4.0.0.0/13 0.0.0.0 32768 i
*> 4.1.1.1/32 0.0.0.0 0 32768 i
s> 4.2.1.1/32 0.0.0.0 0 32768 i
s> 4.3.1.1/32 0.0.0.0 0 32768 i
s> 4.4.1.1/32 0.0.0.0 0 32768 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 4.5.1.1/32 0.0.0.0 0 32768 i
*> 4.6.1.1/32 0.0.0.0 0 32768 i

Kita cek kembali BGP Route di R2

R2
R2(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 4.0.0.0/13 24.24.24.4 0 04i
*> 4.1.1.1/32 24.24.24.4 0 04i
*> 4.4.4.4/32 24.24.24.4 0 04i
*> 4.5.1.1/32 24.24.24.4 0 04i
*> 4.6.1.1/32 24.24.24.4 0 04i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 212

LAB 11. BGP Dual Homing – ISP sama
BGP Dualhoming yaitu Dua Link ke ISP yang sama dengan fitur sebagai berikut
a. Main-Backup Mode
b. Load Sharing Mode
Sedangkan BGP multihoming yaitu Dua Link ke ISP yang berbeda dengan fitur :
a. Main-Backup Mode
b. Load Sharing Mode

Konfigurasi Dasar
R1
R1(config)#int g1/0
R1(config-if)#ip add 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int g2/0
R1(config-if)#ip add 13.13.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#int loopback 0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 remote-as 23
R1(config-router)#neighbor 13.13.13.3 remote-as 23
R1(config-router)#network 1.1.1.1 mask 255.255.255.255

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 213

R2
R2(config)#int g2/0
R2(config-if)#ip add 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#int f0/0
R2(config-if)#ip add 23.23.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#int g1/0
R2(config-if)#ip add 24.24.24.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#int lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#router bgp 23
R2(config-router)#neighbor 12.12.12.1 remote-as 1
R2(config-router)#neighbor 23.23.23.3 remote-as 23
R2(config-router)#neighbor 24.24.24.4 remote-as 4
R2(config-router)#network 2.2.2.2 mask 255.255.255.255
R2(config-router)#neighbor 23.23.23.3 next-hop-self

R3
R3(config)#int g1/0
R3(config-if)#ip add 13.13.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#int f0/0
R3(config-if)#ip add 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#int g2/0
R3(config-if)#ip add 34.34.34.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#router bgp 23
R3(config-router)#neighbor 13.13.13.1 remote-as 1
R3(config-router)#neighbor 23.23.23.2 remote-as 23
R3(config-router)#neighbor 34.34.34.4 remote-as 4
R3(config-router)#neighbor 23.23.23.2 next-hop-self

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 214

 R4
R4(config)#int g1/0
R4(config-if)#ip add 24.24.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#int g2/0
R4(config-if)#ip add 34.34.34.4 255.255.255.0
R4(config-if)#no shutdown
R4(config)#int lo0
R4(config-if)#ip add 4.4.4.4 255.255.255.255
R4(config)#router bgp 4
R4(config-router)#neighbor 24.24.24.2 remote-as 23
R4(config-router)#neighbor 34.34.34.3 remote-as 23s

R4(config-router)#network 4.4.4.4 mask 255.255.255.255

Kita lakukan verifikasi

R1
R1(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 2.2.2.2/32 13.13.13.3 0 23 i
*> 12.12.12.2 0 0 23 i
* 4.4.4.4/32 13.13.13.3 0 23 4 i
*> 12.12.12.2 0 23 4 i

Kesimpulannya, walaupun sudah menggunakan 2 link, namun tetap saja hanya

1 link yang digunakan. Sekarang kita akan shutdown port int s0/0
(12.12.12.1/24) sehingga paket tidak lagi melalui R2.
R1
R1(config)#int g1/0
R1(config-if)#shutdown

R1
R1(config)#do sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 4.4.4.4/32 13.13.13.3 0 23 4 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 215

R1
R1(config)#do show ip route bgp
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 13.13.13.3, 00:03:06

Oke. Saat ini linknya sudah berpindah melalui R3. Kemudian, kita tes kembali
dengan cara kita no shutdown pada port yang menuju ke R2.

R1
R1(config)#int g1/0
R1(config-if)#no sh

R1
R1#sh ip bgp
BGP table version is 5, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 4.4.4.4/32 12.12.12.2 0 23 4 i
*> 13.13.13.3 0 23 4 i

R1
R1#sh ip route bgp
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 13.13.13.3, 00:32:17

Ternyata hasilnya menarik, tidak mau otomatis pindah ke R2 lagi. Agar

memastikan link ke R2 menjadi main link, maka kita konfigurasikan attribute
weight.
R1
R1(config)#route-map WEIGHT
R1(config-route-map)#set weight 100

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 216

R1(config-route-map)#exit
R1(config)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 route-map WEIGHT in
R1(config-router)#exit
R1(config)#do clear ip bgp *

R1
R1#sh ip bgp
BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 4.4.4.4/32 12.12.12.2 100 23 4 i
* 13.13.13.3 0 23 4 i

R1
R1#sh ip route bgp
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 12.12.12.2, 00:02:09

Terlihat sekarang linknya melalui R2 kembali. Kemudian kita tes lagi shutdown
interface ke R2.

R1
R1(config)#int g1/0
R1(config-if)#shutdown

R1
R1(config)#do sh ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 4.4.4.4/32 13.13.13.3 0 23 4 i

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 217

 R1
R1(config)#do sh ip route bgp
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 12.12.12.2, 00:00:02

Oke sekarang jalur kembali menggunakan main linknya kembali yakni melalui
R2. Selain untuk mengatur trafik keluar, kita juga bisa mengatur trafik yang
dating dengan menggunakan (MED).

Kita konfigurasikan di R1.

R1
R1(config)#router bgp 1
R1(config-router)#ip access-list standard LAN
R1(config-std-nacl)#permit 1.1.1.1
!
R1(config-std-nacl)#route-map R2MED permit 10
R1(config-route-map)#match ip address LAN
R1(config-route-map)#set metric 110
!
R1(config)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 route-map R2MED out
R1(config-router)#neighbor 13.13.13.3 route-map R3MED out

Verifikasi
R3
R3#sh ip route 1.1.1.1
Routing entry for 1.1.1.1/32
Known via "bgp 23", distance 20, metric 100
Tag 1, type external
Last update from 13.13.13.1 00:00:10 ago
Routing Descriptor Blocks:
* 13.13.13.1, from 13.13.13.1, 00:00:10 ago
Route metric is 100, traffic share count is 1
AS Hops 1
Route tag 1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 218

R2
R2(config)#do show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 23
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
3
1
23.23.23.3 from 23.23.23.3 (34.34.34.3)
Origin IGP, metric 100, localpref 100, valid, internal, best
1
12.12.12.1 from 12.12.12.1 (1.1.1.1)
Origin IGP, metric 110, localpref 100, valid, external

R2
R2(config)#do show ip bgp
BGP table version is 24, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 23.23.23.3 100 100 0 1 i
* 12.12.12.1 110 01i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
* i4.4.4.4/32 23.23.23.3 0 100 04i
*> 24.24.24.4 0 04i

R2
R2#traceroute 1.1.1.1 source 2.2.2.2
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 23.23.23.3 20 msec 20 msec 8 msec
2 13.13.13.1 28 msec 24 msec 8 msec
Seperti yang kita lihat diatas, maka dari R2 (AS 23) untuk menuju ke R1 (AS 1)
akan melalui R3 terlebih dahulu.

Selain kita menggunakan attribute MED, kita juga bisa menggunakan attribute
AS-Path. Terlebih dahulu kita hapus konfigurasi MED sebelumnya.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 219

 R1
R1(config)#router bgp 1
R1(config-router)#no neighbor 12.12.12.2 route-map R2MED out
R1(config-router)#no neighbor 13.13.13.3 route-map R3MED out

Kita konfigurasikan AS-Path

R1
R1(config)#router bgp 1
R1(config-router)#neighbor 12.12.12.2 route-map AS-PREPEND out
R1(config-router)#route-map AS-PREPEND
R1(config-route-map)#set as-path prepend 1 1 1
R1(config-route-map)#do clear ip bgp *

Kemudian kita verifikasi

R2
R2#sh ip bgp
BGP table version is 29, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 23.23.23.3 0 100 0 1 i
* 12.12.12.1 0 01111i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
* i4.4.4.4/32 23.23.23.3 0 100 0 4 i
*> 24.24.24.4 0 04i

R2
R2#sh ip route bgp
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [200/0] via 23.23.23.3, 00:05:20
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 24.24.24.4, 02:23:15

R2
R2#traceroute 1.1.1.1 source 2.2.2.2
Tracing the route to 1.1.1.1
1 23.23.23.3 20 msec 20 msec 24 msec
2 13.13.13.1 20 msec 24 msec 12 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 220

 R3
R3#sh ip bgp
BGP table version is 18, local router ID is 34.34.34.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 13.13.13.1 0 01i
*>i2.2.2.2/32 23.23.23.2 0 100 0 i
* i4.4.4.4/32 23.23.23.2 0 100 0 4 i
*> 34.34.34.4 0 04i

R4
R4#sh ip bgp
BGP table version is 13, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 34.34.34.3 0 23 1 i
*> 24.24.24.2 0 23 1 i
* 2.2.2.2/32 34.34.34.3 0 23 i
*> 24.24.24.2 0 0 23 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i

R4
R4#trace 1.1.1.1 source 4.4.4.4
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 24.24.24.2 8 msec 24 msec 20 msec
2 23.23.23.3 16 msec 20 msec 20 msec
3 13.13.13.1 44 msec 48 msec 32 msec

Sekarang, kita berlanjut ke lab berikutnya yaitu Load Sharing. Terlebih dahulu
kita hapus konfigurasi AS-Path dan Weight sebelumnya, BGP secara default
hanya akan menggunakan 1 jalur saja. Untuk dapat menggunakan lebih dari
satu jalru kita perlu setting maximum path terlebih dahulu.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 221

R1
R1(config)#router bgp 1
R1(config-router)#no neighbor 12.12.12.2 route-map AS-PREPEND out
R1(config-router)#no neighbor 12.12.12.2 route-map WEIGHT in
R1(config-router)#maximum-paths ?
<1-32> Number of paths
ibgp iBGP-multipath
R1(config-router)#maximum-paths 2
R1(config-router)#do clear ip bgp * soft

R1
R1(config)#do show ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 2.2.2.2/32 13.13.13.3 0 23 i
*> 12.12.12.2 0 0 23 i
* 4.4.4.4/32 13.13.13.3 0 23 4 i
*> 12.12.12.2 0 23 4 i

Tanda Best (>) nya hanya menunjuk ke jalur R3 saja.

R1
R1(config)#do show ip route bgp
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 13.13.13.3, 00:04:47
[20/0] via 12.12.12.2, 00:23:23
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 13.13.13.3, 00:04:47
[20/0] via 12.12.12.2, 00:23:23
Ketika kita menampilkan show ip route, hanya menunjuk ke satu jalur saja.
R1
R1(config)#do show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "bgp 1", distance 20, metric 0
Tag 23, type external
Last update from 13.13.13.3 00:05:53 ago
Routing Descriptor Blocks:

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 222

 13.13.13.3, from 13.13.13.3, 00:05:53 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 23
* 12.12.12.2, from 12.12.12.2, 00:24:29 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 23
Kita lakukan traceroute agar tahu kedua jalurnya bisa digunakan bersamaan.
R1
R1#traceroute 4.4.4.4 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 12.12.12.2 28 msec
13.13.13.3 20 msec
12.12.12.2 20 msec
2 34.34.34.4 40 msec
24.24.24.4 36 msec
34.34.34.4 32 msec

Akhirnya berhasil.
BGP Attribute :
▪ Weight (highest)
▪ Local-Preference (highest)
▪ Locally Originated
▪ AS-Path (shortest)
▪ Origin (IGP>EGP>?)
▪ MED (lowest)

Attribute Direction Applied Traffic Flow Affected

Weight Inbound Outbound
Local-Preference Inbound Outbound
AS-Path Outbound Inbound
MED Outbound Inbound

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 223

 LAB 12. BGP Multihoming 2 ISP Berbeda

Untuk topologynya berubah sedikit dan konfigurasi peeringnya otomatis juga

berubah, hapus terlebih dahulu konfig bgp pada semua router.

R1, R2, R3, R4

R1(config)#no router bgp 1
R2(config)#no router bgp 23
R3(config)#no router bgp 23
R4(config)#no router bgp 4

Kita konfigurasi BGP pada semua router

R1
R1(config)#router bgp 1
R1(config-router)#network 1.1.1.1 mask 255.255.255.255
R1(config-router)#neighbor 12.12.12.2 remote-as 2
R1(config-router)#neighbor 13.13.13.3 remote-as 3
R1(config-router)#maximum-paths 2

R2
R2(config)#router bgp 2
R2(config-router)#neighbor 12.12.12.1 remote-as 1
R2(config-router)#neighbor 24.24.24.4 remote-as 4

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 224

 R3
R3(config)#router bgp 3
R3(config-router)#neighbor 13.13.13.1 remote-as 1
R3(config-router)#neighbor 34.34.34.4 remote-as 4

R4
R4(config)#router bgp 4
R4(config-router)#network 4.4.4.4 mask 255.255.255.255
R4(config-router)#neighbor 24.24.24.2 remote-as 2
R4(config-router)#neighbor 34.34.34.3 remote-as 3

R1
R1#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*> 4.4.4.4/32 12.12.12.2 024i
* 13.13.13.3 034i

R1
R1#sh ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "bgp 1", distance 20, metric 0
Tag 2, type external
Last update from 12.12.12.2 00:11:11 ago
Routing Descriptor Blocks:
* 12.12.12.2, from 12.12.12.2, 00:11:11 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2

R1
R1#traceroute 4.4.4.4 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 12.12.12.2 4 msec 40 msec 8 msec
2 24.24.24.4 56 msec 44 msec 32 msec

Kita bisa melihat bahwa walaupun sudah dikonfigurasikan maxium-path 2

namun tetap saja tidak load sharing, melainkan hanya berfungsi sebagai main

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 225

backup saja. Agar bisa load sharing melalui 2 ISP berbeda gunakan sebagai
berikut.

R1
R1(config)#router bgp 1
R1(config-router)#bgp bestpath as-path multipath-relax
R1(config-router)#do clear ip bgp *

R1
R1(config)#do show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 4.4.4.4/32 13.13.13.3 034i
*> 12.12.12.2 024i

R1
R1(config)#do show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "bgp 1", distance 20, metric 0
Tag 2, type external
Last update from 12.12.12.2 00:06:26 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:06:26 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2
12.12.12.2, from 12.12.12.2, 00:06:26 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2
R1
R1#traceroute 4.4.4.4 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 12.12.12.2 40 msec
13.13.13.3 28 msec
12.12.12.2 20 msec
2 34.34.34.4 40 msec
24.24.24.4 32 msec
34.34.34.4 44 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 226

Ok sekarang sudah load sharing. Saat ini permasalahannya adalah seadainya
bandwidth antara kedua link tersebut adalah berbeda, maka bagaimana
proses sharing antar kedua link tersebut bisa berjalan.

R1
R1(config)#int g1/0
R1(config-if)#bandwidth 1000
R1(config-if)#int g2/0
R1(config-if)#bandwidth 2000
R1(config-if)#do clear ip bgp * soft

Kemudian kita cek lagi

R1
R1(config)#do show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "bgp 1", distance 20, metric 0
Tag 2, type external
Last update from 12.12.12.2 00:25:22 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:25:22 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2
12.12.12.2, from 12.12.12.2, 00:25:22 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2

Setelah kita lihat, ternyata masih 1:1 padahal bandwidthnya berbeda. Hal ini
tentunya akan memunculkan permasalahan, terutama apabila link satu
dengan link lain bandiwidthnya terpaut jauh.

Sehingga perlu kita konfigurasikan sebagai berikut

R1
R1(config)#router bgp 1
R1(config-router)#bgp dmzlink-bw
R1(config-router)#neighbor 12.12.12.2 dmzlink-bw
R1(config-router)#neighbor 13.13.13.3 dmzlink-bw
R1(config-router)#do clear ip bgp * soft

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 227

 R1
R1(config)#do show ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 4.4.4.4/32 13.13.13.3 034i
*> 12.12.12.2 024i

R1
R1(config)#do show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "bgp 1", distance 20, metric 0
Tag 2, type external
Last update from 12.12.12.2 00:18:51 ago
Routing Descriptor Blocks:
* 13.13.13.3, from 13.13.13.3, 00:18:51 ago
Route metric is 0, traffic share count is 2
AS Hops 2
Route tag 2
12.12.12.2, from 12.12.12.2, 00:18:51 ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag 2

Seperti yang terlihat bahwa sekarang load sharingnya sudah dalam

perbandingan yang baik, sehingga kedua link tersebut bisa digunakan sesuai
kemampuannya.
R1
R1#traceroute 4.4.4.4 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 12.12.12.2 56 msec
13.13.13.3 40 msec 24 msec
2 24.24.24.4 36 msec
34.34.34.4 32 msec 36 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 228

 VPN
TECHNOLOGIES

"Bermimpilah setinggi langit, jika engkau jatuh,

engkau masih jatuh di antara bintang." (Soekarno)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 229

 Lab 1. Gre Tunnel

Oke Guys kali ini kiata akan masuk pada bab VPN, nah VPN ini biasa digunakan
untuk menghubungkan 2 jaringan local yang terpisah melalui Internet. Contoh
nyaa kita mempunyai 1 kantor cabang dan 1 kantor pusat. Kantor Pusat memiliki
resource server yang biasa digunakan untuk memanagement seluruh jaringan
kantor cabang.
Kita ingin agar Jaringan local yang ada di kantor pusat dapat berkomunikasi
dengan jaringan local yang ada di kantor cabang melalui internet , maka masalah
itu dapat di selesaikan menggunakan teknik VPN ini. Cara kerjanya kedua router
akan membuat sebuah jalur Tunnel (Terowongan) untuk dapat berkomunikasi.
Tunnel yang paling simple yang biasa digunakan adalah GRE Tunnel.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 230

Konfigurasi Dasar :
R1
R1(config)#interface f0/0
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface f0/1
R1(config-if)#ip address 13.13.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface lo0
R1(config-if)#ip add 8.8.8.8 255.255.255.255
R1(config-if)#exit

R2
R2(config)#interface f0/0
R2(config-if)#ip address 12.12.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface lo0
R2(config-if)#ip add 2.2.2.2 255.255.255.255
R2(config-if)#exit

R3
R3(config)#interface f0/0
R3(config-if)#ip add 13.13.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface lo0
R3(config-if)#ip add 3.3.3.3 255.255.255.255
R3(config-if)#exit

Tambahkan Default route di R2 dan R3

R2 dan R3
R2(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.1
R3(config)#ip route 0.0.0.0 0.0.0.0 13.13.13.1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 231

 Lakukan Verifikasi,.
R2 dan R3
R2(config)#do ping 8.8.8.8 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/64 ms
========================================================
R3(config)#do ping 3.3.3.3
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Dan sekarang kita akan lakukan membuat interface tunnel nya antara kantor
pusat dan cabang,.
R2
R2(config)#interface tunnel23
R2(config-if)#tunnel source f0/0
R2(config-if)#tunnel destination 13.13.13.3
R2(config-if)#ip address 172.16.10.1 255.255.255.252
R2(config-if)#exit

R3
R2(config)#interface tunnel23
R R2(config-if)#tunnel source f0/0
R2(config-if)#tunnel destination 12.12.12.2
R2(config-if)#ip address 172.16.10.2 255.255.255.252
R2(config-if)#exit

Lakukan verifikasi pada R2 dan pastikan sudah “up” ya gaes dan kita lakukan
ping.
R2
R2(config)#do show int tunnel 23 | i protocol
Tunnel23 is up, line protocol is up
Tunnel protocol/transport GRE/IP
0 unknown protocol drops
=============================================================
R2(config)#do ping 172.16.10.2
Sending 5, 100-byte ICMP Echos to 172.16.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/38/116 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 232

Oke nih gaess sekarang interface tunnel nya sudah up dan sudah berhasil,
sekarang kita akan konfigurasi routing EIGRP nya
R2 ---> Kantor Pusat
R2(config)#router eigrp 23
R2(config-router)#network 172.16.10.1 0.0.0.0
R2(config-router)#network 2.2.2.2 0.0.0.0
R2(config-router)#no auto-summary
R2(config-router)#exit

R3 --- >Kantor Cabang

R3(config)#router eigrp 23
R3(config-router)#network 3.3.3.3 0.0.0.0
R3(config-router)#network 172.16.10.2 0.0.0.0
R3(config-router)#no auto-summary

Verifikasi pada routing table R2 dan R3

R2
R2(config)#do show ip route eigrp
3.0.0.0/32 is subnetted, 1 subnets
D…………3.3.3.3 [90/27008000] via 172.16.10.2, 00:00:32, Tunnel23

R3
R3(config)#do show ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D……….2.2.2.2 [90/27008000] via 172.16.10.1, 00:01:46, Tunnel32

Cek Ping
R2
R2(config)#do ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/31/44 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 233

 R3
R3(config)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/35/52 ms

Maka jika kita traceroute maka traffic nya akan diarahkan via interface tunnel
R2
R2#traceroute 3.3.3.3 source 2.2.2.2
Type escape sequence to abort. Tracing the route to 3.3.3.3

1 172.16.10.2 52 msec 20 msec 36 msec

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 234

Lab 2. IPSEC Tunnel Mode

Nah guys dikarenakan GRE Tunnel tidak melakukan enskripsi maka rentan
sekali dia untuk terkena Decrypt, nah pada kali ini ada solusi untuk
mengenkripsi yaitu dengan cara mengkombinasikan GRE tunnel dengan
IPsec, pada ipsec terdapat 2 phase IKE nih temen-temen, :

1. Bertugas membangun dan membentuk koneksi awal dengan peer

2. Bertugas untuk mengenkripsi dan authentication transport data

Nah sampai sini faham ya gaesss, sekarang kita akan lanjut konfigurasi nya ya.
Untuk lanjut konfigurasi ini, kita akan hapus dulu konfigurasi sebelumnya:
R2 dan R3
R2(config)#no router eigrp 23
R2(config)#no interface tunnel23
R3(config)#no interface tunnel32
R3(config)#no router eigrp 23

Konfigurasi ISAKMP nya phase 1 dan Phase 2

R2
R2(config)#crypto isakmp policy 1
R2(config-isakmp)#encryption aes
R2(config-isakmp)#hash sha
R2(config-isakmp)#authentication pre-share
R2(config-isakmp)#group 2
R2(config-isakmp)#crypto isakmp key 0 IDNJOS address 13.13.13.3
!

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 235

 R2(config)#crypto ipsec transform-set ROSLIANA esp-aes esp-sha-hmac
R2(config)#crypto map ROSLIANA12A 10 ipsec-isakmp
R2(config-crypto-map)#set peer 13.13.13.3
R2(config-crypto-map)#set transform-set ROSLIANA
R2(config-crypto-map)#match address 100
R2(config-crypto-map)#access-list 100 permit ip host 2.2.2.2 host 3.3.3.3

Jangan lupa ya teman-teman, kita konfigurasikan isakmp phase 1 dan 2 juga

pada R3.
R3
R3(config)#crypto isakmp policy 1
R3(config-isakmp)#encryption aes R3(config-isakmp)#hash sha
R3(config-isakmp)#authentication pre-share
R3(config-isakmp)#group 2
!
R3(config-isakmp)#crypto isakmp key 0 IDNJOS address 12.12.12.2
!
R3(config)#crypto ipsec transform-set ROSLIANA esp-aes esp-sha-hmac
R3(cfg-crypto-trans)#crypto map ROSLIANA12A 10 ipsec-isakmp
R3(config-crypto-map)#set peer 12.12.12.2
R3(config-crypto-map)#set transform-set ROSLIANA
R3(config-crypto-map)#match address 100
R3(config-crypto-map)#access-list 100 permit ip host 3.3.3.3 host 2.2.2.2

Selanjutnya kita akan pasang static routing dan crypto map di R2 dan R3.
R2
R2(config)#ip route 3.3.3.3 255.255.255.255 13.13.13.3
R2(config)#int fa0/0
R2(config-if)#crypto map IDNSCHOOL

R3
R3(config)#ip route 2.2.2.2 255.255.255.255 12.12.12.2
R R3(config)#int fa0/0
R3(config-if)#crypto map IDNSCHOOL

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 236

Sekarang kita akan lakukan verifikasi apakah sudah UP ??
R2
R2(config)#do show crypto session
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
IKE SA: local 12.12.12.2/500 remote 13.13.13.3/500 Active
IPSEC FLOW: permit ip host 2.2.2.2 host 3.3.3.3
Active SAs: 2, origin: crypto map

R3
R3#show crypto session
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
IKE SA: local 13.13.13.3/500 remote 12.12.12.2/500 Active
IPSEC FLOW: permit ip host 3.3.3.3 host 2.2.2.2
Active SAs: 2, origin: crypto map

R3
R3#show crypto ipsec sa

interface: FastEthernet0/0
Crypto map tag: ROSLIANA12A, local addr 13.13.13.3
protected vrf: (none)
local ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/0/0)
current_peer 12.12.12.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 5, #recv errors 0

local crypto endpt.: 13.13.13.3, remote crypto endpt.: 12.12.12.2

path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 237

 current outbound spi: 0x4F0F0D33(1326386483)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x7CAFE9D5(2091903445)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: SW:1, sibling_flags 80000046, crypto map:
ROSLIANA12A
sa timing: remaining key lifetime (k/sec): (4593143/1916)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x4F0F0D33(1326386483)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: SW:2, sibling_flags 80000046, crypto map:
ROSLIANA12A
sa timing: remaining key lifetime (k/sec): (4593141/1916)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:

Cek Ping :
R2
R2(config)#do ping 3.3.3.3 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/75/92 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 238

 DMVPN
( Dynamic Multipoin Virtual Private Network )

“Perubahan itu menyakitkan, Ia menyebabkan orang merasa

tidak aman, bingung, dan marah. Orang menginginkan hal
seperti sediakala, karena mereka ingin hidup yang mudah” -
Richard Marcinko.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 239

DMVPN – Phase (Teori)
Dalam LAB kali ini, kita akan menggunakan 3 phase :

DMVPN Phase 1
• Hub menggunakan mGRE tunnel
• Spokes menggunakan GRE tunnel
• Multicast & Unicast hanya terjadi antara HUB dan SPOKE
(antar spoke berkomunikasi melalui hub )
• Tidak membutuhkan command ip nhrp map multicast dynamic atau ip nhrp
map multicast x.x.x.x jika tidak menggukanakan routing protocol

DMVPN Phase 2
• Hub menggunakan mGRE tunnel
• Spoke menggukan mGRE tunnel
• Antar spoke saling berkomunikasi secara langsung/directly

DMVPN Phase 3
Sama seperti phase 2, namun menggunakan command “no next-hop-self eigrp”
• ip nhrp redirect di HUB
• ip nhrp shortcut di SPOK

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 240

 Lab 1. Phase 1 Dynamic Mapping
Topologi LAB

Metode LAB
• Gunakan topologi di atas, konfigurasikan pengalamatan ip standard IDN
• Konfigurasi Default di R1, R2 dan R3
• Konfigurasi MGRE tunnel di HUB dan GRE tunnel di spoke
• Konfigurasikan dynamic mapping, gunakan perintah ip nhrp nhs
pada SPOKE untuk request ke HUB
Dalam LAB ini, kita akan mengkonfigurasi :
• HUB menggunakan MGRE tunnel
• SPOKE menggunakan GRE tunnel
• Untuk ip private/tunnel,berikut konfigurasinya :
- R1-HUB = 192.168.100.1/24
- R2-Spoke1 = 192.168.100.2/24
- R3-Spoke2 = 192.168.100.3/24
• Multicast dan unicast hanya di antara HUB dan SPOKE

3. Verifikasi LAB
• Pastikan default route jalan, semua router dapat melakukan ping
• Pastikan HUB mempunyai 2 peers, digunakan perintah showdmvpn
• pastikan ip tunnel sudah benar, gunakan perintah show ip nhrp

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 241

Konfigurasi :

HUB
R1(config)#hostname HUB
R1(config)#int f0/0
R1(config-if)#ip address 12.12.12.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#exit
R1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2

SPOKE-1
Spoke-1#config t
Spoke-1(config)#hostname Spoke-1
Spoke-1(config)#int f0/0
Spoke-1(config-if)#ip add 23.23.23.1 255.255.255.0
Spoke-1(config-if)#no shutdown
Spoke-1(config-if)#exit
Spoke-1(config)#ip route 0.0.0.0 0.0.0.0 23.23.23.2

Spoke-2
Spoke-2(config)#interface fa0/0
Spoke-2(config-if)#ip add 24.24.24.1 255.255.255.0
Spoke-2(config-if)#no shutdown
Spoke-2(config-if)#exit
Spoke-2(config)#ip route 0.0.0.0 0.0.0.0 24.24.24.2

Internet
internet(config)#interface fa0/0
internet(config-if)#ip add 12.12.12.2 255.255.255.0
internet(config-if)#no shutdown
internet(config-if)#exit
internet(config)#interface fa1/0
internet(config-if)#ip add 23.23.23.2 255.255.255.0
internet(config-if)#no shutdown
internet(config-if)#exit
internet(config)#interface fa1/1
internet(config-if)#ip add 24.24.24.2 255.255.255.0
internet(config-if)#no shutdown

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 242

 R1
HUB#ping 23.23.23.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 23.23.23.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/98/152 ms
=============================================================
HUB#ping 24.24.24.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.24.24.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/74/104 ms

Nah sekarang kita akan konfigurasi Interface Tunnel nya nih gaess di setiap
router (pada spoke dan hub)
HUB
HUB(config)#interface tunnel0
HUB(config-if)#ip address 192.168.10.1 255.255.255.0
HUB(config-if)#tunnel source 12.12.12.1
HUB(config-if)#tunnel mode gre multipoint
HUB(config-if)#ip nhrp network-id 1
HUB(config-if)#ip nhrp authentication IDN
HUB(config-if)#exit

Spoke-1
Spoke-1(config)#interface tunnel0
Spoke-1(config-if)#ip add 192.168.10.2 255.255.255.0
Spoke-1(config-if)#tunnel source 23.23.23.1
Spoke-1(config-if)#tunnel destination 12.12.12.1
Spoke-1(config-if)#ip nhrp network-id 1
Spoke-1(config-if)#ip nhrp authentication IDN
Spoke-1(config-if)#ip nhrp map 192.168.10.1 12.12.12.1
Spoke-1(config-if)#ip nhrp nhs 192.168.10.1
Spoke-1(config-if)#exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 243

 Spoke-2
Spoke-2(config)#interface tunnel0
Spoke-2(config-if)#ip add 192.168.10.3 255.255.255.0
Spoke-2(config-if)#tunnel source 24.24.24.1
Spoke-2(config-if)#tunnel destination 12.12.12.1
Spoke-2(config-if)#ip nhrp network-id 1
Spoke-2(config-if)#ip nhrp authentication IDN
Spoke-2(config-if)#ip nhrp map 192.168.10.1 12.12.12.1
Spoke-2(config-if)#ip nhrp nhs 192.168.10.1
Spoke-2(config-if)#exit

Verifikasi :
HUB
HUB#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
=======================================================
Interface: Tunnel0, IPv4 NHRP Details Type:Hub, NHRP Peers:2,
# Int Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 23.23.23.1 ............................. 192.168.10.2 UP 00:12:19 D
1 24.24.24.1 192.168.10.3 UP 00:05:44 D

Cek NHRP Nya :

HUB
HUB#show ip nhrp
192.168.10.2/32 via 192.168.10.2 Tunnel0 created 00:12:36, expire
01:47:23 Type: dynamic, Flags: unique registered used
NBMA address: 23.23.23.1
192.168.10.3/32 via 192.168.10.3 Tunnel0 created 00:06:02, expire
01:53:57
Type: dynamic, Flags: unique registered used
NBMA address: 24.24.24.1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 244

Cek Ping Kepada Antar Tunnel, dan pastikan bisa berkomunikasi :
HUB
HUB#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/57/112 ms
=========================================================
R1#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/39/60 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 245

Lab 2. Phase 1 Dynamic Mapping With OSPF

Nah Pada lab Sekarang buat routing eigrp pada setiap router baik hub
atau spoke untuk menghubungkan jaringan local masing-masing spoke
atau hub, dalam hal ini ip loopback akan kita anggap sebagai ip jaringan
local kita gaessss.
HUB
HUB(config)#interface loopback0
HUB(config-if)#ip add 1.1.1.1 255.255.255.255
HUB(config-if)#exit
HUB(config)#interface tunnel0
HUB(config-if)#ip nhrp map multicast dynamic
HUB(config-if)#exit
HUB(config)#router eigrp 12
HUB(config-router)#network 1.1.1.1 0.0.0.0
HUB(config-router)#network 192.168.10.1 0.0.0.0
HUB(config-router)#no auto-summary
HUB(config-router)#interface tunnel0
HUB(config-if)#no ip split-horizon eigrp 12

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 246

 Spoke-1
Spoke-1(config)#interface loopback0
Spoke-1(config-if)#ip address 2.2.2.2 255.255.255.255
Spoke-1(config-if)#exit
Spoke-1(config)#interface tunnel0
Spoke-1(config-if)#ip nhrp map multicast 12.12.12.1
Spoke-1(config-if)#exit
Spoke-1(config)#router eigrp 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0
Spoke-1(config-router)#network 192.168.10.2 0.0.0.0
Spoke-1(config-router)#no auto-summary

Spoke-2
Spoke-2(config)#interface loopback0
Spoke-2(config-if)#ip address 3.3.3.3 255.255.255.255
Spoke-2(config-if)#exit
Spoke-2(config-if)#int tun0
Spoke-2(config-if)#ip nhrp map multicast 12.12.12.1
Spoke-2(config-if)#exit
Spoke-2(config)#router eigrp 12
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0
Spoke-2(config-router)#network 192.168.10.3 0.0.0.0
Spoke-2(config-router)#no auto-summary

Nah sekarang kita akan melakukan verifikasi nih gaesss….

HUB
HUB#ping 2.2.2.2 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
! !!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/88/124 ms

==============================================================
HUB#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
! !!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/66/84 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 247

Spoke-1
Spoke-1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/76/116 ms
Spoke-1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/106/144 ms

Spoke-2
Spoke-2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/71/80 ms
Spoke-2#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/114/160 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 248

Lab 3. Phase 1 Dynamic Mapping With OSPF

Nah sebelum, kita lanjur lab ini Hapus terlebih dahulu routing EIGRP yang
sebelumnya di router HUB, Spoke-1, Spoke-2 ya gaess….

HUB,Spoke-1, Spoke-2
no router eigrp 12

Konfigurasi routing ospf nya sekarang….

HUB
HUB(config)#router ospf 12
HUB(config-router)#network 1.1.1.1 0.0.0.0 area 0
HUB(config-router)#network 192.168.10.0 0.0.0.255 area 0
HUB(config-router)#int tun0
HUB(config-if)#ip ospf network broadcast

Spoke-1
Spoke-1(config)#router ospf 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0 area 0
Spoke-1(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-1(config-router)#int tun0
Spoke-1(config-if)#ip ospf network broadcast

Spoke-2
Spoke-2(config)#router ospf 12
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0 area 0
Spoke-2(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-2(config-router)#int tun0
Spoke-2(config-if)#ip ospf network broadcast

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 249

 Note :
Ada 2 jenis network type ospf yang dapat running di dmvpn, (broadcast &
point-to- multipoint), dengan catatan settingan network type point-to-
multipoint hanya di router hub saja. Dan jika menggunakan broadcast
maka ada pemilihan DR.

Nah Sekarang kita akan Lakukan Verifikasi :

HUB
HUB#show ip ospf int tun0
Tunnel0 is up, line protocol is up
Internet Address 192.168.10.1/24, Area 0, Attached via Network
Statement
Process ID 12, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1000
Topology-MTID Cost Disabled Shutdown Topology Name
0 1000 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 1.1.1.1, Interface address 192.168.10.1
Backup Designated router (ID) 3.3.3.3, Interface address 192.168.10.3
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:07
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 2.2.2.2
Adjacent with neighbor 3.3.3.3 (Backup Designated Router)
Suppress hello for 0 neighbor(s)

Coba sekarang kita laukan ping

Spoke-1
Spoke-1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/60/76 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 250

 !
Spoke-1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/92/108 ms

Coba Lakukan Cek Trcaceroute

Spoke-1
Spoke-1#traceroute 3.3.3.3
Type escape sequence to abort. Tracing the route to
3.3.3.3 VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.1 124 msec 48 msec 108 msec
2 192.168.10.3 164 msec 128 msec *
Spoke-1#traceroute 3.3.3.3
Type escape sequence to abort.Tracing the route to
3.3.3.3 VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.1 64 msec 180 msec 132 msec
2 192.168.10.3 160 msec 112 msec *

Pada phase 1 jika antar spoke ingin berkomunikasi maka hop pertama
akan diarahkan ke sisi hub terlebih dahulu.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 251

 Lab 4. Phase 1 With Ipsec

Oke Guys untuk lab selanjutnya kita masih menggunakan topology yang
sama ya gaesss Agar proses komunikasi dari hub ke spoke lebih aman
maka kita tambahkan ipsec, inti nya ipsec ini untuk lebih secure aja ya
teman-teman,.

Konfigurasikan IPSec Phase 1 pada semua router

HUB, Spoke-1,Spoke-2
HUB,Spoke1,Spoke2(config)#crypto isakmp policy 10
HUB,Spoke1,Spoke2(config-isakmp)#authentication pre-share
HUB,Spoke1,Spoke2(config-isakmp)#encryption aes128
HUB,Spoke1,Spoke2(config-isakmp)#group 5
HUB,Spoke1,Spoke2(config-isakmp)#hash sha

Nah setelah kita konfigurasi di sisi HUB,Spoke-1,Spoke-2 selanjutnya kita akan

Konfigurasi Peering ke sisi ipsec pada router masing-masing baik hub dan spoke
nya,.

HUB
HUB(config)#crypto isakmp key IDN_MANTAB address 23.23.23.1
HUB(config)#crypto isakmp key IDN_MANT
AB address 24.24.24.1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 252

 Spoke-1, Spoke-2
Spoke-1,Spoke-2(config)#crypto isakmp key IDN_MANTAB address 12.12.12.1

HUB
HUB(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha-
hmac
HUB(cfg-crypto-trans)#mode transport
HUB(cfg-crypto-trans)#exit
HUB(config)#crypto ipsec profile IDN_PROFILE
HUB(ipsec-profile)#set transform-set IDN_TRANSFORM

Spoke-1
Spoke-1(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha-hmac
Spoke-1(cfg-crypto-trans)#mode transport
Spoke-1(cfg-crypto-trans)#exit
Spoke-1(config)#crypto ipsec profile IDN_PROFILE
Spoke-1(ipsec-profile)#set transform-set IDN_TRANSFORM

Spoke-2
Spoke-2(config)#crypto ipsec transform-set IDN_TRANSFORM esp-aes esp-sha-hmac
Spoke-2(cfg-crypto-trans)#mode transport
Spoke-2(cfg-crypto-trans)#exit
Spoke-2(config)#crypto ipsec profile IDN_PROFILE
Spoke-2(ipsec-profile)#set transform-set IDN_TRANSFORM

Karena ip-sec cara kerja nya sama dengan vlan dimana harus di pasang di
interface nya. Maka ip-sec pun begitu harus di pasang di interface nya.
Hub, Spoke1 dan Spoke2
HUB,Spoke1,Spoke2(config)#int tun0
HUB,Spoke1,Spoke2(config-if)#tunnel protect ipsec profile IDN_PROFILE

Setelah setting ip-secdi interface tunnel, selanjutnya kita akan verfiksi ip-sec nya.
HUB
HUB#show crypto isakmp sa IPv4 Crypto ISAKMP SA
dst src state conn-id status
23.23.23.1 ................ 12.12.12.1 QM_IDLE 1003 ACTIVE
12.12.12.1 24.24.24.1 QM_IDLE 1002 ACTIVE
12.12.12.1 23.23.23.1 QM_IDLE 1001 ACTIVE
24.24.24.1 12.12.12.1 QM_IDLE 1004 ACTIVE
IPv6 Crypto ISAKMP SA

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 253

Verifikasi,.

Spoke-1
Spoke-1#show crypto isakmp sa IPv4 Crypto ISAKMP SA
dst src state conn-id status
12.12.12.1 23.23.23.1 QM_IDLE 1001 ACTIVE
23.23.23.1 12.12.12.1 QM_IDLE 1002 ACTIVE

IPv6 Crypto ISAKMP SA

!

R2
Spoke-2#show crypto isakmp sa IPv4 Crypto ISAKMP SA
dst src state conn-id status
12.12.12.1 24.24.24.1 QM_IDLE 1001 ACTIVE
24.24.24.1 12.12.12.1 QM_IDLE 1002 ACTIVE

IPv6 Crypto ISAKMP SA

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 254

Lab 5. Phase 2 Dynamic Mapping

Topologi LAB,.
1. Metode LAB
• Masih melanjutkan LAB berikutnya, hapus dulu interface tunnel di
semua router
• Hapus routing ospf 12 pada semua router
• Konfigurasikan dynamic mapping, gunakan perintah ip
nhrp nhs pada SPOKE untuk request ke HUB

• Konfigurasikan MGRE tunneling di semua router

2. Verifikasi :
➢ Pastikan type DMVPNnya dynamic, gunakan perintah show ip
nhrp / show dmvpn

➢ Pastikan di SPOKE ada 2 type map, yaitu static dan dynamic

3. Konfigurasi
Lab nya masih lanjut menggunakan topology sebelumnya
disini kita hanya perlu hapus tunnel sama routing nya saja.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 255

 HUB, Spoke-1,Spoke-2
no router ospf 12
no interface tunnel 0

Selanjutnya kita akan konfigurasikan tunnel baru

HUB
HUB(config)#interface tunnel0
HUB(config-if)#ip add 192.168.10.1 25
HUB(config-if)#ip add 192.168.10.1 255.255.255.0
HUB(config-if)#tunnel mode gre multipoint
HUB(config-if)#tunnel source 12.12.12.1
HUB(config-if)#ip nhrp network-id 1
HUB(config-if)#ip nhrp authentication IDN
HUB(config-if)#ip nhrp map multicast dynamic

Spoke-1
Spoke-1(config)#int tun0
Spoke-1(config-if)#ip add 192.168.10.2 255.255.255.0
Spoke-1(config-if)#tunnel mode gre multipoint
Spoke-1(config-if)#tunnel source 23.23.23.1
Spoke-1(config-if)#ip nhrp network-id 1
Spoke-1(config-if)#ip nhrp authentication IDN
Spoke-1(config-if)#ip nhrp map 192.168.10.1 12.12.12.1 Spoke-
1(config-if)#ip nhrp nhs 192.168.10.1
Spoke-1(config-if)#ip nhrp map multicast 12.12.12.1

Spoke-2
Spoke-2(config)#int tun0
Spoke-2(config-if)#ip add 192.168.10.3 255.255.255.0
Spoke-2(config-if)#tunnel mode gre multipoint
Spoke-2(config-if)#tunnel source 24.24.24.1
Spoke-2(config-if)#ip nhrp network-id 1
Spoke-2(config-if)#ip nhrp authentication IDN
Spoke-2(config-if)#ip nhrp map 192.168.10.1 12.12.12.1
Spoke-2(config-if)#ip nhrp nhs 192.168.10.1
Spoke-2(config-if)#ip nhrp map multicast 12.12.12.1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 256

Lakukan Verifikasi….
R1
HUB#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel

Interface: Tunnel0, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 23.23.23.1 ...........................192.168.10.2 UP 00:26:05 D
1 24.24.24.1 192.168.10.3 UP 00:23:50 D

Verifikasi NHRP Nya Juga,.

HUB
HUB#show ip nhrp
192.168.10.2/32 via 192.168.10.2
Tunnel0 created 00:26:09, expire 01:33:50
Type: dynamic, Flags: unique registered used
NBMA address: 23.23.23.1
192.168.10.3/32 via 192.168.10.3
Tunnel0 created 00:23:54, expire 01:36:05
Type: dynamic, Flags: unique registered used
NBMA address: 24.24.24.1

HUB#show ip nhrp brief

Target Via NBMA Mode Intfc Claimed
192.168.10.2/32 192.168.10.2 ..................... 23.23.23.1 dynamic Tu0 <>
192.168.10.3/32 192.168.10.3 24.24.24.1 dynamic Tu0 <>

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 257

Lab 6. Phase 2 Dynamic Mapping With EIGRP

Sama seperti pada phase sebelumnya kita akan menggunakan routing IGP
Over DMVPN tapi kali ini di phase 2 sebenernya konfigurasinya sama saja.
Konfigurasi routing eigrp pada setiap router
Hub
HUB(config)#router eigrp 12
HUB(config-router)#network 1.1.1.1 0.0.0.0
HUB(config-router)#network 192.168.10.1 0.0.0.0
HUB(config-router)#no auto-summary

Spoke-1
Spoke-1(config-if)#router eigrp 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0
Spoke-1(config-router)#network 192.168.10.2 0.0.0.0
Spoke-1(config-router)#no auto-summary

Spoke-2
Spoke-2(config)#router eigrp 12
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0
Spoke-2(config-router)#network 192.168.10.3 0.0.0.0
Spoke-2(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 258

 Spoke-2
Spoke-2(config)#router eigrp 12
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0
Spoke-2(config-router)#network 192.168.10.3 0.0.0.0
Spoke-2(config-router)#no auto-summary

Lakukan verifikasi routing eigrp nya.

HUB
HUB#show ip eigrp neighbors EIGRP
IPv4 Neighbors for AS(12)
HAddress Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 192.168.10.3 Tu0 12 00:04:25 82 1434 0 3
0 192.168.10.2 Tu0 14 00:04:47 64 1434 0 4

HUB
HUB#show ip route eigrp
Gateway of last resort is 12.12.12.2 to network 0.0.0.0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/27008000] via 192.168.10.2, 00:18:49, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/27008000] via 192.168.10.3, 00:18:31, Tunnel0

Kita Cek juga nih teman-teman routing eigrp pada setiap router Spoke nya
Spoke-1
Spoke-1#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D………........1.1.1.1 [90/27008000] via 192.168.10.1, 00:25:05, Tunnel0

Spoke-2
Spoke-2#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D…………………1.1.1.1 [90/27008000] via 192.168.10.1, 00:25:21, Tunnel0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 259

Dapat diliat bahwa routing table eigrp masih belum lengkap. hal ini terjadi
adanya split horizon. Hal ini terjadi karena routing protocol distance vector
defaultnya menerapkan split horizon dimana router tidak akan mengadvertise
network di dalam interface yang sama. Maka itu kita perlu disable kan split
horizon nya.
HUB
HUB(config)#int tun0
HUB(config-if)#no ip split-horizon eigrp 12

Spoke-1
Spoke-1#sh ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/27008000] via 192.168.10.1, 00:26:50, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/28288000] via 192.168.10.1, 00:00:04, Tunnel0

Spoke-2
Spoke-2#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/27008000] via 192.168.10.1, 00:41:42, Tunnel0
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/28288000] via 192.168.10.1, 00:15:28, Tunnel0

Sekarang kita akan lakukan tes ping,.

Spoke-1
Spoke-1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/62/76 ms

Spoke-1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/50/56 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 260

Lab 7. Phase 2 Dynamic Mapping With OSPF

Seperti biasa ya kita akan melanjutkan konfigurasi ini dengan

menghapus beberapa konfigurasi sebelum nya,.

HUB, SPOKE-1, SPOKE 2

No router eigrp 12

Setelah routing eigrp di hapus, selanjutnya konfigurasi routing OSPF nya,.

R3
HUB(config)#router ospf 12
HUB(config-router)#network 1.1.1.1 0.0.0.0 area 0
HUB(config-router)#network 192.168.10.0 0.0.0.255 area 0
HUB(config-router)#exit
HUB(config)#int tunnel 0
HUB(config-if)#ip ospf network broadcast

R2
Spoke-1(config)#router ospf 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0 area 0
Spoke-1(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-1(config-router)#exit
Spoke-1(config)#int tun0
Spoke-1(config-if)#ip ospf network broadcast

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 261

Spoke-2
Spoke-2(config)#router ospf 12
Spoke-2(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0 area 0
Spoke-2(config-router)#exit
Spoke-2(config)#int tun0
Spoke-2(config-if)#ip ospf network broadcast

Selanjutnya coba lakukan ping pada di setiap router,..

R3
HUB#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/46/56 ms

HUB#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/44/56 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 262

 Lab 8. Phase 3 Dynamic Mapping

Nah Pada phase 2 & phase 3 ini command nya tidak jauh berbeda. hanya saja pada
phase 3 kita hanya, perlu menambahkan 2 command saja “Redirect & Shorcut”

HUB
HUB(config)#int tun0
HUB(config-if)#ip nhrp redirect
HUB(config-if)#exit

Spoke-1
HUB(config)#int tun0
HUB(config-if)#ip nhrp redirect
HUB(config-if)#exit

Sekarang kita akan lakukan verifikasi DMVPN nya,.

HUB
HUB#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
==============================================================

Interface: Tunnel0, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 263

----- --------------- --------------- ----- -------- -----
1 23.23.23.1 ...........................192.168.10.2 UP 00:45:14 D
1 24.24.24.1 192.168.10.3 UP 00:44:25 D

Cek Ping,,….
HUB
HUB#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/54/60 ms

HUB#ping 192.168.10.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/51/76 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 264

 Lab 9. Phase 3 Dynamic Mapping With EIGRP

Nah kali ini kita akan Pasang Routing EIGRP pada di semua router baik itu
HUB maupun Spoke nya…

HUB
HUB(config)#router eigrp 12
HUB(config-router)#network 1.1.1.1 0.0.0.0
HUB(config-router)#network 192.168.10.1 0.0.0.0
HUB(config-router)#no auto-summary
HUB(config-router)#exit
HUB(config)#int tun0
HUB(config-if)#no ip split-horizon eigrp 12

Spoke-1
Spoke-1(config-if)#router eigrp 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0
Spoke-1(config-router)#network 192.168.10.2 0.0.0.0
Spoke-1(config-router)#no auto-summary

Spoke-2
Spoke-2(config)#router eigrp 12
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0
Spoke-2(config-router)#network 192.168.10.3 0.0.0.0
Spoke-2(config-router)#no auto-summary

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 265

Verifikasi routing EIGRP pada di semua router,.
Spoke-1
Spoke-1#show ip route eigrp
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/27008000] via 192.168.10.1, 00:48:08, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/28288000] via 192.168.10.1, 00:47:43, Tunnel0

Spoke-1
Spoke-1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/71/80 ms

Spoke-1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/78/84 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 266

 Lab 10. Phase 3 Dynamic Mapping With OSPF

Untuk menjalankan routing OSPF kita hapus kembali routing EIGRP nya
dengan command “no router eigrp 12” pada setiap router yang
menjalankan EIGRP

HUB, Spoke-1 dan Spoke-2

no router eigrp 12

HUB
HUB(config)#router ospf 12
HUB(config-router)#network 1.1.1.1 0.0.0.0 area 0
HUB(config-router)#network 192.168.10.0 0.0.0.255 area 0
HUB(config-router)#exit
HUB(config)#int tun0
HUB(config-if)#ip ospf network broadcast

Spoke-1
Spoke-1(config)#router ospf 12
Spoke-1(config-router)#network 2.2.2.2 0.0.0.0 area 0
Spoke-1(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-1(config-router)#exit
Spoke-1(config)#int tun0
Spoke-1(config-if)#ip ospf network broadcast

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 267

Spoke-2
Spoke-2(config)#router ospf 12
Spoke-2(config-router)#network 192.168.10.0 0.0.0.255 area 0
Spoke-2(config-router)#network 3.3.3.3 0.0.0.0 area 0
Spoke-2(config-router)#exit
Spoke-2(config)#int tun0
Spoke-2(config-if)#ip ospf network broadcast

Verifikasi Routing OSPF nya

HUB
HUB#show ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/1001] via 192.168.10.2, 00:01:01, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/1001] via 192.168.10.3, 00:00:10, Tunnel0

Spoke-1
Spoke-1#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 192.168.10.1, 00:05:59, Tunnel0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/1001] via 192.168.10.3, 00:04:59, Tunnel0

Spoke-2
Spoke-2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 192.168.10.1, 00:06:01, Tunnel0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/1001] via 192.168.10.2, 00:06:01, Tunnel0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 268

 Verfikasi ping ke semua ip loopback
HUB
HUB#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/46/72 ms

HUB#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/52/60 ms

Cek Traceroute nya dari spoke ke spoke

Spoke-1
Spoke-1#traceroute 192.168.10.3
Type escape sequence to abort. Tracing the route to 192.168.10.3
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.10.3 76 msec 52 msec 56 msec

Pada Phase 3 Komunikasi data & routing update dll langsung antar spoke tanpa
lewat hub.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 269

 MPLS (Multiprotocol Label Switching)

“Jangan terlalu bersedih karena pertolongan akan selalu

datang bersama dengan kesabaran” – HR. Ahmad

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 270

Lab 1 – MPLS Backbone
MPLS pada dasarnya terdiri dari 3 jenis router yaitu :

1. Router P (Provider)
▪ Terdapat dalam MPLS Domain, P router terhubung dengan router-router lain
yang dimiliki service provider
▪ Pada jaringan MPLS yang tidak terlalu besar terkadang tidak terdapat P
router didalamnya untuk menghemat biaya.

2. Router PE (Provider Edge)

▪ Merupakan router yang terhubung langsung dengan router customer dan
juga sekaligus dengan router service provider
▪ Menjembatani antara network berbasis IP dengan network berbasis MPLS
▪ Memberikan pelabelan pada paket IP yang masuk ke dalam MPLS Domain
▪ Melepas pelabelan pada paket yang akan keluar dari MPLS Domain
▪ PE Router ini sifatnya harus ada pada setiap jaringan MPLS

3. Router CE (Customer Edge)

▪ Merupakan router yang terdapat di sisi customer
▪ Pada router CE ini tidak terdapat konfigurasi MPLS apapun
▪ Konfigurasi routing biasa, bisa static atau dynamic seperti OSPF / EIGRP

Didalam jaringan MPLS Backbone hanya terdapat pada router P dan router PE,
maka model jaringan MPLS yang sederhana dapat berbentuk sebagai berikut :

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 271

 Adapun tahapan konfigurasinya adalah sebagai berikut ini :

1 Konfigurasikan IP Address pada semua interface router

2 Mengaktifkan Dynamic Routing
3 Mengaktifkan BGP
4 Mengaktifkan MPLS

Tahap 1 Konfigurasi IP Address

Konfigurasikan IP Address pada setiap interface masing- masing router seperti
berikut ini :
PE-1
PE-1(config)#int loopback 0
PE-1(config-if)#ip add 10.10.10.1 255.255.255.255
PE-1(config-if)#ex
PE-1(config)#int g1/0
PE-1(config-if)#ip add 192.168.10.1 255.255.255.252
PE-1(config-if)#no shutdown
PE-1(config-if)#description
PE-1(config-if)#description ###Link to P Router###

R2
R2(config)#hostname P
P(config)#int loopback 0
P(config-if)#ip add 10.10.10.10 255.255.255.255
P(config-if)#int g1/0
P(config-if)#ip add 192.168.10.2 255.255.255.252
P(config-if)#no shutdown
P(config-if)#description ###Link to PE1 Router###
P(config-if)#int g2/0
P(config-if)#ip add 192.168.20.1 255.255.255.252
P(config-if)#no shutdown
P(config-if)#description ###Link to PE2 Router###
Setelah semua ip address telah dikonfigurasikan, kemudian kita lakukan PING
ke masing-masing IP Point to Pointnya
• PE1# ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/18/36 ms

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 272

• P# ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/22/48 ms
• P# ping 192.168.20.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/24 ms
• PE-2#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/20/28 ms

Tahap 2 Mengaktifkan Dynamic Routing (OSPF)

Agar semua router dalam MPLS Domain dapat saling berkomunikasi satu sama
lain, maka diperlukan Dynamic Routing IGP seperti misalnya OSPF seperti yang
kita gunakan saat ini.

PE-1
PE1(config)#router ospf 1
PE1(config-router)#network 192.168.10.1 0.0.0.0 area 0
PE1(config-router)#network 10.10.10.1 0.0.0.0 area 0
Pada router PE1 ada 2 network yang diadvertise ke dalam OSPF yaitu
• Network interface loopback dan
• Network interface yang mengarah ke P router
P
P(config)#router ospf 1
P(config-router)#network 192.168.10.2 0.0.0.0 area 0
P(config-router)#network 192.168.20.1 0.0.0.0 area 0
P(config-router)#network 10.10.10.10 0.0.0.0 area 0

Pada Router P ada 3 network yang di advertise ke dalam OSPF yakni

▪ network interface loopback
▪ network interface yang mengarah ke PE1 router.
▪ network interface yang mengarah ke PE2 router.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 273

PE2
PE2(config)#router ospf 1
PE2(config-router)#network 192.168.20.2 0.0.0.0 area 0
PE2(config-router)#network 10.10.10.2 0.0.0.0 area 0
Pada router PE2, ada 2 network yang diadvertise ke dalam OSPF yaitu
▪ network interface loopback dan
▪ network interface yang mengarah ke P router.
Setelah semua dikonfigurasi OSPF, selanjutnya kita periksa routing table pada
setiap router dengan menggunakan perintah sebagai berikut :
PE-1
PE1#sh ip route
192.168.10.0/30 is subnetted, 1 subnets
C 192.168.10.0 is directly connected, GigabitEthernet1/0
192.168.20.0/30 is subnetted, 1 subnets
O 192.168.20.0 [110/2] via 192.168.10.2, 00:21:29, GigabitEthernet1/0
10.0.0.0/32 is subnetted, 3 subnets
O 10.10.10.10 [110/2] via 192.168.10.2, 00:21:19, GigabitEthernet1/0
O 10.10.10.2 [110/3] via 192.168.10.2, 00:07:00, GigabitEthernet1/0
C 10.10.10.1 is directly connected, Loopback0

P
P#show ip route
192.168.10.0/30 is subnetted, 1 subnets
C 192.168.10.0 is directly connected, GigabitEthernet1/0
192.168.20.0/30 is subnetted, 1 subnets
C 192.168.20.0 is directly connected, GigabitEthernet2/0
10.0.0.0/32 is subnetted, 3 subnets
C 10.10.10.10 is directly connected, Loopback0
O 10.10.10.2 [110/2] via 192.168.20.2, 00:07:56, GigabitEthernet2/0
O 10.10.10.1 [110/2] via 192.168.10.1, 00:22:28, GigabitEthernet1/0

PE-2
PE2#show ip route
192.168.10.0/30 is subnetted, 1 subnets
O 192.168.10.0 [110/2] via 192.168.20.1, 00:11:24, GigabitEthernet1/0
192.168.20.0/30 is subnetted, 1 subnets
C 192.168.20.0 is directly connected, GigabitEthernet1/0
10.0.0.0/32 is subnetted, 3 subnets
O 10.10.10.10 [110/2] via 192.168.20.1, 00:11:24, GigabitEthernet1/0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 274

 C 10.10.10.2 is directly connected, Loopback0
O 10.10.10.1 [110/3] via 192.168.20.1, 00:11:24, GigabitEthernet1/0

Untuk pengetesan, kita bisa melakukan ping sebagai berikut :

PE-1, P, PE-2
#ping 10.10.10.1
#ping 10.10.10.2
#ping 10.10.10.10

Tahap 3 Mengaktifkan BGP

Konfigurasi BGP hanya dikonfigurasikan pada masing-masing PE router saja.

PE-1
PE1(config)#router bgp 65000
PE1(config-router)#neighbor 10.10.10.2 remote-as 65000
PE1(config-router)#neighbor 10.10.10.2 update-source loopback0

Ketika kita cek pada router PE1, BGP Peering terhadap router PE-2
dikonfigurasikan menggunakan ip loopback. Maka AS Number yang digunakan
pada PE1 dan PE2 adalah 65000 yang merupakan private AS Number.
PE-2
PE2(config)#router bgp 65000
PE2(config-router)#neighbor 10.10.10.1 remote-as 65000
PE2(config-router)#neighbor 10.10.10.1 update-source loopback0

Selanjutnya kita verifkasi BGP peeringnya menunjukkan sudah berhasil dengan

mengetikan perintah berikut.

PE-1
PE1#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
10.10.10.2 4 65000 3 3 1 0 0 00:00:57 0

PE-2
PE2#sh ip bgp summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
10.10.10.1 4 65000 5 5 1 0 0 00:03:11 0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 275

 Tahap 4 Mengaktifkan MPLS
MPLS dikonfigurasikan pada semua router baik P dan PE Router.
PE-1
PE1(config)#mpls ip
PE1(config)#int g1/0
PE1(config-if)#mpls ip

P
P(config)#mpls ip
P(config)#int g1/0
P(config-if)#mpls ip
P(config-if)#int g2/0
P(config-if)#mpls ip
PE-2
PE2(config)#mpls ip
PE2(config)#int g1/0
PE2(config-if)#mpls ip

Setelah dikonfigurasi, untuk pengecekan apakah MPLS sudah aktif dan berjalan
dengan baik, gunakan perintah berikut ini.

PE-1
PE1(config)#do show mpls forwarding
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 17 10.10.10.2/32 0 Gi1/0 192.168.10.2
17 Pop Label 10.10.10.10/32 0 Gi1/0 192.168.10.2
18 Pop Label 192.168.20.0/30 0 Gi1/0 192.168.10.2

P
P(config)#do show mpls forwarding
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 Pop Label 10.10.10.1/32 762 Gi1/0 192.168.10.1
17 Pop Label 10.10.10.2/32 1016 Gi2/0 192.168.20.2
PE-2
PE2(config)#do show mpls forwarding
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 276

 16 16 10.10.10.1/32 0 Gi1/0 192.168.20.1
17 Pop Label 10.10.10.10/32 0 Gi1/0 192.168.20.1
18 Pop Label 192.168.10.0/30 0 Gi1/0 192.168.20.1

Jika kita lihat diatas, terdapat label – label yang digunakan untuk menuju
sebuah network. Kita bisa cek ping terlebih dahulu.
PE-2
PE2(config)#do show mpls forwarding
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 16 10.10.10.1/32 0 Gi1/0 192.168.20.1
17 Pop Label 10.10.10.10/32 0 Gi1/0 192.168.20.1
18 Pop Label 192.168.10.0/30 0 Gi1/0 192.168.20.1

Jika kita lihat diatas, terdapat label- label yang digunakan untuk menuju ke
sebuah network. Kita cek ping
PE-2
PE2(config)#do trace 10.10.10.1
Type escape sequence to abort.
Tracing the route to 10.10.10.1
1 192.168.20.1 [MPLS: Label 16 Exp 0] 40 msec 32 msec 40 msec
2 192.168.10.1 36 msec 40 msec 40 msec

PE-2 ketika akan menuju PE1, akan menggunakan label 16 sebelum sampai ke
tujuan. Ini artinya MPLS Backbone sudah berhasil.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 277

Lab 2 – MPLS VPN

Adapun tahapan dalam konfigurasi adalah sebagai berikut :

Pada PE – Router :
1 Membuat VRF
2 Konfigurasikan IP Address & VRF pada PE yang menuju CE
3 Mengaktifkan MP - BGP
4 Menambahkan routing PE - CE

Pada CE Router :
1 Konfigurasi IP Addres CE
2 Konfigurasi Default Route

Kita bisa membuat VRF terlebih dahulu

• VRF (Virtual Router Forwarding) diperlukan untuk setiap customer,
misalnya terdapat 2 customer sehingga kita juga bisa mengkonfigurasikan 2
VRF.
• Virtual Router ini seolah – olah seperti masing – masing customer hanya
memiliki router sendiri yang mengatur trafik mereka melalui MPLS domain.
• Masing-masing VRF memiliki identitas sendiri-sendiri untuk setiap
customernya.
• Karena VRF inilah, dimungkinkan customernya berbeda namun memiliki IP
Address yang sama dapat diakomodir menggunakan MPLS network.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 278

Berikut ini adalah langkah- langkah konfigurasinya
PE-1
PE-1(config)#ip vrf BRI.KIRI
PE-1(config-vrf)#rd 65000:1
PE-1(config-vrf)#route-target export 65000:1
PE-1(config-vrf)#route-target import 65000:1
!
PE-1(config-vrf)#ip vrf BCA.KIRI
PE-1(config-vrf)#rd 65000:2
PE-1(config-vrf)#route-target export 65000:2
PE-1(config-vrf)#route-target import 65000:2

Kita bisa melihat bahwa pada PE-1 terdapat 2 customer yakni BRI dan BCA,
maka kita bisa membuat 2 VRF yang bernama VRF BRI.KIRI dan VRF BCA.KIRI
VRF pada dasarnya memiliki 2 komponen utama yakni :
• RD (Route Distinguisher)
o RD adalah identitas dari sebuah VRF
o Setiap customer memiliki VRF sendiri – sendiri
o Penulisan RD dapat dituliskan seperti format berikut ini :
o 16 bit AS Number : 32 – bit number → contoh : 65000 :1
o 32 bit IP Address : 15 – bit number → contoh : 192.168.0.1 : 1

• RT (Route Target)
o RT digunakan untuk menentukan route yang mana yang akan diimport
ke dalam VRF dan menentukan route mana yang akan diexport.
o Sifatnya seperti routing policy
o Format penulisannya seperti RD yakni seperti berikut
• 16-bit AS Number : 32-bit number → contoh : 65000:1
• 32-bit IP Address : 15-bit number → contoh : 192.168.0.1 :1
PE-2
PE-2(config)#ip vrf BRI.KANAN
PE-2(config-vrf)#rd 65000:1
PE-2(config-vrf)#route-target export 65000:1
PE-2(config-vrf)#route-target import 65000:1
PE-2(config-vrf)#exit
PE-2(config-vrf)#ip vrf BCA.KANAN
PE-2(config-vrf)#rd 65000:2
PE-2(config-vrf)#route-target export 65000:2
PE-2(config-vrf)#route-target import 65000:2

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 279

Pada PE-2 konfigurasi VRFnya sama persis dengan PE1

Konfigurasikan IP Address & VRF pada PE yang menuju CE

Setelah VRF berhasil dikonfigurasikan, maka kita bisa mengkonfigurasikan IP
Address yang sama pada beberapa interface router. Tanpa VRF, pada router
tidak bisa dikonfigurasi IP Address yang sama kecuali di bridging.

PE-1
PE-1(config)#interface f0/0
PE-1(config-if)#description ###Link to BRI###
PE-1(config-if)#ip vrf forwarding BRI.KIRI
PE-1(config-if)#ip address 192.168.100.1 255.255.255.252
PE-1(config-if)#no shutdown
!
PE-1(config)#int fastEthernet 0/1
PE-1(config-if)#description ###Link to BCA###
PE-1(config-if)#ip vrf forwarding BCA.KIRI
PE-1(config-if)#ip address 192.168.100.1 255.255.255.252
PE-1(config-if)#no shutdown

PE-1
PE-1(config)#do show vrf
Name Default RD Protocols Interfaces
BCA.KIRI 65000:2 ipv4 Fa0/1
BRI.KIRI 65000:1 ipv4 Fa0/0

Mengaktifkan MP-BGP
MP – BGP (Multi Protocol BGP) digunakan untuk membawa informasi routing,
IPv prefixes, VPN Customer dll menuju PE router lainnnya.

PE-1
PE-1(config)#router bgp 65000
PE-1(config-router)#address-family vpnv4
PE-1(config-router-af)#neighbor 10.10.10.2 activate

PE-2
PE-2(config)#router bgp 65000
PE-2(config-router)#
PE-2(config-router)#address-family vpnv4
PE-2(config-router-af)#neighbor 10.10.10.1 activate

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 280

Kita lakukan verifikasi sebagai berikut :
PE-1
PE-1#sh ip bgp vpnv4 all summary

PE-2
PE-2#sh ip vpnv4 all summary

Hasil diatas menerangkan bahwa hubungan antar vpnv4 keduanya sudah

terjalin.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 281

Lab 3 – MPLS VPN – PE CE Static Routing
Untuk topologi masih sama dan melanjutkan dari konfigurasi sebelumnya.
Konfigurasi IP Address pada router CE

CE BRI-1
R1(config)#hostname CE-BRI-1
CE-BRI-1(config)#interface fas
CE-BRI-1(config)#interface fastEthernet0/0
CE-BRI-1(config-if)#descrip
CE-BRI-1(config-if)#description ###Link to MPLS###
CE-BRI-1(config-if)#ip address 192.168.100.2 255.255.255.252
CE-BRI-1(config-if)#no shutdown
!
CE-BRI-1(config)#int lo0
CE-BRI-1(config-if)#ip address 4.4.4.4 255.255.255.255
CE-BRI-1(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.100.1

CE BCA-1
R6(config)#hostname CE-BCA-1
CE-BCA-1(config)#int fastEthernet 0/0
CE-BCA-1(config-if)#description ###Link to MPLS###
CE-BCA-1(config-if)#ip address 192.168.100.2 255.255.255.252
CE-BCA-1(config-if)#no shutdown
CE-BCA-1(config-if)#int lo0
CE-BCA-1(config-if)#ip add 5.5.5.5 255.255.255.255
CE-BCA-1(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.100.1

CE-BRI-2
R3(config)#hostname CE-BRI-2
CE-BRI-2(config)#int f
CE-BRI-2(config)#int fastEthernet 0/0
CE-BRI-2(config-if)#description ###Link to MPLS###
CE-BRI-2(config-if)#ip address 192.168.200.2 255.255.255.252
CE-BRI-2(config-if)#no shutdown
CE-BRI-2(config-if)#int lo0
CE-BRI-2(config-if)#ip address 6.6.6.6 255.255.255.255
CE-BRI-2(config-if)#ip route 0.0.0.0 0.0.0.0 192.168.200.1

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 282

CE-BCA-2
R7(config)#hostname CE-BCA-2
CE-BCA-2(config)#int fastEthernet 0/0
CE-BCA-2(config-if)#description ###Link to MPLS###
CE-BCA-2(config-if)#ip address 192.168.200.2 255.255.255.252
CE-BCA-2(config-if)#no shutdown

Kita konfigurasi static routing (BRI-1 dan BCA-1)

PE-1
PE-1(config)#ip route vrf BRI.KIRI 4.4.4.4 255.255.255.255 192.168.100.2
PE-1(config)#ip route vrf BCA.KIRI 5.5.5.5 255.255.255.255 192.168.100.2
PE-1(config)#router bgp 65000
PE-1(config-router)#address-family ipv4 vrf BRI.KIRI
PE-1(config-router-af)#redistribute static
PE-1(config-router-af)#redistribute connected
PE-1(config-router-af)#exit
PE-1(config-router)#address-family ipv4 vrf BCA.KIRI
PE-1(config-router-af)#redistribute static
PE-1(config-router-af)#redistribute connected

Kita konfigurasi static routing (BRI-2 dan BCA-2)

PE-2
PE-2(config)#ip route vrf BRI.KANAN 6.6.6.6 255.255.255.255 192.168.200.2
PE-2(config)#ip route vrf BCA.KANAN 7.7.7.7 255.255.255.255 192.168.200.2
PE-2(config)#router bgp 65000
PE-2(config-router)#address-family ipv4 vrf BRI.KANAN
PE-2(config-router-af)#redistribute static
PE-2(config-router-af)#redistribute connected
PE-2(config-router-af)#exit
PE-2(config-router)#address-family ipv4 vrf BCA.KANAN
PE-2(config-router-af)#redistribute static
PE-2(config-router-af)#redistribute connected

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 283

 VXLAN
(Virtual Extensible LAN)

Maka ingatlah nikmat-nikmat Allah

supaya kamu mendapat
keberuntungan. (Al A’raaf : 69)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 284

VXLAN TOPOLOGY

Konfigurasi VXLAN Static Peer

Konfigurasikan command ini pada semua switch baik spine ataupun leaf
Spine dan Leaf
conf t
boot nxos
bootflash:nxos.7.0.3.I7.4.bin
username admin password
Idn123$% username admin
role priv-15 end
copy run start

Aktifkan fitur yang akan digunakan pada saat lab

Leaf-01 dan Leaf-02
Conf t
feature vn-segment-vlan-based
feature nv overlay
feature ospf

Konfigurasi basic ip address pada Leaf-01

Leaf-01
Leaf-01(config)# interface e1/1
Leaf-01(config-if)# no switchport
Leaf-01(config-if)# ip add 10.10.1.2/30
Leaf-01(config-if)# ip router ospf 1 area 0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 285

 Leaf-01(config-if)# no shutdown
Leaf-01(config-if)# exit
Leaf-01(config)# interface lo0
Leaf-01(config-if)# ip add 2.2.2.2/32
Leaf-01(config-if)# ip router ospf 1 area 0
Leaf-01(config-if)# no shutdown
Leaf-01(config-if)# exit
Leaf-01(config)# router ospf 1
Leaf-01(config-router)# router-id 2.2.2.2
Leaf-01(config-router)# exit

Konfigurasi basic ip address pada Leaf-02

Leaf-02
Leaf-02(config)# interface e1/1
Leaf-02(config-if)# no switchport
Leaf-02(config-if)# ip add 10.10.2.2/30
Leaf-02(config-if)# ip router ospf 1 area 0
Leaf-02(config-if)# no shutdown
Leaf-02(config-if)# exit
!
Leaf-02(config)# interface lo0
Leaf-02(config-if)# ip add 3.3.3.3/32
Leaf-02(config-if)# ip router ospf 1 area 0
Leaf-02(config-if)# no shutdown
Leaf-02(config-if)# exit
!
Leaf-02(config)# router ospf 1
Leaf-02(config-router)# router-id 3.3.3.3
Leaf-02(config-router)# exit

Konfigurasi basic ip address dan aktifkan beberapa fitur yang digunakan

Spine-01
Spine-01
Spine-01(config)# feature ospf
!
Spine-01(config)# interface lo0
Spine-01(config-if)# ip add 1.1.1.1/32
Spine-01(config-if)# ip router ospf 1 area 0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 286

Spine-01(config-if)# no shutdown
Spine-01(config-if)# exit
!
Spine-01(config)# interface lo1
Spine-01(config-if)# ip add 10.1.1.1/32
Spine-01(config-if)# no shutdown
Spine-01(config-if)# ip router ospf 1 area 0
Spine-01(config-if)# exit
!
Spine-01(config)# interface e1/3
Spine-01(config-if)# no switchport
Spine-01(config-if)# ip add 10.10.1.1/30
Spine-01(config-if)# ip router ospf 1 area 0
Spine-01(config-if)# no shutdown
Spine-01(config-if)# exit
!
Spine-01(config)# interface e1/4
Spine-01(config-if)# no switchport
Spine-01(config-if)# ip add 10.10.2.2/30
Spine-01(config-if)# ip add 10.10.2.1/30
Spine-01(config-if)# no shutdown
Spine-01(config-if)# ip router ospf 1 area 0
Spine-01(config-if)# exit
!
Spine-01(config)# router ospf 1
Spine-01(config-router)# router-id 1.1.1.1
Spine-01(config-router)# exit

Buat vlan, daftarkan sesuai topology dan mapping VLAN ke VNI id

Leaf-01
Leaf-01(config)# vlan 201
Leaf-01(config-vlan)# vn-segment 30201
Leaf-01(config-vlan)# name Server
Leaf-01(config-vlan)# exit !
Leaf-01(config)# vlan 301
Leaf-01(config-vlan)# name VM-SERVER
Leaf-01(config-vlan)# vn-segment 30301
Leaf-01(config-vlan)# exit !

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 287

 Leaf-01(config)# interface e1/2
Leaf-01(config-if)# switchport mode access
Leaf-01(config-if)# switchport access vlan 201
Leaf-01(config-if)# exit
!
Leaf-01(config)# interface e1/3
Leaf-01(config-if)# switchport mode access
Leaf-01(config-if)# switchport access vlan 301
Leaf-01(config-if)# exit

Leaf-02
Leaf-02(config)# vlan 201
Leaf-02(config-vlan)# vn-segment 30201
Leaf-02(config-vlan)# name server
Leaf-02(config-vlan)# exit
!
Leaf-02(config)# vlan 301
Leaf-02(config-vlan)# name VM-SERVER
Leaf-02(config-vlan)# vn-segment 30301
Leaf-02(config-vlan)# exit !
!
Leaf-02(config)# interface e1/2
Leaf-02(config-if)# switchport mode access
Leaf-02(config-if)# switchport access vlan 201
Leaf-02(config-if)# exit
!
Leaf-02(config)# interface e1/3
Leaf-02(config-if)# switchport mode access
Leaf-02(config-if)# switchport access vlan 301
Leaf-02(config-if)# exit

Buat interface VTEP, bawaanya setiap nexus bisa membuat 4 interface VTEP
namun, karena keterbatasan lisensi dalam lab ini kita hanya bisa membuat 1
interface VTEP saja.
Leaf-01
Leaf-01(config)# interface nve 1
Leaf-01(config-if-nve)# no shutdown
Leaf-01(config-if-nve)# source interface lo0

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 288

Leaf-01(config-if-nve)# member vni 30201
Leaf-01(config-if-nve-vni)# ingress-replication protocol static
Leaf-01(config-if-nve-vni-ingr-rep)# peer-ip 3.3.3.3
Leaf-01(config-if-nve-vni-ingr-rep)# exit
!
Leaf-01(config-if-nve-vni)# member vni 30301
Leaf-01(config-if-nve-vni)# ingress-replication protocol static
Leaf-01(config-if-nve-vni-ingr-rep)# peer-ip 3.3.3.3
Leaf-01(config-if-nve-vni-ingr-rep)# exit

Verifikasi interface VTEP pastikan sudah UP

Leaf-01
Leaf-01(config)# show nve interface nve1
Interface: nve1, State: Up, encapsulation: VXLAN VPC Capability:
VPC-VIP-Only [not-notified] Local Router MAC: 5000.0002.0007
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 2.2.2.2, secondary: 0.0.0.0)

Leaf-02
Leaf-02(config)# show nve interface nve1
Interface: nve1, State: Up, encapsulation: VXLAN VPC Capability: VPC-
VIP-Only [not-notified] Local Router MAC: 5000.0003.0007
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 3.3.3.3, secondary: 0.0.0.0
Leaf-02(config-if-nve-vni-ingr-rep)# exit
Verifikasi nve peers
Leaf-01
Leaf-01(config)# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 3.3.3.3 Up DP 00:15:03 n/a

Leaf-02
Leaf-02(config)# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 2.2.2.2 Up DP 00:07:16 n/a

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 289

Lakukan verifikasi ping dari VLAN 201 sebelah kiri ke VLAN 201
VPCS
VPCS> ip 192.168.21.2/24
Checking for duplicate address...
PC1 : 192.168.21.2 255.255.255.0

VPCS> ping 192.168.21.3

84 bytes from 192.168.21.3 icmp_seq=1 ttl=64 time=22.454 ms
84 bytes from 192.168.21.3 icmp_seq=2 ttl=64 time=21.101 ms
84 bytes from 192.168.21.3 icmp_seq=3 ttl=64 time=22.571 ms
84 bytes from 192.168.21.3 icmp_seq=4 ttl=64 time=23.183 ms
84 bytes from 192.168.21.3 icmp_seq=5 ttl=64 time=28.719 ms

Lakukan verifikasi ping dari VLAN 301 sebelah kiri ke VLAN 301 di sebelah kanan
VPCS
VPCS> ip 192.168.31.2/24
Checking for duplicate address...
PC1 : 192.168.31.2 255.255.255.0

VPCS> ping 192.168.31.3

84 bytes from 192.168.31.3 icmp_seq=1 ttl=64 time=24.557 ms

84 bytes from 192.168.31.3 icmp_seq=2 ttl=64 time=26.319 ms
84 bytes from 192.168.31.3 icmp_seq=3 ttl=64 time=27.558 ms
84 bytes from 192.168.31.3 icmp_seq=4 ttl=64 time=23.579 ms
84 bytes from 192.168.31.3 icmp_seq=5 ttl=64 time=20.858 ms

Jika kita capture menggunakan wireshark hasilnya seperti dibawah ini :

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 290

 Konfigurasi VXLAN Flood and Learn with Multicast

Hapus konfigurasi static peer sebelumnya pada leaf-1 dan leaf-2

Leaf-01 dan Leaf-02
int nve 1
member vni 30201
no ingress-replication
protocol static member
vni 30301
no ingress-replication protocol static

Aktifkan feature pim karena kita akan menggunakan multicast dan tentukan
Rendezvous Point (RP) atau titik kumpul, RP ini harus diletakan di Spine.
Leaf-01
Leaf-01(config)# feature pim
Leaf-01(config)# interface e1/1
Leaf-01(config-if)# ip pim sparse-mode
Leaf-01(config-if)# exit
!
Leaf-01(config)# interface lo0
Leaf-01(config-if)# ip pim sparse-mode
Leaf-01(config-if)# exit
!
Leaf-01(config)# ip pim rp-address 10.1.1.1 group-list 239.239.239.0/24
Leaf-01(config)# ip pim anycast-rp 10.1.1.1 1.1.1.1
Leaf-01(config)# ip pim anycast-rp 10.1.1.1 2.2.2.2
Leaf-01(config)# ip pim anycast-rp 10.1.1.1 3.3.3.3
!
Leaf-01(config)# interface lo1
Leaf-01(config-if)# description RP Backup
Leaf-01(config-if)# ip add 10.1.1.1/32
Leaf-01(config-if)# ip router ospf 1 area 0
Leaf-01(config-if)# ip pim sparse-mode
Leaf-01(config-if)# exit

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 291

Leaf-02
Leaf-02(config)# feature pim
Leaf-02(config)# interface e1/1
Leaf-02(config-if)# ip pim sparse-mode
Leaf-02(config-if)# exit
!
Leaf-02(config)# interface lo0
Leaf-02(config-if)# ip pim sparse-mode
Leaf-02(config-if)# exit
!
Leaf-02(config)# ip pim rp-address 10.1.1.1 group-list 239.239.239.0/24
Leaf-02(config)# ip pim anycast-rp 10.1.1.1 1.1.1.1
Leaf-02(config)# ip pim anycast-rp 10.1.1.1 2.2.2.2
Leaf-02(config)# ip pim anycast-rp 10.1.1.1 3.3.3.3
!
Leaf-02(config)# interface lo1
hghfghfggdgd
Leaf-02(config-if)# description RP Backup
Leaf-02(config-if)# ip add 10.1.1.1/32
Leaf-02(config-if)# ip router ospf 1 area 0
Leaf-02(config-if)# ip pim sparse-mode
Leaf-02(config-if)# exit

Spine-01
Spine-01(config)# feature pim
Spine-01(config)# interface e1/3
Spine-01(config-if)# ip pim sparse-mode
!
Spine-01(config-if)# interface e1/4
Spine-01(config-if)# ip pim sparse-mode
!
Spine-01(config-if)# interface lo0
Spine-01(config-if)# ip pim sparse-mode !
Spine-01(config-if)# interface lo1
Spine-01(config-if)description RP Utama

Spine-01(config-if)# ip pim sparse-mode !

Spine-01(config-if)#ip pim rp-address 10.1.1.1 group-list 239.239.239.0/24

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 292

Spine-01(config)# ip pim anycast-rp 10.1.1.1 1.1.1.1
Spine-01(config)# ip pim anycast-rp 10.1.1.1 2.2.2.2
Spine-01(config)# ip pim anycast-rp 10.1.1.1 3.3.3.3

Konfigurasikan peer nya agar menggunakan multicast

Leaf-01
Leaf-01(config)# interface nve 1
Leaf-01(config-if-nve)# member vni 30201
Leaf-01(config-if-nve-vni)# mcast-group 239.239.239.21
Leaf-01(config-if-nve-vni)# exit

Leaf-02
Leaf-02(config)# interface nve 1
Leaf-02(config-if-nve)# member vni 30201
Leaf-02(config-if-nve-vni)# mcast-group 239.239.239.21
Leaf-02(config-if-nve-vni)# member vni 30301
Leaf-02(config-if-nve-vni)# mcast-group 239.239.239.31
Leaf-02(config-if-nve-vni)# exit

Verifikasi interface VTEP nya pastikan sudah up, dan pastikan VNI nya sudah
dimapping dengan benar
Leaf-01
Leaf-01(config)# show nve interface nve1 Interface: nve1
State: Up, encapsulation: VXLAN VPC Capability: VPC-VIP-Only [not-
notified] Local Router MAC: 5000.0002.0007
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 2.2.2.2, secondary: 0.0.0.0)

Leaf-02
Leaf-02(config)# show nve interface nve1
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: 5000.0003.0007
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 3.3.3.3, secondary: 0.0.0.0)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 293

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 294
Verifikasi multicast nya cek juga di Leaf-02
Leaf-01
Leaf-01(config)# show ip mroute 239.239.239.21
IP Multicast Routing Table for VRF "default"

(*, 239.239.239.21/32), uptime: 00:08:03, nve ip pim

Incoming interface: loopback1, RPF nbr: 10.1.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 00:08:03, nve
(2.2.2.2/32, 239.239.239.21/32), uptime: 00:08:03, nve mrib ip pim
Incoming interface: loopback0, RPF nbr: 2.2.2.2, internal
Outgoing interface list: (count: 1)
Ethernet1/1, uptime: 00:07:17, pim
(3.3.3.3/32, 239.239.239.21/32), uptime: 00:06:19, pim mrib ip
Incoming interface: Ethernet1/1, RPF nbr: 10.10.1.1, internal
Outgoing interface list: (count: 1)
nve1, uptime: 00:06:19, mrib

Leaf-01(config)# show ip mroute 239.239.239.31

IP Multicast Routing Table for VRF "default"

(*, 239.239.239.31/32), uptime: 00:08:06, nve ip pim

Incoming interface: loopback1, RPF nbr: 10.1.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 00:08:06, nve
(2.2.2.2/32, 239.239.239.31/32), uptime: 00:08:06, nve mrib ip pim
Incoming interface: loopback0, RPF nbr: 2.2.2.2, internal
Outgoing interface list: (count: 1)
Ethernet1/1, uptime: 00:07:21, pim

(3.3.3.3/32, 239.239.239.31/32), uptime: 00:06:21, pim mrib ip

Incoming interface: Ethernet1/1, RPF nbr: 10.10.1.1, internal
Outgoing interface list: (count: 1)
nve1, uptime: 00:06:21, mrib
Verifikasi nve peer nya, biasanya kalo belum ada traffic yang lewat nve peers
akan kosong jika menggunakan multicast

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 295

Leaf-01
Leaf-01(config)# show nve peers

#masih kosong sih biasanya

Verifikasi ping dari VLAN sebelah kiri ke VLAN sebelah kanan

VPCS
VPCS> show ip
NAME : VPCS[1]
IP/MASK : 192.168.31.3/24
GATEWAY : 0.0.0.0
DNS :
MAC : 00:50:79:66:68:08
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU : 1500
VPCS> ping 192.168.31.2
84 bytes from 192.168.31.2 icmp_seq=1 ttl=64 time=27.134 ms
84 bytes from 192.168.31.2 icmp_seq=2 ttl=64 time=21.518 ms
84 bytes from 192.168.31.2 icmp_seq=3 ttl=64 time=25.776 ms
84 bytes from 192.168.31.2 icmp_seq=4 ttl=64 time=20.483 ms
84 bytes from 192.168.31.2 icmp_seq=5 ttl=64 time=31.870 mS

Verifikasi lagi nve peers pastikan sudah ada karena sudah ada traffic yang
lewat
Leaf-01
Leaf-01(config)# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 3.3.3.3 Up DP 00:05:27 n/a

Biasanya jika menggunakan multicast, ICMP Request akan dikirim ke grup

multicast nya, kemudian ICMP Reply nya dikirim secara unicast

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 296

 NETWORK
AUTOMATION

“Tindakan adalah kunci dasar untuk semua

kesuksesan.” - Pablo Picasso

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 297

Automation With Paramiko
Introduction Paramiko
Paramiko merupakan salah satu library pada python yang bisa kita gunakan
sebagai SSHv2 server maupun client. Adapun pada buku ini, kita akan
memanfaatkan paramiko sebagai ssh client.

Untuk info lebih lanjut tentang paramiko, Anda bisa mengunjungi webiste resmi
paramiko di http://www.paramiko.org atau website documentation nya
www.docs.paramiko.org

Import Appliance Ubuntu To GNS3

Untuk belajar basic automation menggunakan python kita akan menggunakan
system operasi ubuntu maka dari itu kita harus meng-import alat perang kita ke
GNS3 terlebih dahulu, berikut caranya

Download dulu appliance ubuntu / network automation pada website resmi

gns3 https://gns3.com/marketplace/appliances

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 298

Pilih ubuntu atau network automation dua dua nya juga boleh, perbedaan kedua
nya adalah, kalo ubuntu kita harus install paramiko dulu karena by default tidak
include di system operasinya, kalo network automation kita tidak perlu install
paramiko karena sudah include.

Setelah didownload temen-temen bisa buka gns3 nya dan klik file > import
appliance

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 299

 Kemudian cari folder yang berisi appliance gns3 yang sudah temen-temen
download dan coba klik open

Terus tinggal klik next aja deehh guyysss…..

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 300

Lalu Klik Finish gaesss,…..

Terus jika muncul pop up klik ok aja, nanti muncul seperti ini coba drag and drop
ubuntu ke workspace gns3 dan nantinya ubuntu kita akan otomatis ke
download seperti gambar dibawah. (harus konek ke internet)

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 301

Paramiko Installation
Untuk menginstall paramiko pada ubuntu, kita bisa menggunakan
perintah berikut.
sudo apt-get install build-essential libssl-dev libffi-dev -y
sudo apt-get install python-pip -y
sudo pip install cryptography

sudo pip install --upgrade pip

sudo pip install paramiko

Jika ingin menginstall di windows maka temen-temen bisa buka cmd
dan ketika perintah dibawah ini :
C:\Users\IDNBOARDINGSCHOOL>python --version
Python 3.8.1
C:\Users\IDNBOARDINGSCHOOL>pip install paramiko
C:\Users\IDNBOARDINGSCHOOL>python -m pip install --
upgrade pip C:\Users\ IDNBOARDINGSCHOOL >python
Python 3.8.1 (tags/v3.8.1:1b293b6, Dec 18 2019, 22:39:24) [MSC v.1916
32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> exit ()

Untuk memastikan apakah paramiko sudah terinstall atau belum, kita bisa
menggunakan perintah berikut

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 302

 root@sahrulhidayat:~# pip show paramiko
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020.
Please upgrade your Python as Python 2.7 is no longer maintained. A future version
of pip will drop support for Python 2.7. More details about Python 2
support in pip, can be found at
https://pip.pypa.io/en/latest/development/release-process/#python-2- support
Name: paramiko Version: 2.7.1
Summary: SSH2 protocol library
Home-page: https://github.com/paramiko/paramiko/ Author: Jeff Forcier
Author-email:
jeff@bitprophet.org License:
LGPL
Location: /usr/local/lib/python2.7/dist-packages
Requires: cryptography, pynacl, bcrypt
Required-by: scp, pyntc, netmiko, ncclient, napalm, junos-eznc

Untuk saat ini, paramiko sudah terinstall pada ubuntu. Ini artinya kita sudah siap
membuat script python menggunakan paramiko untuk melakukan konfigurasi
pada device by ssh.

Initial Configuration
Kita akan menggunakan SSH untuk belajar automation pada training kali ini,
Alasan utama kita lebih menggunakan ssh dibanding telnet adalah dari segi
keamanan. Telnet tidak enkripsi, diabandingkan ssh yang sudah melakukan
enkripsi. Untuk mengaktifkan SSH pada cisco, kita bisa menggunakan perintah
berikut topology nya seperti dibawah ini :

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 303

 R1
R1(config)#interface f0/0
R1(config-if)#ip add 192.168.10.2 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
!
R1(config)#ip domain-name smkidn.sch.id
R1(config)#username cisco privilege 15 secret smkidn123
R1(config)#crypto key generate rsa modulus 1024
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local

Untuk pengujian, kita coba lakukan ssh dari ubuntu ke router.

Sebelumnya konfigurasi dulu ip address nya seperti dibawah ini :

Ubuntu
root@NetworkAutomation-1:~# ifconfig eth0 192.168.10.1 netmask
255.255.255.0 root@NetworkAutomation-1:~# ifconfig
eth0 Link encap:Ethernet HWaddr da:f2:40:f4:fd:c0
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0

Cek ping dan coba connect ke router via ssh

Ubuntu
root@NetworkAutomation-1:~# ssh cisco@192.168.10.2
The authenticity of host '192.168.10.2 (192.168.10.2)' can't be established. RSA
key fingerprint is SHA256:OD8L7HJtKz59WwuaaZL4qoxdkcsv6NEbhP+f6vlSfYo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.2' (RSA) to the list of known hosts.
Password:

R1#
Oke kita sudah berhasil login ssh dari ubuntu ke router.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 304

Basic script paramiko
Kita akan membuat sebuah script pyton sederhana menggunakan python untuk
melakukan konfigurasi dasar pada router. Untuk topology nya masih sama seperti
lab sebelumnya

Script python yang akan kita buat bertujuan untuk menambahkan interface
loopback secara otomatis.

Berikut script python yang kita gunakan

Ubuntu
root@NetworkAutomation-1:~# nano paramiko1.py
root@NetworkAutomation-1:~# cat paramiko1.py
import paramiko
import time

ip_address = "192.168.10.2"
username = "cisco"
password = "cisco123"
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()
)
ssh_client.connect(hostname=ip_address,username=username,
password=password)

print "Success login to {0}".format(ip_address) conn =

ssh_client.invoke_shell()

conn.send("conf
t\n") conn.send("int
lo0\n")
conn.send("ip add 1.1.1.1 255.255.255.255\n")
time.sleep(1)

output =
conn.recv(65535) print
output

ssh_client.close()

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 305

Coba jalankan paramiko1.py

Ubuntu
root@NetworkAutomation-1:~# python paramiko1.py
Success login to 192.168.10.2

R1#conf t
Enter configuration commands, one per line.End with CNTL/Z. R1(config)#int lo0
R1(config-if)#ip add 1.1.1.1 255.255.255.255
R1(config-if)#root@NetworkAutomation-1:~#

Cek pada router pastikan interface loopback sudah ada

R1
R1(config)#do show ip int brief | i up
FastEthernet0/0 ........................... 192.168.10.2 YES manual up up
Loopback0 1.1.1.1 YES manual up up

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 306

Backup config with paramiko
Backup konfigurasi merupakan pekerjaan yang sangat penting. Apalagi jika
kita ingin melakukan konfigurasi tambahan (update config) pada sebuah
device, maka kita harus melakukan backup konfigurasi terlebih dahulu.

Agar jika pada saat melakukan konfigurasi terjadi masalah, kita bisa
mengembalikan konfigurasi device ke kondisi semula.

Tentu saja akan sangat merepotkan jika kita harus melakukan backup
konfigurasi pada 100 device. Untuk melakukan pekerjaan tersebut, kita
bisa menggunakan python.

Ada banyak cara yang bisa kita gunakan untuk backup konfigurasi device
menggunakan python, salah satunya menggunakan paramiko.

Kita akan mencoba membuat script python menggunakan paramiko untuk

backup konfigurasi router. Masih pakai topology dan konfigurasi yang tadi.

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 307

Ubuntu
root@NetworkAutomation-1:~# cp paramiko1.py backup.py
root@NetworkAutomation-1:~# nano backup.py
root@NetworkAutomation-1:~# cat backup.py
import paramiko import time

ip_address = "192.168.10.2"
username = "cisco"
password = "cisco123"

ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname=ip_address,username=username,
password=password)

print "Success login to {0}".format(ip_address)

conn = ssh_client.invoke_shell()

conn.send("terminal length 0\n")

conn.send("show run\n") time.sleep(5)

output = conn.recv(65535)
output_file=open("{0}.cfg".format(ip_address),"w") output_file.write(output)
output_file.close()
print "Config in {0} saved!!".format(ip_address)
ssh_client.close()

CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 308

Oke kita coba jalankan script diatas. Dan coba lihat hasilnya

Ubuntu
root@NetworkAutomation-1:~# python backup.py
Success login to 192.168.10.2
Config in 192.168.10.2 saved!!
root@NetworkAutomation-1:~# ls | grep .cfg 192.168.10.2.cfg

Oke file dengan nama ip_address.cfg sudah berhasil dibuat. Kita coba lihat isi dari file
tersebut

Ubuntu
root@NetworkAutomation-1:~# more 192.168.10.2.cfg

R1#terminal length 0 R1#show run

Building configuration...

Current configuration : 1280 bytes

!
version 12.4
service timestamps debug datetime
msec service timestamps log
datetime msec no service
password-encryption
!
hostname R1
!
boot-start-
marker
boot-end-
marker
--More--(18%)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 309

Backup config multiple device
Script yang kita buat sebelumnya hanya bisa membackup konfigurasi
pada satu device saja. Untuk melakukan backup konfigurasi pada banyak
device sekaligus, kita harus melakukan sedikit modifikasi script.
Berikut topologi yang kita gunakan

Agar seluruh device bisa di automasi, kita harus menambahkan link management ke
ubuntu, selanjutnya kita buat script python untuk backup konfigurasi pada banyak
device menggunakan paramiko

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 310

 Ubuntu
root@NetworkAutomation-1:~#nano
backupmultiple.py root@NetworkAutomation-
1:~# cat backupmultiple.py import paramiko
import time

ip_list = ["192.168.10.2","192.168.10.3",
"192.168.10.4","192.168.10.5"]
username = "cisco"
password = "cisco123"

ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

for ip_address in ip_list:

ssh_client.connect(hostname=ip_address,
username=username,
password=password)

print "Success login to {0}".format(ip_address)

conn = ssh_client.invoke_shell()

conn.send("terminal length 0\n")

conn.send("show run\n")
time.sleep(4)
output = conn.recv(65535)
output_file = open("{0}.cfg".format(ip_address), "w")
output_file.write(output)
output_file.close()
print "Config in {0} saved!!\n".format(ip_address)

ssh_client.close()

Pada script diatas kita hanya menambahkan list IP Address dari seluruh router dan
melakukan looping di list tersebut. Selanjutnya kita memindahkan seluruh script,
yaitu pada saat mulai melakukan koneksi ssh, kedalam blok for.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 311

Sekarang kita coba jalankan script diatas

Ubuntu
root@NetworkAutomation-1:~# python backupmultiple.py
Success login to 192.168.10.2
Config in 192.168.10.2 saved!!

Success login to
192.168.10.3 Config in
192.168.10.3 saved!!

Success login to 192.168.10.4

Config in 192.168.10.4 saved!!

Success login to 192.168.10.5

Config in 192.168.10.5 saved!!

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 312

 Oke konfigurasi pada seluruh device telah terbackup, kita coba pastikan
Ubuntu
root@NetworkAutomation-1:~# ls | grep .cfg
192.168.10.2.cfg
192.168.10.3. cfg

192.168.10.4. cfg

192.168.10.5. cfg

Perhatikan bahwa kita sudah memiliki 4 file .cfg, sesuai dengan jumlah router yang
kita miliki. Kita coba lihat isi dari salah satu file tersebut.
Ubuntu
root@NetworkAutomation-1:~# more 192.168.10.5.cfg
R4#terminal length 0
R4#showrun
Building configuration...

Current configuration : 1222 bytes

!
version 12.4
service timestamps debug
datetime msec service timestamps
log datetime msec no service
password-encryption
!
hostname R4
!
boot-start-marker boot-end-marker
--More--(19%)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 313

Embedded Event Manager (EEM)
Embedded Event Manager (EEM) ini adalah sebuah teknologi cisco yang memungkinkan
perangkat untuk menjalankan script atau perintah secara otomatis ketika ada event
(kejadian) tertentu.

Konfigurasi Event Syslog

Topologynya seperti berikut

Konfigurasikan IP Address dan routing OSPF pada kedua router

R1
R1(config)# interface f0/0
R1(config-if)# ip address 12.12.12.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# exit
!
R1(config)# interface loopback0
R1(config-if)# ip address 1.1.1.1 255.255.255.255
R1(config-if)# exit
!
R1(config)# router ospf 10
R1(config-router)# network 1.1.1.1 0.0.0.0 area 0
R1(config-router)# network 12.12.12.0 0.0.0.255 area 0
R1(config-router)# exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 314

 R2
R2(config)# interface f0/0
R2(config-if)# ip address 12.12.12.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# exit
!
R2(config)# interface loopback0
R2(config-if)# ip address 2.2.2.2 255.255.255.255
R2(config-if)# exit
!
R2(config)# router ospf 10
R2(config-router)# network 2.2.2.2 0.0.0.0 area 0
R2(config-router)# network 12.12.12.0 0.0.0.255 area 0
R2(config-router)# exit

Coba buat custom syslog dengan EEM

R1
R1(config)#event manager applet INTERFACE_DOWN
R1(config-applet)#event syslog pattern "Interface FastEthernet0/0, changed state to
down"
R1(config-applet)#action 1.0 cli command "enable"
R1(config-applet)#action 2.0 cli command "conf term"
R1(config-applet)#action 3.0 cli command "interface fa0/0"
R1(config-applet)#action 4.0 cli command "no shut"

Script diatas berarti kalo ada log dengan tulisan seperti ini “Interface FastEthernet0/0,
changed state to down" maka tolong tulis enable dan no shutdown interfacenya. Dan
coba lakukan debug untuk melihat prosesnya. Lalu shutdown interface f0/0

R1
R1#debug event manager action cli Debug EEM action cli debugging is on
!
R1(config)#interface f0/0
R1(config-if)#shutdown
R1(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 315

 R1
R1(config)#
*Feb 7 07:45:21.195: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to
administratively down
*Feb 7 07:45:22.195: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
*Feb 7 07:45:22.247: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : CTL : cli_open
called.
*Feb 7 07:45:22.259: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : R1>
*Feb 7 07:45:22.259: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :
R1>enable
*Feb 7 07:45:22.271: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : R1#
*Feb 7 07:45:22.271: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :
R1#conf term
*Feb 7 07:45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT : Enter
configuration commands, one per line. End with CNTL/Z.
*Feb 7 07:45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :
R1(config)#
R1(config)#45:22.291: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :
R1(config)#interface fa0/0
*Feb 7 07:45:22.315: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :
R1(config-if)#
*Feb 7 07:45:22.315: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : IN :
R1(config-if)#no shut
*Feb 7 07:45:22.407: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : OUT :
R1(config-if)#
*Feb 7 07:45:22.407: %HA_EM-6-LOG: INTERFACE_DOWN : DEBUG(cli_lib) : : CTL : cli_close
called.
*Feb 7 07:45:22.447: %SYS-5-CONFIG_I: Configured from console by vty0 R1(config)#
*Feb 7 07:45:24.315: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Feb 7 07:45:25.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
R1(config)#
*Feb 7 07:45:27.435: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on FastEthernet0/0 from
LOADING to FULL, Loading Done

Jika kita perhatikan perangkat kita langsung menjalankan script untuk menghidupkan
kembali interface f0/0.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 316

 Konfigurasi Event OSPF Adjacency (Email)
Selain event syslog tadi kita juga bisa memanfaatkan EEM ini untuk mengirimkan
informasi ke email kita, misalnya OSPF kita down maka, router kita otomatis akan
mengirimkan debug ospf ke email kita. Untuk topology masih sama.

Konfigurasinya seperti berikut :

R1
R1(config)#event manager applet OSPF_DOWN
R1(config-applet)#event syslog pattern "Nbr 2.2.2.2 on FastEthernet0/0 from FULL
to DOWN"
R1(config-applet)#action 1.0 cli command "enable"
R1(config-applet)#action 2.0 cli command "debug ip ospf adj"
R1(config-applet)#action 3.0 mail server "smtp.gmail.com" to
"sahrul@idnfoundation.org" from "R1@idn.id" subject "OSPF IS DOWN" body
"Please fix OSPF"
R1(config-applet)#exit

Lakukan debug event dan hapus EEM interface down bekas konfigurasi sebelumnya.
R1
R1#debug event manager action mail Debug EEM action mail debugging is on
R1(config)#no event manager applet INTERFACE_DOWN

Shutdown interface f0/0 pada R1

R1
R1(config)#interface f0/0
R1(config-if)#shutdown R1
(config-if)#exit

R1
R1(config-if)#
Translating "smtp.gmail.com"
*Feb 7 07:54:43.747: %OSPF-5-ADJCHG: Process 10, Nbr 2.2.2.2 on FastEthernet0/0
from FULL to DOWN, Neighbor Down: Interface down or detached

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 317

 *Feb 7 07:54:43.895: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : CTL :
cli_open called.
*Feb 7 07:54:43.919: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : OUT : R1>
*Feb 7 07:54:43.919: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : IN :
R1>enable
*Feb 7 07:54:43.951: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : OUT : R1#
*Feb 7 07:54:43.951: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : IN :
R1#debug ip ospf adj
*Feb 7 07:54:43.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : OUT : OSPF
adjacency events debugging is on
*Feb 7 07:54:43.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : OUT : R1#
R1(config-if)#
R1(config)#
*Feb 7 07:54:43.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(smtp_lib) :
smtp_connect_attempt: 1
*Feb 7 07:54:43.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(smtp_lib) :
fh_smtp_connect failed at attempt 1
*Feb 7 07:54:44.251: OSPF: Build router LSA for area 0, router ID 1.1.1.1, seq
0x8000000C, process 10
*Feb 7 07:54:44.255: OSPF: We are not DR to build Net Lsa for interface
FastEthernet0/0
*Feb 7 07:54:55.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(smtp_lib) :
smtp_connect_attempt: 5
*Feb 7 07:54:55.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(smtp_lib) :
fh_smtp_connect failed at attempt 5
*Feb 7 07:54:55.979: %HA_EM-3-FMPD_SMTP: Error occurred when sending mail to
SMTP server: smtp.gmail.com : error in connecting to SMTP server
*Feb 7 07:54:55.979: %HA_EM-3-FMPD_ERROR: Error executing applet
OSPF_DOWN statement 3.0
R1(config)#
*Feb 7 07:54:55.979: %HA_EM-6-LOG: OSPF_DOWN : DEBUG(cli_lib) : : CTL :
cli_close called.

Dari hasil debug kita bisa lihat bahwa router mencoba konek ke smtp server tapi
hasilnya “Translating "smtp.gmail.com" hal ini dikarenakan router kita tidak
terkoneksi ke internet. Tapi bisa kita simpulkan bahwa event email ini berhasil.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 318

Konfigurasi Event CLI
Pada dua lab sebelumnya kita sudah mencoba EEM based on Syslog, kali ini kita
akan coba EEM based on command CLI, misalnya ketika ada orang ketik show ip
interface brief maka EEM akan merespon dengan command show ip interface brief
| include up, jadi yang muncul nantinya hanya interface yang up saja.

Untuk topology masih sama, berikut konfigurasinya :

R1
R1(config)#event manager applet SHOW_INTERFACE_UP
R1(config-applet)#event cli pattern "show ip interface brief" sync yes
R1(config-applet)#action 1.0 cli command "enable"
R1(config-applet)#action 2.0 cli command "show ip interface brief | include up"
R1(config-applet)#action 3.0 puts "$_cli_result"
R1(config-applet)#action 4.0 set $_exit_status "0"

Lakukan debug pada R1

R1
R1#debug event manager action cli
Debug EEM action cli debugging is on

Coba verifikasi interface dan lihat output nya.

R1
R1#show ip interface brief
FastEthernet0/0 .......................... 12.12.12.1 YES manual up up
Loopback0 1.1.1.1 YES manual up up R1#
*Feb 7 08:07:22.327: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
CTL : cli_open called.
*Feb 7 08:07:22.335: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
OUT : R1>
*Feb 7 08:07:22.335: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : : IN
: R1>enable

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 319

 *Feb 7 08:07:22.347: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
OUT : R1#
*Feb 7 08:07:22.347: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
IN
: R1#show ip interface brief | include up
*Feb 7 08:07:22.383: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
OUT : FastEthernet0/0 ........................ 12.12.12.1 YES manual up up
R1#
*Feb 7 08:07:22.383: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
OUT : Loopback0 1.1.1.1 YES manual up up
*Feb 7 08:07:22.383: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
OUT : R1#
*Feb 7 08:07:22.387: %HA_EM-6-LOG: SHOW_INTERFACE_UP : DEBUG(cli_lib) : :
CTL : cli_close called.
Seperti yang kita lihat ketika kita mengetik show ip interface brief maka output yang
keluar hanya interface yang up saja.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 320

Konfigurasi Scheduling Events
Misalnya jika kita punya kebutuhan untuk menyimpan konfigurasi setiap 60 detik sekali
maka kita bisa memanfaatkan fitu dari EEM scheduling events.

Untuk topology masih sama, berikut konfigurasinya

R1
R1(config)#event manager applet BACKUP_BERKALA
R1(config-applet)# event timer watchdog time 60
R1(config-applet)# action 1.0 cli command "enable"
R1(config-applet)# action 2.0 cli command "write memory"
R1(config-applet)# action 3.0 syslog priority informational msg
"Configuration has been saved"
R1(config-applet)# exit
R1#debug event manager action cli
Debug EEM action cli debugging is on

R1
R1# *Feb 7 08:15:01.055: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : :
CTL : cli_open called.
*Feb 7 08:15:01.063: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : : IN :
R1>enable
*Feb 7 08:15:01.075: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : : OUT
: R1#
*Feb 7 08:15:01.075: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : : IN :
R1#write memory
*Feb 7 08:15:04.055: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : : OUT
: Building configuration...
*Feb 7 08:15:04.063: %HA_EM-6-LOG: BACKUP_BERKALA: Configuration has
been saved
R1#
*Feb 7 08:15:04.063: %HA_EM-6-LOG: BACKUP_BERKALA : DEBUG(cli_lib) : : CTL
: cli_close called.
Dari hasil debug diatas router akan menjalankan command “write memory” setiap 60 detik

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 321

 IP SLA With EEM Script

Kali ini kita akan coba kombinasikan fitur EEM dengan IP SLA, yang mana nantinya IP
SLA ini digunakan untuk fitur monitoring, jadi jika IP SLA mendetect suatu link down
maka EEM akan mengirimkan log ke email kita. Untuk topology dan konfigurasi masih
sama. Tambahkan command ip sla pada R1
R1
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 2.2.2.2
R1(config-ip-sla-echo)#frequency 10
R1(config-ip-sla-echo)#exit
R1(config)#ip sla schedule 1 life forever start-time now
R1(config)#track 1 ip sla 1 reachability

Konfigurasi EEM pada R1

R1
R1(config)#event manager applet TRACK_IP_DOWN
R1(config-applet)#event track 1 state down
R1(config-applet)#action 1.0 syslog msg "IP SLA 1 is down"
R1(config-applet)#action 2.0 mail server "smtp.gmail.com" to "idn.id" from
"support@idn.id" subject "IP SLA 1 is down" body "IP SLA 1 tidak menerima lagi
ICMP packet"
R1(config-applet)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 334

 R1
R1(config)#event manager applet IP_SLA_1_UP
R1(config-applet)#event track 1 state up
R1(config-applet)#action 1.0 syslog msg "IP SLA 1 is up"

Lakukan debug pada R1

R1
R1#debug event manager action cli
R1#debug event manager action mail
Coba shutdown interface loopback pada R2
R2
R2(config)#int lo0
R2(config-if)#shutdown
R2(config-if)#exit

R1
R1(config)#
Translating "smtp.gmail.com"
*Feb 9 02:06:04.407: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Feb 9 02:06:04.423: %HA_EM-6-LOG: TRACK_IP_DOWN: IP SLA 1 is down
R1(config)#
*Feb 9 02:06:04.427: %HA_EM-6-LOG: TRACK_IP_DOWN : DEBUG(smtp_lib) :
smtp_connect_attempt: 1
*Feb 9 02:06:04.427: %HA_EM-6-LOG: TRACK_IP_DOWN : DEBUG(smtp_lib) :
fh_smtp_connect failed at attempt 1
R1(config)#
Translating "smtp.gmail.com"
*Feb 9 02:06:07.431: %HA_EM-6-LOG: TRACK_IP_DOWN : DEBUG(smtp_lib) :
smtp_connect_attempt: 2
*Feb 9 02:06:07.431: %HA_EM-6-LOG: TRACK_IP_DOWN : DEBUG(smtp_lib) :
fh_smtp_connect failed at attempt 2
Kalo kita lihat hasil debug diatas mendeteksi bahwa IP SLA down dan langsung
mencoba mengirim email, sayangnya router kita tidak konek ke internet jadi yang
muncul adalah translating “smtp.gmail.com”, tapi bisa disimpulkan konfigurasinya
sudah berhasil.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 335

 Hidupkan kembali interface loopback0 pada R2
R2
R2(config)#int lo0
R2(config-if)#no shutdown
R2(config-if)#exit

R1
R1(config)#
*Feb 9 02:07:44.407: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
R1(config)#
*Feb 9 02:07:44.411: %HA_EM-6-LOG: IP_SLA_1_UP: IP SLA 1 is up

Verifikasi ip sla
R1
R1#show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Type of operation: icmp-echo
Latest RTT: 16 milliseconds
Latest operation start time: *02:08:34.115 UTC Sun Feb 9 2020
Latest operation return code: OK
Number of
successes: 10
Number of
failures: 10
Operation time to live: Forever

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 336

 SWITCHING
TECHNOLOGIES

"Hiduplah seolah engkau mati besok. Belajarlah seolah engkau

hidup selamanya." (Mahatma Gandhi)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 337

 Lab 1. VLAN dan Trunk

Kita harus mengkonfigurasi VLAN pada kedua switch

SW-1
SW-KIRI#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW-KIRI(vlan)#vlan 10 name Engineer
VLAN 10 modified:
Name: Engineer
SW-KIRI(vlan)#exit
APPLY completed.
Exiting....
SW-KIRI#conf t
SW-KIRI(config)#int e0/0
SW-KIRI(config-if)#switchport mode access
SW-KIRI(config-if)#switchport access vlan 10
SW-KIRI(config-if)#exit

IOU-2
SW-KANAN#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW-KANAN(vlan)#vlan 10 name Engineer
VLAN 10 modified:
Name: Engineer
SW-KANAN(vlan)#exit
APPLY completed.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 338

 Exiting....
SW-KANAN#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW-KANAN(config)#int e0/0
SW-KANAN(config-if)#switchport mode access
SW-KANAN(config-if)#switchport access vlan 10
SW-KANAN(config-if)#exit

Konfigurasi trunkingnya
SW-KIRI
SW-KIRI(config)#int e0/1
SW-KIRI(config-if)#switchport trunk encapsulation dot1q
SW-KIRI(config-if)#switchport mode trunk
SW-KIRI(config-if)#switchport trunk allowed vlan 10
SW-KIRI(config-if)#exit

SW-KANAN
SW-KANAN(config)#int e0/1
SW-KANAN(config-if)#switchport trunk encapsulation dot1q
SW-KANAN(config-if)#switchport mode trunk
SW-KANAN(config-if)#switchport trunk allowed vlan 10
SW-KANAN(config-if)#exit

Kita verifikasi trunking dan vlan

SW-KIRI
SW-KIRI#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/2, Et0/3, Et1/0, Et1/1
Et1/2, Et1/3, Et2/0, Et2/1
Et2/2, Et2/3, Et3/0, Et3/1
Et3/2, Et3/3
10 Engineer active Et0/0
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 339

 SW-KIRI
SW-KIRI#show interface trunk
Port Mode Encapsulation Status Native vlan
Et0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/1 10

Port Vlans allowed and active in management domain

Et0/1 10

Port Vlans in spanning tree forwarding state and not pruned

Et0/1 10

SW-KANAN
SW-KANAN#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Et0/2, Et0/3, Et1/0, Et1/1
Et1/2, Et1/3, Et2/0, Et2/1
Et2/2, Et2/3, Et3/0, Et3/1
Et3/2, Et3/3
10 Engineer active Et0/0
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

SW-KANAN#show interface trunk

Port Mode Encapsulation Status Native vlan
Et0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Et0/1 10
Port Vlans allowed and active in management domain
Et0/1 10
Port Vlans in spanning tree forwarding state and not pruned
Et0/1 10

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 340

 Kita verifikasi ping
PC1
PC1> ip 192.168.10.1/24
Checking for duplicate address...
PC1 : 192.168.10.1 255.255.255.0
PC1> ping 192.168.10.2
host (192.168.10.2) not reachable

PC1> ping 192.168.10.2

84 bytes from 192.168.10.2 icmp_seq=1 ttl=64 time=0.991 ms
84 bytes from 192.168.10.2 icmp_seq=2 ttl=64 time=0.875 ms
84 bytes from 192.168.10.2 icmp_seq=3 ttl=64 time=0.852 ms
84 bytes from 192.168.10.2 icmp_seq=4 ttl=64 time=1.049 ms
84 bytes from 192.168.10.2 icmp_seq=5 ttl=64 time=0.784 ms

PC2
PC2> ip 192.168.10.2/24
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0

PC2> ping 192.168.10.1

84 bytes from 192.168.10.1 icmp_seq=1 ttl=64 time=0.759 ms
84 bytes from 192.168.10.1 icmp_seq=2 ttl=64 time=0.904 ms
84 bytes from 192.168.10.1 icmp_seq=3 ttl=64 time=0.952 ms
84 bytes from 192.168.10.1 icmp_seq=4 ttl=64 time=0.837 ms
84 bytes from 192.168.10.1 icmp_seq=5 ttl=64 time=0.925 ms

Berhasil ping..

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 341

 Lab 2. Inter Vlan Routing

Tambahkan PC-3 dan Router. Kita buat vlan 20 serta daftarkan ke port e0/2
SW-1
SW-KANAN(config)#vlan 20
SW-KANAN(config-vlan)#name Pelajar
SW-KANAN(config-vlan)#exit
SW-KANAN(config)#int e0/2
SW-KANAN(config-if)#switchport mode access
SW-KANAN(config-if)#switcport access vlan 20
SW-KANAN(config-if)#exit
SW-KANAN(config)#int e0/1
SW-KANAN(config-if)#switchport trunk allowed vlan 20
SW-KANAN(config-if)#exit
Kita konfigurasi trunk ke arah R1
SW-1
SW-KIRI(config)#int e0/2
SW-KIRI(config-if)#switchport trunk encapsulation dot1q
SW-KIRI(config-if)#switchport mode trunk
SW-KIRI(config-if)#switchport trunk allowed vlan 10,20
SW-KIRI(config-if)#exit
SW-KIRI(config)#int e0/1
SW-KIRI(config-if)#switchport trunk allowed vlan add 20
SW-KIRI(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 342

 Kita konfigurasi pada R1
R1
R1(config)#int e0/0
R1(config-if)#no shutdown
R1(config-if)#duplex full
!
R1(config)#int e0/0.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)#ip add 192.168.10.254 255.255.255.0
R1(config-subif)#exit
!
R1(config)#int f0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip add 192.168.20.254 255.255.255.0
R1(config-subif)#exit

Selanjutnya kita isi gateway pada setiap PC dan tes ping ke gateway
PC1
PC1> ip 192.168.10.1/24 192.168.10.254
Checking for duplicate address...
PC1 : 192.168.10.1 255.255.255.0 gateway 192.168.10.254

PC1> ping 192.168.10.254

84 bytes from 192.168.10.254 icmp_seq=1 ttl=255 time=41.136 ms
84 bytes from 192.168.10.254 icmp_seq=2 ttl=255 time=12.315 ms
PC2
PC2> ip 192.168.10.2/24 192.168.10.254
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0 gateway 192.168.10.254

PC2> ping 192.168.10.254

84 bytes from 192.168.10.254 icmp_seq=1 ttl=255 time=9.939 ms
84 bytes from 192.168.10.254 icmp_seq=2 ttl=255 time=2.251 ms

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 343

 PC3
PC3> ip 192.168.20.1/24 192.168.20.254
Checking for duplicate address...

PC1 : 192.168.20.1 255.255.255.0 gateway 192.168.20.254

PC3>
PC3> ping 192.168.20.254
host (192.168.20.254) not reachable

Hasil ping dari PC3 ke R1 masih gagal, karena pada SW-KIRI belum kita
setting vlan 20. Kita verifikasi pada SW-KIRI
SW-KIRI
SW-KIRI(config)#do show vlan brief

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------
1 default active Et0/3, Et1/0, Et1/1, Et1/2
Et1/3, Et2/0, Et2/1, Et2/2
Et2/3, Et3/0, Et3/1, Et3/2
Et3/3
10 Engineer active Et0/0
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Pada SW-KIRI tidak ada vlan 20, sehingga packet dari SW-KANAN tidak bisa
lewat ke SW-KIRI. Untuk itu, konfigurasikan vlan 20 dan tidak perlu di assign
kemana-mana.

SW-KIRI
SW-KIRI#vlan database
SW-KIRI(vlan)#vlan 20 name Pelajar
VLAN 20 added:
Name: Pelajar
SW-KIRI(vlan)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 344

 Tes ping lagi
PC3
PC3> ping 192.168.20.254
84 bytes from 192.168.20.254 icmp_seq=1 ttl=255 time=51.679 ms
84 bytes from 192.168.20.254 icmp_seq=2 ttl=255 time=8.270 ms
84 bytes from 192.168.20.254 icmp_seq=3 ttl=255 time=9.233 ms
84 bytes from 192.168.20.254 icmp_seq=4 ttl=255 time=6.937 ms

Akhirnya berhasil. Selanjutnya kita verifikasi pada R1

R1
R1#sh ip int brief | i up
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/0.10 192.168.10.254 YES manual up up
FastEthernet0/0.20 192.168.20.254 YES manual up up

R1
R1#show cdp neighbors
Device ID Local Intrfce Holdtme Capability Platform Port ID
ESW1 Fas 0/0 169 S I 2691 Fas 1/2

SW1
SW1#sh vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
10 Engineer active Fa1/0
20 Pelajar active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 345

 SW2
SW2#sh vlan-switch brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/10
Fa1/11, Fa1/12, Fa1/13, Fa1/14
Fa1/15
10 Engineer active Fa1/0
20 Pelajar active Fa1/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active

SW2
SW2#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa1/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa1/1 1-2,10,20,1002-1005

Port Vlans allowed and active in management domain

Fa1/1 1,10,20
Port Vlans in spanning tree forwarding state and not pruned
Fa1/1 1,10,20

PC3
PC3> sh ip
NAME : PC3[1]
IP/MASK : 192.168.20.1/24
GATEWAY : 192.168.20.254
DNS :
MAC : 00:50:79:66:68:02
LPORT : 20028
RHOST:PORT : 127.0.0.1:20029
MTU: : 1500

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 346

 PC3> ping 192.168.10.1
84 bytes from 192.168.10.1 icmp_seq=1 ttl=63 time=19.854 ms
84 bytes from 192.168.10.1 icmp_seq=2 ttl=63 time=21.234 ms
84 bytes from 192.168.10.1 icmp_seq=3 ttl=63 time=13.295 ms
84 bytes from 192.168.10.1 icmp_seq=4 ttl=63 time=17.244 ms
84 bytes from 192.168.10.1 icmp_seq=5 ttl=63 time=21.214 ms

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 347

 3. SPAN (Switch Port Analyzer)

Pastikan port yang tersambung ke PC telah terinstal Wireshark. Trafik yang

dicapture oleh wireshark, akan menganalisa trafik yang terdapat pada R1.
Kita membuat traffik yang akan dikirim dan diterima oleh R1, kemudian
dicopikan sama persis ke suatu port yang diinginkan dengan menggunakan
SPAN.

Oke guys.. Selanjutnya kita konfigurasi SPAN pada ESW1 untuk mengirimkan
semua trafik dari vlan 1 pada R1 ke PC Wireshark. Pengetesannya yaitu R1
ping ke Interface SVI 10 Switch SW1, maka trafik yang sama juga akan
diterima oleh PC Wireshark.

Konfigurasi R1
R1
R1(config)#interface FastEthernet0/0
R1(config)#ip address 192.168.10.1 255.255.255.0
R1(config)#exit

Kita lakukan konfigurasi pada SW-1

SW1
SW1(vlan)#vlan 10
VLAN 10 modified:
SW1(vlan)#vlan 10 name SPAN
VLAN 10 modified:
Name: SPAN
SW1(vlan)#exit
SW1(config)#int f1/0
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10
SW1(config-if)#exit
!

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 348

 SW1(config)#int vlan 10
SW1(config-if)#no shutdown
SW1(config-if)#ip add 192.168.10.2 255.255.255.0
SW1(config-if)#exit
!
SW1(config)# #monitor session 1 source vlan 10
SW1(config)# monitor session 1 destination interface e0/1

Pengetesannya adalah dari SW1 melakukan ping ke R1 (f0/0), maka nantinya

trafik tersebut juga akan dicopykan ke PC Wiresharknya di e0. Sourcenya
bisa berupa 1 port saja ataupun port vlan tertentu maupun port-channel.

SW1#sh monitor session 1

SW(config)#do show monitor session 1
Session 1
---------
Type : Local Session
Source VLANs :
Both : 10
Destination Ports : Et0/1
Encapsulation : Native

Pada PC, jalankan Wiresharknya, kemudian pada bagian filter, ketik ICMP.
Selanjutnya lakukan tes ping dari R1 ke SW1.

SW1
SW#ping 192.168.10.1 source vlan 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 349

 4. Remote SPAN (RSPAN)

Pada RSPAN, bedanya dengan SPAN adalah perangkat yang mau dicapture
dan yang mau mengcapture berada pada switch yang berbeda.
Pada RSPAN dibutuhkan 1 vlan khusus untuk RSPAN, misal vlan 100. Cabut
kabel dari PC ke arah SW-1 dan tambahkan SW-2 colok PC ke SW-2.

Cabut kabel dari PC ke arah SW-1 dan tambahkan SW-2 colok PC ke SW-2.
Hapus terlebih dahulu konfigurasi SPAN sebelumnya.
SW-1
SW-1(config)#do show run | i
monitor monitor session 1
source vlan 10
monitor session 1 destination interface Et0/1
SW-1(config)#no monitor session 1 source vlan 10
SW-1(config)#no monitor session 1 destination interface Et0/1

Tambahkan VLAN 100 (untuk RSPAN). Konfigurasi trunk ke arah SW-2.

SW-1
SW-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW-1(config)#vlan 100
SW-1(config-vlan)#name RSPAN
SW-1(config-vlan)#exit
SW-1(config)#interface e0/1
SW-1(config-if)#switchport trunk encapsulation dot1q
SW-1(config-if)#switchport mode trunk
SW-1(config-if)#exit
!
SW-1(config)#monitor session 1 source vlan 10
SW-1(config)#monitor session 1 destination remote vlan 100

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 350

 SW-2
SW-2(config)#vlan 10
SW-2(config-vlan)#name PC
SW-2(config-vlan)#interface e0/1
SW-2(config-if)#switchport mode access
SW-2(config-if)#switchport access vlan 10
SW-2(config)#vlan 100
SW-2(config-vlan)#name RSPAN
!
SW-2(config-vlan)#monitor session 1 destination interface e0/1
SW-2(config)#monitor session 1 source remote vlan 100

Pengetesannya adalah dari SW1 melakukan ping ke R1 (e0/0). Nantinya trafik

juga akan dicopykan dikirim ke SW2. Dari SW2 trafik yang dicopykan itu,
akan dikirimkan ke pc wireshark yang ada di e0/1. Dari PC wireshark cek trafik
yang masuk, filter bagian ICMP nya.
SW-1
SW-1#ping 192.168.10.1
source vlan 10
Type escape sequence to
abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2
seconds: Packet sent with a source address of 192.168.10.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/6 ms

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 351

 LAB 5. STP Features : Portfast

Masih menggunakan topology yang sama. Portfast ini berfungsi ketika

pc/router dicolok ke port switch langsung aktif/hijau portnya tanpa
menunggu waktu 50 detik (blocking-listening-learning-forwarding).

Untuk pengetesannya yaitu sederhana adalah colokkan PC ke switch yang

belum diset portfast dan yang sudah diset portfast. By default switch akan
melalui prosses listening -> learning seperti berikut ini.

SW-1
SW-1#debug spanning-tree events
SW-1(config)#int e0/0
SW-1(config-if)#shutdown
*Feb 1 12:05:41.821: %LINK-5-CHANGED: Interface Ethernet0/0, changed
state to administratively down
SW-1(config-if)#no shutdown
*Feb 1 12:05:48.316: STP: VLAN0010 Et0/0 -> listening
*Feb 1 12:06:03.317: STP: VLAN0010 Et0/0 -> learning
*Feb 1 12:06:26.431: STP: VLAN0010 Et0/0 -> forwarding

Konfigurasikan portfast pada SW-1

SW-1
SW-1(config)#int e0/0
SW-1(config-if)#spanning-tree portfast

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 352

 Verifikasi
SW-1
SW-1#show spanning-tree int e0/0 detail
Port 1 (Ethernet0/0) of VLAN0010 is designated forwarding
Port path cost 100, Port priority 128, Port Identifier 128.1.
Designated root has priority 32778, address aabb.cc00.0200
Designated bridge has priority 32778, address aabb.cc00.0200
Designated port id is 128.1, designated path cost 0
Timers: message age 0, forward delay 0, hold 2
Number of transitions to forwarding state: 1
The port is in the portfast edge mode
Link type is point-to-point by default
BPDU: sent 1065, received 0

BPDU masih tetap dikirimkan pada link Portfast. Pengetesannya, jalankan

debug kemudian lepas kabel atau shut, no shut.
SW-1
SW-1#debug spanning-tree events Spanning Tree
event debugging is on
!
SW-1(config)#int e0/0
SW-1(config-if)#shutdown
SW-1(config-if)#
*Feb 1 12:00:42.509: STP: VLAN0010 we are the spanning tree
root SW-1(config-if)#
*Feb 1 12:00:44.514: %LINK-5-CHANGED: Interface Ethernet0/0, changed state
to administratively down
*Feb 1 12:00:45.520: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/0, changed state to down
SW-1(config-if)#no shutdown
SW-1(config-if)#exit
*Feb 1 12:00:51.687: STP: VLAN0010 Et0/0 ->jump to forwarding from blocking

Perhatikan pada lampu portnya tidak ada lagi lampu oranye, melainkan
langsung hijau.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 353

 Lab 6. STP Features : UplinkFast

Fungsinya sama seperti portfast, hanya saja perlu diingat bahwa portfast
tidak boleh dikonfigurasikan pada trunk karena akan mengakibatkan
spanning tree nya menjadi disable.
Nah untuk hal tersebut yakni agar port bisa langsung forward tanpa perlu
menunggu listening dan forwarding dulu, kita bisa konfigurasikan
UPLINKFAST. Sehingga bila link utamanya down, maka link backupnya bisa
langsung UP seketika tanpa perlu oranye dulu portnya.
▪ Konfigurasikan trunk pada kedua link diatas

▪ Konfigurasikan spanning tree uplinkfast pada SW1

Konfigurasi uplinkfast
SW-1
IOU1(config)#vlan 12
IOU1(config-vlan)#name Bebas
IOU1(config-vlan)#interface vlan 12
IOU1(config-if)#ip address 12.12.12.1 255.255.255.0
IOU1(config-if)#no shutdown
!
IOU1(config)#int e0/0
IOU1(config-if)#switchport trunk encapsulation dot1
IOU1(config-if)#switchport trunk encapsulation dot1q
IOU1(config-if)#switchport mode trunk
!
IOU1(config)#int e0/1
IOU1(config-if)#switchport trunk encapsulation dot1q
IOU1(config-if)#switchport mode trunk

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 354

 SW-2
IOU2#conf t
IOU2(config)#vlan 12
IOU2(config-vlan)#name Bebas
!
IOU2(config-vlan)#interface vlan 12
IOU2(config-if)#ip address 12.12.12.2 255.255.255.0
IOU2(config-if)#no shutdown
!
IOU2(config-if)#int e0/0
IOU2(config-if)#switchport trunk encapsulation dot1q
IOU2(config-if)#switchport mode trunk
!
IOU2(config-if)#int e0/1
IOU2(config-if)#switchport trunk encapsulation dot1q
IOU2(config-if)#switchport mode trunk
IOU2(config-if)#end

Kita cek terlebih dahulu port mana yang digunakan dan port sebagai backup.
SW-2
IOU2#sh spanning-tree vlan 12
VLAN0012
Spanning tree enabled protocol ieee
Root ID Priority 32780
Address aabb.cc00.0100
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32780 (priority 32768 sys-id-ext 12)
Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 100 128.1 Shr
Et0/1 Altn BLK 100 128.2 Shr

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 355

 Kita bisa melihat bahwa jalur e0/0 yang digunakan sedangkan e0/1 dalam
kondisi blocking. Kita bisa melakukan pengetesan dengan tes ping dari SW2
ke SW1 repeat 10000 terlebih dahulu. Setelah jalan pingnya, kita shutdown
interface e0/0nya dari SW1.
Kita bisa melihat bahwasanya jalur e0/0 yang digunakan, sedangkan e0/1nya
dalam kondisi blocking. Pengetesan yang bisa dilakukan yaitu dengan tes
ping dari dari SW2 ke SW1 repeat 10000 terlebih dahulu Setelah jalan
pingnya shutdown interface E0/0 nya SW1.
SW-2
SW2(config)#do ping 12.12.12.1 re 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (9976/10000), round-trip min/avg/max =
1/4/4294967295 ms

SW-1
SW1(config)#int e0/0
SW1(config-if)#shutdown
SW1(config-if)#exit

Terlihat cukup banyak RTO nya saat proses perpindahan jalur ketika link
e0/0 nya down dan kemudian berpindah ke e0/0. Selanjutnya
konfigurasikan uplink fast pada SW1

SW-2
SW2#ping 12.12.12.1 re 10000 Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 12.12.12.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 99 percent (9992/10000), round-trip min/avg/max = 1/4/92
ms

Terlihat bahwasanya RTO nya hanya 2 kali, jauh lebih sedikit dibanding
sebelumnya. Kalau pada perangkat switch sebenarnya malah tidak ada RTO
sama sekali. Disini RTO nya muncul karena menggunakan GNS3 yang cukup

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 356

 memakan resource cpu dan memory.
SW-1
SW1#debug spanning-tree uplinkfast
Spanning Tree uplinkfast debugging is on |
SW1#conf t
SW1(config)#interface e0/0
SW1(config-if)#shutdown
*Feb 1 15:44:52.837: STP FAST: UPLINKFAST: make_forwarding on
VLAN0001 Ethernet0/1 root port id new: 128.2 prev: 128.1
*Feb 1 15:44:52.837: %SPANTREE_FAST-7-PORT_FWD_UPLINK: VLAN0001
Ethernet0/1 moved to Forwarding (UplinkFast).

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 357

 Lab 7. STP Features : BPDU Guard

Konfigurasikan BPDU guard pada port e0/0 sehingga portnya akan menjadi
blok error disable bila menerima BPDU. Pada sisi Router bisa juga
digantikan dengan Switch.

Pada switch secara otomatis akan mengirimkan bpdu, sedangkan pada

router perlu ditambahkan konfigurasi bridging terlebih dahulu untuk
menggenerate trafik bpdu. Kita masih memakai topology dan konfigurasi
bekas sebelumnya.

Disini kita masih menggunakan topology dan konfigurasi sebelumnya

SW-1
SW1(config)#interface e0/0
SW1(config-if)#spanning-tree bpduguard enable
*Feb 1 15:56:38.537: %SPANTREE-2-BLOCK_BPDUGUARD: Received
BPDU on port Et0/0 with BPDU Guard enabled. Disabling port.
*Feb 1 15:56:38.537: %PM-4-ERR_DISABLE: bpduguard error detected
on Et0/0, putting Et0/0 in err-disable state

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 358

 Verifikasi pada SW-1
SW-1
SW1(config)#do show int e0/0
Ethernet0/0 is down, line protocol is down (err-disabled)
Hardware is Ethernet, address is aabb.cc00.0100 (bia aabb.cc00.0100)
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is RJ45
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 359

 Lab 8. STP Features : BPDU Filter

▪ Konfigurasikan spanning tree portfast pada port akses SW1

▪ Aktifkan BPDU filter pada interfacee0/0 SW1
Konfigurasi portfast
SW-1
SW1(config)#interface e0/0
SW1(config-if)#spanning-tree portfast
SW1(config-if)#spanning-tree bpdufilter enable

hapus dulu nilai bpdu bila sebelumnya sudah ada nilainya

SW-1
SW1#clear spanning-tree counters interface e0/0

SW-1
SW1#show spanning-tree interface e0/0 detail
Port 1 (Ethernet0/0) of VLAN0001 is designated forwarding
Port path cost 100, Port priority 128, Port Identifier 128.1.
Designated root has priority 32769, address aabb.cc00.0100
Designated bridge has priority 32769, address aabb.cc00.0100
Designated port id is 128.1, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast edge mode
Link type is point-to-point by default
Bpdu filter is enabled
BPDU: sent 0, received 0
Terlihat bahwasanya nilai BPDU yang sent dan received akan selalu 0 karena
di filter. Berbeda pada BPDU Guard dImana portnya akan langsung menjadi
down, maka pada BPDU Filter interfacenya masih tetap UP.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 360

 Lab 9. STP Features : Root Guard

▪ Konfigurasikan SW1 sebagai root bridge

▪ Konfigurasikan pada SW1 agar SW2 tidak akan pernah menjadi root
apapun kondisinya. Konfigurasi pada SW-1 dan SW-2

SW-1 dan SW-2

SW1(config)#interface range e0/0-1
SW1(config-if-range)#Switchport trunk encap dot1q
SW1(config-if-range)#Switchport mode trunk
!
SW2(config)#interface range e0/0-1
SW2(config-if-range)#Switchport trunk encap dot1q
SW2(config-if-range)#Switchport mode trunk

Jadikan SW-1 sebagai root-bridge

SW-2
SW2(config)#spanning-tree vlan 1 root primary
SW2(config)#interface e0/0
SW2(config-if)#spanning-tree guard root
!
SW2(config-if)#interface e0/0
SW2(config-if)#spanning-tree guard root
*Feb 1 16:13:18.229: %SPANTREE-2-ROOTGUARD_CONFIG_CHANGE: Root
guard enabled on port Ethernet0/0.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 361

 SW-2
SW2#show spanning-tree interface e0/0 detail
Port 1 (Ethernet0/0) of VLAN0001 is designated forwarding
Port path cost 100, Port priority 128, Port Identifier 128.1.
Designated root has priority 24577, address aabb.cc00.0200
Designated bridge has priority 24577, address aabb.cc00.0200
Designated port id is 128.1, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
Root guard is enabled on the port
BPDU: sent 94, received 46

Pastikan SW1 yang menjadi root bridge, gunakan show spanning tree dan
pastikan muncul this bridge is the root. Lakukan debugging pada SW-2
SW-1
SW2#debug spanning-tree
events Spanning Tree event debugging is on

Selanjutnya konfigurasikan agar SW1 menjadi root dengan menset nilai

prioritynya lebih rendah dari SW2.
SW-1
SW1(config)#spanning-tree vlan 1 priority 4096

SW-2
SW2#
*Feb 1 16:18:47.287: STP: VLAN0001 heard root 4097-aabb.cc00.0100 on
Et0/1
*Feb 1 16:18:47.287: supersedes 24577-aabb.cc00.0200
*Feb 1 16:18:47.287: STP: VLAN0001 new root is 4097, aabb.cc00.0100 on
port Et0/1, cost 100
*Feb 1 16:18:47.287: %SPANTREE-2-ROOTGUARD_BLOCK: Root guard
blocking port Ethernet0/0 on VLAN0001.
SW2#
*Feb 1 16:18:47.289: STP: VLAN0001 sent Topology Change Notice on
Et0/1
*Feb 1 16:18:47.289: STP: VLAN0001 Et0/0 -> blocking

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 362

 Terlihat SW-1 tidak akan menjadi root bridge meskipun kita sudah mensetting
prioritynya lebih rendah dari SW-2, cek verifikasi lagi

SW-2
SW2#show spanning-tree inconsistentports

Name Interface Inconsistency

-------------------- ------------------------ ------------------
VLAN0001 Ethernet0/0 Root Inconsistent

Number of inconsistent ports (segments) in the system : 1

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 363

 Lab 10. MSTP (Multiple Spanning Tree)

• Konfigurasikan 2 MSTP instance (multiple vlan dalam 1 STP Instance)

• Konfigurasikan instance 1 untuk group vlan 10, 20, 30
• Konfigurasikan instance 2 untuk group vlan 40, 50, 60
• SW1 menjadi Root untuk instance 1 dan backupnya adalah SW2
• SW2 menjadi Root untuk instance 2 dan backupnya adalah SW1

Berikut ini konfigurasinya. Hapus konfigurasi root guard pada SW-2

SW-2
SW2(config-mst)#int e0/0
SW2(config-if)#no spanning-tree guard root

Buat VLAN 10-60 pada kedua switch untuk nama bebas

SW-1 dan SW-2
vlan database
vlan 10 name Nobita
vlan 20 name doramemon
vlan 30 name Zayen
vlan 40 name Sizuka
vlan 50 name baling-baling bambu
vlan 60 name idnmantab
exit

SW-1
SW1(config-mst)#name IDN
SW1(config-mst)#revision 1
SW1(config-mst)#instance 1 vlan 10,20,30
SW1(config-mst)#instance 2 vlan 40,50,60
SW1(config-mst)#span mst 1 root primary
SW1(config)#span mst 2 root secondary
!

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 364

 SW1(config)#interface range e0/0-1
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#exit

SW-2
SW2(config)#spanning-tree mode mst
SW2(config)#spanning-tree mst configuration
SW2(config-mst)#name IDN
SW2(config-mst)#revision 1
SW2(config-mst)#instance 1 vlan 10,20,30
SW2(config-mst)#instance 2 vlan 40,50,60
SW2(config-mst)#span mst 1 root secondary
SW2(config)#span mst 2 root primary
!
SW2(config)#interface range e0/0-1
SW2(config-if-range)#switchport trunk encap dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#exit

Pastikan mapping vlan dengan MST instance nya sudah sesuai

SW-2
SW2#show spanning-tree mst conf
SW2#show spanning-tree mst configuration
Name [IDN]
Revision 1 Instances configured 3
Instance Vlans mapped
-------- ------------------------------------------------------------------
---
0 1-9,11-19,21-29,31-39,41-49,51-59,61-4094
1 10,20,30
2 40,50,60

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 365

 Pastikan SW1 menjadi root untuk MST1
SW-1
SW1#show spanning-tree mst 1
##### MST1 vlans mapped: 10,20,30
Bridge address aabb.cc00.0100 priority 24577 (24576 sysid 1)
Root this switch for MST1
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------
Et0/0 Desg FWD 2000000 ................... 128.1 P2p
Et0/1 Desg FWD 2000000 ................... 128.2 P2p

SW-2
SW2#show spanning-tree mst 2
##### MST2 vlans mapped: 40,50,60
Bridge address aabb.cc00.0200 priority 24578 (24576 sysid 2)
Root this switch for MST2
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- -------------------------------
Et0/0 Desg FWD 2000000 .................... 128.1 P2p
Et0/1 Desg FWD 2000000
128.2 P2p

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 366

 Lab 11. RSTP (Rapid Spanning Tree Protocol)

• Konfigurasikan switch dmana 1 vlan akan menggunakan 1 STP Instance

• SW1 menjadi Root untuk vlan 10, 20, 30

• SW2 menjadi Root untuk Vlan 40, 50, 60

Berikut Konfigurasinya :
SW-1
SW1(config)#no spanning-tree mst configuration
SW1(config)#spanning-tree mode rapid-pvst
SW1(config)#spanning-tree vlan 10,20,30 root primary
SW1(config)#spanning-tree vlan 40,50,60 root secondary

SW-2
SW2(config)#no spanning-tree mst configuration
SW2(config)#spanning-tree mode rapid-pvst
SW2(config)#spanning-tree vlan 10,20,30 root secondary
SW2(config)#spanning-tree vlan 40,50,60 root primary

Verifikasi dan Pastikan SW1 menjadi root bridge untuk vlan 10, 20 dan 30
SW-1
SW1#show spanning-tree
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 367

 Bridge ID Priority 24586 (priority 24576 sys-id-ext 10)
Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
----

Et0/0 Desg FWD 100............................... 128.1 P2p

Et0/1 Desg FWD 100............................... 128.2 P2p

SW-2
SW2#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address aabb.cc00.0100
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 28682 (priority 28672 sys-id-ext 10)

Address aabb.cc00.0200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ---------------------------

Et0/0 Root FWD 100 ................................ 128.1 P2p

Et0/1 Altn BLK 100 .................................. 128.2 P2p

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 368

 Lab 12. Etherchannel Mode on

Dengan etherchannel ketiga link tersebut akan dibundle menjadi satu,

sehingga bandwidthnya juga menjadi tiga kalinya. Berikut konfigurasinya
SW-1
SW1(config)#interface range e0/0-2
SW1(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
!
SW1(config)#interface port-channel 1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#ex
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit

Verifikasi
SW-1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 369

 Number of channel-groups in use: 1 Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-------------------------------------------
1 Po1(SU) Et0/0(P) Et0/1(P) Et0/2(P)

SW-1
SW1#show interfaces port-channel 1
switchport Name: Po1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)

SW-1
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
----
Po1 Desg FWD 47 128.65 P2p

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 370

 Lab 13. Etherchannel PagP

Untuk lab ini menggunakan Pagp Etherchannel, PagP ini etherchannel milik
cisco jadi di vendor lain tidak ada. Mode yang bisa digunakan untuk
membentuk etherchannel PagP ada 2 yaitu :
- Desirable
- Auto
Berikut tabel yang bisa teman-teman lihat untuk memahami lab ini.
SW1 SW2 EtherChannel?
Desirable Desirable Yes
Auto Desirable Yes
Desirable Auto Yes
Auto Auto No

Berikut konfigurasinya
SW-1
SW1(config)#interface range e0/0-2
SW1(config-if-range)#channel-group 1 mode desirable
Creating a port-channel interface Port-channel 1
!
SW1(config-if-range)#interface port-channel 1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 371

 SW-2
SW2(config)#interface range e0/0-2
SW2(config-if-range)#channel-group 1 mode auto
Creating a port-channel interface Port-channel 1
!
SW2(config-if-range)#interface port-channel 1
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit

Verifikasi
SW-1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1 Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-------------------------------------------
----
1 Po1(SU) PAgP Et0/0(P) Et0/1(P) Et0/2(P)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 372

 SW-1
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan Po1
on ..................................................... 802.1q trunking 1

Port Vlans allowed on trunk Po1 1-4094

Port Vlans allowed and active in management

domain Po1 1

Port Vlans in spanning tree forwarding state and not pruned

Po1 1

SW-1
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
----
Po1 Desg FWD 47 .................................. 128.65 P2p

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 373

 Lab 14. Etherchannel LACP

Untuk lab ini menggunakan LACP Etherchannel, LACP ini etherchannel Open
Standard jadi di vendor lain ada. Mode yang bisa digunakan untuk
membentuk etherchannel LACP ada 2 yaitu :
- Active
- Passive
Kedua Mode ini bisa digunakan tapi ada syaratnya jika mode Passive dan
Passive ketemu maka tidak akan membentuk etherchannel sama sekali,
berikut ini tabel yang bisa kita lihat untuk memahami lab berikut ini.

SW1 SW2 EtherChannel

Active Active Yes
Active Passive Yes
Passive Active Yes
Passive Passive No

Berikut konfigurasinya
SW-1
SW1(config)#interface range e0/0-2
SW1(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1
!
SW1(config-if-range)#interface port-channel 1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 374

 SW-2
SW2(config)#interface range e0/0-2
SW2(config-if-range)#channel-group 1 mode passive
Creating a port-channel interface Port-channel 1
!
SW2(config-if-range)#interface port-channel 1
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#exit

Verifikasi
SW-1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG

Number of channel-
groups in use: 1 Number
of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-------------------------------------------
----
1 Po1(SU) LACP Et0/0(P) Et0/1(P) Et0/2(P)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 375

 SW-1
SW1#show interface port-channel 1
switchport Name: Po1
Switchport:
Enabled
Administrative
Mode: trunk
Operational
Mode: trunk
Administrative Trunking Encapsulation:
dot1q Operational Trunking
Encapsulation: dot1q Negotiation of
Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging:
enabled

SW-1
SW1#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address aabb.cc00.0100
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address aabb.cc00.0100
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- -------- ----------------------------
----
Po1 Desg FWD 47 ....................................... 128.65 P2p

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 376

 Lab 15. Etherchannel Layer 3

Kalo kita lihat pada lab-lab sebelumnya semua etherchannel berjalan pada
layer 2 dan kali ini kita akan rubah agar etherchannelnya berjalan dilayer
3, untuk topology masih sama kita kemudian Konfigurasikan EtherChannel
Layer 3 antara SW1 dan SW2 tanpa melakukan negosiasi protocol

SW-1
SW1(config)#interface range e0/0-
2 SW1(config-if-range)#no
switchport SW1(config-if-
range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
!
SW1(config-if-range)#Interface
port-channel1 SW1(config-if)#no
switchport
SW1(config-if)#ip address 12.12.12.1 255.255.255.0

SW-1
SW1(config)#interface port-channel 1
SW1(config-if)#no switchport
SW1(config-if)#ip address 12.12.12.1 255.255.255.0
SW1(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 377

 SW-2
SW2(config)#interface range e0/0-2
SW2(config-if-range)#no switchport
SW2(config-if-range)#channel-group 1 mode on
Creating a port-channel interface Port-channel 1
!
SW2(config-if-range)#Interface port-channel1
SW2(config-if)#no switchport
SW2(config-if)#ip address 12.12.12.2 255.255.255.0

Verifikasi
SW-1
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator
M - not in use, minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
Number of channel-groups in use: 1 Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-------------------------------------------
1 Po1(RU) --------------------- Et0/0(P) Et0/1(P) Et0/2(P)

Cek ping
SW-1
SW1#ping 12.12.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 378

 Lab 16. Port Security – Default Violation

Cek nilai mac address F0/0 Router R1

R1
Router(config)#do show int f0/0 | i address
Hardware is Gt96k FE, address is 0021.d831.1bda (bia 0021.d831.1bda)

Konfigurasikan port-security
SW-1
Switch(config)#interface FastEthernet1/0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address 0021.d831.1bda

Verifikasi
SW-1
Switch#show port-security interface f1/0/1
Port Security : Enabled
Port Status : Secure-up Violation
Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute Secure Static
Address Aging : Disabled Maximum
MAC Addresses :1
Total MAC Addresses :1
Configured MAC Addresses : 1
Sticky MAC Addresses :0
Last Source Address:Vlan : 0021.d831.1bda:1
Security Violation Count : 0

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 379

 Coba rubah mac address pada R1
R1
Router(config)#int F0/0
Router(config-if)#mac-address aaaa.bbbb.cccc
Router(config-if)#exit

Cek disisi Switch

SW-1
Switch#show port-security interface f1/0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute Secure Static
Address Aging : Disabled Maximum
MAC Addresses :1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : aaaa.bbbb.cccc:1
Security Violation Count : 1

SW-1
Switch#show int f1/0/1
FastEthernet1/0/1 is down, line protocol is down (err-disabled)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 380

 Lab 17. Port Security – Violation Recovery

Kalau di CCNA Jika ingin menghidupkan port yang terdisable karena violation
maka caranya adalah dengan shutdown interfacenya dan no shutdown, Kali ini
kita akan membuat recovery otomatis tanpa harus shutdown dan no shutdown
Kondisi Awal :

SW-1
Switch#show int f1/0/1
FastEthernet1/0/1 is down, line protocol is down (err-disabled)

Konfigurasikan command dibawah ini

SW-1
Switch(config)#errdisable recovery cause psecure-violation
Switch(config)#errdisable recovery interval 60

Nantinya interface akan up dengan sendirinya

SW-1
Switch(config)#
*Mar 1 00:20:57.376: %PM-4-ERR_RECOVER: Attempting to recover from
psecure- violation err-disable state on Fa1/0/1
*Mar 1 00:21:01.243: %LINK-3-UPDOWN: Interface FastEthernet1/0/1,
changed state to up
*Mar 1 00:21:02.250: %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet1/0/1, changed state to up
!
Switch(config)#do show int f1/0/1
FastEthernet1/0/1 is up, line protocol is up (connected)

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 381

 Lab 18. Port Security – Violation Action
Hapus konfigurasi bekas sebelumnya

SW-1
Switch(config)#no errdisable recovery interval 60
Switch(config)#no errdisable recovery cause psecure-violation
Switch(config)#default int f1/0/1

R1
Router(config)#default int f0/0

Cek lagi Mac address di sisi router

R1
Router(config)#do show int f0/0 | i add
Hardware is Gt96k FE, address is 0021.d831.1bda (bia0021.d831.1bda)

Konfigurasikan port-security pada SW-1

SW-1
Switch(config)#interface FastEthernet 1/0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address 0021.d831.1bda
Switch(config-if)#switchport port-security violation restrict

Kita rubah nilai mac address f0/0 pada Router

R1
Router(config)#int F0/0
Router(config-if)#mac-address aaaa.bbbb.cccc
Router(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 382

 Verifikasi
SW-1
Switch(config)#
*Mar 1 00:30:44.419: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address aaaa.bbbb.cccc on port
FastEthernet1/0/1.
*Mar 1 00:30:51.902: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Vlan1, changed state to up
*Mar 1 00:30:52.699: %PORT_SECURITY-2-PSECURE_VIOLATION: Security
violation occurred, caused by MAC address aaaa.bbbb.cccc on port
FastEthernet1/0/1.

SW-1
Switch(config)#do show port-security interface
f1/0/1 Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute Secure Static
Address Aging : Disabled Maximum
MAC Addresses : 1
Total MAC Addresses : 1 Configured
MAC Addresses : 1 Sticky
MAC Addresses :0
Last Source Address:Vlan : aaaa.bbbb.cccc:1
Security Violation Count : 5

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 383

 Lab 19. HSRP (Hot Standby Router Protocol)

Ketik konfigurasi berikut ini :

R1
R1(config)#interface FastEthernet0/0
R1(config-if)#ip address 13.13.13.1 255.255.255.0
R1(config-if)#no shutdown
!
R1(config-if)#interface FastEthernet0/1
R1(config-if)#no shutdown
R1(config-if)#ip address 192.168.12.1 255.255.255.0

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 384

 R1(config-if)#standby 1 ip 192.168.12.254
R1(config-if)#standby 1 preempt
R1(config-if)#standby 1 authentication md5 key-string cisco
!
R1(config-if)#router eigrp 1
R1(config-router)#net 0.0.0.0
R1(config-router)#no auto-summary

R2
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 23.23.23.2
255.255.255.0 R2(config-if)#no shutdown
!
R2(config-if)#interface FastEthernet0/1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#standby 1 ip 192.168.12.254
R2(config-if)#standby 1 preempt
R2(config-if)#standby 1 authentication md5 key-string cisco
R2(config-if)#no shutdown
!
R2(config-if)#router eigrp 1
R2(config-router)#net 0.0.0.0
R2(config-router)#no auto-summary

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 385

 R3
R3(config)#interface f0/0
R3(config-if)#ip address 13.13.13.3 255.255.255.0
R3(config-if)#no shutdown
!
R3(config-if)#interface f0/1
R3(config-if)#ip address 23.23.23.3 255.255.255.0
R3(config-if)#no shutdown
!
R3(config-if)#interface Loopback 0
R3(config-if)#ip address 8.8.8.8 255.255.255.255
!
R3(config-if)#router eigrp 1
R3(config-router)#net 0.0.0.0
R3(config-router)#no auto-summary

Konfigurasi di PC
PC1 dan PC2
PC1> ip 192.168.12.10/24 192.168.12.254
PC2> ip 192.168.12.11/24 192.168.12.254

Verifikasi
R1 dan R2
R1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1
100 P Standby192.168.12.2 local 192.168.12.254
!
R2(config-if)#do sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 110
P Active local 192.168.12.1 192.168.12.254

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 386

 Ping 8.8.8.8 -t pada PC, dan Shutdown interface fa0/1 pada router master
R2
R2(config)#int f0/1
R2(config-if)#shutdown
R2(config-if)#exit

PC-1
PC2> ping 8.8.8.8
84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=13.678 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=12.628 ms 8.8.8.8
icmp_seq=1 timeout
8.8.8.8 icmp_seq=22 timeout
84 bytes from 8.8.8.8 icmp_seq=7 ttl=254 time=30.278 ms
84 bytes from 8.8.8.8 icmp_seq=8 ttl=254 time=23.097 ms 84 bytes from
8.8.8.8 icmp_seq=9 ttl=254 time=23.630 ms
Nah good masih jalan, ada beberapa RTO dikarenakan proses pindah jalur
dari R2 ke R1.

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 387

 Lab 20. HSRP – Track Route
Untuk topology masih sama, Konfigurasikan di R2

R2
R2(config)#track 1 ip route 8.8.8.8/32 reachability
!
R2(config-track)#interface FastEthernet0/1
R2(config-if)#standby 1 track 1 decrement 20

Verifikasi

Pastikan R2 memiliki route 8.8.8.8/32

R2
R2#show ip route eigrp
8.0.0.0/32 is subnetted, 1 subnets
D 8.8.8.8 [90/158720] via 192.168.12.1, 00:06:05, FastEthernet0/1
13.0.0.0/24 is subnetted, 1 subnets
D 13.13.13.0 [90/30720] via 192.168.12.1, 00:00:44, FastEthernet0/1

R2
R2(config)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1
1 110 P Active local 192.168.12.1 192.168.12.254

R2 statusnya adalah active dan prioritasnya adalah 110, kemudian Shutdown

interface loopback R3, dan perhatikan proses yang terjadi berikutnya.

R3
R3(config)#interface lo0
R3(config-if)#shutdown
R3(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 388

 Perhatikan statusnya akan berubah menjadi standby dengan nilai priority 90.
R2
R2(config)#
*Feb 3 11:03:03.843: %TRACKING-5-STATE: 1 ip route 8.8.8.8/32
reachability Up->Down
R2(config)#
*Feb 3 11:03:05.335: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp
1 state Active -> Speak
R2(config)#
*Feb 3 11:03:16.435: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp
1 state Speak -> Standby
!
R2(config)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1
1 90 P Standby 192.168.12.1 local 192.168.12.254

Dari sisi R1 akan berubah menjadi active dengan priority 100

R1
R1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1
1 100 P Active local 192.168.12.2 192.168.12.254

Aktifkan kembali interface loopback R3

R3
R3(config)#int lo0
R3(config-if)#no shutdown
R3(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 389

 Lab 21. HSRP – IP SLA
Hapus konfigurasi tracking bekas sebelumnya
R2
R2(config)#no track 1 ip route 8.8.8.8 255.255.255.255 reachability
!
R2(config)#ip sla 1
R2(config-ip-sla)#icmp-echo 8.8.8.8 source-interface f0/1
R2(config-ip-sla-echo)#frequency 10
R2(config-ip-sla-echo)#timeout 5000
R2(config-ip-sla-echo)#track 1 ip sla 1
reachability R2(config-track)#exit
R2(config)#ip sla schedule 1 start-time now life forever
!
note = untuk fitur trackingnya sudah dipasang bekas konfigurasi
sebelumnya

Verifikasi
R2
R2(config)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1
110 P Active local 192.168.12.1 192.168.12.254

Shutdown interface loopback0 R3 sehingga ip 8.8.8.8 tidak bisa di ping

R3
R3(config)#interface lo0
R3(config-if)#shutdown
R3(config-if)#exit

Perhatikan bahwa status tracking kemudian akan berubah dari up menjadi

down yang kemudian standby
R2
*Feb 3 12:04:53.907: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 390

 *Feb 3 12:04:54.907: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Active
-> Speak
R2(config)#
*Feb 3 12:05:06.287: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Speak
-> Standby

Sekarang nilai priority nya menjadi 90 dengan state standby

R2
R2(config)#do show standby brief
P indicates configured to preempt.

Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 90 P

Standby 192.168.12.1 local 192.168.12.254

Aktifkan kembali interface loopback0 R3

R3
R3(config)#interface lo0
R3(config-if)#no shutdown
R3(config-if)#exit

R2
R2(config)#
*Feb 3 12:07:18.907: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
*Feb 3 12:07:19.459: %HSRP-5-STATECHANGE: FastEthernet0/1 Grp 1 state Standby
-> Active

Langsung berubah menjadi up dan active dan nilai prioritynya normal yaitu 110

R2
R2(config)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 110
P Active local 192.168.12.1 192.168.12.254

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 391

 Lab 22. HSRP – Load Balancing
Konfigurasikan IP Address pada PC
PC-1 dan PC-2
PC1> ip 192.168.12.10/24 192.168.12.254
PC2> ip 192.168.12.11/24 192.168.12.253

Konfigurasikan command ini pada R1

R1
R1(config)#interface FastEthernet0/1
R1(config-if)#standby 2 ip 192.168.12.253
R1(config-if)#standby 2 preempt
R1(config-if)#standby 2 authentication md5 key-string cisco
R1(config-if)#standby 2 priority 110

R2
R2(config)#interface FastEthernet0/1
R2(config-if)#standby 2 ip 192.168.12.253
R2(config-if)#standby 2 preempt
R2(config-if)#standby 2 authentication md5 key-string cisco

Verifikasi
R1 dan R2
R1(config)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP Fa0/1 1 100 P
Standby 192.168.12.2 local 192.168.12.254
Fa0/1 2 110 P Active local 192.168.12.2 192.168.12.253
!
R2(config-if)#do show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/1 1 110 P Active local 192.168.12.1 192.168.12.254 Fa0/1 2 100 P
Standby 192.168.12.1 local 192.168.12.253

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 392

 Lab 23. VRRP (Virtual Router Redundancy Protocol)

Untuk topology masih sama, Hapus Konfigurasi HSRP di R1 dan R2

R1 dan R2
R1(config)#default int f0/1
R1(config)#default int f0/1

Konfigurasikan VRRP pada kedua Router

R1
R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#vrrp 1 ip 192.168.12.254
R1(config-if)#vrrp 1 priority 110
R1(config-if)#vrrp 1 authentication md5 key-string cisco

R2
R2(config)#interface FastEthernet0/1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#vrrp 1 ip 192.168.12.254
R2(config-if)#vrrp 1 authentication md5 key-string cisco

Konfigurasi di PC

R1 dan R2
PC1> ip 192.168.12.10/24 192.168.12.254
PC2> ip 192.168.12.11/24 192.168.12.254

Verifikasi
R1
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 110 3570 Y Master 192.168.12.1 192.168.12.254

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 393

 R2
R2(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 100 3609 Y Backup 192.168.12.1 192.168.12.254

Shutdown interface f0/1 R1 (Master)

R1
R1(config-if)#shutdown
R1(config-if)#
*Feb 3 12:22:54.167: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Init
R1(config-if)#
*Feb 3 12:22:54.275: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
192.168.12.2 (FastEthernet0/1) is down: interface down

R2
R2(config)#
*Feb 3 12:22:54.775: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup -> Master

R2
R2(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 100 3609 YMaster 192.168.12.2 192.168.12.254

R1
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 110 3570 Y Init 0.0.0.0 192.168.12.254

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 394

 Lab 24. VRRP – Track route
Konfigurasi di R1
R1
R1(config)#int f0/1
R1(config-if)#no sh
!
R1(config)#interface fastEthernet0/1
R1(config-if)#vrrp 1 track 1 decrement 20
!
R1(config-if)#track 1 ip route 8.8.8.8/32 reachability

Verifikasi dan Pastikan R1 memiliki route 8.8.8.8/32

R1
R1(config)#do show ip route eigrp
23.0.0.0/24 is subnetted, 1 subnets
D 23.23.23.0 [90/30720] via 192.168.12.2, 00:01:02, FastEthernet0/1
8.0.0.0/32 is subnetted, 1 subnets
D 8.8.8.8 [90/156160] via 13.13.13.3, 00:00:04, FastEthernet0/0

Shutdown interface loopback R3, dan perhatikan proses yang terjadi berikutnya
R3
R3(config)#int lo0
R3(config-if)#shutdown
R3(config-if)#exit

Perhatikan statusnya akan berubah dari Master menjadi Backup dengan nilai
priority 90

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 395

 R1
*Feb 3 12:29:47.971: %TRACKING-5-STATE: 1 ip route 8.8.8.8/32
reachability Up->Down
R1(config)#
*Feb 3 12:29:51.011: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup
!
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/1 1 90 3570 Y Backup 192.168.12.2 192.168.12.254

Dari sisi R1 akan berubah menjadi master dengan priority 100

R2
R2(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 100 3609 Y Master 192.168.12.2 192.168.12.254

Aktifkan kembali interface loopback R3

R3
R3(config)#int lo0
R3(config-if)#no shutdown
R3(config-if)#exit

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 396

 Lab 25. VRRP – IP SLA
Hapus konfigurasi tracking bekas lab sebelumnya dan konfigurasikan IP SLA nya

R1
R1(config)#no track 1 ip route 8.8.8.8 255.255.255.255 reachability
R1(config)#ip sla 1
R1(config-ip-sla)#icmp-echo 8.8.8.8 source-interface f0/1
R1(config-ip-sla-echo)#frequency 10
R1(config-ip-sla-echo)#timeout 5000
R1(config-ip-sla-echo)#track 1 ip sla 1 reachability
R1(config)#ip sla schedule 1 start-time now life forever
!
R1(config)#do show run int f0/1 | i decrement
vrrp 1 track 1 decrement 20

R1
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 110 3570 Y Master 192.168.12.1 192.168.12.254

Shutdown interface loopback0 R3 sehingga ip 8.8.8.8 tidak bisa di ping

R3
R3(config)#int lo0
R3(config-if)#shutdown
R3(config-if)#exit

Perhatikan status tracking akan berubah dari up menjadi down yang kemudian
menjadi Backup
R1
*Feb 3 12:37:17.739: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
R1(config)#
*Feb 3 12:37:20.871: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Master -> Backup
R1(config)#

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 397

 Sekarang nilai priority nya menjadi 90 dengan state backup
R1
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 90 3570 Y Backup 192.168.12.2 192.168.12.254

Dan R2 akan jadi master

R2
R2(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 100 3609 YMaster 192.168.12.2 192.168.12.254

Aktifkan kembali interface loopback0 R3

R3
R3(config)#int lo0
R3(config-if)#no shutdown
R3(config-if)#exit

Verifikasi lagi
R1
*Feb 3 12:41:02.739: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
R1(config)#
*Feb 3 12:41:05.931: %VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Backup ->
Master
!
R1(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 110 3570 Y Master 192.168.12.1 192.168.12.254

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 398

 Lab 26. VRRP – Load Balancing
Konfigurasi di PC
PC-1 dan PC-2
PC1> ip 192.168.12.10/24 192.168.12.254
PC2> ip 192.168.12.11/24 192.168.12.253

Konfigurasikan VRRP di R1 dan R2

R1
R1(config)#interface FastEthernet0/1
R1(config-if)#vrrp 2 ip 192.168.12.253

R2
R2(config)#interface FastEthernet0/1
R2(config-if)#vrrp 2 ip 192.168.12.253
R2(config-if)#vrrp 2 priority 110

Verifikasi
R1
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 110 3570 Y Master 192.168.12.1 192.168.12.254
Fa0/1 2 100 3609 Y Backup 192.168.12.2 192.168.12.253

R2
R2(config)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr Fa0/1
1 100 3609 Y Backup 192.168.12.1 192.168.12.254
Fa0/1 2 110 3570 Y Master 192.168.12.2 192.168.12.253

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 399

 Lab 27. GLBP (Gateway Load Balancing Protocol)

Hapus Konfigurasi VRRP di R1 dan R2

R1 dan R2
default int f0/1

Konfigurasi di R1
R1
R1(config)#interface FastEthernet0/1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#glbp 1 ip 192.168.12.254

R2
R2(config)#interface FastEthernet0/1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#glbp 1 ip 192.168.12.254

Konfigurasi pada PC

PC-1 dan PC-2

PC1> ip 192.168.12.10/24 192.168.12.254
PC2> ip 192.168.12.11/24 192.168.12.254

Verifikasi

R1
R1(config)#do show glbp brief
Interface Grp Fwd Pri State Address Active router Standby
router
Fa0/1 1 - 100 Active 192.168.12.254 local 192.168.12.2
Fa0/1 1 1 - Active 0007.b400.0101 local
Fa0/1 1 2 - Listen 0007.b400.0102 192.168.12.2 -----------------

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 400

 R2
R2(config-if)#do show glbp brief
Interface Grp Fwd Pri State Address Active router Standby
router
Fa0/1 1 - 100 Standby 192.168.12.254 192.168.12.1
local Fa0/1 1 1 - Listen 0007.b400.0101 192.168.12.1 --------------------
Fa0/1 1 2 - Active 0007.b400.0102 local

Verifikasi traceroute

PC-1
PC1> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.12.1 40.728 ms 9.179 ms 9.698 ms
2 13.13.13.3 ............ 39.931 ms

PC-2
PC2> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.12.2 5.502 ms 10.478 ms 9.250 ms
2 23.23.23.3 41.292 ms

Seperti yang terlihat diatas kedua link digunakan bersamaan, keduanya aktif

MODUL CCNP ENTERPRISE | SMK IDN BOARDING SCHOOL 401