Minggu, 22 Mei 2011

My Cisco Configuration

Sekedar share to reader.. di Kantorku kebutuhan akan bandwidth terus meningkat dari awal 2MB untuk main link internet, sekarang sudah 8 MB, dan kebutuhan itu terus meningkat seiring user dikantor terus bertambah dan haus akan informasi lewat internet. Maka itu saya membuat bandwidth limit untuk mengatur ip public di router gateway.

Fungsi pengaturan bandwidth (QoS) yang saya terapkan yaitu untuk menjaga supaya server-server operasional yang menggunakan ip public tidak tersedot bandwidthnya oleh yg laen terutama oleh proxy server yang digunakan untuk browsing, sehingga perlu dikelompokkan dalam 4 class untuk membatasi b/w hal ini. Berikut konfigurasi yang saya tambahkan di router gateway.

# Pasang Access-list untuk membatasi tiap host yang akan di shapping

access-list 102 permit ip any host 114.4.14.244
access-list 103 permit ip any host 114.4.14.245
access-list 104 permit ip any host 114.4.14.248
access-list 105 permit ip any host 114.4.14.242

access-list diatas dibagi dalam 4 untuk masing-masing host yang akan di filter/limit



#Pasang Class yang akan di shapping

class-map match-any SERVER-1
description SERVER-1
match access-group 102
class-map match-any SERVER-2
description SERVER-2
match access-group 103
class-map match-any SERVER-3
description SERVER-3
match access-group 104
class-map match-any SERVER-4
description SERVER-4
match access-group 105

#Pasang Policy Global shapping berikut:

policy-map BW-SHAPPING
class SERVER-1
police 3000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-2
police 3000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-3
police 1000000 35000 35000 conform-action transmit exceed-action drop violate-action drop
class SERVER-4
police 1000000 35000 35000 conform-action transmit exceed-action drop violate-action drop

Penjelasan diatas SERVER-1 dan SERVER-2 akan dibatasi download dan upload sebesar 3MB sedangkan untuk SERVER-3 dan SERVER-4 akan dibatasi maksimal 1MB.

#Pasang service policy di interface outside to provider

interface FastEthernet0/0
service-policy input BW-SHAPPING
service-policy output BW-SHAPPING
!

Untuk melihat input class bandwith yang sudah di shapping lakukan perintah berikut

show policy-map interface Fa0/0 input class SERVER-1

command diatas untuk melihat shapping class SERVER-1.

done



ENGLISH VERSION :


The following example polices the inside interface to 30Mbps. It also utilizes a fair queue mechanism so that all subnets are queued equally yet can use the entire purchased rate in the absence of competing traffic.



example.png


access-list 101 permit ip any a.a.a.a w.w.w.w ## Subnet A

access-list 102 permit ip any b.b.b.b w.w.w.w ## Subnet B

access-list 103 permit ip any c.c.c.c w.w.w.w ## Subnet C

class-map subnet-a
match access-group 101

class-map subnet-b
match access-group 102

class-map subnet-c
match access-group 103

policy-map subnets
class-map subnet-a
bandwidth percent 33
class-map subnet-b
bandwidth percent 33
class-map subnet-c
bandwidth percent 33
exit

policy-map physical
class class-default
police 30000000 conform-action transmit exceed-action drop
service-policy subnets
exit

int fa0/1
service-policy output physical
exit

Selasa, 29 Maret 2011

Recovery Password Juniper

Router M7i lab user name dan passwordnya lupa, temen2 yang make pun lupa…wah2..harus nyari recovery password…

Setelah di search di google keteu link : http://juniper.cluepon.net/index.php/Password_recovery

Dan ketika dicoba…cukup mak nyus..

Isinya antara lain :

From Juniper Clue

1. From console, interrupt the boot routine: Hit [Enter] to boot immediately, or any other key for command prompt.
        Booting [kernel] in 9 seconds... 

< Press the space bar at this point >

2. Enter into single-user mode:

        Type '?' for a list of commands, 'help' for more detailed help.         ok boot -s 

3. Enter the shell:
4. For new JunOS releases, the system will prompt:

        "Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: " 

If you enter "recovery" at this point, it will do the next two steps for you, and leave you in the JunOS CLI, from where you can edit the root password.
5. Mount the virtual file systems (for JUNOS 5.4 and above, it is not necessary to mount the jbase (or jcrypto) package, however the other packages still need to be mounted):

        NOTE: to go to multi-user operation, exit the single-user shell 

(with ^D)

        # cd /packages         # ./mount.jbase         Mounted jbase package on /dev/vn1...         # ./mount.jkernel         Mounted jkernel package on /dev/vn2...         # ./mount.jroute         Mounted jroute package on /dev/vn3... 

6. Enter recovery mode:

        # /usr/libexec/ui/recovery-mode 

7. Enter configuration mode and either delete or change the rootauthentication password:

root> configure

        Entering configuration mode 

[edit]

        root# delete system root-authentication 

8. Commit the changes, and exit configuration mode

        [edit]         root # commit         commit complete 

[edit]

        root@router# exit         Exiting configuration mode 

root@router> exit

Kebetulan nggak sampe bener2 recover...karena aku coba create user di systm user login...ketika step 5.
Dan akhirnya........MAK NYUSS...BISA LOGIN LAGI