1. Topologi Lab
2. Metode Lab
- Gunakan pengalamatan ip standard IDN
- Konfigurasikan IS-IS level-2 di semua router
- Antara IDN-R1 dan IDN-R2 konfigurasikan auth clear text
- Antara IDN-R2 dan IDN-R3 konfigurasikan auth MD5
- Pastikan semua ip loopback bisa diakses oleh router manapun
- Pastikan semua ip muncul dalam routing tabel semua router
- Cek IS-IS database dan neighbornya
IS-IS
IDN-R1(config)#int f0/0
IDN-R1(config-if)#ip router isi
IDN-R1(config-if)#int l0
IDN-R1(config-if)#ip router isis
IDN-R1(config-if)#router isis
IDN-R1(config-router)#net 49.0001.0010.0100.1001.00
IDN-R1(config-router)#is-type level-2-only
IDN-R2(config)#int f0/0
IDN-R2(config-if)#ip router isis
IDN-R2(config-if)#int f0/1
IDN-R2(config-if)#ip router isis
IDN-R2(config-if)#int lo0
IDN-R2(config-if)#ip router isis
IDN-R2(config-if)#router isis
IDN-R2(config-router)#net 49.0001.0020.0200.2002.00
IDN-R2(config-router)#is-type level-2-only
IDN-R3(config)#int f0/0
IDN-R3(config-if)#ip router isis
IDN-R3(config-if)#int lo0
IDN-R3(config-if)#ip router isis
IDN-R3(config-if)#router isis
IDN-R3(config-router)#net 49.0001.0030.0300.3003.00
IDN-R3(config-router)#is-type level-2-only
Clear Text
IDN-R1(config-router)#key chain ISISTEXT
IDN-R1(config-keychain)#key 1
IDN-R1(config-keychain-key)#key-string IDN
IDN-R1(config-keychain-key)#int f0/0
IDN-R1(config-if)#isis authentic mode text level-2
IDN-R1(config-if)#
IDN-R1(config-if)#isis authentic key-chain ISISTEXT
IDN-R2(config-router)#key chain ISISTEXT
IDN-R2(config-keychain)#key 1
IDN-R2(config-keychain-key)#key-string IDN
IDN-R2(config-keychain-key)#int f0/0
IDN-R2(config-if)#isis authentic mode text level-2
IDN-R2(config-if)#isis authentic key-chain ISISTEXT
Verifikasi :
IDN-R1(config-if)#do debug isis auth info
IS-IS authentication information debugging is on
IDN-R1(config-if)#
*Mar 1 00:15:21.463: ISIS-AuthInfo: Live cleartext key found
IDN-R1(config-if)#do sh clns nei
System Id Interface SNPA State Holdtime Type Protocol
IDN-R2 Fa0/0 c001.0d24.0000 Up 8 L2 IS-IS
IDN-R1(config-if)#do sh ip route | i L2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
i L2 2.2.2.2 [115/20] via 12.12.12.2, FastEthernet0/0
i L2 3.3.3.3 [115/30] via 12.12.12.2, FastEthernet0/0
i L2 23.23.23.0 [115/20] via 12.12.12.2, FastEthernet0/0
IDN-R1(config-if)#do ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/35/48 ms
MD5
IDN-R2(config)#key chain ISISMD5
IDN-R2(config-keychain)#key 1
IDN-R2(config-keychain-key)#key-string ISISMD5
IDN-R2(config-keychain-key)#int f0/1
IDN-R2(config-if)#isis auth mode md5
IDN-R2(config-if)#isis auth key-chain ISISMD5
IDN-R3(config)#key chain ISISMD5
IDN-R3(config-keychain)#key 1
IDN-R3(config-keychain-key)#key-string ISISMD5
IDN-R3(config-keychain-key)#int f0/0
IDN-R3(config-if)#isis auth mode md5
IDN-R3(config-if)#isis auth key-chain ISISMD5
Verifikasi
IDN-R3#debug isis auth info
IS-IS authentication information debugging is on
IDN-R3#
*Mar 1 00:32:38.499: ISIS-AuthInfo: IIH no change, use the same hmac value
IDN-R3#sh isis nei
System Id Type Interface IP Address State Holdtime Circuit Id
IDN-R2 L2 Fa0/0 23.23.23.2 UP 22 DN-R3.01
IDN-R3#sh clns nei
System Id Interface SNPA State Holdtime Type Protocol
IDN-R2 Fa0/0 c001.0d24.0001 Up 28 L2 IS-IS
IDN-R3#sh ip route | i L2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
i L2 1.1.1.1 [115/30] via 23.23.23.2, FastEthernet0/0
i L2 2.2.2.2 [115/20] via 23.23.23.2, FastEthernet0/0
i L2 12.12.12.0 [115/20] via 23.23.23.2, FastEthernet0/0
IDN-R3#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/47/80 ms
IDN-R3#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/88/112 ms
Oke, Konfigurasi berhasil !
0 komentar:
Posting Komentar