Saturday, March 22, 2014

Konfigurasi Access Control List di Cisco (part 1)

Ok.  Posting kali ini membahas mengenai ACL. Ini saya anggap masih mudah, namun perlu logika yang tepat. Harus pintar-pintar berkhayal. :). ACL (Access Control List) adalah  firewall pada Router/switch Cisco untuk mem-filter (men-deny atau meng-allow) packet yang masuk ataupun keluar. Biasanya sih kita cukup menyebutnya "access list" saja.
Untuk mensimulasikan access list ini, kita ambil konfigurasi sebelumnya, yang menggunakan routing EIGRP, kemudian ditambahkan sebuah switch dan 2 buah komputer, di sisi Router R-JKT-44. Gambar networknya seperti di bawah ini.
network simulasi acl

M o r e >>>
By di 2 comments:
Label:

Saturday, March 08, 2014

My Mikrotik Configuration (part 3)

Step 3. Queue, Graph and more options settings.
Firewall in Mikrotik

 And the last step is rules for management bandwidth and more options settings. Many people misunderstood the purpose of bandwidth management. Bandwidth management is not the goal speed up internet connection. Or making all client have the same speed. But the goal is the bandwidth can be shared in fairness to all the clients. Fairness, that's the key. Not always fairness means all client have speed / bandwidth same. Fairness could also mean that important connections to the user will be enlarged bandwidth compared to other users.  Or essential service port will be enlarged bandwidth compared to other service ports.
M o r e >>>
By di 2 comments:
Label:

Friday, March 07, 2014

My Mikrotik Configuration (part 2)

Step 2, Security.
Setup username and password
user set 0 name=ngeri password=ngeri group=full
user add name=user01 password=password group: read

Don’t use default user admin. Look at what I have done. I change the default user to be other user name. Don't forget to setup the password. It will make your mikrotik more secure.
Firewall in Mikrotik

Setup Firewall.
by grouping IP networks will make it easier to configure the firewall later.
  • IP-LAN, IP addresses for Lan.
  • Full-trust, IP Public can be fully trusted. Admin can remotely the Mikrotik.
  • half-trust, IP public that are not fully trusted, Sometimes, This IP address can be used by admins to remotely the Mikrotik.
  • Local-untrust, IP address that is not trusted.
M o r e >>>
By di 1 comment:
Label:

My Mikrotik Configuration (part 1)

This is my  Mikrotik configuration  that I have done some days ago. The network design is like image below.

network design

Note :
  • Mikrotik, have 2 interface. IP WAN (Public) : 1xx.9x.xx.xx/27 and the IP LAN: 10.17.123.5 & 10.17.123.6 And the version of mikrotik is 5.20 version, level 6
  • Hub or switch unmanageable.
  • Cacti : for making graph of network traffic. IP : 10.17.123.1
  • Cisco, actually is router, but there is no NAT (Network Address Translation). So the function of Cisco is like just a bridge. IP 10.17.123.1 & 10.254.128.1
  • Users, there are many users, get IP address from Cisco, 10.254.128.0/22 (DHCP).

M o r e >>>
By di 1 comment:
Label:

Friday, February 14, 2014

Packet Tracer Scenario : Routing EIGRP (part 3)

Ini adalah kelanjutan dari pada packet tracer scenario EIGRP. Saya harapkan anda sudah membaca postingan saya sebelum ini (maksudnya postingan routing EIGRP, part 1 dan part 2), agar anda tidak bingung. Postingan ini memang agak sedikit terlambat, karena saya harus praktekkan dulu, sebelum saya ubah ke dalam bentuk tulisan ini… hehehe…
EIGRP network scenario 5

Scenario ke – 5 Load Balance
Sebelumnya, kan di scenario ke -4, sudah didapatkan hasil, beberapa network destination mempunyai 2 sampai 3 jalur/routing. Misalnya, network destination 10.2.2.0/24, ada 3 jalur, seperti di bawah ini.
P 10.2.2.0/24, 1 successors, FD is 1287680
         via 172.16.0.1 (1287680/1285120), FastEthernet4/0 à routing terbaik
         via 172.16.3.1 (1700608/645120), FastEthernet5/0 à ke-2 terbaik (backup)
         via 172.16.4.2 (2565120/28160), FastEthernet1/0 à ke-3 terbaik (backup)

M o r e >>>
By di No comments:
Label:

Sunday, February 09, 2014

Packet Tracer Scenario : Virtual LAN ( part 2 )

Eksperiment 2
Percobaan berikutnya, komputer antar vlan, bisa saling berkomunikasi. Jadi tidak ada isolasi antar vlan, tapi menghubungkan network antar vlan. Untuk melakukan hal tersebut, diperlukan sebuah router. Dari segi keamanan, kurang bagus dibandingkan dengan eksperiment yang pertama, karena, semua komputer akan bisa saling berkomunikasi. Jadi tergantung pilihan anda dalam menentukan network mana yang cocok dengan kondisi anda di lapangan.


Konfigurasi Switch 0 / SW-LANTAI-3
SW-LANTAI-3#config ter
SW-LANTAI-3(config)#inter fa4/1
SW-LANTAI-3(config-if)#switchport mode trunk
M o r e >>>
By di 1 comment:
Label:

Saturday, February 08, 2014

Packet Tracer Scenario : Virtual LAN ( part 1 )

Kembali saya posting percobaan saya (yang mudah dahulu, sebelum melangkah ke yang rumit) mengenai Virtual Local Area Network (VLAN). Seperti biasanya untuk percobaan lab saya ini, saya menggunakan Packet Tracer 6.0. Saya asumsikan, yang melihat posting ini, adalah orang-orang yang mengerti tentang teori VLAN, dan minimal mengetahui tentang IP address. Kalau tidak mengerti tentang IP address, diharapkan untuk tidak meneruskan membaca tentang ini, daripada pusing sendiri.

Sekilas tentang vlan.
Virtual Local Area Network (VLAN), istilahnya ada banyak LAN (Network ID), secara logic, yang berada dalam suatu network fisik. Contohnya ini, saya punya banyak komputer di suatu gedung, lantai 1, 2 dan 3. Seperti pada gambar di bawah ini.
Network bukan vlan

M o r e >>>
By di 1 comment:
Label:

Friday, February 07, 2014

Basic Cisco Switch Configuration ( 3560 multilayer )


Sebelumnya, kita sudah bahas mengenai router cisco, sekarang kita beralih ke peralatan yang baru, yang namanya switch. Untuk perintah dasar dari switch Cisco, hampir semuanya sama seperti perintah dasar pada router Cisco. Lihat posting sebelumnya, tentang konfigurasi dasar router Cisco. Jika sudah bisa dan lancar pada Cisco router, tentunya anda tidak akan kesulitan dengan switch Cisco.
Switch multilayer 3560 and PC0
Berikut list command basic yang saya copy pastekan dari situs tetangga.
M o r e >>>
By di No comments:
Label:

Thursday, January 02, 2014

Caching Youtube with storeurl.pl Method (100% Working in 2014)

Happy new year. Hopefully in 2014, we are all be healthy and success, always.
This is my first posting in 2014. Now I will discuss about caching google youtube video with storeurl.pl. Until now, caching youtube video with storeurl method, still 100% working, although not perfectly. Previously, I actually gave up, because 2 weeks before, caching youtube does not work with all methods (including methods storeurl). When the client runs youtube (through a server proxy), youtube error, as shown below. This possibility is from youtube site, there may be changes in the algorithm. Fortunately now no error anymore. Besides youtube, some other video sites can also be cached with this method. For example, dailymotion and so on.

an error occured, please try again later

M o r e >>>
By di 46 comments:
Label: ,
Subscribe to: Posts (Atom)