Tuesday, July 15, 2014

VPN [Cisco Router - PPTP Server]

1. Configure VPDN with dial in VPN from Microsoft VPN Client

RO-PPTP(config)# vpdn enable
RO-PPTP(config)# vpdn-group PPTP-DIALIN
RO-PPTP(config-vpdn)# accept-dialin
RO-PPTP(config-vpdn)# protocol pptp
RO-PPTP(config-vpdn)# virtual-template 1
RO-PPTP(config-vpdn)# exit

2. Activate interface from IP Dial In to Microsoft VPN Client and LAN wan to access from out leat VPN ini.

RO-PPTP(config)# interface Ethernet5/0
RO-PPTP(config-if)# description DIAL-IN IP INTERFACE FROM OUTSIDE
RO-PPTP(config-if)# ip address 202.150.64.81 255.255.255.240
RO-PPTP(config-if)# no shutdown

RO-PPTP(config)# interface Ethernet5/1
RO-PPTP(config-if)# description SECURED-LAN
RO-PPTP(config-if)# ip address 192.168.0.254 255.255.255.0
RO-PPTP(config-if)# no shutdown

3. Create Virtual-template untuk sebagai virtual interface untuk diapply ke inbound VPN connections.
IP menggunakan unnunmbered E5/1 agar nantinya IP yang didapat oleh
Microsoft VPN client dalam satu subnet dengan IP Secured-LAN.
IP client diperoleh dari DHCP dari Pool Address pptp-pool (misalnya)

RO-PPTP(config)# interface Virtual-Template1
RO-PPTP(config-if)# ip unnumbered ethernet5/1
RO-PPTP(config-if)# peer default ip address pool pptp-pool
RO-PPTP(config-if)# ppp encrypt mppe auto required

(Bila Router Anda tidak support, lewatkan saja & di Micorosoft VPN client dibagian security, Require Data Encryptionnya tidak usah di check-list / centang).

RO-PPTP(config-if)# ppp authentication ms-chap ms-chap-v2 chap pap
(enable semua bila perlu chap/pap selain Microsoft)

4. Create Pool IP Address untuk VPN ‘pptp-pool’ (misal untuk 20 user / ip) & pastikan IP pool tersebut tidak dipakai di Secured-LAN

RO-PPTP(config)# ip local pool pptp-pool 192.168.0.100 192.168.0.119

5. Create Account untuk login VPN
RO-PPTP(config)# username vpdn password 0 pptp

6. Configure Autentikasi PPP vpn ini ke local (Router) atau selanjutnya ke Radius bila memang sudah available.
RO-PPTP(config)# aaa new-model
RO-PPTP(config)# aaa authentication ppp default local

Berikut Konfigurasi Lengkap (hanya vpdn saja) :

================================================
username vpdn password 0 pptp
!
aaa new-model
aaa authentication ppp default local
!
vpdn enable
!
vpdn-group PPTP-DIALIN
accept-dialin
protocol pptp
virtual-template 1
!
interface Ethernet5/0
description DIAL-IN IP INTERFACE FROM OUTSIDE
ip address 202.150.64.81 255.255.255.240
!
interface Ethernet5/1
description SECURED-LAN
ip address 192.168.0.254 255.255.255.0
!
interface Virtual-Template1
ip unnumbered Ethernet0/1
peer default ip address pool pptp-pool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 chap pap

!
ip local pool defaultpool 192.168.0.100 192.168.0.119
================================================

Sunday, July 6, 2014

DNS ISP Indonesia

Telkom

202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)

Indosat

202.155.0.20
202.155.0.15

Centrin

202.146.255.3
202.146.255.5

CBN

202.158.20.1
202.158.40.1

Indonet

202.159.32.2
202.159.33.2

Pesat

202.95.128.180
202.95.128.60

Melsa

202.138.224.2
202.138.224.4
202.138.225.253

Radnet

202.154.1.2
202.154.3.2

ITB

167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65

UI

152.118.148.225
152.118.24.8

OpenDNS

208.67.222.222
208.67.220.220

Saturday, January 22, 2011

Tools Laptop

Laptop pakai linux harus install

1. qtktem / minicom

2. Iperf / jperf

3.Nload /iptraf

4.netspeed

Vll Metro-e Alcatel

epipe 100 customer 1 create
shutdown
description "TES VLL to XXXX"
sap lag-1:10.* create
exit
exit

Ies Metro-e

ies 999 customer 1 create
description "LINK TO OMNI XXXX"
interface "to-sw-pd-XXX" create
address 172.XXXXX/29
sap lag-1:999.* create
exit
exit
no shutdown
exit

DNS ISP Indonesia

Telkom

202.134.1.10 (Surabaya)
202.134.1.7
202.134.0.155 (Jakarta)
203.130.196.5 (Jakarta)
202.134.2.5 (Surabaya)
203.130.206.250 (Medan)
203.130.193.74 (Batam)
203.130.209.242 (Balikpapan)
222.124.204.34 (Bandung)
203.130.208.18 (Semarang)
61.94.192.12 (Denpasar)

Indosat

202.155.0.20
202.155.0.15

Centrin

202.146.255.3
202.146.255.5

CBN

202.158.20.1
202.158.40.1

Indonet

202.159.32.2
202.159.33.2

Pesat

202.95.128.180
202.95.128.60

Melsa

202.138.224.2
202.138.224.4
202.138.225.253

Radnet

202.154.1.2
202.154.3.2

ITB

167.205.23.1
167.205.22.123
167.205.30.114
202.249.24.65

UI

152.118.148.225
152.118.24.8

OpenDNS

208.67.222.222
208.67.220.220

Friday, December 24, 2010

Simple sample Prolink Load Balancing Cryptone.Net

Config Show

System Configuration Setting
=========================================================================
Firmware: Version : TMH121-A V1013-MB2.4-E
Release Date : Jan 24 2006
Printout Time : SUN NOV 25 16:30:40 2007
Time Zone : GM+08:00
Primary NTP IP: time.chttl.com.tw
Secondary NTP : stdtime.gov.hk
<!--more--> =========================================================
LAN status: IP address : 192.168.1.1
MAC address : 00:D0:DA:00:18:51
Mask : 255.255.255.0
Dhcp status : Enable
Dhcp IP Start : 192.168.1.12 - 192.168.1.20
DNS IP address: 203.130.193.74
=========================================================
DHCP
reserved IP: MAC address IP address
-----------------------------------
=========================================================

MikroTik Wireless Configuration


Setup uses Safe Mode. It means that all changes that are made during setup
are reverted in case of error, or if Ctrl-C is used to abort setup. To keep
changes exit setup using the ‘x’ key.

Choose options by pressing one of the letters in the left column, before
dash. Pressing ‘x’ will exit current menu, pressing Enter key will select the
entry that is marked by an ‘*’. You can abort setup at any time by pressing
Ctrl-C.
Entries marked by ‘+’ are already configured.
Entries marked by ‘-’ cannot be used yet.
Entries marked by ‘X’ cannot be used without installing additional packages.
r - reset all router configuration
+ l - load interface driver
+ a - configure ip address and gateway
d - setup dhcp client
+ s - setup dhcp server
p - setup pppoe client
t - setup pptp client
* x - exit menu
your choice:
OR
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address=192.168.1.1/24 interface=ether1
[admin@MikroTik] ip address> pr
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether1
admin@MikroTik] ip address> /
[admin@MikroTik] >
[admin@MikroTik] >interface
[admin@MikroTik] interface> pr

Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 X ether1 ether 0 0 1500
1 X wlan1 wlan 0 0 1500
[admin@MikroTik] interface> enable 0
[admin@MikroTik] interface> enable 1


[admin@MikroTik] interface> pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 X wlan1 wlan 0 0 1500
[admin@MikroTik] ip address>add address=172.1.2.1/30 interface=wlan1
[admin@MikroTik] interface eoip>
[admin@MikroTik] interface eoip
>add name=eoip-tunnel1 remote-address=172.1.2.2 tunnel-id=1 disabled=no arp=enabled
[admin@MikroTik] interface eoip>pr
Flags: X - disabled, R - running
0 R name=”eoip-tunnel1? mtu=1500 mac-address=FE:FD:00:00:00:00 arp=enabled remote-address=172.1.2.2 tunnel-id=1
[admin@MikroTik] interface eoip>..
[admin@MikroTik] interface>
[admin@MikroTik] interface> bridge
[admin@MikroTik] interface bridge>
add name=bridge1
[admin@MikroTik] interface bridge>pr
Flags: X - disabled, R - running
0 R name=”bridge1? mtu=1500 arp=enabled mac-address=00:00:00:00:00:0 forward-protocols=ip,arp,appletalk,ipx,ipv6,other stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s
[admin@MikroTik] interface bridge>port
[admin@MikroTik] interface bridge port>pr

# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether1 none 128 10
1 eoip-tunnel1 none 128 10
2 wlan1 none 128 10
[admin@MikroTik] interface bridge port>set eoip-tunnel1 bridge=bridge1
[admin@MikroTik] interface bridge port>set ether1 bridge=bridge1
[admin@MikroTik] interface bridge port>pr
# INTERFACE BRIDGE PRIORITY PATH-COST
0 ether1 bridge1 128 10
1 eoip-tunnel1 bridge1 128 10
3 wlan1 none 128 10
[admin@MikroTik] interface bridge port>.. ..
[admin@MikroTik] interface>wireless
[admin@MikroTik] interface wireless>set wlan1 mode=bridge disable-running-check=no band=5ghz frequency=5180 ssid=test1
Configurration For Mikrotik Station / Client
[admin@MikroTik] interface eoip>add name=eoip-tunnel1 remote-address=172.1.2.1 tunnel-id=1 disabled=no arp=enabled
[admin@MikroTik] interface wireless>set wlan1 mode=station disable-running-check=no band=5ghz frequency=5180 ssid=test1
[admin@MikroTik] interface>pr
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R bridge1 bridge 0 0 1500
2 R eoip-tunnel1 eoip-tunnel 0 0 1500
3 R wlan1 wlan 0 0 1500

Belajar Msan

Login kedalam MSAN
>>User name:root
>>User password:
Huawei HONET UA5000 Universal Access Unit.
Copyright(C) 1998-2008 by Huawei Technologies Co., Ltd.
Command MSAN
MSAN01-D1-PPJ-1-MRF>enable
MSAN01-D1-PPJ-1-MRF#?
---------------------------------------------
Command of privilege Mode:
---------------------------------------------
active                Enable configuration
alarm                 alarm command group
autosave              autosave command group
backup                backup command group
backup-server         Backup information
baudrate              Set serial baudrate
clear                 Clear alarm statistics table
client                Users information
config                Configuration from terminal
debugging             debugging command group
diagnose              Change into diagnose mode
disable               Turn off privileged mode commands
display               Display information
duplicate             duplicate command group
equipment-mode        Set the system MSAN working mode
erase                 Erase command
event                 Set event level
ftp                   FTP user and password configuration
igmp                  Internet Group Management Protocol keyword
infolevel             Set the output level of the information terminal
infoswitch            Set output switch of information terminal
load                  load command group
log                   Modify log configuration
loghost               Log server configuration operation
monitor               Change into monitor mode
patch                 Patch operation
quit                  Exit from current mode and enter prior mode
reboot                Reboot system,active board or standby board
reset                 reset command group
resource              System resources(mem,message,cpu)
rollback              Active/standby mainboard rollback command
save                  The command of saving immediately
search                Search command
serial-mode           Set access-mode: console/CQT/112/SPL
set                   Set the operative time of rollback function
ssh                   Specify SSH (secure shell) configuration information
syslog                Config the syslog information
sysname               Set system network name
system                system command group
terminal              terminal command group
time                  time command group
timezone              Set time zone
undo                  Negate a command or set its defaults
bandwidth             Modify bandwidth or convergence
cls                   Clear screen
display               Display information
help                  Description of the interactive help system
history-command       Enable and control the command history function
idle-timeout          Display interval of terminal timeout
interactive           Enable or disable command execute confirm function
ping                  Check network connectivity or whether the host is
reachable
quit                  Exit from current mode and enter prior mode
scroll                Set auto or manual scroll function
shutdown              Deactivate the port on the standby board
smart                 Enable or disable smart function
switch                Switch language mode
telnet                Open a telnet connection
terminal              Operation of config terminal
tracert               Trace route to destination
undo                  Negate a command or set its defaults
Command MSAN
1. MSAN01-D1-PPJ-1-MRF#display version
{ |frameid/slotid<1,15> }:
Command:
display version
UA5000IPMBV100R017 RELEASE SOFTWARE
Copyright (C) 1998-2008 by Huawei Technologies Co., Ltd.
Uptime is 0 day(s), 8 hour(s), 11 minute(s), 9 second(s)
2. MSAN01-D1-PPJ-1-MRF#display system sys-info
--------------------------------------------------
The main service identification of this node:
78
The IP address of this node:
0.0.0.0
The physical location of this node:
Shenzhen China
The contact person for this managed node:
R&D Shenzhen, Huawei Technologies Co., Ltd.
The description of this node:
Huawei Integrated Access Software
--------------------------------------------------
3.MSAN01-D1-PPJ-1-MRF#display board 0/6
-------------------------------------
Board Name        : H603ADRB
Board Status      : Normal
Online state      : -
-------------------------------------
RAT board is Normal
-----------------------------------------------------------------------------
Port    Port Type   Port Status      Line Profile  Alarm Profile  Ext Profile
-----------------------------------------------------------------------------
0    ADSL        Activated                  17              1           --
1    ADSL        Activating                 17              1           --
2    ADSL        Activating                 17              1           --
3    ADSL        Activating                 17              1           --
4    ADSL        Activating                 17              1           --
5    ADSL        Activating                 17              1           --
6    ADSL        Activating                 17              1           --
7    ADSL        Activating                 17              1           --
8    ADSL        Activating                 17              1           --
9    ADSL        Activating                 17              1           --
10    ADSL        Activating                 17              1           --
11    ADSL        Activating                 17              1           --
12    ADSL        Activating                 17              1           --
13    ADSL        Activating                 17              1           --
14    ADSL        Activating                 17              1           --
15    ADSL        Activating                 17              1           --
16    ADSL        Activating                 17              1           --
17    ADSL        Activating                 17              1           --
18    ADSL        Activating                 17              1           --
19    ADSL        Activating                 17              1           --
20    ADSL        Activating                 17              1           --
21    ADSL        Activating                 17              1           --
22    ADSL        Activating                 17              1           --
23    ADSL        Activating                 17              1           --
24    ADSL        Activating                 17              1           --
25    ADSL        Activating                 17              1           --
26    ADSL        Activating                 17              1           --
27    ADSL        Activating                 17              1           --
28    ADSL        Activating                 17              1           --
29    ADSL        Activating                 17              1           --
30    ADSL        Activating                 17              1           --
31    ADSL        Activating                 17              1           --
-----------------------------------------------------------------------------
Total number of activated port  :   1
Total number of unactivated port:  31
port 1 sedang up

Thursday, May 14, 2009

Router Vertex Filter

### IP FILTERING & MASQUERADING RULES ###
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 137 -d 0.0.0.0/0 137 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 138 -d 0.0.0.0/0 138 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 139 -p udp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p tcp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p icmp
ipchains -A input -j DENY -s 0.0.0.0/0 139 -d 0.0.0.0/0 445 -p udp

DSLAM ZTE

######################################################################
# #
# Welcome to ZTE Full Service Access Platform #
# #
# Press Return to get started #
# #
# Copyright 2005-2009 , ZTE Co.,Ltd. #
# #
######################################################################
Login:


Login:admin
Password:

ZTE-COBA-SHDSL>enable
Please input password:

ZTE-COBA-SHDSL# show run
add-card SSTEB 1
end
configure
add-vlan 31,771
ip host 10.62.5.101 255.255.0.0
ip subnet 172.20.xxx.x 255.255.255.128 31 name "ZTESUBNET"
ip modem 192.168.2.2 255.255.255.0
system hostname ZTE-
end
configure interface shdsl 1/1
pvid 771 pvc 1
end
configure interface shdsl 1/2
pvid 771 pvc 1
end
configure interface shdsl 1/3
pvid 771 pvc 1
end
configure interface shdsl 1/4
pvid 771 pvc 1
end
configure interface shdsl 1/5
pvid 771 pvc 1
end
configure interface shdsl 1/6
pvid 771 pvc 1
end
configure interface shdsl 1/7
pvid 771 pvc 1
end
configure interface shdsl 1/8
pvid 771 pvc 1
end
configure interface shdsl 1/9
pvid 771 pvc 1
end
configure interface shdsl 1/10
pvid 771 pvc 1
end
configure interface shdsl 1/11
pvid 771 pvc 1
end
configure interface shdsl 1/12
pvid 771 pvc 1
end
configure interface shdsl 1/13
pvid 771 pvc 1
end
configure interface shdsl 1/14
pvid 771 pvc 1
end
configure interface shdsl 1/15
pvid 771 pvc 1
end
configure interface shdsl 1/16
pvid 771 pvc 1
end
configure interface shdsl 1/17
pvid 771 pvc 1
end
configure interface shdsl 1/18
pvid 771 pvc 1
end
configure interface shdsl 1/19
pvid 771 pvc 1
end
configure interface shdsl 1/20
pvid 771 pvc 1
end
configure interface shdsl 1/21
pvid 771 pvc 1
end
configure interface shdsl 1/22
pvid 771 pvc 1
end
configure interface shdsl 1/23
pvid 771 pvc 1
end
configure interface shdsl 1/24
pvid 771 pvc 1
end
configure
vlan 771 1/1-24 untag pvc 1
vlan 31 5/1 tag
vlan 771 5/1 tag
uplink-mode cascade master-port 5/1

Wednesday, May 13, 2009

Speedy 2 PPPOe LB

This summary is not available. Please click here to view the post.