menjelang pergantian tahun GMT+7, sedikit menengong kebelakang merenungi perjalanan ku belajar about network, simple world but many mean and many application.
satu kisah yg tak terlupakan di 2008
- kesempatan CCIE lab exam first time
- CCIE lab exam first time failed
- kehilangan kesempatan first attempt pass CCIE lab exam and get #number
benar-benar keputusan yg besar untuk menuju CCIE, apalagi tanpa bantuan dari sponsor atau company, semua dgn swadaya swadana sendiri.
CCIE lab yg dibuat dengan format 8 jam ujian terus menerus praktek, di depan sebuah komputer yg terkoneksi dengan jaringan khusus yg mengakses topologi jaringan sesuai dengan soal, close book, hanya bisa mengakses sebagai panduan. 8 jam ujian lab sangat menentukan dalam hasil namun 8 jam dibandingkan dengan persiapan sebelum ujian rasa2nya tidak ada artinya, harus mengurangi waktu tidur setiap hari, tidak pernah merasa tidur dengan nyenyak, beresiko sering ketiduran waktu kerja :D.
kalau dirangkum kira-kira efeknya seperti ini
1. bisa mengetik cepat, apalagi command2 cisco
2. banyak hal2 yang belum ngerti bahkan belum pernah tahu jadi tahu dan paham
3. semakin dekat waktu ujian, semakin banyak hal-hal yg belum mengerti dan rasanya waktu kurang 24 jam
4. perut jadi agak sedikit buncit, karena jadi makan banyak, sering lapar
5. jadi sedikit kuper, kurang bergaul, jalan-jalan jadi bawa2 ibook, ada sedikit kesempatan buka console telnet terminal-console lab :D
6. kantong jadi bokek, karena harus nabung abis2an buat biaya lab :D, buat beli peralatan lab, kabel2 serial, server simulasi dsb
beberapa jam setelah ujian lab, keluar hasilnya di web cisco dan failed, mencoba menerima apa yg telah dikerjakan dan diusahakan. tidak banyak yg punya kesempatan untuk sampai ke lab exam, meskipun hasilnya failed :D
di akhir tahun 2008, bulan desember tgl 17, sedikit hasil dari usaha belajar juniper network pass JNCIA, tp pass itu tidak lah berarti apa2 tanpa belajar dan terus belajar tentang network. waktu tidak tidur, selalu berputar dan terus berputar dan akan berdampak positif bagi yg bisa memanfaatkan utk hal-hal yg baru dan positif.
tidak ada selamat tahun baru untuk kali ini, karena tidak semua saudara-saudara kita di semua belahan bumi ini menikmati pergatian tahun ini.
bye 2008, welcome 2009.
Wednesday, December 31, 2008
Wednesday, December 17, 2008
back ...
It's long time, I'm not post this blog. welcome back ...
So what I do? busy? or stress? because failed CCIE a few month ago no no no. I just little busy for my daily job and busy read what is network from other side :D. So ... really stress with Cisco and change to Juniper ? no no no, I want to know more about network, how OSPF work, how BGP policy apply etc from other side and I choose Juniper. I think learn about network not only from one resource, many resource in this world can be reference and from many company network but still focus. But remember if you're compare network device from different company network doing head-to-head and be fair, not part-of or just half.
Wednesday, August 20, 2008
Cisco Kron Schedule not Cron Schedule
Do you familiar with *nix Cron Schedule / *nix Crontab Schedule ? How about Kron Schedule in Cisco IOS
Warning be carefull with this example about configure replace at hh:mm
old configure
ip route
new configure (flash:test)
ip route --> delete it
configure kron schedule
configure terminal
kron policy-list remove-static-route
cli configure replace flash:test force
kron occurrence remove-static-route at 22:49 oneshot
policy-list remove-static-route
step by step, verify, debug
Router#sh clock
22:48:07.145 UTC Wed Aug 20 2008
Router#sh kron schedule
Kron Occurrence Schedule
remove-static-route inactive, will run once in 0 days 00:01:09 at 22:49 on
Router#debug kron all
All kron debug flags are on
Router#sh debug
Kron debugs, failure messages debugging is on
Kron debugs, informational and minor warning messages debugging is on
Kron cli occurrence messages debugging is on
Router#sh kron schedule
Kron Occurrence Schedule
remove-static-route inactive, will run once in 0 days 00:00:50 at 22:49 on
Router#sh ip ro static
S* [1/0] via
5w1d: Major 1, Minor 0
5w1d: Timer Event remove-static-route
5w1d: Call parse_cmd 'configure replace flash:test force'
5w1d: Rollback:Acquired Configuration lock.
5w1d: Occurrence remove-static-route is active, it will be removed when inactive
5w1d: Policy remove-static-route is Active, cannot be removed yet
5w1d: %PARSER-3-BADUNLOCKREQ: Unlock requested by process id '225' name 'Kron CLI Process' debug info 'Rollback'. You are not the lock owner
5w1d: Kron CLI return 0
**CLI 'configure replace flash:test force':
Total number of passes: 1Rollback Done'
5w1d: Major 4, Minor 7
5w1d: Respond to end of CLI Process
5w1d: Forcing Removing Policy remove-static-route
5w1d: Removing Policy remove-static-route
5w1d: Removing CLI 'configure replace flash:test force'
5w1d: Done Removing Policy remove-static-route
5w1d: Forcing Removing Occur remove-static-route
5w1d: Removing Occur remove-static-route
5w1d: Removing Policy Name 'remove
5w1d: Finished Removing Occurrence remove-static-route
Router#show ip route static
Router#sh kron schedule
Kron Occurrence Schedule
Sunday, August 17, 2008
Berbeda-beda Tetapi Tetap Satu
Mungkin blog ini banyak dibahas hal-hal tentang network IP (internet protocol) dari Cisco, teknologi, konfigurasi, trik dan yang lain. Apakah hanya Cisco yang bermain dalam hal network tersebut jawabnya tidak, banyak perusahaan lain selain Cisco bermain di network sebut saja Juniper dengan JunOS-nya (sistem operasi router Juniper, sistem operasi router Cisco adalah IOS). Bisa dibilang pesaing Cisco dan banyak bermain dalam core network.
Disini akan saya tulis beberapa command yang mempunyai fungsi sama JunOS dan IOS
1# menampilkan daftar interface secara kolom berserta IP address
JunOS> show interfaces terse
IOS# show ip interface brief
2# menampilkan konfigurasi router
JunOS> show configuration
IOS# show running-config
3# mengambil baris yang diinginkan
JunOS> show configuration | match nnnnn
IOS# show running-config | include nnnnn
4# mengambil sekumpulan baris yang diinginkan dari awal
JunOS> show configuration | find nnnnn
IOS# show running-config | begin nnnnn
5# menampilkan routing tabel router
JunOS> show route
IOS# show ip route
6# menampilkan BGP peering
JunOS> show bgp summary
IOS# show ip bgp summary
7# menampilkan prefix yang di-advertise ke BGP peering a.a.a.a
JunOS> show route advertising-protocol bgp a.a.a.a
IOS# show ip bgp neighbor a.a.a.a advertised-routes
8# menampilkan prefix yang di-terima dar BGP peering a.a.a.a
JunOS> show route receive-protocol bgp a.a.a.a
IOS# show ip bgp neighbor a.a.a.a routes
9# menampilkan user yang sedang telnet
JunOS> show system users
IOS# who
10# menampilkan berapa lama waktu router menyala (waktu nyala)
JunOS> show system uptime
IOS# show version
11# menampilkan log router
JunOS> show log /var/log/messages
IOS# show logging
12# menampilkan cpu proses
JunOS> show system processes
IOS# show processes
Di atas terdapat perbedaan dalam penyampaian dari masing-masing sistem operasi namun maksudnya sama. Sama seperti suatu bangsa ini 'Indonesia' banyak perbedaan di dalamnya, perbedaan suku, perbedaan tempat, perbedaan kebiasan namun semua ini tetap satu atas nama Bangsa Indonesia.
Tepat hari ini 63 tahun Indonesia merdeka, dan spesial untuk hari ini juga menggunakan Bahasa Indonesia menghormati Indonesia yang merayakan dirgahayu.
Selamat Ulang Tahun Indonesia ku.
Dirgahayu Indonesia.
Perbedaan bukan halangan untuk maju, tetap satu Bangsa Indonesia.
Saturday, July 26, 2008
still ...
still losing time for my sleep
still my home browser is
still my screen open iTerm or Terminal
still my finger typing on console
still doing on my lab
still thinking how can be routing-loop
absolutely still going to magic number #
- combination IGP mutual redistribute (RIP, EIGRP, OSPF)
*<-> mutual redistribute
- OSPF mutual redistribute with RIP should not be routing-loop
1. destination on RIP with default metric
2. destination on OSPF with default metric
how scenario can be routing-loop (one example)
# destination on RIP but advertise with modification metric ex. advertise with metric 10
I will share with simple scenario about it next time ;)
still test & prove ... IGP routing-loop
Wednesday, July 16, 2008
Simple TCLSH, multiple ping from IOS
This is simple way to multiple ping from IOS command in one way, use tclsh. tclsh is IOS scripting like shell scripting in *nix machine. Just type your script in note text, paste it in your terminal console.
Router# tclsh
Router(tcl)#foreach IP {
+>} { "ping $IP" }
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
foreach IP {
} { "ping $IP" }
Tuesday, July 15, 2008
Network Time Service Cisco Router
Network time in Cisco router, all configuration about date, time, clock, calendar in Cisco router. in Cisco router divide two method network time : hardware clock, software clock.
# Hardware clock : date time from hardware component inside router, maintain use battery, battery-powered, like bios in computer system, so if router reload or off the clock still running as long as battery is ok
# Software clock : date time from software, source can from NTP, SNTP, VINES, hardware clock
By default Cisco router use software clock, but after router come up, the clock not sync. So we need to make the clock sync from a source.
1. Source from NTP (client)
(config)# ntp server IP-ADDRESS
- can use to primary source
(config)# ntp peer IP-ADDRESS
- cau use to secondary source
2. Source from SNTP (client) use in Cisco router 1600, 1700 and older series not support NTP
(config)# sntp server ADDRESS | HOSTNAME
(config)# sntp broadcast client
3. Source from VINES (client)
(config)# vines time set-system
for redistribute time into VINES
(config)# vines time use-system
4. Source from Hardware Clock
(config)# clock calendar-valid
5. Update hardware clock from software clock
# ntp update-calendar
6. Update software clock from hardware clock
# clock read-calendar
7. Setting hardware clock manually
> calendar set HH:MM:SS DAY MONTH YEAR
> calendar set HH:MM:SS MONTH DAY YEAR
8. Setting software clock manually
9. Server-Client
How to make a Cisco router as NTP server, this is example R1 as NTP server and R2 as NTP client, but in R1 we need choose one of source network time
R1(config)# ntp master [STRATUM]
R2(config)# ntp server/peer IP-ADDRESS
10. NTP broadcast
If we have large network, we can use NTP server acts as NTP broadcast to network, so every device in a cloud network can receive broadcast date time.
R-NTP-SERVER(config-if)# ntp broadcast
Router(config-if)# ntp broadcast client
Router(config)# ntp broadcastdelay MICROSECONDS
Router(config-if)# ntp disable
Router(config)# ntp source INTERFACE
11. Other config about network time are
- NTP access group
(config)# ntp access-group ACL
- NTP authentication
(config)# ntp authenticate
(config)# ntp authentication-key NUMBER md5 VALUE
(config)# ntp trusted-key KEY-NUMBER
- The Time Zone
(config)# clock timezone ZONE
- Summer Time (Daylight Savings Time)
(config)# clock summer-time ZONE recurring
Ohhh one more, Cisco router can connect a GPS timesource device so source use External reference clock but it just a few Cisco device only.
Monday, July 14, 2008
Wednesday, July 9, 2008
Failed in first attempt CCIE lab exam
Actually last night i already know about result lab exam from ccie login page, i check from blackberry roaming with local operator, I failed :(
Many thing i know during this journey, until now i still don't know what exact mistake in my lab, before lunch i already complete configure core and verify, the last requirement exam is test pass can ping all loopback, use tclsh, i think there explicit requirement to be I failed.
It's time to prepare for next mission ;) for a few day i will enjoy hong kong, i will pass next time ;)
oh fyi this is post from free wifi in north point mtr using ipod touch.
Mission to Hong Kong
Saturday, July 5, 2008
3 days before mission 'going to CCIE'
Do yo know ? why need put 'subnets' in redistribute to OSPF
May be in OSPFv1 just concern about classfull networks :D
What about progress going to CCIE
my condition (last night)
- health 49% increase 59% before sleep
- spirit 89%
this morning
- health 75%
keep spirit, always battle ...
ganbatte kudasai
Friday, July 4, 2008
BGP AS-path Manipulation without AS-prepend
This simple scenario about different way to manipulation AS-path without prepend.
R1(AS100) -- R2(AS200)
neighbor remote 200
neighbor remote 100
network mask
AS-path prefix from R1 is '200 i'
I will make AS-path from R1 is '500 200 i'
How to make it ? manipulate it with 'local-as'
no neighbor remote 200
neighbor remote 500
neighbor remote 100
neighbor local-as 500
network mask
'local-as' other function is to manipulation AS-number for existing network, may be we want to migration network in real network, we don't want to long downtime. as I know on a router just can run one 'router bgp AS' process ;) so just one AS-number on one router. I ever test how many routing protocol can running in one router.
How about static routing, how many static routing can run in one router ? Let's see ... continue
Thursday, July 3, 2008
BGP is clever (% BGP : incorrect network or mask configured)
Do you know why BGP is clever, she is know if I input incorrect network or mask :D
why she, cause' BGP is beautiful ;;)
Router(config-router)#net mask
% BGP: Incorrect network or mask configured
Router(config-router)#net mask
Router(config-router)#do sh ip int b | i
Loopback0 YES NVRAM up up
Friday, June 27, 2008
12 Days Remaining CCIE RS Lab Exam
Today is 12 days remaining before CCIE RS Lab Exam, preparation for Exam :
# Exam Location : Hong Kong
# Exam Date : July 8, 2008
# Exam Payment : Paid
# Invitation Letter from Cisco : Yes (pdf)
# Passport Expire : July 2011
# Visa : Visa on Location
# Transport : Garuda Indonesia Airline
# Hotel : on booking and paid
# Default Web Browser :
# Experience on lab : 500 hours more ...
# Experience out of lab : reading, googling, video on IPOD, video on PSP, listening audio book, share with friend, forum online, etc
Keep on lab every day, practice practice practice ...
Don't forget keep my body always health.
Always pray to God.
Monday, June 23, 2008
Frame Relay Hub-Spoke without Mapping between Spoke
This is example topology hub-spoke use frame-relay, but between spoke there isn't mapping.
R1 hub
ip add
frame map ip 102 broadcast
frame map ip 103 broadcast
R2 spoke
ip add
frame map ip 201 broadcast
R3 spoke
ip add
frame map ip 301 broadcast
Between spoke never be communication, but we can test connectivity between spoke without add mapping.
-102---201-- R2
R1 --|
-103---301-- R3
R1 hub
In the middle of Journey
Now I'm on journey, this isn't journey about go to some place to vacation but it's journey to CCIE. hmmm what CCIE it's a food or it's new model of the car :)) no no no, there's someone say it's hall of fame, the top of certified of network hmmm some people say it because CCIE is a top of certified from Cisco but now CCIE not one track, there is several track of CCIE routing switching, service provider, security, voice, storage and design. What about me, CCIE is journey to get something different the journey to make a network as specially si is (*red Cisco) to be part of my life.
The journey start from my CCNA in september 30 2005, not first attempt, 2nd attempt to pass it. It's because of my possition in company not safe, I don't have more knowledge about my job, I like zombie, to do follow instruction, just do working instruction. so I want to be more, study about network, thank to my friend, my senior, my teacher hoho aka Anwar CCIE#20281, until now he always to remind me work with my CCIE lab workbook, sometime we work lab together in some public place with remote lab. Short of story I pass CCNA 2nd attempt. CCNA is not everything about first time to know about network, a year after pass CCNA many about si is I never know, so make me to hard study and read about it ohhh. I like borrow a book cisco press series from my senior just to satisfy my angered.
December 2006, I determined to continue my certified. CCIP, I take BSCI, I failed on first attempt again :( it's make me little down for a while. April 2007 I pass BSCI 2nd attempt, june pass QOS 1st attempt, july pass BGP+MPLS 1st attempt. Now I'm CCIP. What next ...
August 31, pass CCIE written Routing Switching. but it's not a half of CCIE, just little of my CCIE huffff take a little breath.
And then .... my CCIE is begin, first take schedule lab on may 20, 2008 at tokyo. Cancel take schedule on same time but at sydney, find the place near from my country, because all of my CCIE is self fund. A few day after determined to sydney, I get bad news, how difficult to get visa go to ausy (*red australia) :( but I have good news, in hongkong open schedule about CCIE RS, I'm very happy hear that, to HK more cheap transportation fee. I will take at july 08, 2008. Now I'm in 60 days going to CCIE lab and always counting down.
To prepare my lab, I build own lab use dynamips with IE scenario in dedicated computer with fedora OS and AMD proc with 4GB memory and build own rack lab combine with dedicated computer fedora OS and intel proc with 512MB memory to emulate 3 router, because I don't have enough router to build it. One lab use full dynamips and a rack lab real router/switch combine with dynamips. Next time I will share my rack lab real router/switch combine with dynamips.
Is there anyone prepare CCIE too, come on share experience with me.
Sunday, April 13, 2008
Linux Box Terminal via Serial Cable Console
Here example how to make linux box access login / terminal via serial console cable. Without monitor / keyboard cable. Use PC / Notebook with hyper terminal, minicom or Zterm via serial cable. This example use linux box with fedora core 4, minimal installation.
Step by step to configure linux box via serial console
1. check system serial support
2. configure inittab to support serial console login, add (copy/paste)
Here Example /etc/inittab file
3. welcome banner, create file /etc/issueserial
4. activate the new init file, force the init to re-read the config file
5. permit to login via serial console as the root user, edit /etc/securetty and add ttys0/1
6. Test

7. verify process
# ps -ef | grep agetty
root 25519 1 0 15:22 ttyS1 00:00:00 /sbin/agetty -L -f /etc/issueserial 9600 ttyS1 vt100
Saturday, April 12, 2008
Cisco Back to Back Line AUX Ports
This is example back to back through line AUX ports on Cisco router.
# config
# verify
How to determine interface async value 1, 65 or other, look at this
29 february ...
This is last day in this month. Everyone know the date just happen every 4 year. So why I'm not doing some usefull .. hmmm 'cause I'm ... so bored, all of day not doing usefull for my CCIE. I'm in the middle of going to CCIE, I mention it after I pass written in a few month ago, after that I can get schedule for lab. My activity in a few month later and may be until my next lab schedule: work in office, lab from my ibook in home or office sometime in outside place remote my private lab, hang out with my friend, reading UniverCD from my blacberry, repeat again repeat repeat again again ...
A few day ago, I contact someone from blog comment. He successful running well idlepc dynamips in PowerPC processor. He share binnary and path from Chris (red: someone coding dynamips). But I still failed in a few condition simulation, may be someday I will try again, now ... so bored.
Progress my lab still try a few workbook scenario lab and completely a few scenario technology lab but I'm not yet to repeat again. Just completely core lab of scenario not all of scenario.
Beside I using private lab for full workbook scenario, I use mini lab for test some technology and feature. Mini lab is 1 x Cisco 3725 Router, 1 x Cisco 2600 Router, 2 x Cisco Catalyst 3560. I design with a few of cable simulation of technology and feature of Router and Switch. I remote using TermServ with Cisco Router 2600 in separate lab. Actually I need 2 x Cisco Switch 3550 again for may mini lab, but still looking for it. in lab equipment CCIE RS use four Cisco series : 3725 router, 3825 router, catalyst 3550, catalyst 3560 with certain IOS version.
Back to today, 29 february ... there is no special day for me just the day happen one times in 4 year. This is the day just closing the month of february.
... so bored
Thursday, February 28, 2008
storm-control broadcast
What is storm-control broadcast ? is there someone know what is the mean. This morning i see happen in my company network. There is router dan switch connected trunk, suddenly traffic from switch to router high almost full just one way traffic. From the switch there isn't who is generate this traffic. Check mac-address-table normal, spanning-tree ok, other trunk link in switch normal and etc. Finally i add 'storm-control broadcast level 10.00' in interface switch to router. Amazing .... just in a few second traffic be normal. hmmmm I don't know what happen is it :-s.
From 'traffic storm control does not differentiate between control traffic and data traffic' :-?
From 'traffic storm control does not differentiate between control traffic and data traffic' :-?
Wednesday, February 27, 2008
Simple backup, Primary and Secondary Link
I have simple scenario dan test about backup simple backup using ppp encapsulation link and primary link using frame-relay link. For simulation use 'no frame-relay interface-dlci 513' disable frame-relay DLCI as though there is problem from frame-relay cloud.
'backup delay 60 300' : 60s for hold time backup operation, 300s for revert time to normal operation
#Primary Link
#Secondary Link
Wednesday, January 9, 2008
'verify /md5' is nothing, still ..a valid magic number
I really really under preasure yesterday in lunch time. I have critical a network with one of PE from MPLS, PE really really critical, router still on but many have error undercontrol, lost of ability from the a76 series router. So my team dedicate to uprade IOS version with new disk. Old disk in disk0 with 128MB compact flash memory and new disk with new IOS version in disk 1 with 256MB compact flash memory.
Before lunch time I already 'verify /md5' new IOS version but boot failed :(
Loading image, please wait ...
device does not contain a valid magic number
loadprog: error - on file open
boot: cannot load bla bla bla
and then rommon prompt
As long as I know 'verify /md5' is guarantee to work well, but I never know tutorial or document about it from Cisco.
Finally I format from IOS command use 'format disk1:/' and then upload IOS image use FTP use 'copy ftp://user:password@host-ftp/image.bin disk1:/image.bin'. Try boot again work well :).
Thursday, January 3, 2008
'IP Source Binding' for Static IP & Mac Address
A few days ago my friend ask about static IP & Mac address, want to help his customer about static IP address & mac address for LAN. I said can use 'dhcp snooping', I ever read about binding host information like IP and mac address in Cisco Switch dynamicly database using DHCP database or static but I don't know implement it.
Today I try in Cisco Switch Catalyst 3560 IOS version 12.2(35)SE1 (C3560-Advipservicesk9-M work well.
Before it I try in Cisco Router 3660 IOS version 12.2(13) (C3660-JS-M) with NM-16ESW module failed, there is no 'ip source binding' command, 'ip verify source port-security' and 'ip dhcp snooping' command.
I will show step about static IP & Mac
- ip source binding IOS command just work in several IOS version, I still confuse what type of IOS version can do it
- just work in 'switchport mode' interface
- a mac address can't multiply IP address
- a IP adress can multiply mac address
#conf t
#ip dhcp snooping --> to active snooping
#ip dhcp snooping vlan 44 --> specific work in vlan 44
#ip source binding 0123.4567.8901 vlan 44 interface Fa0/44
#interface Fa0/44
#ip verify source port-security --> to verify source IP & Mac address
