DOKUMENTASI PANDUAN KONFIGURASI

DEVICE JUNIPER
(Best Practice)

Perumahan Modernland, Jl. Pulau Putri Raya, Kelapa Indah, Kecamatan Tangerang, Kota
Tangerang, Banten 15118

2016
LAMPIRAN PROPERTI DOKUMEN

Properti Klien

Nama Customer RSUD Kota Tangerang

LAPORAN DOKUMENTASI PANDUAN SETTING & KONFIGURASI
Nama Dokumen
PERANGKAT JUNIPER
Versi 1.0

Status Final

ii
iii
 BAB I

PENDAHULUAN

1.1. Panduan Dokumentasi Konfigurasi

Dalam laporan dan dokumentasi ini akan di jelaskan cara setting atau konfigurasi atau kata lain
sebagain best practice untuk memonitori, memanage seluruh perangkat jaringan, router, firewall,
switch dan server yang berada di RSUD Kota Tangerang, dengan tujuan sebagai panduan untuk
menyetting, konfigurasi hingga meremot bagi network administrator / network engineer dengan
flexible dan cepat.

Untuk seorang Network Administrator / Network Engineer untuk mengkonfigurasi & meremot device
membutuhkan sebuah tools atau software yang dapat digunakan untuk mengkonfigurasi perangkat
jaringan, Berikut daftar list tools – tools yang umum di gunakan untuk seorang Network
Administrator / Network Engineer dalam konfigurasi perangkat jaringan :

1. 1 Unit Laptop
2. Kable Console
3. 1 Unit Kable UTP Staright ( Cat5e atau Cat6 )
4. Putty / SecureCRT / Xshell dll
5. Winbox
6. WINSCP
7. TFTP Server

Berikut list berupa icon tools – tools yang telah di sebutkan sebelumnya :

1.

2. +

1
3.

4. atau atau

5.

6.

7.

8.

2
 1. Pengaturan Dasar dan Operasional

1.1 Switch Access

Switch ini memiliki beberapa fitur konfigurasi interface – Web Interfaces, Console Command Line dan Tool – tool
Remote, untuk dapat mengakses switch ini dapat di akses melalui :

• Console port (RS 232 line),

• Telnet protocol
• SSH protocol

Menghubungkan port console ke laptop atau PC dengan menggunakan RJ-45 ke DB-9 serial port adaptor. Kabel
Ethernet yang memiliki RJ-45 connecter di kedua ujung dan RJ-45 ke DB-9 serial port adaptor yang disertakan
dengan saklar.

Parameter value menggunakan CONSOLE SERVER, menggunakan CLI :

Login Terminal ke Switch dengan serial console dengan parameter berikut:

Baud rate: 9600

Data: 8 bit

Parity: none
3
Stop : 1 bit

Flow control: None

4
 1) CARA KONFIGURASI ROOT PASSWORD :

Untuk setting root password Ikuti langkah ini :

CLI :

root@:RE:0% cli

root@> configure

root@# set system root-authentication plain-text-password

New Password: Masukan password disini

Retype new password: Masukan password disini

root@> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set system root-authentication plain-text-password
New password: rsudkota1 <-- Sebagai contoh password root-nya
Retype new password: rsudkota1 <-- Sebagai contoh password root-nya

[edit]
root# commit <-- Jangan lupa perintah commit-nya
commit complete

[edit]
root# exit
Exiting configuration mode

root@> request system reboot

Reboot the system ? [yes,no] (no) yes

2) CARA SETTING HOSTNAME, TIME & DATE :

CLI :

Hostname

root# set system hostname RSUD-SW1

TIME

root@ RSUD-SW1# set system time-zone Asia/Jakarta

DATE

root@ RSUD-SW1> set date 201612161300.00

Note : Cara setting Date di Juniper

1. 2016 = Tahun
2. 12 = Bulan (Desember)
3. 16= Tanggal
4. 13 = Jam 1 Siang
5. 00 = Menit pada waktu
6. 00 = Detik

5
root@RSUD-SW1> configure
Entering configuration mode

[edit]
root# set system host-name RSUD-SW1

[edit]
root# set system time-zone Asia/Jakarta

[edit]
root# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1> show configuration system

host-name RSUD-SW1;
time-zone Asia/Jakarta;
root-authentication {
encrypted-password "$1$4W01iLgg$XDUYLEr.GrKr5ANGWdgmH."; ## SECRET-DATA
}

root@RSUD-SW1>

3) Cara Me-Reset ke Factory Default :

root@EX3300> request system zeroize

warning: System will be rebooted and may not boot without configuration

Erase all data, including configuration and log files? [yes,no] (yes)

root@RSUD-SW1> request system zeroize

warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes

warning: zeroizing re0

root@vSRX_R1> Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done

Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 0 0 0 0 0 0 0 0 done

syncing disks... All buffers synced.

Uptime: 1h48m21s
Normal shutdown (no dump device defined)
Shutting down ACPI
Rebooting...
.
>> BOOT PROCESS TRUNCATED <<
.
Amnesiac (ttyd0)

login: root

6
 4) Cara konfigurasi Login dan Banner Message :

root@RSUD-SW1> config
Entering configuration mode

[edit]
root@RSUD-SW1# set system login message "-----------------------------------------------\n| WARNING: AKSES ANDA DI T
OLAK! |\n-----------------------------------------------"

[edit]
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1> exit

root@RSUD-SW1% exit
logout

-----------------------------------------------
| WARNING: AKSES ANDA DI TOLAK! |
-----------------------------------------------

RSUD-SW1 (ttyd0)

login:

5) Dasar Konfigurasi Ethernet Interface :

Mesetting deskripsi pada R1 Ge-0/0/0 interface ke “Link to SW1 Ge-0/0/0”

root@R1> configure
Entering configuration mode

[edit]
root@R1# set interfaces ge-0/0/0 description "Link to SW1 Ge-0/0/0"

[edit]
root@R1#

Me-Assign IP Address 192.168.0.1 ke R1’s Ge-0/0/0 ke physical Interface

root@R1# set interfaces ge-0/0/0 unit 0 family inet address 192.168.0.1/24

[edit]
root@R1#

Konfigurasi DUPLEX pada R1 Ge-0/0/0 interface to 100meg Full Duplex

root@R1# set interfaces ge-0/0/0 speed 100m

[edit]
root@R1# set interfaces ge-0/0/0 link-mode full-duplex

7
Setting R1 dengan interface Ge-0/0/0 MTU menjadi 1522 dan Verifikasi semua konfigurasi yang sudah di ganti
sebelumnya.

root@R1# set interfaces ge-0/0/0 mtu 1522

[edit]
root@R1# commit and-quit
commit complete
Exiting configuration mode

root@R1> show configuration interfaces ge-0/0/0

description "Link to SW1 Ge-0/0/0";
speed 100m;
mtu 1522;
link-mode full-duplex;
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
root@R1>

6) Cara konfigurasi Management Interface :

Contoh : Me-setting IP Address pada Management ethernet Interface 10.240.225.22/24

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set interfaces me0 unit 0 family inet address 10.240.255.22/24

[edit]
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

Untuk Verifikasi :

root@SW1> show configuration interfaces me0

unit 0 {
family inet {
address 10.240.255.22/24;
}
}

root@SW1>

8
 7) Cara Upgrade Junos Software dan reboot switch :

Cara 1 : memakai TFTP

root@RSUD0SW1> request system software add http://172.16.22.25/jinstall-ex-3200-12.3R4.6-domestic-signed.

tgz no-validate reboot

Cara 2 : Memakai WinSCP kemudian pindahkan datanya ke /var/tmp

root@RSUD0SW1> request system software add /var/tmp/jinstall-ex-3200-12.3R4.6-domestic-signed.tgz no-vali

date reboot

8) Konfigurasi Web Management acces via Management Ethernet Interface pada RSUD-
SW1 :

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set interfaces me0 unit 0 family inet address 172.16.22.121/24

[edit]
root@RSUD-SW1# set system services web-management https interface me0.0

[edit]
root@RSUD-SW1# set system services web-management https system-generated-certificate

[edit]
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

Verifikas untuk akses web Juniper manager dari Desktop PC/Laptop

9
10
 9) Cara Backing up dan Restoring Konfigurasi Junos :

Backup konfigurasi existing yang sedang running ke text file supaya dapat di copy dan paster dengan mudah dan
cepat merestore juga.

Contoh :

root@RSUD-SW1> show configuration | display set

set version "12.1I20131108_srx_12q1_x46_intgr.0-613414 [slt-builder]"
set system host-name RSUD-SW1
set system time-zone Asia/Jakarta
set system root-authentication encrypted-password "$1$4W01iLgg$XDUYLEr.GrKr5ANGWdgmH."
set system login announcement "--------------------------------------------------------
-----\n| NOTICE: CONFIGURATION FREEZE IN AFFECT UNTIL 12/26/2013 |\n-----------------
--------------------------------------------"
set system login message "---------------------------------------------\n| WARNING: Una
uthorized access is prohibited! |\n---------------------------------------------"
set system services ssh
set system services web-management http interface ge-0/0/0.0
set system syslog user * any emergency
set system syslog file messages any any
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces ge-0/0/0 description "Link to SW1 Ge-0/0/0"
set interfaces ge-0/0/0 speed 100m
set interfaces ge-0/0/0 mtu 1522
set interfaces ge-0/0/0 link-mode full-duplex
set interfaces ge-0/0/0 unit 0 family inet address 172.16.22.121/24
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood queue-size 2000
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security policies from-zone trust to-zone trust policy default-permit match source-
address any
set security policies from-zone trust to-zone trust policy default-permit match destina
tion-address any
set security policies from-zone trust to-zone trust policy default-permit match applica
tion any
set security policies from-zone trust to-zone trust policy default-permit then permit
set security policies from-zone trust to-zone untrust policy default-permit match sourc
e-address any
set security policies from-zone trust to-zone untrust policy default-permit match desti
nation-address any
set security policies from-zone trust to-zone untrust policy default-permit match appli
cation any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone untrust to-zone trust policy default-deny match source-
address any
set security policies from-zone untrust to-zone trust policy default-deny match destina
tion-address any
set security policies from-zone untrust to-zone trust policy default-deny match applica
tion any
set security policies from-zone untrust to-zone trust policy default-deny then deny
set security zones security-zone trust tcp-rst
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic sys
tem-services http
11
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic sys
tem-services https
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic sys
tem-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic sys
tem-services telnet
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic sys
tem-services dhcp

root@RSUD-SW1>

Backup konfigurasi RSUD-SW1 ke FTP Server dengan ip x.x.x.x dan berikan nama file backupnya contoh
backup.cfg

root@RSUD-SW1> config
Entering configuration mode

[edit]
root@RSUD-SW1# save ftp://john:pass123@172.16.22.25/backup.cfg
ftp://john:pass123@172.16.22.25/config.cfg 100% of 3658 B 1045 kBps
Wrote 139 lines of configuration to 'ftp://john:pass123@172.16.22.25/config.cfg'

[edit]
root@RSUD-SW1#

Cara Restore konfigurasi yang di namai sebelumnya backup.cfg dari FTP server x.x.x.x ke RSUD-SW1

root@RSUD-SW1> config
Entering configuration mode

[edit]
root@RSUD-SW1# load replace ftp://john:pass123@172.16.22.25/backup.cfg
/var/tmp//...transferring.file.........Oy9Tpf/100% of 3658 B 524 kBps
load complete

[edit]
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

10) Konfigurasi 802.1q Interface Trunking :

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set interfaces Ge-0/0/12 unit 0 family ethernet-switching port-mode trunk vlan members all

[edit]
root@RSUD-SW1#

12
 11) Konfigurasi LACP Aggregate Ethernet Interfaces :

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set chassis aggregated-device ethernet device-count 15
root@RSUD-SW1# set interfaces ae0 aggregated-ether-options lacp active
root@RSUD-SW1# set interfaces ae0 description "*** LAG from SWCORE1 to SWDIST1 1st Floor ***"
root@RSUD-SW1# set interfaces ae0 aggregated-ether-options lacp periodic fast

[edit]
root@RSUD-SW1#

12) Konfigurasi Junos DHCP Server

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set system services dhcp pool 192.168.2.0/24 address-range low 192.168.2.2 high 192.168.2.2
54
root@RSUD-SW1# set system services dhcp pool 192.168.2.0/24 default-lease-time 1209600 maximum-lease-tim
e 2419200
root@RSUD-SW1# set services dhcp pool 192.168.2.0/24 domain-search rsud.tangerangkota.go.id
root@RSUD-SW1# set system services dhcp pool 192.168.2.0/24 domain-search IT-RSUDlab.net
root@RSUD-SW1# set system services dhcp pool 192.168.2.0/24 name-server 192.168.10.2
root@RSUD-SW1# set system services dhcp pool 192.168.2.0/24 option 32 ip-address 192.168.2.33
root@RSUD-SW1# set system services dhcp static-binding 01:03:05:07:09:0B fixed-address 192.168.2.50

[edit]
root@RSUD-SW1#

13) Cara konfigurasi DHCP Relay

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set forwarding-options helpers bootp server 192.168.190.7  IP Gateway-nya
root@RSUD-SW1# set forwarding-options helpers bootp interface vlan.2  Assign ke VLAN Interface-nya

root@RSUD-SW1# commit and-quit

commit complete
Exiting configuration mode

root@RSUD-SW1>

13
 14) Cara konfigurasi DHCP Forwarding

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set forwarding-options helpers bootp server <DHCP_SERVER_IP>
root@RSUD-SW1# set forwarding-options helpers bootp interface vlan.<VLAN_ID>
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

1) Cara konfigurasi SNMP

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set snmp name “Router1” description “Router1”
root@RSUD-SW1# set location “Ruang_Server” contact “rsud@tangerangkota.go.id”
root@RSUD-SW1# set snmp community junos authorization read-only
root@RSUD-SW1# set snmp client-list list0 192.168.100.0/24
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

14
2.1 Perintah Dasar Konfigurasi L3

1) Konfigurasi VLAN’s dan Layer 3 VLAN Interfaces ( RVI / Routing VLAN Inteface ) :
Cara membuat VLAN dengan nama sales dengan VLAN ID 10 dan kemudian assing L3 VLAN Interface dengan IP
Address 192.168.10.1/24 :

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set vlans Sales vlan-id 10

[edit]
root@RSUD-SW1# set interfaces vlan unit 10 family inet address 192.168.10.1/24

[edit]
root@RSUD-SW1# set vlans Sales l3-interface vlan.10

[edit]
root@RSUD-SW1#

Membuat VLAN dengan nama Marketing dengan VLAN ID 11 dan assing ke L3 VLAN Interface dengan IP Address
192.168.11.1/24

root@RSUD-SW1# set vlans Marketing vlan-id 11

[edit]
root@RSUD-SW1# set interfaces vlan unit 11 family inet address 192.168.11.1/24

[edit]
root@RSUD-SW1# set vlans Marketing l3-interface vlan.11

[edit]

Assign ke Physical Interface Ge-0/0/0 untuk Sales VLAN dan Ge-0/0/1 ke Marketing VLAN

root@RSUD-SW1# set interfaces ge-0/0/0.0 family ethernet-switching vlan members Sales

15
[edit]
root@RSUD-SW1# set interfaces ge-0/0/1.0 family ethernet-switching vlan members Marketing

[edit]
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

Verifikasi konfigurasi VLAN yang sudah di buat

root@RSUD-SW1> show vlans brief

Ports
Name Tag Primary Address Active/Total
Marketing 11 192.168.11.1/24 0/1
Sales 10 192.168.10.1/24 0/1
default 6/22

root@RSUD-SW1> show interfaces vlan terse

Interface Admin Link Proto Local Remote
vlan up up
vlan.0 up up inet
vlan.10 up down inet 192.168.10.1/24
vlan.11 up down inet 192.168.11.1/24

root@RSUD-SW1> show vlans detail

VLAN: Marketing, 802.1Q Tag: 11, Admin State: Enabled
Primary IP: 192.168.11.1/24
Number of interfaces: 1 (Active = 0)
Untagged interfaces: ge-0/0/1.0

VLAN: Sales, 802.1Q Tag: 10, Admin State: Enabled

Primary IP: 192.168.10.1/24
Number of interfaces: 1 (Active = 0)
Untagged interfaces: ge-0/0/0.0

VLAN: default, 802.1Q Tag: Untagged, Admin State: Enabled

Number of interfaces: 22 (Active = 6)
Untagged interfaces: ge-0/0/2.0, ge-0/0/3.0, ge-0/0/4.0, ge-0/0/5.0,
ge-0/0/6.0, ge-0/0/7.0, ge-0/0/8.0, ge-0/0/9.0, ge-0/0/10.0, ge-0/0/11.0,
ge-0/0/12.0, ge-0/0/13.0, ge-0/0/14.0, ge-0/0/15.0, ge-0/0/16.0, ge-0/0/17.0,
ge-0/0/18.0*, ge-0/0/19.0*, ge-0/0/20.0*, ge-0/0/21.0*, ge-0/0/22.0*,
ge-0/0/23.0*

2) Cara konfigurasi default router / static route :

root@RSUD-SW1> configure
Entering configuration mode

[edit]
root@RSUD-SW1# set routing-options static route 0.0.0.0/0 next-hop x.x.x.x  Next Hop IP -nya

[edit]
root@RSUD-SW1# show routing-options
static {
route 0.0.0.0/0 next-hop x.x.x.x;
}

[edit]
16
root@RSUD-SW1# commit and-quit
commit complete
Exiting configuration mode

root@RSUD-SW1>

3) Cara konfigurasi RIP Protocol

Konfigurasi :

set protocols rip group <GROUPNAME> neighbor <interface>

set protocols rip group <GROUPNAME> export <ROUTING-POLICY>

set policy-options policy-statement <ROUTING-POLICY> term <TERM-NAME> from protocol [direct rip]

set policy-options policy-statement <ROUTING-POLICY> term <TERM-NAME> then accept

Verifikasi dan Sesi dasar Troubleshooting

show rip statistics

show rip neighbor

show route protocol rip

show route

set protocols rip traceoptions file <LOG>

set protocols rip traceoptions flag update detail

4) Cara konfigurasi OSPF Protocol

router-id selection on Junos

Manual configuration: [edit routing-options] router-id

If the router-id is not specified, the first up interface IP address is used (usually the loopback interface)

Enable the protocol with

[edit protocols ospf] area [num] interface [int]

Verifikasi :
17
show ospf overview

show ospf neighbor

show ospf interface

RINGKASAN

1. untuk masuk mode cli

root@% cli

2. Untuk dapat mengubah konfigurasi

root> configure

3. Mengubah hostname

set system host-name RSUD-SW1

4. Untuk menset password root

set system root-authentication plain-text-password

5. Untuk menolak akses ssh

set system services ssh root-login deny

6. Untuk setting interface

set interfaces em0 unit 0 family inet address 192.168.1.1/32

em0 = interfaces

18
7. Setting waktu

set date 201112011026.00

8. Mengubah welcome message

set system login message “ Welcome \n to \n JUNOS-Router\n “

9. Untuk enable services

set system services ftp

set system services telnet

set system services ssh

10. Untuk reset ke setting default

load factory-default

11. Untuk mengecek perubahan

commit check

12. Untuk menjalankan perubahan pada waktu tertentu

commit at 23:00

13. Melihat history commit

root> show system commit

14. Membuat user non-root dengan tingkat permission root

root# set system login user lab class super-user authentication plain-text-password

15. Membuat user dengan kemampuan akses terbatas

root# set system login class noc permissions view

16. Memanggil konfigurasi sebelumnya

19
root# rollback 1

17. Melihat dokumentasi cara manual konfigurasi interface.

root> help reference interfaces address

18. Melihat dokumentasi cara manual konfigurasi bgp

root> help apropos bgp

Melihat semua konfigurasi

– Configuration mode

root# show | no-more

– Operational mode

root> show configuration | no-more

Adapun tambahan beberapa CLI dari Router Juniper adalah sebagai berikut:

user@host> configure

entering configuration mode

[edit]

user@host# ?

Possible completions:

<[Enter]> ----------------------->eksekusi perintah ini

activate ----------------------->Hapus tag tidak aktif dari sebuah pernyataan

annotate ----------------------->Anotasi pernyataan dengan komentar

commit ----------------------->Komit set perubahan configurasi

copy ----------------------->Salin pernyataan

deactivate----------------------->Tambahkan tag tidak aktif ke sebuah pernyataan

delete ----------------------->Menghapus elemen data

edit ----------------------->Edit sub-elemen

exit ----------------------->Keluar dari tingkat ini

help ----------------------->Memberikan bantuan informasi

20
insert ----------------------->Masukkan elemen data terstruktur baru

load ----------------------->Load konfigurasi dari file ASCII

quit ----------------------->Quit from this level

rename ----------------------->Ubah nama sebuah pernyataan

rollback ----------------------->Roll kembali database untuk berkomitmen versi terakhir

run ----------------------->Menjalankan perintah mode operasional

save ----------------------->Simpan konfigurasi ke file ASCII

set ----------------------->Set parameter

show ----------------------->Tampilkan Parameter

status ----------------------->Menampilkan status pengguna database

top ----------------------->Keluar ke tingkat atas konfigurasi

up ----------------------->Keluar satu tingkat konfigurasi

21