Konfigurasi dasar VYOS

Untuk melakukan konfigurasi kita harus masuk terlebih dahulu kedalam mode konfigurasi, perintah untuk masuk kedalam mode konfigurasi adalah configure, Untuk keluar antar mode dan logout ketikkan perintah exit.

Perlu diperhatikan saat selesai melakukan konfigurasi kita harus melakukan commit terlebih dahulu menggunakan perintah commit agar konfigurasi yang telah kita lakukan diterapkan.

Manajemen user VYOS

Menambahkan user

set system login user <nama user> authentication plaintext-password <password>

set system login user fariz authentication plaintext-password password123

Menambahkan nama lengkap.

set system login user <nama user> full-name <"nama lengkap">

set system login user fariz full-name "Fariz Anwar"

Menambahkan privilege.

Terdapat 2 privilege di VYOS yaitu admin dan operator
Admin: memiliki hak untuk membaca, menambahkan, mengubah, dan menghapus konfigurasi.
Operator: memiliki hak untuk membaca dan memonitoring.

set system login user <nama user> level <admin or operator>

set system login user fariz level admin

Menghapus user

delete system login user <nama user>

delete system login user vyos

Konfigurasi IP address

Menambahkan IP address

set interfaces ethernet <nama interface> address <IP Address>

set interfaces ethernet eth0 address 192.168.1.1/24

Mengubah IP address

Untuk melakukan edit IP address kita harus terlebih dahulu masuk kedalam mode edit interface.

edit  interfaces ethernet eth0 (belum)

Menghapus IP address

delete interfaces ethernet <nama interface> address <IP address>

delete interfaces ethernet eth0 address 192.168.1.1/24

Membuat sub interface/virtual interface (VLAN)

set interfaces ethernet <nama interface> vif <VLAN ID>

set interfaces ethernet eth2 vif 10

Membuat sub interface (VLAN) berikut dengan IP address.

set interfaces ethernet <nama interface> vif <VLAN ID> address <IP ADDRESS VLSM>

set interfaces ethernet eth2 vif 10 address 192.168.10.1/24

Melihat tabel ARP (mac address)

show arp interface

Membuat service DHCP server

Perlu diperhatikan saat akan mengkonfigurasi DHCP server pastikan VYOS bisa direboot dan kofigurasi yang sudah dibuat sebelumnya tidak hilang saat dilakukan reboot.

Untuk membuat DHCP server kita harus mendeklarasikan satu persatu IP network, IP gateway (default router), IP DNS server, dan range IP yang akan diberikan ke DHCP client.

Deklarasi nama DHCP server dan IP network.

Syntax

set service dhcp-server shared-network-name <nama bebas> subnet <IP network VLSM>

Example

set service dhcp-server shared-network-name DHCP-VLAN-10 subnet 192.168.10.0/24

Deklarasi IP gateway (default router)

Syntax

set service dhcp-server shared-network-name <nama bebas> subnet <IP network VLSM> default-router <IP gateway (router)>

Example

set service dhcp-server shared-network-name DHCP-VLAN-10 subnet 192.168.10.0/24 default-router 192.168.10.1

Deklarasi IP DNS server

Syntax

set service dhcp-server shared-network-name <nama bebas> subnet <IP network VLSM> dns-server <IP DNS server>

Example

set service dhcp-server shared-network-name DHCP-VLAN-10 subnet 192.168.10.0/24 dns-server 8.8.8.8

Deklarasi rang IP range yang akan diberikan.

Syntax

set service dhcp-server shared-network-name <nama bebas> subnet <IP network VLSM> range <pool id> start <start IP>

set service dhcp-server shared-network-name <nama bebas> subnet <IP network VLSM> range <pool id> stop <end IP>

Example

set service dhcp-server shared-network-name DHCP-VLAN-10 subnet 192.168.10.0/24 range 1120 start 192.168.10.11

set service dhcp-server shared-network-name DHCP-VLAN-10 subnet 192.168.10.0/24 range 1120 stop 192.168.10.20

Konfigurarsi static routing

Syntax

set protocols static route <network tujuan> next-hop <IP nexthop>

Example

set protocols static route 192.168.30.0/24 next-hop 192.168.255.2

Konfigurasi DHCP client (Request)

Untuk request IP DHCP syntax nya adalah:

set interfaces ethernet eth0 address dhcp

Konfigurasi NAT

Massquerade (src nat), syntax:

set nat source rule <nomor rule> outbound-interface <nama interface keluar>

Example

set nat source rule 1 outbound-interface eth0

Syntax

set nat source rule <nomor rule> translation address masquerade

Example

set nat source rule 1 translation address masquerade

Jika ingin spesifik network yang ingin di translasikan:

Syntax

set nat source rule <nomor rule> source address <IP network VLSM>

Example

set nat source rule 1 source address 192.168.10.0/24

Konfigurasi DNS server

Syntax

set system name-server <IP DNS server>

Example

set system name-server 8.8.8.8

Mengubah hostname (nama mesin)

Syntax

set system host-name <nama hostname>

Example

set system host-name mesin-vyos-1

Melihat konfigurasi yang sedang berjalan

run show configuration

Melihat tabel routing (routing table)

Syntax

run show ip route

BGP

Membuat route filtering terlebih dahulu

Membuat prefix list yang akan kita advertise keluar

Ingat kita hanya akan mengadvertise prefix milik kita yang sudah kita dapatkan dari IDNIC

Membuat prefix list permit (di izinkan untuk di advertise)

Membuat nama prefix

set policy prefix-list <text-namarule>

Menambahkan deskripsi/keterangan

set policy prefix-list <text-namarule> description <text-keterangan>

Membuat rule nomer 1 dengan action permit/di izinkan advertise

set policy prefix-list <text-namarule> rule <nomor-rule(isikan 1)> action <permit>

Menambahkan network yang akan di advertise

set policy prefix-list <text-namarule> rule <1> prefix <x.x.x.x/x>

Membuat prefix list deny (tidak diizikan keluar/tidak di advertise)

Membuat nama prefix

set policy prefix-list <text-namarule>

Menambahkan deskripsi/keterangan

set policy prefix-list <text-namarule> description <text-keterangan>

Membuat rule nomer 2 dengan action deny/tidak diizinkan/tidak di advertise

set policy prefix-list <text-namarule> rule <nomor-rule(isikan 2)> action <deny>

Menambahkan network tidak akan di advertise
Karena kita telah menambahkan rule untuk mengadvertise di nomor 1. jadi kita buat rule nomer 2 dengan network 0.0.0.0/0. yang artinya selain network yang sudah kita buat rule permit diatas akan kita discard/tidak diadvertise

set policy prefix-list <text-namarule> rule <2> prefix <0.0.0.0/0>

Membuat route map

set policy route-map <text> rule <1-65535> match ip address prefix-list <text>

BGP Filtering

In order to control and modify routing information that is exchanged between peers you can use route-map, filter-list, prefix-list, distribute-list.

For inbound updates the order of preference is:

route-map

filter-list

prefix-list, distribute-list

For outbound updates the order of preference is:

prefix-list, distribute-list

filter-list

route-map

Note

The attributes prefix-list and distribute-list are mutually exclusive, and only one command (distribute-list or prefix-list) can be applied to each inbound or outbound direction for a particular neighbor.

set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> distribute-list <export|import> <number>

This command applys the access list filters named in <number> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments export and import specify the direction in which the access list are applied.

set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> prefix-list <export|import> <name>

This command applys the prfefix list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments export and import specify the direction in which the prefix list are applied.

set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> route-map <export|import> <name>

This command applys the route map named in <name> to the specified BGP neighbor to control and modify routing information that is exchanged between peers. The arguments export and import specify the direction in which the route map are applied.

set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> filter-list <export|import> <name>

This command applys the AS path access list filters named in <name> to the specified BGP neighbor to restrict the routing information that BGP learns and/or advertises. The arguments export and import specify the direction in which the AS path access list are applied.

set protocols bgp <asn> neighbor <address|interface> address-family <ipv4-unicast|ipv6-unicast> capability orf <receive|send>

This command enables the ORF capability (described in RFC 5291) on the local router, and enables ORF capability advertisement to the specified BGP peer. The receive keyword configures a router to advertise ORF receive capabilities. The send keyword configures a router to advertise ORF send capabilities. To advertise a filter from a sender, you must create an IP prefix list for the specified BGP peer applied in inbound derection

Manajemen user VYOS

Menambahkan user

Menambahkan nama lengkap.

Menambahkan privilege.

Menghapus user

Konfigurasi IP address

Menambahkan IP address

Mengubah IP address

Menghapus IP address

Membuat sub interface/virtual interface (VLAN)

Melihat tabel ARP (mac address)

Membuat service DHCP server

Deklarasi nama DHCP server dan IP network.

Deklarasi IP gateway (default router)

Deklarasi IP DNS server

Deklarasi rang IP range yang akan diberikan.

Konfigurarsi static routing

Konfigurasi DHCP client (Request)

Konfigurasi NAT

Konfigurasi DNS server

Mengubah hostname (nama mesin)

Melihat konfigurasi yang sedang berjalan

Melihat tabel routing (routing table)

BGP

Membuat route filtering terlebih dahulu

Membuat prefix list yang akan kita advertise keluar

Membuat route map

BGP Filtering

Membuat CSR di Linux (Generate CSR)

Instalasi Crater Invoice

Install Nextcloud di Ubuntu 20.04 dengan web server Apache

Mengatasi dependensi saat menginstal paket .deb dengan dpkg -i