Translate

Kamis, 08 Juni 2017

Lab Mikrotik 12


Konfigurasi
Pertama lakukan konfigurasi identity dan juga ip address dari setiap router.

Mikrotik1
[admin@Mikrotik] > system identity set name=wawan-R1
[admin@wawan-R1] > ip address add address=1.1.1.2/30 interface=ether1
[admin@wawan-R1] > ip address add address=172.16.1.1/30 interface=ether3
[admin@wawan-R1] > ip address add address=3.3.3.1/30 interface=ether2

Mikrotik2
[admin@Mikrotik] > system identity set name=wawan-R2
[admin@wawan-R2] > ip address add address=2.2.2.2/30 interface=ether1
[admin@wawan-R2] > ip address add address=172.16.2.1/30 interface=ether3
[admin@wawan-R2] > ip address add address=4.4.4.1/30 interface=ether2

Mikrotik3
[admin@Mikrotik] > system identity set name=wawan-R3
[admin@wawan- R3] > ip address add address=3.3.3.2/30 interface=ether1
[admin@wawan-R3] > ip address add address=5.5.5.1/30 interface=ether2
[admin@wawan- R3] > ip address add address=6.6.6.1/30 interface=ether3

Mikrotik4
[admin@Mikrotik] > system identity set name=wawan-R4
[admin@wawan-R4] > ip address add address=4.4.4.2/30 interface=ether1
[admin@wawan- R4] > ip address add address=7.7.7.1/30 interface=ether2
[admin@wawan-R4] > ip address add address=8.8.8.1/30 interface=ether3

Mikrotik5
[admin@Mikrotik] > system identity set name=wawan-R5
[admin@wawan-R5] > ip address add address=5.5.5.2/30 interface=ether1
[admin@wawan-R5] > ip address add address=9.9.9.1/30 interface=ether3
[admin@wawan-R5] > ip address add address=192.168.1.1/24 interface=ether2

Mikrotik6
[admin@Mikrotik] > system identity set name=wawan-R6
[admin@wawan-R6] > ip address add address=6.6.6.2/30 interface=ether1
[admin@wawan-R6] > ip address add address=9.9.9.2/30 interface=ether3
[admin@wawan-R6] > ip address add address=192.168.1.2/24 interface=ether2

Untuk konfigurasi  R7 dan R8, saya akan membahasnya nanti dikarenakan kedua router tersebut akan menggunakan DHCP Relay yang diberikan oleh wawan-R2. Jika sudah mengatur ip address darisetiap router, tambahkan routing, DNS, dan juga firewall agar mereka semuua dapat mengakses internet nantinya.

Mikrotik1
[admin@wawan-R1] > ip route add gateway=1.1.1.1
[admin@wawan-R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Mikrotik2
[admin@wawan-R2] > ip route add gateway=2.2.2.1
[admin@wawan-R2] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Mikrotik3
[admin@wawan-R3] > ip route add gateway=3.3.3.1
[admin@wawan-R3] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Mikrotik4
[admin@wawan-R4] > ip route add gateway=4.4.4.1
[admin@wawan-R4] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R4] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Mikrotik5
[admin@wawan-R5] > ip route add gateway=5.5.5.1
[admin@wawan-R5] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R5] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R6] > ip route add gateway=6.6.6.1
[admin@wawan-R6] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R6] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Lalu pastikan semuanya sudah terhubung internet. Jika sudah, selanjutnya adalah melakukan konfigurasi pada jaringan bagian kiri terlebih dahulu.

Tambahkan static route terlebih dahulu pada lukman-R1yang akan menuju jaringan local.

Mikrotik1
[admin@wawan-R1] > ip route add dst-address=5.5.5.0/30 gateway=3.3.3.2 [admin@wawan-R1] > ip route add dst-address=6.6.6.0/30 gateway=3.3.3.2 [admin@wawan-R1] > ip route add dst-address=10.10.10.0/30 gateway=3.3.3.2
[admin@wawan-R1] > ip route add dst-address=192.168.4.0/30 gateway=3.3.3.2

Mikrotik3
[admin@wawan-R3] > ip route add dst-address=192.168.4.0/30 gateway=5.5.5.2 distance=1
[admin@wawan-R3] > ip route add dst-address=192.168.4.0/30 gateway=6.6.6.2 distance=2
[admin@wawan-R3] > ip route add dst-address=192.168.5.0/30 gateway=5.5.5.2 distance=2
[admin@wawan-R3] > ip route add dst-address=192.168.5.0/30 gateway=6.6.6.2 distance=1
[admin@wawan-R3] > ip route add dst-address=10.10.10.0/30 gateway=5.5.5.2 distance=1
[admin@wawan-R3] > ip route add dst-address=10.10.10.0/30 gateway=6.6.6.2 distance=2

Mikrotik5
[admin@wawan-R5] > ip route add dst-address=192.168.2.0/30 gateway=3.3.3.1
[admin@wawan-R5] > ip route add dst-address=3.3.3.0/30 gateway=5.5.5.1 distance=1
[admin@wawan-R5] > ip route add dst-address=3.3.3.0/30 gateway=10.10.10.2 distance=2
[admin@wawan-R5] > ip route add dst-address=0.0.0.0/0 gateway=5.5.5.1 distance=1
[admin@wawan-R5] > ip route add dst-address=0.0.0.0/0 gateway=10.10.10.2 distance=2
[admin@wawan-R5] > ip route add dst-address=192.168.2.0/30 gateway=5.5.5.1 distance=1
[admin@wawan-R5] > ip route add dst-address=192.168.2.0/30 gateway=10.10.10.2 distance=2

Mikrotik6
[admin@wawan-R6] > ip route add dst-address=3.3.3.0/30 gateway=6.6.6.1 distance=1
[admin@wawan-R6] > ip route add dst-address=3.3.3.0/30 gateway=10.10.10.1 distance=2
[admin@wawan-R6] > ip route add dst-address=0.0.0.0/0 gateway=6.6.6.1 distance=1
[admin@wawan-R6] > ip route add dst-address=0.0.0.0/0 gateway=10.10.10.1 distance=2
[admin@wawan-R6] > ip route add dst-address=192.168.2.0/30 gateway=6.6.6.1 distance=1
[admin@wawan-R6] > ip route add dst-address=192.168.2.0/30 gateway=6.6.6.1 distance=2
Setelah itu lakukan konfigurasi pada jaringan bagian kanan.

wawan-R2 sebagai dhcp

[admin@wawan-R2] > /ip pool
add name=pool7 ranges=7.7.7.2-7.7.7.254
add name=pool8 ranges=8.8.8.2-8.8.8.254
add name=dhcp_pool1 ranges=7.7.7.2
add name=dhcp_pool2 ranges=8.8.8.2
[admin@wawan-R2] > /ip dhcp-server
add address-pool=dhcp_pool1 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether3 lease-time=3d name=dhcp1 relay=7.7.7.1
add address-pool=dhcp_pool2 authoritative=after-2sec-delay bootp-support=static disabled=no interface=ether3 lease-time=3d name=dhcp2 relay=8.8.8.1
[admin@wawan-R2] > /ip dhcp-server network
add address=7.7.7.0/30 gateway=7.7.7.1
add address=8.8.8.0/30 gateway=8.8.8.1
Jika sudah, konfigurasi DHCP Relay pada R4.

Mikrotik4
[admin@wawan-R4] > /ip dhcp-relay
add dhcp-server=4.4.4.1 disabled=no interface=ether2 local-address=7.7.7.1 name=relay1
add dhcp-server=4.4.4.1 disabled=no interface=ether3 local-address=8.8.8.1 name=relay2
Lalu lakukan konfigurasi DHCP-Client pada R7 dan R8.

Mikrotik7
[admin@Mikrotik] > /sytem identity set name=wawan-R7
[admin@wawan-R7] > /ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=ether1 use-peer-dns=yes use-peer-ntp=yes

Mikrotik8
[admin@Mikrotik] > /sytem identity set name=wawan-R8
[admin@wawan-R8] > /ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=ether1 use-peer-dns=yes use-peer-ntp=yes
Jika sudah, selanjutnya adalah melakukan konfigurasi pada wawan-R8. Pada skenario ini, wawan-R8 akan membuat bridge wawan-R8 dan juga PC4. Setelah itu, R8 akan menjadi DHCP Server dari interface bridge tersebut. Buat terlebih dahulu interface bridge, lalu tambahkan interface yang menuju wawan-R8 dan juga PC4 pada interface tersebut.
[admin@wawan-R8] > /interface bridge
add name=bridgeR7-PC4
[admin@wawan-R8] > /interface bridge port
add bridge=bridge1 disabled=no interface=ether2
add bridge=bridge1 disabled=no interface=ether3
Setelah itu lakukan konfigurasi DHCP Server.

[admin@wawan-R8] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: bridge1
Select network for DHCP addresses

dhcp address space: 192.168.7.0/24
Select gateway for given network

gateway for dhcp network: 192.168.7.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.7.2-192.168.7.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time
Jika sudah, aktifkan DHCP Client R7 untuk mendapatkan ip dari R8.
[admin@wawan-R7] > /ip dhcp-client
add add-default-route=yes default-route-distance=1 disabled=no interface=ether2 use-peer-dns=yes use-peer-ntp=yes
Lalu pastikan R7 dan PC4 mendapatkan ip address dari R8.

[admin@wawan-R7] > ip dhcp-client pr
Flags: X - disabled, I - invalid
 #   INTERFACE  USE-PEER-DNS ADD-DEFAULT-ROUTE STATUS   ADDRESS        
 0   ether1             yes                       yes                          bound         7.7.7.2/30
 1   ether2             yes                       yes                          bound         192.168.7.254/24
Lanjut ke skenario selanjutnya, pada kali ini jaringan bagian kiri dan kanan akan dihubungkan menggunakan EoIP Tunnel. Oleh karena itu buat EoIP Tunnel di setiap router yang menuju ke router lainnya.

Mikrotik1
[admin@wawan-R1] > /interface eoip
add disabled=no name=eoip1 remote-address=2.2.2.2 tunnel-id=1 local-address=1.1.1.2

Mikrotik2
[admin@wawan-R2] > /interface eoip
add disabled=no   name=eoip1 remote-address=1.1.1.2 tunnel-id=1 local-address=2.2.2.2
Setelah itu tambahkan ip address untuk interface EoIP.

Mikrotik1
[admin@wawan-R1] > /ip address
add address=20.20.20.1/30 disabled=no interface=eoip1 network=20.20.20.0

Mikrotik2
[admin@wawan-R2] > /ip address
add address=20.20.20.2/30 disabled=no interface=eoip1 network=20.20.20.0
Lalu coba lakukan ping ke ip address EoIP yang dimiliki router lain. Jika sudah berhasil, selanjutnya adalah membuat bridge untuk interface EoIP. Hal ini dilakukan agar jaringan local bagian kiri, dapat berkomunikasi dengan jaringan local bagian kanan dengan menggunakan tunneling.



Mikrotik1
[admin@wawan-R1] > /interface bridge
add name=bridgeEoIP
[admin@wawan-R1] > /interface bridge port
add bridge=bridgeEoIP interface=ether1
add bridge=bridgeEoIP interface=eoip1
[admin@wawan-R2] > /interface bridge
add name=bridgeEoIP
[admin@wawan-R2] > /interface bridge port
add bridge=bridgeEoIP interface=ether1
add bridge=bridgeEoIP interface=eoip1
Setelah itu tambahkan default route dengan gateway interface EoIP.

Mikrotik1
[admin@wawan-R1] > ip route add gateway=20.20.20.2

Mikrotik2
[admin@wawan-R2] > ip route add gateway=20.20.20.1
Setelah itu coba ping menuju jaringan local router lainnya. Jika sudah, tambahkan firewall pada wawan-R2 agar beberapa client di jaringan local milik wawan-R2 tidak dapat di ping oleh router lainnya.

[admin@wawan-R2] > /ip firewall filter
add action=drop chain=input disabled=no dst-address=192.168.6.0/30
add action=drop chain=input disabled=no dst-address=192.168.7.0/24

Lalu coba lakukan ping dari R1 menuju ke jaringan lokal R2.
Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)