Translate

Kamis, 08 Juni 2017

Lab Mikrotik 10

Konfigurasi

Tambahkan ip address terlebih dahulu pada setiap router.

[admin@wawan-R1] > /ip address
add address=1.1.1.2/30 disabled=no interface=ether1 network=1.1.1.0
add address=2.2.2.2/30 disabled=no interface=ether2 network=2.2.2.0
add address=20.20.20.1/30 disabled=no interface=ether3 network=20.20.20.0

[admin@wawan-R2] > /ip address
add address=2.2.2.1/30 disabled=no interface=ether3 network=2.2.2.0
add address=3.3.3.2/30 disabled=no interface=ether2 network=3.3.3.0
add address=4.4.4.1/30 disabled=no interface=ether1 network=4.4.4.0

[admin@wawan- R3] > /ip address
add address=1.1.1.1/30 disabled=no interface=ether1 network=1.1.1.0
add address=3.3.3.1/30 disabled=no interface=ether2 network=3.3.3.0
add address=5.5.5.1/3 disabled=no interface=ether3 network=5.5.5.0

[admin@wawan-R4] > /ip address
add address=4.4.4.2/30 disabled=no interface=ether1 network=4.4.4.0
add address=6.6.6.1/30 disabled=no interface=ether3 network=6.6.6.0
add address=7.7.7.1/30 disabled=no interface=ether2 network=7.7.7.0

[admin@wawan-R5] > /ip address
add address=5.5.5.2/30 disabled=no interface=ether1 network=5.5.5.0
add address=6.6.6.2/30 disabled=no interface=ether2 network=6.6.6.0
add address=8.8.8.1/30 disabled=no interface=ether3 network=8.8.8.0

[admin@wawan-R6] > /ip address
add address=8.8.8.2/30 disabled=no interface=ether1 network=8.8.8.0
add address=7.7.7.2/30 disabled=no interface=ether2 network=7.7.7.0
add address=30.30.30.1/30 disabled=no interface=ether3 network=30.30.30.0

Setelah itu, tambahkan routing rip terlebih dahulu pada jaringan local wawan-R1 dan wawan-R2.

[admin@wawan-R1] > /routing rip
set redistribute-connected=yes
[admin@wawan-R1] > /routing rip network
add disabled=no network=1.1.1.0/30
add disabled=no network=2.2.2.0/30

[admin@wawan-R6] > /routing rip
set redistribute-connected=yes
/routing rip network
add disabled=no network=7.7.7.0/30
add disabled=no network=8.8.8.0/30

 Redistribute connected dikonfigurasi agar router yang menggunakan router yang tidak terhubung secara langsung dengan jaringan tersebut tetap dapat mendapatkan rute untuk menuju ke jaringan tersebut. Setelah itu konfigurasi routing OSPF.
                                         
[admin@wawan-R2] > /routing ospf instance
set redistribute-connected=as-type-1 redistribute-rip=as-type-1
[admin@wawan-R2] > /routing ospf network
add area=backbone disabled=no network=3.3.3.0/30
add area=backbone disabled=no network=4.4.4.0/30

[admin@wawan-R3] > /routing ospf instance
set redistribute-connected=as-type-1 redistribute-rip=as-type-1
/routing ospf network
add area=backbone disabled=no network=5.5.5.0/30
add area=backbone disabled=no network=3.3.3.0/30

 [admin@wawan- R4] > /routing ospf instance
set redistribute-connected=as-type-1 redistribute-rip=as-type-1 /routing ospf network
add area=backbone disabled=no network=4.4.4.0/30
add area=backbone disabled=no network=6.6.6.0/30

 [admin@wawan-R5] >
/routing ospf instance
set redistribute-connected=as-type-1 redistribute-rip=as-type-1
/routing ospf network
add area=backbone disabled=no network=5.5.5.0/30
add area=backbone disabled=no network=6.6.6.0/30


 Lalu lakukan verifikasi route dari jaringan local wawan-R1 dan wawan-R6.

Setelah itu, lakukan verifikasi ping dari lukman-R1 menuju ip client lukman-R6 dan sebaliknya. 
[admin@wawan-R6] > ping 20.20.20.1
HOST                                     SIZE TTL TIME  STATUS  
20.20.20.1                                 56  61 48ms
20.20.20.1                                 56  61 7ms 
sent=2 received=2 packet-loss=0% min-rtt=7ms avg-rtt=27ms max-rtt=48ms

 [admin@wawan-R1] > ping 30.30.30.1
HOST                                     SIZE TTL TIME  STATUS
30.30.30.1                                 56  62 21ms
30.30.30.1                                 56  62 4ms 
sent=2 received=2 packet-loss=0% min-rtt=4ms avg-rtt=12ms max-rtt=21ms

Setelah itu tambahkan rule pada jaringan tersebut, apabila wawan-R6 melakukan ping ke jaringan wawan-R1, maka packet tersebut akan di reject dan dibalas dengan ICMP PORT UNREACHABLE.

[admin@wawan-R1] > ip firewall filter add chain=input dst-address=20.20.20.0/30 action=reject reject-with=icmp-port-unreachable

Setelah itu, tambahkan rule agar lukman-R6 tidak dapat di ping oleh wawan-R1 dengan balasan admin prohibited.

[admin@wawan-R6] > ip firewall filter add chain=input dst-address=30.30.30.0/30 action=reject reject-with=icmp-admin-prohibited

Lalu tambahkan queue agar pada wawan-R1, client hanya mendapatkan bandwith yang dikehendaki oleh admin.
 [admin@wawan-R1] > queue simple add max-limit=5M/10M target-addresses=20.20.20.0/30



Diposting oleh di
Label:

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)