Blog Informasi dan Pengalaman Pribadi: Lab Mikrotik 17

Konfigurasi

Kali ini kita asumsikan bahwa Mikrotik1 merupakan ISP yang sudah terhubung dengan internet, jadi tidak ada konfigurasi yang ditambahkan ke Mikrotik1. Kita dapat langsung mengkonfigurasi router yang ada.

Tambahkan ip address terlebih dahulu kepada setiap router yang ada.

wawan-R1

[admin@Mikrotik] > system identity set name=wawan-R1

[admin@wawan-R1] > interface bridge add name=bridge

[admin@wawan-R1] > interface bridge port add interface=ether3 bridge=bridge

[admin@wawan-R1] > interface bridge port add interface=ether4 bridge=bridge

[admin@wawan-R1] > interface bridge port add interface=ether5 bridge=bridge

[admin@wawan-R1] > ip address add address=1.1.1.2/24 interface=ether1

[admin@wawan-R1] > ip address add address=2.2.2.2/30 interface=ether2

[admin@wawan-R1] > ip address add address-192.168.3.1/24 interface=bridge

wawan-R2

[admin@Mikrotik] > system identity set name=wawan-R2

[admin@wawan-R2] > ip address add address=1.1.1.3/24 interface=ether1

[admin@wawan-R2] > ip address add address=2.2.2.1/30 interface=ether2

[admin@wawan-R2] > ip address add address=3.3.3.1/30 interface=ether3

[admin@wawan-R2] > ip address add address=192.168.1.1/24 interface=ether4

wawan-R3

[admin@Mikrotik] > system identity set name=wawan-R3

[admin@wawan-R3] > ip address add address=1.1.1.4/24 interface=ether1

[admin@wawan-R3] > ip address add address=3.3.3.2/30 interface=ether2

[admin@wawan-R3] > ip address add address=192.168.2.1/24 interface=ether3

Setelah itu hubungkan ke internet dengan menggunakan DNS, dan route ke gateway. Jangan lupa tambahkan nat agar client dapat mengakses internet.

[admin@wawan-R1] > ip route add gateway=1.1.1.1

[admin@wawan-R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes

[admin@wawan-R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

[admin@wawan-R2] > ip route add gateway=1.1.1.1

[admin@wawan-R2] > ip dns set servers=8.8.8.8 allow-remote-requests=yes

[admin@wawan-R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

[admin@wawan-R3] > ip route add gateway=1.1.1.1

[admin@wawan-R3] > ip dns set servers=8.8.8.8 allow-remote-requests=yes

[admin@wawan-R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Jika sudah, jadikan wawan-R2 dan wawan-R1 sebagai DHCP Server untuk jaringan local yang dimilikinya.

[admin@wawan-R1] > ip dhcp-server setup

Select interface to run DHCP server on

dhcp server interface: bridge1

Select network for DHCP addresses

dhcp address space: 192.168.3.0/24

Select gateway for given network

gateway for dhcp network: 192.168.3.1

Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.3.2-192.168.3.254

Select DNS servers

dns servers: 8.8.8.8

Select lease time

lease time: 3d

[admin@wawan-R2] > ip dhcp-server setup

Select interface to run DHCP server on

dhcp server interface: ether4

Select network for DHCP addresses

dhcp address space: 192.168.1.0/24

Select gateway for given network

gateway for dhcp network: 192.168.1.1

Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.1.2-192.168.1.254

Select DNS servers

dns servers: 8.8.8.8

Select lease time

lease time: 3d

Untuk menghubungkan seluruh jaringan yang ada, maka gunakan routing. Saya akan menggunakan routing OSPF.

[admin@wawan-R1] >routing ospf network

> add area=backbone disabled=no network=192.168.1.0/24

> add area=backbone disabled=no network=2.2.2.0/30

> add area=backbone disabled=no network=2.2.2.0/24

[admin@wawan-R2] > routing ospf network

> add area=backbone disabled=no network=2.2.2.0/24

> add area=backbone disabled=no network=192.168.2.0/24

> add area=backbone disabled=no network=3.3.3.0/24

[admin@wawan-R3] > routing ospf network

> add area=backbone disabled=no network=3.3.3.0/24

> add area=backbone disabled=no network=192.168.3.0/24

Lalu konfigurasi QoS pada router2 dan limit kecepatan upload dan download menjadi 256k.

[admin@wawan-R2] > queue simple add name=Queue target-addresses=192.168.3.0/24 max-limit=256k/256k disabled=no

Lalu coba test bandwith menggunakan bandwith test.

[admin@wawan-R2] > tool bandwidth-test address=192.168.1.1 user=admin password=

status: running

duration: 8s

rx-current: 251.9kbps

rx-10-second-average: 242.9kbps

rx-total-average: 242.9kbps

lost-packets: 21

random-data: no

direction: receive

rx-size: 1500

Maka akan terlihat bandwith yang sudah kita limit tadi. Lalu tambahkan rule jaringan lokal yang berada di wawan-R1 tidak dapat melakukan ping menuju wawan-R3.

[admin@wawan-R3] > ip firewall filter add action=drop chain=input dst-address=192.168.2.0/24 protocol=icmp

Maka akan mendapatkan hasil seperti berikut.

PC1> ping 192.168.3.1

192.168.3.1 icmp_seq=1 timeout

192.168.3.1 icmp_seq=2 timeout

Blog Informasi dan Pengalaman Pribadi

Translate

Jumat, 09 Juni 2017

Lab Mikrotik 17

Tidak ada komentar:

Posting Komentar