Konfigurasi
wawan-ISP
Untuk konfigurasi Router ISP, buat konfigurasi agar
Router ISP dapat terhubung ke internet. Tambahkan juga firewall nat agar router
yang berada dibawahnya juga dapat terhubung ke internet.
[admin@Mikrotik] > system identity set name=wawan-ISP
[admin@wawan-ISP]
> ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes
use-peer-ntp=yes disable=no
[admin@wawan-ISP]
> ip address add address=1.1.1.1/30 interface=ether2
[admin@wawan-ISP]
> ip address add address=2.2.2.1/30 interface=ether3
[admin@wawan-ISP]
> ip address add address=5.5.5.1/30 interface=ether4
Lalu lakukan konfigurasi DNS Server dan juga
firewall nat agar router dan client dapat mengakses internet.
[admin@wawan-ISP]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-ISP]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Apabila sudah terhubung ke internet, barulah kita
lakukan konfigurasi terhadap router lainnya. Tambahkan konfigurasi ip address,
dns, firewall, dan juga gateway pada setiap router.
wawan-R1
[admin@Mikrotik] > system identity set name=wawan-R1
[admin@wawan-R1]
> ip address add address=1.1.1.2/30 interface=ether1
[admin@wawan-R1]
> ip address add address=4.4.4.2/30 interface=ether2
[admin@wawan-R1]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R1]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R1]
> ip route add gateway=1.1.1.1
wawan-R2
[admin@Mikrotik] > system identity set name= wawan-R2
[admin@wawan-R2]
> ip address add address=3.3.3.2/24 interface=ether1
[admin@wawan-R2]
> ip address add address=192.168.2.1/30 interface=ether2
[admin@wawan-R2]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R2]
> ip dns set server=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R2]
> ip route add gateway=3.3.3.1
lukman-R3
[admin@Mikrotik] > system identity set name=wawan-R3
[admin@wawan-R3]
> interface bridge add name=bridge
[admin@wawan-R3]
> interface bridge port add interface=ether2 bridge=bridge
[admin@wawan-R3]
> interface bridge port add interface=ether3 bridge=bridge
[admin@wawan-R3]
> ip address add address=3.3.3.3/24 interface=ether1
[admin@wawan-R3]
> ip address add address=192.168.2.1/24 interface=bridge
[admin@wawan-R3]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R3]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R3]
> ip route add gateway=3.3.3.1
wawan-R4
[admin@Mikrotik] > System identity set name=wawan-R4
[admin@wawan-R4]
> ip address add address=2.2.2.2/30 interface=ether1
[admin@wawan-R4]
> ip address add address=192.168.5.1/24 interface=ether2
[admin@wawan-R4]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R4]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R4]
> ip route add gateway=2.2.2.1
wawan-R5
[admin@Mikrotik] > system identity set name=wawan-R5
[admin@wawan-R5]
> ip address add address=5.5.5.2/30 interface=ether1
[admin@wawan-R5]
> ip address add address=6.6.6.1/30 interface=ether2
[admin@wawan-R5]
> ip address add address=4.4.4.2/30 interface=ether4
[admin@wawan-R5]
> ip address add address=192.168.4.1/24 interface=ether3
[admin@wawan-R5]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R5]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R5]
> ip route add gateway=5.5.5.1
wawan-R6
[admin@Mikrotik] > system identity set name=wawan-R6
[admin@wawan-R6]
> ip address add address=6.6.6.2/30 interface=ether1
[admin@wawan-R6]
> ip address add addres=192.168.6.1/30 interface=ether2
[admin@wawan-R6]
> ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@wawan-R6]
> ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@wawan-R6]
> ip route add gateway=6.6.6.1
Setelah seluruhnya sudah dikonfigurasi, langkah
selanjutnya yaitu melakukan konfigurasi DHCP Server untuk jaringan local.
Router yang akan dijadikan DHCP Server yaitu wawan-R5 dan wawan-R4.
[admin@wawan-R4]
> ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether2
Select network for DHCP addresses
dhcp address space: 192.168.5.0/24
Select gateway for given network
gateway for dhcp network: 192.168.5.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.5.2-192.168.5.254
Select DNS servers
dns servers: 8.8.8.8
Select lease time
lease time: 3d
[admin@wawan-R5]
> ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether4
Select network for DHCP addresses
dhcp address space: 192.168.4.0/24
Select gateway for given network
gateway for dhcp network: 192.168.4.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.4.2-192.168.4.254
Select DNS servers
dns servers: 8.8.8.8
Select lease time
lease time: 3d
Selanjutnya membahkan DHCP server pada wawan-R1. Mengapa berbeda? Dikarenakan
sesuai pada skenario kita yaitu akan memberikan DHCP kepada jaringan local wawan-R2 dan wawan-R3 menggunakan DHCP Relay. Dalam
artian, DHCP Server dibuat di wawan-R1,
lalu akan diteruskan oleh wawan-R2
dan wawan-R3
untuk menuju ke jaringan local yang dimilikinya. Oleh karena itu, jadikan wawan-R1 DHCP Server terlebih dahulu,
setelah itu baru melakukan konfigurasi pada wawan-R2 dan wawan-R3.
Sebelumnya buat terlebih dahulu interface bridge pada wawan-R1 karena nantinya wawan-R2 dan wawan-R3 akan memiliki jaringan local
dengan IP address yang sama.
[admin@wawan-R1]
> interface bridge add
[admin@wawan-R1]
> interface bridge port add interface=ether4 bridge=bridge1
[admin@wawan-R1]
> interface bridge port add interface=ether3 bridge=bridge1
[admin@wawan-R1]
> ip address add address=3.3.3.1/24 interface=bridge1
Setelah itu, tambahkan konfigurasi DHCP Server pada
R1 yang diperuntukkan untuk interface bridge yang sudah dibuat sebelumnya.
[admin@wawan-R1]
> ip dhcp-server setup Select interface to run DHCP server on
dhcp server interface: bridge1
Select network for DHCP addresses
dhcp address space: 192.168.2.0/24
Select gateway for given network
gateway for dhcp network: 192.168.2.1
If this is remote network, enter address of DHCP
relay
There is no such IP network on selected interface
dhcp relay: 192.168.2.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.2.2-192.168.2.254
Select DNS servers
dns servers: 8.8.8.8
Select lease time
lease time: 3d
Jika sudah,
selanjutnya lakukan konfigurasi pada wawan-R2 dan wawan-R3 agar jaringan lokal yang dia
miliki mendapatkan IP DHCP dari R1 selaku DHCP Server.
[admin@wawan-R2]
> ip dhcp-relay add dhcp-server=3.3.3.1 interface=ether2
local-address=192.168.2.1 disable=no
[admin@wawan-R3]
> ip dhcp-relay add dhcp-server=3.3.3.1 interface=bridge1 disabled=no
local-address=192.168.2.1
Lalu cek apakah client sudah mendapatkan ip dhcp
atau belum. Jika sudah, tambahkan queue untuk jaringan local di wawan-R2. Saya akan memberikan max-limit
sebesar 1M untuk setiap upload dan download.
[admin@wawan-R2]
> queue simple add target-addresses=192.168.2.0/24 max-limit=1M/1M
name=limit-all
Setelah itu lakukan verifikasi menggunakan bandwith
test.
[admin@wawan-R2]
> tool bandwidth-test address=192.168.2.1 user=admin password=
status:
running
duration: 26s
rx-current:
996.1kbps
rx-10-second-average: 945.5kbps
rx-total-average: 947.0kbps
lost-packets:
0
random-data:
no
direction:
receive
rx-size: 1500
Lalu pada wawan-R3, gunakan firewall filter dengan layer7protocol
untuk memblokir sebuah situs agar client tidak dapat mengakses situs tersebut.
[admin@wawan-R3]
> ip firewall layer7-protocol add name=detik regexp=^.+detik.com*
[admin@wawan-R3]
> ip firewall filter add chain=forward layer7-protocol=detik action=drop
Jika sudah,
lakukan verifikasi melalui client.
Setelah menambahkan rule pada jaringan lokal
selesai, selanjutnya adalah melakukan konfigurasi EoIP pada wawan-R1, wawan-R2, dan wawan-R6. Untuk pemberian tunnel id,
harus sama dengan router yang ingin kita hubungkan, dikarenakan tunnel id juga
bersifat seperti area. Namun apabila berbeda tunnel id, maka EoIP tidak akan
bisa digunakan.
[admin@wawan-R1]
> interface eoip add remote-address=5.5.5.2 tunnel-id=5
[admin@wawan-R1]
> interface eoip add remote-address=2.2.2.2 tunnel-id=2
[admin@wawan-R4]
> interface eoip add remote-address=1.1.1.2 tunnel-id=2
[admin@wawan-R4]
> interface eoip add remote-address=5.5.5.2 tunnel-id=3
[admin@wawan-R5]
> interface eoip add remote-address=1.1.1.2 tunnel-id=5
[admin@wawan-R5]
> interface eoip add remote-address=2.2.2.2 tunnel-id=3
Jika sudah dibuat, tambahkan bridge untuk
menggabungkan eoip yang berbeda pada setiap router.
[admin@wawan-R1]
> interface bridge add name=EoIP
[admin@wawan-R1]
> interface bridge port add interface=eoip-tunnel1 bridge=EoIP
[admin@wawan-R1]
> interface bridge port add interface=eoip-tunnel2 bridge=EoIP
[admin@wawan-R4]
> interface bridge add name=EoIP
[admin@wawan-R4]
> interface bridge port add interface=eoip-tunnel1 bridge=EoIP
[admin@wawan-R4]
> interface bridge port add interface=eoip-tunnel2 bridge=EoIP
[admin@wawan-R4]
> interface bridge add name=EoIP
[admin@wawan-R4]
> interface bridge port add interface=eoip-tunnel1 bridge=EoIP
[admin@wawan-R4]
> interface bridge port add interface=eoip-tunnel2 bridge=EoIP
Lalu lakukan verifikasi bahwa eoip pada setiap
router sudah aktif.
[admin@wawan-R1]
> interface eoip pr
Flags: X - disabled, R - running
0 R name="eoip-tunnel1" mtu=1500
l2mtu=65535 mac-address=FE:CE:53:FD:5C:34 arp=enabled local-address=0.0.0.0
remote-address=2.2.2.2 tunnel-id=2
1 R
name="eoip-tunnel2" mtu=1500 l2mtu=65535
mac-address=FE:65:8D:F5:EB:03 arp=enabled local-address=0.0.0.0
remote-address=5.5.5.2 tunnel-id=5
[admin@wawan-R4]
> interface eoip pr
Flags: X - disabled, R - running
0 R
name="eoip-tunnel1" mtu=1500 l2mtu=65535
mac-address=FE:E8:3F:59:A0:B6 arp=enabled local-address=0.0.0.0
remote-address=1.1.1.2 tunnel-id=2
1 R
name="eoip-tunnel2" mtu=1500 l2mtu=65535
mac-address=FE:09:87:A3:BA:A4 arp=enabled local-address=0.0.0.0
remote-address=5.5.5.2 tunnel-id=3
[admin@wawan-R5]
> interface eoip pr
Flags: X - disabled, R - running
0 R name="eoip-tunnel1" mtu=1500
l2mtu=65535 mac-address=FE:9F:06:E9:A4:78 arp=enabled local-address=0.0.0.0
remote-address=1.1.1.2 tunnel-id=5
1 R name="eoip-tunnel2" mtu=1500
l2mtu=65535 mac-address=FE:BF:54:13:E6:7D arp=enabled local-address=0.0.0.0
remote-address=2.2.2.2 tunnel-id=3
Tidak ada komentar:
Posting Komentar