Lab Super Mikrotik 3

Superlab 3

Topologi

Pertama konfigurasi pada Router ISP agar terhubung dengan Internet

[admin@MikroTik] > system identity set name=ISP
[admin@ISP] > ip address add address=19.19.19.10/16 interface=ether1
[admin@ISP] > ip address add address=1.1.1.1/24 interface=ether2
[admin@ISP] > ip address add address=2.2.2.1/24 interface=ether3
[admin@ISP] > ip address add address=3.3.3.1/24 interface=ether4
[admin@ISP] > ip route add gateway=19.19.19.4
[admin@ISP] > ip dns set servers=8.8.8.8 allow-remote-requests=yes 
[admin@ISP] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Konfigurasi Pada IDN-R1

[admin@MikroTik] > system identity set name=IDN-R1
[admin@IDN-R1] > ip address add address=1.1.1.2/24 interface=ether1
[admin@IDN-R1] > interface bridge add name=bridgedhcp
[admin@IDN-R1] > interface bridge port add interface=ether3 bridge=bridgedhcp 
[admin@IDN-R1] > interface bridge port add interface=ether4 bridge=bridgedhcp 
[admin@IDN-R1] > ip address add address=135.135.135.1/24 interface=bridgedhcp 
[admin@IDN-R1] > ip address add address=12.12.12.1/24 interface=ether2
[admin@IDN-R1] > ip route add gateway=1.1.1.1
[admin@IDN-R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes 
[admin@IDN-R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

DHCP Server pada R1

[admin@IDN-R1] > ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface: bridgedhcp
Select network for DHCP addresses 

dhcp address space: 192.168.1.0/24  
Select gateway for given network 

gateway for dhcp network: 192.168.1.1
If this is remote network, enter address of DHCP relay 

There is no such IP network on selected interface
dhcp relay: 192.168.1.1
Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.1.2-192.168.1.254
Select DNS servers 

dns servers: 8.8.8.8
Select lease time 

lease time: 10m

Eoip pada R1

[admin@IDN-R1] > interface eoip add name=eoip_ke_r2 remote-address=2.2.2.2 tunnel-id=12
[admin@IDN-R1] > interface eoip add name=eoip_ke_r6 remote-address=3.3.3.2 tunnel-id=16
[admin@IDN-R1] > interface bridge add name=br_tunnel protocol-mode=rstp 
[admin@IDN-R1] > interface bridge port add interface=eoip_ke_r2 bridge=br_tunnel
[admin@IDN-R1] > interface bridge port add interface=eoip_ke_r6 bridge=br_tunnel
 
[admin@IDN-R1] > ip address add address=10.10.10.1/24 interface=eoip_ke_r6
[admin@IDN-R1] > ip address add address=10.10.10.2/24 interface=eoip_ke_r2

Konfigurasi pada IDN-R2

[admin@MikroTik] > system identity set name=IDN-R2
[admin@IDN-R2] > ip address add address=2.2.2.2/24 interface=ether1
[admin@IDN-R2] > ip address add address=24.24.24.1/24 interface=ether3
[admin@IDN-R2] > ip address add address=192.168.2.1/24 interface=ether2
[admin@IDN-R2] > ip route add gateway=2.2.2.1 distance=1
[admin@IDN-R2] > ip dns set servers=180.131.144.144,180.131.145.145 allow-remote-requests=yes 
[admin@IDN-R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@IDN-R2] > ip pool add name=dhcp_pool ranges=192.168.2.2-192.168.2.5
[admin@IDN-R2] > ip dhcp-server network add address=192.168.2.0/24 dns-server=19
2.168.2.1 gateway=192.168.2.1    
[admin@IDN-R2] > ip dhcp-server add address-pool=dhcp_pool disabled=no interface=ether2 lease-time=3d name=dhcp_r2

Coba atur alamat IP menjadi DHCP pada VPCS

PC3> dhcp
DORA IP 192.168.2.5/24 GW 192.168.2.1

PC3> dhcp
DORA IP 192.168.2.5/24 GW 192.168.2.1

Konfigurasi EoIP pada R2

[admin@IDN-R2] > interface eoip add name=eoip_ke_r1 remote-address=1.1.1.2 tunnel-id=12
[admin@IDN-R2] > interface eoip add name=eoip_ke_r6 remote-address=3.3.3.2 tunnel-id=26
[admin@IDN-R2] > interface bridge add name=br_tunnel protocol-mode=rstp 
[admin@IDN-R2] > interface bridge port add interface=eoip_ke_r1 bridge=br_tunnel
[admin@IDN-R2] > interface bridge port add interface=eoip_ke_r6 bridge=br_tunnel
[admin@IDN-R2] > ip address add address=10.10.10.4/24 interface=eoip_ke_r6
[admin@IDN-R2] > ip address add address=10.10.10.3/24 interface=eoip_ke_r1

[admin@IDN-R2] > ip address add address=12.12.12.2/24 interface=ether4
[admin@IDN-R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether4
[admin@IDN-R2] > ip route add dst-address=135.135.135.0/24 gateway=12.12.12.1 distance=1

Konfigurasi Pada IDN-R3

[admin@MikroTik] > system identity set name=IDN-R3
[admin@IDN-R3] > ip address add address=135.135.135.6/24 interface=ether1
[admin@IDN-R3] > interface bridge add name=R3Bridge
[admin@IDN-R3] > interface bridge port add interface=ether2 bridge=R3Bridge 
[admin@IDN-R3] > interface bridge port add interface=ether3 bridge=R3Bridge 
[admin@IDN-R3] > ip address add address=192.168.1.1/24 interface=R3Bridge 
[admin@IDN-R3] > ip route add gateway=135.135.135.1 distance=1
[admin@IDN-R3] > ip dns set servers=135.135.135.1 allow-remote-requests=yes 
[admin@IDN-R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Lalu DHCP Server pada R3

[admin@IDN-R3] > ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface: R3Bridge
Select network for DHCP addresses 

dhcp address space: 192.168.1.0/24
Select gateway for given network 

gateway for dhcp network: 192.168.1.1
Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.1.2-192.168.1.254
Select DNS servers 

dns servers: 192.168.1.1  
Select lease time 

lease time: 10m

Tes DHCP Server dan koneksi ke Internet

PC2> dhcp
DORA IP 192.168.1.254/24 GW 192.168.1.1

PC2> ping google.com
google.com resolved to 74.125.68.101

84 bytes from 74.125.68.101 icmp_seq=1 ttl=39 time=39.338 ms
84 bytes from 74.125.68.101 icmp_seq=2 ttl=39 time=42.319 ms
84 bytes from 74.125.68.101 icmp_seq=3 ttl=39 time=181.630 ms
84 bytes from 74.125.68.101 icmp_seq=4 ttl=39 time=96.661 ms
google.com icmp_seq=5 timeout

Lalu blokir facebook.com menggunakan layer7protocol karena facebook merupakan https

[admin@IDN-R3] > ip firewall layer7-protocol add name=facebook regexp=^.+facebook.com.*
[admin@IDN-R3] > ip firewall filter add chain=forward layer7-protocol=facebook action=drop

Konfigurasi pada R4

[admin@MikroTik] > system identity set name=IDN-R4
[admin@IDN-R4] > ip address add address=24.24.24.2/24 interface=ether1
[admin@IDN-R4] > ip address add address=192.168.4.1/24 interface=ether2
[admin@IDN-R4] > ip route add gateway=24.24.24.1
[admin@IDN-R4] > ip dns set servers=8.8.8.8 allow-remote-requests=yes 
[admin@IDN-R4] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Dhcp server pada R4

[admin@IDN-R4] > ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface: ether2
Select network for DHCP addresses 

dhcp address space: 192.168.4.0/24
Select gateway for given network 

gateway for dhcp network: 192.168.4.1
Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.4.2-192.168.4.254
Select DNS servers 

dns servers: 192.168.4.1
Select lease time 

lease time: 10m

Konfigurasi pada IDN-R5

[admin@MikroTik] > system identity set name=IDN-R5
[admin@IDN-R5] > ip address add address=135.135.135.5/24 interface=ether1
[admin@IDN-R5] > ip address add address=192.168.1.1/24 interface=ether2
[admin@IDN-R5] > ip route add gateway=135.135.135.1 distance=1
[admin@IDN-R5] > ip dns set servers=8.8.8.8 allow-remote-requests=yes 
[admin@IDN-R5] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@IDN-R5] > ip dhcp-relay add dhcp-server=135.135.135.1 interface=ether2 disabled=no

IDN-R5 adalah dhcp-relay yang meneruskan menuju DHCP Server pada R1

PC1> dhcp
DORA IP 192.168.1.254/24 GW 192.168.1.1

PC1> ping google.com
google.com resolved to 74.125.130.138

84 bytes from 74.125.130.138 icmp_seq=1 ttl=38 time=35.401 ms
84 bytes from 74.125.130.138 icmp_seq=2 ttl=38 time=36.143 ms
84 bytes from 74.125.130.138 icmp_seq=3 ttl=38 time=40.560 ms
84 bytes from 74.125.130.138 icmp_seq=4 ttl=38 time=43.143 ms
84 bytes from 74.125.130.138 icmp_seq=5 ttl=38 time=44.231 ms

Konfigurasi pada IDN-R6

[admin@MikroTik] > system identity set name=IDN-R6
[admin@IDN-R6] > ip address add address=3.3.3.2/24 interface=ether1
[admin@IDN-R6] > ip dns set servers=8.8.8.8 allow-remote-requests=yes 
[admin@IDN-R6] > ip route add gateway=3.3.3.1

Konfigurasi EoIP pada IDN-R6

[admin@IDN-R6] > interface eoip add name=eoip_ke_R1 remote-address=1.1.1.2 tunnel-id=16
[admin@IDN-R6] > interface eoip add name=eoip_ke_R2 remote-address=2.2.2.2 tunnel-id=26
[admin@IDN-R6] > interface bridge add name=br_tunnel protocol-mode=rstp 
[admin@IDN-R6] > interface bridge port add interface=eoip_ke_R1 bridge=br_tunnel 
[admin@IDN-R6] > interface bridge port add interface=eoip_ke_R2 bridge=br_tunnel
[admin@IDN-R6] > ip address add address=10.10.10.5/24 interface=eoip_ke_R1
[admin@IDN-R6] > ip address add address=10.10.10.6/24 interface=eoip_ke_R2
[admin@IDN-R6] > ip address add address=192.168.6.1/24 interface=ether2

DHCP Server pada R6

[admin@IDN-R6] > ip dhcp-server setup 
Select interface to run DHCP server on 

dhcp server interface: ether2
Select network for DHCP addresses 

dhcp address space: 192.168.6.0/24
Select gateway for given network 

gateway for dhcp network: 192.168.6.1
Select pool of ip addresses given out by DHCP server 

addresses to give out: 192.168.6.2-192.168.6.254
Select DNS servers 

dns servers: 8.8.8.8
Select lease time 

lease time: 10m
[admin@IDN-R6] >

Lalu dhcp client dari R6

PC5> dhcp
DORA IP 192.168.6.254/24 GW 192.168.6.1

PC6> dhcp
DORA IP 192.168.6.253/24 GW 192.168.6.1

[admin@IDN-R6] > ip route add dst-address=135.135.135.0/24 gateway=10.10.10.4 check-gateway=ping 
[admin@IDN-R6] > ip route add dst-address=135.135.135.0/24 gateway=10.10.10.2 check-gateway=ping

[admin@IDN-R6] > tool traceroute 135.135.135.5
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST
 1 10.10.10.4                         0%   25   2.4ms     2.9     1.8    14.2
 2 12.12.12.1                         0%   25   2.4ms     4.3       2    48.4
 3 135.135.135.5                      0%   25   2.7ms       3     2.5     5.2

NetBlog

Cari Blog Ini

Lab Super Mikrotik 3

Komentar

Posting Komentar