Topologi
Pertama konfigurasi IP Address pada IDN-R1
Sekarang kita akan tandai paket-paket yang ingin di limit bandwitdhnya dengan firewall mangle
Sekarang kita lanjut pada IDN-R2 Konfigurasi default route dan dns agar terhubung ke internet
Saya akan blokir URL bola agar tidak dapat diakses
Konfigurasi pertama yaitu agar Router ini terhubung dengan Internet
Pertama konfigurasi IP Address pada IDN-R1
[admin@MikroTik] > system identity set name=IDN-R1 [admin@IDN-R1] > ip address add address=19.19.19.10/16 interface=ether1 [admin@IDN-R1] > ip address add address=12.12.12.1/24 interface=ether2 [admin@IDN-R1] > ip address add address=13.13.13.1/24 interface=ether3Lalu NAT DNS dan defaul route untuk akses ke internet
[admin@IDN-R1] > ip route add gateway=19.19.19.4 [admin@IDN-R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes [admin@IDN-R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1Buat server DHCP untuk network 192.168.1.0/24
[admin@IDN-R1] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether4 Select network for DHCP addresses dhcp address space: 192.168.1.0/24 Select gateway for given network gateway for dhcp network: 192.168.1.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.1.2-192.168.1.254 Select DNS servers dns servers: 192.168.1.1 Select lease time lease time: 10mMaka ini hasil dhcp dari masing-masing PC
PC1> dhcp DORA IP 192.168.1.254/24 GW 192.168.1.1 PC2> dhcp DORA IP 192.168.1.253/24 GW 192.168.1.1 PC1> ping google.com google.com resolved to 74.125.200.101 84 bytes from 74.125.200.101 icmp_seq=1 ttl=40 time=35.957 ms 84 bytes from 74.125.200.101 icmp_seq=2 ttl=40 time=33.301 ms 84 bytes from 74.125.200.101 icmp_seq=3 ttl=40 time=34.007 ms 84 bytes from 74.125.200.101 icmp_seq=4 ttl=40 time=35.437 ms 84 bytes from 74.125.200.101 icmp_seq=5 ttl=40 time=34.830 ms PC2> ping google.com google.com resolved to 74.125.200.100 84 bytes from 74.125.200.100 icmp_seq=1 ttl=41 time=32.541 ms 84 bytes from 74.125.200.100 icmp_seq=2 ttl=41 time=41.799 ms 84 bytes from 74.125.200.100 icmp_seq=3 ttl=41 time=35.749 ms 84 bytes from 74.125.200.100 icmp_seq=4 ttl=41 time=42.316 ms 84 bytes from 74.125.200.100 icmp_seq=5 ttl=41 time=37.155 ms
Sekarang kita akan tandai paket-paket yang ingin di limit bandwitdhnya dengan firewall mangle
[admin@IDN-R1] > ip firewall mangle add chain=prerouting src-address=192.168.1.0 /24 in-interface=ether4 action=mark-connection new-connection-mark=mark [admin@IDN-R1] > ip firewall mangle add chain=prerouting in-interface=ether4 connection-mark=mark action=mark-packet new-packet-mark=upload_mark passthrough=no [admin@IDN-R1] > ip firewall mangle add chain=prerouting in-interface=ether1 connection-mark=mark action=mark-packet new-packet-mark=download_mark passthrough=noSetelah ditandai sekarang kita buat queue tree untuk melimit paket paket yang sudah ditandai tersebut
[admin@IDN-R1] > queue type add kind=pcq name=queue_down pcq-classifier=dst-address [admin@IDN-R1] > queue type add kind=pcq name=queue_up pcq-classifier=src-address [admin@IDN-R1] > queue tree add max-limit=1M name=limit_down packet-mark=download_mark parent=ether4 queue=queue_down [admin@IDN-R1] > queue tree add max-limit=1M name=limit_up packet-mark=upload_mark parent=ether1 queue=queue_upBuat static Routing pada network lainnya :
[admin@IDN-R1] > ip route add dst-address=192.168.2.0/24 gateway=12.12.12.2 [admin@IDN-R1] > ip route add dst-address=192.168.3.0/24 gateway=13.13.13.2Lalu coba tes bandwidth menggunakan aplikasi bandwitdh tester apakah sudah dibatasi .......
Sekarang kita lanjut pada IDN-R2 Konfigurasi default route dan dns agar terhubung ke internet
[admin@MikroTik] > system identity set name=IDN-R2 [admin@IDN-R2] > ip address add address=12.12.12.2/24 interface=ether1 [admin@IDN-R2] > ip address add address=192.168.2.1/24 interface=ether2 [admin@IDN-R2] > ip route add gateway=12.12.12.1 [admin@IDN-R2] > ip dns set servers=12.12.12.1 allow-remote-requests=yesLalu server dhcp untuk memberikan alamat IP
[admin@IDN-R2] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether2 Select network for DHCP addresses dhcp address space: 192.168.2.0/24 Select gateway for given network gateway for dhcp network: 192.168.2.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.2.2-192.168.2.254 Select DNS servers dns servers: 192.168.2.1 Select lease time lease time: 10m
PC3> dhcp DORA IP 192.168.2.254/24 GW 192.168.2.1 PC4> dhcp DORA IP 192.168.2.253/24 GW 192.168.2.1
Saya akan blokir URL bola agar tidak dapat diakses
[admin@IDN-R2] > ip firewall filter add chain=forward content=bola action=dropKonfigurasi limit bandwitdh untuk setiap VPCS
[admin@IDN-R2] > queue simple add max-limit=0/1M name=limit2.0 target=192.168.2.0/24 [admin@IDN-R2] > queue simple add burst-limit=0/512k burst-threshold=0/64k burst-time=0/6s limit-at=0/256k max-limit=0/512k name=limit-winxp-2 parent=limit2.0 target=192.168.2.252 [admin@IDN-R2] > queue simple add name=limitvpcs4 target=192.168.2.253 parent=limit2.0 max-limit=0/128k limit-at=0/64k [admin@IDN-R2] > queue simple add name=limitvpcs5 target=192.168.2.254 parent=limit2.0 max-limit=0/128k limit-at=0/64kLalu lanjut pada konfigurasi R3
Konfigurasi pertama yaitu agar Router ini terhubung dengan Internet
[admin@MikroTik] > system identity set name=IDN-R3 [admin@IDN-R3] > ip address add address=13.13.13.2/24 interface=ether1 [admin@IDN-R3] > ip address add address=192.168.3.1/24 interface=ether2 [admin@IDN-R3] > ip route add gateway=13.13.13.1 [admin@IDN-R3] > ip dns set servers=13.13.13.1 allow-remote-requests=yesLalu dhcp server untuk pemberian alamat IP
[admin@IDN-R3] > ip dhcp-server setup Select interface to run DHCP server on dhcp server interface: ether2 Select network for DHCP addresses dhcp address space: 192.168.3.0/24 Select gateway for given network gateway for dhcp network: 192.168.3.1 Select pool of ip addresses given out by DHCP server addresses to give out: 192.168.3.2-192.168.3.254 Select DNS servers dns servers: 192.168.3.1 Select lease time lease time: 10mLihat apakah client mendapatkan alamat IP :
PC5> dhcp DORA IP 192.168.3.254/24 GW 192.168.3.1 PC5> ping google.com google.com resolved to 74.125.200.100 84 bytes from 74.125.200.100 icmp_seq=1 ttl=40 time=78.575 ms 84 bytes from 74.125.200.100 icmp_seq=2 ttl=40 time=203.776 ms 84 bytes from 74.125.200.100 icmp_seq=3 ttl=40 time=856.513 ms 84 bytes from 74.125.200.100 icmp_seq=4 ttl=40 time=305.300 ms 84 bytes from 74.125.200.100 icmp_seq=5 ttl=40 time=661.910 ms
Saya akan memblok vpcs dengan alamat MAC tertentu agar tidak dapat mengakses DHCP Server lagi : [admin@IDN-R3] > ip dhcp-server lease print Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-ADDRESS HO SER.. RA 0 D 192.168.3.254 00:50:79:66:68:04 PC dhcp1 1 D 192.168.3.253 00:0C:29:96:85:0D Wi dhcp1
[admin@IDN-R3] > ip dhcp-server lease make-static numbers=0 [admin@IDN-R3] > ip dhcp-server lease set 0 block-access=yesDan hasilnya adalah :
PC5> dhcp DDD Can't find dhcp server
Komentar
Posting Komentar