Sunday, 1 January 2017

Superlab Mikrotik ( Lab 10 )

Assalamualaikum,

Topologi



Tujuan

- Seluruh device dapat terhubung ke internet
- Adanya limitasi bandwith bagi client
- Membangun hotspot Mikrotik
- Firewall Filter

Konfigurasi


R2

Lakukan konfigurasi R2 terlebih dahulu dikarenakan R2 nantinya akan mendistribusikan internet kepada seluruh device yang ada di dalam jaringan tersebut.
[admin@Mikrotik] > system identity set name=R2
[admin@R2] > ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes disable=no
[admin@R2] > ip address add address=1.1.1.1/30 interface=ether2
[admin@R2] > ip address add address=2.2.2.1/30 interface=ether3
[admin@R2] > ip address add address=10.10.10.1/24 interface=ether4
Setelah itu atur dns server dan firewall nat agar client dapat mengakses internet nantinya.
[admin@R2] > ip dns set servers=8.8.8.8 allow remote requests=yes
[admin@R2] > ip firewall nat add chain==srcnat action=masquerade out-interface=ether1
Setelah melakukan konfigurasi di R2, lakukan konfigurasi yang sama kepada R1 dan R3 agar jaringan local yang dimilikinya dapat mengakses internet.

 R1
[admin@Mikrotik] > system identity set name=R1
[admin@R1] > interface bridge add name=bridge
[admin@R1] > interface bridge port add interface=ether2 bridge=bridge
[admin@R1] > interface bridge port add interface=ether3 bridge=bridge
[admin@R1] > ip address add address=1.1.1.2/30 interface=ether1
[admin@R1] > ip address add address=192.168.1.1/24 interface=bridge
[admin@R1] > ip route add gateway=1.1.1.1
[admin@R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
R3 
[admin@Mikrotik] > system identity set name=R3
[admin@R3] > ip address add address=2.2.2.2/30 interface=ether1
[admin@R3] > ip address add address=192.168.2.1/24 interface=ether2
[admin@R3] > ip route add gateway=2.2.2.1
[admin@R3] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Jika sudah melakukan konfigurasi dasar untuk setiap router, langkah selanjutnya adalah menjadikan DHCP Server pada R1 dan R3 dikarenakan hanya jaringan local pada R1 dan R3 yang menggunakan IP DHCP, sedangkan R2 tidak. 

R1
 [admin@R1] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: bridge1
Select network for DHCP addresses

dhcp address space: 192.168.1.0/24
Select gateway for given network

gateway for dhcp network: 192.168.1.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.1.2-192.168.1.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
 R3
[admin@R3] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 192.168.2.0/24
Select gateway for given network

gateway for dhcp network: 192.168.2.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.2.2-192.168.2.254
Select DNS servers 
dns servers: 8.8.8.8
Select lease time

lease time: 3d
Setelah DHCP Server ditambahkan ke setiap router, langkah selanjutnya yaitu adalah menambahkan routing pada setiap router agar jaringan local dapat berkomunikasi satu sama lain.
[admin@R1] > routing ospf network add network=192.168.1.0/24 area=backbone
[admin@R1] > routing ospf network add network=1.1.1.0/30 area=backbone
[admin@R2] > routing ospf network add network=19.19.0.0/16 area=backbone 
[admin@R2] > routing ospf network add network=1.1.1.0/30 area=backbone
[admin@R2] > routing ospf network add network=2.2.2.0/30 area=backbone
[admin@R2] > routing ospf network add network=10.10.10.0/24 area=backbone
[admin@R3] > routing ospf network add network=2.2.2.0/30 area=backbone
[admin@R3] > routing ospf network add network=192.168.2.0/24 area=backbone
Setelah itu pastikan setiap jaringan local dapat ping ke luar jaringan dan juga dapat mengakses internet. Jika sudah menambahkan routing, langkah selanjutnya sesuai skenario yang ada, yaitu kita akan membuat hotspot pada R2. 
[admin@R2] > ip hotspot setup
Select interface to run HotSpot on

hotspot interface: ether4
Set HotSpot address for interface

local address of network: 10.10.10.1/24
masquerade network: yes
Set pool for HotSpot addresses

address pool of network: 10.10.10.2-10.10.10.254
Select hotspot SSL certificate

select certificate: none
Select SMTP server

ip address of smtp server: 0.0.0.0
Setup DNS configuration

dns servers: 10.10.10.1
DNS name of local hotspot server

dns name: login.idn.id
Create local hotspot user

name of local hotspot user: idn 
password for the user: 12345
Setelah membuat hotspot pada R2, jadikan salah satu user agar dapat mengakses internet tanpa login hotspot.
[admin@R2] > ip hotspot ip-binding add server=all mac-address=08:00:27:37:37:B3 to-address=10.10.10.253 disabled=no type=bypassed
Lalu coba akses internet melalui client yang sudah kita tambahkan ke ip binding.

Share this