Monday, 2 January 2017

Superlab Mikrotik ( Lab 4 )

Assalamualaikum,

Topologi



Tujuan

- Setiap pc dapat mengakses internet
- Memfilter pc yang akan menggunakan internet
- Memeriksa Bndwith
- Monitoring keadaan Mikrotik
- Mengamankan Router

Konfigurasi 

Konfigurasi identity dan juga ip address dari setiap router terlebih dahulu.

R1
[admin@Mikrotik] > system identity set name=R1
[admin@R1] > ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes disable=no
[admin@R1] > ip address add address=1.1.1.1/30 interface=ether2
[admin@R1] > ip address add address=192.168.3.1/24 interface=ether4
[admin@R1] > ip address add address=3.3.3.1/30 interface=ether3

R2
[admin@Mikrotik] > system identity set name=R2
[admin@R2] > ip address add address=3.3.3.2/30 interface=ether1
[admin@R2] > ip address add address=192.168.2.1/24 interface=ether2

R3 
[admin@Mikrotik] > system identity set name=R3
[admin@R3] > ip address add address=1.1.1.2/30 interface=ether1
[admin@R3] > ip address add address=192.168.1.1/24 interface=ether2
Jika sudah, konfigurasi setiap router agar dapat mengakses internet dan juga agar jaringan lokal yang dimilikinya dapat mengakses internet. 
[admin@R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@R2] > ip route add gateway=3.3.3.1
[admin@R2] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@R3] > ip route add gateway=1.1.1.1
[admin@R3] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
 Jika sudah, jadikan setiap router tersebut menjadi DHCP Server untuk jaringan lokalnya masing masing.
[admin@R1] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether4
Select network for DHCP addresses

dhcp address space: 192.168.2.0/24
Select gateway for given network

gateway for dhcp network: 192.168.2.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.2.2-192.168.2.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
[admin@R2] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 192.168.3.0/24
Select gateway for given network

gateway for dhcp network: 192.168.3.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.3.2-192.168.3.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
[admin@R3] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 192.168.4.0/24
Select gateway for given network

gateway for dhcp network: 192.168.4.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.4.2-192.168.4.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
Jika sudah, pastikan setiap PC mendapatkan IP DHCP dari setiap routernya. Setelah itu, lakukan sesuai skenario yang sudah kita rencanakan untuk lab 4 ini. Tambahkan QoS pada Router 1 dan sertai mangle.
[admin@R1] > ip firewall mangle add chain=prerouting new-connection-mark=con-mark action=mark-connection in-interface=ether4 src-address=192.168.2.0/24
[admin@R1] > ip firewall mangle add chain=prerouting new-packet-mark=upload connection-mark=con-mark in-interface=ether4 passthrough=no
[admin@R1] > ip firewall mangle add chain=prerouting new-packet-mark=download connection-mark=con-mark in-interface=ether1 passthrough=no
Karena kita akan menggunakan pcq, maka buat terlebih dahulu pcq yang nantinya akan kita gunakan.
[admin@R1] > queue type add kind=pcq pcq-classifier=dst-address name=down
[admin@R1] > queue type add kind=pcq pcq-classifier=src-address name=up
 Lalu buat queuenya.
[admin@R1] > queue tree add max-limit=1M name=limit-down parent=ether4 packet-mark=download queue=down
[admin@R1] > queue tree add max-limit=512k name=limit-up parent=ether1 packet-mark=up queue=up
Lalu cek kecepatan koneksi dari jaringan lokal 1. Selanjutnya kita akan menggunakan queue dengan pemanfaatan fitur burst dan limitasi untuk jaringan lokal 2. Make static setiap IP DHCP yang dikirimkan ke PC. Setelah itu konfigurasi queuenya.
[admin@R2] > ip dhcp-server lease pr Flags: X - disabled, R - radius, D - dynamic, B - blocked # ADDRESS MAC-ADDRESS HOST-NAME SERVER STATUS 0 D 192.168.3.254 00:50:79:66:68:00 PC21 dhcp1 bound 1 D 192.168.3.253 08:00:27:F5:48:72 Rafi-PC dhcp1 bound [admin@R2] > ip dhcp-server lease make-static numbers=0,1
[admin@R2] > queue simple add max-limit=64k/512k name=limit target-addresses=192.168.3.0/24
[admin@R2] > queue simple add burst-limit=64k/512k burst-threshold=16k/32k burst-time=3s/6s limit-at=16k/32k max-limit=64k/512k name=limit-win target-addresses=192.168.3.254  [admin@R2] > queue simple add name=limit-vpcs target-addresses=192.168.3.253 parent=limit max-limit=32k/128k limit-at=16k/64k
[admin@R2] > queue simple add name=limit-vpcs1 target-addresses=192.168.3.252 parent=limit max-limit=32k/128k limit-at=16k/64k
 Lalu lakukan verifikasi kembali.

Dude Monitoring(nyusul)

Share this