Monday, 2 January 2017

Superlab Mikrotik ( Lab 6 )

Assalamualaikum,

Topologi


Tujuan

- Seluruh pc dapat terkoneksi ke internet
- Limitasi bandwith untuk setiap PC
- Packet Filtering

Konfigurasi


Kali ini kita asumsikan bahwa Mikrotik1 merupakan ISP yang sudah terhubung dengan internet, jadi tidak ada konfigurasi yang ditambahkan ke Mikrotik1. Kita dapat langsung mengkonfigurasi router yang ada.

Tambahkan ip address terlebih dahulu kepada setiap router yang ada.

R1
[admin@Mikrotik] > system identity set name=R1
[admin@R1] > interface bridge add name=bridge
[admin@R1] > interface bridge port add interface=ether3 bridge=bridge
[admin@R1] > interface bridge port add interface=ether4 bridge=bridge
[admin@R1] > interface bridge port add interface=ether5 bridge=bridge
[admin@R1] > ip address add address=1.1.1.2/24 interface=ether1
[admin@R1] > ip address add address=2.2.2.2/30 interface=ether2
[admin@R1] > ip address add address-192.168.3.1/24 interface=bridge
R2
[admin@Mikrotik] > system identity set name=R2
[admin@R2] > ip address add address=1.1.1.3/24 interface=ether1
[admin@R2] > ip address add address=2.2.2.1/30 interface=ether2
 [admin@R2] > ip address add address=3.3.3.1/30 interface=ether3
[admin@R2] > ip address add address=192.168.1.1/24 interface=ether4
R3 
[admin@Mikrotik] > system identity set name=R3
[admin@R3] > ip address add address=1.1.1.4/24 interface=ether1
[admin@R3] > ip address add address=3.3.3.2/30 interface=ether2
[admin@R3] > ip address add address=192.168.2.1/24 interface=ether3
Setelah itu hubungkan ke internet dengan menggunakan DNS, dan route ke gateway. Jangan lupa tambahkan nat agar client dapat mengakses internet.
[admin@R1] > ip route add gateway=1.1.1.1
[admin@R1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R1] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@R2] > ip route add gateway=1.1.1.1
[admin@R2] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R2] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
[admin@R3] > ip route add gateway=1.1.1.1
[admin@R3] > ip dns set servers=8.8.8.8 allow-remote-requests=yes
[admin@R3] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
 Jika sudah, jadikan R2 dan R1 sebagai DHCP Server untuk jaringan local yang dimilikinya.
[admin@R1] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: bridge1
Select network for DHCP addresses

dhcp address space: 192.168.3.0/24
Select gateway for given network

gateway for dhcp network: 192.168.3.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.3.2-192.168.3.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
 [admin@R2] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether4
Select network for DHCP addresses

dhcp address space: 192.168.1.0/24
Select gateway for given network

gateway for dhcp network: 192.168.1.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 192.168.1.2-192.168.1.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
 Untuk menghubungkan seluruh jaringan yang ada, maka gunakan routing. Saya akan menggunakan routing OSPF.
[admin@R1] >routing ospf network
> add area=backbone disabled=no network=192.168.1.0/24
> add area=backbone disabled=no network=2.2.2.0/30
> add area=backbone disabled=no network=2.2.2.0/24
 [admin@R2] > routing ospf network
> add area=backbone disabled=no network=2.2.2.0/24
> add area=backbone disabled=no network=192.168.2.0/24
> add area=backbone disabled=no network=3.3.3.0/24
 [admin@R3] > routing ospf network
> add area=backbone disabled=no network=3.3.3.0/24
> add area=backbone disabled=no network=192.168.3.0/24
Lalu konfigurasi QoS pada router2 dan limit kecepatan upload dan download menjadi 256k.
[admin@R2] > queue simple add name=Queue target-addresses=192.168.3.0/24 max-limit=256k/256k disabled=no
 Lalu coba test bandwith menggunakan bandwith test.
[admin@R2] > tool bandwidth-test address=192.168.1.1 user=admin password=                              
 status: running
 duration: 8s
 rx-current: 251.9kbps
 rx-10-second-average: 242.9kbps
 rx-total-average: 242.9kbps
 lost-packets: 21
 random-data: no
 direction: receive
 rx-size: 1500
Maka akan terlihat bandwith yang sudah kita limit tadi. Lalu tambahkan rule jaringan lokal yang berada di R1 tidak dapat melakukan ping menuju R3.
[admin@R3] > ip firewall filter add action=drop chain=input dst-address=192.168.2.0/24 protocol=icmp
Maka akan mendapatkan hasil seperti berikut.
PC1> ping 192.168.3.1

192.168.3.1 icmp_seq=1 timeout
192.168.3.1 icmp_seq=2 timeout

Share this