SuperLab Mikrotik Mudah Lab5#1

Assalamualaikum wr.wb
 

Alhamdulillah saya diberi kesempatan untuk membagikan ilmu lagi kali ini masih tentang mikrotik yaitu Superlab Mikrotik mudah Lab5#1 hari ini semangatkan? harus semangat ok!!, cukup basa basinya sekarang langsung saja berikut topologinya

 

Tujuannya adalah

• Menghubungkan antar router dengan menggunakan Tunnel (L2TP/Ipsec)

• Blocking Website tertentu dengan firewall layer7 dan Content

• Blokir situs pada jam tertentu

• Host yg ada pada R3 dapat mengakses server di kantor pusat

 Konfigurasi 1
kita set supaya router ISP bisa konek internet

[admin@MikroTik] > /system identity set name=ISP 
[admin@ISP] > ip address
add address=10.0.1.5/24 interface=ether1 network=10.0.1.0
add address=1.1.1.1/24 interface=ether2 network=1.1.1.0
add address=2.2.2.1/24 interface=ether3 network=2.2.2.0

[admin@ISP] > ip dns
set allow-remote-requests=yes servers=8.8.8.8
[admin@ISP] > ip route
add distance=1 gateway=10.0.1.4

[admin@ISP] > ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1

Konfigurasi 2
kita set supaya bisa terkoneksi internet dan kita setup dhcp server
 

[admin@MikroTik] > /system identity set name=R1
[admin@R1] > ip address
add address=1.1.1.2/24 interface=ether1 network=1.1.1.0
add address=3.3.3.1/24 interface=ether3 network=3.3.3.0
add address=4.4.4.1/24 interface=ether2 network=4.4.4.0
add address=5.5.5.1/24 interface=ether4 network=5.5.5.0
 

[admin@R1] > ip dns set allow-remote-requests=yes servers=8.8.8.8
[admin@R1] > ip firewall firewall nat
add action=masquerade chain=srcnat out-interface=ether1
[admin@R1] > ip route add distance=1 gateway=1.1.1.1
[admin@R1] > ip dns set allow-remote-requests=yes servers=8.8.8.8

Kita setup DHCP di ether2

[admin@R1] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 4.4.4.0/24
Select gateway for given network

gateway for dhcp network: 4.4.4.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 4.4.4.2-4.4.4.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d

Konfigurasi 2
kita konfigurasi R2 untuk bridge dan dhcp server

[admin@MikroTik] > /system identity set name=R2
[admin@R2] > ip address add address=3.3.3.2/24 interface=ether1

[admin@R2] > ip route add gateway=3.3.3.1

Kita buat interface bridgenya portnya ether 2,3,4

[admin@R2] > interface bridge
add name=bridge_dhcp
[admin@R2] >/interface bridge port
add bridge=bridge_dhcp interface=ether2
add bridge=bridge_dhcp interface=ether3
add bridge=bridge_dhcp interface=ether4

Jangan lupa beri ip address

[admin@R2] > ip address add address=7.7.7.1/24 interface=bridge_dhcp 

kita setup dhcp di interface bridge supaya nanti client bisa mendapat ip otomatis

[admin@R2] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: bridge_dhcp
Select network for DHCP addresses

dhcp address space: 7.7.7.0/24
Select gateway for given network

gateway for dhcp network: 7.7.7.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 7.7.7.2-7.7.7.254
Select DNS servers

dns servers: 8.8.8.8,8.8.4.4
Select lease time

lease time: 3d

Konfigurasi 3
disini kita meng konfig dhcp setup,dan l2tp

[admin@MikroTik] > /system identity set name=R3
[admin@R3] > ip address
add address=2.2.2.3/24 interface=ether1 network=2.2.2.0
add address=6.6.6.1/24 interface=ether2 network=6.6.6.0

Kita setup dhcp

[admin@R3] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 6.6.6.0/24
Select gateway for given network

gateway for dhcp network: 6.6.6.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 6.6.6.2-6.6.6.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d 

Kembali ke R1 untuk membuat L2TP server

[admin@R1] > interface  l2tp-server server
set enabled=yes ipsec-secret=123 use-ipsec=yes

Selanjutnya ke PPP untuk menambahkan Local ip dan remote ip

[admin@R1] > ppp secret
add local-address=9.9.9.1 name=coba password=123 remote-address=9.9.9.2 routes=6.6.6.0/24 service=l2tp

Kita konekkan ke l2tp server tadi

[admin@R3] > interface
add connect-to=1.1.1.2 disabled=no mrru=1600 name=l2tp-client password=123 user=coba

kita tambahkan static rute ke R1

[admin@R3] > ip route
add distance=1 dst-address=5.5.5.0/24 gateway=l2tp-client

Konfigurasi 4

Kita akan konfigurasi NTP supaya singkron dengan waktu dan ada yang menarik yaitu scheduler, adalah pengendalian waktu pengimplementasinya adalah jika anda seorang admin jaringan di sekolah dan disuruh guru untuk memblok fb pada waktu tertentu biar siswa nggak mbuka di jam pelajaran, anda bisa menggunakan ini

[admin@R1] >/system clock
set time-zone-name=Asia/Jakarta

sekarang mulai dari firewall layer7 dan content

[admin@R1] > ip firewall  layer7-protocol
add name=facebook regexp=^.+facebook.com.*
[admin@R1] > /ip firewall filter
add action=drop chain=forward comment=block-fb-http content=facebook protocol=tcp
[admin@R1] > add action=drop chain=forward comment=block-fb-https dst-port=443 layer7-protocol=facebook protocol=tcp

ini adalah perintah https dan https yang mengijinkan fb

[admin@R1] > system script
add name=fb-allow-https owner=admin policy=read,write,policy,test,sniff source=\
    "/ip firewall filter set disabled=yes [/ip firewall filter find content \"block-fb-https\"]"

add name=fb-allow-http owner=admin policy=read,write,policy,test,sniff source=\
    " /ip firewall filter set disabled=yes [ /ip firewall filter find content \"block-fb-http\"] "

kita atur jam brp dilarangnya

[admin@R1] > system scheduler
add interval=1d name=fb-http-deny on-event=fb-deny-http policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/27/2017 start-time=08:00:00
add interval=1d name=fb-https-dny on-event=fb-deny-https policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/27/2017 start-time=08:00:00

jangan lupa set yang untuk mengijinkan, ini script yang mengijinkan

[admin@R1] > system scheduler 

add interval=1d name=fb-https-allow on-event=fb-allow-https policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/27/2017 start-time=\
    17:00:00
add interval=1d name=fb-allow-http on-event=fb-allow-http policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=jan/27/2017 start-time=\
    17:00:00

Sekian tentang Lab 5 mikrotik seson 1 besok InshaAllah ada lagi, tetap semangat berbagi!!!!!
 

Artikel Terkait

SuperLab Mikrotik Mudah Lab5#1

4/ 5

Oleh Unknown

January 29, 2017 Komentar