You are here : / / Superlab Mikrotik mudah Lab9#1

Wednesday, February 1, 2017

Superlab Mikrotik mudah Lab9#1

Assalamualaikum wr.wb


Alhamdulillah saya diberi kesempatan untuk membagikan ilmu lagi kali ini masih tentang mikrotik s yaitu Superlab Mikrotik mudah Lab 9#1 hari ini semangatkan? harus semangat ok!!,nggak nyanka sekarang sudah lab 9 ini masih belum selesai masih banyak lagi yang mau saya bagikan, cukup basa basinya sekarang langsung saja berikut topologinya


Tujuan dari lab ini adalah
  • Masing-masing device pada kawasannya dapat saling berkomunikasi.
  • Semua device dapat mengakses internet
  • Router 1 dan Router 5 pada kawasan yang berbeda dapat berkomunikasi menggunakan tunnnel
Konfigurasi 1
kita konfigurasi dulu ISP seperti biasa yaitu supaya konek dengan internet dulu dan jangan lupa identitynya
[admin@MikroTik] > /system identity set name=ISP
[admin@ISP] > ip addres
add address=10.0.1.5/24 interface=ether1 network=10.0.1.0
add address=1.1.1.1/24 interface=ether2 network=1.1.1.0
add address=2.2.2.1/24 interface=ether3 network=2.2.2.0
[admin@ISP] > ip dns
set allow-remote-requests=yes servers=8.8.8.8
[admin@ISP] > ip route add gateway=10.0.1.4
[admin@ISP] > ip firewall  nat
add action=masquerade chain=srcnat out-interface=ether1
konfigurasi 2
kita muali menkonfigurasi ip setiap router dibagian kiri

R1
[admin@MikroTik] > /system identity set name=R1
[admin@R1] > ip address
add address=1.1.1.2/24 interface=ether1
add address=3.3.3.1/24 interface=ether3
add address=4.4.4.1/24 interface=ether2
R2
[admin@MikroTik] > /system identity set name=R2
[admin@R2] > ip address
add address=4.4.4.2/24 interface=ether1
add address=5.5.5.1/24 interface=ether2
add address=6.6.6.1/24 interface=ether3
R3
[admin@MikroTik] > /system identity set name=R3
[admin@R3] > ip address
add address=6.6.6.2/24 interface=ether1
add address=7.7.7.1/24 interface=ether2
add address=8.8.8.1/24 interface=ether3   
R4
[admin@MikroTik] > /system identity set name=R4
[admin@R4] > ip address
add address=5.5.5.2/24 interface=ether1
add address=7.7.7.2/24 interface=ether2
add address=9.9.9.1/24 interface=ether3  
Konfigurasi 2
kita tambahkan static rute supaya router bisa saling terhubung
[admin@R1] > ip route
add dst-address=6.6.6.0/24 gateway=4.4.4.2
add dst-address=5.5.5.0/24 gateway=4.4.4.2
add dst-address=7.7.7.0/24 gateway=4.4.4.2
add dst-address=8.8.8.0/24 gateway=4.4.4.2    
add dst-address=9.9.9.0/24 gateway=4.4.4.2    
Konfigurasi di R2
[admin@R2] >/ip route
add dst-address=1.1.1.0/24 gateway=4.4.4.1  
add dst-address=7.7.7.0/24 gateway=6.6.6.2
add dst-address=7.7.7.0/24 gateway=5.5.5.2
add dst-address=8.8.8.0/24 gateway=6.6.6.2
add dst-address=8.8.8.0/24 gateway=5.5.5.2
add dst-address=9.9.9.0/24 gateway=6.6.6.2
add dst-address=9.9.9.0/24 gateway=5.5.5.2
Knfigurasi di R3
[admin@R3] > ip route      
add dst-address=1.1.1.0/24 gateway=6.6.6.1
add dst-address=1.1.1.0/24 gateway=7.7.7.2
add dst-address=4.4.4.0/24 gateway=6.6.6.1    
add dst-address=4.4.4.0/24 gateway=7.7.7.2
add dst-address=5.5.5.0/24 gateway=6.6.6.1
add dst-address=5.5.5.0/24 gateway=7.7.7.2
add dst-address=9.9.9.0/24 gateway=6.6.6.1
add dst-address=9.9.9.0/24 gateway=7.7.7.2
Konfigurasi di R4
[admin@R4] > ip route
add dst-address=1.1.1.0/24 gateway=5.5.5.1
add dst-address=1.1.1.0/24 gateway=7.7.7.1
add dst-address=4.4.4.0/24 gateway=5.5.5.1
add dst-address=4.4.4.0/24 gateway=7.7.7.1
add dst-address=6.6.6.0/24 gateway=5.5.5.1
add dst-address=6.6.6.0/24 gateway=7.7.7.1
add dst-address=8.8.8.0/24 gateway=5.5.5.1
add dst-address=8.8.8.0/24 gateway=7.7.7.1
Konfigurasi 3
Karena semua ruter diatas belum bisa konek internet makakita konfigurasi supaya konek dengan internet
R1
[admin@R1] > ip route add gateway=1.1.1.1
[admin@R4] >/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
[admin@R1] > ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
R2
[admin@R2] > ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
[admin@R2] > ip firewall  nat
add action=masquerade chain=srcnat out-interface=ether1
[admin@R2] > ip route add  gateway=4.4.4.1
R3
[admin@R3] >ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
[admin@R3] >ip firewall  nat
add action=masquerade chain=srcnat out-interface=ether1
[admin@R3] >ip route add  gateway=6.6.6.1
R4
[admin@R4] > ip firewall nat
add chain=srcnat out-interface=ether1 action=masquerade
[admin@R4] > ip dns
set allow-remote-requests=yes servers=8.8.8.8
[admin@R4] >ip route add  gateway=5.5.5.1


Konfigurasi 4
gantian sekarang kita berganti ke sisi kanan yaitu mulai di R5




Kita muali dari R5 kita set identity,ip address, dan dhcp server
[admin@MikroTik] > /system identity set name=R5
[admin@R5] > ip address
add address=2.2.2.3/24 interface=ether1
add address=10.10.10.1/24 interface=ether3
add address=11.11.11.1/24 interface=ether2
[admin@R5] > ip dns set servers=8.8.8.8,8.8.4.4
Kemudian kita setup dhcp 2x dan arahkan ke network R6-R7 dan R6-R8 biar Router 6 mengaktifkan dhcp relay

[admin@R5] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 13.13.13.0/24
Select gateway for given network

gateway for dhcp network: 13.13.13.1
If this is remote network, enter address of DHCP relay

There is no such IP network on selected interface
dhcp relay: 13.13.13.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 13.13.13.2-13.13.13.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time
lease time: 3d
Kemudian yang lakukan lagi
[admin@R5] > ip dhcp-server setup
Select interface to run DHCP server on

dhcp server interface: ether2
Select network for DHCP addresses

dhcp address space: 12.12.12.0/24
Select gateway for given network

gateway for dhcp network: 12.12.12.1
If this is remote network, enter address of DHCP relay

There is no such IP network on selected interface
dhcp relay: 12.12.12.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 12.12.12.2-12.12.12.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
Konfigurasi 5
kita konfigurasi ip addaress dan aktifkan dhcp relay jangan lupa set identitynya
admin@MikroTik] > /system identity set name=R6
[admin@R6] > ip address
add address=11.11.11.2/24 interface=ether1
add address=12.12.12.1/24 interface=ether2
add address=13.13.13.1/24 interface=ether3 
kemudian dhcp relay
[admin@R6] > ip dhcp-relay
add dhcp-server=11.11.11.1 disabled=no interface=ether3 local-address=13.13.13.1 name=relay_et3
add dhcp-server=11.11.11.1 disabled=no interface=ether2 local-address=12.12.12.1 name=relay_et2
Konigurasi 6 kita aktifkan
[admin@R7] > ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
[admin@R8] > ip dhcp-client add dhcp-options=hostname,clientid disabled=no interface=ether1 
cek di ip dhcp-client pr
[admin@R7] > ip dhcp-client pr
[admin@R8] >ip dhcp-client pr
sesuai dengan topologi diatas yaitu kita akan bangun bridge di R7 dan R8
R7
[admin@R7] > interface bridge
add name=bridge_r7
[admin@R7] > /interface bridge port
add bridge=bridge_r7 interface=ether2
add bridge=bridge_r7 interface=ether3
R8
[admin@R8] > interface bridge
add name=bridge_r8
[admin@R8] >/interface bridge port
add bridge=bridge_r8 interface=ether2
add bridge=bridge_r8 interface=ether3


jangan lupa beri ip kita akan setup dhcp di bridge tersebut
[admin@R7] > ip address
add address=14.14.14.1/24 interface=bridge_r7 
Sekarang setup dhcp interface bridge

[admin@R7] > ip dhcp-server setup          
Select interface to run DHCP server on

dhcp server interface: bridge_r7
Select network for DHCP addresses

dhcp address space: 14.14.14.0/24
Select gateway for given network

gateway for dhcp network: 14.14.14.1
Select pool of ip addresses given out by DHCP server

addresses to give out: 14.14.14.2-14.14.14.254
Select DNS servers

dns servers: 8.8.8.8
Select lease time

lease time: 3d
Konfigurasi 7
karena router -router belum terhubung maka kali ini kita akan menghubungkannya dengan dynamic routing yaitu ospf
R5
[admin@R5] >/routing ospf  network
add area=backbone network=2.2.2.0/24
add area=backbone network=10.10.10.0/24
add area=backbone network=11.11.11.0/24
R6
[admin@R6] > routing ospf network
add area=backbone network=11.11.11.0/24
add area=backbone network=12.12.12.0/24
add area=backbone network=13.13.13.0/24
R7
[admin@R7] > routing ospf network
add area=backbone network=13.13.13.0/24
add area=backbone network=14.14.14.0/24
R8
[admin@R8] > routing network
add area=backbone network=14.14.14.0/24
add area=backbone network=16.16.16.0/24
Sekarang tambahkan default rute dan dns
R5
[admin@R5] > ip route add gateway=2.2.2.1
[admin@R5] >ip dns set servers=8.8.8.8,8.8.4.4
R6
[admin@R6] > ip route add gateway=11.11.11.1
[admin@R6] >ip dns set servers=8.8.8.8,8.8.4.4
R7
[admin@R7] > ip route add gateway=13.13.13.1
[admin@R7] > ip dns set servers=8.8.8.8,8.8.4.4
R8
[admin@R8] > ip route add gateway=14.14.14.1
[admin@R8] >ip dns set servers=8.8.8.8,8.8.4.4
Konfigurasi 8
kita buat interface eoip dan bridge(portnya eoip dan ether 1)
R1
[admin@R1] > /interface eoip
add name=eoip_ke_r5 remote-address=2.2.2.3 tunnel-id=1
[admin@R1] > interface bridge
add name=bridge_eoip
[admin@R1] >/interface bridge port
add bridge=bridge_eoip interface=eoip_ke_r5
add bridge=bridge_eoip interface=ether1
Sekarang di R5
[admin@R5] > interface eoip
add name=eoip_ke_r1 remote-address=1.1.1.2 tunnel-id=1
jangan lupabridgenya sama seperti yang di atas
[admin@R5] > interface bridge
add name=bridge_eoip
[admin@R5] >/interface bridge port
add bridge=bridge_eoip interface=eoip_ke_r1
add bridge=bridge_eoip interface=ether1
jangan lupa beri IP address
R5
[admin@R5] > ip address
add address=17.17.17.2/24 interface=bridge_eoip
R1
[admin@R1] > ip address
add address=17.17.17.3/24 interface=bridge_eoip
supaya bisa berkomunikasi kita tambahkan static rute di kedua ruter
[admin@R1] >ip route add dst-address=10.10.10.0/24 gateway=17.17.17.3
[admin@R5] > ip route add distance=1 dst-address=3.3.3.0/24 gateway=17.17.17.2
Selanjutnya, kita akan melindungi router R5 dan client dari R8,7,
maka disini kita akan mengatur Firewall Filter
[admin@R5] > ip firewall filter add action=drop chain=input src-address=13.13.13.0/24
[admin@R5] > ip firewall filter add action=accept  chain=input src-address=12.12.12.0/24        
[admin@R5] > ip firewall filter add action=reject   chain=input src-address=15.15.15.0/24 
dan coba lihat di ip firewall filter pr
[admin@R5] > ip firewall filter print 
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=input action=log in-interface=bridge_eoip log=no log-prefix="yang_ngeping_ker5"

 1    chain=input action=drop src-address=13.13.13.0/24 log=no log-prefix=""

 2    chain=input action=accept src-address=12.12.12.0/24 log=no log-prefix=""

 3    chain=input action=reject reject-with=icmp-network-unreachable src-address=15.15.15.0/24 log=no log-prefix=""
Selanjutnya kita lakukan konfigurasi firewall logging untuk mencatat log
siapa saja yang telah melakukan ping ke router kita
[admin@R1] > ip firewall filter
add action=log chain=input log-prefix=yang_ngeping_ker1 protocol=icmp
begitu juga di router 5
[admin@R5] > ip firewall filter
add action=log chain=input in-interface=bridge_eoip log-prefix=yang_ngeping_ker5
Sekian tentang Lab 9 mikrotik seson 1 besok InshaAllah ada lagi, tetap semangat berbagi!!!!!

Artikel Terkait

Superlab Mikrotik mudah Lab9#1
4/ 5
Oleh
Komentar

Berlangganan

Suka dengan artikel di atas? Silakan berlangganan gratis via email

Subscribe to: Post Comments (Atom)