Scribd
Upload
61 views29 pages

Superlab Network Infrastructure: Deva Andriansyah

Network

Uploaded by

mariem jridi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views29 pages

Superlab Network Infrastructure: Deva Andriansyah

Network

Uploaded by

mariem jridi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

SUPERLAB

Network Infrastructure

Deva Andriansyah
Topologi :
Keterangan :

Nama
NO Devices Brand Interface IP Address Keterangan
ether1 DHCP To Internet
1 ISP-A MikroTIK ether2 (bridge) To FW-Main
10.10.10.1/29
ether3 (bridge) To FW-Sec
ether1 DHCP To Internet
2 ISP-B MikroTIK ether2 (bridge) To FW-Sec
10.10.20.1/29
ether3 (bridge) To FW-Main
Port1 10.10.10.2/29 To ISP-A
Port2 10.10.20.2/29 To ISP-B
Port3 (LAG)
3 FW-Main Fortinet 10.200.200.1/30 To FW-Sec
Port4 (LAG)
Port5 10.0.0.1/30 To CORE-1
Port6 10.0.1.1/30 To CORE-2
Port1 10.10.10.3/29 To ISP-A
Port2 10.10.20.3/29 To ISP-B
Port3 (LAG)
4 FW-Sec Fortinet 10.200.200.2/30 To FW-Main
Port4 (LAG)
Port5 10.0.2.1/30 To CORE-1
Port6 10.0.3.1/30 To CORE-2
GE 1/0/0 10.0.0.2/30 To FW-Main
GE 1/0/1 10.0.1.2/30 To FW-Sec
5 CORE-1 Huawei GE 1/0/2 10.100.100.1/30 To CORE-2
GE 1/0/3 10.200.0.1/30 To M1
GE 1/0/4 10.200.10.1/30 To C1
GE 1/0/0 10.0.1.2/30 To FW-Main
GE 1/0/1 10.0.3.2/30 To FW-Sec
6 CORE-2 Huawei GE 1/0/2 10.100.100.2/30 To CORE-2
GE 1/0/3 10.200.20.1/30 To M2
GE 1/0/4 10.200.30.1/30 To C2
ether1 10.200.0.2/30 To CORE-1
7 M1 MikroTIK ether2 192.168.88.1/30 To M2
ether3 192.168.1.1/24 To PC1
ether1 10.200.20.2/30 To CORE-2
8 M2 MikroTIK ether2 192.168.88.2/30 To M1
ether3 192.168.2.1/24 To PC2
Ethernet0/0 10.200.10.2/30 To CORE-1
9 C1 Cisco Ethernet0/1 192.168.99.1/30 To C2
Ethernet0/2 192.168.3.1/24 To PC3
Ethernet0/0 10.200.30.2/30 To CORE-2
10 C2 Cisco Ethernet0/1 192.168.99.2/30 To C1
Ethernet0/2 192.168.4.1/24 To PC4
11 PC1 VPCS port1 DHCP To M1
12 PC2 VPCS port1 DHCP To M2
13 PC3 VPCS port1 DHCP To C1
14 PC4 VPCS port1 DHCP To C2

Konfigurasi :

1. Mikrotik (ISP-A)

[admin@MikroTIK] > system identity set name=ISP-A


[admin@ISP-A] > ip dhcp-client add interface=ether1 disabled=no
[admin@ISP-A] > interface bride add name=bridge
[admin@ISP-A] > interface bride port add bride=bridge interface=ether2
[admin@ISP-A] > interface bride port add bride=bridge interface=ether3
[admin@ISP-A] > ip address add address=10.10.10.1/29 interface=bridge
[admin@ISP-A] > ip dns set server=8.8.8.8 alow-remote-request=yes
[admin@ISP-A] > ip firewall nat add chain=srcnat out-interface=ether1
action=masquarade

2. Mikrotik (ISP-B)

[admin@MikroTIK] > system identity set name=ISP-A


[admin@ISP-B] > ip dhcp-client add interface=ether1 disabled=no
[admin@ISP-B] > interface bride add name=bridge
[admin@ISP-B] > interface bride port add bride=bridge interface=ether2
[admin@ISP-B] > interface bride port add bride=bridge interface=ether3
[admin@ISP-B] > ip address add address=10.10.20.1/29 interface=bridge
[admin@ISP-B] > ip dns set server=8.8.8.8 alow-remote-request=yes
[admin@ISP-B] > ip firewall nat add chain=srcnat out-interface=ether1
action=masquarade
Tabel ip address

Tabel Routing

Akses Internet
3. Fortinet (FW-Main)

Konfigurasi Hostname dan IP address


DNS Setting

Default Route ke internet


NAT

Routing Static
4. Fortinet (FW-Sec)

Hostname

IP Address
DNS setting
Default Route ke internet

NAT
Routing Static

5. Huawei (CORE-1)

Hostname dan IP Address

<Huawei>system-view
[Huawei]sysname CORE-1
[CORE-1]interface GE 1/0/0
[CORE-1-GE1/0/0]undo portswitch
[CORE-1-GE1/0/0]description to FW MAIN
[CORE-1-GE1/0/0]ip address 10.0.0.2 30
[CORE-1-GE1/0/0]interface GE 1/0/1
[CORE-1-GE1/0/1]undo portswitch
[CORE-1-GE1/0/1]description to FW Sec
[CORE-1-GE1/0/1]ip address 10.0.2.2 30
[CORE-1-GE1/0/1]interface GE 1/0/2
[CORE-1-GE1/0/2]undo portswitch
[CORE-1-GE1/0/2]description to CE-2
[CORE-1-GE1/0/2]ip address 10.100.100.1 30
[CORE-1-GE1/0/2]interface GE 1/0/3
[CORE-1-GE1/0/3]undo portswitch
[CORE-1-GE1/0/3]description to M1
[CORE-1-GE1/0/3]ip address 10.200.0.1 30
[CORE-1-GE1/0/3]interface GE 1/0/4
[CORE-1-GE1/0/4]undo portswitch
[CORE-1-GE1/0/4]description to C1
[CORE-1-GE1/0/4]ip address 10.200.10.1 30
[CORE-1-GE1/0/4]quit
Default route ke internet
[CORE-1]ip route-static 0.0.0.0 0.0.0.0 10.0.0.1
[CORE-1]ip route-static 0.0.0.0 0.0.0.0 10.0.2.1 preference 100

OSPF
[CORE-1]ospf router-id 0.0.0.1
[CORE-1-ospf-1]area 0.0.0.0
[CORE-1-ospf-1-area-0.0.0.0] network 10.100.100.0 0.0.0.3
[CORE-1-ospf-1-area-0.0.0.0] network 10.200.0.0 0.0.0.3
[CORE-1-ospf-1-area-0.0.0.0] network 10.200.10.0 0.0.0.3
[CORE-1-ospf-1-area-0.0.0.0] quit

OSPF to Default Route


[CORE-1-ospf-1]default-route-advertise always

6. Huawei (CORE-2)

Hostname dan IP Address

<Huawei>system-view
[Huawei]sysname CORE-2
[CORE-2]interface GE 1/0/0
[CORE-2-GE1/0/0]undo portswitch
[CORE-2-GE1/0/0]description to FW MAIN
[CORE-2-GE1/0/0]ip address 10.0.1.2 30
[CORE-2-GE1/0/0]interface GE 1/0/1
[CORE-2-GE1/0/1]undo portswitch
[CORE-2-GE1/0/1]description to FW Sec
[CORE-2-GE1/0/1]ip address 10.0.3.2 30
[CORE-2-GE1/0/1]interface GE 1/0/2
[CORE-2-GE1/0/2]undo portswitch
[CORE-2-GE1/0/2]description to CE-2
[CORE-2-GE1/0/2]ip address 10.100.100.2 30
[CORE-2-GE1/0/2]interface GE 1/0/3
[CORE-2-GE1/0/3]undo portswitch
[CORE-2-GE1/0/3]description to M2
[CORE-2-GE1/0/3]ip address 10.200.20.1 30
[CORE-2-GE1/0/3]interface GE 1/0/4
[CORE-2-GE1/0/4]undo portswitch
[CORE-2-GE1/0/4]description to C2
[CORE-2-GE1/0/4]ip address 10.200.30.1 30
[CORE-2-GE1/0/4]quit
Default route ke internet
[CORE-2]ip route-static 0.0.0.0 0.0.0.0 10.0.3.1
[CORE-2]ip route-static 0.0.0.0 0.0.0.0 10.0.1.1 preference 100

OSPF
[CORE-2]ospf router-id 0.0.0.2
[CORE-2-ospf-1]area 0.0.0.0
[CORE-2-ospf-1-area-0.0.0.0] network 10.100.100.0 0.0.0.3
[CORE-2-ospf-1-area-0.0.0.0] network 10.200.0.0 0.0.0.3
[CORE-2-ospf-1-area-0.0.0.0] network 10.200.10.0 0.0.0.3
[CORE-2-ospf-1-area-0.0.0.0] quit

OSPF to Default Route

[CORE-2-ospf-1]default-route-advertise always

7. MikroTIK (M1)

Hostname dan IP Address


[admin@MikroTik] > system identity set name=M1
[admin@M1] > ip address add address=10.200.0.2/30 interface=ether1
[admin@M1] > ip address add address=192.168.88.1/30 interface=ether2
[admin@M1] > ip address add address=192.168.1.1/24 interface=ether3

DNS
[admin@M1] > ip dns set servers=8.8.8.8 allow-remote-requests=yes

NAT
[admin@M1] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@M1] > ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

OSPF
[admin@M1] > routing ospf instance set router-id=0.0.0.3 numbers=0
[admin@M1] > routing ospf network add network=10.200.0.0/30 area=backbone
[admin@M1] > routing ospf network add network=192.168.88.0/30 area=backbone
[admin@M1] > routing ospf network add network=192.168.1.0/24 area=backbone

DHCP
[admin@M1] > ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether3
8. MikroTIK (M2)

Hostname dan IP Address


[admin@MikroTik] > system identity set name=M2
[admin@M2] > ip address add address=10.200.10.2/30 interface=ether1
[admin@M2] > ip address add address=192.168.88.2/30 interface=ether2
[admin@M2] > ip address add address=192.168.2.1/24 interface=ether3

DNS
[admin@M2] > ip dns set servers=8.8.8.8 allow-remote-requests=yes

NAT
[admin@M2] > ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
[admin@M2] > ip firewall nat add chain=srcnat out-interface=ether2 action=masquerade

OSPF
[admin@M2] > routing ospf instance set router-id=0.0.0.4 numbers=0
[admin@M2] > routing ospf network add network=10.200.10.0/30 area=backbone
[admin@M2] > routing ospf network add network=192.168.88.0/30 area=backbone
[admin@M2] > routing ospf network add network=192.168.2.0/24 area=backbone

DHCP
[admin@M2] > ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: ether3

9. CISCO (C1)

Hostname dan IP Address


Router>en
Router#conf
Router(config)#hostname C1
C1(config)#interface ethernet 0/0
C1(config-if)#no shutdown
C1(config-if)#description To CORE-1
C1(config-if)#ip address 10.200.10.2 255.255.255.252
C1(config-if)#interface ethernet 0/1
C1(config-if)#no shutdown
C1(config-if)#description To C2
C1(config-if)#ip address 192.168.99.1 255.255.255.252
C1(config-if)#interface ethernet 0/2
C1(config-if)#no shutdown
C1(config-if)#description To PC3
C1(config-if)#ip address 192.168.3.1 255.255.255.0
C1(config-if)#exit

OSPF
C1(config)#router ospf 1
C1(config-router)#router-id 0.0.0.5
C1(config-router)#network 10.200.10.0 0.0.0.3 area 0
C1(config-router)#network 192.168.99.0 0.0.0.3 area 0
C1(config-router)#network 192.168.3.0 0.0.0.255 area 0

NAT
C1(config)#access-list 1 permit 192.168.3.0 0.0.0.255
C1(config)#route-map NAT1 permit 10
C1(config-route-map)#match ip address 1
C1(config-route-map)#match interface ethernet 0/0
C1(config-route-map)#route-map NAT2 permit 10
C1(config-route-map)#match ip address 1
C1(config-route-map)#match interface ethernet 0/1
C1(config-route-map)#exit

C1(config)#ip nat inside source route-map NAT1 interface ethernet 0/0 overload
C1(config)#ip nat inside source route-map NAT2 interface ethernet 0/1 overload

DHCP Server
C1(config)#ip dhcp pool LAN
C1(dhcp-config)#default-router 192.168.3.1
C1(dhcp-config)#network 192.168.3.0 255.255.255.0
C1(dhcp-config)#dns-server 8.8.8.8
C1(dhcp-config)#end

10. CISCO (C2)

Hostname dan IP Address


Router>en
Router#conf
Router(config)#hostname C2
C2(config)#interface ethernet 0/0
C2(config-if)#no shutdown
C2(config-if)#description To CORE-2
C2(config-if)#ip address 10.200.30.2 255.255.255.252
C2(config-if)#interface ethernet 0/1
C2(config-if)#no shutdown
C2(config-if)#description To C1
C2(config-if)#ip address 192.168.99.2 255.255.255.252
C2(config-if)#interface ethernet 0/2
C2(config-if)#no shutdown
C2(config-if)#description To PC4
C2(config-if)#ip address 192.168.4.1 255.255.255.0
C2(config-if)#exit

OSPF
C2(config)#router ospf 1
C2(config-router)#router-id 0.0.0.6
C2(config-router)#network 10.200.30.0 0.0.0.3 area 0
C2(config-router)#network 192.168.99.0 0.0.0.3 area 0
C2(config-router)#network 192.168.4.0 0.0.0.255 area 0

NAT
C2(config)#access-list 1 permit 192.168.4.0 0.0.0.255
C2(config)#route-map NAT1 permit 10
C2(config-route-map)#match ip address 1
C2(config-route-map)#match interface ethernet 0/0
C2(config-route-map)#route-map NAT2 permit 10
C2(config-route-map)#match ip address 1
C2(config-route-map)#match interface ethernet 0/1
C2(config-route-map)#exit
C2(config)#ip nat inside source route-map NAT1 interface ethernet 0/0 overload
C2(config)#ip nat inside source route-map NAT2 interface ethernet 0/1 overload

DHCP Server
C2(config)#ip dhcp pool LAN
C2(dhcp-config)#default-router 192.168.4.1
C2(dhcp-config)#network 192.168.4.0 255.255.255.0
C2(dhcp-config)#dns-server 8.8.8.8
C2(dhcp-config)#end
Pengujian :

Dari konfigurasi diatas diharapkan ketika CORE-1 atau CORE-2 down adalah

1. PC1 akses internet menggunakan ISP-A melalui rute M1 → CORE-1 → FW-Main →


ISP-A.

Jika link dari M1 ke CORE-1 down maka traffic internet akan berubah ke M1→ M2
– > CORE-2 → FW-Sec → ISP-B.
2. PC1 akses internet menggunakan ISP-A melalui rute M2 → CORE-2 → FW-Sec →
ISP-B.

Jika link dari M2 ke CORE-2 down maka traffic internet akan berubah ke M2→ M1
– > CORE-1 → FW-Main → ISP-A.
3. PC3 akses internet menggunakan ISP-A melalui rute C1 → CORE-1 → FW-Main →
ISP-A.

Jika link dari C1 ke CORE-1 down maka traffic internet akan berubah ke C1→ C2
– > CORE-2 → FW-Sec → ISP-B.
4. PC4 akses internet menggunakan ISP-B melalui rute C2 → CORE-2 → FW-Sec →
ISP-B.

Jika link dari C2 ke CORE-2 down maka traffic internet akan berubah ke C2→ C1
– > CORE-1 → FW-Main → ISP-A.
Ketika FW-Main atau FW-Sec down adalah

1. CORE-1, untuk akses internet melalui Fortinet-Sec.

2. CORE-2, M2 dan C2 akan tetap menggunakan Fortinet-Sec dan ISP-B untuk ke internet.
3. M1 dan C1 akan menggunakan ISP-B untuk akses internet nya.
Ketika FW-Main atau FW-Sec down yang diharapkan adalah

1. CORE-1, M1 dan C1 akan tetap menggunakan ISP-A sebagai jalur internet nya.
2. CORE-2, M2 dan C2 akan menggunakan ISP-A untuk akses internet.
Ketika Link ke ISP- A down.

1. FW-Main dan CORE-1 akan menggunakan ISP-B


2. M2 dan C2 akan menggunakan ISP-B untuk akses internet akan tetapi tetap melalui
CORE-1dan FW-Main.

Untuk CORE-2, M2 dan C2 tidak ada perubahan jalur karena secara default akan
menggunakan Link ISP-B untuk ke internet.

Ketika Link ke ISP- B down.


Untuk FW-Main, CORE-1, M1 dan C1 tidak ada perubahan jalur sama sekali, untuk akses
internet secara default sudah mengguankan Link ISP-A.

Berbeda hal nya dengan FW-Sec, CORE-2, M2 dan C2. Akan menggunakan ISP-A untuk akses
internet nya karena secara default sebelumnya adalah ISP-B. Untuk M2 dan C2 tidak ada
perubahan jalur sebelum ke intenet akan melewati FW-Sec dan CORE-2.
Dari hasil konfigurasi dan pengujian di atas tadi bisa ditarik kesimpulan tercapai nya High
Avaibility pada jaringan yang sudah teconfig. Diharapkan konfigurasi mampu meminimalisir
downtime pada jaringan.

Author : Deva Andriansyah


Linkedln : Deva Andriansyah

You might also like