Lab Network Architecture

Lab ini bertujuan untuk menciptakan konektivitas yang handal dengan menerapkan solusi High
Availability (HA) pada jaringan yang terdiri dari perangkat Fortigate, Cisco, dan Mikrotik. Dalam lab ini,
dilakukan berbagai pengujian dan konfigurasi untuk memastikan bahwa koneksi internet tetap dapat
terjaga meskipun beberapa perangkat seperti Firewall, Switch, atau Router mengalami gangguan atau
mati.

Metode yang digunakan dalam lab ini :

· Routing Static: Digunakan untuk konfigurasi rute manual dan memastikan alur lalu lintas dapat
diarahkan secara jelas ke tujuan meskipun ada perangkat yang down.

· Routing Dynamic OSPF: Menggunakan protokol OSPF untuk mendeteksi dan beradaptasi
dengan perubahan topologi jaringan secara otomatis, memberikan redundansi dan pemulihan jalur
secara dinamis.

· Link Aggregation (Etherchannel): Menggabungkan beberapa link fisik menjadi satu channel logis
untuk meningkatkan bandwidth dan ketersediaan koneksi antar perangkat.

Dengan implementasi metode-metode tersebut, lab ini berhasil menunjukkan cara memastikan jaringan
tetap berjalan meskipun ada perangkat yang mengalami down, menjaga konektivitas pengguna ke
internet tanpa gangguan
Topology Network Architecture

Keterangan

No Nama Devices Manufacture

1 ISP-A MikroTik

2 ISP-B MikroTik

3 FW-Main FortiGate

4 FW-Backup FortiGate

5 Mik-1 MikroTik
 6 Mik-2 MikroTik

7 SW-Core-1 Cisco

8 SW-Core-2 Cisco

9 C-1 Cisco

10 C-2 Cisco

Konfigruasi

ISP-A

/interface bridge
add name=bridge1-forti
/interface bridge port
add bridge=bridge1-forti interface=ether2
add bridge=bridge1-forti interface=ether3
add bridge=bridge1-forti interface=ether4
/ip address
add address=10.10.10.1/29 interface=bridge1-forti network=10.10.10.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system identity
set name=ISP-A

ISP-B

/interface bridge
add name=bridge1-forti
/interface bridge port
add bridge=bridge1-forti interface=ether2
add bridge=bridge1-forti interface=ether3
add bridge=bridge1-forti interface=ether4
/ip address
add address=10.10.20.1/29 interface=bridge1-forti network=10.10.20.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system identity
set name=ISB-B

Config Forti-main :

Interface
Zone Port
DNS

Routing to inet
NAT

Static routing

Config Forti-Backup
Interface
DNS

Routing to inet
NAT

Static Routing

SW-Core1 :

Switch>enable
Switch#configure terminal

Switch(config)#interface ethernet 0/0

Switch(config)#no switchport
Switch(config-if)#ip address 10.0.2.2 255.255.255.0
Switch(config-if)#no shutdown

Switch(config)#interface ethernet 0/1

Switch(config)#no switchport
Switch(config-if)#ip address 10.0.0.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config)#interface ethernet 0/2
Switch(config)#no switchport
Switch(config-if)#ip address 10.100.100.1 255.255.255.0
Switch(config-if)#no shutdown

Switch(config)#interface ethernet 0/3

Switch(config)#no switchport
Switch(config-if)#ip address 10.200.0.1 255.255.255.0
Switch(config-if)#no shutdown

Switch(config)#interface ethernet 1/0

Switch(config)#no switchport
Switch(config-if)#ip address 10.200.10.1 255.255.255.0
Switch(config-if)#no shutdown

Switch(config)#end
Switch#write memory

Switch(config)# ip routing

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.1

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.2.1 100

Switch(config)#router ospf 1
Switch(config-router)#router-id 1.1.1.1

Switch(config-router)#network 10.100.100.0 0.0.0.3 area 0

Switch(config-router)#network 10.200.0.0 0.0.0.3 area 0
Switch(config-router)#network 10.200.10.0 0.0.0.3 area 0

Switch#write memory

SW-Core2 :

Switch>enable
Switch#configure terminal

Switch(config)#interface Ethernet0/0
Switch(config)#no switchport
Switch(config-if)#ip address 10.0.1.2 255.255.255.252
Switch(config-if)#no shutdown

Switch(config)#interface Ethernet0/1
Switch(config)#no switchport
Switch(config-if)#ip address 10.0.3.2 255.255.255.252
Switch(config-if)#no shutdown

Switch(config)#interface Ethernet0/2
Switch(config)#no switchport
Switch(config-if)#ip address 10.100.100.2 255.255.255.252
Switch(config-if)#no shutdown

Switch(config)#interface Ethernet0/3
Switch(config)#no switchport
Switch(config-if)#ip address 10.200.20.1 255.255.255.252
Switch(config-if)#no shutdown

Switch(config)#interface Ethernet1/0
Switch(config)#no switchport
Switch(config-if)#ip address 10.200.30.1 255.255.255.252
Switch(config-if)#no shutdown

Switch(config)# ip routing

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.3.1

Switch(config)#ip route 0.0.0.0 0.0.0.0 10.0.1.1 100

Switch(config)#router ospf 1
Switch(config-router)#router-id 2.2.2.2

Switch(config-router)#network 10.100.100.0 0.0.0.3 area 0

Switch(config-router)#network 10.200.0.0 0.0.0.3 area 0
Switch(config-router)#network 10.200.10.0 0.0.0.3 area 0

Switch#write memory

MIK-1

/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1
/routing ospf instance
set [ find default=yes ] router-id=3.3.3.3
add disabled=yes name=ospf1 router-id=3.3.3.3
/ip address
add address=10.200.0.2/30 interface=ether1 network=10.200.0.0
add address=192.168.88.1/30 interface=ether2 network=192.168.88.0
add address=192.168.1.1/24 interface=ether3 network=192.168.1.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/routing ospf network
add area=backbone network=10.200.0.0/30
add area=backbone network=192.168.88.0/30
add area=backbone network=192.168.1.0/24
/system identity
set name=MIK-1

MIK-2

/ip pool
add name=dhcp_pool0 ranges=192.168.2.2-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether3 name=dhcp1
/routing ospf instance
set [ find default=yes ] router-id=4.4.4.4
/ip address
add address=10.200.20.2/30 interface=ether1 network=10.200.20.0
add address=192.168.88.2/30 interface=ether2 network=192.168.88.0
add address=192.168.2.1/24 interface=ether3 network=192.168.2.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2
/routing ospf network
add area=backbone network=10.200.20.0/30
add area=backbone network=192.168.88.0/30
add area=backbone network=192.168.2.0/24
/system identity
set name=MIK-2

C1 :

Router>enable
Router#configure terminal
Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.200.10.2 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 192.168.99.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 192.168.3.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit

Router(config)# ip dhcp pool LAN

Router(dhcp-config)# network 192.168.3.0 255.255.255.0
Router(dhcp-config)# default-router 192.168.3.1
Router(dhcp-config)# dns-server 8.8.8.8
Router(dhcp-config)# exit

Router>enable
Router#configure terminal

Router(config)#router ospf 1
Router(config-router)#router-id 5.5.5.5
Router(config-router)#log-adjacency-changes
Router(config-router)#network 10.200.10.0 0.0.0.3 area 0
Router(config-router)#network 192.168.3.0 0.0.0.255 area 0
Router(config-router)#network 192.168.99.0 0.0.0.3 area 0
Router(config-router)#exit

Router(config)#ip nat inside source route-map NAT1 interface FastEthernet0/0 overload

Router(config)#ip nat inside source route-map NAT2 interface FastEthernet0/1 overload

Router(config)#access-list 1 permit 192.168.3.0 0.0.0.255

Router(config)#route-map NAT1 permit 10
Router(config-route-map)#match ip address 1
Router(config-route-map)#match interface FastEthernet0/0
Router(config-route-map)#exit

Router(config)#route-map NAT2 permit 10

Router(config-route-map)#match ip address 1
Router(config-route-map)#match interface FastEthernet0/1
Router(config-route-map)#exit

Router(config)#exit

C2

Router>enable
Router#configure terminal

Router(config)#interface FastEthernet0/0
Router(config-if)#ip address 10.200.30.2 255.255.255.252
Router(config-if)#no shutdown

Router(config)#interface FastEthernet0/1
Router(config-if)#ip address 192.168.99.2 255.255.255.252
Router(config-if)#no shutdown

Router(config)#interface FastEthernet1/0
Router(config-if)#ip address 192.168.4.1 255.255.255.0
Router(config-if)#no shutdown

Router(config)#exit
Router#write memory

Router>enable
Router#configure terminal

Router(config)#ip dhcp pool LAN

Router(dhcp-config)#network 192.168.4.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.4.1
Router(dhcp-config)#dns-server 8.8.8.8

Router(config)#exit
Router#write memory

Router>enable
Router#configure terminal
Router(config)#router ospf 1
Router(config-router)#router-id 6.6.6.6
Router(config-router)#log-adjacency-changes
Router(config-router)#network 10.200.30.0 0.0.0.3 area 0
Router(config-router)#network 192.168.4.0 0.0.0.255 area 0
Router(config-router)#network 192.168.99.0 0.0.0.3 area 0

Router(config)#ip nat inside source route-map NAT1 interface FastEthernet0/0 overload

Router(config)#ip nat inside source route-map NAT2 interface FastEthernet0/1 overload

Router(config)#access-list 1 permit 192.168.4.0 0.0.0.255

Router(config)#route-map NAT2 permit 10

Router(config-route-map)#match ip address 1
Router(config-route-map)#match interface FastEthernet0/0

Router(config)#route-map NAT1 permit 10

Router(config-route-map)#match ip address 1
Router(config-route-map)#match interface FastEthernet0/1

Router(config)#ip http server

Router(config)#no ip http secure-server

Router(config)#exit
Router#write memory

=========================================================================

PENGUJIAN :

Normal ( semua ISP dalam keadaan hidup )

vpc-m1
trace 8.8.8.8 > mik-1 > sw-core-1 > forti-main > isp-A

vpc-m2
trace 8.8.8.8 > mik-2 > sw-core-2 > forti-backup > isp-B
vpc-c3
trace 8.8.8.8 > c-1 > sw-core-1 > forti-main > isp-A

vpc-c4
trace 8.8.8.8 > c-2 > sw-core-2 > forti-backup > isp-B

ISP-A Down
vpc-m1
trace 8.8.8.8 > mik-1 > sw-core-1 > forti-main > isp-B

vpc-m2
trace 8.8.8.8 > mik-2 > sw-core-2 > forti-backup > isp-B
(default route vpc-m2 melalui ISP-B. Jika ISP-A Down maka vpc-m2 tidak akan terpengaruh )

vpc-c3
trace 8.8.8.8 > c-1 > sw-core-1 > forti-main > isp-B

vpc-c4
trace 8.8.8.8 > c-2 > sw-core-2 > forti-backup > isp-B
(default route vpc-c4 melalui ISP-B. Jika ISP-A Down maka vpc-c4 tidak akan terpengaruh )

ISP-B Down
vpc-m1
trace 8.8.8.8 > mik-1 > sw-coer-1 > forti-main > isp-A
(default route vpc-m1 melalui ISP-1, Jika ISP-B down maka vpc-m1 tidak akan terpengaruh )

vpc-m2
trace 8.8.8.8 > mik-2 > sw-core-2 > forti-backup > isp-A
vpc-c3
trace 8.8.8.8 > c-1 >sw-core-1 > forti-main > isp-A
(default route vpc-c3 melalui ISP-1. Jika ISP-B Down maka VPC-C3 tidak akan terpengaruh )

vpc-c4
trace 8.8.8.8 > c-2 > sw-core-2 > forti-backup > isp-A

Forti-Main Down (link sw-core1 ke arah forti-main down)

vpc-m1
trace 8.8.8.8 > mik-1 > sw-core-1 > sw-core-2 > isp-B

vpc-m2
trace 8.8.8.8 > mik-1 > sw-core-2 > forti-backup > isp-B
( akan tetap lewat ISP-2 krn default lewat ISP-2)

vpc-c3
trace 8.8.8.8 > c-1 > sw-core-1 > forti-backup > isp-B

vpc-c4
trace 8.8.8.8 > c-2 > sw-core2 > forti-backup > isp-B
( akan tetap lewat ISP-2 krn default lewat ISP-2)

Forti-Backup Down (link sw-core2 ke arah forti-backup down)

vpc-m1
trace 8.8.8.8 > sw-core1 > forti-main > isp-A

vpc-m2
trace 8.8.8.8 > sw-core2 > forti-main > isp-A
vpc-c3
trace 8.8.8.8 > C-1 > C-2 > sw-core-2 > forti-main > isp-A

vpc-c4
trace 8.8.8.8 > C-2 > sw-core-2 > forti-main > isp-A

sw-core-1 down (link mik-1 ke arah sw-core1 down)

vpc-m1
trace 8.8.8.8 > mik-1 > mik-2 > sw-core-2 > forti-backup > isp-B

vpc-m2
trace 8.8.8.8 > mik-2 > sw-core-2 > forti-backup > isp-B
vpc-c3
trace 8.8.8.8 > C-1 > C-2 > sw-core-2> forti-backup > isp-B

vpc-c4
trace 8.8.8.8 > C-2 > sw-core-2 > forti-backup > isp-B

sw-core-2 down
vpc-m1
trace 8.8.8.8 > mik-1 > sw-core-1 > forti-main > isp-A

vpc-m2
trace 8.8.8.8 > mik-2 > mik-1 > sw-core-1 > forit-main > isp-A
vpc-c3
trace 8.8.8.8 > C-1 > sw-core-1 > forti-main > isp-A

vpc-4
trace 8.8.8.8 > C-2 > C-1> sw-core-2 > forti-main > isp-A

sw-core-1 | forti-main | isp-b down

vpc-m1
trace 8.8.8.8 > Mik-1 > Mik-2 > sw-core-2 > forti-backup > isp-A

vpc-m2
trace 8.8.8.8 > mik-2 > sw-core-2 > forti-backup > isp-A
vpc-c3
trace 8.8.8.8 > c-1 > c-2 > sw-core-2 > forit-backup> isp-A

vpc-c4
trace 8.8.8.8 > c-2 > sw-core-2 > forti-backup > isp-A

sw-core-2 | forti-backup | isp-a down

vpc-m1
trace 8.8.8.8 > mik-1 > sw-core-1 > forti-main > isp-B

vpc-m2
trace 8.8.8.8 > mik-2 > mik-1 >sw-core-1 > forti-main > isp-B
vpc-c3
trace 8.8.8.8 > c-1 > sw-core-1 > forti-main > isp-B

vpc-c4
trace 8.8.8.8 > c-2 > c-1 > sw-core-1 > forti-main > isp-B

Dari hasil konfigurasi dan pengujian yang telah dilakukan, dapat disimpulkan bahwa tujuan High
Availability pada jaringan yang telah dikonfigurasi telah tercapai dengan baik. Konfigurasi yang
diterapkan diharapkan mampu meminimalkan downtime pada jaringan, sehingga memastikan
ketersediaan koneksi yang stabil dan handal meskipun terjadi gangguan pada perangkat jaringan.

Author : Abi Adrian

Linkedin : https://www.linkedin.com/in/abi-adrian-663513190/