Topology
ISP-1 : 202.202.202.2 /30
Mask : 255.255.255.252
DNS 1 : 1.1.1.1
DNS 2 : 2.2.2.2
ISP-2 : 172.172.172.2 /30
Mask : 255.255.255.252
DNS 1 : 3.3.3.3
DNS 2 : 4.4.4.4
Mikrotik :
Ether 1 : 202.202.202.1 /30 (ISP-1)
Ether 2 : 172.172.172.1 /30 (ISP-2)
Ether 3 : 192.168.200.1 /24 (Local)
Jumlah Komputer Internet:
50 pc -->Network: 192.168.200.0/26 (192.168.200.1 - 192.168.200.63 Netmask: 255.255.255.192)
Jumlah Komputer Games:
50 pc -->
Network: 192.168.200.64/26 (192.168.200.65 - 192.168.200.128 Netmask: 255.255.255.192)
Langkah-langkah:
-------------------------------------------------------------------------------------------------------------------
1. Beri nama Interfaces Ether1-3 di [Interfaces]
Command Via Terminal:
/interface set ether1 name = ISP-2
/interface set ether2 name = ISP-1
/interface set ether3 name = Local
-------------------------------------------------------------------------------------------------------------------
2. Beri IP Address untuk masing-masing ethernet. [Ip - Interfaces]
Command Via Terminal :
/ip address add address=192.168.200.1/24 interface=ISP-2
/ip address add address=202.202.202.1/30 interface=ISP-1
/ip address add address=172.172.172.1/30 interface=Local
-------------------------------------------------------------------------------------------------------------------
3. Buat rule di [IP – Firewall - Mangle]:
chain=prerouting src-address=192.168.200.0/26 action=mark-routing new-routing-mark=Internet
"untuk menandai paket yang berasal dari 192.168.200.0/26 dengan nama=Internet"
chain=prerouting src-address=192.168.200.64/26 action=mark-routing new-routing-mark=Games
"untuk menandai paket yang berasal dari 192.168.200.64/26 dengan nama=Games"
Command Via Terminal:
/ip firewall mangle add chain=prerouting src-address=192.168.200.0/26 \
action=mark-routing new-routing-mark=Internet
/ip firewall mangle add chain=prerouting src-address=192.168.200.64/26 \
action=mark-routing new-routing-mark=Games
-------------------------------------------------------------------------------------------------------------------
4. Set Gateway untuk masing-masing network. [IP - Route]
Command Via Terminal :
/ip route add gateway=192.168.200.2 dst-address=0.0.0.0/0 routing-mark=Internet
/ip route add gateway=202.202.202.2 dst-address=0.0.0.0/0 routing-mark=Games
-------------------------------------------------------------------------------------------------------------------
5. Buat rule nat-masquerade untuk network 192.168.200.0/24 [IP - Firewall - Nat]
Command Via Terminal :
/ip firewall nat add chain=srcnat src-address=192.168.200.0/24 action=masquerade
-------------------------------------------------------------------------------------------------------------------
6. Buat script untuk melakukan cek gw dengan tools netwatch
Command Via Terminal :
/system script add name=check-gw source={
:local R1
:local R2
:if ([/tool netwatch get R1 status]=up) do={:set R1 172.172.172.2}
:if ([/tool netwatch get R2 status]=up) do={:set R2 202.202.202.2}
/ip route set [/ip route find dst-address=0.0.0.0/0] \
gateway=($R1 . , . $R2)
}
/tool netwatch add comment=R1 host=172.172.172.2 interval=5s up-script=check-gw \
down-script=check-gw
/tool netwatch add comment=R2 host=202.202.202.2 interval=5s up-script=check-gw \
down-script=check-gw
-------------------------------------------------------------------------------------------------------------------
Setting di Mikrotik sudah selesai.
Berikutnya, isikan IP address untuk tiap User/client Internet dengan IP Address mulai dari:
92.168.200.2 sampai 192.168.200.63.
Gunakan Netmask 255.255.255.192 agar workgroup terpisah dengan Games.
Jangan lupa berikan IP DNS ISP-2 di network-properties client Internet sesuai
DNS ISP di atas (3.3.3.3 dan 4.4.4.4).
Gateway diarahkan ke: 192.168.200.1.
Untuk User/ Client Games isikan IP Address mulai dari: 192.168.200.65
sampai dengan 192.168.200.128.
Gunakan juga Netmask 255.255.255.192 jika menginginkan workgroup yang terpisah
dengan Client untuk Internet.
Berikan IP DNS ISP-1 (1.1.1.1 dan 2.2.2.2) di network-propertiesnya.
Gateway diisikan dengan 192.168.200.1.
Selamat mencoba...
Sekian.
Semoga bermanfaat.
Salam
Merah Putih Segoroasat
Thanks
Tidak ada komentar :
Posting Komentar