Modul Bridge

44
BRIDGE Divisi Training Departemen Teknik PT UFOAKSES SUKSES LUARBIASA Jakarta [email protected]

description

Bridge Mikrotik

Transcript of Modul Bridge

Page 1: Modul Bridge

BRIDGE

Divisi TrainingDepartemen TeknikPT UFOAKSES SUKSES [email protected]

Page 2: Modul Bridge

Bridge

Mengabungkan 2 atau lebih interfaceMengaktifkan bridge pada 2 buah interface akan menonaktifkan fungsi routing di antara kedua interface tersebut.Proses pada layer data linkSebagian diimplementasikan pada wireless network karena :

Lebih mudah dibuatPerangkat wireless umumnya tidak mendukung routing

Page 3: Modul Bridge

System Bridge

Page 4: Modul Bridge

Bridge Interface

Berikut interface yang dapat di dibridge :Ethernet ( 802.3 )

VLAN − Merupakan bagian dari ethernet atau wiriless int.

− Jangan melakukan bridge sebuah vlan dengan interface induknya

Wireless AP− Untuk Wireless client harus pake WDS

WDSEoIP

Page 5: Modul Bridge

Perhatian

Kita tidak harus memasang ip address pada sebuah bridgeJika kita tidak menonaktifkan bridge pada ip address yang terpasang pada bridge akan invalidBeban trafik pada setiap perangkat akan berat karena terjadi akumulasi trafik.

Page 6: Modul Bridge

Membuat Bridge

Membuat interface bridgeMemasukkan interface ethernet ke interface bridgePastikan ip address berada dalam satu segmen

Page 7: Modul Bridge

Bridge di Winbox

Page 8: Modul Bridge

Assigning Ports to the Bridge

Page 9: Modul Bridge

Port yang dibridge

Page 10: Modul Bridge

Interface sebelum dibridge

Page 11: Modul Bridge

Interface setelah dibridge

Page 12: Modul Bridge

Bridge Monitoring

Page 13: Modul Bridge

Bridge Loop

Jika terdapat dua atau lebih jalur yang berada dalam sebuah network bridge hati2x terjadi bridge loopUntuk itu dipakai STP ( spanning Tree Protokol )

Page 14: Modul Bridge

Spanning Tree Protocol

The Spanning Tree Protocol (STP)− Is defined by IEEE Standard 802.1D− Provides a loop free topology for any bridged LAN− Discovers an optimal spanning tree within the mesh

network and disables the links that are not part of the tree, thus eliminating bridging loops

Page 15: Modul Bridge

STP Action

Page 16: Modul Bridge

STP Root Bridge

Lowest priorityLowest ID (MAC address)Central point of the topologyEach bridge calculates shortest path to the Root Bridge

Page 17: Modul Bridge

Spanning Tree

Page 18: Modul Bridge

Set STP

Page 19: Modul Bridge

Rapid Spanning Tree Protocol

Rapid Spanning Tree Protocol (RSTP)is an evolution of the STPprovides for faster spanning tree convergence after a topology change than STPrstp-bridge-test package is required for the RSTP feature to be available in RouterOS

Page 20: Modul Bridge

RSTP Bridge Port Roles

Lowest priority for looped portsRoot port – a path to the root bridgeAlternative port – backup root portDesignated port – forwarding portBackup port – backup designated port

Page 21: Modul Bridge

Routed Networks vs Bridging

Routers do not forward broadcast framesCommunication loops and their resultant broadcast storms are no longer a design issue in routed networksRedundant media and meshed topologies can offer traffic load sharing and more robust fault tolerance than bridged network topologies

Page 22: Modul Bridge

Bridge Firewall

The bridge firewall implements packet filtering and thereby provides security functions that are used to manage data flow to, from and through bridgeElements of bridge firewall are:− Bridge Filter− Bridge Network Address Translation (NAT)− Bridge Broute

Page 23: Modul Bridge

Bridge Filter

Bridge filter has three predefined chains, input, forward, and outputExample application is filtering broadcast traffic

Page 24: Modul Bridge

Bridge NAT

Memungkinkan kita untuk melakukanpengubahan mac address untuk trafik yang melalui bridge,baik mac address asal maupuntujuanBridge NAT menggunakan ARP Ada 2 buah chain− Src-nat : mengubah mac address asal− Dst-nat : mengubah mac address tujuan

Page 25: Modul Bridge

Bridge Broute

Bridge Broute− makes bridge a brouter - router that performs

routing on some of the packets, and bridging – on others

− has one predefined chain, brouting, which is traversed right after a packet enters an enslaved interface before "Bridging Decision“

For example, IP can be routed, and everything else bridged (IPX)

Page 26: Modul Bridge

Blok Icmp pada bridge

Page 27: Modul Bridge

Bridge filter di winbox

Page 28: Modul Bridge
Page 29: Modul Bridge

Workshop

Page 30: Modul Bridge

Konfigurasi

Pada Router 1 bikin bridge , dan masukkansemua interface ke dalam bridge− Wireless client tidak bisa di bridge gunakan WDS

Pada Router 2 aktifkan web proxyTrafik http dialihkan melalui proxyPada Router 2 laukan redirecting sehingga port 80 dialihkan ke port 8080

Page 31: Modul Bridge

Setting bridge natChain : dstnatInterface ether3 Mac protokol = ip/ip/dst address=0.0.0.0/0 dst-port=80 protocol=tcpAction =dst-natTo mac-address=00:89:00……

Page 32: Modul Bridge

Testing

Apakah ada data yang lewat pada web-proxy ?Apakah ada trafik pada ether3 di router 1 ?

Page 33: Modul Bridge

Bridge Wireless

WDS feature Using EoIP

Page 34: Modul Bridge

Bridge di Wireless

Page 35: Modul Bridge

Create a bridge interface on AP and add ether1 interface to the bridge in WinBox

Page 36: Modul Bridge
Page 37: Modul Bridge

Do the same on the Station, and add ether1, wlan1 interfaces to the bridge in Winbox

Page 38: Modul Bridge

Make sure you have communication between MikroTik routers, i.e., one router is configured as server (AP), the other one as client (station). Configure wireless interface wlan1 on AP in WinBox

Page 39: Modul Bridge

Do the same configuration on Client wireless interface (wlan1) in Winbox

Page 40: Modul Bridge

Create wds interface on AP and add the interface to the bridge in WinBox

Page 41: Modul Bridge

Check whether the WDS link is established in WinBox

Page 42: Modul Bridge

Add IP address on AP in WinBox

Page 43: Modul Bridge

[admin@AP]> ip address add address=10.1.0.215/24 interface=wds-bridge [admin@Station]> ip address add address=10.1.0.216/24 interface=wds-bridge

Page 44: Modul Bridge

NOTE: If not using NAT/MANGLE nor anything doing with conntrack, remember to turn of it at both link ends. In the console: [admin@xx]> ip firewall connection tracking set enabled=no This will help you get the full bandwidth the wireless link can achive freeing the CPU load.