Monday, March 09, 2015

Mengkoneksikan Vlan Cisco dan Mikrotik

Network Cisco and Mikrotik
Simulasi ini, untuk mengecek hubungan antara vlan Switch Cisco dengan Mikrotik. Apakah hubungan mereka baik2 saja, atau gimana... hahaha... Simulasi perangkat dapat dikelompokkan menjadi 3 group berdasarkan vlannya, yaitu :
Perangkat Group 1
IP address
Cisco C3745, interface vlan 1
192.168.11.1/24
PC 1
192.168.11.2/24
Mikrotik vlan 1
192.168.11.254
Server01
192.168.11.253


Perangkat Group 2
IP address
Cisco C3745, interface vlan 2
192.168.22.1/24
PC 2
192.168.22.2/24
Mikrotik vlan 2
192.168.22.254
Server02
192.168.22.253

Perangkat Group 3
IP address
Cisco C3745, interface vlan 3
192.168.33.1/24
PC 3
192.168.33.2/24
Mikrotik vlan 3
192.168.33.254
Server03
192.168.33.253

Tanpa banyak basa basi, langsung ke konfigurasinya.
Switch Cisco.
SWITCH-CISCO#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
SWITCH-CISCO(config)#inter fa1/0
SWITCH-CISCO(config-if)#description ##TRUNK-TO-MIKROTIK##
SWITCH-CISCO(config-if)#switchport mode trunk
SWITCH-CISCO(config-if)#switchport trunk encapsulation dot1q
SWITCH-CISCO(config-if)#switchport trunk allowed vlan all
SWITCH-CISCO(config)#inter fa1/1
SWITCH-CISCO(config-if)#desc ##PORT-VLAN-1##
SWITCH-CISCO(config-if)#switchport mode trunk
SWITCH-CISCO(config-if)#inter fa1/2
SWITCH-CISCO(config-if)#description ##PORT-VLAN-2##
SWITCH-CISCO(config-if)#switchport access vlan 2
SWITCH-CISCO(config-if)#inter fa1/3
SWITCH-CISCO(config-if)#description ##PORT-VLAN-3##
SWITCH-CISCO(config-if)#switchport access vlan 3
SWITCH-CISCO(config-if)#inter vlan 1
SWITCH-CISCO(config-if)#ip address 192.168.11.1 255.255.255.0
SWITCH-CISCO(config-if)#inter vlan 2
SWITCH-CISCO(config-if)#ip address 192.168.11.1 255.255.255.0
SWITCH-CISCO(config-if)#inter vlan 3
SWITCH-CISCO(config-if)#ip address 192.168.11.1 255.255.255.0
SWITCH-CISCO(config-if)#do wr
Building configuration...
[OK]

Mikrotik
Sebelum lanjut, sebagai tambahan informasi, Mikrotik yang digunakan adalah OS Router Mikrotik PC untuk simulasi. Seharusnya yang paling bagus adalah menggunakan routerboard Mikrotik yang punya banyak port, seperti switch manage cisco. Jadi lebih enak dan benar mengkonfigurasinya. Namun, dikarenakan tidak ada routerboard Mikrotik, maka saya tambahkan konfigurasi bridge, sehingga port ke arah user, bisa dikonfigurasi menjadi mode akses.
/interface bridge
add disabled=no name=bridge3
add disabled=no name=bridge2
add disabled=no name=bridge1

/interface ethernet
set 0 arp=enabled auto-negotiation=yes cable-settings=default \
    disable-running-check=yes disabled=no full-duplex=yes name=ether1
set 1 arp=enabled auto-negotiation=yes cable-settings=default \
    disable-running-check=yes disabled=no full-duplex=yes name=ether2
set 2 arp=enabled auto-negotiation=yes cable-settings=default \
    disable-running-check=yes disabled=no full-duplex=yes name=ether3
set 3 arp=enabled auto-negotiation=yes cable-settings=default \
    disable-running-check=yes disabled=no full-duplex=yes name=ether4

/interface vlan
add arp=enabled disabled=no interface=ether4 name=vlan1 vlan-id=1
add arp=enabled disabled=no interface=ether4 name=vlan2 vlan-id=2
add arp=enabled disabled=no interface=ether4 name=vlan3 vlan-id=3

/interface bridge port
add bridge=bridge3 disabled=no interface=ether3
add bridge=bridge3 disabled=no interface=vlan3
add bridge=bridge2 disabled=no interface=ether2
add bridge=bridge2 disabled=no interface=vlan2
add bridge=bridge1 disabled=no interface=ether1
add bridge=bridge1 disabled=no interface=vlan1
/ip address
add address=192.168.11.254/24 disabled=no interface=vlan1 network=\
    192.168.11.0
add address=192.168.22.254/24 disabled=no interface=vlan2 network=\
    192.168.22.0
add address=192.168.33.254/24 disabled=no interface=vlan3 network=\
    192.168.33.0

PC 1, PC 2 dan PC 3
PC1> ip 192.168.11.2/24 192.168.11.1
Checking for duplicate address...
PC1 : 192.168.11.2 255.255.255.0 gateway 192.168.11.1

PC2> ip 192.168.22.2/24 192.168.22.1
Checking for duplicate address...
PC1 : 192.168.22.2 255.255.255.0 gateway 192.168.22.1

PC3> ip 192.168.33.2/24 192.168.33.1
Checking for duplicate address...
PC1 : 192.168.33.2 255.255.255.0 gateway 192.168.33.1

Server01, Server02, dan Server03
SERV-1> ip 192.168.11.253/24 192.168.11.1
Checking for duplicate address...
PC1 : 192.168.11.253 255.255.255.0 gateway 192.168.11.1

SERV-2> ip 192.168.22.253/24 192.168.22.1
Checking for duplicate address...
PC1 : 192.168.22.253 255.255.255.0 gateway 192.168.22.1

SERV-3> ip 192.168.33.253/24 192.168.33.1
Checking for duplicate address...
PC1 : 192.168.33.253 255.255.255.0 gateway 192.168.33.1

Test ping, mulai dari PC 3 dulu... Melakukan test ping berturut-turut ke arah gateway (router cisco), mikrotik dan ke arah server.
PC3> ping 192.168.33.1
84 bytes from 192.168.33.1 icmp_seq=1 ttl=255 time=9.001 ms
84 bytes from 192.168.33.1 icmp_seq=2 ttl=255 time=20.002 ms
84 bytes from 192.168.33.1 icmp_seq=3 ttl=255 time=25.503 ms
84 bytes from 192.168.33.1 icmp_seq=4 ttl=255 time=13.502 ms
84 bytes from 192.168.33.1 icmp_seq=5 ttl=255 time=31.504 ms

PC3> ping 192.168.33.254
84 bytes from 192.168.33.254 icmp_seq=1 ttl=64 time=1.500 ms
84 bytes from 192.168.33.254 icmp_seq=2 ttl=64 time=1.000 ms
84 bytes from 192.168.33.254 icmp_seq=3 ttl=64 time=1.000 ms
84 bytes from 192.168.33.254 icmp_seq=4 ttl=64 time=0.500 ms
84 bytes from 192.168.33.254 icmp_seq=5 ttl=64 time=1.501 ms

PC3> ping 192.168.33.253
84 bytes from 192.168.33.253 icmp_seq=1 ttl=64 time=0.500 ms
84 bytes from 192.168.33.253 icmp_seq=2 ttl=64 time=1.000 ms
84 bytes from 192.168.33.253 icmp_seq=3 ttl=64 time=1.500 ms
84 bytes from 192.168.33.253 icmp_seq=4 ttl=64 time=1.500 ms
84 bytes from 192.168.33.253 icmp_seq=5 ttl=64 time=1.000 ms

Bisa reply semuanya. Artinya berhasil. Lanjut ping dari PC2 ke arah gateway (router cisco), mikrotik dan ke arah server.
PC2> ping 192.168.22.1
84 bytes from 192.168.22.1 icmp_seq=1 ttl=255 time=19.503 ms
84 bytes from 192.168.22.1 icmp_seq=2 ttl=255 time=33.504 ms
84 bytes from 192.168.22.1 icmp_seq=3 ttl=255 time=24.503 ms
84 bytes from 192.168.22.1 icmp_seq=4 ttl=255 time=21.503 ms
84 bytes from 192.168.22.1 icmp_seq=5 ttl=255 time=25.503 ms

PC2> ping 192.168.22.254
84 bytes from 192.168.22.254 icmp_seq=1 ttl=64 time=1.001 ms
84 bytes from 192.168.22.254 icmp_seq=2 ttl=64 time=1.000 ms
84 bytes from 192.168.22.254 icmp_seq=3 ttl=64 time=1.000 ms
84 bytes from 192.168.22.254 icmp_seq=4 ttl=64 time=1.000 ms
84 bytes from 192.168.22.254 icmp_seq=5 ttl=64 time=1.000 ms

PC2> ping 192.168.22.253
84 bytes from 192.168.22.253 icmp_seq=1 ttl=64 time=1.000 ms
84 bytes from 192.168.22.253 icmp_seq=2 ttl=64 time=1.000 ms
84 bytes from 192.168.22.253 icmp_seq=3 ttl=64 time=1.001 ms
84 bytes from 192.168.22.253 icmp_seq=4 ttl=64 time=1.000 ms
84 bytes from 192.168.22.253 icmp_seq=5 ttl=64 time=1.500 ms

Lanjut ping dari PC1 ke arah gateway (router cisco), mikrotik dan ke arah server.
PC1> ping 192.168.11.1
84 bytes from 192.168.11.1 icmp_seq=1 ttl=255 time=19.503 ms
84 bytes from 192.168.11.1 icmp_seq=2 ttl=255 time=19.502 ms
84 bytes from 192.168.11.1 icmp_seq=3 ttl=255 time=30.004 ms
84 bytes from 192.168.11.1 icmp_seq=4 ttl=255 time=29.004 ms
84 bytes from 192.168.11.1 icmp_seq=5 ttl=255 time=50.506 ms

PC1> ping 192.168.11.254
host (192.168.11.254) not reachable

PC1> ping 192.168.11.253
host (192.168.11.253) not reachable

Nah, apa yang terjadi ?? Ping ke arah router Mikrotik dan Server tidak bisa. Sepertinya vlan 1 cisco tidak bisa connect dengan vlan 1 mikrotik. Tidak supportkah untuk vlan 1-nya...? Tapi vlan lainnya bisa connect melalui trunk. Jika anda mengerti tentang persoalan ini, silahkan berkomentar. Thanks.

Note :
Untuk security, Cisco merekomendasikan untuk menghindari penggunaan vlan 1 (Default Vlan) sebagai jalur data. Dengan kata lain jangan mengkonfigurasi ip address di vlan 1. CMIIW.
By di
Label: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)