Konfigurasi VLAN Swith Managed + Mikrotik + Fail Over (Recursive)
Asumsi Vlan di SW Managed sudah dibuat Vlan 20, 30, 99 100. Swith Managed yg digunakan HP 1820 8 Port
Topologi
1. Eth 1 Mikrotik -> Eth 5 SW Managed (ISP)
2. Eth 2 Mikrotik -> Eth 2 SW Managed (IP Local)
1a. Buat Vlan 99 & 100 Interface Eth 1
2a. Buat Vlan 20 & 30 Interface Eth 2
2b. Setting SW Managed
- Vlan 20 tagged port 2
- Untagged port 3
- Vlan 30 tagged port 2
- Untagged port 4
- Vlan 99 tagged port 5
- Untagged port 6
- Vlan 99 tagged port 5
- Untagged port 7
3a. Setting Mikrotik
- /interface list add name=local - /interface list member add interface=vlan1 list=local add interface=vlan2 list=local - /ip address
add address=192.168.99.1/27 interface=vlan99 network=192.168.99.0
add address=192.168.100.1/27 interface=vlan100 network=192.168.100.0
add address=192.168.40.1/24 interface=vlan1 network=192.168.40.0
add address=192.168.42.1/24 interface=vlan2 network=192.168.42.0
- /ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan99 src-address-list=to_ISP-A
add action=masquerade chain=srcnat out-interface=vlan100 src-address-list=to_ISP-B
add action=masquerade chain=srcnat out-interface=vlan99 src-address-list=local
add action=masquerade chain=srcnat out-interface=vlan100 src-address-list=local
add action=src-nat chain=srcnat comment="One by One Interface No Recomended" disabled=yes out-interface-list=local src-address-list=local \ to-addresses=192.168.40.1
add action=src-nat chain=srcnat disabled=yes out-interface-list=local src-address-list=local to-addresses=192.168.42.1
add action=masquerade chain=srcnat comment=Ok dst-address-list=local out-interface-list=local src-address-list=local . agar bisa saling komunikasi antar jaringan local
- /ip firewall mangle
add action=accept chain=prerouting dst-address-list=local src-address-list=local . agar bisa saling komunikasi antar jaringan local
add action=mark-routing chain=prerouting new-routing-mark=Link_ISP-A passthrough=yes src-address-list=to_ISP-A
add action=mark-routing chain=prerouting new-routing-mark=Link_ISP-B passthrough=yes src-address-list=to_ISP-B
add action=mark-connection chain=prerouting disabled=yes dst-address-list=ping.eu new-connection-mark=to-ping.eu passthrough=yes src-address=192.168.40.253
add action=mark-routing chain=prerouting connection-mark=to-ping.eu disabled=yes new-routing-mark=Link_ISP-B passthrough=no
- /ip firewall address-list
add address=192.168.40.0/24 list=to_ISP-A
add address=192.168.42.0/24 list=to_ISP-B
add address=192.168.40.0/24 list=local
add address=192.168.42.0/24 list=local
add address=ping.eu list=ping.eu
- /ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=Link_ISP-A target-scope=30
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=Link_ISP-B target-scope=30
add comment="backup-From Link-A" distance=2 gateway=10.3.4.1
add comment="backup-From Link-B" distance=2 gateway=192.168.137.1
add check-gateway=ping distance=1 dst-address=8.8.4.4/32 gateway=192.168.137.1
add check-gateway=ping distance=1 dst-address=8.8.8.8/32 gateway=10.3.4.1
Konfigurasi ini bisa memisahkan trafik, IP Local yg harusnya menggunakan ISP_A tp diarahkan ke ISP_B
add action=mark-connection chain=prerouting disabled=yes dst-address-list=ping.eu new-connection-mark=to-ping.eu passthrough=yes src-address=192.168.40.253
add action=mark-routing chain=prerouting connection-mark=to-ping.eu disabled=yes new-routing-mark=Link_ISP-B passthrough=no
Topologi
2. Eth 2 Mikrotik -> Eth 2 SW Managed (IP Local)
1a. Buat Vlan 99 & 100 Interface Eth 1
2a. Buat Vlan 20 & 30 Interface Eth 2
2b. Setting SW Managed
- Vlan 20 tagged port 2
- Untagged port 3
- Vlan 30 tagged port 2
- Untagged port 4
- Vlan 99 tagged port 5
- Untagged port 6
- Vlan 99 tagged port 5
- Untagged port 7
3a. Setting Mikrotik
- /interface list add name=local - /interface list member add interface=vlan1 list=local add interface=vlan2 list=local - /ip address
add address=192.168.99.1/27 interface=vlan99 network=192.168.99.0
add address=192.168.100.1/27 interface=vlan100 network=192.168.100.0
add address=192.168.40.1/24 interface=vlan1 network=192.168.40.0
add address=192.168.42.1/24 interface=vlan2 network=192.168.42.0
- /ip firewall nat
add action=masquerade chain=srcnat out-interface=vlan99 src-address-list=to_ISP-A
add action=masquerade chain=srcnat out-interface=vlan100 src-address-list=to_ISP-B
add action=masquerade chain=srcnat out-interface=vlan99 src-address-list=local
add action=masquerade chain=srcnat out-interface=vlan100 src-address-list=local
add action=src-nat chain=srcnat comment="One by One Interface No Recomended" disabled=yes out-interface-list=local src-address-list=local \ to-addresses=192.168.40.1
add action=src-nat chain=srcnat disabled=yes out-interface-list=local src-address-list=local to-addresses=192.168.42.1
add action=masquerade chain=srcnat comment=Ok dst-address-list=local out-interface-list=local src-address-list=local . agar bisa saling komunikasi antar jaringan local
- /ip firewall mangle
add action=accept chain=prerouting dst-address-list=local src-address-list=local . agar bisa saling komunikasi antar jaringan local
add action=mark-routing chain=prerouting new-routing-mark=Link_ISP-A passthrough=yes src-address-list=to_ISP-A
add action=mark-routing chain=prerouting new-routing-mark=Link_ISP-B passthrough=yes src-address-list=to_ISP-B
add action=mark-connection chain=prerouting disabled=yes dst-address-list=ping.eu new-connection-mark=to-ping.eu passthrough=yes src-address=192.168.40.253
add action=mark-routing chain=prerouting connection-mark=to-ping.eu disabled=yes new-routing-mark=Link_ISP-B passthrough=no
- /ip firewall address-list
add address=192.168.40.0/24 list=to_ISP-A
add address=192.168.42.0/24 list=to_ISP-B
add address=192.168.40.0/24 list=local
add address=192.168.42.0/24 list=local
add address=ping.eu list=ping.eu
- /ip route
add check-gateway=ping distance=1 gateway=8.8.8.8 routing-mark=Link_ISP-A target-scope=30
add check-gateway=ping distance=1 gateway=8.8.4.4 routing-mark=Link_ISP-B target-scope=30
add comment="backup-From Link-A" distance=2 gateway=10.3.4.1
add comment="backup-From Link-B" distance=2 gateway=192.168.137.1
add check-gateway=ping distance=1 dst-address=8.8.4.4/32 gateway=192.168.137.1
add check-gateway=ping distance=1 dst-address=8.8.8.8/32 gateway=10.3.4.1
Konfigurasi ini bisa memisahkan trafik, IP Local yg harusnya menggunakan ISP_A tp diarahkan ke ISP_B
add action=mark-connection chain=prerouting disabled=yes dst-address-list=ping.eu new-connection-mark=to-ping.eu passthrough=yes src-address=192.168.40.253
add action=mark-routing chain=prerouting connection-mark=to-ping.eu disabled=yes new-routing-mark=Link_ISP-B passthrough=no
No comments