MTCRE : ROUTE TYPE

Pada lab kali ini saya akan menjelaskan mengenai route type. Route type yang digunakan kebutuhannya untuk keamanan jaringan.

Route type memiliki 4 jenis, yaitu:

Blackhole : Memblok secara diam-diam, contohnya RTO
Unicast : Mengizinkan paket dikirim
Unreachable : Memblok paketnya dan Mengirimkan pesan eror host unreachable
Prohibit : Memblok dan mengirimkan pesan eror

TOPOLOGY

Pada topology diatas kita akan melakukan step by step sebagai berikut,

Setting IP Address di setiap router
Memasukkan IP Address dan Gateway di setiap PC
Membuat bridge pada R1, R3 dan R4
Konfigurasi Static Routing
Konfigurasi route type, prohibit, blackhole, dan unreachable

Sekarang kita coba nge lab, langkah awal yang harus kita lakukan adalah mensetting IP Address pada setiap router, pc serta gateway.

Pada R1 kita akan memasukkan IP Address dan set bridge yang mengarah pada PC2 dan PC3, yaitu ether1 dan ether2

[admin@MikroTik] > system identity set name=R1
[admin@R1] > interface bridge add name=bridge1
[admin@R1] > interface bridge port add interface=ether1 bridge=bridge1
[admin@R1] > interface bridge port add interface=ether2 bridge=bridge1
[admin@R1] > ip address add address=10.10.10.1/24 interface=ether3
[admin@R1] > ip address add address=192.168.1.1/24 interface=bridge1

Pada R2 kita akan memasukkan IP Address saja.

[admin@MikroTik] > system identity set name=R2
[admin@R2] > ip address add address=10.10.10.2/24 interface=ether1
[admin@R2] > ip address add address=11.11.11.2/24 interface=ether2
[admin@R2] > ip address add address=12.12.12.1/24 interface=ether3

Pada R3 kita akan memasukkan IP Address dan set bridge yang mengarah pada PC2 dan PC3, yaitu ether2 dan ether3

[admin@MikroTik] >> system identity set name=R3
[admin@R3] >> interface bridge add name=bridge1
[admin@R3] >> interface bridge port add interface=ether2 bridge=bridge1
[admin@R3] >> interface bridge port add interface=ether3  bridge=bridge1
[admin@R3] >> ip address add address=12.12.12.2/24 interface=ether1

Terakhir, pada R4 sama seperti R1 dan R3 kita akan memasukkan IP Address dan set bridge yang mengarah pada PC2 dan PC3, yaitu ether2 dan ether3

[admin@MikroTik] > system identity set name=R4
[admin@R4] > interface bridge add name=bridge1
[admin@R4] > interface bridge port add interface=ether2 bridge=bridge1
[admin@R4] > interface bridge port add interface=ether3 bridge=bridge1
[admin@R4] > ip address add address=192.168.3.1/24 interface=bridge1
[admin@R4] > ip address add address=11.11.11.2/24 interface=ether1

STATIC ROUTE

Agar route type nya dapat berjalan, langkah selanjutnya kita akan melakukan stating routing pada semua router. Karena kita sudah menjelaskan static routing pada lab sebelumnya maka ga perlu banyak basa-basi langsung saja kita cuss~

Konfigurasi static routing pada R1

[admin@R1] > ip route add dst-address=11.11.11.0/24 gateway=10.10.10.2
[admin@R1] > ip route add dst-address=12.12.12.0/24 gateway=10.10.10.2
[admin@R1] > ip route add dst-address=192.168.2.0/24 gateway=10.10.10.2
[admin@R1] > ip route add dst-address=192.168.3.0/24 gateway=10.10.10.2

Konfigurasi static routing pada R2

[admin@R2] > ip route add dst-address=192.168.3.0/24 gateway=11.11.11.1
[admin@R2] > ip route add dst-address=192.168.1.0/24 gateway=10.10.10.1
[admin@R2] > ip route add dst-address=192.168.2.0/24 gateway=12.12.12.2

Konfigurasi static routing pada R3

[admin@R3] >> ip route add dst-address=192.168.1.0/24 gateway=12.12.12.1
[admin@R3] >> ip route add dst-address=192.168.3.0/24 gateway=12.12.12.1
[admin@R3] >> ip route add dst-address=10.10.10.0/24 gateway=12.12.12.1
[admin@R3] >> ip route add dst-address=11.11.11.0/24 gateway=12.12.12.1

Konfigurasi static routing pada R4

[admin@R4] > ip route add dst-address=192.168.1.0/24 gateway=11.11.11.1
[admin@R4] > ip route add dst-address=192.168.2.0/24 gateway=11.11.11.1
[admin@R4] > ip route add dst-address=10.10.10.0/24 gateway=11.11.11.1
[admin@R4] > ip route add dst-address=12.12.12.0/24 gateway=11.11.11.1

KONFIGURASI ROUTE TYPE

1. Prohibit, jika berhasil maka akan muncul di routing table flag A SP (active static prohibit)

[admin@R1] > ip route add dst-address=192.168.2.3 type=prohibit
[admin@R1] > ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADC  10.10.10.0/24      10.10.10.1      ether3                    0
 1 A S  11.11.11.0/24                      10.10.10.2                1
 2 A S  12.12.12.0/24                      10.10.10.2                1
 3 ADC  192.168.1.0/24     192.168.1.1     bridge1                   0
 4 A S  192.168.2.0/24                     10.10.10.2                1
 5 A SP 192.168.2.3/32                                               1

2. Unreachable, jika berhasil maka akan muncul di routing table flag A SU (active static unreachable)

[admin@R4] > ip route add dst-address=192.168.2.2 type=unreachable
[admin@R4] > ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  10.10.10.0/24                      11.11.11.1                1
 1 ADC  11.11.11.0/24      11.11.11.2      ether1                    0
 2 A S  12.12.12.0/24                      11.11.11.1                1
 3 A S  192.168.1.0/24                     11.11.11.1                1
 4 A S  192.168.2.0/24                     11.11.11.1                1
 5 A SU 192.168.2.2/32                                               1
 6 ADC  192.168.3.0/24     192.168.3.1     bridge1                   0

3. Blackhole, jika berhasil maka akan muncul di routing table flag A SB (active static blachole)

[admin@R4] > ip route add dst-address=192.168.2.2 type=blackhole
[admin@R4] > ip route pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  10.10.10.0/24                      11.11.11.1                1
 1 ADC  11.11.11.0/24      11.11.11.2      ether1                    0
 2 A S  12.12.12.0/24                      11.11.11.1                1
 3 A S  192.168.1.0/24                     11.11.11.1                1
 4 A S  192.168.2.0/24                     11.11.11.1                1
 5 A SB 192.168.2.2/32                                               1
 6 ADC  192.168.3.0/24     192.168.3.1     bridge1                   0

STUDY CASE & PENGUJIAN

Pada lab kali ini, kita akan mencoba melakukan blok dari router ke PC dengan route type.

PC 1 (192.168.1.2) --> PC 4 (192.168.2.3) = prohibit
PC 3 (192.168.2.2) --> PC 2 (192.168.1.3) = blackhole
PC 5 (192.168.3.2) --> PC 3 (192.168.2.2) = unreachable
PC 6 (192.168.3.3) --> PC 3 (192.168 2.2) = blackhole
PC 2 (192.168.1.3) --> PC 6 (192.168.3.3) = unreachable

STUDY CASE 1

Masukkan IP dan Gateway pada PC1

VPCS> ip 192.168.1.2/24 192.168.1.1
Checking for duplicate address...
PC1 : 192.168.1.2 255.255.255.0 gateway 192.168.1.1

Memasukan route type prohibit pada R1 block PC4 dengan IP Address 192.168.2.3

[admin@R1] > ip route add dst-address=192.168.2.3 type=prohibit

Pengecekan ping pada IP dari PC1 ke PC4

VPCS> ping 192.168.2.3

*192.168.1.1 icmp_seq=1 ttl=64 time=1.879 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=2 ttl=64 time=0.760 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=3 ttl=64 time=0.622 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=4 ttl=64 time=0.770 ms (ICMP type:3, code:13, Communication administratively prohibited)
*192.168.1.1 icmp_seq=5 ttl=64 time=0.802 ms (ICMP type:3, code:13, Communication administratively prohibited

STUDY CASE 2

Masukkan IP dan Gateway pada PC3

VPCS> ip 192.168.2.2/24 192.168.2.1
Checking for duplicate address...
PC1 : 192.168.2.2 255.255.255.0 gateway 192.168.2.1

Memasukan route type blackhole pada R3 block PC4 dengan IP Address 192.168.1.3

[admin@R2] > ip route add dst-address=192.168.1.3 type=blackhole

Pengecekan ping pada IP dari PC3 ke PC2

VPCS> ping 192.168.1.3

192.168.1.3 icmp_seq=1 timeout
192.168.1.3 icmp_seq=2 timeout
192.168.1.3 icmp_seq=3 timeout
192.168.1.3 icmp_seq=4 timeout
192.168.1.3 icmp_seq=5 timeout

STUDY CASE 3

Masukkan IP dan Gateway pada PC5

VPCS> ip 192.168.3.2/24 192.168.3.1
Checking for duplicate address...
PC1 : 192.168.3.2 255.255.255.0 gateway 192.168.3.1

Memasukan route type unreachable pada R4 block PC3 dengan IP Address 192.168.2.2

[admin@R4] > ip route add dst-address=192.168.2.2 type=unreachable

Pengecekan ping pada IP dari PC5 ke PC3

VPCS> ping 192.168.2.2

*192.168.3.1 icmp_seq=1 ttl=64 time=1.357 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.3.1 icmp_seq=2 ttl=64 time=1.017 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.3.1 icmp_seq=3 ttl=64 time=0.864 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.3.1 icmp_seq=4 ttl=64 time=7.154 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.3.1 icmp_seq=5 ttl=64 time=0.993 ms (ICMP type:3, code:1, Destination host unreachable)

STUDY CASE 4

Masukkan IP dan Gateway pada PC6

VPCS> ip 192.168.3.3/24 192.168.3.1
Checking for duplicate address...
PC1 : 192.168.3.3 255.255.255.0 gateway 192.168.3.1

Memasukan route type blackhole pada R4 block PC3 dengan IP Address 192.168.2.2

[admin@R4] > ip route add dst-address=192.168.2.2 type=blackhole

Pengecekan ping pada IP dari PC6 ke PC3

VPCS> ping 192.168.2.2

192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout
192.168.2.2 icmp_seq=3 timeout
192.168.2.2 icmp_seq=4 timeout
192.168.2.2 icmp_seq=5 timeout

STUDY CASE 5

Masukkan IP dan Gateway pada PC2

VPCS> ip 192.168.1.3/24 192.168.1.1
Checking for duplicate address...
PC1 : 192.168.1.3 255.255.255.0 gateway 192.168.1.1

Memasukan route type unreachable pada R4 block PC6 dengan IP Address 192.168.3.3

[admin@R1] > ip route add dst-address=192.168.3.3 type=unreachable

Pengecekan ping pada IP dari PC2 ke PC6

VPCS> ping 192.168.3.3

*192.168.1.1 icmp_seq=1 ttl=64 time=9.062 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.1 icmp_seq=2 ttl=64 time=1.947 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.1 icmp_seq=3 ttl=64 time=1.573 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.1 icmp_seq=4 ttl=64 time=0.985 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.1 icmp_seq=5 ttl=64 time=3.742 ms (ICMP type:3, code:1, Destination host unreachable)

Search This Blog

catatan si hacker

MTCRE : ROUTE TYPE

TOPOLOGY

STATIC ROUTE

KONFIGURASI ROUTE TYPE

STUDY CASE & PENGUJIAN

Comments

Post a Comment

Popular Posts

MTCRE : ROUTING POLICY + MARK ROUTING

Routing Information Protocol