Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Cisco | Membangun Koneksi HO ke Cabang-1

Cisco | Membangun Koneksi HO ke Cabang-1

Oleh Hasugian Posting Komentar

Sekanrio-1
Kali saya membuat Lab jaringan dimana koneksi antara Head Office ke Cabang (HO to Branch) yang kita inginkan adalah dimana HO sebagai pusat Datacenter dapat diakses dari cabang. Sebegai catatan koneksi antar HO dengan cabang secara pisik kabel tidak terhubung secara langsung (undirect) tetapi ditengah-tenga ada jaringan ISP/backbone network yg biasa disebut Metro-E atau MPLS. Artinya kita minta ke orang ISP untuk menyediakan koneksi MPLS (L2VPN/L3VPN) ntk menghubungkan jaringan dari router WAN HO) ke router Cabang atau biasa disebut route CE.

Jadi goal kita disini  adalah dimana user yg ada diarea cabang dapat meng-akses server-server yg ada diarea serverarm. Dalam arti host user_SBY 10.202.20.10 dapat akses ke area serverfarm yaitu ke 10.87.30.12. untuk lebih jelasnya mari kita lihat konfig dimasing-masing router dan switch.

SW-LT-2
hostname SW-LT-2
!
vlan 20
exit
!
interface GigabitEthernet0/0
 description LINK-PC_10.202.20.10
 switchport access vlan 20
 switchport mode access
 negotiation auto
!
interface GigabitEthernet1/3
 description LINK-TO-DS-SW-01
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface Vlan20
 ip address 10.202.20.253 255.255.255.0
!
ip default-gateway 10.202.20.254
!

DS-SW-01
hostname DS-SW-01
!
vlan 10
exit
!
vlan 20
exit
!
interface GigabitEthernet0/0
 description LINK-TO-RCABANG-SBY
 switchport access vlan 10
 switchport mode access
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 10
 switchport mode access
 negotiation auto
!
interface GigabitEthernet0/2
 switchport access vlan 20
 switchport mode access
 negotiation auto
!
interface GigabitEthernet1/3
 description LINK-TO-SW-LT-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 negotiation auto
!
interface Vlan10
 ip address 10.202.10.254 255.255.255.0
!
interface Vlan20
 ip address 10.202.20.254 255.255.255.0
!
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 10.202.10.1
!

R-CABANG-SBY
hostname R-CABANG-SBY
!
interface GigabitEthernet0/0
 description LINK-R-WAN
 ip address 15.15.15.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1
 description LINK-TO-DS-01
 ip address 10.202.10.2 255.255.255.0
 standby 1 ip 10.202.10.1
 standby 1 priority 110
 standby 1 preempt
 duplex auto
 speed auto
 media-type rj45
!
router bgp 65111
 network 10.202.10.0 mask 255.255.255.0
 network 10.202.20.0 mask 255.255.255.0
 network 15.15.15.0 mask 255.255.255.252
 neighbor 15.15.15.2 remote-as 65123
 neighbor 15.15.15.2 soft-reconfiguration inbound
!
ip route 10.202.10.0 255.255.255.0 GigabitEthernet0/1
ip route 10.202.20.0 255.255.255.0 10.202.10.254
!

R-WAN
hostname R-WAN
!
interface Loopback0
 ip address 192.168.255.253 255.255.255.255
!
interface GigabitEthernet0/0
 description LINK-to-EDGE-01
 ip address 14.14.14.2 255.255.255.252
 ip ospf network point-to-point
 no shut
!
interface GigabitEthernet0/1
 description LINK-R-CABANG-BTM
 ip address 16.16.16.2 255.255.255.252
 no shut
!
interface GigabitEthernet0/2
 description LINK-R-CABANG-SBY
 ip address 15.15.15.2 255.255.255.252
 no shut
!
router ospf 1
 router-id 192.168.255.253
 redistribute bgp 65123 subnets
 network 14.14.14.0 0.0.0.3 area 1
 network 192.168.255.253 0.0.0.0 area 1
!
router bgp 65123
 bgp log-neighbor-changes
 network 15.15.15.0 mask 255.255.255.252
 network 16.16.16.0 mask 255.255.255.252
 neighbor 15.15.15.1 remote-as 65111
 neighbor 16.16.16.1 remote-as 65222
 redistribute ospf 1
!

SW-EDGE-01
hostname SW-EDGE-01
!
interface Loopback1
 ip address 192.168.255.254 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet0/0
 description LINK-to-FW-EXTRANET-01
 no switchport
 ip address 14.14.14.1 255.255.255.252
 ip ospf network point-to-point
 no negotiation auto
!
interface GigabitEthernet0/1
 description LINK-to-CORE-01
 no switchport
 ip address 13.13.13.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 !
router ospf 1
 router-id 192.168.255.254
 network 14.14.14.0 0.0.0.3 area 1
 redistribute static subnets
 !

SW-CORE-01
hostname SW-CORE-01
!
interface GigabitEthernet0/1
 description LINK-to-EDGE-01
 no switchport
 ip address 13.13.13.2 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 negotiation auto
!
interface GigabitEthernet0/2
 no switchport
 ip address 11.11.11.2 255.255.255.252
 ip ospf network point-to-point
 ip ospf 1 area 0
 negotiation auto
!
interface GigabitEthernet0/3
 switchport access vlan 30
 switchport mode access
 description LINK-TO-PC_10.87.30.12
!
interface GigabitEthernet0/0
 switchport access vlan 30
 switchport mode access
 description LINK-TO-PC_10.87.30.10
!
interface Vlan30
 ip address 10.87.30.253 255.255.255.0
 standby 1 ip 10.87.30.1
 standby 1 priority 110
 standby 1 preempt
 ip ospf 1 area 0
!
router ospf 1
!

VERIFIKASI:Test ping dari area cavang ke serverfarm.












Lakukan ping dari area serverfarm ke host cabang











Sukses...!! DONE.

Sekanrio-2
 



 

 

 

 

 

 


Skenario kedua ini yg berbeda adalah konfigurasi router cabang dan ke swit LT-1 dan SW-LT-2. Langsung saja ke konfigurasinya.

hostname R-CABANG-BTM
!
interface GigabitEthernet0/0
 description LINK-R-WAN
 ip address 16.16.16.1 255.255.255.252
 no shut
!
interface GigabitEthernet0/1.10
 description #LAN-GW#
 encapsulation dot1Q 10
 ip address 10.203.10.3 255.255.255.0
 vrrp 1 ip 10.203.10.1
 vrrp 1 priority 95
 exit
!
router bgp 65222
 bgp log-neighbor-changes
 network 10.203.10.0 mask 255.255.255.0
 network 10.209.20.0 mask 255.255.255.0
 network 16.16.16.0 mask 255.255.255.252
 neighbor 16.16.16.2 remote-as 65123
 neighbor 16.16.16.2 soft-reconfiguration inbound
!
ip route 10.203.10.0 255.255.255.0 GigabitEthernet0/1.10
ip route 10.209.20.0 255.255.255.0 10.203.10.254
!
------------------------------------------
hostname SW-LT1
!
vlan 10
!
vlan 20
!
interface GigabitEthernet0/0
 description LINK-TO-R-CABANG-BTM
 switchport trunk allowed vlan 10,20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shut
!
interface GigabitEthernet0/2
 switchport access vlan 10
 switchport mode access
 negotiation auto
!
interface GigabitEthernet1/3
 description LINK-TO-SW-LT-2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shut
!
interface Vlan10
 ip address 10.203.10.254 255.255.255.0
!
interface Vlan20
 ip address 10.209.20.254 255.255.255.0
!
ip default-gateway 10.203.10.1
!
ip route 0.0.0.0 0.0.0.0 10.203.10.1
!
-----------------------------------------
hostname SW-LT-2
!
vlan 20
!
interface GigabitEthernet0/0
 description LINK-TO-USER_10.209.20.10
 switchport access vlan 20
 switchport mode access
 negotiation auto
!
interface GigabitEthernet1/3
 description LINK-TO-SW-LT1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no shut
!
interface Vlan20
 ip address 10.209.20.253 255.255.255.0
!
ip default-gateway 10.209.20.254
!
ip route 0.0.0.0 0.0.0.0 10.209.20.254
!

QUESTION:
Bagaimana akses dari cabang dilakukan pembatasan akses ke area serverfarm dimana hanya host tertentu saja yg dapat diakses, maka solusinya adalah bisa menerapakan access control list (ACL) disisi router cabang, atau jika pembatasan akses dari serverfarm ke area cabang bisa lakukan ACL di routrer WAN.

Posting Komentar untuk "Cisco | Membangun Koneksi HO ke Cabang-1"

Posting Komentar