bridge - · pdf filebridge broute zbridge broute −makes bridge a brouter - router that...
Post on 07-Mar-2018
225 Views
Preview:
TRANSCRIPT
Bridge
Mengabungkan 2 atau lebih interfaceMengaktifkan bridge pada 2 buah interface akan menonaktifkan fungsi routing di antara kedua interface tersebut.Proses pada layer data linkSebagian diimplementasikan pada wireless network karena :
Lebih mudah dibuatPerangkat wireless umumnya tidak mendukung routing
Bridge Interface
Berikut interface yang dapat di dibridge :Ethernet ( 802.3 )
VLAN − Merupakan bagian dari ethernet atau wiriless int.
− Jangan melakukan bridge sebuah vlan dengan interface induknya
Wireless AP− Untuk Wireless client harus pake WDS
WDSEoIP
Perhatian
Kita tidak harus memasang ip address pada sebuah bridgeJika kita tidak menonaktifkan bridge pada ip address yang terpasang pada bridge akan invalidBeban trafik pada setiap perangkat akan berat karena terjadi akumulasi trafik.
Membuat Bridge
Membuat interface bridgeMemasukkan interface ethernet ke interface bridgePastikan ip address berada dalam satu segmen
Bridge Loop
Jika terdapat dua atau lebih jalur yang berada dalam sebuah network bridge hati2x terjadi bridge loopUntuk itu dipakai STP ( spanning Tree Protokol )
Spanning Tree Protocol
The Spanning Tree Protocol (STP)− Is defined by IEEE Standard 802.1D− Provides a loop free topology for any bridged LAN− Discovers an optimal spanning tree within the mesh
network and disables the links that are not part of the tree, thus eliminating bridging loops
STP Root Bridge
Lowest priorityLowest ID (MAC address)Central point of the topologyEach bridge calculates shortest path to the Root Bridge
Rapid Spanning Tree Protocol
Rapid Spanning Tree Protocol (RSTP)is an evolution of the STPprovides for faster spanning tree convergence after a topology change than STPrstp-bridge-test package is required for the RSTP feature to be available in RouterOS
RSTP Bridge Port Roles
Lowest priority for looped portsRoot port – a path to the root bridgeAlternative port – backup root portDesignated port – forwarding portBackup port – backup designated port
Routed Networks vs Bridging
Routers do not forward broadcast framesCommunication loops and their resultant broadcast storms are no longer a design issue in routed networksRedundant media and meshed topologies can offer traffic load sharing and more robust fault tolerance than bridged network topologies
Bridge Firewall
The bridge firewall implements packet filtering and thereby provides security functions that are used to manage data flow to, from and through bridgeElements of bridge firewall are:− Bridge Filter− Bridge Network Address Translation (NAT)− Bridge Broute
Bridge Filter
Bridge filter has three predefined chains, input, forward, and outputExample application is filtering broadcast traffic
Bridge NAT
Memungkinkan kita untuk melakukanpengubahan mac address untuk trafik yang melalui bridge,baik mac address asal maupuntujuanBridge NAT menggunakan ARP Ada 2 buah chain− Src-nat : mengubah mac address asal− Dst-nat : mengubah mac address tujuan
Bridge Broute
Bridge Broute− makes bridge a brouter - router that performs
routing on some of the packets, and bridging – on others
− has one predefined chain, brouting, which is traversed right after a packet enters an enslaved interface before "Bridging Decision“
For example, IP can be routed, and everything else bridged (IPX)
Konfigurasi
Pada Router 1 bikin bridge , dan masukkansemua interface ke dalam bridge− Wireless client tidak bisa di bridge gunakan WDS
Pada Router 2 aktifkan web proxyTrafik http dialihkan melalui proxyPada Router 2 laukan redirecting sehingga port 80 dialihkan ke port 8080
Setting bridge natChain : dstnatInterface ether3 Mac protokol = ip/ip/dst address=0.0.0.0/0 dst-port=80 protocol=tcpAction =dst-natTo mac-address=00:89:00……
Make sure you have communication between MikroTik routers, i.e., one router is configured as server (AP), the other one as client (station). Configure wireless interface wlan1 on AP in WinBox
[admin@AP]> ip address add address=10.1.0.215/24 interface=wds-bridge [admin@Station]> ip address add address=10.1.0.216/24 interface=wds-bridge
top related