Setting VRF MikroTik – GNS3 LAB62

Setting VRF (Vitual Routing Forwarding) MikroTik – GNS3 LAB62

  • MikroTik-1 ether2: 192.168.250.106/24 (internet)
  • MikroTik-1 ether3: 192.168.88.1/24
  • MikroTik-1 ether4: 192.168.88.1/24 – VRF
  • User-X: 192.168.88.10
  • User-Y: 192.168.88.11

  • Setting IP Address MikroTik
/ip address
add address=192.168.250.106/24 interface=ether2 network=192.168.250.0
add address=192.168.88.1/24 interface=ether3 network=192.168.88.0
add address=192.168.88.1/24 interface=ether4 network=192.168.88.0
  • Setting DHCP Server
/ip pool
add name=LAN-192.168.88.0/24 ranges=192.168.88.2-192.168.88.254

/ip dhcp-server
add address-pool=LAN-192.168.88.0/24 disabled=no interface=ether3 lease-time=1h10m name=Client-1
add address-pool=LAN-192.168.88.0/24 disabled=no interface=ether4 lease-time=1h10m name=Client-2
/ip dhcp-server network
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
  • Setting Route Gateway
/ip route
add distance=1 gateway=192.168.250.2
  • Setting Firewall NAT
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether2

  • Setting VRF
  • IP > Route > VRF > Tambahkan Routing mark VRF pada interface ether4
  • Tambahkan Route Leaking pada default gateway dengan routing mark vrf untuk traffik outgoing (upload) client-2
/ip route vrf
add interfaces=ether4 routing-mark=VRF-client2

/ip route
add distance=1 gateway=192.168.250.2@main routing-mark=VRF-client2
  • Setting Firewall Mangle
  • IP > Firewall > Mangle > Add (+)
  • Tambahkan rule mangle untuk traffik incoming (download) client-2 agar tetap consistent.
/ip firewall mangle
add action=mark-connection chain=prerouting in-interface=ether4 new-connection-mark=VRF-Client2_con passthrough=yes
add action=mark-routing chain=prerouting connection-mark=VRF-Client2_con in-interface=ether2 new-routing-mark=VRF-client2 passthrough=no
add action=mark-routing chain=output connection-mark=VRF-Client2_con new-routing-mark=VRF-client2 passthrough=no

Pengujian

  • Test ping dari User-X dan User-Y ke internet

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.