Policy Base Routing Mikrotik Router

Posted: July 26, 2011 in MikroTik, OSPF

Dear RR
Sedikit berbagi di pagi hari.
Berikut PBR (Policy Base Routing) Versi Mikrotik Router, tujuannya untuk mereject/discard network yang tidak diperlukan, hasil advertised dari router lain. PBR ini cocok untuk User, selain bisa sbg preventif/firewall, mencegah paket broadcast dari User ke Internal kita.
Protocol yang saya pakai adalah OSPF, dengan chain yang dipakai ospf-in dan ospf-out
Network Diagramnya kurang lebih seperti dibawah ini
Wiwid
Silahkan Klik
Berikut Konfigurasinya..

/routing filter
add action=accept chain=ospf-in invert-match=no prefix=172.16.10.0/29
add action=accept chain=ospf-in invert-match=no prefix=172.16.20.0/29
add action=discard chain=ospf-in prefix=!0.0.0.0/0
add action=accept chain=ospf-out invert-match=no prefix=172.16.10.0/29
add action=accept chain=ospf-out invert-match=no prefix=172.16.20.0/29
add action=accept chain=ospf-out invert-match=no prefix=192.168.100.0/27
add action=discard chain=ospf-out invert-match=no prefix=!10.1.1.10/32

Bisa Dilihat hasil list “ip route nya”. IP network router lainnya tidak ada..Karena sudah direject/discard

Wiwid@Mikrotik_USER] /routing filter> /ip ro pr
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,
B – blackhole, U – unreachable, P – prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADo 0.0.0.0/0 172.16.10.1 110
1 ADC 172.16.10.0/29 114.199.91.49 ether1 0
2 ADC 10.1.1.10/32 114.199.92.20 loopback0 0
3 ADC 172.16.20.0/29 114.199.94.2 ether2 0
4 ADC 192.168.100.0/27 114.199.94.10 ether3 0

Advertisements
Comments
  1. Harri DS says:

    sundul gan, nice inpo 😀

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s