BRIDGE

Divisi Training
Departemen Teknik
PT UFOAKSES SUKSES LUARBIASA
Jakarta
nux@ufoakses.co.id
 Bridge

| Mengabungkan 2 atau lebih interface

| Mengaktifkan bridge pada 2 buah interface akan
menonaktifkan fungsi routing di antara kedua
interface tersebut.
| Proses pada layer data link
| Sebagian diimplementasikan pada wireless
network karena :
z Lebih mudah dibuat
z Perangkat wireless umumnya tidak
mendukung routing
System Bridge
 Bridge Interface
z Berikut interface yang dapat di dibridge :
z Ethernet ( 802.3 )
z VLAN
− Merupakan bagian dari ethernet atau wiriless int.
− Jangan melakukan bridge sebuah vlan dengan interface induknya

z Wireless AP
− Untuk Wireless client harus pake WDS

z WDS
z EoIP
 Perhatian
z Kita tidak harus memasang ip address pada
sebuah bridge
z Jika kita tidak menonaktifkan bridge pada ip
address yang terpasang pada bridge akan
invalid
z Beban trafik pada setiap perangkat akan berat
karena terjadi akumulasi trafik.
 Membuat Bridge
z Membuat interface bridge
z Memasukkan interface ethernet ke interface
bridge
z Pastikan ip address berada dalam satu segmen
Bridge di Winbox
Assigning Ports to the Bridge
Port yang dibridge
Interface sebelum dibridge
Interface setelah dibridge
Bridge Monitoring
 Bridge Loop
z Jika terdapat dua atau lebih jalur yang berada
dalam sebuah network bridge hati2x terjadi
bridge loop
z Untuk itu dipakai STP ( spanning Tree Protokol
)
 Spanning Tree Protocol
z The Spanning Tree Protocol (STP)
− Is defined by IEEE Standard 802.1D
− Provides a loop free topology for any bridged LAN
− Discovers an optimal spanning tree within the mesh
network and disables the links that are not part of
the tree, thus eliminating bridging loops
STP Action
 STP Root Bridge
z Lowest priority
z Lowest ID (MAC address)
z Central point of the topology
z Each bridge calculates shortest path to the Root
Bridge
Spanning Tree
Set STP
 Rapid Spanning Tree Protocol
z Rapid Spanning Tree Protocol (RSTP)
z is an evolution of the STP
z provides for faster spanning tree convergence
after a topology change than STP
z rstp-bridge-test package is required for the
RSTP feature to be available in RouterOS
 RSTP Bridge Port Roles
z Lowest priority for looped ports
z Root port – a path to the root bridge
z Alternative port – backup root port
z Designated port – forwarding port
z Backup port – backup designated port
 Routed Networks vs Bridging
z Routers do not forward broadcast frames
z Communication loops and their resultant
broadcast storms are no longer a design issue
in routed networks
z Redundant media and meshed topologies can
offer traffic load sharing and more robust fault
tolerance than bridged network topologies
 Bridge Firewall
z The bridge firewall implements packet filtering
and thereby provides security functions that are
used to manage data flow to, from and through
bridge
z Elements of bridge firewall are:
− Bridge Filter
− Bridge Network Address Translation (NAT)
− Bridge Broute
 Bridge Filter
z Bridge filter has three predefined chains, input,
forward, and output
z Example application is filtering broadcast traffic
 Bridge NAT
z Memungkinkan kita untuk melakukan
pengubahan mac address untuk trafik yang
melalui bridge,baik mac address asal maupun
tujuan
z Bridge NAT menggunakan ARP
z Ada 2 buah chain
− Src-nat : mengubah mac address asal
− Dst-nat : mengubah mac address tujuan
 Bridge Broute
z Bridge Broute
− makes bridge a brouter - router that performs
routing on some of the packets, and bridging – on
others
− has one predefined chain, brouting, which is
traversed right after a packet enters an enslaved
interface before "Bridging Decision“
z For example, IP can be routed, and everything
else bridged (IPX)
Blok Icmp pada bridge
Bridge filter di winbox
Workshop
 Konfigurasi
z Pada Router 1 bikin bridge , dan masukkan
semua interface ke dalam bridge
− Wireless client tidak bisa di bridge gunakan WDS
z Pada Router 2 aktifkan web proxy
z Trafik http dialihkan melalui proxy
z Pada Router 2 laukan redirecting sehingga port
80 dialihkan ke port 8080
z Setting bridge nat
z Chain : dstnat
z Interface ether3
z Mac protokol = ip
z /ip/dst address=0.0.0.0/0 dst-port=80
protocol=tcp
z Action =dst-nat
z To mac-address=00:89:00……
 Testing
z Apakah ada data yang lewat pada web-proxy ?
z Apakah ada trafik pada ether3 di router 1 ?
 Bridge Wireless
z WDS feature
z Using EoIP
Bridge di Wireless
Create a bridge interface on AP and add ether1 interface
to the bridge in WinBox
z Do the same on the Station, and add ether1,
wlan1 interfaces to the bridge in Winbox
z Make sure you have communication between MikroTik routers,
i.e., one router is configured as server (AP), the other one as
client (station). Configure wireless interface wlan1 on AP in
WinBox
z Do the same configuration on Client wireless
interface (wlan1) in Winbox
z Create wds interface on AP and add the
interface to the bridge in WinBox
z Check whether the WDS link is established in
WinBox
z Add IP address on AP in WinBox
z [admin@AP]> ip address add
address=10.1.0.215/24 interface=wds-bridge
z [admin@Station]> ip address add
address=10.1.0.216/24 interface=wds-bridge
z NOTE: If not using NAT/MANGLE nor anything
doing with conntrack, remember to turn of it at
both link ends.
z In the console:
z [admin@xx]> ip firewall connection tracking set
enabled=no
z This will help you get the full bandwidth the
wireless link can achive freeing the CPU load.