Professional Documents
Culture Documents
Functional Design Specification Network
Functional Design Specification Network
INTRODUCTION
REFERENCES
LTG-PGAS-0000-SCD-SP-001 Kerangka Acuan Kerja
LTG-PGAS-0000-SCD-SP-002 Spesifikasi System SCADA
LTG-PGAS-0000-INS-LI-007 System Architecture
XXXX Manual HP
YYYY Manual NUC Intel
1. ABBREVIATIONS
AI Analog Input
AO Analog Output
In the Teluk Lamong Network, dynamic routers are the best solution
because one router is the center for controlling data traffic between each
switch, Dynamic routing can update routes by distributing information
through the best path, dynamic routing used is RIP. Routing Information
Protocol (RIP) is a dynamic routing protocol which uses hop count as a
routing metric to find the best path between the source and the destination
network. It is a distance vector routing protocol which has AD value 120
and works on the application layer of OSI model.
When there is a change in the network, the router does not necessarily
immediately change the entry in the routing table. A certain amount of time
is required so that entries in the routing table can change. The time
needed from the time the network changes until the entry route changes in
the routing table is called the convergence time. The shorter the
convergence time, the better the stability of a network, because when
there is no convergence there are certainly invalid route entries, so
sending packets from one host to another host on a different network will
fail.
2.2.2. Firewall
Firewall is a network security device, either hardware or software
based, which monitors all incoming and outgoing traffic and based on
defined set of security rules it accept, reject or drop that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
2.2.3. Redundancy
Implementing a network redundancy strategy will depend on many
factors, largely dictated by the application and the existing network
topology—the physical layout, location of systems, processes and
devices, and the way the cabling infrastructure is run. Certain redundancy
methodologies are more suited for one system configuration than another.
Core Switches (G) 18E8292C1707 and (G) 18E8292C1B87 will also be used
for the Backbone environment. These Core Switches are connected to all
switches via a Fiber Optic link. Router 91680A2D942E / 906 will connect to all
SWITCHs by routing. 91680A2D942E / 906 will also configure OSPF. OSPF
will be implemented as a routing protocol on all sites including JETTY. The
path selection mechanism that selects Switch A as the main link and Switch B
as the Backup link will also be handled by OSPF.
Network device that will be implemented in this site is below:
Quantity
No Device Product Number
(Unit)
1 Firewall 1
2 Router 91680A2D942E/906 1
3 Core Switch (G) 18E8292C1707 2
(G) 18E8292C1B87
4 Access Switch for (K) 18E8294460D2 2
Server (K) 18E829445184
5 Access Switch for (K) 18E8294456A6 2
Workstation
6 Access Switch for 2
SCADA PLC
7 Access Switch for 2
SCADA SAFETY
Quantity
No Device Product Number
(Unit)
1 Switch SCADA Safety 2
2 Switch CCTV 1
b. Interface
Pada konfigurasi interface dilakukan pengaturan port mikrotik sesuai dengan
perangkat yang terhubung, pengaturan VLAN dilakukan pada interfae untuk
membuat segmentasi pada jaringan Teluk Lamong
Mikrotik SFP port1 diset sebagai port LAN1 yang terhubung ke Switch
Distribusi port SFP1.
Mikrotik SFP port2 di set sebgaia port LAN2 yang terhubung ke Swich
Distribusi port SFP1.
Mikrotik SFP port 1 dan port 2 di set sebagai jalur VLAN A dan VLAN
B
No Port Connect to
2 3 4 5
1 SFP1 Switch Distribution A
2 SFP2 Switch Distribution B
3 Eth1 Firewall
4 Eth3 NTP Server
5 Eth4 Printer
Pada setiap Switch yang sudah terdaftar, set pada setiap port Switch
Access yang terhubung ke perangkat operasi sesuai dengan VLAN
yang sudah dibuat
Pada pilihan profile, pilih VLAN yang sudah di daftarkan di unifi controller
dan sesuaikan dengan perangkat yang akan di daftarkan VLAN
Berikut daftar Switch dan VLAN yang sudah terkonfigurasi
Switch VLAN ID
SW-WST-A VLAN_WST_A 30
SW-WST-B VLAN_WST_B 40
SW-SVR-A VLAN_SVR_A 10
SW-SVR-B VLAN_SVR_B 20
SW-PCS-A VLAN_PCS_A 50
SW-PCS-B VLAN_PCS_B 60
SW-SIS-A VLAN_SIS_A 70
SW-SIS-B VLAN_SIS_B 80
SW-SIS-C VLAN_SIS_C 90
SW-SIS-D VLAN_SIS_D 100
SW-CVT-A VLAN_CCTV_A 30
SW-CTV-B VLAN_CCTV_B 40
Switch A
Switch B
1 2 3 4 5 6
7 8 9 10 11 12
Workstation Switch
13 14 15 16 17 18
19 20 21 22 23 24
1 2 3 4 5 6
7 8 9 10 11 12
Server Switch
13 14 15 16 17 18
19 20 21 22 23 24
1 2 3 4 5 6
PCS Switch 7 8 9 10 11 12
13 14 15 16 17 18
19 20 21 22 23 24
1 2 3 4 5 6
7 8 9 10 11 12
SIS Oru Switch
13 14 15 16 17 18
19 20 21 22 23 24
1 2 3 4 5 6
7 8 9 10 11 12
SIS Jetty Switch
13 14 15 16 17 18
19 20 21 22 23 24
VLAN Port
TRUNK Port
Unifi Controller Port
Disable Port
Disable port berfungsi untuk mengamankan port yang tidak terpakai untuk
mencegah terjadinya aktifitas yang tidak terautorisasi
Hostname : WS-EWS-A
IP Address : 192.168.30.11 / 192.168.40.11
Subnet : 255.255.255.192
Gateway : 192.168.30.1 / 192.168.40.1
User Account : Engineer1 / Engineer2
Hostname : WS-EWS-B
IP Address : 192.168.30.12 / 192.168.40.12
Subnet : 255.255.255.192
Gateway : 192.168.30.1 / 192.168.40.1
User Account : Engineer1 / Engineer2
Hostname : WS-OWS-A
IP Address : 192.168.30.13 / 192.168.40.13
Subnet : 255.255.255.192
Gateway : 192.168.30.1 / 192.168.40.1
User Account : Operator1 / Operator2
Hostname : WS-OWS-B
IP Address : 192.168.30.14 / 192.168.40.14
Subnet : 255.255.255.192
Gateway : 192.168.30.1 / 192.168.40.1
User Account : Operator1 / Operator2
b. Access Admin Management
Untuk workstation WS-EWS-A diberikan akses khusus untuk melakukan
konfigurasi admin pada perangkat mikrotik dan firewall.
Konfig
urasi
X = Disabled I = Invalid
Hostname : SV-SCD-B
IP Address : 192.168.10.12 / 192.168.20.12
Subnet : 255.255.255.192
Gateway : 192.168.10.1 / 192.168.20.1
User Account : ScadaServer1 / ScadaServer2
Hostname : SV-OPC-A
IP Address : 192.168.10.13 / 192.168.20.13
Subnet : 255.255.255.192
Gateway : 192.168.10.1 / 192.168.20.1
User Account : OPC1
Hostname : SV--A
IP Address : 192.168.10.11 / 192.168.20.11
Subnet : 255.255.255.192
Gateway : 192.168.10.1 / 192.168.20.1
User Account : ScadaServer1 / ScadaServer2
b. Access Management
Untuk Server OPC diberikan akses khusus terhubung ke internet melalui firewall
untuk melakukan update antivirus
Press F10