CARA SETTING MIKROTIK
November 25, 2008 by galuharya
bukan suatu hal yang aneh lagi kalau saat ini orang mulai berbondong-bondong migrasi ke OS mikrotik untuk membuat sebuah router dan bandwith management.dikarenakan pengunaan yang mudah(bagi orang yang baru kenal pun)dan tampilan winbox yang simple.
berikut ini saya tulis cara install mikrotik mulai dari awal
nyalakan RB mikrotik anda trus sambungkan pc anda ke salah satu eth di RB nya(dianjurkan ke port eth1).karena mikrotik yg masih default belum punya ip maka untuk mendeteksi mac address perlu di gunakan software neighbors yg bisa di download di http://www.mikrotik.co.id/download.php.
1.setelah terinstall dengan baik dan benar jalankan mirotik anda
2.masukan user password default
user:admin
paswword:(kosong)tanpa password
3. ganti nama ethernet anda jika anda mau, dalam hal ini anda dapat memberikan nama apa saja = [galuh@mikrotik] >interface
[galuh@mikrotik] interface >print (melihat dulu berapa banyak ethernet yg terpasang)
[galuh@mikrotik] interface >set 0 name=LAN
[galuh@mikrotik] interface >set 1 name=WAN
4. kemudian nambahkan ip addressnya
[galuh@mikrotik] >ip address
[galuh@mikrotik] ip address >add address=192.168.0.1/255.255.255.0 interface=LAN —-> ini untuk ip interface lokal
[galuh@mikrotik] ip address >add address=203.89.31.34/255.255.255.248 interface=WAN —> ini untuk ip global yg di dapet dari ISP
5. kemudian masukin gatewaynya
[galuh@mikrotik] > ip route
[galuh@mikrotik] ip route >add gateway=192.168.0.0/24/203.89.31.33 —-> ini merupakan gateway untuk keluar
6. kemudian setup webproxy
[galuh@mikrotik] >ip web-proxy
[galuh@mikrotik] ip web-proxy >set enable=yes
[galuh@mikrotik] ip web-proxy >set transparent-proxy=yes
[galuh@mikrotik] ip web-proxy >set max-object-size=1200KiB —> ini supaya nge loadnya ngacir si web proxy
7. kemudian tambahkan rule supaya si client yg menggunakan port 80 akan di oper ke web-proxy
[galuh@mikrotik] >ip firewall nat
[galuh@mikrotik] ip firewall nat >add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=3128
8. kemudian masukan dns nya
[galuh@mikrotik] >ip dns
[galuh@mikrotik] ip dns >set primary-dns=xxx.xxx.xxx.xxx
[galuh@mikrotik] ip dns >set secondary-dns=xxx.xxx.xxx.xxx
9. Sekarang masqurade interface WANnya
[galuh@mikrotik]>ip firewall nat
[galuh@mikrotik] ip firewall nat>add chain=srcnat action=masquerade src-address=192.168.0.0/24 dst-address=0.0.0.0/0
10. sekarang coba ping ke gateway & dns dari mikrotik, kalo REPLY berarti dah konek
SEMOGA TUTORIAL INI DAPAT MEMBANTU
Tutorial Setting Mikrotik RouterOS PPPoE Client Sebagai Gateway Telkom Speedy
Oleh jags66 Komentar
Kategori: Mikrotik dan Routing
Sebetulnya saya sendiri masih kurang begitu menguasai mikrotik, disini saya mencoba untuk berbagi pengalaman aja. Semoga bermanfaat.
Kita mulai setup dari modem adsl nya sebagai brigding protocol mode. Settingnya dapat anda temukan dari manual masing-masing modem. Contoh setting bridging protocol pada modem TECOM AR1031 pada menu Advance setup> WAN. Ikuti petunjuk gambar dibawah ini kemudian lakukan save/reboot.
Selesai setting modem sebagai bridging yang tidak menyimpan password dan user ID anda di modem, bagi anda yang ingin mencoba mengganti IP address default modem bisa di konfigurasi terlebih dahulu melalui PC client. Caranya : kita ubah terlebih dahulu IP modem pada Advance Setup> LAN IP Address contoh 10.10.10.1 lakukan save/reboot. Kemudian lakukan pengubahan selanjutnya di IP client PC ke 10.10.10.2 selesai. Silahkan anda coba ketik di web browser anda IP modem (10.10.10.1). Berhasil?
Kita lanjut ke CPU Mikrotik RouterOS nya.
Tentukan IP Address masing-masing LAN card anda, misal LAN connector dari modem 10.10.10.2 (public), dan 192.168.1.1 ke jaringan lokal anda (lokal). Lakukan perintah ini terlebih dahulu jika anda ingin menspesifikasikan nama ethernet card anda.
interface ethernet set ether1 name=public
interface ethernet set ether2 name=lokal
Pastikan kembali dalam menentukan nama dan alur kabel tersebut, kemudian kita lanjut ke setting IP Address.
/ip address add address=10.10.10.2/24 interface=public
/ip address add address=192.168.1.1/24 interface=lokal
/ip address> print
Pastikan LAN card anda tidak dalam posisi disabled.
Selanjutnya anda bisa memasukkan entry PPPoE Client.
/interface pppoe-client add name=pppoe-user-mike user=mike password=123 interface=public service-name=internet disabled=no
Sebetulnya perintah diatas dapat anda lakukan di winbox, jika ingin lebih mudah sambil cek koneksi jaringan anda ke mikrotik.
Menentukan Gateway dan Routingnya dilanjutkan ke masquerading
/ip route add gateway=125.168.125.1 (IP Gateway Telkom Speedy anda)
/ip route print
IP gateway diatas belum tentu sama, lihat terlebih dahulu ip pppoe client anda. Jika anda belum yakin 100% ip client anda dan gateway nya, lakukan login dan dialing melalui modem anda terlebih dahulu bukan pada mode bridging seperti diatas. Pada menu Device Info akan tampil informasi Default Gateway dan IP client pppoe anda. Ok?
Selanjutnya masquerading, untuk penerusan perintah dari routing yang diteruskan ke nat firewall mikrotik untuk proses routing ke semua client yang terkoneksi
/ip firewall nat add chain=srcnat action=masquerade
Selesai.. tahap routing sudah terlaksanakan. Coba lakukan ping ke mikrotik dan gateway nya. Jika anda ingin sharing ke komputer client jangan lupa masukkan ip gateway pada settingan Network Connection (windows) sesuai dengan IP lokal pada mikrotik anda.
Banyak sekali settingan mikrotik yang dapat anda pelajari dari berbagai sumber. Jika terkesan terlalu rumit dengan sistem pengetikan anda bisa melakukannya dengan winbox mode, setiap tutorial yang anda butuhkan pun dapat anda copy dan paste ke winbox nya mikrotik.
Setting DNS dan Web Proxy Transparant
Input DNS dan web-proxy pun terasa lebih mudah di winbox mode, masukkan primary, secondary dan allow remote request nya, atau dengan perintah di terminal winbox.
/ip dns set primary-dns=203.130.206.250
/ip dns set primary-dns=202.134.2.5
/ip dns allow-remote-request=yes
/ip web-proxy set enabled=yes port=8080 hostname=proxy.koe transpa
rent-proxy=yes
/ip firewall nat add in-interface=lokal dst-port=80 protocol=tcp action=redirect to-ports=8080 chain=dstnat dst-address=!192.168.1.1/24
Link-link firewall pada mikrotik
http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php
http://wiki.mikrotik.com/wiki/Firewall
Semoga membantu.
Jangan lupa untuk menset IP gateway client anda ke 192.168.1.1 agar terkoneksi ke server mikrotik anda dan tidak lupa saya ucapkan terima kasih untuk “kadhol” yang dahulu berkenan memberikan tutor step by step setup mikrotik router newbie buat saya.
________________________________________
66 Tanggapan ke “Tutorial Setting Mikrotik RouterOS PPPoE Client Sebagai Gateway Telkom Speedy”
Pengumpan untuk Entri iniAlamat Jejakbalik
________________________________________
1. 1Yuswar Achmadi
Juni 18, 2007 pukul 11:33
/ip route add gateway=125.168.125.1 (IP Gateway Telkom Speedy anda)
mas jag ip gateway ini ip yang dari telkomspeedy ato ip adsl router?
Cara Setting Mikrotik dengan ISP Speedy
Skema Jaringan dan IP Address yang akan dibuat:
SPEEDY (Internet) –> Modem ADSL (IP modem=192.168.1.1) –>(IP ether1=192.168.1.2) Mikrotik Routeros (IP ether2=10.0.0.30) –> LAN (IP LAN=10.0.0.1 s/d 10.0.0.29)
IP Address LAN, kita gunakan network 10.0.0.0/27 (transfer data =27 bit untuk maks 30 IP Address/komputer).
Untuk Mikrotik RouterOS, kita perlu dua ethernet card. Satu (ether1 - 192.168.1.2/24) untuk sambungan ke Modem ADSL dan satu lagi (ether2 - 10.0.0.30/27) untuk sambungan ke LAN/switch.
Untuk Modem ADSL, IP kita set 192.168.1.1/24.
Pastikan Anda sebelum mengetikkan apapun, telah berada pada root menu dengan mengetikkan “/”
1. Set IP untuk masing² ethernet card:
ip address add address=192.168.1.2/24 interface=ether1
ip address add address=10.0.0.30/27 interface=ether2
Untuk menampilkan hasil perintah di atas ketikkan perintah berikut:
ip address print
Kemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke komputer yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP Anda sudah benar
ping 192.168.1.1
ping 10.0.0.30
2. Menambahkan Routing
ip route add gateway=192.168.1.1 (IP Gateway adalag IP modem)
3. Setting DNS
ip dns set primary-dns=203.130.193.74 allow-remote-requests=yes
ip dns set secondary-dns=202.134.0.155 allow-remote-requests=yes
Karena koneksi menggunakan Speedy dari Telkom, maka DNS yg kita gunakan DNS Telkom. Silahkan sesuaikan dengan DNS Telkom masing tempat Anda berada.
Setelah itu coba Anda lakukan ping ke yahoo.com misalnya:
ping yahoo.com
Jika hasilnya sukses, maka settingan DNS sudah benar
4. Source NAT (Network Address Translation) / Masquerading.
Agar semua komputer yg ada di LAN bisa terhubung ke internet juga, maka Anda perlu menambahkan NAT (Masquerade) pada Mikrotik.
ip firewall nat add chain=srcnat action=masquerade out-interface=ether1
Sekarang coba lakukan ping ke yahoo.com dari komputer yang ada di LAN
ping yahoo.com
Jika hasilnya sukses, maka setting masquerade sudah benar
5. DHCP (DynamicHost Configuration Protocol)
Supaya praktis, kita gunakan saja DHCP Server. Agar setiap ada klien yang ingin konek, dia ga perlu setting IP secara manual. Tinggal obtain aja dari DHCP Server, beres dah. Untungnya Mikrotik ini juga ada fitur DHCP Servernya. Jadi ya ga ada masalah… OK! Langkah2nya sbb:
Buat IP Address Pool
ip pool add name=dhcp-pool ranges=10.0.0.1-10.0.0.29
Menambahkan DHCP Network
ip dhcp-server network add address=10.0.0.0/27 gateway=10.0.0.30dns-server=203.130.193.74,202.134.0.155
Menambahkan Server DHCP
ip dhcp-server add name=DHCP_LAN disabled=no interface=ether2 address-pool=dhcp-pool
Sekarang coba lakukan testing dari komputer klien, untuk me-request IP Address dari Server DHCP. Jika sukses, maka sekali lagi, settingannya sudah OK.
6. Bandwidth Control
Agar semua komputer klien pada LAN tidak saling berebut bandwidth, maka perlu dilakukan yg namanya bandwidth management atau bandwidth control
Model yg saya gunakan adalah queue trees. Untuk lebih jelas apa itu, silahkan merujuk ke situsnya Mikrotik. (http://mikrotik.co.id)
Kondisinya seperti ini:
Koneksi Speedy sekarang ini katanya speednya sampai 1Mbps/128kbps (Download/Upload). Untuk itu setingan bandwidth management nya bisa kita set sbb berikut:
Tandai semua paket yg asalnya dari LAN
ip firewall mangle add src-address=10.0.0.0/27 action=mark-connection
ip firewall mangle add connection-mark=Clients-con action=mark-packet new-packet-mark=Clients chain=prerouting new-connection-mark=Clients-con chain=prerouting
Menambahkan rule yg akan membatasi kecepatan download dan upload
queue tree add name=Clients-Download parent=ether2 packet-mark=Clients limit-at=0 max-limit=0
queue tree add name=Clients-Upload parent=ether1 packet-mark=Clients limit-at=0 max-limit=0
Nilai download dan upload kita set “0″ (nol) dengan tujuan agar bandwidth yang kita dapatkan tidak terbatasi. Karena pada saat-saat tertentu speed speedy bisa mencapai 1,5Mbps. Jadi kalo kita set maks=1mbps maka speed yang kita dapatkan hanya mentok 1mbps saja. rugikan
Sekarang coba lakukan test download dari beberapa klien, mestinya sekarang tiap2 klien akan berbagi bandwidthnya. Jika jumlah klien yg online tidak sampai 10, maka sisa bandwidth yang nganggur itu akan dibagikan kepada klien yg online.
7. Graphing
Mikrotik ini juga dilengkapi dengan fungsi monitoring traffic layaknya MRTG biasa. Jadi kita bisa melihat berapa banyak paket yg dilewatkan pada PC Mikrotik kita.
tool graphing set store-every=5min
Berikutnya yang akan kita monitor adalah paket² yg lewat semua interface yg ada di PC Mikrotik kita.tool graphing interface add-interface=all store-on-disk=yes
Sekarang coba arahkan browser anda ke IP Router Mikrotik (IP ether2 yang ke LAN)
http://10.0.0.30/graphs/
Nanti akan ada pilihan interface apa aja yg ada di router Anda. Coba klik salah satu, maka Anda akan bisa melihat grafik dari paket2 yg lewat pada interface tersebut.
Sampai disini kita telah selesai melakukan setting mikrotik dasar untuk koneksi speedy.
Membagi Bandwidth Tanpa Mikrotik
"Mas, bisa gak dengan peralatan kita yang sekarang untuk membagi Bandwidth untuk setiap klient?". itu kutipan pertanyaan yang sering dilontarkan baik di milis or di forum ini. Kemudian saya mencoba mencari referensi dar teman-teman yang sudah lebih dahulu terjun ke dunia internet tapi kebayanyakan dari mereka merekomendasikan menggunakan mikrotik. Wah selain harus beli saya pikir lebih baik saya mencari alternatif lain yang open source dan tentunya gatis ya saya salah seorang yg suka seusatu yang gratis, semoga anda juga demikian
berkat bantuan rekan saya Google.com akhirnya saya mendapatkan apa yang saya inginkan. ternyata sangat banyak tool yang dapat digunakan untuk membagi bandwidth dan penggunaannya sangat mudah sekali. Bahkan kalo anda menggunakan fedora core 5 anda tidak perlu susah-susah menginstallnya. Nah apa saja sih yang dapat digunakan? berikut adalah tool yang dapat digunakan:
CBQ
HTB
Webmin/CBQ
P2P Grab
Bluestar
pada kesempatan ini saya akan men-sharing kepada anda bagaimana membagi bandwidth mengunakan point yang paling atas (CBQ)
1. Saya asumsikan anda menggunakan Fedora Core 5
2. [root@oprekhouse ~]# cd /etc/sysconfig/cbq
[root@oprekhouse cbq ~]# ls -l
...
-rw-r--r-- 1 root root 11 Feb 12 2006 avpkt
-rw-r--r-- 1 root root 79 Feb 12 2006 cbq-0000.example
3. rename cbq-0000.example misalnya menjadi cbq-256.lansatu
4. edit file cbq-256.lansatu
contoh 1 :
DEVICE=eth1,10Mbit,1Mbit
RATE=256Kbit
WEIGHT=25.6Kbit
PRIO=5
RULE=192.168.1.1/32
contoh 2:
DEVICE=eth1,10Mbit,1Mbit
RATE=512Kbit
WEIGHT=51.2Kbit
PRIO=5
RULE=192.168.1.1/32
Isi file seperti di atas itu artinya anda memberikan bandwidth 256 kepada semua client yang koneksi internet melalui gateway 192.168.1.1. jadi misalnya anda memiliki klien 100 yang terkoneksi itu berarti bandwith 256 itu di share oleh 100 client tersebut.
5. [root@oprekhouse ~]# /sbin/cbq start
kali anda mendapatkan pesan seperti berikut, lakukan langkah ke 6:
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
find: warning: you have specified the -maxdepth option after a non-option argument (, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.
6. [root@oprekhouse ~]# /sbin/cbq restart
7. Selesai
Sekarang silahkan anda cek apakah CBQ sudah benar-benar berjalan dengan baik. Kalau saya menggunakan cari ini
[root@oprekhouse ~]# iftop -i eth1 (eth satu adalah yg ber ip 192.168.1.1)
Semoga bermanfaat
Load-balancing & Fail-over di MikroTik
Kondisi : ISP dimana kita bekerja sebagai Administrator menggunakan lebih dari satu gateway untuk terhubung ke Internet. Semuanya harus dapat melayani layanan upstream & downstream. Karena akan beda kasusnya apabila salah satunya hanya dapat melayani downstream, contohnya jika menggunakan VSAT DVB One-way.
Untuk kasus ini dimisalkan ISP memiliki 2 jalur ke Internet. Satu menggunakan akses DSL (256 Kbps) dan lainnya menggunakan Wireless (512 Kbps). Dengan rasio pemakaian DSL:Wireless = 1:2 .
Yang akan dilakukan :
1. Menggunakan semua jalur gateway yang tersedia dengan teknik load-balancing.
2. Menjadikan salah satunya sebagai back-up dengan teknik fail-over.
OK, mari saja kita mulai eksperimennya :
1. IP address untuk akses ke LAN :
>/ip address add address=192.168.0.1/28 interface=LAN
IP address untuk akses ke jalur DSL :
>/ip address add address=10.32.57.253/29 interface=DSL
IP address untuk akses ke jalur Wireless :
>/ip address add address=10.9.8.2/29 interface=WIRELESS
Tentukan gateway dengan rasionya masing-masing :
>/ip route add gateway=10.32.57.254,10.9.8.1,10.9.8.1
2. Pada kasus untuk teknik fail-over. Diasumsikan jalur utama melalui Wireless dengan jalur DSL sebagai back-up apabila jalur utama tidak dapat dilalui. Untuk mengecek apakah jalur utama dapat dilalui atau tidak, digunakan command ping.
>/ip firewall mangle add chain=prerouting src-address=192.168.0.0/28 action=mark-routing new-routing-mark=SUBNET1-RM
>/ip route add gateway=10.9.8.1 routing-mark=SUBNET1-RM check-gateway=ping
>/ip route add gateway=10.32.57.254
3. Good Luck!!
PCQ
Dengan menggunakan queue type pcq di Mikrotik, kita bisa membagi bandwidth yang ada secara merata untuk para pelahap-bandwidth™ -->saat jaringan pada posisi peak.
Contohnya, kita berlangganan 256 Kbps. Kalau ada yang sedang berinternet ria, maka beliau dapat semua itu jatah bandwidth. Tetapi begitu teman-temannya datang, katakanlah 9 orang lagi, maka masing-masingnya dapat sekitar 256/10 Kbps. Yah.. masih cukup layaklah untuk buka-buka situs non-porn atau sekedar cek e-mail & blog--> .
OK, langsung saja ke caranya :
1. Asumsi : Network Address 192.168.169.0/28, interface yang mengarah ke pengguna diberi nama LAN, dan interface yang mengarah ke upstream provider diberi nama INTERNET;
2. Ketikkan di console atau terminal :
>/ip firewall mangle add chain=forward src-address=192.168.169.0/28 action=mark-connection new-connection-mark=NET1-CM
>/ip firewall mangle add connection-mark=NET1-CM action=mark-packet new-packet-mark=NET1-PM chain=forward
>/queue type add name=downsteam-pcq kind=pcq pcq-classifier=dst-address
>/queue type add name=upstream-pcq kind=pcq pcq-classifier=src-address
>/queue tree add parent=LAN queue=DOWNSTREAM packet-mark=NET1-PM
>/queue tree add parent=INTERNET queue=UPSTREAM packet-mark=NET1-PM
3. Good Luck!!
Memanipulasi ToS ICMP & DNS di MikroTik
Tujuan :
• Memperkecil delay ping dari sisi klien ke arah Internet.
• Mempercepat resolving hostname ke ip address.
Asumsi : Klien-klien berada pada subnet 10.10.10.0/28
1. Memanipulasi Type of Service untuk ICMP Packet :
>ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=icmp action=mark-connection new-connection-mark=ICMP-CM passthrough=yes
>ip firewall mangle add chain=prerouting connection-mark=ICMP-CM action=mark-packet new-packet-mark=ICMP-PM passthrough=yes
>ip firewall mangle add chain=prerouting packet-mark=ICMP-PM action=change-tos new-tos=min-delay
2. Memanipulasi Type of Service untuk DNS Resolving :
>ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=tcp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
>ip firewall mangle add chain=prerouting src-address=10.10.10.0/28 protocol=udp dst-port=53 action=mark-connection new-connection-mark=DNS-CM passthrough=yes
>ip firewall mangle add chain=prerouting connection-mark=DNS-CM action=mark-packet new-packet-mark=DNS-PM passthrough=yes
>ip firewall mangle add chain=prerouting packet-mark=DNS-PM action=change-tos new-tos=min-delay
3. Menambahkan Queue Type :
>queue type add name=”PFIFO-64″ kind=pfifo pfifo-limit=64
4. Mengalokasikan Bandwidth untuk ICMP Packet :
>queue tree add name=ICMP parent=INTERNET packet-mark=ICMP-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
5. Mengalokasikan Bandwidth untuk DNS Resolving :
>queue tree add name=DNS parent=INTERNET packet-mark=DNS-PM priority=1 limit-at=8000 max-limit=16000 queue=PFIFO-64
6. Good Luck!!
Queue Tree with more than two interfaces
Basic Setup
This page will tak about how to make QUEUE TREE in RouterOS that with Masquerading for more than two interfaces. It’s for sharing internet connection among users on each interfacess. In manual this possibility isn’t writted.
First, let’s set the basic setting first. I’m using a machine with 3 or more network interfaces:
[admin@instaler] > in pr
# NAME TYPE RX-RATE TX-RATE MTU
0 R public ether 0 0 1500
1 R wifi1 wlan 0 0 1500
2 R wifi2 wlan 0 0 1500
3 R wifi3 wlan 0 0 1500
And this is the IP Addresses for each interface:
[admin@instaler] > ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.20.1.0/24 10.20.1.0 10.20.1.255 public
1 10.10.2.0/24 10.10.2.0 10.10.2.255 wifi1
2 10.10.3.0/24 10.10.3.0 10.10.3.255 wifi2
3 10.10.4.0/24 10.10.4.0 10.10.4.255 wifi3
On the public you can add NAT or proxy if you want.
Mangle Setup
And now is the most important part in this case.
We need to mark our users. One connectoin for upload and second for download. In this example I add mangle for one user. At the end I add mangle for local transmission because I don’t QoS local trafic emong users. But for user I need to separate upload and download.
[admin@instaler] ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
disabled=no
0 chain=forward dst-address=10.10.2.36 action=mark-connection
new-connection-mark=users-userU passthrough=yes comment=”” disabled=no
1 chain=forward dst-address=10.10.2.36 action=mark-connection
new-connection-mark=users-userD passthrough=yes comment=”” disabled=no
2 chain=forward connection-mark=users-userU action=mark-packet
new-packet-mark=userU passthrough=yes comment=”” disabled=no
3 chain=forward connection-mark=users-userD action=mark-packet
new-packet-mark=userD passthrough=yes comment=”” disabled=no
98 chain=forward src-address=10.10.0.0/16 dst-address=10.10.0.0/16
action=mark-connection new-connection-mark=users-lokal passthrough=yes
99 chain=forward connection-mark=users-lokal action=mark-packet
new-packet-mark=lokalTrafic passthrough=yes
Queue Tree Setup
And now, the queue tree setting. We need one rule for downlink and one rule for uplink. Be careful when choosing the parent. for downlink traffic, we use parent “global-out”, because we have two or more downloading interfaces. And for uplink, we are using parent “public”, we want QoS uplink traffic. (I’m using pcq-up and download from manual) This example is for 2Mb/1Mb
[admin@instaler] > queue tree pr
Flags: X - disabled, I - invalid
0 name=”Download” parent=global-out packet-mark=”” limit-at=0
queue=pcq-download priority=1 max-limit=2000000 burst-limit=0
burst-threshold=0 burst-time=0s
1 name=”Upload” parent=WGW packet-mark=”” limit-at=0 queue=pcq-upload
priority=1 max-limit=1000000 burst-limit=0 burst-threshold=0
burst-time=0s
Now we add our user:
2 name=”user10D” parent=Download packet-mark=userD limit-at=0
queue=pcq-download priority=5 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s
3 name=”user10U” parent=Upload packet-mark=userU limit-at=0
queue=pcq-upload priority=5 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s
MAC Address + IP Address Linux
#!/bin/sh
iptables=/sbin/iptables
#definisikan default policy disini
$iptables -F INPUT
$iptables -F OUTPUT
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP #ingat nanti buka policy output yg perlu
$iptables -F FORWARD
$iptables -F -t nat
$iptables -P FORWARD DROP
#definisi default policy dan bikin chain baru bernama maccheck di interface eth1
$iptables -t mangle -F
$iptables -t mangle -F maccheck
$iptables -t mangle -X maccheck
$iptables -t mangle -N maccheck
$iptables -t mangle -I PREROUTING -i eth1 -p all -j maccheck
#self explanatory… ip address + mac
$iptables -t mangle -A maccheck -s 192.168.0.1 -i eth1 -m mac -j RETURN
–mac-source
00:80:11:11:11:11
$iptables -t mangle -A maccheck -s 192.168.0.2 -i eth1 -m mac -j RETURN
–mac-source
00:80:22:22:22:22
$iptables -t mangle -A maccheck -s 192.168.0.3 -i eth1 -m mac -j RETURN
–mac-source
00:80:33:33:33:33
#selain yg terdaftar baik ip maupun mac akan di mark untuk nanti di drop, isi
dengan salah satu
mac yg aktif yg mana saja
#disini contohnya 00:80:11:11:11:11 yg sudah kita definisikan di atas
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -m mac -j MARK –mac-source !
00:80:11:11:11:11
–set-mark 1
$iptables -t mangle -A maccheck -s 0/0 -i eth1 -p all -j MARK –set-mark 1
#drop packet yg di mark
$iptables -A INPUT -i eth1 -m mark –mark 1 -j DROP
$iptables -A OUTPUT -o eth1 -m mark –mark 1 -j DROP
$iptables -A FORWARD -i eth1 -m mark –mark 1 -j DROP
#lanjutkan firewall script anda disini
source = primadonal.com
Limit Different Bandwidth In Day and Night in Mikrotik
From MikroTik Wiki
There are lot many ways to limit bandwidth for day and Night, but personally I found this is the easiest way, Here it is.
I have used Simple Queue, Script and Scheduler.
Suppose we have one network 192.168.1.0/24 and want to limit Bandwidth for day and Night Time.
Network 192.168.1.0/24
Bandwidth = 06:00am – 18:00pm – 1Mbps.
Bandwidth = 18:00pm – 06:00am – 2Mbps.
Create two simple queues for the same network with different Bandwidth Limit.
/queue simple
#name=”Day” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface= parent=none direction=both priority=8
queue=default-small/default-small limit-at=512k/512k
max-limit=1M/1M total-queue=default-small
#name=”Night” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface= parent=none direction=both priority=8
queue=default-small/default-small limit-at=1M/1M
max-limit=2M/2M total-queue=default-small
Now, write scripts
/system script
#name=”Day” source=/queue simple enable Day; /queue simple disable Night
#name=”Night” source=/queue simple enable Night; /queue simple disable Day
Finally, Schedule it
/system scheduler
#name=”Day” on-event=Day start-date=oct/13/2007 start-time=06:00:00 interval=1d
#name=”Night” on-event=Night start-date=oct/13/2007 start-time=18:00:00 interval=1d
Retrieved from http://wiki.mikrotik.com/
Create Dota dimesin Mikrotik
DOTA merupakan salah satu games Warcraft untuk versi online. pada gamenet games ini merupakan games terlaris selain games-games online lain seperti ragnarok, sealonline, pangya, deco dan masih banyak lagi. selain games ini gratis alias nda pake pocer, juga sangat asyik dimaenkan. disini saya coba menulis tentang bagaimana create DOTA di mesin mikrotik.
Ikuti langkah-langkah berikut :
[admin@mendem] >ip firewall nat add chain=srcnat action=masquerade out-interface=Public
[admin@mendem] >ip address add address=202.xxx.xxx.xxx/32 interface=Public (xxx diisi sesuai IP public kamu)
[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.xxx action=dst-nat to-addresses=192.168.***.*** (*** diisi sesuai dengan IP lokal yang ingin bisa create game)
[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.*** action=src-nat to-addresses=202.xxx.xxx.xxx
Agar client yg tergabung dalam LAN atau yang satu network bisa bermain bersama tambahkan perintah :
[admin@mendem] >ip firewall nat add chain=dstnat dst-address=202.xxx.xxx.1-202.xxx.xxx.254 action=netmap to-addresses=192.168.***.1-192.168.***.254
[admin@mendem] >ip firewall nat add chain=srcnat src-address=192.168.***.1-192.168.***.254 action=netmap to-addresses=202.xxx.xxx.1-202.xxx.xxx.254
Sampai disini sudah berhasil , namun ternyata ada masalah yang saya hadapi, yaitu mesin mikrotik tidak dapat saya akses atau remote dari luar jaringan dan masalah lain, port SNMP ikut-ikutan ketutup sehingga untuk menampilkan traffic cacti jadi blank …ada yang bisa membantu
Fix Dota Mik
Sebelumnya saya pernah menulis tentang Rules Create Dota di Mikrotik, namun ada kendala saat rules diaktifkan maka routerbox tidak dapat di remote, diping bahkan tidak bisa menampilkan grafik MRTG/Cacti.
Setelah beberapa kali mencoba dan mencari literatur dari mbah google akhirnya ketemu rules yang cocok untuk kepentingan remote dari luar jaringan, bisa di ping dan tentunya saya bisa melihat grafik pemakaian bandwitdh lewat MRTG/Cacti.
Rules nya seperti ini :
ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=tcp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113
ip firewall nat add chain=dstnat dst-address=202. x . x . x protocol=udp dst-port=6113 action=dst-nat to-addresses=192.168. x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=tcp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x protocol=udp src-port=6113 action=src-nat to-addresses=202. x . x . x to-ports=6113
ip firewall nat add chain=srcnat src-address=192.168. x . x -192.168. x . x action=netmap to-address=202. x . x . x -202. x . x . x to-ports=0-65535
Mungkin sudah banyak yang tahu tentang rules diatas, harapan saya rules diatas bisa dipakai siapa saja yang memerlukannya, karena dari pengalaman yang ada sungguh sulit mencari literatur atau googling tentang rules create dota di mikrotik.
semoga membantu .
DIAL UP SEEDY DENGAN MIKROTIK ROUTER
Tulisan ini hanya catatan kecil sebagai pengingat kalau speedy mikrotik saya bermasalah. pada setting ini, Mikrotik difungsikan sebagai router yang langsung mendial speedy.
Topologi yang digunakan sbb:
INTERNET —> MODEM ADSL —> MIKROTIK —> SWITCH —> CLIENT
xxx.xxx.xxx.x ->192.168.1.1->192.168.1.2/192.168.0.1->192.168.0.2-192.168.0.254
MEMULAI SETTING MIKROTIK
Pertama tentukan dahulu nama yang akan digunakan pada masing masing Card Lan yang ada pada Mikrotik.
interface ethernet set ether1 name=Speedy
interface ethernet set ether2 name=Local
Setelah masing masing card lan diberi nama, tentukan IP-nya
ip address add address=192.168.1.2/24 interface=Speedy
ip address add address=192.168.0.1/24 interface=Local
pemeriksa apakah nama card lan dan ip yang diberikan sudah benar.
ip address print
Kemudian lakukan ping ke masing masing IP tersebut untuk memastikan confogurasi sudah tepat.
Tahapan selanjutnya adalah mengaktifkan fitur PPOE pada Modem ADSL Speedy lewat Mikrotik.
/interface pppoe-client add name=pppoe-user-speedy user=111xxxxxxxxx@telkom.net password=(masukkan pasword speedy) interface=Speedy service-name=internet disabled=no
/ip route add gateway= 125.124.123.1(dapat diketahui dengan command ipconfig pada saat dial speedy via windows)
/ip route print
Setting DNS
/ip dns set primary-dns=202.134.1.10 allow-remote-request=yes
/ip dns set secondary-dns=202.134.0.155 allow-remote-request=yes
Selanjutnya proses masquerading, untuk penerusan perintah dari routing yang diteruskan ke nat firewall mikrotik untuk proses routing ke semua client yang terhubung.
/ip firewall nat add chain=srcnat action=masquerade
Langkah terakhir, buka winbox, pada menu pppoe pastikan ceklist pada “add default route”
Setelah Proses diatas selesai, lakukan ping ke 202.134.0.155 jika koneksi terhubung artinya Mikrotik telah mengaktifkan Speedy sebagai Gateway Internetnya.
Setup DNS Mikrotik
ALTERNATIVE PROCEDURE IF YOU WANT TO INPUT A FIXED IP/GATEWAY/DNS SERVER ADDRESS
(instead of using DHCP on the ether1 port)
Caution:
Use care in selecting the DNS SERVER IP address in the setup below. You MUST select an actual DNS server or a router which provides DNS services. Some routers (such as the Hawking FR24) provide a "DNS RELAY" feature on the gateway address which redirects DNS service requests that are sent to the router Gateway Address to some downstream DNS Server. Such "dns relay" service is not always compatible with the Mikrotik system. Other routers (such as the NexLand 800 Turbo and many other router setups) do provide normal DNS Services on the gateway address. In many routers it may depend on user programming.
The Mikrotik router will NOT resolve DNS properly for the Hotspot unless the pointer to a DNS server source points to a "real" DNS Server or a router which actually provides DNS SERVICES on the Gateway address. The result of no DNS service will be that your hotspot login screen will not be loaded when "any URL" is transmitted to the ether2 (Hotspot) port via your browser. This problem can be very confusing to diagnose.
You can test what DNS address you should setup in the Mikrotik unit by running an ip configuration test on a Windows equipped computer connected to your router that you also intend your Mikrotik to use for internet access. Proceed as follows:
b) In your windows computer, in network settings, select tcp/ip properties, and select "obtain an IP address automatically" and "obtain DNS server address automatically". Click OK and exit and reboot if necessary to activate the new settings. Then execute Setup>Run>
then enter
Note in this example, the DNS SERVER reported is 192.168.168.1 which IS the same as the Default Gateway and the downstream router (not Mikrotik) IP address. THIS IS NOT ALWAYS SO! The DNS server found by the DHCP operation of your windows computer may be in an entirely different range from the default gateway IP address. Thus, if you use a fixed IP address/Gateway/DNS Server selection, your Mikrotik router DNS Server setup MUST use the DNS Server found by a computer with DHCP Client operating as above. You cannot assume it is the same as your router's default gateway address.
Once you have the downstream router's Gateway address and DNS Server address defined, select an IP address for your Mikrotik unit and proceed as follows. (Here, we are assuming that your Mikrotik System's IP address and mask is 128.1.1.120/255.255.255.0, Gateway of the downstream router is 128.1.1.1 and that the DNS Server's IP address is 207.69.188.186. Make any changes you deem necessary.)
29a) [admin@MikroTik] interface> /ip
(Note: The address 128.1.1.120 (below) represents the PUBLIC INTERNET side IP address of the Mikrotik Router. Change to your own suitable address as may be required.)
(All commands must be all in one continuous string (no carriage returns even if the red command characters are shown on multiple lines) when input and followed at the end by a carriage return. Be careful to look for parts of commands on second and even third lines in the listings below. The /24 after the IP address is equivalent to stating that the mask is 255.255.255.0)
29b) [admin@MikroTik] ip>address add address=128.1.1.120/24 comment="TechNet LAN to Internet" interface=ether1
29c) [admin@MikroTik] ip>route add gateway=128.1.1.1
(The following test will locate your public ethernet port . Proceed as follows. You may PING your gateway address (128.1.1.1 in the example) which pinging will occur out the ether1 NIC port. Notes: You may also ping some other address if you wish. You can stop the PING command by entering at any time.) Now we test to see that we are connected to the internet by pinging "some" known IP address such as:)
(Note: This next command normally sets your system up so that all DNS calls go directly to the ISP's DNS servers. If you are behind another router/firewall you could (probably) use the gateway address of your router (as is done in the example) as many do provide DNS service. However, pointing directly to the ISP's DNS servers is usually faster.)
29d) [admin@MikroTik] ip>/ip dns set primary-dns=128.1.1.1(Change to YOUR ISPs DNS servers. Or- This may be the gateway IP address of a LAN router (as this actually is) which has DNS services. You may be able to change to YOUR ISP's recommended DNS server IP address if permitted by your router and operation will likely be faster.)
29e) [admin@MikroTik] ip>/ip dns set secondary-dns=207.69.188.186(Add a secondary DNS server if your ISP has one. This example is one of earthlink's DNS servers.)
IF you wish to install a DNS Cache in your Hotspot router so DNS requests will be handled out of the local cache instead of going to the router (or external ISP) each time, enter the following line.
29f) [admin@MikroTik] ip>/ip dns-cache set primary-server=128.1.1.1(This sets up the dns-cache to access from the LOCAL ROUTER’s DNS server. You may wish to change the above two IP addresses to your ISP’s DNS IP address if permitted by your router. You can also use the
/ip dns-cache set secondary-server=xxx.xxx.xxx.xxx
to set up a secondary DNS-CACHE server if you wish. )
29g) [admin@MikroTik] ip>dns print
resolve-mode: remote-dns
primary-dns: 128.1.1.1 (This should be your primary DNS server IP address.)
secondary-dns: 207.69.188.186 (You should setup a secondary-dns server if you have one.)
and then:
29h) [admin@MikroTik] ip>dns-cache print
enabled: no (You get to enable it later when you setup the hotspot.)
primary-server: 128.1.1.1 (This should be your primary DNS server IP address.)
secondary-dns: 0.0.0.0 (You should setup a secondary-dns server (in step #19) if you have one.)
running: no (It will start running if you enable "use DNS CACHE" when you setup the hotspot.)
usage: 0%
entries: 0
Mikrotik Hotspot Advantages/Limitations
I have been looking at various Hotspot Router Software offerings for several months. I wanted a more flexible system than NoCatAuth which could incorporate three NIC ports and which did not depend exclusively on remote authentication. The Mikrotik system was one of my first attractions, but after weeks of frustrated effort in March, I found that the Mikrotik HOTSPOT software would not work with external stand alone wireless Access Points I wanted to be able to use. In late May, I got an email from Mikrotik saying that the system would now work on other than the expensive routers. I have tested out the new version 2.7.4 software and it seems to have everything I have been looking for and at a reasonable price.
Mikrotik is a software company in Latvia that has been developing their version of a Linux router since about 1995. In 2002, they first offered a WiFi Hotspot capability which operated with specific internal (to the Linux computer) wireless cards and a few APs. In mid 2003, this range has expanded to allow working with a wide range of vendor’s standard Wireless Access Points. This recently includes the Dlink 900AP+ and similar inexpensive APs as well as the old standbys such as Cisco. Some specific features and advantages of the Mikrotik Router with HotSpot in (the latest) version 2.7.4 are:
1) It is supported software with a constant stream of feature enhancements and fixes for problems experience by users. Bug fixes are frequent and severe problems seem to be fixed pretty fast.The Mikrotik system has a very complete (500+ page) reference manual as the system has functions that allow it to do about everything an ISP could dream of doing and more than most casual users will ever need. But.. If you need some routing feature, likely it is already available.
2) The bad news is Mikrotik Tech Support is not the best even after you buy a license so they will assist. :( The Mikrotik technicians know a lot about their system but: Most answers to emailed questions seem to be references to the manual and if you send three questions, they likely will only answer part of them. Some answers I did receive had errors that are just killers for a beginning router programmer/user.
There are lots of command examples in the manual but almost zero overall application examples. The exception is a HotSpot example, but even with this, only someone already familiar with router ip table setup can get through the complete design without outside help. I did get some excellent help from Eje Gustaffason at who offers Mikrotik consulting for $100 per hour. Not Cheap... But a lot cheaper than spending weeks with a simple problem that you cannot work out. Eje is fast and efficient and best of all he gives workable answers with explanations a beginner can understand and use. The detailed three port application example plus the two port example that I have worked up are the only ones I know of. Let me know if there are improvements/clarifications needed.
3) The system software itself is inexpensive. A fully working basic software system with PPPoE and limited to 4 simultaneous Hotspot users and 4 total NAT entries is FREE to download and use from for evaluation and unlimited use but without any support whatsoever (which is quite reasonable). Other options include a solid state 64meg IDE FLASH "disk drive" with the fully Licensed Mikrotik Router + Hotspot software loaded on it with a one year free update service for US$125 from http://www.fament.com/catalog/product_info.php?products_id=39. This Flash drive system requires no floppy/CDROM/Hard Drive in a router system. The licensed software alone is about $75 from fament.com if you want to make a WiFi Hotspot authenticator/controller in a computer you already have and you wish to use your conventional disk drive (100meg or more). The system for local Hotspot use will run fine on a Pentium I-75mhz machine with 64megs of RAM.
4) The Mikrotik system is quite complex and will take most people a good while to learn in detail. HOWEVER, with the cook book application guide that I have worked up HERE, a three port Hotspot router can be assembled and made operational in one evening by someone who just knows how to do medium complexity software installs on a PC.
5) The system allows the HotSpot owner/operator (OO) to edit the locally stored html files used for login, FAQs, Help pages, etc. The user can freely add or change links between these pages and the main login page using FrontPage or Dreamweaver or even Netscape Composer except for the login.html page which has tables.
6) It is possible to allow internet access to specific websites (with fixed IP addresses) without login when desired.
7) Hotspot User Authentication can be done from a local list (default) or from a local or remote RADIUS authentication server. The system can be programmed to use local authentication when it is available and to query a RADIUS server when the desired entry is not in the local list. The RADIUS server is expected to periodically update the local list. If the RADIUS server or link should fail, the local authentication will continue uninterrupted. In my opinion, a feature like this is an essential ingredient for our growing Atlanta Free Net system.
6) The Mikrotik “UNIVERSAL CLIENT” optionally permits “any” roaming user with “any” normal IP address and gateway setup in his networking to access the Hotspot without changing his networking setup. I really like this feature. :) Note: The Universal Client feature is mutually exclusive with use of the DWL-900AP+ as a REPEATER of Mikrotik data packets. The "address mangling" done to accommodate the Universal Client confuses the DWL-900 Repeaters.
7) It is easy to give any number of user “groups” different privileges on the Hotspot. For instance, group “guests” could be given 32kbps internet service speed upon login. Registered Guests could be (for instance) given 144kbps. Members could be given 1mbps and Owners could be given “full” speed. It is possible to configure queues so that even if the higher speed users are using “all available” bandwidth, low priority users still get most of their allocated bandwidth. "Burst" modes can also be configured so that users get a "burst" of traffic for some seconds and then get throttled to some lower speed. This can give even low speed users the feel of higher speed, yet throttle their download speed on game or file download.
8) The Mikrotik system can be configured with multiple NICs with varying capabilities. In my “cook book” system design, I have the router configured to accept one “public” LAN (could be PPPoE) input for the internet connection. A second NIC is the connection for the Hotspot Access Point. A third NIC port is provided to connect the local home LAN to the internet. web-proxy and NAT filters are used to insure that users on the Hotspot cannot access computers on the home LAN and vice versa. This eliminates the need in most cases for a separate router as the Mikrotik system can provide full NAT and firewall services for both the Hotspot and for the local LAN services at the same time..
9) Inbound service via the Mikrotik OS Router can direct traffic to mail servers and/or other computers or servers on the home local LAN.
10) The Hotspot provided can accommodate multiple simultaneous logins with the same username and password. In my own setup, I instruct "roaming guests" to sign in as “guest” with a blank password. This gives internet connectivity and mail service at low speed. If a user registers with me, I will give him connectivity speeds as negotiated. For now, everyone is at DSL speed but I can change that at will.
11) The one thing I know of that the Mikrotik does not now offer that is provided in the NoCatAuth box is SELF REGISTRATION. With the Mikrotik box, registration and user enabling past the “guest” stage requires an email to the hotspot supervisor and manual input of a user ID and password. This input takes about half a minute via a windows based GUI.
12) The bandwidth throttling system allows the user to throttle bandwidth for individual user groups, and for entire NIC ports. Thus, you can prevent your hotspot users from using all of your bandwidth even if a number of users simultaneously download large files.
13) Perhaps most useful for the Owner/Operator of Hotspots, programming changes can be done by most any user who has a reasonable amount of computer skills in the area being changed. By this, I mean “anybody” can change a user name, password, and user group or setup a new usergroup with different capabilities and bandwidth allocations. But while changing the bandwidth offered a user group is straightforward, the OO understand the basic area of bandwidth allocation on a network. Other changes similarly require that the user understand what he is doing. Routing changes demand that the user understand at least the basics of Linux ip table operation and setup.
14) The Mikrotik is undoubtedly an extremely complex system overall, but straightforward if you just need to put up a three port system in accord with my new Hotspot Application Note. The draft document is available at the link below. I am continuing to add features and it will be fleshing out more in the weeks to come. The basic hotspot and authentication all work fine and I am in the process of refining the firewall features. I will also be adding PPPoE as an option so the router can connect directly to a DSL or Cable modem. You can manually input the commands in just a couple of hours. See http://www.gpsinformation.org/hotspot/mikrotik_hotspot_article.html
at 11:06 PM2 comments
Setup Mikrotik used as a wireless Hotspot server/authenticator
What we are trying to do:
The Mikrotik Router OS system is software designed to run on an "IBM type" Personal Computer. It has many capabilities including operating as a Wireless HotSpot controller, router, firewall, PPPoE controller, among many other capabilities. This router basically can be used to operate a small ISP. In our example, we are setting up a three port system which is designed to have one port going to the internet, a second to provide HotSpot services via an external access point and a third port to serve the user's local LAN. Separation and firewall protection is provided to prevent intrusion from the internet and from the HotSpot port into the user's local LAN. Be sure to verify the firewall protection for yourself. Advantages/Limitations of the Mikrotik Hotspot System as seen by the author can be viewed HERE.
The basic features that I need in this Home Hotspot installation are:
* Provide isolation of computers on my home LAN from internet traffic and users on the WIRELESS HotSpot Access Point. This needed to be done without the use of encription on the wireless link so "anyone" could easily log in without first getting permission.
* Allow my normal household internet traffic to/from the internet to use the same connection as traffic from my wireless HotSpot
* Allow traffic on the Internet to access my mail server and any other servers on my Home LAN.
* Provide "Casual" users of the Home HotSpot to "log in" and access their WebMail and normal Internet while limiting their bandwidth usage.
* Allow "Trusted" users of the Home Hotspot to "log in" to access whatever ports and services may be allowed for them on an individual basis.
* Allow "Me" to access anything I want to over the Wireless Hotspot connection to the local LAN or to the Internet.
* Provide the capability to have a direct PPPoE connection to a DSL/Cable modem or alternatively a direct connection to a router LAN port. LOCAL
See complate tutorial
at 9:29 PM0 comments
Friday, June 29, 2007
Membangun hotspot dengan mikrotik
The MikroTik HotSpot Gateway enables providing of public network access for clients using wireless or wired network connections.
HotSpot Gateway features:
• authentication of clients using local client database, or RADIUS server
• accounting using local database, or RADIUS server
• Walled-garden system (accessing some web pages without authorization)
Quick Setup Guide
The most noticeable difference in user experience setting up HotSpot system in version 2.9 from the previous RouterOS versions is that it has become in order of magnitude easier to set up a correctly working HotSpot system.
Given a router with two interfaces: Local (where HotSpot clients are connected to) and Public, which is connected to the Internet. To set up HotSpot on the Local interface:
1. first, a valid IP config is required on both interfaces. This can be done with /setup command. In this example we will assume the configuration with DHCP server on the Local interface
2. valid DNS configuration must be set up in the /ip dns submenu
3. To put HotSpot on the Local interface, using the same IP address pool as DHCP server uses for that interface: /ip hotspot add interface=local address-pool=dhcp-pool-1
4. and finally, add at least one HotSpot user: /ip hotspot user add name=admin
These simple steps should be sufficient to enable HotSpot system
Please find many HotSpot How-to's, which will answer most of your questions about configuring a HotSpot gateway, at the end of this manual. It is still recommended that you read and understand all the Description section below before deploying a HotSpot system.
for complete configuration please visit:
