MTCNA
MTCNA
Jadwal Training
Session 1
Session 2
Hari 1
Pre Test
&
Introduction
Installation
&
Basic
Networking
Basic Configuration
Hari 2
Bridge
Wireless
Routing
Hari 3
Hari 4
00-2
Session 3
Firewall
Hotspot
Session 4
QOS
VPN
TEST
4/17/2014
Jadwal Harian
00-3
Sessi 1
Coffee Break
Sessi 2
Lunch
Sessi 3
Coffee Break
Sessi 4
08.30 10.00
10.00 10.30
10.30 - 12.00
12.00 13.00
13.00 14.30
14.30 15.00
15.00 - 17.00
4/17/2014
00-4
Basic/Essential Training
MikroTik Certified Network Associate (MTCNA)
Advanced Training
Certified Wireless Engineer (MTCWE)
Certified Routing Engineer (MTCRE)
Certified Traffic Control Engineer (MTCTCE)
Certified User Managing Engineer (MTCUME)
Certified Inter Networking Engineer (MTCINE)
4/17/2014
Certification Test
00-5
4/17/2014
4/17/2014
Introduction to Mikrotik
One engineer:
Mikrotik Certified Consultant (2005)
http://www.mikrotik.com/consultants.html
01-8
4/17/2014
Head Office
Rep. Office
01-9
Gd Cyber Lt 11
Jl Kuningan Barat 8 Jakarta 12710
Telp: 021-5209612
Fax: 021-5209614
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
What Is Mikrotik?
01-10
Wireless board
contoh: RB400, RB600, RB750, RB1000
Wireless interface (R52, R52H, R5H, R52N, R2N)
menggunakan RouterOS sebagai software
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
What Is Mikrotik?
01-11
4/17/2014
Processor
RAM
Ether
MiniPCI
Radio
RB800
800MHz
256MB
3 GE
RB43x series
680/300MHz
256/128/ 64MB
3(GE/FE)
3/5
RB41x series
680/300 MHz
64/32MB
1 (GE/FE)
opt
Groove Series
600MHz
128/64MB
1 FE
RB711 series
400MHz
32MB
Metal series
400MHz
64MB
RB91x series
600MHz
64/32MB
1 GE
1/2
01-12
4/17/2014
Processor
RAM
Ethernet
Radio
SFP
CCR series
1,2GHz (16/36)
2/4/16GB
12GE
opt
RB1100AH X2
1Ghz Dual
2GB
13GE
RB2011 Series
600MHz
128/64MB
5FE+5GE
opt
opt
RB493 Series
300/680MHz
64/128/256M
B
9(GE/FE)
3minipci
RB450 Series
300/680MHz
32/256MB
5(GE/FE)
RB75x Series
400MHz
32/64MB
5(GE/FE)
opt
RB951 Series
300/600MHz
32/128MB
5(GE/FE)
01-13
4/17/2014
Embedded Routerboard
Jenis
Processor
RAM
Ethernet
Radio
Antenna
OmniTIK Series
400MHz
32MB
5 FE
26/30dbm
7,5db
SEXTANT
600MHz
32MB
1 GE
30dbm
18db
SXT Series
400/600MHz
32MB/64MB
1 (FE/GE)
27/31/32dbm
10/16db
QRT-2
400MHz
64MB
1 GE
35dbm
16db
01-14
4/17/2014
Product Code
RB
9 1
UAG
2HPND
Routerboard
Jumlah MiniPCI
Fitur Board
900 series
Jumlah Ethernet
Build-in Wireless
01-15
G : Gigabit
L : Light Edition
S : SFP Port
e : PCIe Extension Card
X : Jumlah CPU Core
4/17/2014
Protocol
Kosong : standart 802.11a/b/g
n : Support 802.11n
ac : Support 802.11ac
Jumlah Chain
Kosong : single Chain
D : Dual Chain
T : Triple Chain
Power:
Kosong = < 23dBm@6mbps 802.11a ; <24dBm@6mbps 802.11g
H : High = 23-24dBm@6mbps 802.11a ; 24-27dBm@6mbps 802.11g
HP : High Power = 25-26dBm@6mbps 802.11a ; 28-29dBm@6mbps 802.11g
SHP : Super High Power = >27dBm@6mbps 802.11a; >30dBm=@6mbps
802.11g
01-16
4/17/2014
Switch Manageable
01-17
4/17/2014
Switch Manageable
Type
Proc
RAM
Eth
Wireless
SFP
PoE Out
RB260GS
5GE
RB260GSP
5GE
Yes, eth2-eth5
CRS125-24G-1S-2HnD
600MHz
128MB
24GE
Yes
CRS125-24G-1S-IN
600MHz
128MB
24GE
CRS125-24G-1S-RM
600MHz
128MB
24GE
CRS125-24G-2S+IN
400MHz
64MB
24GE
2
(10Gig)
01-18
4/17/2014
Discontinued Hardware
01-19
RB230
RB750G
RB1000 series
RB411A,RB411R
RB600
RB700 series
RB333
RB532,RB511
RB600 series
RB400 series
RB500 series
RB300series
RB112,RB133,RB133C
RB153,RB150,RB192
RB200 series
RB100 series
RB1000, RB1100,
RB1100AH, RB1200
Daftar lengkap :
http://mikrotik.co.id/produk.php?kategori=47
4/17/2014
1U rackmount
2 GB RAM
Performance :
01-20
Industrial grade
4/17/2014
1U rackmount
2 GB RAM
Industrial grade
Performance :
4 SFP or 8 SFP
01-21
4/17/2014
Mikrotik RouterOS
01-22
4/17/2014
IP Routing
Interface
Bandwidth Management
01-23
Firewall
4/17/2014
Services (Server)
AAA
01-24
Monitoring
VRRP
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
Licence Level
Level
Upgrade time
Wireless CPE/PTP
yes
Wireless AP
no
yes
Sync Interface
no
yes
EoIP
unlimited
200
200
OpenVPN
200
200
500
unlimited
unlimited
unlimited
yes
Dynamic Routing
RB = yes
yes
200
500
unlimited
10
20
50
unlimited
01-25
4/17/2014
01-26
4/17/2014
Buyers Guide
01-27
RB1100AHx2
RB1200, RB1100AH
Mikrobits : Dinara
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
Buyers Guide
www.routerboard.co.id
01-28
4/17/2014
Quiz !
01-29
4/17/2014
Mikrotik Installation
Installasi Mikrotik
Media Installasi (Penyimpan) Mikrotik RouterOS
02-31
Harddisk
CF Disk
DOM (Disk On Module)
USB Flash Disk
NAND Storage (Routerboard only)
4/17/2014
Installation Method
CD
Netinstall
02-32
CD-Rom Required
PXE,EtherBoot Required
4/17/2014
Download Area
02-33
4/17/2014
CD Installation (1)
Download ISO file (mikrotik-***.iso) dan buatlah CD
bootable dengan file tersebut.
02-34
4/17/2014
CD Installation (2)
02-35
4/17/2014
CD Installation (3)
Choose Yes
Yes/No
Creating partition...
Formatting disk...
Software installed.
02-36
4/17/2014
Installation Check
02-37
Welcome menu
4/17/2014
License Trial
License level 0 = Trial time 24 jam
02-38
4/17/2014
02-39
4/17/2014
02-40
4/17/2014
02-41
4/17/2014
Tutorial : http://mikrotik.co.id/artikel_lihat.php?id=26
02-42
4/17/2014
Netinstall
Switch
Network:
172.16.0.0/24
IP Address:
172.16.0.10/24
RS-232
Serial null modem
console cable
4/17/2014
Netinstall
Download program netinstall dan module yang dibutuhkan
02-44
4/17/2014
Paket RouterOS
o routeros-mipsbe-6.xx.npk
o routeros-mipsle-6.xx.npk
RB1xx & RB5xx
o routeros-powerpc-6.xx.npk
RB3xx, RB6xx, RB8xx , RB1000 series
o routeros-x86-6.xx.npk
PC, RB2xx, Mikrobits series
o routeros-tile-6.xx.npk
CCR series
02-45
4/17/2014
Netinstall
02-46
4/17/2014
02-47
4/17/2014
02-48
4/17/2014
02-49
4/17/2014
02-50
4/17/2014
Netinstall - Install
02-51
4/17/2014
02-52
4/17/2014
Netinstall - Install
02-53
4/17/2014
Netinstall Reboot
4/17/2014
Netinstall - Cleanup
Video Tutorial :
http://www.mikrotik.co.id/artikel_lihat.php?id=25
02-55
4/17/2014
Reset Password
02-56
Hard Reset :
4/17/2014
Quiz !
02-57
4/17/2014
02-58
4/17/2014
RouterOS Package
02-59
Nama Paket
Fungsi
advanced-tools
dhcp
hotspot
hotspot gateway
ntp
NTP server
ppp
PPP,PPTP,L2TP,PPPoE
routerboard
routing
security
wireless
Wireless 802.11a/b/g
user-manager
system
ipv6
IPv6
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
02-60
4/17/2014
02-61
4/17/2014
FTP ke Router
IP Router
02-62
4/17/2014
*ChangeLog
02-63
4/17/2014
02-64
4/17/2014
Upgrade-Auto Upgrade
/system upgrade
02-65
4/17/2014
Version Downgrade
02-66
4/17/2014
02-67
4/17/2014
02-68
4/17/2014
02-69
4/17/2014
Quick Typing
/sys shut
= /system shutdown
02-70
http://wiki.mikrotik.com/wiki/Scripting
4/17/2014
Quiz !
02-71
System
Routing
Advance-tools
DHCP
4/17/2014
192.168.0.254/24
Internet
192.168.0.4/24
192.168.0.246/24
192.168.0.191/24
192.168.0.26/24
192.168.0.41/24
03-73
192.168.0.142/24
4/17/2014
192.168.1.48/24
192.168.1.254/24
Switch
Router
192.168.0.4/24
Switch
192.168.0.141/24
192.168.1.4/24
03-74
192.168.1.24/24
4/17/2014
Ether1
192.168.0.28/24
Ether3
192.168.4.151/24
03-75
Ether2
192.168.2.74/24
Router
Ether4
192.168.5.211/24
4/17/2014
Internet
192.168.0.4/24
192.168.0.246/24
192.168.0.191/24
192.168.0.26/24
192.168.0.41/24
03-76
192.168.0.142/24
4/17/2014
03-77
4/17/2014
173.252.110.27
www.google.com
www.google.com
159.148.147.196
203.190.241.43
202.152.130.27
PC Client
www.google.com
03-78
4/17/2014
Quiz !
03-79
4/17/2014
Topologi Office
192.168.1.10/24
Internet
192.168.1.254/24
AP
Router
192.168.1.12/24
172.16.1.254/24
File Server
10.10.10.1/24
Switch
Switch
Mail
Server
Apps
Server
03-80
172.16.1.1/24
172.16.1.1/24
4/17/2014
RouterOS Basic
Configuration
Certified Mikrotik Training Basic Class
Organized by: Citraweb Nusa Infomedia
(Mikrotik Certified Training Partner)
Winbox - Download
Download terlebih dahulu program winbox.exe
untuk mengkonfigurasi RouterOS Mikrotik.
04-82
4/17/2014
WLAN1
10.10.10.1/24
WLAN1
10.10.10.X/24
ETHER1
192.168.1.1/24
ETHER1
192.168.2.1/24
ETHER1
192.168.X.1/24
ETHERNET PORT
192.168.1.2/24
ETHERNET PORT
192.168.2.2/24
ETHERNET PORT
192.168.X.2/24
MEJA 1
04-83
WLAN1
10.10.10.2/24
MEJA 2
Mikrotik Indonesia http://www.mikrotik.co.id
MEJA X
4/17/2014
IP Configuration
Lab-1 adalah sebuah simulasi
konfigurasi dasar sebuah Router
Mikrotik yang akan digunakan di
jaringan local seperti Warnet,
Office, Kampus atau bahkan di
RT/RW-NET
X = nomor peserta
04-84
Routerboard Setting
WAN IP
: 10.10.10.x/24
Gateway
: 10.10.10.100
LAN IP
: 192.168.x.1/24
DNS
: 10.100.100.1
Src-NAT and DNS Server
Laptop Setting
IP Address : 192.168.x.2/24
Gateway
: 192.168.x.1
DNS
: 192.168.x.1
4/17/2014
Laptop Config
Konfigurasi ipaddress statik pada
laptop.
04-85
4/17/2014
First Setup
04-86
4/17/2014
First Setup
04-87
4/17/2014
04-88
4/17/2014
04-89
4/17/2014
04-90
4/17/2014
04-91
4/17/2014
04-92
4/17/2014
4/17/2014
04-94
4/17/2014
Konfigurasi NAT
04-95
Konfigurasi DNS
Konfigurasi IP Address
4/17/2014
Installation Debug
04-96
4/17/2014
Quiz
Asumsikan semua setting lain yang dibutuhkan seperti NAT
dan route, sudah dilakukan. Bisakah PC akses ke
www.yahoo.com ?
Config Router
04-97
PC Config
IP Address : 192.168.1.2
Netmask : 255.255.255.0
4/17/2014
04-98
4/17/2014
[LAB-7] NTP
04-99
4/17/2014
System - Clock
04-100
4/17/2014
File hasil backup dapat dilihat di menu file dan didownload via FTP
04-101
4/17/2014
04-102
4/17/2014
System Reset
04-103
4/17/2014
04-104
4/17/2014
Export Configuration
Penyimpanan konfigurasi bisa dilakukan juga
menggunakan perintah export.
04-105
4/17/2014
Export to File
Hasil export ini berupa script (text base
configuration) yang bisa dilihat dan diedit
menggunakan text editor.
04-106
4/17/2014
Import Script
File script bisa langsung di import ke router
04-107
4/17/2014
Quiz!
04-108
4/17/2014
DHCP Server
Dynamic Host Configuration Protocol digunakan
untuk secara dinamik mendistribusikan konfigurasi
jaringan, seperti:
04-109
4/17/2014
DHCP Server
Router
DHCP Client
Internet
DHCP Server
Static IP
Tamu
(Dynamic Users)
Karyawan
(Static Users)
DHCP Server cocok diterapkan pada jaringan ber-user banyak dan dinamis
04-110
4/17/2014
04-111
4/17/2014
04-112
4/17/2014
04-113
4/17/2014
04-114
4/17/2014
DHCP Test
04-115
4/17/2014
DHCP Management
04-116
4/17/2014
DHCP Static
04-117
4/17/2014
DHCP Client
04-118
4/17/2014
04-119
4/17/2014
Interface
04-120
4/17/2014
04-121
4/17/2014
Quiz!
04-122
4/17/2014
04-123
4/17/2014
04-124
4/17/2014
04-125
4/17/2014
04-126
4/17/2014
04-127
4/17/2014
04-128
IP-Winbox
Telnet
SSH
WebFig
4/17/2014
04-129
4/17/2014
04-130
4/17/2014
ARP Table
Merupakan protokol
penghubung antara layer 2
data-link dan 3 network.
ARP Table di router
merupakan daftar host yang
terhubung langsung berisi
informasi pasangan mac
address dan
ip address.
Di IPv6 arp digantikan
dengan NDP (Network
Discovery Protocol).
04-131
4/17/2014
04-132
4/17/2014
ARP Protocol
04-133
4/17/2014
Router
Interface
MAC = 9C:8E:99:48:F6:20
IP Address = 192.168.128.104
Flag D
(dynamic)
Interface melakukan update tabel ARP dengan kombinasi MAC Address dan IP
Address host secara otomatis
04-134
4/17/2014
ARP Security !
ARP = Reply-only menandakan ARP
protocol pada interface tidak mengupdate
data di ARP table secara otomatis.
04-135
4/17/2014
Router
MAC = 9C:8E:99:48:F6:20
IP Address = 192.168.128.104
Interface
MAC = AA:BB:01:CC:FF:EE
IP Address = 192.168.128.104
Static ARP
4/17/2014
Tool - Scheduler
Digunakan untuk mengeksekusi perintah berdasarkan waktu
04-137
4/17/2014
Logging
Digunakan untuk melakukan pencatatan aktivitas sistem dan
informasi status router.
04-138
4/17/2014
Logging
Logging Rule
Tipe Disk
- Log akan disimpan dalam bentuk teks file pada storage
system Router
Tipe Echo
- Log akan ditampilkan pada New Terminal (winbox) atau
pada saat kita remote menggunakan CLI (direct console)
Tipe Email
- Log akan dikirimkan ke email yang sudah kita tentukan pada
pengaturan SMTP ( /tool email )
Tipe Memory - Log akan disimpan di dalam RAM Router dan bisa kita lihat
pada menu Log
4/17/2014
10-140
4/17/2014
SNMP Menu
10-141
4/17/2014
10-142
4/17/2014
Graph
10-143
4/17/2014
Monitoring - Ping
Ping uses Internet Control Message Protocol (ICMP) Echo
messages to determine if a remote host is active or inactive
and to determine the round-trip delay when communicating
with it.
[user1@MKI] > ping 192.168.0.100
192.168.0.100 64 byte ping: ttl=64 time=1 ms
192.168.0.100 64 byte ping: ttl=64 time=1 ms
192.168.0.100 64 byte ping: ttl=64 time=1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1/1.0/1 ms
04-144
4/17/2014
04-145
4/17/2014
Monitoring - Traceroute
Traceroute determines
how packets are being
routed to a particular
host
We can choose the
protocol : ICMP or UDP
04-146
4/17/2014
Monitoring - Torch
Torch - Realtime traffic monitor
04-147
4/17/2014
Monitoring - Resource
04-148
To monitor the
System.
Detail Resource
monitor located on
right side buttons
4/17/2014
04-149
4/17/2014
Switch Chipset
05-151
4/17/2014
Ether6 Ether10
Configured as Switch Mode
LAN 1
10.10.10.0/24
LAN 2
172.16.1.0/24
05-152
LAN 3
192.168.1.0/24
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
05-153
4/17/2014
Switch Chipset
Command Line configuration
05-154
4/17/2014
05-155
4/17/2014
Bridge - Concept
05-156
4/17/2014
Ether6 Ether10
Configured as Bridge Mode
05-157
4/17/2014
CLIENT
ROUTER
GATEWAY
WIRELESS
05-158
192.168.0.0/24
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
222.152.211.0/28
Public IP Router - Bridge Mode
222.152.211.2
Public IP - WEB Server
Public IP - Client
222.152.211.3
222.152.211.4-222.152.211.10
05-159
4/17/2014
Ether1
192.168.10.1/24
05-160
Ether3
Ether1
Ether3
192.168.10.4/24
4/17/2014
4/17/2014
4/17/2014
Membuat Bridge
05-163
4/17/2014
Bridge Monitoring
Untuk melihat mac-address host yang
terkoneksi dengan bridge tersebut
05-164
4/17/2014
System Bridge
Konsekuensi penggunaan Sistem Bridge
05-165
4/17/2014
Ethernet
VLAN
PPTP
05-166
4/17/2014
Bridge!
05-167
4/17/2014
Quiz !
05-168
4/17/2014
Wireless
Band 2.4Ghz
Band 5Ghz
06-170
4/17/2014
Channels 80211-b
World Wide Band
915 MHz
2.4 GHz
26 MHz
84.5 MHz
2401
2423
5.8 GHz
125 MHz
2426
2412
2448
2437
2406
2428
2453
2433
2458
2438
2421
2463
2443
2446
2432
2430
2483
Top of channel
14
2473
2452
Channel number
13
2472
2441
2427
2420
2461
2447
2416
2478
2467
2436
2422
2410
12
2456
2442
2411
2473
2462
2431
2417
2400
11
2451
2495
2484
10
Center frequency
2468
2457
2440
2450
2460
2470
2480
MHz
Bottom of
channel
ISM Band
4/17/2014
Channels 80211-a
36
40
42
44
48
5210
5150
5200
5220
5240
149
152 153
157
160 161
5760
06-172
5765
52
56
5250
5180
5735 5745
50
58
60
64
5300
5320
5290
5260
5280
5350
5800
5785
5805 5815
4/17/2014
Wireless Configuration
Basic Configuration :
Wireless Protocol
06-173
4/17/2014
Scan Tool
06 -174
4/17/2014
Snoop Tool
06 -175
4/17/2014
Wireless Menu
Wireless Menu:
Interface Daftar Interface wireless yang terpasang
Access-List Security Mac-address Client (AP Mode)
Registration Daftar Wireless yang terkoneksi
Connect-List Security Mac-address AP (Station Mode)
Security-Profile Konfigurasi Wireless Security (WPA/WEP)
06 -176
4/17/2014
06 -177
alignment-only
ap-bridge
bridge
nstreme-dual-slave
station
station-wds
wds-slave
station-pseudobridge
station-pseudobridge-clone
station-bridge
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
Wireless Mode - 1
06 -178
4/17/2014
Wireless Mode 2
06 -179
4/17/2014
Client Side
06 -180
4/17/2014
Konfigurasi :
Set mode, ssid, band dan frequency
mode=bridge
06 -181
4/17/2014
Konfigurasi :
Set mode, ssid, band dan scan-list
mode=station
Pastikan frequency yang dipilih oleh
AP masuk dalam range scan-list
06 -182
4/17/2014
06 -183
4/17/2014
06 -184
4/17/2014
Tips
Country : Membatasi channel yang bisa
digunakan sesuai dengan regulasi sebuah
Negara.
Jika di set no_country_set maka akan
menggunakan standart channel FCC compliant.
06 -185
4/17/2014
Quiz!
06 -186
4/17/2014
Data rates
Data rate : Informasi kecepatan transmisi data
yang bisa dilewatkan pada link wireless.
06 -187
4/17/2014
TX Power
Tx power : Pengaturan Daya pancar
interface wireless.
default : card wireless akan
menggunakan nilai tx-power dari eeprom
card-rates : Router akan melakukan
perhitungan data rates menggunakan
algoritma eeprom berdasarkan nilai tx
power yang diinput user
all-rates-fixed : Menggunakan satu nilai
tx-power untuk semua data rates.
06 -188
4/17/2014
06 -189
4/17/2014
Wireless Bridge
06 -190
4/17/2014
4/17/2014
AP
A
ethernet
Station
Wireless
connection
192.168.0.x/24
06 -192
B
ethernet
192.168.0.x/24
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
06 -193
4/17/2014
06 -194
4/17/2014
4/17/2014
4/17/2014
06 -197
4/17/2014
06 -198
4/17/2014
06 -199
4/17/2014
06 -200
4/17/2014
Client Management
06 -201
MAC Address
Signal Strength
Time
4/17/2014
Klasifikasi mac-address
dari client
06 -202
4/17/2014
AP Management
06 -203
MAC Address
SSID
Area
4/17/2014
06 -204
4/17/2014
Wireless Security
06 -205
4/17/2014
Tentukan passwordnya
06 -206
4/17/2014
06 -207
4/17/2014
06 -208
4/17/2014
SSID
Mac-Address
IP Address
WDS
Security Profile
06 -209
4/17/2014
07-210
4/17/2014
06 -211
4/17/2014
06 -212
4/17/2014
[LAB-8] Nstreme
06 -213
4/17/2014
06 -214
4/17/2014
06 -215
4/17/2014
06 -216
4/17/2014
Wireless WDS
06-217
4/17/2014
WDS - Config
Buat Bridge baru untuk WDS
Network
06 -218
4/17/2014
Wireless Notebook
10.0.0.x+100/24
Wireless Notebook
10.0.0.x+100/24
WDS Slave
Wlan1 : 10.0.0.2/24
WDS Slave
Wlan1 : 10.0.0.3/24
AP Bridge
Wlan1 : 10.0.0.1/24
WDS Station
Wlan1 : 10.0.0.4/24
06 -219
4/17/2014
Quiz!
06 -220
4/17/2014
Routing
Routed Network
07-222
4/17/2014
Routing Example
Routerboard yang berfungsi sebagai router
akan menjembatani komunikasi antar network
yang berbeda
Ether2 Ether13
Configured as Routing Mode
(default)
Internet
192.168.0.0/24
LAN 1
07-223
192.168.1.0/24
192.168.2.0/24
LAN 2
LAN 3
4/17/2014
Routing Benefit
08-224
4/17/2014
192.168.2.0/24
ROUTER
GATEWAY
WIRELESS
07-225
192.168.0.0/24
4/17/2014
dynamic routes
yang akan dibuat secara otomatis:
07-226
static routes
adalah informasi routing yang dibuat secara
manual oleh user untuk mengatur ke arah
mana trafik tertentu akan disalurkan. Default
route adalah salah satu contoh static routes.
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
Menambahkan Routing
07-227
4/17/2014
Tipe Routing
A: Active
S: Static
A: Active
D: Dynamic
C: Connected
07-228
4/17/2014
07-229
Destination
Destination address 222.152.211.7
Network mask 202.53.246.0/24
0.0.0.0/0 -> ke semua network
Gateway
IP Address gateway, harus merupakan IP Address yang satu subnet
dengan IP yang terpasang pada salah satu interface
Gateway Interface
Digunakan apabila IP gateway tidak diketahui dan bersifat dinamik
(biasanya digunakan di ppp interface).
Pref Source
source IP address dari paket yang akan meninggalkan router
Distance
Beban untuk kalkulasi pemilihan routing
4/17/2014
Internet
10.10.0.2/24
A
10.10.1.1/24
10.10.2.1/24
10.10.2.2/24
10.10.3.2/24
B
10.10.4.1/24
10.10.4.2/24
07-230
Dst-address=0.0.0.0/0 gateway=10.10.2.1
4/17/2014
10.10.0.2/24
10.10.2.2/24
10.10.1.1/24
10.10.1.2/24
10.10.2.1/24
10.10.3.1/24
07-231
10.10.3.2/24
(DAC) Dst-addr= 10.10.3.0/24
pref-source=10.10.3.2
(AS) Dst-addr= 0.0.0.0/0 gw=10.10.3.1
4/17/2014
Internet
10.10.10.100
10.10.10.2
10.10.10.1
Router 1
Router 2
192.168.2.1
192.168.1.1
192.168.1.2
07-232
192.168.2.2
4/17/2014
Langkah-langkah
07-233
4/17/2014
Distance
07-234
4/17/2014
Contoh Pemilihan
Untuk koneksi dengan destination 192.168.0.1,
manakah urutan prioritas rule yang digunakan?
Destination
Distance
Prioritas
192.168.0.0/27 192.168.1.1
192.168.0.0/29 192.168.2.1
192.168.0.0/24 192.168.3.1
192.168.0.0/24 192.168.4.1
07-235
Gateway
4/17/2014
192.168.X.2/24
WLAN1:10.10.10.X/24
Internet
10.10.10.100/24
ETHER3:
10.Y.3.1/24
ETHER2:
10.Y.3.2/24
192.168.X.2/24
ETHER3:
10.Y.1.1/24
ETHER3:
10.Y.2.1/24
ETHER2:
10.Y.2.2/24
ETHER2:
10.Y.1.2/24
2
192.168.X.2/24
192.168.X.2/24
07-236
4/17/2014
Quiz!
o Untuk membuat Static Route, perlu ditambahkan package Routing pada
Router. (Benar/salah)
4/17/2014
Huge Network
07-238
4/17/2014
07-239
4/17/2014
Internet
Backbone Area
IR
Kelompok 1
Kelmp 1
07-240
IR
Kelompok 2
Kelmp 2
Mikrotik Indonesia http://www.mikrotik.co.id
IR
Kelompok Y
Kelmp Y
4/17/2014
OSPF - Configuration
07-241
4/17/2014
OSPF - Configuration
Tambahkan network
yang akan saling
bertukan informasi
routing
- Network antar IR
- Network antar
router
- Network client
dibawah router
07-242
4/17/2014
Dynamic Routing
07-243
4/17/2014
Firewall
Firewall ?
Switch
Server
Internet
Firewall
Laptop
08-245
4/17/2014
Rules
NAT (source-nat and destination-nat)
Mangle
Address List
Layer 7 Protocol (baru di versi 3)
Service Ports
Connections
08-246
4/17/2014
Internet
Router
Meja 1
Laptop
08-247
Router
Meja 2
Laptop
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
Action
08-248
4/17/2014
08-249
4/17/2014
Internet
PING
Router
FTP Router
Router
MikroTik
HTTP Router
Laptop
08-250
4/17/2014
08-251
Prerouting
not
implemented
not
implemented
not
implemented
Input
yes
no
no
Forward
no
yes
no
Output
no
no
yes
Postrouting
not
implemented
not
implemented
not
implemented
4/17/2014
08-252
4/17/2014
INPUT
INPUT
INTERFACE
08-253
POST-ROUTING
FORWARD
OUTPUT
LOCAL
PROCESS
OUTPUT
INTERFACE
4/17/2014
Foward
PRE-ROUTING
FORWARD
POST-ROUTING
INPUT
INTERFACE
OUTPUT
INTERFACE
Laptop
08-254
Server Google
4/17/2014
INPUT
PRE-ROUTING
INPUT
INPUT
INTERFACE
LOCAL
PROCESS
Laptop
08-255
4/17/2014
OUTPUT
POST-ROUTING
OUTPUT
LOCAL
PROCESS
OUTPUT
INTERFACE
Server Google
08-256
4/17/2014
Custom Chain
08-257
4/17/2014
HTTP
Router
Laptop
08-258
4/17/2014
08-259
4/17/2014
RouterOS v5 Services
08-260
PORT
PROTOCOL
DESCRIPTION
PORT
PROTOCOL
DESCRIPTION
20-21
22
23
53
80
179
443
646
1080
1723
1968
2000
2210
2211
2828
3128
8291
8728
-------
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
/1
/2
/4
/41
/46
FTP
SSH, SFTP
Telnet
DNS
HTTP
BGP
HTTPS
LDP (MPLS)
SoCKS
PPTP
MME
BTest Server
Dude Server
Dude Server
uPnP
Web Proxy
Winbox
API
ICMP
IGMP (Multicast)
IPIP
IPv6 (encap)
RSVP (MPLS)
53
67
68
123
161-162
500
520-521
646
1698
1699
1701
1812
1813
1900
1966
5678
-------------
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
/47
/50
/51
/89
/103
/112
DNS
DHCP Server
DHCP Client
NTP
SNMP
IPSec
RIP
LDP (MPLS)
RSVP (MPLS)
RSVP (MPLS)
L2TP
User-Manager
User-Manager
uPnP
MME
MNDP
PPRP, EoIP
IPSec
IPSec
OSPF
PIM (Multicast)
VRRP
4/17/2014
Connection State
Setiap paket data yang lewat memiliki status:
08-261
4/17/2014
Connection State
Firewall
New
08-262
Established
Related
Invalid
4/17/2014
Connection Tracking
08-263
4/17/2014
08-264
4/17/2014
08-265
4/17/2014
Connection Tracking
Dengan mematikan connection tracking, maka fungsi
berikut tidak bisa digunakan :
NAT
Parameter P2P pada simple queue
Firewall dengan parameter :
08-266
connection-bytes
connection-mark
connection-type
connection-state
connection-limit
connection-rate
layer7-protocol
p2p
new-connection-mark
tarpit
4/17/2014
Action Filter
08-267
4/17/2014
IP Address List
Kita dapat melakukan pengelompokan IP Address
dengan Address List
08-268
4/17/2014
08-269
4/17/2014
Firewall NAT
Cara kerja NAT ketika client mencoba mengakses google
Src-add = IP Laptop
Dst-add = IP Google
Src-add = IP Google
Dst-add = IP Laptop
08-270
Src-add = IP Router
Dst-add = IP Google
Src-add = IP Google
Dst-add = IP Router
4/17/2014
Firewall NAT
08-271
4/17/2014
masquerade
08-272
4/17/2014
Internet
Proxy
Laptop
08-273
4/17/2014
08-274
4/17/2014
08-275
4/17/2014
08-276
4/17/2014
redirect
08-277
4/17/2014
Internet
Server
LAN
User Internet
4/17/2014
Quality of Service
Quality of Service
09-280
4/17/2014
09-281
4/17/2014
Internet
Upload 64 Kbps
Router MikroTik
09-282
Laptop
4/17/2014
09-283
4/17/2014
09-284
4/17/2014
09-285
4/17/2014
Quality of Service
09-286
4/17/2014
09-287
4/17/2014
Tips
Jika kita perhatikan, ada perubahan warna
pada icon Queue rule. Maksud masing
masing warna adalah sebagai berikut :
Hijau : 0 50% bandwidth digunakan.
Kuning : 51 75% bandwidth digunakan
Merah : 76 100% bandwidth digunakan
09-288
4/17/2014
[LAB-2] Destination
Internet
128 Kbps
Router MikroTik
09-289
10 Mbps
Laptop
4/17/2014
09-290
4/17/2014
Destination
09-291
4/17/2014
[LAB-3] Time
09-292
4/17/2014
09-293
4/17/2014
4/17/2014
Burst
09-295
4/17/2014
Topologi
Download 256 Kbps
Internet
Upload 128 Kbps
Router MikroTik
Laptop
09-296
4/17/2014
09-297
Downstream max-limit=256k
Upstream max-limit=128k
Burst-limit=1M
Burst-threshold=512K
Burst-time=30s
4/17/2014
09-298
4/17/2014
Rate(kbps)
512
Burst-limit
Average Rate
384
256
Max-limit
192
Burst-Threshold
128
Limit-at
09-299
10
15
20
time(s)
4/17/2014
09-300
4/17/2014
Address :
Direction :
Upload
Download
Upload &
Download
Protocol :
Ip address test
server
TCP / UDP
09-301
Autentikasi
Mikrotik Indonesia http://www.mikrotik.co.id/
4/17/2014
Staged Limitation
Pada RouterOS, dikenal 2 buah limitasi:
09-302
4/17/2014
Internet
Total Bandwith : 1 Mbps
Client 1 Bandwith:
Min : 256Kbps
Up-to 1Mbps
09-303
Client 2 Bandwith:
Min : 256Kbps
Up-to 1Mbps
Client 3 Bandwith:
Min : 256Kbps
Up-to 1Mbps
Client 4 Bandwith:
Min : 256Kbps
Up-to 1Mbps
4/17/2014
09-304
4/17/2014
09-305
4/17/2014
4/17/2014
Contoh soal : 1
Name: A
Parent: interface
Limit-at: 1mbps
Max-limit: 5mbps
Name: B
Parent: A
Limit-at: 2mbps
Max-limit: 5mbps
09-307
Name: C
Parent: A
Limit-at: 1mbps
Max-limit: 5mbps
Name: D
Parent: A
Limit-at: 2mbps
Max-limit: 5mbps
4/17/2014
09-308
4/17/2014
09-309
4/17/2014
09-310
4/17/2014
Queue Kind
09-311
4/17/2014
Queue Kind
PCQ : Per Connection Queuing, hampir sama
dengan SFQ, tapi memiliki kelebihan :
Memungkinkan identifikasi traffic berdasarkan
beberapa identifier (dst-address, src-address, dstport, dan scr-port).
Memungkinkan untuk membatasi maksimal data
rate untuk setiap sub-queue (pcq-rate) dan jumlah
paket data (pcq-limit)
09-312
4/17/2014
Internet
192.168.0.0/24
4/17/2014
4 users
7 users
73k
128k
73k
128k
queue=pcq-down
max-limit=512k
73k
73k
128k
128k
73k
73k
128k
128k
73k
09-314
4/17/2014
2 users
7 users
73k
256k
73k
73k
queue=pcq-down
max-limit=512k
512k
73k
73k
256k
73k
73k
09-315
4/17/2014
09-316
4/17/2014
09-317
4/17/2014
Hotspot
HotSpot
10-319
4/17/2014
Internet
Wired Network
Hotspot Gateway
10-320
4/17/2014
HotSpot features
10-321
Autentikasi User
Perhitungan
Waktu akses
Data dikirim atau diterima
Limitasi Data
Berdasarkan data rate (kecepatan akses)
Berdasarkan jumlah data
Limitasi Akses User berdasarkan waktu
Support RADIUS
Bypass!
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
10-322
4/17/2014
10-323
4/17/2014
10-324
4/17/2014
10-325
4/17/2014
10-326
4/17/2014
10-327
4/17/2014
10-328
4/17/2014
10-329
4/17/2014
10-330
4/17/2014
10-331
4/17/2014
10-332
4/17/2014
10-333
4/17/2014
Internet
Hotspot Server
Manager
Bandwidth = 256 Kbps
Switch
Staff
Bandwidth = 128 Kbps
10-334
4/17/2014
User Profiles
Untuk melakukan log-off otomatis
bagi user yang tidak ada traffic atau
lupa menekan tombol log-off.
Untuk menentukan jumlah user
maksimal jika menggunakan
username yang sama.
10-335
4/17/2014
10-336
4/17/2014
[LAB-4] User
Buat 2 user yang menggunakan
2 profile yang berbeda.
Internet
Hotspot Server
Manager
Bandwidth = 256 Kbps
Switch
Staff
Bandwidth = 128 Kbps
10-337
4/17/2014
HotSpot users
10-338
4/17/2014
HotSpot User
10-339
4/17/2014
User Limitation
Limit Uptime batas
waktu user dapat
menggunakan akses
ke Hotspot Network.
Limit-bytes-in,
Limit-bytes-out dan
Limit-bytes-total
batas quota trasfer
data yang bisa
dilakukan oleh user.
10-340
4/17/2014
Bypass! - IP bindings
Bypass host terhadap Hotspot Authentication bisa
dilakukan menggunakan IP-Bindings.
10-341
4/17/2014
Bypass - WalledGarden
10-342
4/17/2014
HTTP-level WalledGarden
10-343
4/17/2014
WalledGarden IP List
10-344
4/17/2014
VPN Basic
11-346
4/17/2014
VPN Networks
Internet
Branch Office 1
Head Office
Branch Office 2
4/17/2014
VPN Type
Bridge Network :
11-348
4/17/2014
10.10.20.100/32
PPTP Tunnel
10.10.10.100/24
10.10.20.2/32
10.10.10.1/24
10.10.10.2/24
10.10.20.1/32
192.168.1.1/24
192.168.2.1/24
192.168.1.2/24
192.168.2.2/24
Meja 1
11-349
Meja 2
4/17/2014
11-350
4/17/2014
11-351
4/17/2014
11-352
4/17/2014
PPTP Server
PPTP Tunnel
192.168.x.1/24
172.16.1.2/32
192.168.x.2/24
PPTP Client
11-353
4/17/2014
11-354
4/17/2014
11-355
4/17/2014
11-356
4/17/2014
PPP - Secret
11-357
4/17/2014
11-358
4/17/2014
10.20.20.100/32
PPPoE Tunnel
10.10.10.100/24
10.20.20.2/32
10.10.10.1/24
10.10.10.2/24
10.20.20.1/32
192.168.1.1/24
192.168.2.1/24
192.168.1.2/24
192.168.2.2/24
Meja 1
11-359
Meja 2
4/17/2014
11-360
4/17/2014
11-361
4/17/2014
PPPoE Tunnel
PPPoE Server
192.168.x.1/24
10.20.20.2/32
192.168.x.2/24
PPPoE Client
11-362
4/17/2014
11-363
4/17/2014
11-364
4/17/2014
Quiz!
11-365
4/17/2014
[LAB-1] SSTP
Topologi
10.10.10.100/24
SSTP Tunnel
10.10.10.1/24
10.10.10.2/24
172.31.1.1/32
172.31.1.2/32
PPPoE
Meja 1
11-366
PPPoE
Meja 2
Mikrotik Indonesia http://www.mikrotik.co.id
4/17/2014
[LAB-1] SSTP
11-367
4/17/2014
11-368
4/17/2014
11-369
4/17/2014
11-370
4/17/2014
VPN Monitoring
11-371
4/17/2014