mikrotik most wanted
DESCRIPTION
MikrotikTRANSCRIPT
![Page 1: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/1.jpg)
Mikrotik Most WantedUntuk Pengembangan Usaha Anda
by: Novan Chris & Valens Riyadi
Citraweb Nusa Infomedia, Indonesia
www.mikrotik.co.id
![Page 2: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/2.jpg)
www.mikrotik.co.id 22
Introduction
• Novan Chris - [email protected]
• Company: Citraweb Nusa Infomedia– Mikrotik Distributor (2002), Training Partner (2005)
- www.mikrotik.co.id
– Wireless ISP - www.citra.net.id
– Web Developer - www.citra.web.id
• Mikrotik Support and Trainer– MTCNA, MTCWE, MTCRE, Trainer
• IT Supervisor – Honorary Member of Sat-81 Kopassus
![Page 3: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/3.jpg)
www.mikrotik.co.id 33/18/201000-3 Mikrotik Indonesia http://www.mikrotik.co.id
Introduction• Name : Valens Riyadi
• Lahir : Denpasar, 6 Januari 1975
• Pendidikan : Teknik Arsitektur Univ Parahyangan Bandung (1998)
• Work at Citraweb Nusa Infomedia (Citranet)
– ISP, Web Developer, Mikrotik Reseller
• Photographer
– Administrator of www.fotografer.net – PT Fotografer Net Global
• Head of National Internet Resources Dept, Indonesian ISP Association
• Volunteer for Airputih Foundation, IT Emergency Task Force
• Mikrotik Certified Consultant & Trainer
– MTCNA, MTCTCA, MTCUME, MTCINE, Trainer
• IT Supervisor – Honorary Member of Sat-81 Kopassus
![Page 4: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/4.jpg)
www.mikrotik.co.id 4
Citraweb Nusa Infomedia
• Head Office– Jalan Petung 31 Papringan
Yogyakarta 55281Telp: 0274-554444Fax: 0274-553055
• Rep. Office– Gd Cyber Lt 11
Jl Kuningan Barat 8 Jakarta 12710Telp: 021-5209612Fax: 021-5209614
![Page 5: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/5.jpg)
www.mikrotik.co.id 5
Mikrotik Most Wanted
• Seiring dengan pesatnya perkembangan Teknologi Informasi yang mau tidak mau juga berpengaruh pada perkembangan bisnis anda.
• Dibutuhkan sebuah solusi yang sarat akan fungsi, fleksibilitas, durability tinggi dan tentunya best value.
• Mikrotik One-Stop sollution for Computer Networks.
![Page 6: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/6.jpg)
www.mikrotik.co.id 6
Mikrotik ?
• Mikrotikls (Latvian Language) = Network Kecil
• “Routing The World”
• Membuat Jaringan Komputer lebih mudah dan
hemat.
– Mudah diimplementasikan
– Mudah dikonfigurasi
– Mudah diintegrasikan
![Page 7: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/7.jpg)
www.mikrotik.co.id 7
Mikrotik
• Software Router untuk PC (x86, AMD, dll) “RouterOS”– Menjadikan PC biasa/bekas memiliki fungsi router
yang lengkap
– Diinstall sebagai Operating System, tidak membutuhkan operating system lainnya
• Hardware jaringan (wireless & Embeded Router)“RouterBoard”– Wireless board (RB400, RB600, R52H, R52N, R2N)
– Embeded Router (RB750,RB450G,RB1000)
– menggunakan RouterOS sebagai software
![Page 8: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/8.jpg)
www.mikrotik.co.id 801-8
Mikrotik “RouterOS”• RouterOS adalah Sistem Operasi
Independen dan perangkat lunak yang mampu membuat PC berbasis Intel/AMD mampu melakukan fungsi router, bridge, firewall, pengaturan bandwidth, wireless AP ataupun client, dan masih banyak fungsilainnya.
• RouterOS dapat melakukan hampir semuafungsi networking dan juga beberapa fungsiserver.
![Page 9: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/9.jpg)
www.mikrotik.co.id 901-9
Why “RouterOS”
• Membuat PC yang murah menjadi router yang handal
• Pembaharuan versi secara berkala
• Memiliki banyak fitur
• Memiliki user interface yang mudah dan konsisten
• Ada banyak cara untuk mengakses dan mengontrol
• Instalasi yang cepat dan mudah
• Memungkinkan upgrade hardware
• Banyak alternatif interface yang dapat digunakan
![Page 10: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/10.jpg)
www.mikrotik.co.id 10
“RouterOS” - Compatibility• Old Architecture
• SMP (Symetric Multiprocessing) support
• SATA disk support
• Maximum RAM support increased from 1GB to 2 GB
• Latest interface driver support
![Page 11: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/11.jpg)
www.mikrotik.co.id 11
“RouterOS” - Configuration
• Memiliki user interface yang mudah dan konsistenadalah salah satu hal kecil tetapi sangat penting yang bisa didapatkan dari Mikrotik.
![Page 12: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/12.jpg)
www.mikrotik.co.id 12
Configuration (Winbox)
![Page 13: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/13.jpg)
www.mikrotik.co.id 13
Configuration (Web-box)
![Page 14: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/14.jpg)
www.mikrotik.co.id 14
Configuration (Telnet/SSH)
![Page 15: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/15.jpg)
www.mikrotik.co.id 15
RouterOS - Features• IP Routing
– Static route, Policy route, RIP, OSPF, BGP
• Interface– Ethernet, V35, G703, ISDN, Dial Up Modem
– Wireless : PTP, PTMP, Nstream, WDS
– Bridge, Bonding, STP, RSTP
– Tunnel: EoIP, IPSec, IPIP, L2TP, PPPoE, PPTP, VLAN, MPLS, OpenVPN
• Firewall– Mangle, Src-NAT, Dst-NAT, Address List, Filter Rules
• Bandwidth Management– HTB, PFIFO, BFIFO, SFQ, PCQ, RED
![Page 16: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/16.jpg)
www.mikrotik.co.id 16
RouterOS - Features• Services
– Web Proxy, Hotspot, DHCP, IP Pool, DNS Server
• AAA
– PPP, Radius Client, User-Manager
– IP Accounting, Traffic Flow
• Monitoring
– Graphs, Watchdog, Torch, Custom Log, SNMP
• Diagnostic Tools & Scripting
– Ping, TCP Ping, Tracert, Network Monitoring, Traffic Monitoring, Scheduller, Scripting
• VRRP
![Page 17: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/17.jpg)
www.mikrotik.co.id 17
Feature - Bandwith Management (QOS)
• Bandwith kontrol adalah sebuah mekanisme untuk mengalokasikan kebutuhan data-rate (bandwith) secara rasional dan Bukan sebagai Bandwith Booster.
• QOS (Quality of Service) adalah kemampuan dimana selain melakukan alokasi bandwith, Router juga mampu untuk memberikan prioritas traffic tertentu berdasarkan kriteria.
keinterface
Flow1
Flow2
Flow3
Flow4
pcq-clasifiersrc-address
AlgoritmaRound
Robin
sub-queueSRC-ADDRESS=10.0.0.1
SRC-ADDRESS=10.0.0.2
SRC-ADDRESS=10.0.0.3
SRC-ADDRESS=10.0.0.4
SRC-ADDRESS=10.0.0.5
SRC-ADDRESS=10.0.0.6
SRC-ADDRESS=10.0.0.7
![Page 18: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/18.jpg)
www.mikrotik.co.id 18
Feature - Bandwith Management (QOS)
• Limit data rate berdasarkan IP address, subnet, protocol,port, dan parameter yang lain.
• Limit peer-to-peer traffic.
• Prioritize traffic tertentu.• Menggunakan Queue Bursts untuk kenyamanan traffic
browsing.
• Membatasi traffic berdasarkan Time Intervals.• Mengimplementasikan Bandwith Sharing.
queue=pcq-down
max-limit=512k
128k
128k
128k
128k
73k
73k
73k
73k
73k
73k
73k
128k
128k
2 ‘users’ 4 ‘users’ 7 ‘users’
![Page 19: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/19.jpg)
www.mikrotik.co.id 19
Feature - Bandwith ManagementParameters of Time, membuat Bandwith
Management anda lebih Fleksible.
![Page 20: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/20.jpg)
www.mikrotik.co.id 20
Feature - Firewall
• Firewall Mikrotik mengimplementasikan secara penuh Pakcet Filtering dan juga fungsi security, yang digunakan untuk menjaga data flow dari dan yang menuju ke network anda.
![Page 21: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/21.jpg)
www.mikrotik.co.id 21
Feature - Statefull Firewall
• Mikrotik dikenal sebagai Statefull Firewall yang melakukan statefull packet inspection pada semua connection dan juga mengawasi semua traffic yang melewati router.
• Supports Source & Destionation NAT (Network Address Translation) untuk menjaga network local dari Anauthorized Access.
• Mampu melakukan Filter by IP address, address range, port, port range, IP protocol, DSCP dan parameter yang lain.
Workstation
Laptop
ServerSwitch
FirewallInternet
![Page 22: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/22.jpg)
www.mikrotik.co.id 22
Feature – Firewall Filter Rule
• Melakukan Filtering traffic
berdasarkan kriteria tertentu :
– Protocol (TCP,UDP,ICMP)
– Port (80,21,22,25,110)
– Addresses (Src & Dst Address)
– Interface Flow (Ether1,Wlan1)
![Page 23: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/23.jpg)
www.mikrotik.co.id 23
Feature - Firewall
![Page 24: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/24.jpg)
www.mikrotik.co.id 24
Feature - Routing• Mampu untuk
mengimplementasikan Full
Routing Protocol.
• Support Static dan
DynamicRouting
• Static Route for IPv4 and IPv6
• For IPv4 it supports RIP v1 and v2, OSPF v2, BGP v4.
• For IPv6 it supports RIPng, OSPFv3 and BGP.
![Page 25: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/25.jpg)
www.mikrotik.co.id 25
Feature - Routing (OSPF)
• OSPF (Open Shotest Path First) adalah sebuah Routing protocol yang memungkinkan untuk melakukan pendistribusian informasi routing secara otomatis.
• Dan juga melakukan Kalkulasi Beban Routing sehingga packet data akan melewati jalur routing yang terpendek.
![Page 26: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/26.jpg)
www.mikrotik.co.id 26
Feature - Routing (OSPF)
X
• Pada protocol OSPF ini fungsi Fail Over juga bisa dilakukan secara otomatis.
• Sebagai contoh ketika salah satu jalur terpendek mengalami gangguan maka traffic akan dibelokkan ke jalur lain.
![Page 27: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/27.jpg)
www.mikrotik.co.id 27
Feature - Routing (OSPF)
XX
X
• Dan bahkan ketika banyak jalur yang mengalami gangguan Protocol OSPF akan memastikan bahwa packet akan tetap terkirim ke tujuan.
![Page 28: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/28.jpg)
www.mikrotik.co.id 283/18/2010
Feature - Routing (BGP)
IIX Traffic
INTERNET
Traffic
ROUTER Gateway
BGP
• BGP sering juga disebut (Border Gateway Protocol) adalah protocol standard yang digunakan untuk melakukan pertukaran informasi routing antar Network yang memiliki skala besar (ISP/NAP).
• Hampir Sama seperti OSPF, BGP juga bisa melakukan FailOverserta Load Balance.
![Page 29: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/29.jpg)
www.mikrotik.co.id 29
Feature - Routing (MPLS)• Untuk Network dengan skala besar Mikrotik juga mampu
mengimplementasikan protocol MPLS.
• Dengan menggunakan MPLS maka Forwarding packet data antar network akan lebih efisien karena berkurangnya overhead dari header paket data.
![Page 30: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/30.jpg)
www.mikrotik.co.id 30
Feature - VPN
• VPN (Virtual Private Network) adalah sebuah metode Untuk membuat sebuah Interkoneksi antar jaringan yang bersifat Secure melewati open atau public network dengan mekanisme Enkripsitertentu.
![Page 31: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/31.jpg)
www.mikrotik.co.id 31
Feature - VPN• Koneksi antar router over
Internet yang bersifatsecure.
• Untuk menghubungkanjaringan local over WAN.
• Untuk digunakan sebagaimobile client atau remote client yang ingin melakukanakses ke network local (Intranet) sebuahperusahaan.
![Page 32: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/32.jpg)
www.mikrotik.co.id 32
Feature - VPN
Encryption Enabled
![Page 33: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/33.jpg)
www.mikrotik.co.id 33
Feature - WebProxy
• Pada semua level routeros, baik yang diinstallpada PC maupun yang diinstall padarouterboard, kita bisa mengaktifkan fitur proxy
• Untuk mempercepat proses browsing, kitamenggunakan proxy untuk menyimpan sebagiandata website, sehingga akan menghemat penggunaan Bandwith Internet.
PROXY
![Page 34: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/34.jpg)
www.mikrotik.co.id 34
Feature - WebProxy
• Data yang sudah ada, akan langsung diberikanke user (HIT).
• Jika belum ada, akan dimintakan dari internet, baru kemudian diberikan ke user (MISS).
ROUTER
SRC-NAT
PROXY
1
3
2
![Page 35: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/35.jpg)
www.mikrotik.co.id 35
Feature - WebProxy• Regular HTTP proxy• Transparent proxy
– Dapat berfungsi juga sebagaitransparan dan sekaligus normal pada saat yang bersamaan.
• Access list– Berdasarkan source, destination,
URL dan requested method.
• Cache Access list– Menentukan objek mana yang
disimpan pada cache .
• Direct Access List– Mengatur koneksi mana yang
diakses secara langsung dan yang melalui proxy server lainnya.
• Logging facility – Pemantauan akses User.
![Page 36: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/36.jpg)
www.mikrotik.co.id 36
Feature - Hotspot• Mikrotik Hotspot Gateway
memungkinkan provider jaringan memberikan akses jaringan ke Public Area menggunakan media Wireless maupun Cable.
• Proses Autentikasi akan dijalankan untuk meberikan keamanan dan kontrol terhadap jaringan yang bersifat public ini.
• Hotspot System Mikrotik merupakangabungan atau kombinasi dari beberapafungsi dan fitur RouterOS menjadisebuah system yang sering disebut'Plug-n-Play' Access.
![Page 37: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/37.jpg)
www.mikrotik.co.id 37
Feature - Hotspot
• System ini sangat ideal :
– Hotel
– Sekolah / Kampus
– Cafe / Cyber Cafe
– Shopping centre & Meeting Point
– Dan Public area yang lain
• “Administration doesn’t
have control over the
user computer”
![Page 38: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/38.jpg)
www.mikrotik.co.id 38
Feature - Hotspot
• Plug-n-Play access to the Network• Authentication of local Network Clients• User Accounting• RADIUS support for Authentication and Accounting• Configurable bypass for non-interactive devices• Walled garden for browsing exceptions• Trial user and Advertisement modes
Internet / WAN
Hotspot Gateway
Wired Network
Wireless Network
![Page 39: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/39.jpg)
www.mikrotik.co.id 39
Feature - Hotspot & Userman
![Page 40: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/40.jpg)
www.mikrotik.co.id 40
Feature - Wireless• Bermacam teknologi Wireless disupport oleh
mikrotik RouterOS. Sebagian besar adalah
pengembangan dari konfigurasi dasar yaitu wireless
access point and client.
![Page 41: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/41.jpg)
www.mikrotik.co.id 41
Feature - Wireless
• Dari Jaringan Hotspot skala kecil di rumah hingga Jaringan MESH skala besar yang mengcover seluruh area Kota, RouterOS dapat membantu dalam mengembangkan jaringan komputer anda di berbagai situasi dan kondisi.
ROUTERGATEWAYWIRELESS
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
![Page 42: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/42.jpg)
www.mikrotik.co.id 42
Feature - Wireless• IEEE802.11a/b/g/n wireless client
and access point• Nstreme and Nstreme2 proprietary
protocols• Client polling• RTS/CTS• Wireless Distribution System (WDS)• Virtual AP• WEP, WPA, WPA2 encryption• Access control list• Wireless client roaming• WMM• HWMP+ Wireless MESH protocol• MME wireless routing protocol
Nstreme – LongDistance Link
WDS – WideArea Link
![Page 43: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/43.jpg)
www.mikrotik.co.id 43
Feature - Wireless N
• Support for up to 2x2 MIMO with spatial multiplexing
• Four times the throughput of 802.11a/g
• Atheros AR9220, chipset
• High Performance (up to 300Mbps physical data rates and 200Mbps of actual user throughput) with Low Power Consumption
![Page 44: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/44.jpg)
www.mikrotik.co.id 4401-44
Licence LevelLevel 3 4 5 6
Upgrade time dalam 1 versi mayor dan versi berikutnya
Wireless CPE/PTP yes
Wireless AP no yes
Sync Interface no yes
EoIP 1 unlimited
PPPoE 1 200 500 unlimited
PPTP & L2TP 1 200 unlimited
VLAN, Firewall, Queue unlimited
Proxy, Radius Client yes
Dynamic Routing RB = yes yes
Hotspot Active User 1 200 500 unlimited
User Manager Active User 10 20 50 unlimited
![Page 45: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/45.jpg)
www.mikrotik.co.id 4501-45
Pembelian Lisensi
• Online, real time, pembayaran dengankartu kredit, di www.mikrotik.com
• Online di www.mikrotik.co.id– Waktu proses 1 hari kerja
– Transfer ke rekening bank lokal
– Lebih murah!
– Real time license processing! Setelahpembayaran diterima.
– Real time payment processing, via IndoMOG
![Page 46: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/46.jpg)
www.mikrotik.co.id 46
“RouterBoard” compact Solution
• Hardware untuk jaringan (terutamawireless)
– Wireless board
contoh: RB400, RB600, RB750, RB1100
– Wireless interface (R52, R52H, R5H, R52N,
R2N)
– menggunakan RouterOS sebagai software
![Page 47: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/47.jpg)
www.mikrotik.co.id 47
RouterBoard for Wireless
Jenis Processor RAM Ether MiniPCI USB Radio Lisensi
RB800 MPC8544 800MHz 256MB 3 (gig) 4 - - 6
RB433UAH AR7161 800MHz 128MB 3 3 2 - 5
RB433AH AR7161 800MHz 128MB 3 3 - - 5
RB433 AR7130 300 MHz 64MB 3 3 - - 4
RB411AH AR7161 800MHz 64MB 1 1 - - 4
RB411AR AR7130 300 MHz 64MB 1 1 - 1 4
RB411U AR7130 300 MHz 32MB 1 1 1 - 4
RB411R AR7130 300 MHz 32MB 1 - - 1 3
RB411 AR7130 300 MHz 32MB 1 1 - - 3
Performace Board Best Value BoardPerformace Board Best Value BoardPerformace Board
![Page 48: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/48.jpg)
www.mikrotik.co.id 4801-48
RB800
• 3 gigabit ethernet
• 4 minipci slot
• 1 minipci- eslot
• CF slot
• MPC8544 800MHz
network CPU
• 256 DDR SDRAM
• RouterOS Level 6
NEWPRODUCT
![Page 49: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/49.jpg)
www.mikrotik.co.id 4901-49
RB433UAH
• 3 ethernet, 3 minipci
• Atheros AR7161 680MHz
• RAM: 128MB
• With micro-SD slot
• RouterOS Level 5
• 2 port USB
![Page 50: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/50.jpg)
www.mikrotik.co.id 5001-50
RB411 / 411U / 411R / 411AR / 411AH• CPU: Atheros
– AR7130 300MHz (411, 411U, 411R, 411AR)
– AR7161 680 MHz (411AH)
• Memory:
– 32 MB (411, 411U, 411R)
– 64MB (411A & 411AR)
• Wireless Embedded (411R, 411AR)
• 1 ethernet
• 1 MiniPCI (411, 411U, 411AR, 411AH)
• Lisensi RouterOS:
– Level 3 (411, 411R)
– Level 4 (411U, 411AR, 411AH)
![Page 51: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/51.jpg)
www.mikrotik.co.id 5101-51
MikroPoynt
• Embedded Antenna 2,4GHz 11dbi
• With Routerboard411 series
NEWPRODUCT
![Page 52: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/52.jpg)
www.mikrotik.co.id 52
RouterBoard for Embeded RouterJenis Processor RAM Ethernet MiniPCI LisensiRB1100 PPC 1000MHz 512MB 13 (gigabit) 0 6
RB493AH Atheros AR7161 680 MHz/800MHz
64MB 9 3 5
RB493 Atheros AR7130300 MHz
64MB 9 3 4
RB450G Atheros AR7161 680 MHz/800MHz
256MB 5 (gigabit) 0 5
RB450 Atheros AR7130300 MHz
32MB 5 0 5
RB750 Atheros AR7240 400MHz 32MB 5 0 4
RB750G Atheros AR7161 680 MHz/800MHz
32MB 5 (gigabit) 0 4
Best Value BoardPerformace Board
![Page 53: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/53.jpg)
www.mikrotik.co.id 53Mikrotik Indonesia http://www.mikrotik.co.id01-53
RB1100• 13 gigabit ethernet
• Tanpa minipci slot
• 1000 MHz PPC proc
• RAM: 512MB
• up to:– 3 Gbps– 340.000 pps
NEWPRODUCT
![Page 54: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/54.jpg)
www.mikrotik.co.id 54Mikrotik Indonesia http://www.mikrotik.co.id01-54
RB493(AH)
• 9 ethernet, 3 minipci
• Processor :
– Atheros AR7161 680-800MHz (493AH)
– Atheros AR7130 300MHz (493)
• RAM: 64MB
• RouterOS:
– Level 4 (RB493)
– Level 5 (RB493AH)
![Page 55: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/55.jpg)
www.mikrotik.co.id 55Mikrotik Indonesia http://www.mikrotik.co.id01-55
RB450G
• 5 gigabit port
• Tanpa minipci slot
• Processor : AtherosAR7161 680 MHz
• RAM: 256 MB
• RouterOS Level 5
• MicroSD Slot (RB450G)
![Page 56: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/56.jpg)
www.mikrotik.co.id 56
RB750 (G)
• Produk routerboardterbaru danterkecil
• Processor :AR7240 400Mhz (750)AR7161 680MHz (750G)
• 5 ethernet port (750)5 gigabit port (750G)
• Lisensi Level 4
Mikrotik Indonesia http://www.mikrotik.co.id01-56
![Page 57: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/57.jpg)
www.mikrotik.co.id 5701-57
Wireless (Interface)
• R52H
– Atheros chipset
– MiniPCI type interface
– 350 mWatt
– 3 band wireless
• 2.4 GHz,
• 5.2 GHz,
• 5.8 GHz
– Custom Frequency Support
• 2.1 – 2.5 GHz
• 4.9 – 6.0 GHz
![Page 58: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/58.jpg)
www.mikrotik.co.id 5801-58
R52N• Dual band IEEE 802.11a/b/g/n standard • Output Power of up to 25dBm @ b/g/n
Band • Support for up to 2x2 MIMO with spatial
multiplexing • Four times the throughput of 802.11a/g
• Atheros AR9220, chipset
• 2 X U.FL Antenna Connector
• Operating temperatures: 0ºC to 60ºC • Power consumption MAX 2.4W
• Modulations: OFMD: BPSK, QPSK, 16 QAM, 64QAM DSSS: DBPSK, DQPSK, CCK
NEWPRODUCT
� High Performance (up to 300Mbps physical data rates and 200Mbps of actual user throughput) with Low Power Consumption
� ESD protection agaist +/-10kV ESD discharge on Antenna port
![Page 59: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/59.jpg)
www.mikrotik.co.id 59
RouterOS & RouterBoard in Action
• Produk-Produk Mikrotik yang cukup lengkap dengan “RouterOS” dan “RouterBoard” -nya memberikan Berbagai pilihan yang variatif.
• Berikut adalah Product Guide untuk memberikan Anda gambaran, manakah produk yang cocok untuk Computer Network yang Anda miliki :– Cyber Cafe / Warnet / SOHO– Public Area Network / Hotspot– Office– RT/RW - NET– WISP– ISP
![Page 60: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/60.jpg)
www.mikrotik.co.id 60
Mikrotik - @Cyber Cafe
Debug, Gigabit, Storage
3 - 20 Mbps16 - 30RB450G
Debug< 3Mbps< 16 RB450
NoDebug,Gigabit3 - 5 Mbps16 - 30RB750G
NoDebug, Value< 3Mbps< 16 RB750
FeatureCapacityUserBoard
RB750 / RB750G
![Page 61: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/61.jpg)
www.mikrotik.co.id 61
Mikrotik - @Office
Debug, 9 Port, Performance
3 - 20 Mbps16 - 30RB493AH
Debug, 9 port< 3Mbps< 16 RB493
Debug,Gigabit, Storage
3 - 20 Mbps16 - 30RB450G
Debug< 3Mbps< 16 RB450
FeatureCapacityUserBoard
RB450 / RB450G
![Page 62: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/62.jpg)
www.mikrotik.co.id 62
Mikrotik - @Hotspot
Performance, Cache
3 - 20 Mbps16 - 30RB433AH
Performance3 - 5 Mbps16 - 30RB433
USB, Mobile< 3Mbps< 16 RB411U
Value< 3Mbps< 16 RB411AR
FeatureCapacityUserBoard
RB411AR / RB411U
![Page 63: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/63.jpg)
www.mikrotik.co.id 63
Mikrotik - @RT/RW-Net
Performance,2 & 5 Ghz
3 - 20 Mbps16 - 30RB411AH
Value, 2 Ghz only
< 3 Mbps< 16RB411R
FeatureCapacityUserBoard
AP-Side
Client-Side
AP-Side Client-Side
Performance,2 & 5 Ghz
3 - 5 Mbps16 - 30RB433
Performance,2 & 5 Ghz
3 - 5 Mbps16 - 30RB433AH
Value, 2 Ghz only
< 3 Mbps< 16RB411AR
FeatureCapacityUserBoard
![Page 64: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/64.jpg)
www.mikrotik.co.id 64
Mikrotik - @WISP
Performance, 2 & 5 Ghz
3 - 20 Mbps16 - 30RB411AH
Value, 2 & 5 Ghz
< 3 Mbps< 16RB411
FeatureCapacityUserBoard
AP-Side Client-Side
AP-Side
Client-Side
Performance,2 & 5 Ghz
3 - 5 Mbps16 - 30RB433
Performance,2 & 5 Ghz
3 - 5 Mbps16 - 30RB433AH
Value, 2 & 5 Ghz
< 3 Mbps< 16RB411U
FeatureCapacityUserBoard
![Page 65: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/65.jpg)
www.mikrotik.co.id 65
Mikrotik - @ISP
NAP
NAP / IIX NAP
Gateway Router
Bandwith Management
Ditribusi Router
Clients
Performance, Flexibility
> 1 Gbps~MultiCore PC + Mikrotik
Performance, 13 port
1 Gbps~RB1100
Performance, 9 port
3 - 20 Mbps16 - 30RB493AH
Value3 - 20 Mbps16 - 30RB450G
FeatureCapacityUserBoard
![Page 66: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/66.jpg)
www.mikrotik.co.id 66
Thank You
• Q & A
• Door Prize !?
![Page 67: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/67.jpg)
www.mikrotik.co.id 6700-67 Mikrotik Indonesia http://www.mikrotik.co.id
Konfigurasi Network
IIXINTERNET
USER
ROUTER
10.10.10.1/24
10.10.10.2/24
172.16.0.1/24
172.16.0.2/24
192.168.0.1/24
192.168.0.2-254/24
![Page 68: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/68.jpg)
www.mikrotik.co.id 6800-68 Mikrotik Indonesia http://www.mikrotik.co.id
Labs
• Instalasi Mikrotik
– Identity, User Management, NTP
– Interface Setting, Bridge Port
– IP Address, NAT, DHCP Server, DNS
– Web Proxy (transparan), HIT-MISS
– Dual Gateway (lokal dan internasional)
– QoS � simple queue!
![Page 69: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/69.jpg)
www.mikrotik.co.id 6900-69 Mikrotik Indonesia http://www.mikrotik.co.id
Remote Control
• Untuk mengakses dan melakukankonfigurasi RouterOS Mikrotik, dapatmenggunakan :
– Terminal : monitor dan keyboard
– Serial Console / RS232 / DB9
– (mac)Telnet / SSH
– (mac)Winbox
– API
![Page 70: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/70.jpg)
www.mikrotik.co.id 703/18/201000-70 Mikrotik Indonesia http://www.mikrotik.co.id
System Identity
• Ubahlah System Identity untukmemudahkan mengenal router mana yang sedang kita akses
![Page 71: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/71.jpg)
www.mikrotik.co.id 713/18/201000-71 Mikrotik Indonesia http://www.mikrotik.co.id
User Management
• Buat user baru dan hak akses full, lalu non aktifkanlah user admin.
![Page 72: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/72.jpg)
www.mikrotik.co.id 723/18/201000-72 Mikrotik Indonesia http://www.mikrotik.co.id
Interface Setting
• Untuk router dengan interface yang cukupbanyak, akan lebih memudahkan kalaukita menggunakan bridge sebagaiinterface virtual per fungsi :
– Local
– Gateway Internasional
– Gateway IIX
![Page 73: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/73.jpg)
www.mikrotik.co.id 733/18/201000-73 Mikrotik Indonesia http://www.mikrotik.co.id
Interface Setting
• Aktifkanlah fitur firewall untuk interface bridge
![Page 74: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/74.jpg)
www.mikrotik.co.id 743/18/201000-74 Mikrotik Indonesia http://www.mikrotik.co.id
Interface Setting• Buatlah bridge untuk masing-masing
fungsi
![Page 75: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/75.jpg)
www.mikrotik.co.id 753/18/201000-75 Mikrotik Indonesia http://www.mikrotik.co.id
Interface Setting
• Untuk mencegah terjadinya bridge-loop, aktifkanlah RSTP, pada setiap interface bridge
![Page 76: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/76.jpg)
www.mikrotik.co.id 763/18/201000-76 Mikrotik Indonesia http://www.mikrotik.co.id
Interface Setting
• Masukkanlah interface yang kita inginkanke dalam bridge sesuai fungsinya
– bridge-gw-intl � ether1
– bridge-gw-iix � ether2
– bridge-lokal � ether3, wlan1, wlan2
![Page 77: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/77.jpg)
www.mikrotik.co.id 773/18/201000-77 Mikrotik Indonesia http://www.mikrotik.co.id
Layer 3 Setting
• IP to gateway internasional : 172.16.0.2/24
• Gateway internasional : 172.16.0.1
• IP to gateway IIX : 10.10.10.2/24
• Gateway IIX : 10.10.10.1
• DNS : 10.100.100.1
• NTP server : 10.100.100.1
• Lokal network : 192.168.0.1/24
• IP client : 192.168.0.2-254/24
![Page 78: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/78.jpg)
www.mikrotik.co.id 783/18/201000-78 Mikrotik Indonesia http://www.mikrotik.co.id
Layer 3 Setting
• Menambahkan IP Address
![Page 79: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/79.jpg)
www.mikrotik.co.id 793/18/201000-79 Mikrotik Indonesia http://www.mikrotik.co.id
Layer 3 Setting
• IP Address
![Page 80: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/80.jpg)
www.mikrotik.co.id 803/18/201000-80 Mikrotik Indonesia http://www.mikrotik.co.id
Layer 3 Setting
• Default Gateway � gw internasional
![Page 81: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/81.jpg)
www.mikrotik.co.id 813/18/201000-81 Mikrotik Indonesia http://www.mikrotik.co.id
DNS Setting
• Masukkan parameter DNS server, danallow remote request
![Page 82: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/82.jpg)
www.mikrotik.co.id 823/18/201000-82 Mikrotik Indonesia http://www.mikrotik.co.id
Setting NTP• Jika menggunakan routerboard, kita tidak
memiliki baterai BIOS. Setting waktu akan reset
setiap mesin hidup. Gunakanlah NTP
![Page 83: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/83.jpg)
www.mikrotik.co.id 833/18/201000-83 Mikrotik Indonesia http://www.mikrotik.co.id
Setting Time Zone
• Pilihlah timezone yang tepat : “Asia/Jakarta”
![Page 84: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/84.jpg)
www.mikrotik.co.id 8400-84 Mikrotik Indonesia http://www.mikrotik.co.id
Test!
• Ping to yahoo.com
![Page 85: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/85.jpg)
www.mikrotik.co.id 8500-85 Mikrotik Indonesia http://www.mikrotik.co.id
Source-NAT
• Karena client menggunakan IP Address lokal, maka kita perlu menggunakansource-nat. Proses ini akanmenerjemahkan IP Address client, menjadi IP Address router, sehingga bisadikenali network di atasnya.
![Page 86: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/86.jpg)
www.mikrotik.co.id 863/18/201000-86 Mikrotik Indonesia http://www.mikrotik.co.id
Source-NAT
![Page 87: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/87.jpg)
www.mikrotik.co.id 873/18/201000-87 Mikrotik Indonesia http://www.mikrotik.co.id
DHCP Server
• DHCP Server memungkinkan client mendapatkan konfigurasi IP Address dangateway secara otomatis
![Page 88: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/88.jpg)
www.mikrotik.co.id 883/18/201000-88 Mikrotik Indonesia http://www.mikrotik.co.id
DHCP Server
![Page 89: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/89.jpg)
www.mikrotik.co.id 893/18/201000-89 Mikrotik Indonesia http://www.mikrotik.co.id
1
2
3
4
5
6
![Page 90: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/90.jpg)
www.mikrotik.co.id 9000-90 Mikrotik Indonesia http://www.mikrotik.co.id
Test dari client
• Test ping dari Router ke Gateway (172.16.0.1 dan10.10.10.1)– Jika error : Cek IP Address pada bridge-gw
• Test ping dari Router ke Internet (contoh: yahoo.com)– Jika error : Cek DNS Server Setting
• Test ping dari laptop ke router Anda (192.168.0.1)– Jika error : Cek konfigurasi laptop, Cek IP Address pada
bridge-lokal
• Test ping dari laptop ke Gateway (172.16.0.1)– Jika error : Cek Firewall - NAT
• Test ping dari laptop ke Internet (contoh: yahoo.com)– Jika error : Cek setting DNS pada laptop dan router
![Page 91: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/91.jpg)
www.mikrotik.co.id 913/18/201000-91 Mikrotik Indonesia http://www.mikrotik.co.id
Web Proxy• Pada beberapa routerboard, kita bisa
menambahkan CF/SD sebagai storage proxy
• Pada PC, gunakanlah HD secondary (berbeda
dengan system)
![Page 92: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/92.jpg)
www.mikrotik.co.id 923/18/201000-92 Mikrotik Indonesia http://www.mikrotik.co.id
Web Proxy
• Konfigurasi Web Proxy
![Page 93: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/93.jpg)
www.mikrotik.co.id 933/18/201000-93 Mikrotik Indonesia http://www.mikrotik.co.id
![Page 94: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/94.jpg)
www.mikrotik.co.id 943/18/201000-94 Mikrotik Indonesia http://www.mikrotik.co.id
Proteksi Web Proxy• Jangan sampai web-proxy digunakan juga
dari luar jaringan � access-list
![Page 95: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/95.jpg)
www.mikrotik.co.id 953/18/201000-95 Mikrotik Indonesia http://www.mikrotik.co.id
Dst-NAT
![Page 96: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/96.jpg)
www.mikrotik.co.id 963/18/201000-96 Mikrotik Indonesia http://www.mikrotik.co.id
Web Proxy
• Pastikanlah web-proxy sudah berjalan baikdengan mencoba browsing dan melihatstatus
![Page 97: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/97.jpg)
www.mikrotik.co.id 973/18/201000-97 Mikrotik Indonesia http://www.mikrotik.co.id
Pengaturan Routing dan QoS
• Untuk bisa melakukan pengaturan routing dan QoS, kita harus memahami Packet Flow
![Page 98: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/98.jpg)
www.mikrotik.co.id 983/18/201000-98 Mikrotik Indonesia http://www.mikrotik.co.id
IP Flow (simple diagram)
OUTPUT INTERFACE
FORWARDPOST
ROUTINGPRE
ROUTING
INPUT OUTPUTLOCAL
PROCESS
INPUTINTERFACE
INTERFACE QUEUE / HTB
PREROUTINGHotspot InputConn-TrackingMangleDst-NATGlobal-In QueueGlobal-Total Queue
POSTROUTINGMangleGlobal-Out QueueGlobal-Total QueueSource-NATHotspot Output
OUTPUTBridge DecisionConn-TrackingMangleRouting AdjusmentFilter
FORWARDBridge DecisionTTL = TTL - 1MangleFilterAcounting
INPUTMangleFilter
![Page 99: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/99.jpg)
www.mikrotik.co.id 993/18/201000-99 Mikrotik Indonesia http://www.mikrotik.co.id
IP Flow (RoSv3)
OUTPUT INTERFACE
FORWARD
POSTROUTING
PREROUTING
INPUT OUTPUT
BRIDGEDST-NAT
BRIDGEINPUT
BRIDGEFORWARD
BRIDGEOUTPUT
BRIDGESRC-NAT
INPUT isBridged?
Use ipfirewall
Bridge Decision
Routing Decision
Routing Decision
Bridge Decision
OUTPUT isBridged?
LOCALPROCESS-IN
LOCALPROCESS-OUT
INPUTINTERFACE
IPSECDECRYPTION
IPSECENCRYPTION
IPsecPolicy
IPsecPolicy
INTERFACE QUEUE / HTB
+
+ +
+
+
+
-
-
-
-
-
-
PREROUTINGHotspot InputConn-TrackingMangleDst-NATGlobal-In QueueGlobal-Total Queue
POSTROUTINGMangleGlobal-Out QueueGlobal-Total QueueSource-NATHotspot Output
OUTPUTBridge DecisionConn-TrackingMangleRouting AdjusmentFilter
FORWARDBridge DecisionTTL = TTL - 1MangleFilter
Acounting
INPUTMangle
Filter
Use ipfirewall
Use ipfirewall
+
-
+
-
+
-
![Page 100: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/100.jpg)
www.mikrotik.co.id 1003/18/201000-100 Mikrotik Indonesia http://www.mikrotik.co.id
Posisi Chain
Outside
Outside
Router /
Local
process
To
Global-totalPostrouting
Interface
Global-outForwardForward
Global-inPreroutingOutside
Interface
Global-TotalPostrouting
Global-OutOutputOutputRouter/
Local
process
Global-TotalInputInput
Global-inPreroutingOutside
QueueFirewallMangleFrom
![Page 101: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/101.jpg)
www.mikrotik.co.id 10100-101 Mikrotik Indonesia http://www.mikrotik.co.id
Proxy (single gateway)ROUTER
SRC-NAT
DST-NAT
TCP 80
PROXY
2
1
3
1 Direct 2 MISS 3 HIT
![Page 102: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/102.jpg)
www.mikrotik.co.id 10200-102 Mikrotik Indonesia http://www.mikrotik.co.id
Proxy – HIT - MISS
• Web Proxy bertugas menyimpan data file yang
diakses user, dan memberikan kepada user
berikutnya jika mengakses file yang sama.
– Jika tersedia di cache …. Akan langsung diberikan….. disebut HIT
– Jika tidak tersedia, proxy akan meminta ke server, menyimpannya di cache, dan memberikan ke client …… disebut MISS
• Konsep, jika sudah tersedia di cache, perlukah
kita melimit ?
![Page 103: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/103.jpg)
www.mikrotik.co.id 10300-103 Mikrotik Indonesia http://www.mikrotik.co.id
Pengenalan HIT
• Jika terjadi akses HIT di proxy, proxy akanmemberikan nilai TOS = 4 (nilai 4 bisadiubah sesuai kebutuhan)
• Nilai TOS = 4 ini bisa digunakan sebagaiparameter pada Mangle.
![Page 104: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/104.jpg)
www.mikrotik.co.id 10400-104 Mikrotik Indonesia http://www.mikrotik.co.id
Mangle dan QOS
• Kita akan membuat mangle � packet mark yang bisa digunakan oleh semuaclient
• Simple queue … 1 rule untuk upload dandownload � packet mark yang kita buatharus untuk upload dan download sekaligus
• Penandaan client berdasarkan IP Address akan dilakukan di simple queue
![Page 105: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/105.jpg)
www.mikrotik.co.id 1053/18/201000-105 Mikrotik Indonesia http://www.mikrotik.co.id
Setting Mangle
Cukup membuat 3 mangle berikut untuk seluruhclient
0 chain=output action=mark-packet new-packet-mark=packet-HIT passthrough=no out-interface=bridge-lokal dscp=4
1 chain=output action=mark-packet new-packet-mark=packet-CLIENT passthrough=no out-interface=bridge-lokaldscp=!4
2 chain=prerouting action=mark-packet new-packet-mark=packet-CLIENT passthrough=no
![Page 106: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/106.jpg)
www.mikrotik.co.id 1063/18/201000-106 Mikrotik Indonesia http://www.mikrotik.co.id
Setting Simple Queue
0 name="QUEUE-CLIENT" target-addresses=192.168.0.254/32 packet-marks=packet-CLIENT direction=both priority=8 max-limit=256000/256000
1 name="QUEUE-HIT" target-addresses=192.168.0.254/32 packet-marks=packet-HIT direction=both priority=8 max-limit=1000000/1000000
![Page 107: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/107.jpg)
www.mikrotik.co.id 1073/18/201000-107 Mikrotik Indonesia http://www.mikrotik.co.id
Pengaturan Dual Gateway
• Untuk memisahkan trafik domestik daninternasional, kita menggunakan daftar IP Address List NICE� www.mikrotik.co.id …. Download area
![Page 108: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/108.jpg)
www.mikrotik.co.id 1083/18/201000-108 Mikrotik Indonesia http://www.mikrotik.co.id
Address List NICE
![Page 109: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/109.jpg)
www.mikrotik.co.id 1093/18/201000-109 Mikrotik Indonesia http://www.mikrotik.co.id
Import
• Download script:/tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc;
• Jalankan dengan perintah “/import nice.rsc”
• Copy-paste pada terminal
• Download otomatis :lihat di :http://www.mikrotik.co.id/artikel_lihat.php?id=23
![Page 110: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/110.jpg)
www.mikrotik.co.id 1103/18/201000-110 Mikrotik Indonesia http://www.mikrotik.co.id
Address-List
• Saat ini ada sekitar600-an baris address-list
• Daftar ini merupakanhasil optimasi dari2000an baris padaBGP IIX
• Proses optimasidilakukan setiap jam
![Page 111: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/111.jpg)
www.mikrotik.co.id 1113/18/201000-111 Mikrotik Indonesia http://www.mikrotik.co.id
Mark Connection
![Page 112: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/112.jpg)
www.mikrotik.co.id 1123/18/201000-112 Mikrotik Indonesia http://www.mikrotik.co.id
Mark Routing
![Page 113: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/113.jpg)
www.mikrotik.co.id 1133/18/201000-113 Mikrotik Indonesia http://www.mikrotik.co.id
Mark Routing for Proxy
![Page 114: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/114.jpg)
www.mikrotik.co.id 1143/18/201000-114 Mikrotik Indonesia http://www.mikrotik.co.id
Mangle
[valens@Router] /ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic
0 chain=prerouting action=mark-connectionnew-connection-mark=conn-iix passthrough=yes
dst-address-list=nice in-interface=bridge-lokal
1 chain=prerouting action=mark-routingnew-routing-mark=route-iix passthrough=yes
in-interface=bridge-lokal connection-mark=conn-iix
2 chain=output action=mark-routingnew-routing-mark=route-iix passthrough=yes
dst-address-list=nice out-interface=bridge-gw-intl
![Page 115: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/115.jpg)
www.mikrotik.co.id 1153/18/201000-115 Mikrotik Indonesia http://www.mikrotik.co.id
Policy Routing
![Page 116: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/116.jpg)
www.mikrotik.co.id 1163/18/201000-116 Mikrotik Indonesia http://www.mikrotik.co.id
Test!
• Cek apakah ping ke IIX melalui interface IIX
• Cek apakah browsing ke IIX melaluiinterface IIX
![Page 117: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/117.jpg)
www.mikrotik.co.id 1173/18/201000-117 Mikrotik Indonesia http://www.mikrotik.co.id
Proxy dan Dual GatewayROUTER
IIX
SRC-NAT
DST-NAT
TCP 80
PROXY
2
1
3
4
5
6
INTERNA-SIONAL
1 Direct IIX 3 MISS IIX 5 MISS Intl
2 Direct Intl 4 HIT IIX 6 HIT Intl
![Page 118: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/118.jpg)
www.mikrotik.co.id 1183/18/201000-118 Mikrotik Indonesia http://www.mikrotik.co.id
Mangle List
![Page 119: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/119.jpg)
www.mikrotik.co.id 1193/18/201000-119 Mikrotik Indonesia http://www.mikrotik.co.id
Mangle List (packet mark)3 ;;; packet mark direct iix (1)
chain=prerouting action=mark-packet new-packet-mark=packet-iixpassthrough=no connection-mark=conn-iix
4 ;;; packet mark direct internasional (2)
chain=prerouting action=mark-packet new-packet-mark=packet-intlpassthrough=no connection-mark=!conn-iix
5 ;;; packet mark iix hit (4)
chain=output action=mark-packet new-packet-mark=packet-iix-hit passthrough=no out-interface=bridge-lokal connection-mark=conn-iix dscp=4
6 ;;; packet mark iix miss (3)chain=output action=mark-packet new-packet-mark=packet-iixpassthrough=no out-interface=bridge-lokal connection-mark=conn-iixdscp=!4
7 ;;; packet mark internasional hit (6)chain=output action=mark-packet new-packet-mark=packet-intl-hit passthrough=no out-interface=bridge-lokal connection-mark=!conn-iixdscp=4
8 ;;; packet mark internasional miss (5)
chain=output action=mark-packet new-packet-mark=packet-intlpassthrough=no out-interface=bridge-lokal connection-mark=!conn-iixdscp=!4
![Page 120: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/120.jpg)
www.mikrotik.co.id 1203/18/201000-120 Mikrotik Indonesia http://www.mikrotik.co.id
Simple Queue
![Page 121: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/121.jpg)
www.mikrotik.co.id 1213/18/201000-121 Mikrotik Indonesia http://www.mikrotik.co.id
Simple Queue0 name="queue-client1-254-iix" target-addresses=192.168.0.254/32 dst-
address=0.0.0.0/0 interface=all parent=none packet-marks=packet-iixdirection=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=64000/64000 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
1 name="queue-client1-254-iix-hit" target-addresses=192.168.0.254/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-iix-hit direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=256000/256000 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
2 name="queue-client1-254-intl" target-addresses=192.168.0.254/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-intldirection=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=16000/16000 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
3 name="queue-client1-254-intl-hit" target-addresses=192.168.0.254/32 dst-address=0.0.0.0/0 interface=all parent=none packet-marks=packet-intl-hit direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=256000/256000 burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
![Page 122: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/122.jpg)
www.mikrotik.co.id 1223/18/201000-122 Mikrotik Indonesia http://www.mikrotik.co.id
Note
• Jika ingin menyamakan trafik HIT IIX danHIT internasional, buatlah packet mark yang sama untuk kedua trafik HIT tersebut.
• Jika ingin tidak melimit trafik HIT, tidakperlu dibuat simple queue nya, atau bisamembuat 1 rule untuk semua client
![Page 123: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/123.jpg)
www.mikrotik.co.id 1233/18/201000-123 Mikrotik Indonesia http://www.mikrotik.co.id
Additional Note
• Perbedaan dengan cara mangle lainnya:
– Rule mangle cukup dibuat 1 set, dan bisa
digunakan untuk semua client. Tidak perlu
membuat 1 set mangle per client.
– Simple queue dapat digunakan dengan jauh
lebih sederhana daripada queue tree, karena
bisa langsung mendeklarasikan IP Address
client, dan tetap bisa menggunakan packet
mark.
![Page 124: Mikrotik Most Wanted](https://reader031.vdocuments.net/reader031/viewer/2022020714/544f5cbbb1af9f4b298b4dda/html5/thumbnails/124.jpg)
www.mikrotik.co.id 124
Thank You!
Diijinkan menggunakan sebagian atau seluruh materi pada modul ini,
baik berupa ide, foto, tulisan, konfigurasi, diagram, selama untukkepentingan pengajaran, dan memberikan kredit kepada penulis dan
link ke www.mikrotik.co.id