Professional Documents
Culture Documents
Materi Mikrotik MTCNA-05-2012 PDF
Materi Mikrotik MTCNA-05-2012 PDF
Jadwal Training
00-2
Session 1
Session 2
Hari 1
Introduction
Pre-Test
TCP/IP
Instalation
Hari 2
Bridge
Hari 3
Firewall
Hari 4
Hotspot
Session 3
Session 4
Basic Configuration
Wireless
Routing
QOS
VPN
Test
5/8/12
Jadwal Harian
00-3
Sessi 1
Coffee Break
Sessi 2
Lunch
Sessi 3
Coffee Break
Sessi 4
08.30 10.00
10.00 10.30
10.30 - 12.00
12.00 13.00
13.00 14.30
14.30 15.00
15.00 - 17.00
5/8/12
00-4
Basic/Essential Training
l MikroTik Certified Network Associate (MTCNA)
Advanced Training
l Certified Wireless Engineer (MTCWE)
l Certified Routing Engineer (MTCRE)
l Certified Traffic Control Engineer (MTCTCE)
l Certified User Managing Engineer (MTCUME)
l Certified Inter Networking Engineer (MTCINE)
5/8/12
Certification Test
00-5
5/8/12
Introduction to Mikrotik
One engineer:
Mikrotik Certified Consultant (2005)
http://www.mikrotik.com/consultants.html
01-7
5/8/12
Head Office
l
Rep. Office
l
01-8
5/8/12
What Is Mikrotik?
l
l
01-9
5/8/12
What Is Mikrotik?
01-10
5/8/12
Processor
RAM
Ether
RB800
MPC8544 800MHz
256MB
3 (gig)
RB435G
AR71xx 680MHz
256MB
3 (gig)
RB433UAH
AR71xx 680MHz
128MB
RB433/ AH
AR71xx 300/680MHz
64MB/128MB
4/5
RB411UAHR
64MB
RB411AH
64MB
RB411U/ AR
32MB/64MB
1/-
-/1
GrooveA-5Hn
AR72xx 400MHz
64MB
RB711A-5nH
AR72xx 400MHz
64MB
Groove-5Hn
AR72xx 400MHz
32MB
RB711-5nH
AR72xx 400MHz
32M
5/8/12
Processor
RAM
Ethernet
MiniPCI Lisensi
2GB
13 (gigabit)
RB1100AH
PPC 1Ghz
2GB
13 (gigabit)
RB1200
PPC 1Ghz
512MB
10 (gigabit)
RB493G
256MB
9 (gigabit)
64MB / 128MB
4/5
RB493 / AH
RB450G
256MB
5 (gigabit)
RB450
32MB
RB750
AR72xx 400MHz
32MB
RB750GL
AR72xx 400MHz
64MB
5 (gigabit)
01-12
5/8/12
Discontinued Hardware
RB100 series
l
l
01-13
RB230
RB411A,RB411R
RB532,RB511
RB600 series
RB600
RB700 series
l
RB333
RB400 series
l
RB500 series
RB300series
l
RB112,RB133,RB133C
RB153,RB150,RB192
RB200 series
l
RB750G
RB1000 series
l
RB1000, RB1100
5/8/12
RB1100AH / X2
2 Gbps
1U rackmount
Bypass Function
01-14
5/8/12
RB800
01-15
3 Gigabit Ethernet
4 Minipci Slot
DoughterBoard Expandable
CF slot
MPC8544 800MHz CPU
256 DDR SDRAM
RouterOS Level 5
5/8/12
RB433UAH
01-16
3 Ethernet, 3 Minipci
Atheros AR7161 680MHz
RAM: 128MB
With micro-SD slot
RouterOS Level 5
2 port USB
5/8/12
RB411 / U / AR / AH / UAHR
CPU: Atheros
l
l
Memory:
l 32 MB (411/U)
l
64MB (411AR/UAHR/AH)
01-17
Level 4 (411U/AR/AH/UAHR)
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
RB493/AH/G
01-18
RAM: 64MB
RouterOS:
l
Level 4 (RB493)
5/8/12
Embeded Solution
NEW
PRODUCT
01-19
5/8/12
RB450 / G
01-20
5/8/12
RB750 / GL
01-21
Produk routerboard
terhemat dan
terkecil
Processor :
AR7240 400Mhz
5 ethernet port (750)
5 gigabit port (750GL)
Lisensi Level 4
5/8/12
RB751U-2HND
01-22
For Modem
For Flashdisk
5/8/12
Wireless Interface
R52/H (a/b/g)
l
l
l
l
Atheros chipset
MiniPCI type interface
65 mWatt / 350 mWatt
3 band wireless
01-23
5/8/12
R52N (a/b/g/n)
01-24
NEW
PRODUCT
5/8/12
Wireless N - Performance
01-25
5/8/12
01-26
Industrial grade
Performance :
l
NEW
PRODUCT
5/8/12
Performance :
l
01-27
Industrial grade
PRODUCT
5/8/12
01-28
5/8/12
Mikrotik RouterOS
01-29
5/8/12
IP Routing
l
l
l
Interface
l
l
l
l
Bandwidth Management
l
01-30
Firewall
l
5/8/12
Services (Server)
l
AAA
l
l
01-31
Monitoring
l
VRRP
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Licence Level
Level
Upgrade time
Wireless CPE/PTP
yes
Wireless AP
no
yes
Sync Interface
no
yes
EoIP
unlimited
PPPoE
200
200
500
unlimited
unlimited
unlimited
yes
Dynamic Routing
RB = yes
yes
200
500
unlimited
10
20
50
unlimited
01-32
5/8/12
01-33
5/8/12
Buyers Guide
01-34
RB1100AHx2
RB1200, RB1100AH
Mikrobits : Dinara
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Mikrotik Installation
Installasi Mikrotik
Harddisk
CF Disk
DOM (Disk On Module)
02-36
Routerboard
5/8/12
Installation Method
CD
l
l
Netinstall
l
l
02-37
CD-Rom Required
PXE,EtherBoot Required
5/8/12
Download Area
02-38
5/8/12
CD Installation (1)
02-39
5/8/12
CD Installation (2)
02-40
5/8/12
CD Installation (3)
Choose Yes
Yes/No
Creating partition...
Formatting disk...
Software installed.
02-41
5/8/12
Installation Check
02-42
Welcome menu
5/8/12
Demo
02-43
5/8/12
02-44
5/8/12
02-45
5/8/12
02-46
5/8/12
02-47
5/8/12
Netinstall
Switch
Network:
192.168.1.0/24
IP Address:
192.168.1.10/24
RS-232
02-48
5/8/12
Netinstall
02-49
5/8/12
Netinstall
02-50
5/8/12
Netinstall - Config
02-51
5/8/12
02-52
5/8/12
02-53
5/8/12
02-54
5/8/12
Netinstall - Install
02-55
5/8/12
02-56
5/8/12
Netinstall - Install
02-57
5/8/12
Netinstall Reboot
02-58
5/8/12
Netinstall - Cleanup
02-59
Video Tutorial :
http://www.mikrotik.co.id/artikel_lihat.php?id=25
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Reset Password
02-60
Hard Reset :
5/8/12
02-61
5/8/12
RouterOS Package
02-62
Nama Paket
Fungsi
advanced-tools
dhcp
hotspot
hotspot gateway
ntp
NTP server
ppp
PPP,PPTP,L2TP,PPPoE
routerboard
routing
security
wireless
Wireless 802.11a/b/g
user-manager
ipv6
IPv6
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Version Upgrade
02-63
5/8/12
FTP ke Router
IP Router
02-64
5/8/12
Version Downgrade
02-65
5/8/12
02-66
5/8/12
5/8/12
02-68
5/8/12
Quick Typing
l
02-69
= /system shutdown
5/8/12
RouterOS Basic
Configuration
Certified Mikrotik Training Basic Class
Organized by: Citraweb Nusa Infomedia
(Mikrotik Certified Training Partner)
Winbox - Download
03-71
5/8/12
WLAN1
10.10.10.1/24
WLAN1
10.10.10.X/24
ETHER1
192.168.1.1/24
ETHER1
192.168.2.1/24
ETHER1
192.168.X.1/24
ETHERNET PORT
192.168.1.2/24
ETHERNET PORT
192.168.2.2/24
ETHERNET PORT
192.168.X.2/24
MEJA 1
03-72
WLAN1
10.10.10.2/24
MEJA 2
Mikrotik Indonesia http://www.mikrotik.co.id
MEJA X
5/8/12
IP Configuration
Lab-1 adalah sebuah simulasi
konfigurasi dasar sebuah Router
Mikrotik yang akan digunakan di
jaringan local seperti Warnet,
Office, Kampus atau bahkan di
RT/RW-NET
X = nomor peserta
03-73
Routerboard Setting
l WAN IP
: 10.10.10.x/24
l Gateway
: 10.10.10.100
l LAN IP
: 192.168.x.1/24
l DNS
: 10.100.100.1
l Src-NAT and DNS Server
Laptop Setting
l IP Address : 192.168.x.2/24
l Gateway
: 192.168.x.1
l DNS
: 192.168.x.1
5/8/12
Laptop Config
03-74
5/8/12
First Setup
03-75
5/8/12
03-76
5/8/12
03-77
Aktifkan Interface
Wireless Wlan1
5/8/12
03-78
5/8/12
03-79
5/8/12
03-80
5/8/12
03-81
5/8/12
Konfigurasi IP Address
l
Konfigurasi NAT
l
03-82
5/8/12
Installation Debug
03-83
5/8/12
03-84
5/8/12
[LAB-7] NTP
Set enable
Set mode unicast
Set IP NTP server
- id.pool.ntp.org - pool.ntp.org - ntp.nasa.gov 03-85
5/8/12
System - Clock
03-86
5/8/12
03-87
5/8/12
03-88
5/8/12
System Reset
03-89
5/8/12
03-90
5/8/12
03-91
5/8/12
03-92
5/8/12
03-93
5/8/12
DHCP Server
03-94
5/8/12
03-95
5/8/12
4
192.168.1.1
5
03-96
6
7
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
03-97
5/8/12
DHCP Test
03-98
5/8/12
DHCP Management
03-99
5/8/12
DHCP Static
03-100
5/8/12
DHCP Client
03-101
5/8/12
03-102
5/8/12
Interface
l
03-103
5/8/12
03-104
5/8/12
03-105
5/8/12
03-106
5/8/12
03-107
5/8/12
About User
03-108
5/8/12
03-109
5/8/12
03-110
IP-Winbox
Telnet
SSH
WebFig
5/8/12
03-111
5/8/12
03-112
5/8/12
03-113
5/8/12
ARP Protocol
03-114
5/8/12
ARP Security !
03-115
5/8/12
Monitoring - Ping
Tool monitoring
l
Ping
03-116
5/8/12
03-117
Flood Ping
5/8/12
Monitoring - Traceroute
Traceroute
l
03-118
Traceroute determines
how packets are being
routed to a particular
host
We can choose the
protocol : ICMP or UDP
5/8/12
Monitoring - Torch
03-119
5/8/12
Monitoring - Resource
Resource
l
03-120
To monitor the
System.
Detail Resource
monitor located on
right side buttons
5/8/12
03-121
5/8/12
Basic TCP/IP
Training Outline
OSI Layer
Packet Header
Mac Address
IP Address and subnetting
IP Protocol
Basic networking, DNS, gateway
04-123
5/8/12
Internet Topologi
5/8/12
Application Set
Application
Transport
Link
Transport Set
Network
Open Systems
Interconnection (OSI)
adalah sebuah model
referensi arsitektur
antarmuka jaringan yang
dikembangkan oleh ISO
yang kemudian menjadi
konsep standard
komunikasi jaringan di
hampir semua perangkat
jaringan.
Physical
04-125
5/8/12
SMTP
HTTP
FTP
Telnet
DNS
DHCP
SNMP
TFTP
UDP
TCP
Transmission Control Protocol
Network
IP
ICMP
04-126
ARP
Link
Physical
5/8/12
Packet Header
IP version (4)
IP Header Length
Type of service
ver
IHL
ToS
16 bit total length
fragment offset flag/length
16 bit identification
TTL
protocol 16 bit header checksum
32 bit source IP Address
Time to Live
32 bit destination IP Address
options (if any)
data
04-127
5/8/12
MAC Address
MAC = Media Access Control
Digunakan sebagai identitas yang unik dari setiap
interface hardware, yang merupakan identitas untuk
berkomunikasi di OSI layer 2.
Sebagian bit merupakan identitas pabrik pembuat
hardware
48 bit hex. Contoh: AA:BB:CC:DD:EE:FF
Jika sebuah router memiliki 3 interface fisik, maka
akan memiliki 3 buah mac address
Untuk virtual interface (VLAN, EoIP) maka
ditambahkan mac address virtual.
04-128
5/8/12
ARP Table
Merupakan protokol
penghubung antara layer 2
data-link dan 3 network.
ARP Table di router
merupakan daftar host yang
terhubung langsung berisi
informasi pasangan mac
address dan
ip address.
Di IPv6 arp digntikan
dengan NDP (Network
Discovery Protocol).
04-129
5/8/12
IP Address
Adalah sistem pengalamatan setiap host yang
terhubung ke jaringan
Saat ini IP Address yang banyak digunakan adalah
IP versi 4. (32 bits / 4 bytes) - 4,294,967,296 hosts
04-130
5/8/12
Pengelompokan IP Address
Pengelompokan IP Address dilakukan dengan
subnet-ing.
Subnet .. 0 32
Melambangkan jumlah IP dalam subnet tersebut
dengan rumus 2(32-x)
Subnet 0 berarti semua IP Address
Subnet 32 berarti 1 IP Address
04-131
5/8/12
IP Subneting (contoh 1)
Contoh:
192.168.0.0/24
l Netmask
: 255.255.255.0
l Prefix
: /24
l IP Network : 192.168.0.0
l First HostIP: 192.168.0.1
l Last HostIP : 192.168.0.254
l Broadcast : 192.168.0.255
l HostIP
: total IP di dalam Subnet () minus 2
04-132
5/8/12
IP Subneting (contoh 2)
Contoh:
192.168.0.0/25
l Netmask
: 255.255.255.128
l Prefix
: /25
l IP Network : 192.168.0.0
l First HostIP: 192.168.0.1
l Last HostIP : 192.168.0.126
l Broadcast : 192.168.0.127
l HostIP
: total IP di dalam Subnet () minus 2
04-133
5/8/12
Tabel Subnet
04-134
Subnet Mask
Prefix
No of IP
Usable IP
255.255.255.0
/24
256
254
255.255.255.128
/25
128
126
255.255.255.192
/26
64
62
255.255.255.224
/27
32
30
255.255.255.240
/28
16
14
255.255.255.248
/29
255.255.255.252
/30
255.255.255.254
/31
255.255.255.255
/32
5/8/12
Public IP Address
Private IP Address
5/8/12
IP / subnet
Self Identification
0.0.0.0/8
Localhost
127.0.0.1
Not Used
Other 127.0.0.0/8
Multicast
224.0.0.0/4
169.245.0.0/16
TEST-NET-1
192.0.2.0/24
TEST-NET-2
198.51.100.0/24
TEST-NET-3
203.0.113.0/24
192.88.99.0/24
Benchmark Test
198.18.0.0/15
Future Used
240.0.0.0/4
Limited Broadcast
255.255.255.255/32
5/8/12
IP Protocol
Adalah protokol standart yang digunakan untuk
mengkomunikasikan data melalui berbagai jenis
perangkat dan layer.
Pengiriman data dilakukan dengan sistem per
paket dan/atau per connection .
Sistem ini menjamin keutuhan data, dan mencegah
terjadinya kekurangan ataupun duplikasi data.
Ada beragam protokol yang biasa digunakan, yang
umum adalah TCP, UDP, dan ICMP.
04-137
5/8/12
04-138
Name
Echo Reply
Unassigned
Unassigned
Destination
Unreachable
Source Quench
Redirect
Alternate Host
Address
Unassigned
Echo
Router
Advertisement
10
Router Solicitation
11
Time Exceeded
5/8/12
04-139
5/8/12
04-140
5/8/12
Connection Oriented
Koneksi diawali dengan proses handshake
Client SYN
Server
Server SYN-ACK Client
Client ACK
Server
Reliable Transmission
Mampu melakukan pengurutan paket data, setiap
byte data ditandai dengan nomor yang unik
Error Detection
Jika terjadi error, bisa dilakukan pengiriman ulang
data
04-141
5/8/12
04-142
5/8/12
Internet
192.168.0.4/24
192.168.0.246/24
192.168.0.191/24
192.168.0.26/24
192.168.0.41/24
04-143
192.168.0.142/24
5/8/12
192.168.0.74/24
10.10.10.34/24
192.168.0.254/24
192.168.1.254/24
192.168.1.48/24
192.168.0.4/24
192.168.0.141/24
192.168.1.4/24
04-144
192.168.1.24/24
5/8/12
Ether1
192.168.0.28/24
Ether3
192.168.4.151/24
04-145
Ether2
192.168.2.74/24
Ether4
192.168.5.211/24
5/8/12
192.168.0.254/24
Internet
192.168.0.4/24
192.168.0.246/24
192.168.0.191/24
192.168.0.26/24
192.168.0.41/24
04-146
192.168.0.142/24
5/8/12
04-147
5/8/12
Bridge - Concept
05-149
5/8/12
Ether6 Ether10
Configured as Bridge Mode
05-150
5/8/12
CLIENT
ROUTER
GATEWAY
WIRELESS
05-151
192.168.0.0/24
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
System Bridge
l
l
l
05-152
5/8/12
Ethernet
VLAN
PPTP
05-153
5/8/12
Bridge!
05-154
5/8/12
222.152.211.0/28
222.152.211.2
Public IP - WEB Server
Public IP - Client
222.152.211.3
222.152.211.4-222.152.211.10
05-155
5/8/12
05-156
5/8/12
05-157
5/8/12
Bridge Monitoring
05-158
5/8/12
192.168.10.1/24
05-159
Ether3
Ether1
Ether3
192.168.10.4/24
5/8/12
Switch Chipset
05-160
5/8/12
05-161
5/8/12
05-162
5/8/12
Network Skenario
Jogja Office
05-163
5/8/12
EoIP Example
Internet
City A
City B
10.0.0.1
10.10.10.2
EoIP
192.168.0.13
192.168.0.3
192.168.0.12
192.168.0.2
Secara Virtual setiap Laptop terletak di dalam satu segmen network yang sama.
05-164
5/8/12
05-165
5/8/12
Meja 30
Meja 31
Router A
10.10.10.30
Router B
10.10.10.31
EoIP
192.168.200.10
05-166
192.168.200.11
5/8/12
05-167
5/8/12
05-168
ROUTER B
5/8/12
05-169
5/8/12
Wireless Concept
Certified Mikrotik Training Basic Class
Organized by: Citraweb Nusa Infomedia
(Mikrotik Certified Training Partner)
802.11 2.4Ghz
l
802.11 5Ghz
l
06-171
5/8/12
Channels 80211-b
World Wide Band
915 MHz
2.4 GHz
26 MHz
84.5 MHz
2401
2423
5.8 GHz
125 MHz
2426
2412
2448
2406
2428
2453
2433
2458
2438
2421
13
2463
2443
2446
2432
2430
Top of channel
14
2473
2452
Channel number
2483
2472
2441
2427
2420
2461
2447
2416
2478
2467
2436
2422
2410
12
2456
2442
2411
2473
2462
2431
2417
2400
11
2451
2437
2495
2484
10
Center frequency
2468
2457
2440
2450
2460
2470
2480
MHz
Bottom of
channel
ISM Band
06-172
5/8/12
Channels 80211-a
36
40
42
44
48
5210
5150
5200
5220
5240
149
152 153
157
160 161
5760
06-173
5765
52
56
5250
5180
5735 5745
50
58
60
64
5300
5320
5290
5260
5280
5350
5800
5785
5805 5815
5/8/12
Kaidah Wireless :
l
l
l
l
l
06-174
5/8/12
EIRP
Path Loss
(FSL)
TX-Rate Pemancar
+ Kekuatan antenna pemancar
- Loss Kabel & konektor
06-175
Penguatan
Penerimaan
5/8/12
RX-Rate Calculation
Contoh Kasus :
Access Point 100 mWatt
tanpa booster
kabel LMR400 100 feet
antenna grid 24 db
frekuensi 2,4 GHz
jarak 10 km
06-176
5/8/12
Calculation Example
Perangkat
db
Pemancar (EIRP)
Access Point 100 mWatt
20 dbm
Kabel 30 meter
-6.8 db
37.2 db
Antenna 24 db
24 dbi
(EIRP)
-120.026 db
-6.8 db
Antenna 24 db
24 dbi
17.2 db
-65.626 db
5/8/12
Online
Calculator
06-178
www.mikrotik.co.id/
test_link.php
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
06-179
5/8/12
06-180
5/8/12
Earth Curve
06-181
5/8/12
06-182
http://www.mikrotik.co.id/test_tower.php
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Antenna Concept
Directionality
l
Omnidirectional
l
l
Polarization
l
06-183
In db
Higher db, longer distance coverage
Ussualy using vertical polarization
5/8/12
Omni Directional
06-184
5/8/12
06-185
5/8/12
Grid Antenna
06-186
5/8/12
06-187
5/8/12
Sectoral Antenna
06-188
5/8/12
06-189
5/8/12
Point to Point
Menghubungkan 2 buah alat, biasanya menggunakan antenna
directional dan jarak yang cukup jauh
Kedua alat cukup menggunakan lisensi level 4 : Bridge dan
Station
Bisa menggunakan proprietary setting (nstream, Custom
Frequency)
06-190
5/8/12
06-191
5/8/12
Point to Multipoint
1 buah AP Mikrotik sebagai base
station untuk melayani CPE
06-192
5/8/12
06-193
5/8/12
Wireless Configuration
Wireless Configuration
Basic Configuration :
l
l
l
l
l
l
l
l
Wireless Protocol
l
l
l
07-195
5/8/12
Scan Tool
07-196
5/8/12
Snoop Tool
07-197
5/8/12
Wireless Menu
Wireless Menu:
l Interface Daftar Interface wireless yang terpasang
l Access-List Security Mac-address Client (AP Mode)
l Registration Daftar Wireless yang terkoneksi
l Connect-List Security Mac-address AP (Station Mode)
l Security-Profile Konfigurasi Wireless Security (WPA/WEP)
07-198
5/8/12
Wireless Mode :
l
l
l
l
l
l
l
l
l
07-199
alignment-only
ap-bridge
bridge
nstreme-dual-slave
station
station-wds
wds-slave
station-pseudobridge
station-pseudobridge-clone
5/8/12
Wireless Mode - 1
07-200
5/8/12
Wireless Mode 2
07-201
5/8/12
AP Side
l
l
l
Client Side
l
l
l
l
07-202
5/8/12
Konfigurasi :
Set mode, ssid, band
dan frequency
mode=bridge
l
07-203
Hanya bisa
terkoneksi dengan 1
station (1 client)
5/8/12
Konfigurasi :
Set mode, ssid, band
dan scan-list
mode=station
Pastikan frequency
yang dipilih oleh AP
masuk dalam range
scan-list
07-204
5/8/12
07-205
5/8/12
07-206
5/8/12
07-207
5/8/12
Wireless Bridge
07-208
5/8/12
07-209
5/8/12
AP
A
ethernet
Station
Wireless
connection
192.168.0.x/24
07-210
B
ethernet
192.168.0.x/24
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
07-211
5/8/12
Client Side:
l
07-212
5/8/12
07-213
5/8/12
07-214
5/8/12
07-215
5/8/12
07-216
5/8/12
07-217
5/8/12
07-218
5/8/12
Client Management
07-219
MAC Address
Signal Strength
Time
5/8/12
Klasifikasi mac-address
dari client
07-220
5/8/12
07-221
5/8/12
Wireless Security
07-222
5/8/12
Tentukan passwordnya
07-223
5/8/12
07-224
5/8/12
07-225
5/8/12
07-226
SSID
Mac-Address
IP Address
WDS
Security Profile
5/8/12
07-227
5/8/12
07-228
5/8/12
Mikrotik Nstreme
07-229
5/8/12
[LAB-9] Nstreme
07-230
5/8/12
07-231
5/8/12
Nstreme - Results
07-232
5/8/12
07-233
5/8/12
Wireless WDS
07-234
5/8/12
WDS - Config
Buat Bridge baru untuk WDS
Network
07-235
5/8/12
07-236
5/8/12
Routing
Routed Network
08-238
5/8/12
Routing Example
Ether2 Ether13
Configured as Routing Mode
(default)
Internet / WAN
192.168.0.0/24
LAN 1
08-239
LAN 2
192.168.1.0/24
Mikrotik Indonesia http://www.mikrotik.co.id
192.168.2.0/24
LAN 3
5/8/12
Routing Benefit
08-240
5/8/12
192.168.3.0/24
192.168.2.0/24
ROUTER
GATEWAY
WIRELESS
08-241
192.168.0.0/24
5/8/12
dynamic routes
yang akan dibuat secara otomatis:
08-242
static routes
adalah informasi routing yang dibuat secara
manual oleh user untuk mengatur ke arah
mana trafik tertentu akan disalurkan. Default
route adalah salah satu contoh static routes.
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Menambahkan Routing
08-243
5/8/12
Tipe Routing
A: Active
S: Static
A: Active
D: Dynamic
C: Connected
08-244
5/8/12
08-245
Destination
l Destination address 222.152.211.7
l Network mask 202.53.246.0/24
l 0.0.0.0/0 -> ke semua network
Gateway
l IP Address gateway, harus merupakan IP Address yang satu subnet
dengan IP yang terpasang pada salah satu interface
Gateway Interface
l Digunakan apabila IP gateway tidak diketahui dan bersifat dinamik
(biasanya digunakan di ppp interface).
Pref Source
l source IP address dari paket yang akan meninggalkan router
Distance
l Beban untuk kalkulasi pemilihan routing
5/8/12
Internet
10.10.0.2/24
A
10.10.1.1/24
10.10.2.1/24
10.10.2.2/24
10.10.3.2/24
B
10.10.4.1/24
10.10.4.2/24
08-246
Dst-address=0.0.0.0/0 gateway=10.10.2.1
5/8/12
10.10.0.2/24
10.10.2.2/24
10.10.1.1/24
10.10.1.2/24
10.10.2.1/24
10.10.3.1/24
08-247
10.10.3.2/24
(DAC) Dst-addr= 10.10.3.0/24
pref-source=10.10.3.2
(AS) Dst-addr= 0.0.0.0/0 gw=10.10.3.1
5/8/12
08-248
Internet
10.10.10.100
10.10.10.1
10.10.10.2
Router 1
Router 2
192.168.1.1
192.168.2.1
192.168.1.2
192.168.2.2
5/8/12
Langkah-langkah
08-249
5/8/12
Distance
08-250
5/8/12
Contoh Pemilihan
Destination
Gateway
Distance
Prioritas
192.168.0.0/27 192.168.1.1
192.168.0.0/29 192.168.2.1
192.168.0.0/24 192.168.3.1
192.168.0.0/24 192.168.4.1
08-251
5/8/12
WLAN1:10.10.10.X/24
ETHER3:
10.Y.3.1/24
ETHER2:
10.Y.3.2/24
192.168.X.2/24
10.10.10.100/24
192.168.X.2/24
ETHER3:
10.Y.1.1/24
ETHER3:
10.Y.2.1/24
ETHER2:
10.Y.2.2/24
ETHER2:
10.Y.1.2/24
2
192.168.X.2/24
192.168.X.2/24
08-252
5/8/12
Dynamic Routing
Karena sebuah jaringan memiliki besar skala
yang berbeda satu sama lain, maka sangat
memungkinkan jika jaringan tersebut
berkembang menjadi besar sekali. Maka
penggunaan routing menjadi sangat penting
dan kritis.
Informasi routing haruslah tepat dan
kesalahan melakukan distribusi informasi
routing harus diminimalisasi sedikit mungkin.
Sangatlah tidak nyaman jika harus
menuliskan rule routing untuk puluhan
bahkan ratusan router secara static.
08-253
5/8/12
Huge Network
08-254
5/8/12
08-255
5/8/12
ASBR
Router Gateway
Backbone Area
IR
Router 1
IR
Router 2
IR
Router X
LAN 2
LAN Y
LAN 1
08-256
5/8/12
OSPF - Configuration
08-257
5/8/12
08-258
5/8/12
Hotspot
HotSpot
09-260
5/8/12
Wired Network
Hotspot Gateway
09-261
5/8/12
09-262
5/8/12
09-263
5/8/12
HotSpot features
09-264
Autentikasi User
Perhitungan
l Waktu akses
l Data dikirim atau diterima
Limitasi Data
l Berdasarkan data rate (kecepatan akses)
l Berdasarkan jumlah data
Limitasi Akses User berdasarkan waktu
Support RADIUS
Bypass!
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
09-265
5/8/12
09-266
5/8/12
09-267
5/8/12
09-268
5/8/12
09-269
5/8/12
09-270
5/8/12
09-271
5/8/12
09-272
5/8/12
Authentication Method
5/8/12
09-274
5/8/12
09-275
5/8/12
User Profiles
Untuk melakukan log-off otomatis
bagi user yang tidak ada traffic atau
lupa menekan tombol log-off.
Untuk menentukan jumlah user maksimal jika
menggunakan username yang sama.
Untuk menentukan bandwith peruser yang menggunakan profile
yang sama.
Format : Upload / Download
09-276
5/8/12
HotSpot User
09-277
5/8/12
HotSpot users
09-278
5/8/12
User Limitation
Limit Uptime batas
waktu user dapat
menggunakan akses
ke Hotspot Network.
Limit-bytes-in,
Limit-bytes-out dan
Limit-bytes-total
batas quota trasfer
data yang bisa
dilakukan oleh user.
09-279
5/8/12
Bypass! - IP bindings
09-280
5/8/12
HotSpot IP bindings
09-281
5/8/12
Bypass - WalledGarden
09-282
5/8/12
HTTP-level WalledGarden
09-283
5/8/12
IP-WalledGarden
09-284
5/8/12
Advertisement
09-285
5/8/12
Advertisement
09-286
5/8/12
VPN Basic
10-288
5/8/12
VPN Networks
Aplication Server
Office 1
PC
Aplication Server
Router
PC
File Server
Office 2
Router
WAN
PC
PC
VPN Networks
File Server
Office 3
Router
PC
10-289
PC
PC
PC
5/8/12
VPN Type
Bridge Network :
l
10-290
5/8/12
10-291
5/8/12
10-292
5/8/12
10-293
5/8/12
PPTP tunnel
10.10.10.100/24
10.10.20.1/32
10.10.10.1/24
10.10.10.2/24
10.10.20.2/32
192.168.1.1/24
192.168.1.2/24
Table 1
10-294
192.168.2.1/24
192.168.2.2/24
Table 2
5/8/12
10-295
5/8/12
PPTP-Client :
l Username
10-296
5/8/12
10-297
5/8/12
10-298
5/8/12
10-299
5/8/12
10-300
5/8/12
PPP - Secret
10-301
5/8/12
10-302
5/8/12
PPPoE Server
10-303
5/8/12
Firewall
Firewall ?
Workstation
Switch
Server
Firewall
Internet
Laptop
11-305
5/8/12
Rules
NAT (source-nat and destination-nat)
Mangle
Address List
Layer 7 Protocol (baru di versi 3)
Service Ports
Connections
l
11-306
5/8/12
11-307
5/8/12
PRE
ROUTING
ROUTING
DECISION
MANGLE
FORWARD
OUTPUT
FILTER
FORWARD
POST
ROUTING
QUEUE
GLOBAL-IN
ROUTING
ADJUSTMENT
MANGLE
POSTROUTING
DST-NAT
FILTER
OUTPUT
QUEUE
GLOBAL-OUT
INPUT
MANGLE
PREROUTING
MANGLE
INPUT
MANGLE
OUTPUT
SRC-NAT
CONNECTION
TRACKING
FILTER
INPUT
CONNECTION
TRACKING
HTB
INTERFACE
INPUT
INTERFACE
LOCAL
PROCESS
ROUTING
DECISION
OUTPUT
INTERFACE
11-308
5/8/12
To
Mangle
Firewall
Queue
Outside
Router/
Local
Process
Prerouting
Input
Input
Global-Total
Router/
Local
Process
Outside
Output
Output
Global-Out
Outside
Outside
Global-In
Postrouting
Global-Total
Interface
Prerouting
Forward
Global-In
Forward
Postrouting
Global-Out
Global-Total
Interface
11-309
5/8/12
11-310
5/8/12
11-311
Prerouting
not
implemented
not
implemented
not
implemented
Input
yes
no
no
Forward
no
yes
no
Output
no
no
yes
Postrouting
not
implemented
not
implemented
not
implemented
5/8/12
Action Filter
11-312
5/8/12
Filter Rules
11-313
5/8/12
RouterOS v5 Services
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
11-314
PORT
20
21
22
23
53
80
179
443
646
1080
1723
1968
2000
2210
2211
2828
3128
8291
8728
-------
PROTOCOL
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
tcp
/1
/2
/4
DESCRIPTION
FTP
FTP
SSH, SFTP
Telnet
DNS
HTTP
BGP
SHTTP (Hotspot)
LDP (MPLS)
SoCKS (Hotspot)
PPTP
MME
Bandwidth Server
Dude Server
Dude Server
uPnP
Web Proxy
Winbox
API
ICMP
IGMP (Multicast)
IPIP
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
PORT
53
123
161
500
520
521
646
1698
1699
1701
1812
1813
1900
1966
5678
---------------
PROTOCOL
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
udp
/46
/47
/50
/51
/89
/103
/112
DESCRIPTION
DNS
NTP
SNMP
IPSec
RIP
RIP
LDP (MPLS)
RSVP (MPLS)
RSVP (MPLS)
L2TP
User-Manager
User-Manager
uPnP
MME
Neighbor Discovery
RSVP (MPLS)
PPRP, EoIP
IPSec
IPSec
OSPF
PIM (Multicast)
VRRP
5/8/12
Connection State
11-315
5/8/12
Connection State
Firewall
New
11-316
Established
Related
Invalid
5/8/12
11-317
5/8/12
11-318
5/8/12
11-319
5/8/12
11-320
5/8/12
IP Address List
11-321
5/8/12
11-322
5/8/12
Firewall NAT
INCOMING
OUTGOING
NAT ROUTER
INCOMING
PUBLIC NETWORK
PRIVATE NETWORK
OUTGOING
11-323
5/8/12
Firewall NAT
11-324
5/8/12
masquerade
l
11-325
5/8/12
redirect
l
11-326
5/8/12
Konsep Proxy
Internet
PROXY
03-327
Internet
5/8/12
Access list
l
03-328
Logging facility
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
11-329
5/8/12
Mengaktifkan Proxy
03-330
5/8/12
Redirect TCP-80
03-331
5/8/12
Akses
03-332
5/8/12
Penyimpanan Cache
System Disk
l Hardisk
l Flash memory
l
Format terlebih
dahulu
03-333
5/8/12
03-334
5/8/12
Proxy - Cache
03-335
Aktifkan Cache On
Disk untuk
mengaktifkan Mikrotik
Proxy Cache.
Perhatikan pada pada
parameter Cache
Drive sudah
menggunakan USB
disk.
5/8/12
11-337
5/8/12
11-338
5/8/12
11-339
5/8/12
11-340
5/8/12
11-341
5/8/12
11-342
5/8/12
11-343
5/8/12
Quality of Service
Quality of Service
12-345
5/8/12
Quality of Service
12-346
5/8/12
Simple Queue
12-347
5/8/12
12-348
Target Address :
IP Address client yang
akan dilimit
5/8/12
12-349
5/8/12
12-350
5/8/12
Burst
12-351
5/8/12
Max-limit=256kbps, burst-time=8,
burst-threshold=192kbps, burst-limit=512kbps.
Actual Rate
Rate(kbps)
512
Burst-limit
Average Rate
384
256
Max-limit
192
Burst-Threshold
128
Limit-at
12-352
10
15
20
time(s)
5/8/12
12-353
5/8/12
12-354
5/8/12
12-355
Downstream max-limit=256k
Upstream max-limit=128k
Burst-limit=1M
Burst-threshold=512K
Burst-time=30s
5/8/12
12-356
5/8/12
Address :
l
Direction :
l
l
l
Upload
Download
Upload &
Download
Protocol :
l
Ip address test
server
TCP / UDP
12-357
Autentikasi
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
Staged Limitation
12-358
5/8/12
Bandwith share
1Mbps 1:4
Client 4 Bandwith:
Min : 256Kbps
Up-to 1Mbps
Client 2 Bandwith:
Min : 256Kbps
Up-to 1Mbps
Client 1 Bandwith:
Min : 256Kbps
Up-to 1Mbps
12-359
Client 3 Bandwith:
Min : 256Kbps
Up-to 1Mbps
Mikrotik Indonesia http://www.mikrotik.co.id
5/8/12
12-360
5/8/12
12-361
5/8/12
12-362
5/8/12
Contoh soal : 1
Name: A
Parent: interface
Limit-at: 1mbps
Max-limit: 5mbps
Name: B
Parent: A
Limit-at: 2mbps
Max-limit: 5mbps
12-363
Name: C
Parent: A
Limit-at: 1mbps
Max-limit: 5mbps
Name: D
Parent: A
Limit-at: 2mbps
Max-limit: 5mbps
5/8/12
Contoh soal : 2
Name: A
Parent: interface
Max-limit: 5mbps
Name: B
Parent: A
Limit-at: 2mbps
Max-limit: 4mbps
Name: C
Parent: A
Limit-at: 2mbps
Max-limit: 4mbps
Name: C1
Parent: C
Limit-at: 1mbps
Max-limit: 4mbps
12-364
Name: C2
Parent: C
Limit-at: 2mbps
Max-limit: 4mbps
5/8/12
12-365
5/8/12
Graph
12-366
5/8/12
192.168.0.0/24
Bandwith share
254 Client
5/8/12
Skema PCQ
pcq-clasifier
src-address
sub-queue
Algoritma
Round
Robin
SRC-ADDRESS=10.0.0.1
SRC-ADDRESS=10.0.0.2
Flow 1
Flow 2
Flow 3
SRC-ADDRESS=10.0.0.3
SRC-ADDRESS=10.0.0.4
ke
interface
SRC-ADDRESS=10.0.0.5
Flow 4
SRC-ADDRESS=10.0.0.6
SRC-ADDRESS=10.0.0.7
12-368
5/8/12
Pcq-rate=128000
2 users
4 users
128k
queue=pcq-down
max-limit=512k
128k
73k
73k
73k
73k
128k
128k
12-369
7 users
128k
128k
73k
73k
73k
5/8/12
Pcq-rate=0
1 user
2 users
7 users
73k
256k
73k
73k
queue=pcq-down
max-limit=512k
512k
73k
73k
256k
73k
73k
12-370
5/8/12
12-371
5/8/12
12-372
5/8/12
12-373
5/8/12
Mangle
11-374
5/8/12
11-375
5/8/12
11-376
Prerouting
yes
yes
no
Input
yes
no
no
Forward
no
yes
no
Output
no
no
yes
Postrouting
no
yes
yes
5/8/12
Type of Mark
Packet Mark
l
Connection Mark
l
Route Mark
l
Pada saat yang bersamaan, setiap paket data hanya bisa memiliki 1 connmark, 1 packet-mark, dan 1 route-mark
11-377
5/8/12
Connection Mark
11-378
5/8/12
Passthrough
Passthrough=no
l
Passthrough=yes
l
Biasanya pada :
l
l
11-379
5/8/12
192.168.0.0/24
TCP
ICMP
UDP
Sisa
12-380
5/8/12
12-381
5/8/12
12-382
5/8/12
12-383
5/8/12
12-384
5/8/12
12-385
5/8/12
12-386
5/8/12
12-387
5/8/12
12-388
5/8/12
12-389
5/8/12
12-390
5/8/12
12-391
5/8/12
12-392
5/8/12
QueueTree Parent
12-393
5/8/12
12-394
5/8/12
12-395
5/8/12
12-396
5/8/12
12-397
5/8/12
QueueTree - Action
12-398
5/8/12