Scribd Logo
Upload

Welcome to Scribd!

  • Attachment

    Uploaded by

    Andika Bima
    10 views4 pages
    This document provides instructions for configuring a MikrotiK router to function as a wireless access point and hotspot. It describes how to set the IP addresses and subnets for the router interfaces, enable DHCP and NAT, configure NTP and time zone settings, set up a RADIUS server for authentication, create firewall rules to block certain traffic, and restrict website and file access for hotspot users. The final sections provide directions for clearing caches and databases to prepare for testing the configuration.

    Original Description:

    Original Title

    attachment

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring a MikrotiK router to function as a wireless access point and hotspot. It describes how to set the IP addresses and subnets for the router interfaces, enable DHCP and NAT, configure NTP and time zone settings, set up a RADIUS server for authentication, create firewall rules to block certain traffic, and restrict website and file access for hotspot users. The final sections provide directions for clearing caches and databases to prepare for testing the configuration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views4 pages

    Attachment

    Uploaded by

    Andika Bima
    This document provides instructions for configuring a MikrotiK router to function as a wireless access point and hotspot. It describes how to set the IP addresses and subnets for the router interfaces, enable DHCP and NAT, configure NTP and time zone settings, set up a RADIUS server for authentication, create firewall rules to block certain traffic, and restrict website and file access for hotspot users. The final sections provide directions for clearing caches and databases to prepare for testing the configuration.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    Oleh : Syamsul Arifin, S.Kom., Gr.

    KONEKSI KE INTERNET
    IP – ADDRESSES
    ether1 = 192.168.0.XXX/24 (sesuaikan dengan IP yang sudah ditentukan)
    ether2 = 192.168.100.1/25
    wlan1 = 192.168.200.1/24
    gateway = 192.168.0.1

    IP – DNS
    SERVER
    8.8.8.8 dan 8.8.4.4 (dapat diganti gateway)
    Allow remote = diceklist

    IP – ROUTES
    ROUTES (+)
    Gateway = 192.168.0.1
    Setelah selesai, cobalah ping ke goggle.com melalui terminal. Pastikan sudah terkoneksi

    DISTRIBUSI KE CLIENT
    IP – FIREWALL
    NAT (+)
    General
    Chain = srcnat
    Out. Interface = ether1 (sumber internet)
    Action
    Action = masquerade

    NTP CLIENT
    SYSTEM – SNTP CLIENT
    SNTP CLIENT
    Enabled
    Primary NTP Server = id.pool.ntp.org
    Jika gagal mendapatkan IP, silahkan pancing melalui terminal dan paste IPx di Primary NTP Server.

    SYSTEM – CLOCK
    Time zone name = Asia/Jakarta

    DHCP SERVER EHTER 2


    IP – DHCP SERVER (+)
    DHCP Setup
    Interface = ether2
    Dhcp addresses space = 192.168.100.0/25
    Gateway = 192.168.100.1
    Range = 192.168.100.2-192.168.100.100

    BLOK PING 192.168.100.2-192.168.100.50 KE ROUTER


    (rule satu) IP – FIREWALL
    FILTER RULE (+)
    General
    Chain = input
    Src. Address = 192.168.100.2-192.168.100.50
    Dst. Address = 192.168.0.XXX (sesuaikan dengan IP ether1)
    Protocol = icmp
    Action
    Action = drop

    Buat rule tersebut dengan cara di copy, akan tetapi dst. Address diganti :
    (rule dua) dst. Address = 192.168.100.1 (ether2)
    (rule tiga) dst. Address = 192.168.200.1 (wlan1)

    1|Page
    BLOK PING 192.168.100.51-192.168.100.100 KE CLIENT WIRELESS
    IP – FIREWALL
    FILTER RULE (+)
    General
    Chain = forward
    Src. Address = 192.168.100.51-192.168.100.100
    Dst. Address = 192.168.200.0/24
    Protocol = icmp
    Action
    Action = drop

    LOGGING
    IP – FIREWALL
    FILTER RULE (+)
    General
    Chain = input
    Action = log
    Log Prefix = log_ukk
    Untuk mengubah ke disk, silahkan masuk SYSTEM – LOGGING dan ubah sesuai keinginan

    WIRELESS
    INTERFACE
    Aktifkan wireless, kemudian klik 2x
    Wireless
    Mode = ap bridge
    SSID = nama_peserta@hotspot

    HOTSPOT
    IP – HOTSPOT
    SERVER - HOTSPOT SETUP
    Interface = wlan1
    Range IP = 192.168.200.2-192.168.200.100
    Certificate = none
    DNS Server = 8.8.8.8 dan 8.8.4.4
    DNS name = namadepan.net (tanpa tanda petik atau spasi, contoh : syamsul.net)
    User dan pas = admin | admin
    Jangan lupa Cek hasil DHCP Pool . Cek di IP - POOL

    SERVER PROFILES
    RADIUS
    Klik 2x hotspot yang dibuat, kemudian TAB RADIUS
    Ceklis USE RADIUS

    RADIUS
    RADIUS
    General
    Service = hotspot
    Address = 127.0.0.1 (sesuaikan sesuai keinginan)
    Secret = 1234567 (sesuaikan sesuai keinginan)

    /tool user-manager database clear (dapat digunakan untuk membersihkan database userman)

    2|Page
    USERMAN
    AKSES
    IP_address_router/userman
    DNS_hotspot/userman

    ROUTES
    Name = radiusku
    IP Address = 127.0.0.1
    Shared secret = 1234567
    Time zone = +7.00
    CUSTOMERS
    Time zone = +7.00
    PROFILES
    Profiles
    Limitation name = client-limitation
    Profiles = client-profile
    Profile = client-profile
    Add new = 07.00.00 – 11.59.59 (ceklis) add
    = 12.00.00 – 16.00.00 (ceklis) add
    USER
    ADD – BATCH
    Number of users = 20
    Username prefix = ukk-
    Username length =3
    Password length =3
    add

    BLOKIR WEBSITE LINUX.ORG

    MEMBUAT L7
    IP – firewall –layer 7
    Name = blok-web

    Regexp = ^.+(linux.org).*$
    FILTER
    General
    Chain = forward
    Src. Address = 192.168.200.0/24
    In. interface = wlan1
    Advanced
    Layer 7 = blok-web (harus sama dengan nama yang dibuat di Layer 7)
    Action
    Action = drop

    3|Page
    BLOKIR EKSTENSI .MP3

    MEMBUAT L7
    IP – firewall –layer 7
    Name = blok-mp3

    Regexp = ^.*get.+\.mp3.*$
    FILTER
    General
    Chain = forward
    Src. Address = 192.168.200.0/24
    In. interface = wlan1
    Advanced
    Layer 7 = blok-mp3 (harus sama dengan nama yang dibuat di Layer 7)
    Action
    Action = drop

    Catatan :
    Jangan lupa bersihkan seluruh Histori yang ada di browser

    UKK 2022-2023

    MIKROTIK : RB951-2Hnd
    GATEWAY : 192.168.0.1

    4|Page

    You might also like