tag:blogger.com,1999:blog-42680440966193832672024-03-13T09:00:48.152+07:00Mikrotik Routersmari sharing bersama-sama dengan mikrotikmaruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4268044096619383267.post-16858740457725098362011-04-03T21:59:00.000+07:002011-04-03T21:59:33.363+07:00Tutorial Web Proxy Mikrotik Blocking Web and Drop Open Proxyini contoh untuk menjelaskan kepada anda bagaimana untuk memblok suatu web site dan; memberhentikan download,, saya mempunyai web proxy test package, dan configure mikrotik..<br />
/ip proxy<br />
enabled: yes<br />
src-address: 0.0.0.0<br />
port: 8080<br />
parent-proxy: 0.0.0.0:0<br />
cache-drive: system<br />
cache-administrator: “ASHISH PATEL”<br />
max-disk-cache-size: none<br />
max-ram-cache-size: none<br />
cache-only-on-disk: no<br />
maximal-client-connections: 1000<br />
maximal-server-connections: 1000<br />
max-object-size: 512KiB<br />
max-fresh-time: 3d<br />
<br />
sekarang kita buat jadi transparent<br />
/ip firewall nat<br />
chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080<br />
<br />
membuat secara pasti proxy kamu,, tidak sebuah open proxy.<br />
<br />
/ip firewall filter<br />
chain=input in-interface= src-address=0.0.0.0/0 protocol=tcp dst-port=8080 action=drop<br />
<br />
sekarang blok website<br />
<br />
/ip proxy access<br />
dst-host=www.blockedsite.com action=deny<br />
<br />
itu akan memblok web site www.blockedsite.com kita dapat selalu block dari jaringan yang sama ataupun beda dari giving src-address. itu akan block partikular source address,,<br />
<br />
kita dapat memberhentikan download file dalam bentuk " mp3, mp4,exe, jar.....dst..<br />
<br />
/ip proxy access<br />
path=*.exe action=deny<br />
path=*.mp3 action=deny<br />
path=*.zip action=deny<br />
path=*.rar action=deny.<br />
<br />
coba dengan ini juga...<br />
<br />
/ip proxy access<br />
dst-host=:mail action=deny<br />
<br />
ini akan memblok kata dari mail 'url<br />
contoh : akan memblok mail.yahoo.com, mail.wanxp.commaruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-5413322014697039002011-04-03T21:45:00.000+07:002011-04-03T21:45:34.767+07:00Setting Transparent Web Proxy Server di Mikrotik Router OSProxy server merupakan program yang dapat mempercepat akses ke suatu web yang sudah diakses oleh komputer lain, karena sudah di simpan didalam caching server. Transparent proxy menguntungkan dalam management client, karena system administrator tidak perlu lagi melakukan setup proxy di setiap browser komputer client karena redirection dilakukan otomatis di sisi server.<br />
<br />
Bentuk perintah konfigurasi :<br />
a. Setting web proxy :<br />
<br />
- ip proxy set enable=yes<br />
port={ port yang mau digunakan }<br />
maximal-client-connections=1000<br />
maximal-server-connections=1000<br />
<br />
- ip proxy direct add src-address={ network yang akan di<br />
NAT} action=allow<br />
<br />
- ip web-proxy set parent-proxy={proxy parent/optional}<br />
hostname={ nama host untuk proxy/optional}<br />
port={port yang mau digunakan}<br />
src-address={ address yang akan digunakan untuk koneksi<br />
ke parent proxy/default 0.0.0.0}<br />
transparent-proxy=yes<br />
max-object-size={ ukuran maximal file yang akan disimpan<br />
sebagai cache/default 4096 in Kilobytes}<br />
max-cache-size= { ukuran maximal hardisk yang akan<br />
dipakai sebagai penyimpan file cache/unlimited<br />
| none | 12 in megabytes}<br />
cache-administrator={ email administrator yang akan digunakan<br />
apabila proxy error, status akan dikirim<br />
ke email tersebut}<br />
enable==yes<br />
<br />
Contoh konfigurasi<br />
a. Web proxy setting<br />
<br />
/ip web-proxy<br />
set enabled=yes src-address=0.0.0.0 port=8080 \<br />
hostname=proxy.routerku.co.id transparent-proxy=yes \<br />
parent-proxy=0.0.0.0:0 cache-administrator=support@routerku.co.id \<br />
max-object-size=131072KiB cache-drive=system max-cache-size=unlimited \<br />
max-ram-cache-size=unlimited<br />
<br />
Nat Redirect, perlu ditambahkan yaitu rule REDIRECTING untuk membelokkan<br />
traffic HTTP menuju ke WEB-PROXY.<br />
<br />
b. Setting firewall untuk Transparant Proxy<br />
Bentuk perintah konfigurasi:<br />
<br />
/ip firewall nat add chain=dstnat<br />
protocol=tcp<br />
dst-port=80<br />
action=redirect<br />
to-ports={ port proxy }<br />
<br />
Perintahnya:<br />
/ip firewall nat<br />
add chain=dstnat protocol=tcp dst-port=80 action=redirect to-ports=8080 \<br />
comment= disabled=no<br />
add chain=dstnat protocol=tcp dst-port=3128 action=redirect to-ports=8080 \<br />
comment= disabled=no<br />
add chain=dstnat protocol=tcp dst-port=8000 action=redirect to-ports=8080 \<br />
<br />
perintah diatas dimaksudkan, agar semua trafik yang menuju Port 80,3128,8000 dibelokkan menuju port 8080 yaitu portnya Web-Proxy.<br />
<br />
CATATAN:<br />
Perintah<br />
/ip web-proxy print { untuk melihat hasil konfigurasi web-proxy}<br />
/ip web-proxy monitor { untuk monitoring kerja web-proxy}maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-80465717477789594732011-03-22T08:04:00.001+07:002011-03-22T08:05:43.917+07:00mikrotik untuk para newbiemau mempelajari mikrotik yang lengkap?<br />
tidak usah repot-repot searched dari banyak media,, atau nge thread di forum mikotik yang terus berulang -ulang di thread kan, membuat para master muak,, atau bosan membahas itu lagi,, ya jujur emang muak,, jika terus mendapat pertanyaan yang sama padahal di searchedkan sudah lengkap,,<br />
<br />
dari pada report- report memcari nya, anda dapat mendowloadnya <a href="http://www.istanaku.biz/download/Tutorial-Mikrotik-1.pdf">disini</a><br />
kalo sudah dapat pelajari aja, dan kalo sudah master jangan belagu dan sombong key..<br />
<br />
<a href="http://www.istanaku.biz/download/Tutorial-Mikrotik-1.pdf">download</a>maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com1tag:blogger.com,1999:blog-4268044096619383267.post-88994497682025010122011-03-21T09:58:00.000+07:002011-03-21T09:58:50.872+07:00Setting Billing Hotspot Integrasi Router MikrotikSetting <a href="http://www.billinghotspot.com/">Billing Hotspot</a> integrasi Router Mikrotik sangatlah mudah, setalah install mikrotik dengan benar, jalankan aplikasi “Winbox Loader” sehingga anda bisa mengkonfigurasi Mikrotik Router dari Desktop Windows secara mudah dan cepat tanpa harus menghafal command line Mikrotik. Setelah klik dua kali aplikasi Winbox maka akan muncul tampilan sebagai berikut :<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS7kH50hqomszDBMgvZzvLpnHfvA7uuAlNZKPEV2XGj3-ew_QGHkuSddQFUgHIy6ogEWCpxstAwFCXlLRTp8cq5mkbLbZbBY_YEPxG-pc_e1DN-4rO9oa1RV_gu95U64knbBUGyh4O1lVc/s1600/014.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="275" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgS7kH50hqomszDBMgvZzvLpnHfvA7uuAlNZKPEV2XGj3-ew_QGHkuSddQFUgHIy6ogEWCpxstAwFCXlLRTp8cq5mkbLbZbBY_YEPxG-pc_e1DN-4rO9oa1RV_gu95U64knbBUGyh4O1lVc/s320/014.gif" /></a></div><br />
Setelah itu klik tanda … maka akan muncul MAC Address Mikrotik yang sedang aktif dalam hal ini klik dua kali Mac Address 00:0B:CD:64:D9:22 dan isikan user admin dan password secara default adalah kosong kemudian klik “Connect”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEW7fycFrWIdiYfpg0tzTLbiluqoGUF6Z5CTRujPLDPomRSo7rKB6SBJRbaJDrhENQF7wBs1ntD50YRoZJ0o5CBEspgWWEfNYTbFuK0Aj96lKaW0eYVsTyXgh5bo6i9FQUh-ocW700HJRn/s1600/02.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="210" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEW7fycFrWIdiYfpg0tzTLbiluqoGUF6Z5CTRujPLDPomRSo7rKB6SBJRbaJDrhENQF7wBs1ntD50YRoZJ0o5CBEspgWWEfNYTbFuK0Aj96lKaW0eYVsTyXgh5bo6i9FQUh-ocW700HJRn/s320/02.gif" /></a></div><br />
<b>IP ==> Address List</b><br />
Klik tanda plus |+| kemudian pada “Address” kemudian isikan nomor IP yang diinginkan misal 192.168.1.110/24 (slash 24 artinya nanti secara otomatis akan mengisi Network dan Broadcast). Kemudian pada “Interface” pilih ether1 dimana ether1 yang akan terhubung dengan Modem/ISP.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfbJVPzXLsZuZnbEUd0-glVvdg5nLmgQy033_DPI41qP6EycD_uJJPzz63nHqWm5OJm3CHUIiiKUQasFwHEiuiFWAbIcqZRWqi4eWjzfDf6-gP4uoJ374RSOqC493iVFUnOd3hFZatHMtt/s1600/03.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="200" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfbJVPzXLsZuZnbEUd0-glVvdg5nLmgQy033_DPI41qP6EycD_uJJPzz63nHqWm5OJm3CHUIiiKUQasFwHEiuiFWAbIcqZRWqi4eWjzfDf6-gP4uoJ374RSOqC493iVFUnOd3hFZatHMtt/s320/03.gif" /></a></div><br />
<b>IP ==> Route List</b><br />
Klik tanda plus |+| kemudian pada “Gateway” isikan IP Gateway anda, misal 192.168.1.1 Kemudian klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiND3ZwQk2k87l5K_HhJah6VQQIeM7b-YzHy33YwFoIH8VFQDO5Z59NFWnYN4XwomSBnZUuU7c1vOL5XPEEVoqe02QTzx1lq_IyoeiHI_pIcU2oQuUl4vcPPhocjNoM7il8dZFqn1FZfQ-D/s1600/04.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="281" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiND3ZwQk2k87l5K_HhJah6VQQIeM7b-YzHy33YwFoIH8VFQDO5Z59NFWnYN4XwomSBnZUuU7c1vOL5XPEEVoqe02QTzx1lq_IyoeiHI_pIcU2oQuUl4vcPPhocjNoM7il8dZFqn1FZfQ-D/s320/04.gif" /></a></div><br />
<b>New Terminal</b><br />
Maka akan muncul tampilan konsole sebagai berikut dan kemudian lakukan ping ke Gateway Internet anda, ketikkan ping 192.168.1.1 Jika berhasil maka akan tampilan seperti gambar di bawah ini dan itu artinya jaringan dari Mikrotik ke Gateway/Modem telah terhubung dengan normal.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk9wVTP7ViQWF4YXJDE1FxbulEd9IxP3ApPkUtV3qxkBC9fhG7foa5on9UECVMneUWfY91FLA8FgpuRv0Dsmqm_vbbcAb3c0M342ywOR1HeQT1DiFHa3MOfY_ZOqE1xbt6TUMa1W5EFhr9/s1600/05.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="134" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk9wVTP7ViQWF4YXJDE1FxbulEd9IxP3ApPkUtV3qxkBC9fhG7foa5on9UECVMneUWfY91FLA8FgpuRv0Dsmqm_vbbcAb3c0M342ywOR1HeQT1DiFHa3MOfY_ZOqE1xbt6TUMa1W5EFhr9/s320/05.gif" /></a></div><br />
<b>Interface ==> Interface List</b><br />
Ini adalah untuk melihat interface atau Ethernet card yang mana sedang aktif (konek ke jaringan) yaitu pada posisi “Tx” dan “Rx” maka akan muncul trafik xxx bps. Dalam hal ini adalah ether1 sedang terhubung dengan jaringan LAN<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQEJujFqkP4pNplrqRvLlt19_3CR5jPanYFVNZXk8cAcHCbq4Vrd1FnSK2D4LPcTr5ptD_a08nl1Qm1Q46TvmEFquZ-7sE7VFtVnLRQWFo4iwWSKdfHASzXqbKKEIyzSbFvCYgyHgIL49h/s1600/06.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="182" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQEJujFqkP4pNplrqRvLlt19_3CR5jPanYFVNZXk8cAcHCbq4Vrd1FnSK2D4LPcTr5ptD_a08nl1Qm1Q46TvmEFquZ-7sE7VFtVnLRQWFo4iwWSKdfHASzXqbKKEIyzSbFvCYgyHgIL49h/s320/06.gif" /></a></div><br />
<b>IP ==> DNS</b><br />
Kemudian klik “Setting” pada “Primary DNS” isikan DNS1 misal 202.134.1.10 dan pada “Secondary DNS” isikan DNS2 misal 202.134.0.155 dan jika setelah klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhP4EvzExHL_6oad8L0d74FhgL-PRf82Cq47cScQYTUNjhNXGBRKFQ9H67HWjVLY7xPEpUoO29Vhdi17BeT3wBEIwA422od1hGpJ2ZpqyOo16bGI_5F8PPWdeR6Z-slEcYkJcvllq3Lh3K/s1600/07.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="184" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhP4EvzExHL_6oad8L0d74FhgL-PRf82Cq47cScQYTUNjhNXGBRKFQ9H67HWjVLY7xPEpUoO29Vhdi17BeT3wBEIwA422od1hGpJ2ZpqyOo16bGI_5F8PPWdeR6Z-slEcYkJcvllq3Lh3K/s320/07.gif" /></a></div><br />
<b>New Terminal</b><br />
Lakukan testing ping keluar yaitu ke internet misal ke google.com dengan mengetikkan perintah ping google.com jika hasil seperti di bawah ini maka koneksi internet anda sudah konek.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyc0842UvoynxN7ezlgrm8yvstPSnB6mAQFgIkm8KYY7iTvoE-W6z9hQjGbe0zIw7Ktk1YS7gBJCEPHxi60X1L0erUWfas4ezGU_quRd2IswZLi3mT9_RaOE8pQwv82PPRPFUCQFvh7Tks/s1600/08.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="149" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyc0842UvoynxN7ezlgrm8yvstPSnB6mAQFgIkm8KYY7iTvoE-W6z9hQjGbe0zIw7Ktk1YS7gBJCEPHxi60X1L0erUWfas4ezGU_quRd2IswZLi3mT9_RaOE8pQwv82PPRPFUCQFvh7Tks/s320/08.gif" /></a></div><b><br />
IP ==> Hotspot ==> Hotspot Setup</b><br />
Pada “Hotspot Interface” pilih ether yang mana yang ingin di jadikan untuk hotspot, dalam hal ini adalah ether3 dan jika ada wireless antena anda pilih wireless. Kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8aq0rNlATK1IsuM94V6BpJMsklsjT6ACWLyaoYKnuitsVa4MHs82J-F7WoueH1SrX1_b7Zxh6E9ubkVwP-dk0tro5T-obSo6fCTIqDl4gX61yAyICQshGYn4YVjh6cJpRrg8ukEaZiirP/s1600/09.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="194" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8aq0rNlATK1IsuM94V6BpJMsklsjT6ACWLyaoYKnuitsVa4MHs82J-F7WoueH1SrX1_b7Zxh6E9ubkVwP-dk0tro5T-obSo6fCTIqDl4gX61yAyICQshGYn4YVjh6cJpRrg8ukEaZiirP/s320/09.gif" /></a></div><br />
Pada “Local Address of Network” adalah Gateway Hotspot anda, kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_d3b8g5enQK2yUK4bN_UUbttxjnRuh8GZgbKZ6ZHA5ZDfAnKSXXxggUUG78ZvL-i0BnIz_ODGwrnVZnyQ692safv6rz0TsMV783ohaELmW_ABKuYjK64KMTLwydURm5W0yAkMVz_53n9f/s1600/10.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="155" width="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_d3b8g5enQK2yUK4bN_UUbttxjnRuh8GZgbKZ6ZHA5ZDfAnKSXXxggUUG78ZvL-i0BnIz_ODGwrnVZnyQ692safv6rz0TsMV783ohaELmW_ABKuYjK64KMTLwydURm5W0yAkMVz_53n9f/s320/10.gif" /></a></div><br />
Pada “Address Pool of Network” adalah Range IP DHCP yang nantinya di berikan ke user hotspot. Anda bisa tentukan berapa range IP inginkan dalam hal ini adalah dari 10.5.50.2 s/d 10.5.50.254 kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmwTllUEWlTnyibS4rlOkdS9kM3HA4ZULdeW5PCwv3wY7GbwsSkVMaMKuYvVSgsMb12nWZl6407K02EXhYR5mZ9zkz0lJfCBcn-2lu4RK4cZDUHgEvDnDOtv6yM_Mppi23zpaAiH5nyeVS/s1600/11.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="155" width="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmwTllUEWlTnyibS4rlOkdS9kM3HA4ZULdeW5PCwv3wY7GbwsSkVMaMKuYvVSgsMb12nWZl6407K02EXhYR5mZ9zkz0lJfCBcn-2lu4RK4cZDUHgEvDnDOtv6yM_Mppi23zpaAiH5nyeVS/s320/11.gif" /></a></div><br />
Pada “Select Certificate” pilih “none” kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsxDt4fw3MG5EuAr7Rvj589JrhyphenhyphenIXnQqYUFj99KId-h-FwzR03xlHxCOT_KCMMxpVbIvMwxhAEIWc-4E18asouaPDr8gxbPYdRH912SCKjTlt08FNJwLfkNnxGkMC192fmF6SINt8q5Wl4/s1600/12.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="185" width="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsxDt4fw3MG5EuAr7Rvj589JrhyphenhyphenIXnQqYUFj99KId-h-FwzR03xlHxCOT_KCMMxpVbIvMwxhAEIWc-4E18asouaPDr8gxbPYdRH912SCKjTlt08FNJwLfkNnxGkMC192fmF6SINt8q5Wl4/s320/12.gif" /></a></div><br />
Pada “IP Address of SMTP Server” biarkan kosong kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjr-5hhaHeziLCNJof87b-gTBkgK59QYg8C79Im-VasPPWC-xbmLv-HRqin_GbYWOO-0Y40ydr3A-VfI1ftIAH8mBqXsBBpZ_Q5fofMr5obdzCZo4pomuu387fDaMUHZAS0VmEgpR0e8Yq/s1600/13.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="185" width="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjr-5hhaHeziLCNJof87b-gTBkgK59QYg8C79Im-VasPPWC-xbmLv-HRqin_GbYWOO-0Y40ydr3A-VfI1ftIAH8mBqXsBBpZ_Q5fofMr5obdzCZo4pomuu387fDaMUHZAS0VmEgpR0e8Yq/s320/13.gif" /></a></div><br />
Pada “DNS Servers” sudah terisi DNS anda dengan benar dan langsung aja klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnL8I4JxcGJQpiuaLbOjSlf5tsCpxfylqjN5SrGzK_zC4tGjv-nosRcv4sQ9dPlRlub7-YNvOqNpgmkCt6HqXAvGuMELTfmCiHl7XKun_n578mN8AQxgsFg1YIyfrNqgL-JbB8bGRjn_tB/s1600/14.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="184" width="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnL8I4JxcGJQpiuaLbOjSlf5tsCpxfylqjN5SrGzK_zC4tGjv-nosRcv4sQ9dPlRlub7-YNvOqNpgmkCt6HqXAvGuMELTfmCiHl7XKun_n578mN8AQxgsFg1YIyfrNqgL-JbB8bGRjn_tB/s320/14.gif" /></a></div><br />
Pada “DNS Name” biarkan saja kosong kemudian klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZBSl4wPhR1DJn3wQ0_alikeu-h_p7VvLuGqGbBnYv-RbuNr2fqAgKoK2vjZEIYiwF4q6zkO1zOyeuNKZoT74YawrXTFcCrr1rrRnyl1ogm1fmK1QjsLPvi9ExPtWLwO31N7GzJvgqX2JW/s1600/15.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="184" width="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZBSl4wPhR1DJn3wQ0_alikeu-h_p7VvLuGqGbBnYv-RbuNr2fqAgKoK2vjZEIYiwF4q6zkO1zOyeuNKZoT74YawrXTFcCrr1rrRnyl1ogm1fmK1QjsLPvi9ExPtWLwO31N7GzJvgqX2JW/s320/15.gif" /></a></div><br />
Kemudian langsung saja klik “Next”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3bMpL1M3f-sJSkcj35DdCfTfNqruCOZ95pWX4HXvqGiGpqGhAe98K6wero4HuDojABQPEhkVZJKV_xRcqTw0WIRWFrKZP6NqYAymTsFsujV6ikoUlqzB9aVB6SHSYdtexXh3BiW3z5gt_/s1600/16.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="183" width="269" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3bMpL1M3f-sJSkcj35DdCfTfNqruCOZ95pWX4HXvqGiGpqGhAe98K6wero4HuDojABQPEhkVZJKV_xRcqTw0WIRWFrKZP6NqYAymTsFsujV6ikoUlqzB9aVB6SHSYdtexXh3BiW3z5gt_/s320/16.gif" /></a></div><br />
Setelah selesai maka akan muncul kotak dialog sebagai berikut kemudian klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMLpAUuSqC1kA4lApBxmxe66a_2yIepLZB6g-HL1b8gaH1gS9SaGoQH2FHcCPQdckbD7RvgckiS9XIqDeH-zMb9x6GJLfFDpYm90mYFSimVGvVXKOhoatNgRxwMFUtCORdBhyphenhyphenY5Ipr8d13/s1600/17.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="92" width="193" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMLpAUuSqC1kA4lApBxmxe66a_2yIepLZB6g-HL1b8gaH1gS9SaGoQH2FHcCPQdckbD7RvgckiS9XIqDeH-zMb9x6GJLfFDpYm90mYFSimVGvVXKOhoatNgRxwMFUtCORdBhyphenhyphenY5Ipr8d13/s320/17.gif" /></a></div><br />
Kemudian lanjutkan dengan konfigurasi Hotspot Mikrotik agar terkoneksi dengan software Billing Hotspot sebaik berikut :<br />
<br />
<b>IP ==> Hotspot ==> Server Profiles ==> hsprof1 (klik 2x)</b><br />
Dari tab “General” pindah ke tab “Login” kemudian hilangkan tanda centang (uncheck) pada “Cookies” kemudian klik “Apply”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh89YLvNkh5wihnLhrnu30D39nQiOHtFgv_Dz0sKQWfL3ri1gLoqBuNZ3MFnAy_cQQF5q6ut4v_euZu8A7wnsMhz3i4ZXtbGqHzMQ8SAuayyMmo_6o4zoy7Mz0oj3AQZ37FxODvMWj5S05d/s1600/18.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="320" width="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh89YLvNkh5wihnLhrnu30D39nQiOHtFgv_Dz0sKQWfL3ri1gLoqBuNZ3MFnAy_cQQF5q6ut4v_euZu8A7wnsMhz3i4ZXtbGqHzMQ8SAuayyMmo_6o4zoy7Mz0oj3AQZ37FxODvMWj5S05d/s320/18.gif" /></a></div><br />
Kemudian pindah ke tab “Radius” dan hilangkan tanda centang (uncheck) pada “Use RADIUS” kemudian klik “Apply” lalu klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjCL6-c1k64C5Z2bvdwJR0sVruWSkD8fxUhsvpOOZaW5KVw2P3bi1OhFvoL87CjmkRsyGSCyaNbhwSwkadDpCwvK8ejBJDNe3-zNqiTeYHWv-UVaxaWnjpkm5YjY5LSYJG7k7XfvMB-ajg/s1600/19.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="320" width="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjCL6-c1k64C5Z2bvdwJR0sVruWSkD8fxUhsvpOOZaW5KVw2P3bi1OhFvoL87CjmkRsyGSCyaNbhwSwkadDpCwvK8ejBJDNe3-zNqiTeYHWv-UVaxaWnjpkm5YjY5LSYJG7k7XfvMB-ajg/s320/19.gif" /></a></div><br />
<b>Radius</b><br />
Klik tanda plus |+| dan pada tab General beri tanda centang pada service hotspot kemudian pada “Address” isikan IP Address radius server Billing Hotspot (PC Linux) dan “Secret” isikan secret id misal 123457890 sesuai yang anda isikan di Linux, kemudian jika selesai klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBipxfWmG-yoZGbhLEhuwcBsBpBdltsfxtTsat6kXGZ8KHx66lMEgjnIJKTSf5B54lGMG6Qn7vOAWh3qezR_uVZ43MB6sA6S2xSevzQZ9A7R1WGhHzY8KbVefGklBhyphenhyphenCf2_uFKguKp9f5b/s1600/21.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="145" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBipxfWmG-yoZGbhLEhuwcBsBpBdltsfxtTsat6kXGZ8KHx66lMEgjnIJKTSf5B54lGMG6Qn7vOAWh3qezR_uVZ43MB6sA6S2xSevzQZ9A7R1WGhHzY8KbVefGklBhyphenhyphenCf2_uFKguKp9f5b/s320/21.gif" /></a></div><br />
Agar Halaman Login User Hotspot muncul halaman login Billing Hotspot seperti gambar di bawah ini<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI5P4ODuothnLIkui_Rtbsz-OrGP7Iwm-tMVY26WKeeRMpHPaqbITw4HD8JWpfCcyg4Xn0vgATgpp-axd7-IOXBdRcRM3FcnOp_uIlHTqfbx-q4EoMdYdw09GGlN9wf-BQNZ1nbe6ijMd6/s1600/login-page-hotspot-billing.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="379" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI5P4ODuothnLIkui_Rtbsz-OrGP7Iwm-tMVY26WKeeRMpHPaqbITw4HD8JWpfCcyg4Xn0vgATgpp-axd7-IOXBdRcRM3FcnOp_uIlHTqfbx-q4EoMdYdw09GGlN9wf-BQNZ1nbe6ijMd6/s400/login-page-hotspot-billing.gif" /></a></div><br />
<b>IP ==> Hotspot ==> Walled Garden</b><br />
Klik tanda plus |+| dan pada posisi “Action = allow” pilih “Dst. Address” isikan nomer IP server Billing Hotspot, misal 192.168.1.10 kemudian klik “OK”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh-j1VzYKngBwvU1Yc40dOypo45O5DA6dzbqD3lg9M-xvqyheKWuS8F54SXLXq3wCrfJBTgUgVE6KLVOwKkv-nTpEPjyAINa36TkLdEtRjIsjeHtWRMWgtaJYZPOXKskK5fOEW1113CkfI/s1600/231.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="187" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh-j1VzYKngBwvU1Yc40dOypo45O5DA6dzbqD3lg9M-xvqyheKWuS8F54SXLXq3wCrfJBTgUgVE6KLVOwKkv-nTpEPjyAINa36TkLdEtRjIsjeHtWRMWgtaJYZPOXKskK5fOEW1113CkfI/s320/231.gif" /></a></div><br />
Jika selesai lakukan upload file ke dalam mikrotik yang udah di konfigurasi oleh Team software Billing Hotspot<br />
<br />
Langkah selanjutnya agar Billing Hotspot terintegrasi dengan Router Mikrotik, anda harus login dulu ke Billing Hotspot Manager. Masukkan username, password dan Security Code dengan benar seperti berikut ini<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUETNdPFgJdMa3GSzGdB_ZfWcPa03yNhm2JeuF8Bw4U7WwUPZ48ayAb-Pr51OzT4UDZPhxq9nI-Zv6DaRiH3BeorXnU-6cjICKZXD_iFK2RifmRMn08NJ1teHc3fdfeQ09O5OrCBlsWyOQ/s1600/login.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="252" width="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUETNdPFgJdMa3GSzGdB_ZfWcPa03yNhm2JeuF8Bw4U7WwUPZ48ayAb-Pr51OzT4UDZPhxq9nI-Zv6DaRiH3BeorXnU-6cjICKZXD_iFK2RifmRMn08NJ1teHc3fdfeQ09O5OrCBlsWyOQ/s400/login.gif" /></a></div><br />
Setelah berhasil masuk ke Billing Hotspot Manager, masuk Menu Preference ==> Setting Service ==> Pilih /var/www/html/config.client.php kemudian klik “Edit” dan jika selesai klik “Save”<br />
<br />
$ipServer=”192.168.1.2”; ==> isikan nomor IP Server Billing Hotspot<br />
$ipMikrotik=”192.168.1.10”; ==> isikan nomor IP Router Mikrotik<br />
$userMikrotik=”admin”; ==> isikan nama user Router Mikrotik<br />
$passMikrotik=”admin”; ==> isikan password Router Mikrotik<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqhnaRqJ3mZxYCYEG06ZAQTmKJwc_HNjzOfacpU5ngj2YzzJus4ZUitoXIqPVYFJPtNTgeZJHLj-VnOoaAEMv8HERyMwcCXNm6LJTsa53tZCzCnlKU3BS4LCopJfpId9sQoCPxBomsLyvp/s1600/configclient.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="309" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqhnaRqJ3mZxYCYEG06ZAQTmKJwc_HNjzOfacpU5ngj2YzzJus4ZUitoXIqPVYFJPtNTgeZJHLj-VnOoaAEMv8HERyMwcCXNm6LJTsa53tZCzCnlKU3BS4LCopJfpId9sQoCPxBomsLyvp/s320/configclient.gif" /></a></div><br />
Bila tidak bisa di simpan masuk ke Konsole sebagai root di Linux dan ketikkan perintah chmod 775 /var/www/html/config.client.php<br />
<br />
Masuk Preference ==> Setting Service ==> Pilih /etc/raddb/clients.conf kemudian klik “Edit” tarik scroll ke baris paling bawah kemudian tambahkan empat baris perintah sebagai berikut dan jika selesai klik “Save”<br />
<br />
client 192.168.1.2 ==> isikan dengan nomor IP Router Mikrotik<br />
secret=123457890 ==> isikan secret sesuai di RADIUS Mikrotik<br />
shortname=mikrotik ==> isikan dengan nama label ‘mikrotik’<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbZi8U665xMl9LGl6GmnEsf76NWScp1dgCKMFH39GvzZ4arvbOwsbvxZEGtxuF7cyxQB_L_uTKDI73rMUGKqUmKzMj6zh6TqYN3_QOCRUG9CCNulQS323sWfNOzcoQtK_TyX3qma9dXYhyphenhyphen/s1600/clientconf.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="309" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbZi8U665xMl9LGl6GmnEsf76NWScp1dgCKMFH39GvzZ4arvbOwsbvxZEGtxuF7cyxQB_L_uTKDI73rMUGKqUmKzMj6zh6TqYN3_QOCRUG9CCNulQS323sWfNOzcoQtK_TyX3qma9dXYhyphenhyphen/s320/clientconf.gif" /></a></div><br />
Masuk Preference ==> Setting Service ==> Pilih /etc/raddb/naslist kemudian klik “Edit”<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAoH0-AehCfip2h2dxogzLKQm6yUELmnlUl2qiKgmwGKC_7eM84jb028EaCTiZy-X1rbh_96rNmUZyk5kD7HMzIIIY2ygwzwKizES1vG5Ajsm3jeiSMzsoi-Ifgw2aosPeM-ecgEkpzYf-/s1600/naslist.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="310" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAoH0-AehCfip2h2dxogzLKQm6yUELmnlUl2qiKgmwGKC_7eM84jb028EaCTiZy-X1rbh_96rNmUZyk5kD7HMzIIIY2ygwzwKizES1vG5Ajsm3jeiSMzsoi-Ifgw2aosPeM-ecgEkpzYf-/s320/naslist.gif" /></a></div><br />
Bila tidak bisa di simpan masuk ke Konsole sebagai root di Linux dan ketikkan perintah chmod 775 /etc/raddb/naslistmaruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-87210219044392838702011-03-20T21:03:00.001+07:002011-03-21T09:29:52.169+07:00Setting Hotspot Pada MikrotikSetting Hotspot pada Mikrotik Router OS sangat mudah dikonfigurasi. Sistem autentikasi hotspot biasa digunakan ketika kita akan menyediakan akses internet pada areal publik, seperti : Hotel, café, Kampus, airport, taman, mall dll. Teknologi akses internet ini biasanya menggunakan jaringan wireless atau wired. Biasanya menyediakan akses internet gratis dengan menggunakan hotspot atau bisa juga menggunakan Voucher untuk autentikasinya. Ketika membuka halaman web maka router akan mengecek apakah user sudah di autentikasi atau belum. Jika belum melakukan autentikasi, maka user akan di arahkan pada hotspot login page yang mengharuskan mengisi username dan password. Jika informasi login yang dimasukkan sudah benar, maka router akan memasukkan user tersebut kedalam sistem hotspot dan client sudah bisa mengakses halaman web. Selain itu akan muncul popup windows berisi status ip address, byte rate dan time live. Penggunaan akses internet hotspot dapat dihitung berdasarkan waktu (time-based) dan data yang di download/upload (volume-based). Selain itu dapat juga dilakukan melimit bandwidth berdasarkan data rate, total data upload/download atau bisa juga di limit berdasarkan lama pemakaian.<br />
<br />
Cara mudah setting hotspot pada mikrotik adalah ada 2 (dua) pilihan selain menggunakan teks mode kita juga bisa menggunakan setting wizard dengan menggunakan Winbox Router OS, Langkah-langkat berikut merupakan konfigurasi dasar hotspot mikrotik sebagai Gateway Server. Pertama install Mikrotik Router OS pada PC atau pasang DOM atau kalau menggunakan Rouer Board langsung aja Login = ‘admin’ sedangkan untuk pasword anda kosongin untuk defaultnya.<br />
<br />
Masuk ke IP ==> Hotspot ==> Setup<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuvCMfnADEVwgG5zoFL6hCv8PwuPIUOHZMx51izmasgPJfoTBtZK9ADod3nka5DecKXyCVVXeP5H-hVC4lX7T0nXPT-l5YhWTiRo2VMMI27q_aD63dwVwA7J-KJKn6_oCOTL1hK4fVcBdB/s1600/hotspot-mikrotik1.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="248" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuvCMfnADEVwgG5zoFL6hCv8PwuPIUOHZMx51izmasgPJfoTBtZK9ADod3nka5DecKXyCVVXeP5H-hVC4lX7T0nXPT-l5YhWTiRo2VMMI27q_aD63dwVwA7J-KJKn6_oCOTL1hK4fVcBdB/s320/hotspot-mikrotik1.gif" /></a></div><br />
Kemudian tentukan IP lokal hospot yang akan ada gunakan, misal 192.168.10.1 dan Tentukan IP DHCP ke clientnya yang akan anda gunakan, dalam contoh ini adalah 192.168.10.2-192.168.10.255<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk-Pr1JKpVbvkzCqOI8_l0OLAXQc0C8sH3tPmgs8xNSQRhtA6cL4WHNEGFdgGGCHKGdOV1P0UaB70ADQKgt-rZHcnZ3Gcna6r3lusXUeq0knS8e7g5gqUz3VUDZoWnBn1UJk6TAZt3GO23/s1600/hotspot1.gif" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="130" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk-Pr1JKpVbvkzCqOI8_l0OLAXQc0C8sH3tPmgs8xNSQRhtA6cL4WHNEGFdgGGCHKGdOV1P0UaB70ADQKgt-rZHcnZ3Gcna6r3lusXUeq0knS8e7g5gqUz3VUDZoWnBn1UJk6TAZt3GO23/s320/hotspot1.gif" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXUwAW9KQlcS8dWYlduiMPuL_V1LKruICkcWXP2l9yO4yh5kW9FHMmevGmiLqpI6or2PFvoqh38UqWLdblUs3VSygtTl3wi60kap0VJtMUBx1EJgjOHp3tGsKrbIlGsiOzNKgTPAH3YyVb/s1600/hotspot3.gif" imageanchor="1" style="clear:right; float:right; margin-left:1em; margin-bottom:1em"><img border="0" height="132" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXUwAW9KQlcS8dWYlduiMPuL_V1LKruICkcWXP2l9yO4yh5kW9FHMmevGmiLqpI6or2PFvoqh38UqWLdblUs3VSygtTl3wi60kap0VJtMUBx1EJgjOHp3tGsKrbIlGsiOzNKgTPAH3YyVb/s320/hotspot3.gif" /></a></div><br />
<br />
<br />
<br />
Untuk SMTP Server sebaiknya anda kosongin saja, Kemudian DNS servernya anda isikan sesuaikan dengan Provider anda, dalam contoh ini adalah DNS1=202.47.78.1 DNS2=202.47.78.9<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5jK4FNhUa2Fe_xsEEQfseZTyAFv3Q5XK5m1qmFsyl6BelMYWpVn9t27QK9JuJ09w3RNMtLTrhaO7Sgb1Id6_AqZD3hesWHNFGkurOL-07OtgxOaB8pmap2yJ_mv-Y9E4Ivvp2Cxzb4RCK/s1600/hotspot4.gif" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="134" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5jK4FNhUa2Fe_xsEEQfseZTyAFv3Q5XK5m1qmFsyl6BelMYWpVn9t27QK9JuJ09w3RNMtLTrhaO7Sgb1Id6_AqZD3hesWHNFGkurOL-07OtgxOaB8pmap2yJ_mv-Y9E4Ivvp2Cxzb4RCK/s320/hotspot4.gif" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGdqU8Ra6b8xfcoYubuuxJD3MtRhaXjrQeJ28N1MrF4OtYqtt5P9fw44ph4ztGWTZh1uL68DnmMs6NphHxL9YZKFh3V06vLHB7jH_UM9qy7P033rUl7_oXy94HgCbgio1-VlB9BYqD5g-H/s1600/hotspot5.gif" imageanchor="1" style="clear:right; float:right; margin-left:1em; margin-bottom:1em"><img border="0" height="131" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGdqU8Ra6b8xfcoYubuuxJD3MtRhaXjrQeJ28N1MrF4OtYqtt5P9fw44ph4ztGWTZh1uL68DnmMs6NphHxL9YZKFh3V06vLHB7jH_UM9qy7P033rUl7_oXy94HgCbgio1-VlB9BYqD5g-H/s320/hotspot5.gif" /></a></div><br />
<br />
DNS lokal hotspot anda NEXT saja kemudian pada Hotspot user anda dalam contoh berikut diisi admin password admin123<br />
<br />
<br />
hotspo<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKA2yBejUozB_pgTfSkhmqci4kvCaXg_ZUF-bUhqiOS_BFJ5-3WQT4SUd4xHCUr_pIywIlgoMamg-4fWSGLrV2a6ppE6sFPMDb5hHEPTBGElfNrie_-3CDR1MVtWogkb6Zl4XJBN-4pCaz/s1600/hotspot6.gif" imageanchor="1" style="clear:left; float:left;margin-right:1em; margin-bottom:1em"><img border="0" height="133" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKA2yBejUozB_pgTfSkhmqci4kvCaXg_ZUF-bUhqiOS_BFJ5-3WQT4SUd4xHCUr_pIywIlgoMamg-4fWSGLrV2a6ppE6sFPMDb5hHEPTBGElfNrie_-3CDR1MVtWogkb6Zl4XJBN-4pCaz/s320/hotspot6.gif" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTN-gR96kULSiB9S7Z2FLtNyoemgbHNM6b2Q-dmrdCbhmsM5eCvjNZVeG4redTX2sGk9pPAReSrLGmiffkiXz1zZoYfpirPnzX2x6tv8g4y-qriZ0G53zhQeULIxuCdakb5olDutX-afGK/s1600/hotspot7.gif" imageanchor="1" style="clear:right; float:right; margin-left:1em; margin-bottom:1em"><img border="0" height="135" width="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTN-gR96kULSiB9S7Z2FLtNyoemgbHNM6b2Q-dmrdCbhmsM5eCvjNZVeG4redTX2sGk9pPAReSrLGmiffkiXz1zZoYfpirPnzX2x6tv8g4y-qriZ0G53zhQeULIxuCdakb5olDutX-afGK/s320/hotspot7.gif" /></a></div><br />
<br />
Hotspot Server Profile digunakan untuk mensetting server yang akan sering digunakan untuk semua user seperti metode autentikasi dan Limitasi data rate. Ada 6 jenis autentikasi Hotspot mikrotik yang berbeda dalam profile setting, jenis autentikas tersebut adalah : HTTP PAP, HTTP CHAP, HTTPS, HTTP cookie, MAC address, Trial<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFzwjpewyBg9R68CxrO4uLtQwwtfC7mkJMwTmklsZLzE3n2xKiEJ_IYqZyVmB1m9IE4W_Y7LlH_qjKO6iZH4sn4EZR2YMDbv8rLZi5RqGa7dtGvcfP8VuUwRoTl_kqHgvB6IOKguaJjSzq/s1600/new-hotspot-server.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="269" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFzwjpewyBg9R68CxrO4uLtQwwtfC7mkJMwTmklsZLzE3n2xKiEJ_IYqZyVmB1m9IE4W_Y7LlH_qjKO6iZH4sn4EZR2YMDbv8rLZi5RqGa7dtGvcfP8VuUwRoTl_kqHgvB6IOKguaJjSzq/s320/new-hotspot-server.gif" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK-Q5ZrWbk4qlIdXPwbRDSggIuEmY7gJTFHYVohNvtge06S9HRph7XDkXyHTyS_PGgvONmny4EIDtw6rD0gyHQTDaRvIDnUY82XX_hF6pYXw8FuzLLtBcJoU3dbNzhU2kT-lCX4p2YYRKD/s1600/hotspot-profile.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="274" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK-Q5ZrWbk4qlIdXPwbRDSggIuEmY7gJTFHYVohNvtge06S9HRph7XDkXyHTyS_PGgvONmny4EIDtw6rD0gyHQTDaRvIDnUY82XX_hF6pYXw8FuzLLtBcJoU3dbNzhU2kT-lCX4p2YYRKD/s320/hotspot-profile.gif" /></a></div><br />
<br />
<br />
Metode autentikasi yang akan digunakan, biasanya cukup menggunakan metode HTTP CHAP<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi235jOL-Z2P7HUaqbNUto5GDG6roOqB_YVRk6ZV0LlORkflTDnQnDwXBix5HntlfrKrjvYBKW-SotPvG_IORh8EkqKlk2SAh9beoDoFKU_y8-ldkAIg8s6-jFWD2VVp09n9lIlwn-qQD9v/s1600/autentikasi.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="289" width="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi235jOL-Z2P7HUaqbNUto5GDG6roOqB_YVRk6ZV0LlORkflTDnQnDwXBix5HntlfrKrjvYBKW-SotPvG_IORh8EkqKlk2SAh9beoDoFKU_y8-ldkAIg8s6-jFWD2VVp09n9lIlwn-qQD9v/s320/autentikasi.gif" /></a></div><br />
<br />
Data rate limitation digunakan sebagai default setting untuk user yang belum di setting bandwidth limit pemakaiannya. Dimana RX adalah Client upload dan TX adalah Client download. Misal setting default data rate di 64k/128k (upload/download)<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2XuzCFvOu9DDV0SJ34RX0TR6DU8Na7mQiCsM5NSbwnKIFIfT9S3GwK30xalsF5bq7-9dsg2zE0T4Vd-ptWGtIP5O9vut2Z4uV5XcFFo-2_VM3PI5GhabP9ubcduC4SicaiEK2iRnto5Dt/s1600/bandwidth-limit.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="309" width="283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2XuzCFvOu9DDV0SJ34RX0TR6DU8Na7mQiCsM5NSbwnKIFIfT9S3GwK30xalsF5bq7-9dsg2zE0T4Vd-ptWGtIP5O9vut2Z4uV5XcFFo-2_VM3PI5GhabP9ubcduC4SicaiEK2iRnto5Dt/s320/bandwidth-limit.gif" /></a></div><br />
<br />
<br />
Hotspot user profile digunakan untuk menyimpan data user yang akan dibuatkan rule profilenya. Dimana didalamnya bisa dilakukan setting firewall filter chain untuk traffic yang keluar/masuk, juga bisa untuk mensetting limitasi data rate dan selain itu dapat juga dilakukan paket marking untuk setiap user yang masuk kedalam profile tersebut secara otomatis.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcb0qyTJ5pXHAvPCC0to9GJN9TFbxCZSF3BHvxcp_95ugLYGI_53XwqmmhmZ6QsRnSqbWz_7guLp55b-G3Uod6A35rVYh3meRKh17Poy4TbzHLGcn8q-5s16AGVEDfMXw2TVQ9QS2WtPVP/s1600/hotspot-user-profile.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="248" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcb0qyTJ5pXHAvPCC0to9GJN9TFbxCZSF3BHvxcp_95ugLYGI_53XwqmmhmZ6QsRnSqbWz_7guLp55b-G3Uod6A35rVYh3meRKh17Poy4TbzHLGcn8q-5s16AGVEDfMXw2TVQ9QS2WtPVP/s320/hotspot-user-profile.gif" /></a></div><br />
<br />
Hotspot user yaitu nama-nama user yang akan diautentikasi pada sistem hotspot. Beberapa hal yang dapat dilakukan dalam konfigurasi hotspot user yaitu : username dan password, Membatasi user berdasarkan waktu dan paket data yang akan digunakan, hanya ip address tertentu dari ip address dhcp yang ditawarkan atau hanya mengizinkan user untuk koneksi ke sistem hotspot dari MAC Address tertentu saja.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ84_zeMkNn_m1VwEWmPl4GSnfa6Ll9BWy8pe8Dcj-cYE_lI9JatgjfCLiwEiKfBJBN4F1fQomwqlmRDRGfswpK5LRk3jiCVb4bGMc8hg7SuaHEOmBHq8BPf9hbBFLJbb35hznWd7B4ovp/s1600/hotspot-user.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="248" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ84_zeMkNn_m1VwEWmPl4GSnfa6Ll9BWy8pe8Dcj-cYE_lI9JatgjfCLiwEiKfBJBN4F1fQomwqlmRDRGfswpK5LRk3jiCVb4bGMc8hg7SuaHEOmBHq8BPf9hbBFLJbb35hznWd7B4ovp/s320/hotspot-user.gif" /></a></div><br />
<br />
<br />
IP Bindings digunakan untuk mengizinkan ip tertentu untuk membypass autentikasi hotpot, ini sangat berguna sekali ketika kita ingin menjalankan layanan server, atau IP telephony dibawah system hotspot. Misal, PC atau Notebook anda untuk dapat membypass hotspot system, dengan demikian anda dapat melakukan browsing tanpa autentikasi<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7SlLPsDGXltK2w8NLchJEAB-aV3z0y8HfF4tiwFQ6Y5-qRAOy_5hsB0u_ls781VvCCASSyKC0_8nSJdbuvJlEeCYNTKAPdZJRsYr7B7GsV9LiufvSIOmlJHGKlydkmeBSyyZmWj3EdctJ/s1600/ip-binding.gif" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="262" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7SlLPsDGXltK2w8NLchJEAB-aV3z0y8HfF4tiwFQ6Y5-qRAOy_5hsB0u_ls781VvCCASSyKC0_8nSJdbuvJlEeCYNTKAPdZJRsYr7B7GsV9LiufvSIOmlJHGKlydkmeBSyyZmWj3EdctJ/s320/ip-binding.gif" /></a></div>maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-87238163787617141822011-03-20T20:39:00.003+07:002011-03-20T20:39:43.371+07:00MikroTik RouterOS WEB ProxyOverview<br />
The MikroTik RouterOS has the squid proxy server implementation.<br />
<br />
Proxy server features:<br />
<br />
* Regular http proxy.<br />
* Transparent proxy. Can be transparent and regular at the same time.<br />
* Access list by source, destination, and URL.<br />
* Cache access list. <br />
<br />
Contents of the Manual<br />
The following topics are covered in this manual:<br />
<br />
* Installation<br />
* Hardware Resource Usage<br />
* MikroTik Web Proxy Description<br />
* MikroTik Web Proxy Setup<br />
Monitoring the Web Proxy<br />
Access List<br />
Managing the Cache<br />
* Transparent Mode<br />
* Troubleshooting <br />
<br />
Installation<br />
The MikroTik Web Proxy feature is included in the 'web-proxy' package. To install the web-proxy package, upload it to the router and reboot. After successful install of the web-proxy package it should be listed under the /system package print list:<br />
<br />
[MikroTik] > system package print <br />
Flags: I - invalid <br />
# NAME VERSION BUILD-TIME UNINSTALL<br />
0 system 2.5.2 apr/24/2002 11:52:28 no <br />
1 routing 2.5.2 apr/24/2002 12:04:34 no <br />
2 web-proxy 2.5.2 apr/24/2002 12:02:52 no <br />
3 ppp 2.5.2 apr/24/2002 11:57:03 no <br />
4 pptp 2.5.2 apr/24/2002 11:57:43 no <br />
5 pppoe 2.5.2 apr/24/2002 11:58:46 no <br />
6 ssh 2.5.2 apr/24/2002 11:54:52 no <br />
7 snmp 2.5.2 apr/24/2002 11:53:10 no <br />
[MikroTik] > <br />
<br />
Hardware Resource Usage<br />
The proxy cache can use as much disk space as there is allocated for it. When the system allocates the space for the proxy cache, 1/7th of the total partition (disk) size is reserved for the system, but not less than 30MB. The rest is left for the proxy cache. The system RAM size is considered as well when allocating the cache size. The cache size is limited so, that there are at least 11.1MB of RAM per 1GB of cache.<br />
<br />
It is recommended, that at least 100MB HDD is used when running web proxy. Do not try to run web-proxy on a 32 or 48 MB FlashDisk!<br />
<br />
MikroTik Web Proxy Description<br />
The web proxy can be used as transparent and normal web proxy at the same time. In transparent mode it is possible to use it as standard web proxy, too. However, in this case, proxy users may have trouble to reach web pages which are accessed transparently.<br />
<br />
MikroTik Web Proxy Setup<br />
The Web Proxy management can be accessed under the /ip web-proxy submenu:<br />
<br />
[MikroTik] ip web-proxy> ? <br />
HTTP proxy<br />
clear-cache Clear http cache<br />
access Access list<br />
cache Cache access list<br />
print Print current configuration and status<br />
get Get value of configuration property<br />
set Change proxy configuration<br />
export Export web proxy settings<br />
[MikroTik] ip web-proxy> <br />
<br />
For web proxy setup, do the following:<br />
<br />
* Specify at least one dns server for the router:<br />
<br />
/ip dns set primary-dns=192.168.1.1<br />
<br />
* Set IP address and port on which proxy will listen for requests:<br />
<br />
/ip web-proxy set address=0.0.0.0:8080<br />
<br />
* If this proxy has to use another proxy, specify it:<br />
<br />
/ip web-proxy set parent-proxy=192.168.1.1:8080<br />
<br />
otherwise disable it:<br />
<br />
/ip web-proxy set parent-proxy=0.0.0.0:0<br />
<br />
* Specify cache administrator's e-mail address:<br />
<br />
/ip web-proxy set cache-administrator=support@mt.lv<br />
<br />
* Specify hostname (DNS or IP address) of the web proxy:<br />
<br />
/ip web-proxy set hostname=proxy.mt.lv<br />
<br />
* Enable the proxy service:<br />
<br />
/ip web-proxy set enabled=yes<br />
<br />
Now it is possible to use this proxy, by setting it as proxy for IE or Netscape.<br />
<br />
Web proxy will automatically detect any problems with cache and will try to solve them without loosing any cache data. But in case of a heavy damage to the file system, the web proxy can't rebuild cache data. Cache can be deleted and new cache directories created by the command '/ip web-proxy clear-cache'.<br />
<br />
Monitoring the Web Proxy<br />
Use the command /ip web-proxy print to see the current web proxy status:<br />
<br />
[MikroTik] ip web-proxy> print <br />
enabled: yes<br />
address: 0.0.0.0:8080<br />
transparent-mode: no<br />
parent-proxy: 0.0.0.0:0<br />
cache-administrator: support@mt.lv<br />
hostname: proxy.mt.lv<br />
status: running<br />
reserved-for-cache: 6782 MB<br />
[MikroTik] ip web-proxy> <br />
<br />
Description of the status parameter value:<br />
<br />
stopped - proxy is disabled and is not running<br />
rebuilding-cache - proxy is enabled and running, existing cache is being verified<br />
running - proxy is enabled and running<br />
stopping - proxy is shutting down (max 10s)<br />
clearing-cache - proxy is stopped, cache files are being removed<br />
creating-cache - proxy is stopped, cache directory structure is being created<br />
dns-missing - proxy is enabled, but not running because of unknown DNS server (please, specify it under /ip dns)<br />
invalid-address - proxy is enabled, but not running because of invalid address (please, change address or port)<br />
invalid-cache-administrator - proxy is enabled, but not running because of invalid cache-administrator's e-mail address<br />
invalid-hostname - proxy is enabled, but not running because of invalid hostname (please, set valid hostname value)<br />
error-logged - proxy is not running because of unknown error. This error is logged as System-Error. Please, send us this error and some description, how it happened.<br />
<br />
Access logs are sent to Web-Proxy-Access logging facility. These logs can be disabled, logged locally or sent to remote address. To log locally:<br />
<br />
/system logging facility set Web-Proxy-Access logging=local<br />
<br />
Logs can be viewed using /log print command.<br />
<br />
Access List<br />
<br />
Access list is implemented in the same way as MikroTik firewall rules. Rules are processed from top to bottom. First matching rule specifies decision of what to do with this connection. Connections can be matched by its source address, destination address, destination port or substring of requested url. If none of these parameters is specified, every connection will match this rule.<br />
<br />
If connection is matched by a rule, action property of this rule specifies whether connection will be allowed or not. If connection does not match any rule, it will be allowed.<br />
<br />
For example:<br />
<br />
[MikroTik] ip web-proxy access> print <br />
Flags: X - disabled <br />
# SRC-ADDRESS DST-ADDRESS DST-PORT URL ACTION<br />
0 0.0.0.0/0 0.0.0.0/0 0-65535 .mp3 deny <br />
1 10.0.0.1/32 0.0.0.0/0 0-65535 allow <br />
2 0.0.0.0/0 0.0.0.0/0 0-65535 ftp:// deny <br />
3 10.0.0.0/24 10.9.9.128/28 0-65535 allow <br />
4 0.0.0.0/0 0.0.0.0/0 0-65535 deny <br />
[MikroTik] ip web-proxy access> <br />
<br />
Argument description:<br />
<br />
src-address - source address of the request<br />
dst-address - destination address of the request<br />
dst-port - destination port of the request<br />
url - the URL of the request. Can be regular expression.<br />
action - (allow / deny) action to take.<br />
<br />
Access list, shown above, disables access to any mp3 files for everyone.<br />
Local gateway 10.0.0.1 has access to everything else (excluding mp3 files).<br />
All other local network (10.0.0.0/24) users have access to servers located at 10.9.9.128/28, but, ftp protocol is not allowed for them.<br />
Any other request is denied.<br />
<br />
Managing the Cache<br />
<br />
Cache access list specifies, which requests (domains, servers, pages) have to be cached locally by web proxy, and which not. The Web Proxy cache access list is located under the /ip web-proxy cache submenu.<br />
<br />
Access list is implemented exactly the same way as web proxy access list. Default action is to cache object (if no matching rule is found). By default, one cache access rule is already added:<br />
<br />
[MikroTik] ip web-proxy cache> print <br />
Flags: X - disabled <br />
# SRC-ADDRESS DST-ADDRESS DST-PORT URL ACTION<br />
0 0.0.0.0/0 0.0.0.0/0 0-65535 cgi-bin \? deny <br />
[MikroTik] ip web-proxy cache> <br />
<br />
This rule defines, that all runtime generated pages (which are located within cgi-bin directories or contain '?' in url) has not to be cached.<br />
<br />
NOTE: Objects, which are larger than 4MB, are not cached. <br />
<br />
Transparent Mode<br />
To enable the transparent mode, firewall rule in destination nat has to be added, specifying which connections (to which ports) should be transparently redirected to the proxy. For example, we have the following web-proxy settings:<br />
<br />
[MikroTik] ip web-proxy> print <br />
enabled: yes<br />
address: 0.0.0.0:8080<br />
transparent-mode: yes<br />
parent-proxy: 0.0.0.0:0<br />
cache-administrator: support@mt.lv<br />
hostname: proxy.mt.lv<br />
status: running<br />
reserved-for-cache: 3398 MB<br />
[MikroTik] ip web-proxy> <br />
<br />
If we want all connections coming from interface ether1 and going to port 80 to handle with web proxy transparently, and if our web proxy is listening on port 8080, then we add following destination nat rule:<br />
<br />
[MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \<br />
dst-address=!10.0.0.1/32:80 action=redirect to-dst-port=8080<br />
[MikroTik] ip firewall dst-nat> print <br />
Flags: X - disabled, I - invalid <br />
0 ;;; Transparent proxy<br />
src-address=0.0.0.0/0:0-65535 in-interface=ether1 <br />
dst-address=!10.0.0.1/32:80 protocol=tcp icmp-options=any:any flow="" <br />
src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0 <br />
limit-time=0s action=redirect to-dst-address=0.0.0.0 to-dst-port=8080 <br />
bytes=118949 packets=2260 <br />
<br />
[MikroTik] ip firewall dst-nat> <br />
<br />
Here, the router's address and port 80 (10.0.0.1/32:80) have been excluded from redirection to preserve the winbox functionality which uses TCP port 80 on the router. More than one redirect rule can be added to redirect more than one port.<br />
<br />
NOTE: only HTTP traffic is supported by web proxy transparent mode. HTTPS and FTP are not going to work this way! <br />
<br />
Troubleshooting<br />
<br />
* My web-proxy does not start. There are error messages in the system log, and the status of the web-proxy is 'rebuilding cache ...'<br />
Problem with underscore '_' in the identity name has been fixed (starting with v2.5.2). It is a good idea, to update web-proxy, if there is newer version available.<br />
<br />
* The transparent proxy stops working after 5 minutes<br />
See if you have enough disk space (do not run web-proxy on a 48MB FlashDisk!) and sufficient RAM (10MB...20MB on each GB of proxy cache).<br />
<br />
* Can I use transparent proxy feature on a MikroTik router with bridged interfaces?<br />
No. Transparent proxy requires redirection of IP packets by firewall destination NAT. Firewall is not involved when packets are passed from one bridged interface to another. But packets have to be translated by firewall destination NAT for transparent web-proxy to work. So, web-proxy is not going to work in transparent mode between bridge interfaces.<br />
<br />
* When I turned on transparent proxy and redirected TCP port 80 to it, my WinBox stopped working.<br />
TCP port 80 is used by WinBox when connecting to the router. You should exclude the router's address:80 from redirection by using rule<br />
'/ip firewall src-nat add dst-address=address/32:80 protocol=tcp action=accept'<br />
BEFORE the redirect rule. Alternatively, you can use just one rule<br />
'/ip firewall src-nat add dst-address=!address/32:80 protocol=tcp action=redirect to-dst-port=8080'<br />
<br />
* I use firewall to block access to the router from the Internet. My proxy does not work.<br />
Make sure you allow established TCP connections with tcp option 'non-syn-only' to the router before blocking everything else. In v2.5, the rule is like this:<br />
'/ip firewall rule input add protocol=tcp tcp-options=non-syn-only connection-state=established'maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-62872394303158957522011-03-20T09:49:00.000+07:002011-03-20T09:49:02.360+07:00Bandwidth Management dengan MikrotikMisalkan kita mempunyai client sebanyak 10 buah. Link yang kita sewa sebesar 128kbps ke ISP. Kendala yang sering ditemui pada sebuah jaringan adalah tidak ada pembagian bandwidth yang adil diantara client jaringan tersebut. Jika salah satu dari client kita menggunakan program semisal download accelerator atau flashget, niscaya bandwidth yang kita miliki tersebut akan habis oleh satu client saja, sementara client lain jika ingin menggunakan bandwidth menjadi terhambat, karena link yang kita sewa telah saturasi.<br />
<br />
Untuk mengatasi itu semua maka diperlukan bandwith management, pada mikrotik ada sebuah fitur PCQ (Per Connection Queue) yaitu mekanisme antrian untuk menyamakan bandwidth yang dipakai oleh multiple client.<br />
<br />
Cara kerja PCQ jika hanya satu client yang sedang aktif menggunakan bandwidth sementar yang lain idle, maka client tersebut dapat menggunakan maximal bandwidth yang tersedia, tetapi pada saat client ke dua aktif, maka maximal bandwith yang digunakan oleh kedua client tadi menjadi masing-masing 128kbps /2 , jika ada client lain pada saat bersamaan aktif, maka masing-masing akan mendapat jatah maximal 128kbps /3. Sehingga akan terjadi pembagian bandwidth yang adil untuk seluruh client.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilt4I2ym1DLwJKrMTDNuQOcj-QTN344K1i1VYMcyuMyLjaSJJGCLE_5cbjkQutFnwwiZAzamLIhlIWJduonCtuIxBL9BXmFYW-mO-Ya4qt38S_z1OQ2-GwIoVGSTh4MSeq3xGisE-qrqvt/s1600/mikro.JPG" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="269" width="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilt4I2ym1DLwJKrMTDNuQOcj-QTN344K1i1VYMcyuMyLjaSJJGCLE_5cbjkQutFnwwiZAzamLIhlIWJduonCtuIxBL9BXmFYW-mO-Ya4qt38S_z1OQ2-GwIoVGSTh4MSeq3xGisE-qrqvt/s320/mikro.JPG" /></a></div>Ada beberapa cara yang bisa digunakan, salah satu nya dengan menggunakan MANGLE atau menandai paket dan membatadi paket berdasarkan tanda (packet-mark) yang telah dibuat.<br />
<br />
1. Mark all packets with packet-mark all:<br />
<br />
/ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all \<br />
<br />
passthrough=no<br />
<br />
2. Setup two PCQ queue types – one for download and one for upload. dst-address is classifier for user’s download traffic, src-address for upload traffic:<br />
<br />
/queue type add name="PCQ_download" kind=pcq pcq-rate=64000 pcq-classifier=dst-address<br />
<br />
/queue type add name="PCQ_upload" kind=pcq pcq-rate=32000 pcq-classifier=src-address<br />
<br />
3. Finally, two queue rules are required, one for download and one for upload:<br />
<br />
/queue tree add parent=global-in queue=PCQ_download packet-mark=all<br />
<br />
/queue tree add parent=global-out queue=PCQ_upload packet-mark=allmaruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-36575479815670054192011-03-20T07:25:00.000+07:002011-03-20T07:27:21.579+07:00Contoh settingan brustable pada mikrotikPada queue tree<br /><br />Max-limit merupakan batasan maksimal bandwidth yang dapat dikonsumsi<br /><br />oleh komputer yang dikenakan limitasi.<br /><br />Burst-limit merupakan batasan maksimal bandwidth yang dapat dikonsumsi<br /><br />dalam waktu yang singkat yang ditentukan dengan busrt-time.<br /><br />Burst-Thres merupakan pemicu atau trigger atau titik pembalik atau<br /><br />batasan bandwidth riil yang diterima sebagai pembatas burst-limit.<br /><br /><br /><br />contoh batasan bandwidth pada komputer a:<br /><br /><br /><br />Max-limit=64k<br /><br />Burst-limit=128k<br /><br />Burst-Thres=48k<br /><br />Burst-Time=2<br /><br /><br /><br />Berarti komputer tersebut dapat memperoleh bandwidth 128kbps selama<br /><br />traffic riilnya belum mencapai 48kbps, jika dia sudah mencapai traffic riilnya maka<br /><br />secara otomatis bandwidth yang dia dapatkan akan berangsur-angsur turun menuju 64 kbps.<br /><br />Skenario seperti ini sering diterapkan oleh beberapa ISP yang menawarkan bandwidth yang<br /><br />burstable, atau warnet yang lebih mengutamakan klien yang browsing daripada klien yang melakukan<br /><br />download. Dengan menggunakan konfigurasi seperti diatas sering kali klien yang browsing akan<br /><br />mereka cepat karena mereka sering kali mendapatkan 128 kbps sedangkan jika mereka mulai melakukan<br /><br />download data dari internet maka jatah koneksi mereka akan turun menjadi 64 kbps.<br /><br />....<br /><br />Orang sering kali ingin menggunakan system seperti ini namun mereka mengalami kesulitan untuk menentukan parameter-parameter yang tepat untuk konfigurasi mereka. Dengan konfigurasi yang kurang tepat sering kali klien mereka akan mendapatkan bandwidth yang lebih besar dari max-limit kita, atau bahkan jauh dari angka max-limit, lalu bagaimana cara mengisikan parameter tersebut supaya tepat? Berikut ini saya akan memberikan rumusan yang belum tentu tepat, namun sudah cukup membantu.<br /><br /><br /><br />rumus manajement bandwidth<br /><br />================================================== ===<br /><br /><br /><br />Limit-at = Sesuai selera anda<br /><br />Max-limit = Susuai selera anda<br /><br />Burst-limit = < 4 x Max-limit<br /><br />Burst-Thres = ¾ x Max-limit<br /><br />Burst-time = < 12 s<br /><br /><br /><br />rumusan ini belum tentu tepat,tapi cukup sebagai dasar<br /><br /><br /><br />Atau anda dapat mendownload file yang sudah jadi disini. Namun rumus ini tidak bersifat mati, harus anda sesuaikan dengan keadaan jaringan anda, tapi anda juga dapat menjadikan rumus tersebut sebagai acuan dalam membagi bandwidth anda.Demikian sedikit ulasan saya semoga dapat bermanfaat, saya mohon maaf jika terdapat kesalahan dalam penulisan, dan kekurang tepatan perhitungan.maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0tag:blogger.com,1999:blog-4268044096619383267.post-46504910692396722842011-03-20T07:15:00.000+07:002011-03-20T07:16:34.999+07:00Managemen Bandwidth Mikrotik Cara SimpleTutorial mikrotik ini tidak diperuntukkan bagi yang sudah pernah ikut pelatihan ataupun sudah sangat memahami mikrotik fundamental. Karena cara tutorial mikrotik kali ini sangat lah mudah dan akan dijelaskan step by step bagaimana managemen bandwidth mikrotik cara simple, dan benar-benar simple.<br /><br />Dalam tutorial mikrotik kali ini pokok bahasan kita adalah bagaimana managemen bandwidth mikrotik dengan mudah dan simple dan akan dijelaskan step by step-nya. Skenarionya adalah sebagai berikut :<br /><br />Bandwidth yang kita punya akan kita alokasikan seluruhnya untuk kebutuhan browsing (jadi bandwidth browsing unlimited) sedangkan untuk kebutuhan download akan kita batasi (limit download bandwidth). Kasus seperti ini biasanya banyak digunakan oleh warnet maupun RT/RW-NET dimana user akan diberi bandwidth tidak terbatas untuk browsing sedangkan untuk download akan dibatasi tentunya.<br /><br />Tutorial Mikrotik Managemen Bandwidth<br /><br />Diketahui :<br /><br />Ethernet 1 = WAN (Ethernet Public)<br />Ethernet 2 = LAN (Ethernet Local)<br /><br />1. Buat Connection Mark<br />WINBOX > IP > FIREWALL > MANGLE ><br />[+] ADD NEW<br />chain = forward<br />protocol = TCP(6)<br />in interface = ETHER 1<br />out interface = ETHER 2<br />(masuk ke TAB advance)<br />connection bytes = 262146-4294967295 ( artinya batas file ter kecil yang kena filter 256kb)<br />(masuk TAB action)<br />Action = mark connection<br />New Connection Mark = Download<br />Passtrough = [V] <- centang<br /><br />Catatan : Dalam contoh diatas kita me-mangle semua koneksi dari protokol TCP/IP. Namun dalam kebutuhan yang lebih spesifik Anda dapat menandai berdasarkan port tujuan (source port) yang umumnya traffik download itu paling umum dari port 80 dan 21 ( http dan ftp ). Anda dapat menambahkan : src port = 21,80<br /><br />2. Buat Packet Mark<br />[+] ADD NEW<br />chain = forward<br />protocol = TCP(6)<br />in interface = ETHER 1<br />out interface = ETHER 2<br />Connection Mark = Download<br />(masuk TAB action)<br />Action = mark packet<br />New Packet Mark = Download<br /><br />3. Buat Queue Type<br />WINBOX > QUEUES > QUEUE TYPES<br />[+] ADD NEW<br />name = shape<br />kind = pcq<br />( pindah tab setting )<br />rate = 256000 <- kita batasi Download hanya di 256kbps…<br />limit dan total limit biarin tetep..<br />clasifier = dst. Address [v] <– centang<br /><br />4.Buat Queue Tree<br />WINBOX > QUEUES > QUEUE TREE<br />[+] ADD NEW<br />name = Download<br />parent = global out<br />packet mark = Download<br />queue type = shape<br />max limit = 256000<br /><br />Yups, cukup empat langkah diatas kita sudah dapat managemen bandwidth di mikrotik dengan sangat simple. Cara diatas dapat kita kembangkan lebih lanjut lagi, misalnya kasus diatas hanya berlaku pada siang hari sedangkan malamnya user akan diberi jatah bandwidh unlimited untuk browsing maupun download. Ya, berkreasi sajalah… :semangat!:maruahal siahaanhttp://www.blogger.com/profile/03145368921018800509noreply@blogger.com0