MikroTik Router

MikroTik RouterOS ™ is a linux operating system that can be used to
making the computer into a reliable network routers, includes various features
made for ip networks and wireless networks, suitable for use by ISPs and
hostspot provider.
There was also fitur2 follows:
* Firewall and NAT - stateful packet filtering; Peer-to-Peer protocol filtering; source and
destination NAT; classification by source MAC, IP addresses (networks or a list of
networks) and address types, port range, IP protocols, protocol options (ICMP type,
TCP flags and MSS), interfaces, internal packet and connection marks, ToS (DSCP)
byte, content, matching sequence / frequency, packet size, time and more ...
* Routing - Static routing; Equal cost multi-path routing; Policy based routing
(Classification done in firewall); RIP v1 / v2, OSPF v2, BGP v4
* Data Rate Management - Hierarchical HTB QoS system with bursts; per IP / protocol
/ Subnet / ports / firewall mark; PCQ, RED, SFQ, FIFO queue; CIR, MIR, contention
ratios, dynamic client rate equalizing (PCQ), bursts, Peer-to-Peer protocol Limitation
* HotSpot - HotSpot Gateway with RADIUS authentication and accounting; true plug-
and-Play access for network users; data rate of Limitation; differentiated firewall; traffic
quotas; real-time status information; walled-garden; customized HTML login pages;
iPass support; SSL secure authentication; advertisement support
* Point-to-Point tunneling protocols - PPTP, PPPoE and L2TP Access concentrators
and clients; PAP, CHAP, and MSCHAPv2 authentication protocols MSCHAPv1;
RADIUS authentication and accounting; MPPE encryption; compression for PPPoE;
Limitation of data rate; differentiated firewall; PPPoE dial on demand
* Simple tunnels - ipip tunnels, EoIP (Ethernet over IP)
* IPsec - IP security AH and ESP protocols; MODP Diffie-Hellman groups 1,2,5; MD5
and SHA1 hashing algorithms: DES, 3DES, AES-128, AES-192, AES-256 encryption
algorithms; Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5
* Proxy - FTP and HTTP caching proxy server; HTTPS proxy; transparent DNS and
HTTP proxying; SOCKS protocol support; DNS static entries; support for caching on
a separate drive; access control lists; caching lists; parent proxy support
* DHCP - DHCP server per interface; DHCP relay; DHCP client; multiple DHCP
networks; static and dynamic DHCP leases; RADIUS support
* VRRP - VRRP protocol for high availability
* UPnP - Universal Plug-and-Play support
* NTP - Network Time Protocol server and client; synchronization with GPS system
* Monitoring / Accounting - IP traffic accounting, firewall actions logging, statistics
graphs accessible via HTTP
* SNMP - read-only access
* M3P - MikroTik Packet Packer Protocol for Wireless links and Ethernet
* MNDP - MikroTik Neighbor Discovery Protocol; also supports Cisco Discovery
Protocol (CDP)
* Tools - ping; traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer;
Dynamic DNS update tool
Layer 2 connectivity
* Wireless - IEEE802.11a/b/g wireless client and access point (AP) modes; Nstreme
and Nstreme2 proprietary protocols; Wireless Distribution System (WDS) support;
Virtual AP; 40 and 104 bit WEP: WPA pre-shared key authentication; access control
list; authentication with RADIUS server; roaming (for wireless client); AP bridging
* Bridge - spanning tree protocol; multiple bridge interfaces; bridge firewalling, MAC
* VLAN - Virtual LAN IEEE802.1q support on Ethernet and wireless links; multiple
VLANs: VLAN bridging
* Synchronous - V.35, V.24, E1/T1, X.21, DS3 (T3) media types; sync-PPP, Cisco
HDLC, Frame Relay line protocols; ANSI-617d (ANDI or annex D) and Q933a
(CCITT or annex A) Frame Relay LMI types
* Asynchronous - s * r * al PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and
MSCHAPv2 authentication protocols; RADIUS authentication and accounting;
onboard s * r * al ports; modem pool with up to 128 ports; dial on demand
* ISDN - ISDN dial-in / dial-out; PAP, CHAP, and MSCHAPv2 MSCHAPv1
authentication protocols; RADIUS authentication and accounting; 128K bundle
support; Cisco HDLC, x75i, x75ui, x75bui line protocols; dial on demand
* SDSL - Single-line DSL support; line termination and network termination modes
Standard installation can be performed on a PC computer. PC that will be used as a router
mikrotikpun not require substantial resources for the use of standards,
for example, just as the gateway.
Following its minimum spec:
 CPU and motherboard - P1 pake ampe P4, AMD, Cyrix origin is not a multiprocessor
 RAM - minimum 32 MiB, maximum 1 GiB; 64 MiB or more highly recommended, if
would all be a proxy, it is recommended 1GB ... comparison, in memory 15MB
there is 1GB in proxy ..
 a minimum of 128MB HDD or Compact Flash ATA parallel, not recommended
using the UFD, SCSI, what else: D S-ATA
 NIC 10/100 or 100/1000
For the purposes of a large load (network of complex, complex routing, etc.)
advised to consider the selection of an adequate resource PC.
More complete can be found at www.mikrotik.com.
However Mikrotik is not free software, means we have to buy licenses
against any facility provided. Free trial is only for 24 hours.
We can buy software on CD mikrotik installed on a hard disk or
disk on module (DOM). If we buy the DOM does not need to install but stay
DOM plug on our PC IDE slot.
The following steps are the basics configured to setup mikrotik
network
simple as a gateway server.
1. The first step is to install RouterOS on a PC or connect the DOM.
2. Log In Mikrotik Routers via console:
MikroTik v2.9.7
Login: admin
Password: (blank)
Until this step we can get in on the machine Mikrotik. The default user is
admin
and without a password, just type admin and press the enter key.
3. To change the default password security
[Admin @ MikroTik]> password
old password: *****
new password: *****
Retype new password: *****
[Admin @ MikroTik]]>
4. Changing the name of the Mikrotik Router, in this step the server name will be changed into
"XAVIERO" (this name does bebas2 wrote mo replaced)
[Admin @ MikroTik]> system identity set name = XAVIERO
[Admin @ XAVIERO]>
5. See the interfaces on Mikrotik Router
[Admin @ XAVIERO]> interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
[Admin @ XAVIERO]>
6. Provide the IP address on the interface Mikrotik. Suppose ether1 we will use
for connection to the Internet with IP 192.168.0.1 and ether2 we will use to
our local network with IP 172.16.0.1
[Admin @ XAVIERO]> ip address add address = 192.168.0.1
netmask = 255.255.255.0 interface = ether1
[Admin @ XAVIERO]> ip address add address = 172.16.0.1
netmask = 255.255.255.0 interface = ether2
7. Looking at the IP address configuration we have given
[Admin @ XAVIERO]> ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.1/24 192.168.0.0 192.168.0.63 ether1
1 172.16.0.1/24 172.16.0.0 172.16.0.255 ether2
[Admin @ XAVIERO]>
8. Provides default gateway, the gateway to the Internet connection is assumed is
192.168.0.254
[Admin @ XAVIERO]> / ip route add gateway = 192.168.0.254
9. Viewing the routing table on the Mikrotik Routers
[Admin @ XAVIERO]> ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE PREFSRC
0 ADC 172.16.0.0/24 172.16.0.1 ether2
1 ADC 192.168.0.0/26 192.168.0.1 ether1
2 A S 0.0.0.0 / 0 r 192.168.0.254 ether1
[Admin @ XAVIERO]>
10. Ping test to the Gateway to ensure the configuration is correct
[Admin @ XAVIERO]> ping 192.168.0.254
192.168.0.254 64 byte ping: ttl = 64 time <1 ms 192.168.0.254 64 byte ping: ttl = 64 time <1 ms 2 packets transmitted, 2 packets received, 0% packet loss round-trip min / avg / max = 0/0.0/0 ms [admin @ XAVIERO]>
11. DNS setup on Mikrotik Routers
[Admin @ XAVIERO]> ip dns set primary-dns = 192.168.0.10 = allowremoterequests
no
[Admin @ XAVIERO]> ip dns set secondary-dns = 192.168.0.11 = allowremoterequests
no
12. Viewing the configuration control
[Admin @ XAVIERO]> ip dns print
primary-dns: 192.168.0.10
secondary-dns: 192.168.0.11
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 16KiB
[Admin @ XAVIERO]>
13. Tests for the access domain, for example with ping domain name
[Admin @ XAVIERO]> ping yahoo.com
216 109 112 135 64 byte ping: ttl = 48 time = 250 ms
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min / avg / max = 571/571.0/571 ms
[Admin @ XAVIERO]>
If you've managed to reply means DNS settings are correct.
14. Masquerading setup, if Mikrotik will we use as a gateway server
then to the client computer on the network can connect to the internet we need to
masquerading.
[Admin @ XAVIERO]> ip firewall nat add action = masquerade outinterface =
ether1 chain: srcnat
[Admin @ XAVIERO]>
15. Look at the configuration Masquerading
[Admin @ XAVIERO] ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain = srcnat out-interface = ether1 action = masquerade
[Admin @ XAVIERO]>
After this step can be done to check the connection of local networks. And
if successful means we've managed to install Mikrotik Router as
Gateway server. After connecting to the network can be managed Mikrotik
using Winbox
which can be downloaded from the server mikrotik Mikrotik.com or from us.
Eg Ip address server
mikrotik we 192.168.0.1, via a browser to open http://192.168.0.1 and download the Winbox from
there.
If we want the client to get an IP address automatically then we need
setup dhcp server on mikrotik. Here are the steps:
1.Buat IP address pool
/ Ip pool add name = dhcp-pool ranges = 172.16.0.10-172.16.0.20
2. Add a DHCP Network and gateway that will be distributed to the client in
This example is 172.16.0.0/24 and network gateway 172.16.0.1
/ Ip dhcp-server network add address = 172.16.0.0/24 gateway = 172.16.0.1
3. Add the DHCP server (in this example is applied to the interface dhcp ether2)
/ Ip dhcp-server add interface = ether2 address-pool = dhcp-pool
4. See the status of DHCP server
[Admin @ XAVIERO]> ip dhcp-server print
Flags: X - disabled, I - invalid
# NAME INTERFACE RELAY ADDRESS-POOL LEASE-TIME ADD-ARP
0 X dhcp1 ether2
X stated that the DHCP server is not enabled so necessary enable
advance in step 5.
5. Do not Forget made enable dhcp server first
/ Ip dhcp-server enable 0
then check back to dhcp-server such as step 4, if an X is not there
is already active.
6. From the test client
c: \> ping www.google.com
for bandwidth controller, the system can or can simple queue with
mangle
[Admin @ XAVIERO] queue simple> add name = Komputer01
interfaces = ether2 target-address = 172.16.0.1/24 max-limit = 65536/131072
[Admin @ XAVIERO] queue simple> add name = Komputer02
interfaces = ether2 target-address = 172.16.0.2/24 max-limit = 65536/131072
and so on .