konfigurasi mikrotik secara CLI

 Konfigurasi mikrotik secara CLI

 1. KONFIGURASI DASAR

system identity set name= (bebas)

password 

interface ethernet set ether1 name=internet

interface ethernet set ether2 name=lan

ip address add address=192.168.10.25/24 interface=internet 

ip address add address=192.168.100.1/24 interface=lan

ip dns set server= 8.8.8.8,8.8.4.4

allow-remote-request= yes

ip dhcp-server setup => dhcp server interface : lan

ip route add gateway= 192.168.10.1

ip frewall nat add chain= srcnat out- interface: int action= masquerade

ip proxy set enable= yes cache-on-disk= yes port= 443 cache-administrator= dioadityafernanda.src.id

2. SETTING NTP

system ntp client set enable=yes primary=202.65.114.202 secondary=162.159.200.1

system clock set time-zone-name=Asia/Jakarta

3. MENGAKTIFKAN WIRELESS

interface enable wilan1

ip address add address= 192.168.200.1/24 interface= wlan1

interface wireless set 0 mode= ap-bridge ssid= dio.smkwima.ukk

ip dhcp-server setup => wlan1

4.MENGAKTIFKAN BARCODE

   

 Tambahkan button di login.html (template) 

<button onclick="window.location='https://laksa19.github.io/myqr';">QRCode

</button>

    

Tambahkan script berikut di MikroTik via Terminal

ip hotspot walled-garden ip add action=accept comment="Mikhmon QR Code Scanner" disabled=no dst-host=laksa19.github.io

PERHATIAN => Agar QRcode dapat berjalan

    • memasukkan file template login 

   •IP => hotpot => server profile =>Login

    Mengaktifkan template hotspot dengan cara        berikut : 

5. MENAMBAH HOTSPOT

ip hotspot setup     => select certificate= none

ip hotspot user add name= 1 password= 1

6. IP TIDAK DAPAT PING KE ROUTER

ip firewall filter add chain=input src-address=192.168.100.2-192.168.100.50 dst-address=192.168.10.25 protocol=icmp action=drop

7. IP TIDAK DAPAT PING KE CLIENT

ip firewall filter add chain=input src-address=192.168.100.2-192.168.100.50 dst-address=192.168.200.1 protocol=icmp action=drop

8. BYPASS

ip hotspot walled-garden add dst-host= bsnp-indonesia.org action= deny

9. transparent firewall untuk blok.

ip firewall nat add chain=dstnat protocol=tcp dst-port=80 in-interface=wlan1 action=redirect to-port=8080

 ♠NB :Setiap sesudah konfigurasi firewall beri                      comen/keterangan nama secara GUI

 

10. BLOK

(LINUX, KOMPAS,MP3/MP4/DOC/DOCX/PPT/PDF)

ip proxy access add src-address=192.168.200.0/24 dst-port=80 dst-host=*linux.org action=deny

ip proxy access add src-address=192.168.200.0/24 dst-port=80 path=*mp3* action=deny

ip proxy access add src-address=192.168.200.0/24 dst-port=80 path=*mkv* action=deny

   =>>memblokir menggunakan firewall

11. BLOK CONTEN (COVID, FB, YT)

ip firewall raw add chain= preraouting conten= covid action=deny

  ♦Di yt android (www.googlevideo.com).

          yt lan (www.youtube.com)

12. SCHEDULE ETHER 2

system schedule add name= off interval= 1d start-time= 14:00:00 on-event= "interface ethernet disable lan"

system schedule add name= on interval= 1d start-time= 14:05:00 on-event= "interface ethernet enable lan"

13. SCHEDULE HOTSPOT

system scrip add name= off source= "IP hotspot user disable [find name = siswa]"

system scrip add name= on source= "IP hotspot user enable [find name = siswa]"

14 BLOK YOUTUBE DI HP &PC

ip firewall layer7-protocol add name= yt regexp= "^.+(YouTube.com| www.youtube.com| m.youtube.com| ytimg.com| s.ytimg.com| ytimg.1.google.com| i.google.com| Google video.com| youtu.be).*$"

ip firewall filter add chain= forward layer7-protocol= yt action= drop

15. BLOK IDM

ip firewall layer7-protocol add name= idm regexp= "^.+(exe| rar| iso| zip| 7z| fiv| mu| avi| mp4| 3gp| mp3| dat| mov| .mp4).*$"

ip firewall filter add chain= forward protocol= tcp layer7-protocol= idm out-interface= lan action= drop

16. MENGALIHKAN YT KE ILMU KOMPUTER

ip web proxy access add dst-port= 80 dst-host= *YouTube.com redirect-to= ilmukomputer.com action= deny

ip firewall filter add chain= forward protocol= tvp dst-port= 80

 ♣ NB : Sebelum di blok, dialihkan dulu

17. IP BINDING

ip hotspot binding add mac-address :... address :... to-address :... server : hotspot  type : bypassed

18.VLAN

interface vlan add name=vlan1 vlan-id= 1 interface= ether2

interface vlan add name= vlan2 vlan-i= 2 interface= ether2

ip address add address= 10.10.100.1/24 Interface= vlan1

ip address add address= 10.10.200.1/24 Interface= vlan2

ip pool add name= vlan1 ranges= 10.10.100.2-10.10.100.50

ip pool add name= vlan2 ranges= 10.10.200.2-10.10.200.50

19. CATATAN LOGGING DAN TERSIMPAN DI DISK

ip firewall filter add chain=forward in-interface=lan action=accept log=yes

system logging set 0,1,2,3 action=disk