anaknagi. Powered by Blogger.
RSS

SETTING HOTSPOT MIKROTIK TERCEPAT AND MUDAH

Beberapa langkah untuk membangun sebuah system hotspot dan user manager :

  • INSTAL MIKROTIK

  • NAMAKAN INTERACE
  • PEMBERIAN IP
  • SETTING IP GATEWAY
  • SETTING DNS
  • SETTING NAT
  • BUAT IP POOL
  • SETTING RADIUS SERVER
  • SETTING HOTSPOT
  • SETTING USERMANAGER

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Cara Memisahkan Browse, Download, Upload, Dan Game

Settingan ini Berjalan Pada Mikrotik RB750 OS ver.4.5 Dan percobaan Ini dilakukan pada mikrotik PC dengan Mikrotik Versi V2.9.27

Siapkan Perangkat PC dan Instal Mikrotik V2.9.27

  • Lan Card 1 menuju ISP dalam settingan ini menggunakan Speedy "Jaringan Speedy"
  • Lan Card 2 Menuju Jaringan Local dengan nama "Jaringan Local"
  • Setting IP untuk Lan 1 (Baca Tutorial Instal Mikrotik)
  • setting IP untuk Lan 2 (disini IP : 192.168.0.0/24
Settingan Yang akan Dilakukan :
  • GAME Poin Blank
  • Game Poker
  • BROWSING
  • UPLOAD
  • LIMIT DOWNLOAD
  • QUEUE
Tahapan atau teknik setting seperti berikut :

  • Settingan Untuk GAME Poin Blank

contoh buat Point Blank, game lain sesuaikan aja port/ip nya

Untuk Perintah Dibawah buatkan Pada bagian IP-Firewall-Mangle

-------------------------------------------------------------------------------------------------
chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=tcp dst-address=203.89.146.0/23 dst-port=39190 comment=”Point Blank”
-------------------------------------------------------------------------------------------------
chain=game action=mark-connection new-connection-mark=Game passthrough=yes protocol=udp dst-address=203.89.146.0/23 dst-port=40000-40010
-------------------------------------------------------------------------------------------------
chain=game action=mark-packet new-packet-mark=Game_pkt passthrough=no connection-mark=Game
-------------------------------------------------------------------------------------------------
chain=prerouting action=jump jump-target=game
-------------------------------------------------------------------------------------------------

  • Settingan Untuk GAME Poker

Untuk Perintah Dibawah buatkan Pada bagian IP-Firewall-Mangle

-------------------------------------------------------------------------------------------------
chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp dst-address-list=LOAD POKER comment=”POKER”

-------------------------------------------------------------------------------------------------
chain=forward action=mark-connection new-connection-mark=Poker_con passthrough=yes protocol=tcp content=statics.poker.static.zynga.com
-------------------------------------------------------------------------------------------------
chain=forward action=mark-packet new-packet-mark=Poker passthrough=no connection-mark=Poker_con
-------------------------------------------------------------------------------------------------

  • BROWSING
-------------------------------------------------------------------------------------------------
chain=forward action=mark-connection new-connection-mark=http passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Game connection-bytes=0-262146 comment=”BROWSE”
-------------------------------------------------------------------------------------------------
chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http
-------------------------------------------------------------------------------------------------
chain=forward action=mark-packet new-packet-mark=http_pkt passthrough=no protocol=tcp connection-mark=http
-------------------------------------------------------------------------------------------------

  • UPLOAD
-------------------------------------------------------------------------------------------------
chain=prerouting action=mark-packet new-packet-mark=Upload passthrough=no protocol=tcp src-address=192.168.0.0/24 in-interface=Lan packet-mark=!icmp_pkt comment=”UPLOAD”
-------------------------------------------------------------------------------------------------

  • LIMIT DOWNLOAD
-------------------------------------------------------------------------------------------------
chain=forward action=mark-connection new-connection-mark=Download passthrough=yes protocol=tcp in-interface=WAN out-interface=Lan packet-mark=!Game_pkt connection-mark=!Poker_con connection bytes=262146-4294967295 comment=”LIMIT DOWNLOAD”
-------------------------------------------------------------------------------------------------
chain=forward action=mark-packet new-packet-mark=Download_pkt passthrough=no packet-mark=!Game_pk> connection-mark=Download
-------------------------------------------------------------------------------------------------

  • QUEUE
Queue Type
-------------------------------------------------------------------------------------------------
name=”Download” kind=pcq pcq-rate=256000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000


name=”Http” kind=pcq pcq-rate=1M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000

name=”Game” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address,dst-address,src-port,dst-port pcq-total-limit=2000

name=”Upload” kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
-------------------------------------------------------------------------------------------------

Queue Tree
-------------------------------------------------------------------------------------------------
name=”Main Browse” parent=Lan limit-at=0 priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s

name=”Browse” parent=Main Browse packet-mark=http_pkt limit-at=0 queue=Http priority=8 max-limit=1M burst-limit=0 burst-threshold=0 burst-time=0s

name=”Game” parent=global-total packet-mark=Game_pkt limit-at=0 queue=Game priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

name=”Poker” parent=global-out packet-mark=Poker limit-at=0 queue=Game priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s

name=”Download” parent=global-out packet-mark=Download_pkt limit-at=0 queue=Download priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

name=”Main Upload” parent=global-in limit-at=0 priority=8 max-limit=256k burst-limit=0 burst-threshold=0 burst-time=0s

name=”Upload” parent=Main Upload packet-mark=Upload limit-at=0 queue=Upload priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
-------------------------------------------------------------------------------------------------

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Setting Mikrotik Dengan Line Speedy (Versi Mr. A)

Skema Jaringan dan IP Address yang akan dibuat: Oleh Mr. A :

SPEEDY (Internet) –> Modem ADSL (IP modem=192.168.1.1) –> (IP ether1=192.168.1.2) Mikrotik Routeros (IP ether2=10.0.0.30) –> LAN (IP LAN=10.0.0.1 s/d 10.0.0.29)

IP Address LAN, kita gunakan network 10.0.0.0/27 (transfer data =27 bit untuk maks 30 IP Address/komputer).

Untuk Mikrotik RouterOS, kita perlu dua (2) ethernet card. Satu (ether1 – 192.168.1.2/24) untuk sambungan ke Modem ADSL dan satu lagi (ether2 – 10.0.0.30/27) untuk sambungan ke LAN/switch.

Untuk Modem ADSL, IP kita set 192.168.1.1/24.

Pastikan Anda sebelum mengetikkan apapun, telah berada pada root menu dengan mengetikkan “/”


1. Set IP untuk masing² ethernet card:

ip address add address=192.168.1.2/24 interface=ether1
ip address add address=10.0.0.30/27 interface=ether2

Untuk menampilkan hasil perintah di atas ketikkan perintah berikut:
ip address print

Kemudian lakukan testing dengan mencoba nge-ping ke gateway atau ke komputer yg ada pada LAN. Jika hasilnya sukses, maka konfigurasi IP Anda sudah benar
ping 192.168.1.1
ping 10.0.0.30



2. Menambahkan Routing

ip route add gateway=192.168.1.1 (IP Gateway adalag IP modem)



3. Setting DNS

ip dns set primary-dns=203.130.193.74 allow-remote-requests=yes
ip dns set secondary-dns=202.134.0.155 allow-remote-requests=yes

Karena koneksi menggunakan Speedy dari Telkom, maka DNS yg kita gunakan DNS Telkom. Silahkan sesuaikan dengan DNS Telkom masing tempat Anda berada.

Setelah itu coba Anda lakukan ping ke yahoo.com misalnya:
ping yahoo.com
Jika hasilnya sukses, maka settingan DNS sudah benar



4. Source NAT (Network Address Translation) / Masquerading.

Agar semua komputer yg ada di LAN bisa terhubung ke internet juga, maka Anda perlu menambahkan NAT (Masquerade) pada Mikrotik.

ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Sekarang coba lakukan ping ke yahoo.com dari komputer yang ada di LAN
ping yahoo.com
Jika hasilnya sukses, maka setting masquerade sudah benar



5. DHCP (DynamicHost Configuration Protocol)

Supaya praktis, kita gunakan saja DHCP Server. Agar setiap ada klien yang ingin konek, dia ga perlu setting IP secara manual. Tinggal obtain aja dari DHCP Server, beres dah. Untungnya Mikrotik ini juga ada fitur DHCP Servernya. Jadi ya ga ada masalah… OK! Langkah2nya sbb:

Buat IP Address Pool

ip pool add name=dhcp-pool ranges=10.0.0.1-10.0.0.29

Menambahkan DHCP Network

ip dhcp-server network add address=10.0.0.0/27 gateway=10.0.0.30 dns-server=203.130.193.74,202.134.0.155

Menambahkan Server DHCP
ip dhcp-server add name=DHCP_LAN disabled=no interface=ether2 address-pool=dhcp-pool

Sekarang coba lakukan testing dari komputer klien, untuk me-request IP Address dari Server DHCP. Jika sukses, maka sekali lagi, settingannya sudah OK.


6. Bandwidth Control

Agar semua komputer klien pada LAN tidak saling berebut bandwidth, maka perlu dilakukan yg namanya bandwidth management atau bandwidth control

Model yg saya gunakan adalah queue trees. Untuk lebih jelas apa itu, silahkan merujuk ke situsnya Mikrotik. (http://mikrotik.co.id)
Kondisinya seperti ini:
Koneksi Speedy sekarang ini katanya speednya sampai 1Mbps/128kbps (Download/Upload). Untuk itu setingan bandwidth management nya bisa kita set sbb berikut:


Tandai semua paket yg asalnya dari LAN

ip firewall mangle add src-address=10.0.0.0/27 action=mark-connection
ip firewall mangle add connection-mark=Clients-con action=mark-packet new-packet-mark=Clients chain=prerouting new-connection-mark=Clients-con chain=prerouting

Menambahkan rule yg akan membatasi kecepatan download dan upload

queue tree add name=Clients-Download parent=ether2 packet-mark=Clients limit-at=0 max-limit=0
queue tree add name=Clients-Upload parent=ether1 packet-mark=Clients limit-at=0 max-limit=0

Nilai download dan upload kita set “0″ (nol) dengan tujuan agar bandwidth yang kita dapatkan tidak terbatasi. Karena pada saat-saat tertentu speed speedy bisa mencapai 1,5Mbps. Jadi kalo kita set maks=1mbps maka speed yang kita dapatkan hanya mentok 1mbps saja. rugikan :-D

Sekarang coba lakukan test download dari beberapa klien, mestinya sekarang tiap2 klien akan berbagi bandwidthnya. Jika jumlah klien yg online tidak sampai 10, maka sisa bandwidth yang nganggur itu akan dibagikan kepada klien yg online.


7. Graphing

Mikrotik ini juga dilengkapi dengan fungsi monitoring traffic layaknya MRTG biasa. Jadi kita bisa melihat berapa banyak paket yg dilewatkan pada PC Mikrotik kita.
tool graphing set store-every=5min

Berikutnya yang akan kita monitor adalah paket² yg lewat semua interface yg ada di PC Mikrotik kita.
tool graphing interface add-interface=all store-on-disk=yes


Sekarang coba arahkan browser anda ke IP Router Mikrotik (IP ether2 yang ke LAN)
http://10.0.0.30/graphs/
Nanti akan ada pilihan interface apa aja yg ada di router Anda. Coba klik salah satu, maka Anda akan bisa melihat grafik dari paket2 yg lewat pada interface tersebut.

Sampai disini kita telah selesai melakukan setting mikrotik dasar untuk koneksi speedy

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Setting Firewall Filter Mikrotik

Langkah pertama yaitu ketikan atau copykan perintah dibawah ini dan letakan paa bagian
terminal mikrotik.
----------------------------------------------------------------------------------------------------------------------------------------
/ ip firewall filter
----------------------------------------------------------------------------------------------------------------------------------------

Setelah melakukan langkah diatas,lakukan langkahberikutnya yaitu copykan perintah dibawah ini dan langsung masukan dalam terminal mikrotik.

----------------------------------------------------------------------------------------------------------------------------------------

add chain=input connection-state=invalid action=drop comment="Drop Invalid
connections" disabled=no

add chain=input src-address=!192.168.0.0/27 protocol=tcp src-port=1024-65535
dst-port=8080 action=drop comment="Block to Proxy" disabled=no

add chain=input protocol=udp dst-port=12667 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=udp dst-port=27665 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=udp dst-port=31335 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=udp dst-port=27444 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=udp dst-port=34555 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=udp dst-port=35555 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=27444 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=27665 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=31335 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=31846 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=34555 action=drop comment="Trinoo"
disabled=no

add chain=input protocol=tcp dst-port=35555 action=drop comment="Trinoo"
disabled=no

add chain=input connection-state=established action=accept comment="Allow
Established connections" disabled=no

add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no

add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no

add chain=input src-address=192.168.0.0/27 action=accept comment="Allow access
to router from known network" disabled=no

add chain=input action=drop comment="Drop anything else" disabled=no

add chain=forward protocol=tcp connection-state=invalid action=drop
comment="drop invalid connections" disabled=no

add chain=forward connection-state=established action=accept comment="allow
already established connections" disabled=no

add chain=forward connection-state=related action=accept comment="allow
related connections" disabled=no

add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no

add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no

add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no

add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no

add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no

add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no

add chain=forward protocol=tcp action=jump jump-target=tcp comment=""
disabled=no

add chain=forward protocol=udp action=jump jump-target=udp comment=""
disabled=no

add chain=forward protocol=icmp action=jump jump-target=icmp comment=""
disabled=no

add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP"
disabled=no

add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC
portmapper" disabled=no

add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC
portmapper" disabled=no

add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT"
disabled=no

add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs"
disabled=no

add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS"
disabled=no

add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny
NetBus" disabled=no

add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus"
disabled=no

add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny
BackOriffice" disabled=no

add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP"
disabled=no

add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP"
disabled=no

add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC
portmapper" disabled=no

add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC
portmapper" disabled=no

add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT"
disabled=no

add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS"
disabled=no

add chain=udp protocol=udp dst-port=3133 action=drop comment="deny
BackOriffice" disabled=no

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
address-list="port scanners" address-list-timeout=2w comment="Port
scanners to list " disabled=no

add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"

address-list-timeout=2w comment="NMAP FIN Stealth scan" disabled=no

add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list

address-list="port scanners" address-list-timeout=2w comment="SYN/FIN
scan" disabled=no

add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
address-list="port scanners" address-list-timeout=2w comment="SYN/RST
scan" disabled=no

add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

action=add-src-to-address-list address-list="port scanners"

address-list-timeout=2w comment="FIN/PSH/URG scan" disabled=no

add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="ALL/ALL scan" disabled=no

add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list="port scanners"
address-list-timeout=2w comment="NMAP NULL scan" disabled=no

add chain=input src-address-list="port scanners" action=drop comment="dropping
port scanners" disabled=no

add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop
invalid connections" disabled=no

add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow
established connections" disabled=no

add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow
already established connections" disabled=no

add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow
source quench" disabled=no

add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow
echo request" disabled=no

add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow
time exceed" disabled=no

add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow
parameter bad" disabled=no

add chain=icmp action=drop comment="deny all other types" disabled=no

add chain=tcp protocol=tcp dst-port=25 action=reject
reject-with=icmp-network-unreachable comment="Smtp" disabled=no

add chain=tcp protocol=udp dst-port=25 action=reject
reject-with=icmp-network-unreachable comment="Smtp" disabled=no

add chain=tcp protocol=tcp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment="Smtp" disabled=no

add chain=tcp protocol=udp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment="Smtp" disabled=no

add chain=tcp protocol=udp dst-port=110 action=reject
reject-with=icmp-network-unreachable comment="Smtp" disabled=no

-----------------------------------------------------------------------------------------------------------------


  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Fitur Mikrotik RouterOS

Penanganan Protokol TCP/IP:
  • Firewall and NAT - stateful packet filtering; Peer-to-Peer protocol filtering; source and destination NAT; classification by source MAC, IP addresses, ports, protocols, protocol options, interfaces, internal marks, content, matching frequency

  • Routing - Static routing; Equal cost multi-path routing; Policy based routing (classification by source and destination addresses and/or by firewall mark); RIP v1 / v2, OSPF v2, BGP v4

  • Data Rate Management - per IP / protocol / subnet / port / firewall mark; HTB, PCQ, RED, SFQ, byte limited queue, packet limited queue; hierarchical limitation, CIR, MIR, contention ratios, dynamic client rate equalizing (PCQ)

  • HotSpot - HotSpot Gateway with RADIUS authentication/accounting; data rate limitation; traffic quota; real-time status information; walled-garden; customized HTML login pages; iPass support; SSL secure authentication

  • Point-to-Point tunneling protocols - PPTP, PPPoE and L2TP Access Concentrators and clients; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; MPPE encryption; compression for PPPoE; data rate limitation; PPPoE dial on demand

  • Simple tunnels - IPIP tunnels, EoIP (Ethernet over IP)

  • IPsec - IP security AH and ESP protocols; Diffie-Hellman groups 1,2,5; MD5 and SHA1 hashing algorithms; DES, 3DES, AES-128, AES-192, AES-256 encryption algorithms; Perfect Forwarding Secresy (PFS) groups 1,2,5

  • Web proxy - FTP, HTTP and HTTPS caching proxy server; transparent HTTP caching proxy; SOCKS protocol support; support for caching on a separate drive; access control lists; caching lists; parent proxy support

  • Caching DNS client - name resolving for local use; Dynamic DNS Client; local DNS cache with static entries

  • DHCP - DHCP server per interface; DHCP relay; DHCP client; multiple DHCP networks; static and dynamic DHCP leases

  • Universal Client - Transparent address translation not depending on the client's setup

  • VRRP - VRRP protocol for high availability

  • UPnP - Universal Plug-and-Play support

  • NTP - Network Time Protocol server and client; synchronization with GPS system

  • Monitoring/Accounting - IP traffic accounting, firewall actions logging

  • SNMP - read-only access

  • M3P - MikroTik Packet Packer Protocol for Wireless links and Ethernet

  • MNDP - MikroTik Neighbor Discovery Protocol; also supports Cisco Discovery Protocol (CDP)

  • Tools - ping; traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer

Layer 2 connectivity
  • Wireless - IEEE802.11a/b/g wireless client and Access Point; Wireless Distribution System (WDS) support; virtual AP; 40 and 104 bit WEP; access control list; authentication on RADIUS server; roaming (for wireless client); Access Point bridging

  • Bridge - spanning tree protocol; multiple bridge interfaces; bridge firewalling

  • VLAN - IEEE802.1q Virtual LAN support on Ethernet and WLAN links; multiple VLANs; VLAN bridging

  • Synchronous - V.35, V.24, E1/T1, X.21, DS3 (T3) media types; sync-PPP, Cisco HDLC, Frame Relay line protocols; ANSI-617d (ANDI or annex D) and Q933a (CCITT or annex A) Frame Relay LMI types

  • Asynchronous - serial PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; onboard serial ports; modem pool with up to 128 ports; dial on demand

  • ISDN - ISDN dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; 128K bundle support; Cisco HDLC, x75i, x75ui, x75bui line protocols; dial on demand

  • SDSL - Single-line DSL support; line termination and network termination modes

Hardware requirements
  • CPU and motherboard - advanced 4th generation (core frequency 100MHz or more), 5th generation (Intel Pentium, Cyrix 6X86, AMD K5 or comparable) or newer uniprocessor Intel IA-32 (i386) compatible (multiple processors are not supported)

  • RAM - minimum 48 MB, maximum 1 GB; 64 MB or more recommended

  • Hard Drive/Flash - standard ATA interface controller and drive (SCSI and USB controllers and drives are not supported; RAID controllers that require additional drivers are not supported) with minimum of 64 MB space

Hardware needed for installation time only

Depending on installation method chosen the router must have the following hardware:
  • Floppy-based installation - standard AT floppy controller and 3.5'' disk drive connected as the first floppy disk drive (A); AT, PS/2 or USB keyboard; VGA-compatible video controller card and monitor

  • CD-based installation - standard ATA/ATAPI interface controller and CD drive supporting "El Torito" bootable CDs (you might need also to check if the router's BIOS supports booting from this type of media); AT, PS/2 or USB keyboard; VGA-compatible video controller card and monitor

  • Floppy-based network installation - standard AT floppy controller and 3.5'' disk drive connected as the first floppy disk drive (A); PCI Ethernet network interface card supported by MikroTik RouterOS (see the Device Driver List for the list)

  • Full network-based installation - PCI Ethernet network interface card supported by MikroTik RouterOS (see the Device Driver List for the list) with PXE or EtherBoot extension booting ROM (you might need also to check if the router's BIOS supports booting from network)

Configuration possibilities

RouterOS provides powerful command-line configuration interface. You can also manage the router through WinBox - the easy-to-use remote configuration GUI for Windows -, which provides all the benefits of the command-line interface, without the actual "command-line", which may scare novice users. Major features:
  • Clean and consistent user interface
  • Runtime configuration and monitoring
  • Multiple connections
  • User policies
  • Action history, undo/redo actions
  • safe mode operation
  • Scripts can be scheduled for executing at certain times, periodically, or on events. All command-line commands are supported in scripts

When router is not configured, there are only two ways to configure it:
  • Local terminal console - AT, PS/2 or USB keyboard and VGA-compatible video controller card with monitor
  • Serial console - First RS232 asynchronous serial port (usually, onboard port marked as COM1), which is by default set to 9600bit/s, 8 data bits, 1 stop bit, no parity
After the router is configured, it may be managed through the following interfaces:
  • Local teminal console - AT, PS/2 or USB keyboard and VGA-compatible video controller card with monitor

  • Serial console - any (you may choose any one; the first, also known as COM1, is used by default) RS232 asynchronous serial port, which is by default set to 9600bit/s, 8 data bits, 1 stop bit, no parity

  • Telnet - telnet server is running on 23 TCP port by default

  • SSH - SSH (secure shell) server is running on 22 TCP port by default (available only if security package is installed)

  • MAC Telnet - MikroTik MAC Telnet potocol server is by default enabled on all Ethernet-like interfaces

  • Winbox - Winbox is a RouterOS remote administration GUI for Windows, that use 3986 TCP port (or 3987 if security package is installed)

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS