MIKROTIK

MIKROTIK
1. Install the Mikrotik OS - Prepare a PC, minimum Pentium II does nothing RAM 64, HD flash memory 500M or packing 64 - On the server / PC must have at least 2 ethernet, one outward and one more to the local network manager who will in bandwidth - Burn Source CD Mikrotik input into CD ROM - Boot from CD ROM - Follow the instructions, use the next-next syndrome and default - Install the main package, preferably all packet by marking (mark) - After all the packages marked for install then press "I" - Old Install normally less than 15 minutes, more meaningful if it fails, repeat the initial step - Once installed wrong, the PC restarts the login display will appear
2. Basic setting mikrotik
   The initial steps of all the configuration steps are setting mikrotik ip
   It is intended that Mikrotik can be remote and with Winbox and allows us to perform a variety of configurations - Login as the admin default password degan ga have to be filled immediately enter - After entering the command prompt type: [Ropix @ GblSdd]> ip address add address = 222.124.21.26/29 interface = ether1 Replace it with the ip address and interface that will be used to remotely while - Ping to and from another computer - Following connect proceed to the next step, if not repeat step 2
3. Advanced Settings - Mikrotik ip access via a browser, it will display the welcome page and login - Click the link Download it for download Winbox who used to be a GUI remote mikrotik - Run Winbox, login as admin password is blank - Go to the menu at the top (interface), add the interface has been no reply by clicking the + sign - Add to this interface "bridge" for the proper functioning as a bridge mikrotik 

 

4. Setting Bandwidth limiter
- Click on the ip> firewall> magle

 

  Create a rule (click the + red) with the following parameters:
  On the General tab:
  Chain = forward,
  Src.address = 192.168.0.2 (or who want to limit ip)
  On the Action tab:
  Action = mark connection,
  New connection-mark = con ropix (or the name of the mark that we make conection)
  Click Apply and OK

  Create another rule with the following parameters:
  On the General tab: chain = forward,
  Connection ropix-mark = con (select from the dropdown menu)
  On the Action tab:
  Action = mark packet,
  New pcket Mark = ropix (or the name of the packet marks that we make)
  Click Apply and OK
- Click the Queues> Queues Tree
  Create a rule (click the + red) with the following parameters:

  On the General tab:
  Name = ropix-downstrem (eg),
  Parent = ether2 (who is the outgoing interface),
  Package Mark = ropix (select from the dropdown, just that we create on magle),
  Queue Type = default,
  Priority = 8,
  Limit At = 8k (for minimum bandwidth)
  Max limit = 64k (for a bandwidth setting brustable)
  Aplly and click Ok

  Create another rule with the following parameters:
  On the General tab:
  Name = ropix-Upstrem (eg),
  Parent = ether1 (who is way into the interface),
  Package Mark = ropix (select from the dropdown, just that we create on magle),
  Queue Type = default,
  Priority = 8,
  Limit At = 8k (for minimum bandwidth upstrem)
  Max limit = 64k (for a bandwidth setting brustable)
  Aplly and click Ok
-Try browsing and downloading from the ip that we'd limit, Rate Queues must counter the rule was, if not check back earlier steps

   

- Green icon indicates the bandwidth is less than limits, turning yellow icon means the bandwidth is approaching full and red means full.

INTRODUCTION TO COMPUTER NETWORK (LAN)

INTRODUCTION TO COMPUTER NETWORK (LAN)

INTRODUCTION The computer network is a system that consists of computers and other network devices that work together to achieve a common goal. A computer that is connected in a network will be able to easily exchange data with other computers in the network. The goal of computer networks, among others: 1. Sharing of resources (resource); such as the use of shared memory, hard drive or printer, 2. Communication; such as electronic mail (e-mail), instant messaging and chat. 3. Access to information; such as web browsing.
Each computer, printer and other peripherals are connected in a network of computers called nodes. A computer network can have two, the client (client), while the nodes that provide services referred to as a waiter (server). Network architecture is called client-server, tens, hundreds or even millions of nodes. In order to achieve the objectives of computer networks, each node has a respective function, the node requesting the service (service) is referred to as network applications and is the most widely used today.

History of Computer Networking Before addressing the network even further, before we know the first history of the beginnings of the network. The concept of computer network born in the 1940s in America of a development project in the laboratory computer MODEL I Bell and Harvard University research group led by professor H. Aiken. Initially the project only wanted to use a computer device that must be shared. To do multiple processes without wasting lots of time was made vacant succession process (batch processing), so that multiple programs can be run in a computer with the rules of the queue.
In the 1950's when the types of computers began to swell until the creation of a super computer, a computer must serve multiple nodes. For that discovered the concept of time-based distribution process known as TSS (Time Sharing System), then for the first time a computer network (network) is applied. In the TSS system multiple nodes connected in series to a host computer. In the process of TSS began to appear a mix of computer technology and telecommunications technology that was originally developed independently.

Figure 1. Computer network model of TSS.

Entering the 1970's, when the workload increases and the price of many large computer software began to seem very expensive, then start to use the concept of the distribution process (distributed processing). In this process multiple host computers do a great job in parallel to serve a few nodes that are connected in series in each host computer. In the process of distribution is absolutely necessary in-depth blend of computer and telecommunications technology, because in addition to the process that must be distributed, all the host computer must serve a node-node in a single command from the central computer. 

 

  Figure 2. Computer networks distributed processing model

Furthermore, when the prices of small computers has begun to decline and the concept of the distribution process has matured, the use of computers and networks have started a variety of start dealing with the process and communication between computers (peer to peer) without the central computer. For that start developing a local network technology known as a LAN (Local Area Network). Similarly, when the Internet was introduced, it is mostly a stand-alone LAN started connecting and forming a giant network WAN (Wide Area Network).

Computer Network Topology
The purpose of the computer network is to connect networks that exist in the network so that information can be transferred from one lokawi to another location. Because the company divulging memuliki wants / needs are different so there are many different ways a network can be connected terminals. Geometric structure is called a LAN Topologies (Network Topology).
Network Topology is, things that explains the geometric relationship between the basic elements making up the network node, link and station. Network topology can be divided into two kinds, namely: physical topology (phisycal topology) and topology of logic (logical topology).
There are 6 (six) Network Topology, namely: 1.Star, 2. Mesh, 3. Ring, 4. Bus, 5. Tree, 6. Hybrid.
Each topology has berdeda different characteristics and each also has its advantages and disadvantages. Topology does not depend on the medium. Media used are usually in the form: 1. Twisted pair, 2. Coaxial cable, 3. Optical cable, 4. Wireless.
Physical Topology, is how the cable is held while the Logical Topology, is how the network (network) work on 'physical wiring'. It must be remembered that the logical representation of a topology may be very different from the physical implementation (physical implementation). For example, all workstations in a token ring, is connected in a logical ring. However, physically each station is connected (attached) to the 'central hub', like a star topology.
a. Bus topology or DaisyChain:
This topology has the following characteristics:  
1. Dengankedua connected via a single cable ends closed, nodes are installed along the cable.
2. Kesederhanaandalam customarily used for installation.  
3. The signals pass through cables in duaarah and very likely collision (two mixed data packet).
4. The downside: if either satusegmen wires breaking, then the entire network will stop. 

  Figure 3. Bus Topology

b. Ring topology:  
This topology mempuyai following characteristics:  
1. Form a closed circle yangberisi nodes.  
2. Simple in layout.  
3. The signal flow in satuarah, so it can avoid the occurrence of collisions, thereby allowing rapid data movement and collision detection is much simpler.  
4. The downside: the same sepertikelemahan of bus topology.  
5. Ring topology is usually tidakdibuat physically but realized with a consentrator and looks like a star topology.

  Figure 4. Ring Topology

c. Star Topology:
This topology has the following characteristics:   
1. Each node communicates directly with the central node, the data traffic flowing from the central node to node and back again.  
2. Easily developed, since each node only has a cable directly connected to the central node.  
3. Advantage: if one cable cut off the other nodes are not disturbed.
4. Can use a cable that "lower grade" because only handle a traffic node, usually using UTP cabling. 

  Figure 5. Star Topology

d. MESH topology:

 MESH topology constructed by placing a link between node-node. A 'fully-connected mesh' is a network where each node is connected directly to all other nodes. Usually used on a small computer network. This topology is theoretically possible but not practical and the costs high enough to be implemented. Mesh topology has a high level of redundancy. So if there is a link that is broken then a node can find another link. \ 

  Figure 6. MESH topology

e. Topology TREE:

 Tree topology was built by a bus network which is connected secra together. Example: every building within a campus has a bus network that has been installed, then every network can be connected together to form a technology tree that can cover all campuses. Because the tree topology bus topology consists of a connected secra with the tree topology has the same characteristics with the bus topology.
f. Hybrid:

 Hybrid Network is a network formed from a variety of topologies and technologies. A hybrid network may, as a sample, caused by a takeover of a company. So when combined the different technologies must be combined in a single network. A hybrid network has all the characteristics of the topology contained in the network.
 
BRIEF INTRODUCTION TO COMPUTER NETWORKS LOCAL AREA NETWORK (LAN) 

 If you work on computers that are not connected to another computer then it can be said you work in Stand Alone. If the computer where you work associated with computers and other equipment to form a group, then it is referred to as a network (Network). As for how kmputer can interact and regulate the existing source system called network (Networking). Now, increasingly popular use of computer networks, many different types of companies have computer networks in some form. Computer networks are classified into two main groups, computer network consisting of multiple computers to hundreds of computers disuatu office or building a local network or the so-called Local Area Network (LAN). Separate LANs can be connected using a particular communication pathway, such as telephone lines. The result is a vast network or a Wide Area Network (WAN).  
ADVANTAGES OF THE USE OF COMPUTER NETWORKS

With the construction of computer network systems in a company will provide benefits - benefits include: 
 • Can share (Sharing) use of existing equipment, be it hard disks, printers, modems, etc., without having to move the equipment to the needy. Thus an increase in time efficiency and cost of purchasing hardware
• Can share (Sharing) the use of files or data on a server or on each - each workstation. Thus, to obtain certain information can be done quickly. In this case an increase in time efficiency.
• Applications can be worn together (multiuser)  
• Access to the network using names, passwords and settings right to confidential data data  
• Communication between users via E-Mail or Lan Conference.
• Control of the users or data usage data centrally, and by certain people  
• System backups are easy because the centralized management 
• It depends on the people who store data (if the person does not exist) because of centralized data storage  
• Data is always up to date because the server was always there to uptodatekan data input (Data Entry) A Supervisor / Administrator can control user based on: access time, site access, the use of hard drive capacity, Detecting unauthorized users, monitor the work of each user. At this time with the development of software technology, it allows the use of the Internet together simultaneously, although only have one modem, one phone line and one Internet account. 

  Examples of computer network applications:  
- Client C, Client E was a print document to a printer on the Client A
- Client F is a print document to a printer on the Client B
- Client A, B, C, D, E, F can communicate with each other. 
- Client G access data on your office server from home.
- Internet on Client D is active, Client A, B, C, E and F can use the Internet facilities available on Client D simultaneously / concurrently.  
- Modem on Client D can function as a Fax Machine, Client A, B, C, E, F can use the facility, Using Fax on modem facilities will save money because they are unnecessary printing of documents on paper, but directly in the send to fax number be addressed, the document you are reading is one example of the results. 
 - General data can be used together - Data is confidential data protected so that only certain people can access - Access to the other gets determined by the supervisor or system administrator - Data of each user can be accessed / edited if the permission of the creator of the data or supervisor / system administrator 

 EQUIPMENT - EQUIPMENT REQUIREMENTS HARDWARE:  

1. One (1) Unit for Server computer.  
2. Approximately 8 Units kompuuntuk computer as a workstation or client  
3. Swich'Hub 8 Port 10/100 Mbps, For a network consisting of a Server and Client 7.  
4. 100 Mbps Ethernet Card, for each computer needs an Ethernet Card.  
5. RJ 45 jack, for each computer takes 2 PCS Jack RJ 45.  
6. UTP cable, length depending on the needs at the time of installation.  
7. 56Kbps modem if you want to subscribe to the internet as a dial-up Leased Line or ADSL model if you want to subscribe to ADSL  
8. Line Number.  
9. UPS. 

SOFTWARE:
• Microsoft ® Windows 7, Windows XP Professional, Windows XP Home Edition, Windows 2000, Windows Me, Windos 98, Windows 95, Windows NT, Lynux to the Client Operating System.

STEP BY STEP MIKROTIK

STEP BY STEP MIKROTIK

Mikrotik Glance Mikrotik is now widely used by ISPs, hotspot providers, or by the owner of the cafe. Mikrotik OS router makes the computer into a reliable network that is equipped with various features and tools, for both wired and wireless networks. In this tutorial, the author presents a discussion and simple instructions and simple in configuring mikrotik for certain purposes and the public is typically collected in server / router cafe or other tissues, such konfirugasi for example, for server NAT, Bridging, BW management, and MRTG. Mikrotik version I use for this tutorial is a MikroTik RouterOS 2.9.27 Mirotik Access: 1. via console Mikrotik router board or PC can be accessed directly via the console / shell and remote access using putty (www.putty.nl) 2. via Winbox Mikrotik can also be accessed / remotely using software tools Winbox 3. via web Mikrotik can also be accessed via web / port 80 using a browser
Naming Mirotik

[ropix@IATG-SOLO] > system identity print

  name: "Mikrotik"

[ropix@IATG-SOLO] > system identity edit

value-name: name

typed into the editor for example I change the name IATG-SOLO:

IATG-SOLO

C-c quit C-o save&quit C-u undo C-k cut line C-y paste

Edit and press Cltr-o to save and exit the editor If using Winbox, it looks like this:

Changing the name of the interface:

[ropix@IATG-SOLO] > /interface print

Flags: X - disabled, D - dynamic, R - running

 #    NAME          TYPE             RX-RATE    TX-RATE    MTU

 0  R ether1        ether            0          0          1500

 1  R ether2        ether            0          0          1500

[ropix@IATG-SOLO] > /interface edit 0

value-name: name

The value 0 is the value ether1, if you want to replace ethet2 replaced with a value of 0. missal typed into the editor I replace it with local names:

local

C-c quit C-o save&quit C-u undo C-k cut line C-y paste

Edit and press Cltr-o to save and exit the editor Do the same for two ether interfaces, so that if seen again will appear like this:

[ropix@IATG-SOLO] > /interface print

Flags: X - disabled, D - dynamic, R - running

 #    NAME        TYPE             RX-RATE    TX-RATE    MTU

 0  R local       ether            0          0          1500

 1  R public      ether            0          0          1500

Via Winbox:
  Select the menu interface, click the name of the interface who want to edit, so the window pops up the edit interface.
Setting IP Address:

[ropix@IATG-SOLO] > /ip address add

address: 192.168.1.1/24

interface: local

[ropix@IATG-SOLO] > /ip address print

Flags: X - disabled, I - invalid, D - dynamic

 #   ADDRESS            NETWORK         BROADCAST       INTERFACE

 0   192.168.0.254/24   192.168.0.0     192.168.0.255   local

Enter the IP address value in the column address and netmask, who wanted to enter the interface name given ip addressnya.Untuk-2 Interface to the public interface, the same way as above, so that if seen again will be 2 interfaces:

[ropix@IATG-SOLO] > /ip address print

Flags: X - disabled, I - invalid, D - dynamic

 #   ADDRESS             NETWORK         BROADCAST       INTERFACE

 0   192.168.0.254/24    192.168.0.0     192.168.0.255   local

 1   202.51.192.42/29    202.51.192.40   202.51.192.47   public

Via Winbox:

 As a NAT Mikrotik
Network Address Translation, or more commonly referred to as NAT is a method to connect more than one computer to the Internet network using a single IP address. Much use of this method due to the limited availability of IP addresses, security needs (security), and the ease and flexibility in network administration.
Currently, the widely used IP protocol is IP version 4 (IPv4). With a length of 4 bytes address means that there are 2 to the power 32 = 4,294,967,296 IP addresses available. This amount is theoretically the number of computers that can directly connect to the internet. Because of this limitation most of the ISPs (Internet Service Provider) will only allocate one address for one user and this address is dynamic, in the sense of a given IP address will be different each time a user connect to the internet. This would make it difficult for businesses to lower middle class. On the one hand they need a lot of computers that are connected to the internet, but on the other hand only one available IP address, which means there is only one computer that can connect to the internet. This can be overcome by the NAT method. With a NAT gateway running on one computer, an IP address can be shared with several other computers and they can connect to the internet simultaneously.

Suppose we want to hide the local network / LAN 192.168.0.0/24 202.51.192.42 behind one IP address provided by ISP, which we use is a feature of Mikrotik source network address translation (masquerading). Masquerading changes the data packets from the IP address and port from network 192.168.0.0/24 to 202.51.192.42 to be next to the global Internet network. To use masquerading, source NAT rule with action 'masquerade' should be added to the firewall configuration:

[ropix@IATG-SOLO] > /ip firewall nat add chain=srcnat action=masquerade

out-interface=public

If using Winbox, would look like this: 

 

Transparent web proxy mikrotik as
One function is to store the proxy cache. If a LAN uses a proxy to connect to the Internet, it is done by the browser when a user accesses a web server url is taking the request on the proxy server. Whereas if the data has not been contained in the proxy server then get directly from the web proxy server. Then the request is stored in the proxy cache. Furthermore, if there are clients who make requests to the same url, it will be taken from the cache. This will make access to the Internet faster.
How to ensure that every user accessing the Internet through a web proxy that we have enabled? For this we can implement a transparent proxy. With the transparent proxy, every browser on a computer that use this gateway automatically go through a proxy.
All these features enable the web proxy in mikrotik:

[ropix@IATG-SOLO] > /ip proxy set enabled=yes

[ropix@IATG-SOLO] > /ip web-proxy set

cache-administrator= ropix.fauzi@infoasia.net

[ropix@IATG-SOLO] > /ip web-proxy print

enabled: yes

src-address: 0.0.0.0

port: 3128

hostname: "IATG-SOLO"

transparent-proxy: yes

parent-proxy: 0.0.0.0:0

cache-administrator: "ropix.fauzi@infoasia.net"

max-object-size: 8192KiB

cache-drive: system

max-cache-size: unlimited

max-ram-cache-size: unlimited

status: running

reserved-for-cache: 4733952KiB

reserved-for-ram-cache: 2048KiB

Creating a rule for transparent proxy on the NAT firewall, rather there is masquerading under the rule for NAT:

[ropix@IATG-SOLO] > /ip firewall nat add  chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

[ropix@IATG-SOLO] > /ip firewall nat print

Flags: X - disabled, I - invalid, D - dynamic

 0   chain=srcnat out-interface=public action=masquerade

 1   chain=dstnat in-interface=local src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=redirect to-ports=3128

In Winbox:  
1. Enable web proxy on the menu IP> Proxy> Access> Settings (check box enabled) 

  2. Setting the parameters on the IP menu> Web Proxy> Access Settings> Genera

3. Creating a rule for transparent proxy on the menu IP> Firewall> NAT 

 

Transparent proxy with proxy servers separate / independent

MikroTik Web Proxy built in according to my observations, not so good compared to the squid proxy in linux, squid in linux more flexibility to be modified and diconfigure, eg for delay-pool feature and the ACL list of files, not in the mikrotik series 2.9.x. Usually most people prefer to make your own proxy server, and PC Linux / FreeBSD and just point all clients to the PC. PC proxy topology can be in a local network or using a public ip. Configuration is almost similar to the transparent proxy, the difference is in the NAT rule the action is as follows:

In the above example 192.168.0.100 is the IP proxy server port 808

 
Mikrotik as a bandwidth limiter 

Mikrotik can also be used for bandwidth limiter (queue). To control the data rate allocation mechanism. In general there are two types of bandwidth management on a Mikrotik, namely simple queue and queue trees. Please use either one alone.
The next tutorial mikrotik all settings using Winbox, because it is more user friendly and efficient. 

Simple queue: 
For example we will limit the bandwidth of the client with the ip 192.168.0.3 to 128kbps downstream and 64kbps upstream Queues Settings menu> Simple Queues 

Queue tree
Click the ip> firewall> magle 

 

  Create a rule (click the + red) with the following parameters:
  On the General tab:
  Chain = forward,
  Src.address = 192.168.0.3 (or who want to limit ip)
  On the Action tab:
  Action = mark connection,
  New connection-mark = con client3 (or the name of the mark that we make conection)
  Click Apply and OK 

  Create another rule with the following parameters:
  On the General tab: chain = forward,
  Connection client3-mark = con (select from the dropdown menu)
  On the Action tab:
  Action = mark packet,
  New pcket Mark = client3 (or the name of the packet marks that we make)
  Click Apply and OK
Click the Queues menu> Queues Tree  

Create a rule (click the + red) with the following parameters:

  On the General tab:
  Name = client3-in (eg),
  Parent = public (who is the outgoing interface),
  Package Mark = client3 (select from the dropdown, just that we create on magle),
  Queue Type = default,
  Priority = 8,
  Max limit = 64K (for setting the max download bandwidth)
  Aplly and click Ok

  Create another rule with the following parameters:
  On the General tab:
  Name = client3-up (eg),
  Parent = local (who is way into the interface),
  Package Mark = client3 (select from the dropdown, just that we create on magle),
  Queue Type = default,
  Priority = 8,
  Max limit = 64K (for setting max upload bandwidth)
  Aplly and click Ok
Mikrotik as Bridging
Bridge is a way to connect two separate network segments together in a protocol itself. Packets are forwarded based on the ethernet address, not the IP address (like a router). Because the packet forwarding done at Layer 2, all protocols can be via a bridge. So the analogy is like this, you have a local network 192.168.0.0/24 gateway to an ADSL modem router with a reply as well as local ip 192.168.0.254 and public ip 222.124.21.26. You want to create a proxy server and Mikrotik as a BW management for all clients. Well want to put the location for the PC mikrotik? Among the hub / switch and the gateway / modem? Do not be like him as a NAT and we must add a block of private io again different from the gateway modem?
Mikrotik solution set as a bridging, so seolah2 he only bridge between UTP alone. Topology as follows: 

Internet----------Moderm/router-----------Mikrotik--------Switch/Hub-----Client
Setting bridging using Winbox 1. Adding the bridge interface Click the Interface menu and then click the + sign to add a red color interface, select Bridge

 give the name of the bridge interface, eg, we named bridge1 

2. adding ether and local public interface on the interface Click the IP menu> Bridge> Ports, then click the + sign to add a new rule: Create two rules, for local and public interfaces.

3. Give the IP address for the bridge interface Click the IP menu and then click the + sign to add an IP interface, eg, 192.168.0.100, select the interface bridge1 (or the name of the bridge interface that we created earlier)

 By giving the IP Address on the bridge interface, it can be in remote mikrotik either from the network who is connected to a local interface or the public.
Mikrotik as MRTG / Graphing Graphing is a tool to mokrotik enabled to monitor changes in these parameters at any time. Changes that change the form of graphs up to date and can be accessed using a browser. Graphing can display information such as:
    * Resource usage (CPU, Memory and Disk usage)
    * Traffic passing through the interfaces
    * Traffic through simple queues
Activate graping Click the Tools menu> Graphing> Resource Rules Is to enable graphing for Mikrotik resource usage. Whereas allow IP address is anywhere to access the graphics tersebu,. 0.0.0.0 / 0 for all ip addresses.

Click the Tools menu> Graphing> Interface Rules Is to enable graphing for monitoring traffic passing through interface, please select the interface which is to be monitored, or select "all" for all.

Graphing consists of two parts, first gather information / data which both display it in Web format. To access the graphics, type in the URL with the format http:// [Router_IP_address] / graphs / and choose from the menus there, where you want to display graphics. Examples of graphs for traffic public interface: 

Similarly, the authors convey a little tutorial to share knowledge or just simplify to facilitate understanding of the tutorials are already available on the official site mikrotik.