Daftar Isi:
✅ Interface ✅ PPP / VPN ✅ Queue
✅ Wireless ✅ IP ✅ Tools
✅ Bridge ✅ System
_____Kategori Interface_____
✅ Interface:
Ubah nama
interface set 2 name=ether2-lokal
Tambah catatan khusus
interface set 2 comment="sw lokal user:admin pass:admin321"
Disable / enable interface
interface set 2 disabled=yes
interface set 2 disabled=no
✅ Interface list:
Buat list baru
interface list add name=lokal
Pengkategori interface
interface list member add list=lokal interface=ether3
interface list member add list=lokal interface=ether4
✅ Ethernet:
Ubah rate interface
interface ethernet set 2 speed=100Mbps
Ubah checklist auto negosiasi
interface ethernet set 2 auto-negotiation=no
✅ EOIP:
Tambah EOIP
interface eoip add name="to-server18" remote-address="172.30.20.17" tunnel-id=18 disabled=no
✅ Vlan:
Tambah Vlan
interface vlan add name=wifi-umum20 vlan-id=20 interface=ether3
_____Kategori Wireless_____
✅ Wireless sebagai AP
interface wireless set 0 disabled=no mode=ap-bridge channel-width=20mhz band=5ghz-a/n frequency-mode=superchannel country=no_country_set frequency=5750 ssid="AP-tes" wireless-protocol=any
✅ Wireless sebagai ST
interface wireless set 0 mode=station-bridge channel-width=20mhz band=5ghz-a/n ssid="AP-tes" scan-list=5750,5760,5770,5780,5790,5800 frequency-mode=superchannel country=no_country_set wireless-protocol=any disabled=no
✅ Virtual AP
interface wireless add master-interface=wlan1 ssid="AP-umum2" mode=ap-bridge disabled=no
✅ Access list Jika mode radio AP
interface wireless access-list add mac-address=74:4D:28:XX:XX:XX interface=wlan1 signal-range=-75..120 authentication=yes forwarding=yes disabled=no
✅ Connect list Jika mode radio ST
interface wireless connect-list add interface=wlan1 mac-address=74:3A:18:XX:XX:XX signal-range=-75..120 disabled=no
_____Kategori Bridge_____
✅ Bridge
interface bridge add name=Bridge-lokal protocol-mode=rstp disabled=no
✅ Bridge Port
interface bridge port add bridge=bridge-lokal interface=ether3 disabled=no
✅ PPTP:
Server enable
interface pptp-server server set enabled=yes
Secret
ppp secret add name=tes password=tes321 service=pptp local-address=192.168.10.1 remote-address=192.168.10.20 disabled=no
ppp secret add name=tes password=tes321 service=pptp local-address=192.168.10.1 remote-address=192.168.10.20 disabled=no
✅ L2TP:
Server enable
interface l2tp-server server set enabled=yes use-ipsec=yes ipsec-secret="123Tamu"
Secret
ppp secret add name=tes password=tes321 service=l2tp local-address=192.168.10.1 remote-address=192.168.10.31 disabled=no
ppp secret add name=tes password=tes321 service=l2tp local-address=192.168.10.1 remote-address=192.168.10.31 disabled=no
✅ SSTP:
Server enable
interface sstp-server server set enabled=yes
Secret
ppp secret add name=tes password=tes321 service=sstp local-address=192.168.10.1 remote-address=192.168.10.41 disabled=no
ppp secret add name=tes password=tes321 service=sstp local-address=192.168.10.1 remote-address=192.168.10.41 disabled=no
✅ OVPN:
Server enable
interface ovpn-server server set enabled=yes port=10100
_____Kategori IP_____
✅ IP Address:
ip address add address=192.168.10.1/24 interface=ether1
✅ IP DHCP-Client:
ip dhcp-client add interface=ether1 disabled=no default-route-distance=2 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment="WAN"
✅ IP DHCP-Relay:
ip dhcp-relay add name="Relay-1" interface=ether3 dhcp-server=192.168.10.1 local-address=192.16.1.1
✅ IP DHCP-Server:
ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: wlan1
Select network for DHCP addresses
dhcp address space: 192.168.10.0/24
Select gateway for given network
gateway for dhcp network: 192.168.10.1
If this is remote network, enter address of DHCP relay
There is no such IP network on selected interface
dhcp relay: 192.168.10.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.10.2-192.168.10.254
Select DNS servers
dns servers: 8.8.8.8
Select lease time
lease time: 10m
✅ IP DNS:
ip dns set servers=8.8.8.8,1.1.1.1
atau
ip dns set servers=8.8.8.8,1.1.1.1 allow-remote-requests=yes
ip dns set servers=8.8.8.8,1.1.1.1 allow-remote-requests=no
✅ IP firewall:
Filter:
Blokir:
ip firewall filter add chain=forward protocol=icmp dst-address=172.20.1.12 src-address=!192.168.10.0/29 action=drop
NAT:
Internet:
ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
atau
ip firewall nat add chain=srcnat out-interface=ether1 action=src-nat to-addresses=172.20.1.2
atau spesifik ip
ip firewall nat add chain=srcnat src-address=192.168.10.0/29 out-interface=ether1 action=masquerade
Forwarding:
ip firewall nat add chain=dstnat dst-address=172.20.1.2 protocol=tcp dst-port=8087 action=dst-nat to-addresses=192.168.10.10 port=80
Mangle:
ip firewall mangle add chain=prerouting dst-address-list="sosmed_IP" action=mark-connection new-connection-mark="koneksi_sosmed" passthrough=yes
ip firewall mangle add chain=prerouting connection-mark="koneksi_sosmed" action=mark-packet new-packet-mark="paket-sosmed" passthrough=no
ip firewall mangle add chain=prerouting dst-address-list="IP-server-pusat" action=mark-routing new-routing-mark="route-ispA" passthrough=no
RAW:
/ip firewall raw
add action=add-dst-to-address-list address-list=Instagram address-list-timeout=none-dynamic chain=prerouting comment=Block_IG content=.cdninstagram.com protocol=tcp tls-host=*.cdninstagram.com
add action=add-dst-to-address-list address-list=Instagram address-list-timeout=1d chain=prerouting comment=Block_IG content=.instagram.com protocol=tcp time=0s-1d,sun,mon,tue,wed,thu,fri,sat tls-host=*.instagram.com
Address List:
ip firewall address-list add list="IP_server-pusat" address=172.200.10.1
Layer7 Protocol:
/ip firewall layer7-protocol
add comment=Sosmed name=all-sosmed regexp="^.+(facebook.com|fbcdn.net|twitter.com|instagram.com|telegram.org|line.me|path.com|signal.org|vidio.com|netflix.com).*\$"
add comment=Youtube name=youtube regexp="^.+(youtube).*\$|o-o.preferred.pttelkom-|a.youtube.com|b.youtube.com|c youtube.com|d.youtube.com|e.youtube.com|f.youtube.com| g.youtube.com|h.youtube.com|i.youtube.com|j.youtube.com|studio.youtube.coml.youtube.com\94|youtube-ui.|m.youtube.com|youtube-ui.l.google.com|signaler-pa.youtube.com|s.youtube.com|m.youtube.com|youtube.com(facebook.com).*\$"
✅ IP Hotspot:
User Profile
ip hotspot user profile add name="guru-profile" shared-users=20 rate-limit=10M/10M mac-cookie-timeout="7d 00:00:00"
User
ip hotspot user add name=userA password=userA123 profile="guru-profile"
Hotspot Profile
ip hotspot profile add name=hotspot-umum hotspot-address=192.168.10.1 dns-name=ujicoba.ac.id html-directory=hotspot login-by=cookie,http-chap,http-pap,https,trial trial-uptime-limit="00:10:00" trial-uptime-reset="1d 00:00:00" trial-user-profile="user-trial"
Hotspot server
ip hotspot add name="hotspot-umum" interface="wlan1" address-pool="pool-umum" profile="hotspot-umum"
✅ IP Neighbor:
Disable
ip neighbor discovery set 0,1,2 discover=no
Enable
ip neighbor discovery set 0,1,2 discover=yes
✅ IP Pool:
ip pool add name="pool-umum" ranges="192.168.10.2-192.168.10.254"
✅ IP Route:
Internet
ip route add gateway=172.20.2.1
atau
ip route add dst-address=0.0.0.0/0 gateway=172.20.2.1
Internet multi UPlink
ip route add dst-address=0.0.0.0/0 gateway=172.20.2.1 distance=1 check-gateway=ping
ip route add dst-address=0.0.0.0/0 gateway=172.30.1.1 distance=2
Statik route
ip route add dst-address=192.168.200.0/24 gateway=192.168.10.24
jika sama, semakin kecil rentang ip tujuan maka akan di prioritaskan
ip route add dst-address=192.168.200.0/29 gateway=192.168.10.24
Jika antar ip private tidak bisa komunikasi karena firewall
ip route rule add dst-address=192.168.10.0/24 table=main
ip route rule add dst-address=192.168.20.0/24 table=main
ip route rule add dst-address=192.168.30.0/24 table=main
✅ IP smb Sharing folder:
Enable
ip smb set enabled=yes interfaces=wlan1 allow-guests=no
Users
ip smb users add name=guru password=guru321 read-only=no disabled=no
Shares
ip smb shares add name=guru directory=flash disabled=no
✅ IP SNMP:
Enable
snmp set enabled=yes contact=guru321@guru.ac.id location=indonesia-jawa-timur trap-community=server trap-version=1
Community
snmp community add name=server addresses=172.30.20.17
✅ IP Services:
Cek list
ip service print
Disable service
ip service set 0,1,2,3,4,5,7,8 disabled=yes
Ubah akses
ip service set 6 port=3284 address=192.168.10.0/24
✅ Trafik flow:
Enable
ip traffic-flow set enabled=yes interfaces=wlan1 cache-entries=128k
Add Target
ip traffic-flow target add dst-address=172.20.30.17 port=2057 version=9
✅ IP Proxy:
Enable
ip proxy set enabled=yes
Edit port
ip proxy set port=8050
_____Kategori System_____
✅ Set Clock:
system clock set time="12:14:00" date="sep/15/2023" time-zone-autodetect=yes
✅ Cek power dan suhu sistem:
system health print
✅ Ubah nama perangkat:
system identity set name="Router-utama"
✅ Cek update OS (Wajib tersambung internet):
system package update check-for-updates
✅ Reboot:
system reboot
y
✅ Reset:
system reset-configuration no-defaults=yes
y
✅ Cek resource (uptime, sisa penyimpanan):
system resource print
✅ Cek versi firmware dan OS:
system routerboard print
✅ Setting ntp client:
system ntp client set enabled=yes primary-ntp=172.30.20.1 secondary-ntp=172.30.20.18
✅ Script:
Contoh script disabled limit blokir koneksi sosmed
system script add name=limit-sosmed-On source="/ip firewall filter set 0,1,2,3,4 disabled=no"
Contoh script enabled limit blokir koneksi sosmed
system script add name=limit-sosmed-Off source="/ip firewall filter set 0,1,2,3,4 disabled=yes"
✅ Schedule:
Contoh schedule disabled limit blokir koneksi sosmed
system scheduler add name=jadwal-aktif-sosmed start-date=sep/15/2023 start-time=17:00:00 interval="1d 00:00:00" on-event="limit-sosmed-Off"
Contoh script enabled limit blokir koneksi sosmed
system scheduler add name=jadwal-pasif-sosmed start-date=sep/16/2023 start-time=08:00:00 interval="1d 00:00:00" on-event="limit-sosmed-On"
✅ Modify User:
Add user
user add name=guru password=guru123 group=full address=192.168.10.10,172.30.20.12 disabled=no
Atau
user add name=guru password=guru123 group=full disabled=no
Remove
user remove guru
Modify
user set guru disabled=yes
user set 0,1,2,3 disabled=yes
user set guru address=172.20.30.12
user set guru group=write
✅ Backup konfigurasi .rsc (hasil backup bisa di pahami human):
export file="backup15923"
✅ Backup konfigurasi .backup (hasil backup hanya bisa di pahami sistem):
system backup save dont-encrypt=yes name="backup15923"
_____Kategori Queue_____
✅ Simple Queue:
Simple Queue standart
queue simple add name="lokal" target=192.168.10.0/24 max-limit=5M/5M disabled=no
Simple Queue berdasarkan waktu dan hari
queue simple add name="lokal" target=192.168.10.0/24 max-limit=5M/5M time=8h-17h,mon,tue,wed,thu,fri disabled=no
Simple Queue Burst time
queue simple add name=PCku target=192.168.10.23/32 max-limit=5M/5M burst-limit=7M/7M burst-threshold=1100K/1100K burst-time=32/32
Rumus: burst-limit / burst-time = burst-threshold
7 / 32 = 219 Kbps, 14/32 = 438 Kbps, 21/32 = 656 Kbps, 28/32 = 875 Kbps, 35/32 = 1094 Kbps
Lama durasi burst: burst-threshold = burst-limit x ?
1094 = ((7 x 5) / 32 = 35 / 32)
Simple Queue Token Bucket
queue simple add name=PCku target=192.168.10.23/32 max-limit=5M/5M bucket-size=8/8 parent=lokal
Rumus: max-limit x bucket-size = kuota yang di berikan sementara
5 x 8 = 40 Mbps (maksimal kuota yang di berikan sementara)
Note: Jika spesifikasi router midle>low, bisa menerapkan simple queue token bucket.
✅ Queue Tree:
Mangle
Rule paket download user
ip firewall mangle add comment="Download" chain=forward dst-address-list="IP-lokal" action=mark-packet new-packet-mark="Download-user" passthrough=no disabled=no
Rule paket upload user
ip firewall mangle add comment="Upload" chain=forward src-address-list="IP-lokal" action=mark-packet new-packet-mark="Upload-user" passthrough=no disabled=no
Simple Queue, Queue Type
PCQ Upload
queue type add name="PCQ-upload" kind=pcq pcq-classifier=src-address,src-port
PCQ Download
queue type add name="PCQ-download" kind=pcq pcq-classifier=dst-address,dst-port
Rule Queue Tree
Download
Parent Download
queue tree add name="Download" parent="Bridge-lokal" max-limit=10M
Child Download
queue tree add name="user-download" parent="Download" packet-mark="Download-user" queue=PCQ-download limit-at=1M max-limit=10M
Upload
Parent Upload
queue tree add name="Upload" parent="Ether1-WAN" max-limit=10M
Child Upload
queue tree add name="user-upload" parent="Upload" packet-mark="Upload-user" queue=PCQ-upload limit-at=1M max-limit=10M
_____Kategori Tools_____
✅ Bandwidth test server:
Enable
tool bandwidth-server set enabled=yes authenticate=yes max-sessions=10
✅ Bandwidth test:
Test upload - pengetesan dari Pemancar
tool bandwidth-test address=192.168.10.17 protocol=tcp direction=receive user=admin password=admin123 duration=10s
Test download - pengetesan dari Pemancar
tool bandwidth-test address=192.168.10.17 protocol=tcp direction=send user=admin password=admin123 duration=10s
Test upload dan download - pengetesan dari Pemancar
tool bandwidth-test address=192.168.10.17 protocol=tcp direction=both user=admin password=admin123 duration=10s
✅ IP-Scan:
tool ip-scan interface="Bridge-lokal" duration=60s
tool ip-scan interface="Bridge-lokal" address-range="192.168.10.0/24" duration=60s
✅ Mac server:
Mac telnet server
tool mac-server set allowed-interface-list=all
Mac winbox server
tool mac-server mac-winbox set allowed-interface-list=all
Mac ping server
tool mac-server ping set enabled=yes
✅ Netwatch:
Contoh rule disabled / enabled tabel routing berdasarkan kondisi
/tool netwatch
add down-script="/ip route disable [/ip route find comment=remote-main];/ip route enable [/ip route find comment=remote-backup];:log info \"remote main down\";" host=192.168.10.1 interval=20s timeout=4s up-script=":delay 19;/ip route disable [/ip route find comment=remote-backup]; /ip route enable [/ip route find comment=remote-main];:log info \"remote main up\";"
✅ Ping:
ping 172.30.20.17 count=100 size=1500
✅ Profile:
tool profile duration=60s
✅ Romon:
tool romon set enabled=yes
Atau
tool romon set enabled=yes id=10 secrets=admin123
✅ Service Telnet:
system telnet address=172.30.20.17 port=238
system telnet address=172.30.20.17
✅ Service ssh:
system ssh address=172.30.20.17 user=admin
system ssh address=172.30.20.17 port=228 user=admin
✅ Service MAC-Telnet:
tool mac-telnet C4:AD:3X:XX:XX:XX
✅ Torch:
tool torch interface="Bridge-lokal" ip-protocol=any port=any src-address=0.0.0.0/0 dst-address=0.0.0.0/0 duration=60s
Note: entry-timeout bisa di besarkan supaya list yang terdaftar tidak cepat hilang
✅ Traceroute:
tool traceroute address=172.30.20.17 use-dns=yes duration=60s
