Selasa, 17 Februari 2009

Mikrotik Hotspot dan User Manager


Langkah-langkah sebagai berikut :

1. rename interface eth :LAN, LOCAL, INT

[admin@46un6-Router] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R lan ether 0 0 1500
1 R int ether 0 0 1500
2 R local ether 0 0 1500
[admin@46un6-Router] >

2. setting ip address ketiga interface

[admin@46un6-Router] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.8.8.45/24 10.8.8.0 10.8.8.255 local
1 192.168.10.1/24 192.168.10.0 192.168.10.255 lan
2 202.47.77.24x/28 202.47.77.240 202.47.77.255 int
[admin@46un6-Router] >

3. setting ip route / gateway

[admin@46un6-Router] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 A S 0.0.0.0/0 r 10.8.8.1 1 local
1 A S 0.0.0.0/0 r 202.47.77.24x 1 int
2 ADC 10.8.8.0/24 10.8.8.45 0 local
3 ADC 192.168.10.0/24 192.168.10.1 0 lan
4 ADC 202.47.77.240/28 202.47.77.249 0 int
[admin@46un6-Router] >

4. setting dns

[admin@46un6-Router] > ip dns print
primary-dns: 202.47.78.8
secondary-dns: 202.47.78.9
allow-remote-requests: yes
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 21KiB
[admin@46un6-Router] >
5. setting nat / masquerading

[admin@46un6-Router] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade

1 chain=srcnat action=masquerade src-address=192.168.10.0/24

2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.10.0/24
[admin@46un6-Router] >

6. input address-list nice

7. marking-connection dan marking-routing

[admin@46un6-Router] > ip firewall mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=output action=mark-connection new-connection-mark=mark-local-con passthrough=yes dst-address-list=nice

1 chain=output action=mark-routing new-routing-mark=mark-routing-local passthrough=yes connection-mark=mark-local-con
[admin@46un6-Router] >

8. marking gateway

9. test traceroute situs local dan international

10. setup hotspot system [ACTIVATE HOTSPOT SYSTEM]

11. activate RADIUS pada hotspot server profile [use radius = yes]

12. add Radius
services = hotspot
address = 202.47.77.24x [IP dimana radius / user-manager berada]
secret = 123456 [secret harus sama dengan user-manager]

SETTING USER-MANAGER [PAKET DIANGGAP TERPISAH DARI SISTEM HOTSPOT]
1. install paket user-manager

2. buat account user-manager

[admin@46un6-router] > tool user-manager customer add login=”46un6” password=”pu5k0mx" permissions=owner

3. untuk mengakses user-manager di >> http://202.47.77.24x/userman
username = 46un6
password = pu5k0mx

4. setting router
name = 46un6-router
ip address = 202.47.77.24x [ip address sendiri bisa juga 127.0.0.1]
secret = 123456 [secret ini harus sama dengan router]
OK

5. add user account untuk dapat akses hotspot system dari client
>> account setting lebih lengkap

6. pelajari menu aplikasi user-manager

user-manager juga bisa digunakan untuk login RouterOS

1. konfigurasi user XXX pada sisi routerOS
#/ user xxx set use-radius=yes

2. permission pada default group harus full
#/ user xxx set default-group=full

3. setting ip radius dan secret harus sama dengan user-manager
#/ radius add service=login address=202.47.77.24x secret=123456

4. test login menggunakan account user-manager [radius]