Konfigurasi MikroTik Dasar untuk ISP

MikroTik RouterOS adalah sistem operasi router yang powerful dan populer digunakan oleh ISP di Indonesia.

Persiapan Awal

Default Login

• IP: 192.168.88.1
• Username: admin
• Password: (kosong)

Access Methods

1. WinBox - GUI application
2. WebFig - Web interface
3. SSH - Command line
4. Console - Serial/USB

Reset Configuration

/system reset-configuration
# atau
/system reset-configuration no-defaults=yes

Basic Setup

Set Identity

/system identity set name="Router-ISP-01"

Set Timezone

/system clock set time-zone-name=Asia/Jakarta
/system ntp client set enabled=yes servers=0.id.pool.ntp.org,1.id.pool.ntp.org

Update RouterOS

/system package update check-for-updates
/system package update install

Interface Configuration

Rename Interfaces

/interface ethernet set ether1 name=WAN
/interface ethernet set ether2 name=LAN
/interface ethernet set ether3 name=CLIENT1
/interface ethernet set ether4 name=CLIENT2

Set IP Addresses

# WAN IP (sesuai dari ISP Anda)
/ip address add address=103.xx.xx.xx/29 interface=WAN comment="WAN"

# LAN IP
/ip address add address=192.168.1.1/24 interface=LAN comment="LAN"

Gateway Configuration

Add Default Route

/ip route add gateway=103.xx.xx.1 distance=1

Check Gateway

/ip route print
/ping 8.8.8.8

NAT Configuration

Setup Masquerade

/ip firewall nat add chain=srcnat out-interface=WAN action=masquerade comment="NAT-Internet"

Check NAT

/ip firewall nat print

DHCP Server

Setup DHCP Server

# Add DHCP pool
/ip pool add name=dhcp_pool ranges=192.168.1.100-192.168.1.200

# Add DHCP network
/ip dhcp-server network add address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1,8.8.8.8

# Add DHCP server
/ip dhcp-server add name=dhcp1 interface=LAN address-pool=dhcp_pool disabled=no

PPPoE Server untuk Klien

Setup PPPoE Server

# Create PPPoE profile
/ppp profile set default local-address=10.0.0.1 remote-address=pppoe-pool dns-server=8.8.8.8,8.8.4.4

# Create IP pool untuk PPPoE
/ip pool add name=pppoe-pool ranges=10.0.0.10-10.0.0.250

# Create PPPoE secrets (user)
/ppp secret add name=user1 password=password1 service=pppoe profile=default
/ppp secret add name=user2 password=password2 service=pppoe profile=default

# Enable PPPoE server
/interface pppoe-server server set service-name="ISP-PPPoE" interface=LAN disabled=no max-mtu=1492 max-mru=1492

Bandwidth Management

Simple Queue (Limit by IP)

# Upload limit
/queue simple add name="user1-up" target=10.0.0.10/32 limit-at=512k/2M max-limit=1M/5M

# Download limit  
/queue simple add name="user1-down" target=10.0.0.10/32 limit-at=2M/512k max-limit=5M/1M

Burst Configuration

/queue simple add name=user1-burst target=10.0.0.10/32 \
    limit-at=512k/1M max-limit=2M/5M \
    burst-limit=5M/10M burst-time=10s/30s burst-threshold=1M/3M

PCQ Queue Type (Dynamic Bandwidth)

# Create PCQ queue type
/queue type add name=pcq-upload kind=pcq pcq-rate=2M pcq-classifier=src-address
/queue type add name=pcq-download kind=pcq pcq-rate=5M pcq-classifier=dst-address

# Apply PCQ
/queue tree add name=upload parent=WAN packet-mark=upload queue=pcq-upload
/queue tree add name=download parent=LAN packet-mark=download queue=pcq-download

Firewall Configuration

Basic Firewall Rules

# Allow established connections
/ip firewall filter add chain=input connection-state=established,related action=accept

# Allow SSH
/ip firewall filter add chain=input protocol=tcp dst-port=22 action=accept

# Allow WinBox
/ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept

# Drop invalid connections
/ip firewall filter add chain=input connection-state=invalid action=drop

# Drop all other
/ip firewall filter add chain=input action=drop

Port Forwarding

# Forward port 80 to internal server
/ip firewall nat add chain=dstnat dst-port=80 protocol=tcp action=dst-nat to-addresses=192.168.1.10 to-ports=80

# Forward port 443
/ip firewall nat add chain=dstnat dst-port=443 protocol=tcp action=dst-nat to-addresses=192.168.1.10 to-ports=443

Block Specific Ports

# Block P2P
/ip firewall filter add chain=forward p2p=all-p2p action=drop comment="Block-P2P"

# Block specific websites
/ip firewall filter add chain=forward dst-address=facebook.com action=drop

Connection Tracking

Monitor Connections

/tool torch interface=WAN
/ip firewall connection tracking print

Limit Connections

/ip firewall filter add chain=forward protocol=tcp connection-limit=100,32 action=drop

Wireless Configuration (Jika Ada)

Setup Wireless Access Point

/interface wireless set wlan1 mode=ap-bridge ssid="ISP-Wifi" band=2ghz-g/n channel-width=20/40mhz-ht-above

# Setup Security
/interface wireless security-profiles set default authentication-types=wpa2-psk wpa2-pre-shared-key="passwordwifi" mode=dynamic-keys

# Enable wireless
/interface wireless enable wlan1

Monitoring

Bandwidth Monitor

/tool bandwidth-monitor interface=WAN

Watchdog

/system watchdog set watch-address=8.8.8.8 watchdog-timer=1m no-ping-delay=5m auto-send-supout=yes

Traffic Flow

/ip traffic-flow set enabled=yes
/tool traffic-flow target=192.168.1.100:9996

Backup dan Restore

Export Configuration

/export file=backup-config

Binary Backup

/system backup save name=backup-full

Download Backup

Download file dari Files menu di WinBox.

Security Tips

1. Ganti default password admin
2. Disable services yang tidak diperlukan
3. Limit WinBox/SSH access ke IP tertentu
4. Aktifkan firewall yang strict
5. Update RouterOS secara rutin
6. Backup configuration secara berkala

Troubleshooting

Check Logs

/log print

Ping Test

/ping 8.8.8.8 count=4
/ping google.com count=4

Trace Route

/tool traceroute 8.8.8.8

Check Interface Status

/interface print
/interface monitor-traffic wlan1

Kesimpulan

MikroTik RouterOS adalah solusi cost-effective untuk ISP. Konfigurasi dasar di atas akan memberikan foundation untuk setup ISP yang reliable. Selalu backup sebelum melakukan perubahan besar.