Dalam mensetting RB411u itu sama persis dengan merek-merek RB lainnya.
Untuk Mensettingnya yaitu dengan masuk ke RB411U dengan membuka Winbox, untuk mendapatkan winbox dapat anda download disini.
Kemudian pada Login : Admin
Password : Kosong
Maka akan masuk ke menu utama Mikrotik, kemudian klik "Interface" dan "Wlan1" masih dalam disabled maka buat Wlan1 menjadi "Enabled". Disini anda bisa merubah nama "Wlan1" menjadi "grid" atau tidak merubahnya sama sekali yaitu dengan mengetik di New Terminal :
interface set wlan1 name=grid
Kemudian double klik pada Wlan1/grid sehingga akan masuk pada "interface grid" dan pada bagian "General" dengan rincian yaitu :
Name : grid (Nama Interface Wlan)
Type : Wireless (Atheros AR5413)
MTU : 1500
L2 MTU : 2290
Mac Address : Sesuai dengan Mac Address Ether pada RB
ARP : Enabled
dapat kita lihat seperti gambar berikut ini
Kemudian klik pada Tab "Wireless", dengan rincian :
Mode : Station WDS
Band : Sesuai dengan AP Bridge RB433AH (disini saya membuat 2GHz-Only-G)
Channel Width : 20Mhz
Frequency : Samakan dengan Frequency AP Bridge RB433AH anda
SSID : Nama AP RB433AH yang kita konekkan di station wds
Router Name : Nama Station (saya memberi nama Station_Quwais)
Scan List : Default
Wireless Protocol : Unspecified
Security Profile : Default
Frequency Mode : Manual TxPower
Country : No_Country_Set
Antenna Mode : Antenna a
Antenna Gain : 0
DFS Mode : None
Proprietary Extensions : Post.2.9.25
WMM Support : Disabled
Default At Tx Rate : Kosongkan
Default Client Tx Rate : Kosongkan
Dapat anda lihat seperti gambar dibawah ini :
Kemudian Klik Tab "Data Rates" sebagai rincian :
Rate : Configured
Supported Rates B : Beri centang 11Mbs
Supported Rates A/G : Beri Centang 54Mbs
Basic Rates B : Beri centang 11Mbs
Basic Rates A/G : Beri centang 54Mbs
seperti gambar dibawah ini ;
Kemudian klik "Scan.." maka akan tampil Wireless disekeliling tempat anda kemudian untuk menkonekkan ke AP RB433AH maka klik pada "Address" lalu klik "Connect" maka akan muncul tulisan paling bawah menu Interface "Connect to ESS" lalu klik "OK". Seperti gambar berikut ini ;
Kemudian pada Menu mikrotik klik "bridge" lalu klik tanda tambah + yang warna merah sehingga muncul "Interface (Bridge1), dengan rincian ;
Name : Bridge1
Type : Bridge
MTU : 1500
L2 MTU : 2290
MAC Address : sesuai dengan Bridge anda
ARP : Enabled
Lalu klik "OK", seperti gambar dibawah ini ;
Kemudian klik tab "Port", klik tanda tambah + yang warna merah untuk membuat "New Bridge Port" dengan rincian ;
Interface : grid atau wlan1
Bridge : Bridge1
Priority : 80
Path Cost : 10
Dan begitu juga dengan membuat port pada "Ether1"
Interface : Ether1
Bridge : Bridge1
Lalu klik "OK", dapat anda lihat seperti gambar berikut ini;
Kemudian pada menu mikrotik klik lagi "Interface" lalu klik "Tab WDS" dengan rincian :
WDS Mode : Dynamic
WDS Default Bridge : Bridge1
WDS Default Cost : 100
WDS Cost Range : 50-150
Seperti gambar dibawah ini ;
Kemudian klik pada "Tab Tx Power" dengan rician;
Tx Power Mode : All ratex fixed
Tx Power : semakin tinggi Tx nya maka semakin kuat signal yang didapat dan disini saya membuat 17 dBm, lalu klik "Ok", seperti gambar ini
Kemudian bukan "New terminal" dan beri nama RB411U sebagai station dengan mengetik ;
system identity set name=Station_Quwais
Dan buat password pada RB tersebut dengan mengetik :
password (enter)
old password : kosong (enter)
New password : masukkan password anda
Retype new password : masukkan password yang sama
Kemudian beri IP Address pada Bridge dengan mengetik pada New terminal :
ip address add address=192.168.254.2 netmask=255.255.255.0 interface=bridge1
Seperti gambar dibawah ini;
Kemudian sebagai pengaman pada RB411U dari NetCut atau lainnya maka copy/paste perintah dibawah ini ;
Untuk Drop Virus
ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop_invalid_connections”
/ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ ip firewall filter chain=virus protocol=udp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”__________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=” Drop¬_MyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”______”
/ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
/ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
/ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
/ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”BagleVirus”
/ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”DropDumaruY”
/ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”DropBeagle”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”DropBeagle_C-K”
/ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=”DropMyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”DropBackdoorOptixPro”
/ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm1”
/ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm2”
/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”DropSasser”
/ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”DropBeagleB”
/ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”DropDabber-A-B”
/ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”DropMyDoom-B”
chain=virus protocol=tcp dst-port=12345 action=drop comment=”DropNetBus”
/ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”DropKuang2”
/ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”DropSubSeven”
/ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”DropPhatBot,Agobot,Gaobot”
/ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
Seperti gambar dibawah ini;
Untuk Accept Estabilished Connections
/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept_established_connections”
Untuk Accept Related Connections
/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept_related_connections”
Untuk Drop Invalid Connections
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
Untuk UDP
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
Untuk Allow Limited Ping
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
Untuk Drop Excess Ping
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
Untuk FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
Kemudian Untuk SSH for Secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
Untuk Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
Untuk Web
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
Untuk Winbox
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
Untuk PPTP-Server
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
Untuk log Everything else
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
Untuk Anti netcut
/ip firewall filter add action=accept chain=input comment="Anti-Netcut1" disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut2" disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut3" disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut4" disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut5" disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut6" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut7" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut8" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut9" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
Seperti gambar dibawah ini ;
Untuk Mematikan Port yang digunakan SPAM
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
Untuk Keamanan Filter Port Forces
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop_SSH_brute_forces” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d comment=”Drop_SSH_brute_forces1” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces2” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces3” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new cation=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=” Drop_SSH_brute_forces4”
Untuk Filter Port Scanning
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port_Scanners_To_List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=” Port_Scanners_To_List1” disabled=no
Untuk Filter Port FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter_FTP_to_Box” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”Filter_port_FTP1” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”Filter_port_FTP1” disabled=no
Untuk Separate Packet Flag
/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate_Protocol_into_Chains1” disabled=no
/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp comment=”Separate_Protocol_into_Chains2” disabled=no
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp comment=”Separate_Protocol_into_Chains3” disabled=no
Untuk Blok UDP traffic Iblis
/ip firewall filter add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking_UDP_Packet1” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=111 action=drop comment=”Blocking_UDP_Packet2” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=135 action=drop comment=”Blocking_UDP_Packet3” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Blocking_UDP_Packet4” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=2049 action=drop comment=”Blocking_UDP_Packet5” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=3133 action=drop comment=”Blocking_UDP_Packet6” disabled=no
Untuk Blok TCP traffic Iblis
/ip firewall filter add chain=tcp protocol=tcp dst-port=69 action=drop comment=”Bloking_TCP_Packet” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=111 action=drop comment=”Bloking_TCP_Packet1” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=119 action=drop comment=”Bloking_TCP_Packet2” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=135 action=drop comment=”Bloking_TCP_Packet3” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”Bloking_TCP_Packet4” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Bloking_TCP_Packet5” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”Bloking_TCP_Packet6” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”Bloking_TCP_Packet7” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”Bloking_TCP_Packet8” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”Bloking_TCP_Packet9” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”Bloking_TCP_Packet10” disabled=no
Untuk Blocking Bukis Mail Traffic
/ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop comment=”Allow_SMTP” disabled=no
Untuk Filter DOS
/ip firewall filter add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”Limited_Ping_Flood1” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”Limited_Ping_Flood2” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood3” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood4” disabled=no
/ip firewall filter add chain=icmp protocol=icmp action=drop comment=”Limited_Ping_Flood5” disabled=no
Untuk Connection P2P
/ip firewall filter add chain=forward p2p=all-p2p action=accept comment=”trafik_P2P” disabled=no
Untuk Filter Junk Dan Koneksi
/ip firewall filter add chain=input connection-state=established action=accept comment=”Connection_State1” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”Connection_State2” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Connection_State3” disabled=no
Untuk Allow estabilished Connections
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow_Established_Connections”
Untuk Related Connections
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow_Realted_connections”
Untuk Drop Invalid Connections
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop_Invalid_Connections”
Kemudian selesailah sudah Cara setting RB411U menjadi Station WDS.
