Skip to Content
EmsyaNet 4.0 is released πŸŽ‰
Mikrotik TutorialKonfigurasi Awal

Konfigurasi Awal Mikrotik

Panduan lengkap untuk setup router Mikrotik dari awal hingga siap digunakan.

🎯 Target Pembelajaran

Setelah mengikuti tutorial ini, Anda akan bisa:

βœ… Reset router ke konfigurasi default
βœ… Setting IP address untuk WAN dan LAN
βœ… Konfigurasi DNS server
βœ… Setup gateway internet
βœ… Manajemen user dan password
βœ… Basic security hardening

πŸ”„ Reset Konfigurasi

Kapan Perlu Reset?

  • Router bekas dengan konfigurasi orang lain
  • Konfigurasi berantakan dan ingin mulai dari awal
  • Lupa password dan harus hard reset
  • Testing konfigurasi baru

Cara Reset via Winbox

/system reset-configuration no-defaults=yes skip-backup=yes

Parameter:

  • no-defaults=yes - Hapus semua konfigurasi termasuk default
  • skip-backup=yes - Tidak membuat backup otomatis

Hard Reset (Tombol Reset)

  1. Matikan router
  2. Tekan dan tahan tombol Reset
  3. Hidupkan router (tetap tahan tombol Reset)
  4. Tunggu 10 detik sampai LED berkedip
  5. Lepaskan tombol Reset
  6. Router akan reboot dengan konfigurasi default

🌐 Skenario Jaringan

Kita akan setup dengan topologi sederhana:

Internet (ISP) β†’ WAN (ether1) β†’ [MIKROTIK] β†’ LAN (ether2-5) β†’ Local Network
                 192.168.1.2/24              192.168.88.1/24

Detail:

  • WAN (ether1): Terhubung ke modem/ISP
  • LAN (ether2-5): Terhubung ke PC/devices lokal
  • IP Public: Dari ISP (atau bisa DHCP)
  • IP LAN: 192.168.88.0/24

πŸ”§ Step-by-Step Konfigurasi

Step 1: Set Identity

/system identity set name=Router-Kantor

Step 2: Konfigurasi Interface WAN

Jika ISP memberikan IP Static:

/ip address add address=192.168.1.2/24 interface=ether1 comment="WAN Static IP"
/ip route add gateway=192.168.1.1 comment="Default Gateway"

Jika ISP menggunakan DHCP:

/ip dhcp-client add interface=ether1 disabled=no comment="WAN DHCP"

Step 3: Konfigurasi Interface LAN

# Buat Bridge untuk menggabungkan ether2-5
/interface bridge add name=bridge-lan comment="LAN Bridge"
 
# Tambahkan ether2-5 ke bridge
/interface bridge port add interface=ether2 bridge=bridge-lan
/interface bridge port add interface=ether3 bridge=bridge-lan
/interface bridge port add interface=ether4 bridge=bridge-lan
/interface bridge port add interface=ether5 bridge=bridge-lan
 
# Set IP Address untuk LAN
/ip address add address=192.168.88.1/24 interface=bridge-lan comment="LAN Network"

Step 4: Setup DNS

# Setting DNS Server
/ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
 
# Atau gunakan Cloudflare
/ip dns set servers=1.1.1.1,1.0.0.1 allow-remote-requests=yes

Step 5: Enable NAT (Internet Sharing)

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment="NAT for Internet"

Step 6: Setup DHCP Server untuk LAN

# Setup DHCP Server dengan wizard
/ip pool add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
 
/ip dhcp-server add name=dhcp-lan interface=bridge-lan address-pool=dhcp-pool disabled=no
 
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="LAN Network"

Step 7: Basic Firewall

# Accept established connections
/ip firewall filter add chain=input connection-state=established,related action=accept comment="Accept Established"
 
# Accept ICMP (ping)
/ip firewall filter add chain=input protocol=icmp action=accept comment="Accept ICMP"
 
# Allow local network access to router
/ip firewall filter add chain=input src-address=192.168.88.0/24 action=accept comment="Allow LAN"
 
# Allow Winbox from LAN
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address=192.168.88.0/24 action=accept comment="Winbox from LAN"
 
# Drop everything else
/ip firewall filter add chain=input action=drop comment="Drop All Other"

πŸ‘€ User Management

Ganti Password Admin

/user set admin password=PasswordKuat123!

Buat User Baru

/user add name=teknisi password=Teknisi123! group=full comment="User Teknisi"

User Groups

  • full - Akses penuh (read/write)
  • read - Hanya bisa lihat (monitoring)
  • write - Bisa edit konfigurasi
# Buat user dengan akses read-only
/user add name=monitoring password=Monitor123! group=read comment="Monitoring Only"

πŸ”’ Security Hardening

1. Disable Unused Services

/ip service disable telnet,ftp,www,api
 
# Hanya aktifkan yang diperlukan
/ip service enable winbox,ssh,www-ssl

2. Change Default Port

# Ganti port Winbox
/ip service set winbox port=8888
 
# Ganti port SSH
/ip service set ssh port=2222

3. MAC Server Limit

# Batasi MAC server hanya di LAN
/tool mac-server set allowed-interface-list=LAN
/tool mac-server mac-winbox set allowed-interface-list=LAN

4. Neighbor Discovery

# Disable neighbor discovery di WAN
/ip neighbor discovery-settings set discover-interface-list=LAN

πŸ“Š Verifikasi Konfigurasi

Cek Koneksi Internet

/ping 8.8.8.8 count=5
/ping google.com count=5

Cek DNS

/ip dns print
/ip dns cache print

Cek Routing

/ip route print

Output seharusnya:

0 A S  0.0.0.0/0         192.168.1.1     ether1
1 ADC  192.168.88.0/24   192.168.88.1    bridge-lan

Cek NAT

/ip firewall nat print

Test dari Client

Dari PC di LAN:

  1. Cek dapat IP DHCP: ipconfig (Windows) atau ip addr (Linux)
  2. Ping gateway: ping 192.168.88.1
  3. Ping internet: ping 8.8.8.8
  4. Browsing test: Buka google.com

πŸ§ͺ Lab Exercise

Exercise 1: Basic Setup

  1. Reset router ke default
  2. Set identity menjadi β€œLab-Router”
  3. Konfigurasi WAN dengan DHCP client
  4. Konfigurasi LAN 192.168.100.1/24
  5. Setup DNS dan NAT
  6. Test koneksi internet

Exercise 2: DHCP Server

  1. Buat DHCP pool 192.168.100.50-192.168.100.200
  2. Setup DHCP server di bridge-lan
  3. Test dari client (dapat IP otomatis)

Exercise 3: Security

  1. Ganti password admin
  2. Disable telnet dan FTP
  3. Ganti port Winbox ke 9999
  4. Buat user monitoring dengan read-only access

πŸ“‹ Full Script Konfigurasi

Berikut script lengkap yang bisa langsung di-paste:

# Identity
/system identity set name=Router-Kantor
 
# WAN DHCP Client
/ip dhcp-client add interface=ether1 disabled=no comment="WAN"
 
# LAN Bridge
/interface bridge add name=bridge-lan
/interface bridge port add interface=ether2 bridge=bridge-lan
/interface bridge port add interface=ether3 bridge=bridge-lan
/interface bridge port add interface=ether4 bridge=bridge-lan
/interface bridge port add interface=ether5 bridge=bridge-lan
 
# LAN IP
/ip address add address=192.168.88.1/24 interface=bridge-lan
 
# DNS
/ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
 
# NAT
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
 
# DHCP Server
/ip pool add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add name=dhcp-lan interface=bridge-lan address-pool=dhcp-pool disabled=no
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1
 
# Basic Firewall
/ip firewall filter add chain=input connection-state=established,related action=accept
/ip firewall filter add chain=input protocol=icmp action=accept
/ip firewall filter add chain=input src-address=192.168.88.0/24 action=accept
/ip firewall filter add chain=input action=drop
 
# Security
/user set admin password=Admin123!
/ip service disable telnet,ftp,api
/tool mac-server set allowed-interface-list=LAN

❓ Troubleshooting

Tidak Bisa Internet dari Client

Cek:

  1. NAT sudah aktif: /ip firewall nat print
  2. DNS berfungsi: /ping google.com
  3. Gateway route ada: /ip route print
  4. Client dapat IP DHCP

DHCP Server Tidak Jalan

Cek:

  1. DHCP server enabled: /ip dhcp-server print
  2. IP pool ada: /ip pool print
  3. Network config benar: /ip dhcp-server network print

Tidak Bisa Akses Router dari LAN

Cek:

  1. IP address LAN benar: /ip address print
  2. Bridge port aktif: /interface bridge port print
  3. Firewall tidak block: /ip firewall filter print

EMSYA Net - Solusi Jaringan Anda
🌐 https://emsyanet.com/ 

Last updated on
Dasar-Dasar MikrotikMikhmon