mikrotik hotspot with queue tree bw management
DESCRIPTION
step by step setup mikrotik hotspot and manage bandwidth using queue tree. Adapted from Novan ChrisTRANSCRIPT
Hotspot Menggunakan Manajemen Bandwidth Queue Tree
Simple vs Tree
Simple
● Aturan uruta sangat ketat. diproses dari teratas sampai terbawah.
● Mengatur aliran paket secara bidirectional (dua arah).
● Mampu membatasi trafik by IP.
● Satu antrian mampu membatasi trafik upld & dnld sekaligus
● Diproses lbh dulu jika ada simpl dan tree.
● Mendukung penggunaan PCQ ( bagi bw scr merata).
● Bisa menerapkan antrian yang by mangle.
● Mampu membagi bandwidth secara fixed.
● pengaturannya sangat sederhana dan cenderung statis,
● sangat cocok untuk admin yang tidak mau ribet dengan traffic control di /firewall mangle.
Tree
● Tidak memiliki urutan, setiap antrian diproses bersama-sama.
● Mengatur aliran paket secara directional (satu arah)
● Membutuhkan mangle untuk membatasi trafik per IP, dan membedakan trafik download upload.
● Dinomorduakan setelah Queue Simple.
● Mendukung penggunaan PCQ sehingga mampu membagi bandwidth secara adil dan merata.
● Pengaturan antrian murni melalui paket yang ditandai di /firewall mangle.
● Mampu membagi bandwidth secara fixed.
● Lebih fleksibel dan butuh pemahaman yang baik di /firewall mangle khususnya tentang traffic control.
Hotspot QOS
● Built-in limiter – menggunakan parameer rate-limit di server-profile
– otomatis dan mudah tetapi tidak memungkinkan implementasi HTB.
● Custom limitation – Memanfaatkan parameter Incoming-packet-mark
dan outgoing-packet-mark pada user-profile.
– bisa implementasi HTB dan melakukan limitasi berdasarkan kriteria koneksi yang lebih beragam
Jaringan Hotspot
● Asumsi– Ether1 / Wan = 192.168.88.5
– Ether2 / Lan = 192.168.90.9/29
– Jaringan lan 192.168.90.8/29 (6 host: 1 ap 5 client)
– Bandwidth = 512kbps
SETTING INTERFACE
● /interface ethernet● set 0 name=wan● set 1 name=lan
SETTING IP ADDRESS
● /ip address● add address=192.168.88.5/24 interface=wan● add address=192.168.90.9/29 interface=lan
SETTING GATEWAY
● /ip route● add distance=1 gateway=192.168.88.1
MASQUERADING
● /ip firewall nat● add action=masquerade chain=srcnat in-
interface=lan
SETUP DNS
● /ip dns● set allow-remote-requests=yes
servers=8.8.8.8,8.8.4.4
IIX Addresses
● /system script● add name=nice-import
policy=read,write,test,sniff source="/tool fetch address=ixp.mikrotik.co.id src-path=/download/nice.rsc mode=http"
● import nice.rsc
SETUP HOTSPOT
● ip hotspot setup
● hotspot interface: ether2
● local address of network: 192.168.90.9
● masquerade network: yes
● address pool of network: 192.168.90.10 – 192.168.10.14
● select certificate: none
● ip address of smtp server: 0.0.0.0
● dns servers: 8.8.8.8,8.8.4.4
● dns name:hotline
● Username: admin
● Password: admin
Hotspot User Profile
● /ip hotspot user profile● add address-pool=hs-pool-2 idle-timeout=none
incoming-packet-mark=group1-in keepalive-timeout=2m name=photline outgoing-packet-mark=group1-out
HOTSPOT USER
● /ip hotspot user● add name=amad password=amad
profile=photline● add name=eri password=eri profile=photline● add name=yasin password=yasin
profile=photline● add name=nugi password=nugraha
profile=photline
SETTING MANGLE
HOTSPOT JUMP
● /ip firewall mangle● add action=jump chain=prerouting
comment=jumping jump-target=hotspot● add action=jump chain=postrouting jump-
target=hotspot
HOTSPOT MARKING
● /ip firewal mangle
● add action=mark-connection chain=prerouting new-connection-mark=conn-group1 packet-mark=group1-in
● add action=mark-connection chain=postrouting new-connection-mark=conn-group1 packet-mark=group1-out
● add action=mark-packet chain=prerouting connection-mark=conn-group1 new-packet-mark=packet-group1 passthrough=no
● add action=mark-packet chain=postrouting connection-mark=conn-group1 new-packet-mark=packet-group1 passthrough=no
IIX & INT Marking
● /ip firewall mangle
● add action=mark-connection chain=prerouting comment="iix ix differ" dst-address-list=nice new-connection-mark=conn-group1-iix packet-mark=group1-in
● add action=mark-packet chain=prerouting connection-mark=conn-group1-iix new-packet-mark=packet-group1-in passthrough=no
● add action=mark-connection chain=prerouting dst-address-list=!nice new-connection-mark=conn-group1-int packet-mark=group1-in
● add action=mark-packet chain=prerouting connection-mark=conn-group1-int new-packet-mark=packet-group1-int passthrough=no
● add action=mark-packet chain=postrouting connection-mark=conn-group1-iix new-packet-mark=packet-group1-iix passthrough=no
● add action=mark-packet chain=postrouting connection-mark=conn-group1-int new-packet-mark=packet-group1-int passthrough=no
HOTSPOT UNAUTH MARKING
Unauth = have bypass access
● /ip firewall mangle
● add action=mark-connection chain=prerouting comment=hotspot-unauth hotspot=!auth in-interface=lan new-connection-mark=conn-unauth
● add action=mark-packet chain=prerouting connection-mark=conn-unauth new-packet-mark=packet-unauth passthrough=no
● add action=mark-packet chain=postrouting connection-mark=conn-unauth new-packet-mark=packet-unauth passthrough=no
Limitation Queue
Parent & Hotspot Group
● /queue tree
● add max-limit=512k name=0-Hotspot1-Total-Upload parent=wan
● add max-limit=512k name=0-Hotspot1-Total-Download parent=lan
● add limit-at=128k max-limit=256k name=Group1-Total-Upload packet-mark=packet-group1 parent=0-Hotspot1-Total-Upload
● add limit-at=128k max-limit=256k name=Group1-Total-download packet-mark=packet-group1 parent=0-Hotspot1-Total-Download
IIX & INT; Up & Down
● /queue tree
● add limit-at=64k max-limit=256k name=Group1-Total-IIX-Download packet-mark=packet-group1-iix parent=Group1-Total-download priority=4
● add limit-at=64k max-limit=256k name=Group1-Total-INT-Download packet-mark=packet-group1-int parent=Group1-Total-download priority=3
● add limit-at=64k max-limit=256k name=Group1-Total-IIX-Upload packet-mark=packet-group1-iix parent=Group1-Total-Upload priority=4
● add limit-at=64k max-limit=256k name=Group1-Total-INT-Upload packet-mark=packet-group1-int parent=Group1-Total-Upload priority=4
Hotspot unauth
● /queue tree● add limit-at=16k max-limit=64k
name=Hotspot1-Unauth-Download packet-mark=packet-unauth parent=0-Hotspot1-Total-Download
● add limit-at=8k max-limit=64k name=Hotspot1-Unauth-Upload packet-mark=packet-unauth parent=0-Hotspot1-Total-Upload
SCREEN SHOTS!
HOTSPOT USER PROFILE
MANGLE
QUEUE TREE
kAMSIa
Limitation Queue
● /queue tree
● add name="Hotspot-total-Up" parent=Wan packet-mark="" max-limit=512k
● add name="Hotspot-total-Down" parent=Lan packet-mark="" max-limit=512k
● add name=”Group-total-Download" parent=Hotspot-total-Down packet-mark=packet-down limit-at=256k max-limit512
● add name="Group-total-Upload" parent=Hotspot-total-Up packet-mark=packet-up limit-at=256k max-limit=512k
Gambar pendukung
