Network and Hotspot Login Configuration
with Mikrotik Routerboard
Indra Deva Aji Zakaria
Computer and Network Engineering
SMK Telkom Bandung
Bandung, Indonesia
indra.d373@gmail.com
Abstract
Competency Test or often referred as Uji Kompetensi Keahlian
(UKK) is one of the exams which conducted by student of
Vocational High School (also called SMK) which is one of the
graduation requirements of his or her studies that have been taken
in 3 until 4 years in their school. In addition to being one of the
graduation requirements, the purpose of this exam is to measure
the extent of students’ ability to capture all of the material that has
been taught for 3 until 4 years of study. The method which used to
measure the ability of students who take their studies in Computer
and Network Engineering at Telkom Vocational High School is by
configuring the MikroTik Router Board (RB951-2n series) and
hotspot login setup which divided into 3 test categories namely
written test, oral (spoken) test, and practice test.
For the written and oral test is talk about things that related
with Network Configuration starting from the hardware to software
which participant will use during the practice. For the practice test,
the author must complete several task that given by the examiner.
The task is about network configuration such as internet
connection, DHCP Pool, static DNS, firewall, log rule, filter rule,
blocking site, blocking file, blocking content that related with
several words, block internet access, hotspot system, and the last is
bypass site. UKK is held on April 15th until 23rd, 2019. Through
this Competency Test, hopefully that all students will be able to
demonstrate or show their abilities and knowledge in the major of
Computer and Network Engineering.
Keywords:
Network Configuration, Hotspot login, Competency Test,
MikroTik, Router, Static DNS, DHCP Pool, Internet Connection,
Firewall, Logging, Blocking File, Site and Content, Bypass Site.
I. Introduction
The internet has become one of the needs of human nowadays,
because everything is now related to the internet. Not only for
entertainment, the internet can now also can be used as a medium
of learning, work, and many other things. Internet make many
things easier so internet is becoming a necessity for people
nowadays.
Vocational School have an important role in preparing the
young generation which should be ready to compete inside the
industrial world both national or international scale with their
expertise in each major that them have chosen.
Telkom Vocational High School is one of the vocational
schools that prepare the student to be ready to compete inside the
industrial world through Competency Test or also called Uji
Kompetensi Keahlian or UKK. Through this test expect that all
students can demonstrate their abilities and knowledge that have
been studied for 3 until 4 years of study. In addition to measure the
SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
extent of students’ ability, UKK also being one of the graduation
requirements.
A. Problem Identification
The problem faced is to configure Wifi Router (MikroTik
RB951-2n) as an internet gateway, Web proxy, DCHP server,
and firewall, then the internet distributed to clients via cable
and wireless.
B. Goal and Purpose
 The goal of this test is to configure Wifi Router as an
internet gateway, Web proxy, DCHP server, and firewall,
then the internet distributed to clients via cable and
wireless (hotspot login).
 The purpose of this test in addition to being one of the
graduation requirements, this test is to measure the extent
of students’ ability to capture all of the material that has
been taught for 3 until 4 years of study.
II. LITERATURE REVIEW
1. UKK (Uji Kompetensi Keahlian)
The process of testing and assessment is carried out by
competency test examiners to measure the level of
achievement of student learning outcomes competencies
2. Vocational High School
A high school which designed to bring vocational and
technical training to its students.
3. Computer and Network Engineering
A science based on Information and Communication
Technology related to algorithmic capabilities, and computer
programming, computer assembly, computer network
assembly, and operation of software, and the internet.
4. MikroTik
MikroTik Is an operating system that can connect different
Ethernets to create a network. MikroTik is a Latvian
company which was founded in 1996 to develop routers and
wireless ISP systems.
5. UTP Cable
UTP or called Unshielded Twisted Pair is a type of cable that
can be used to make computer networks connection.
6. RJ45
RJ45 is an Ethernet cable connector commonly used in LAN
computer network topologies and other types of computer
networks.
7. Router make requests for content from an internet or intranet
Router is a device that sends data packets through a network network.
or internet to its destination, through a process known as 21. Switch
routing.
Switch is a type of computer network component that is used
8. Router Board to connect several HUBs in forming a larger computer
Router board is embedded router products from MikroTik network or connecting computers that have substantial
bandwidth requirements.
9. MikroTik Router OS
22. Laptop
MikroTik router OS is an operating system of MikroTik
Router Board hardware. Laptop is small portable personal computer with same
performance as a desktop.
10. DNS
23. Crimping Tool
DNS or called Domain Name Server is a system that stores
information about the name of the host or domain name in Crimping Tool is the equipment used to crimping the RJ-45
the form of a distributed database (distributed database) on a that has the UTP cable installed correctly.
computer network. 24. LAN Tester
11. DNS Static LAN tester is a tools to check the cable that is mounted RJ-
DNS Static is a way to redirect or direct one domain address 45.
to another domain address. 25. Hotspot
12. DHCP a system to provide authentication features to users who will
DHCP (Dynamic Host Configuration Protocol) is service that use the network.
automatically assigns or give the IP number to the computer 26. URL Redirect
which requesting it.
URL redirect is a webserver function that sends a user from
13. Ethernet one URL to another.
Ethernet is the traditional technology for connecting wired 27. Bypass Website
local area networks (LANs), enabling devices to
communicate with each other via a protocol. Bypass on this Mikrotik is Making a special path for an IP to
access certain sites without having to authenticate Login
14. IP Address hotspots that are default from Mikrotik.
Internet Protocol address (IP address) is a numerical label 28. Bandwidth
assigned to each device connected to a computer network
that uses the Internet Protocol for communication. Bandwidth is defined as a range within a band of frequencies
or wavelengths.
15. Firewall
29. SSID
Firewall is a network security device that monitors incoming
and outgoing network traffic and decides whether to allow or SSID (Service Set Identifier) is simply the technical term for
a network name.
block specific traffic based on a defined set of security rules.
16. NAT 30. Protocol
NAT (Network Address Translation) is a method of Protocol is a set of rules or standards that controls the
remapping one IP address space into another by modifying connection, communication, and data transfer between two
network address information in the IP header of packets electronic devices or two computing endpoints.
while they are in transit across a traffic routing device. 31. Winbox
17. Filter Rules Winbox is utility used for connectivity and configuration of
Filter rules is used to determine whether a data packet can MikroTik using MAC or IP Address.
enter or not into the packet data router MikroTik system that 32. Ping
will be handled by this filter feature is a data packet that is
shown on one of the router interfaces. Ping is a computer network administration software utility
used to test the reachability of a host on an Internet Protocol
18. WLAN network.
Wireless LAN (WLAN) is a wireless computer network that
links two or more devices using wireless communication to
form a local area network (LAN) within a limited area such
as a home, school, computer laboratory, campus, office
III. METHODOLOGY
building, etc.
19. Internet Gateway A. Things Tested
Internet gateway is a network "node" that connects two In this test there are some things that are tested as :
different networks that use different protocols (rules) for
communicating. 1. Internet Connection
20. Web Proxy The client must be able to connect to the internet and can use
the internet smoothly.
Web proxy is a shields between you and the website you're
visiting. Web proxy also acts as an intermediary to receive /

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
2. DHCP Pool
The client who connect to the router should get IP in range
192.168.200.100 – 192.168.200.200.150 (for client who access
the router via cable or Ethernet) and range 192.168.200.100.100
- 192.168.200.100.150. (for client who access the router via
wireless/Wi-Fi).

3. Static DNS
The Static DNS make the router can redirect a client who
access an URL or site to another site.
4. Firewall
Make firewall to block IP to ping to router. When client want
to test the reachability of a router via ping utility some range of
IP from 192.168.200.100 – 192.168.200.110 cannot ping to the
router.
Fig. 3.1 Winbox Software
5. Make Log Rule
When the network admin login to router OS or change the
configuration, every access and changes will be recorded in the
log menu.
6. Make Filter Rule That Allow HTTP and HTTPS
When client accesses the internet, there must be a filter rule
that allows the client to open each site both sites with HTTP or
HTTPS protocols.
7. Blocking Facebook Site
Client cannot access Facebook site or any content that related
to Facebook.
8. Blocking MP3 File
Client cannot download .mp3 file.
9. Blocking Content Related To Telkom Word
Client cannot access any site that related to “Telkom” word. Fig. 3.2 MikroTik Router OS
10. Block Internet Access
2. Hardware
Client cannot access the internet for a set amount of time.  UTP Cable
11. Login Hotspot  RJ45
Clients must log in to the hotspot before connect to internet,  Crimping Tool
and clients is divided into two users IE member with  LAN Tester
download/upload bandwidth up to 2 Mbps and guest with  Switch
download/upload bandwidth up to 1 Mbps.  Router
12. Bypass Site  Laptop
When the client hasn't logged in into the hotspot, the client still
can access smktelkom-bdg.sch.id site.
IV. IMPLEMENTATION
B. Tools and Materials
Tools that used for this test are:
A. Configuration
1. Software
 Winbox 1. Crimping Cable
 MikroTik Router OS  Cut the skin of the UTP cable
 Sort by cable color in accordance with the straight
type of UTP Cable (White Orange – Orange – White
Green – Blue – White Blue – Green – White Brown –
Brown).
 Insert the cable into the RJ45.
 Then Crimping the RJ45

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
  And perform the step that carried out eth1 and eth2 for wlan1.

 After set the IP, set the DNS, open IP menu > DNS > then
setting server “192.168.1.1” and “8.8.8.8” > checklist allow
remote request > click apply and OK.

Fig. 4.1 UTP Cable Straight

2. Configuring Router
Before configure the router author should read the tasks given
by the examiner to the author, after read the tasks the author begins
to configure the router. Fig. 4.4 DNS Configuration

 First of all, plug in UTP Cable from Eth1 port in router to  Then set DHCP Server, open IP menu > DHCP Server >
switch port, and plug the other UTP Cable from Eth2 port to DHCP Setup, click next till end (don’t forget to configure
LAN port in the laptop. range IP according to the tasks given), do it for Wlan1 also.

 Then open the Winbox application, Winbox will read the MAC * DHCP to give out:
address or IP address of the router, click two times on the Eth2 = 192.168.207.100 – 192.168.207.150
MAC address or IP address if available and reset the router Wlan1 = 192.168.107.100 – 192.168.107.150
configuration first.

 After that, Open IP menu > address, and then setting IP for
Eth1 and Eth2 also Wlan1

* Eth1 = 192.168.1.107/24
Eth 2 = 192.168.207.1/24
Wlan1 = 192.168.107.1/24 Fig. 4.5 DHCP IP Give Out

 Setting NAT Firewall, open IP menu > Firewall > NAT >
select + > General > Chain: srcnat, Out. Interfaces: ether1 >
Action: masquerade > OK

Fig. 4.2 Eth1 IP Address

Fig. 4.6 NAT Masquerade Configuration

 Setting Routes in order to connect to the internet, open IP

menu > Routes > select + > Dst. Address: 0.0.0.0/0 > Gateway:
192.168.1.1 >click Apply and OK.

 After set the routes configuration, check the internet

connection via Command Prompt (CMD) by ping to
google.com or 8.8.8.8 if google reply like “Reply from
Fig. 4.3 Eth2 IP Address 216.239.38.120: bytes=32 time=60ms TTL=127” it mean you
have an internet connection.

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
 Fig. 4.10 Evidence of Block Range IP

 Then make log rule that can record any access or changes by
the admin. Open IP > Firewall > Filter Rule > select + > Chain:
input, In. Interface: ether2 >Action: log, Log Prefix: logging >
click Apply and OK.

Fig. 4.7 Routes Configuration and Pinging Google

 Then set Static DNS, open IP menu > DNS > Static > select +
> Name: kompas.com, Address: kaskus.co.id > click Apply
and OK

Fig. 4.11 Log Rule

 Make rule that allow request HTTP or HTTPS from client

network to the internet. Open IP > Firewall > Filter Rule >
select + > Chain: forward, Protocol: 6(tcp), Dst. Port: 80, 443,
In. Interface: ether2 > Action: accept > click Apply and OK.

Pict 4.8 Static DNS

 After that, make firewall to block some range of IP to ping to

the router. Open IP > Firewall > Filter Rule > select + > Chain:
input, Src. Address: 192.168.207.100 – 192.168.207.110, Dst.
Address: 192.168.207.1 >Protocol: icmp > Action: drop > click
Apply and OK.

* Range IP to block = 192.168.207.100 – 192.168.207.110

Fig. 4.12 Rule HTPP and HTTPS

 After that, configure the wireless (wlan1) go to Wireless menu

> WiFi Interfaces > Wireless > Mode: ap-bridge, SSID:
Indra@Proxy, Wireless Protocol: default (open network) >
click Apply and OK.

Fig. 4.9 Block Range IP

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
 Fig. 4.16 Hotspot Setup

 After that go to Files Menu > drag and drop the login page file
that want to be use for hotspot login page. > change the HTML
Directory at IP/Hotspot/Server Profile/HTML Directory with
the file that has been copied in the Files menu and then access
“indrahotspot.com” in the web browser (first make sure the
laptop is connected to the wireless network).
Fig. 4.13 Wireless Configuation

 Then set the hotspot login system (divided into two users:
member and guest) go to IP > Hotspot > User Profile > select +
> Name: member, Shared Users: 1, Rate Limit(rx/tx): 2M/2M
> Apply and OK. Do it for guest user with Name: guest,
Shared Users: 1, Rate Limit(rt/tx): 1M/1M.

Fig. 4.14 Hotspot User Profile

 Then go to menu Users > select + > Server: All, Name:
member, Password: member, profile: member. Change all
member word with guest for guest user.
Fig. 4.17 Hotspot Login Page and Status
 Then the the author makes the bypass site configuration for the
client that has not logged in yet into the hotspot login page.
Open IP > Hotspot > Walled Garden > select + > Allow >
Src.Address: 192.168.107.0/24 > Dst. Host: *smktelkom-
bdg.sch.id > click Apply and OK.

Fig. 4.15 Hotspot User

 Then go to Server menu > Hotspot Setup > Hotspot Interface:

Wlan1 > click next until find DNS name and fill it with
“indrahotspot.com” > then click Finish. Fig. 4.18 Walled Garden Bypass

 After that, block access to facebook.com via Layer 7 Protocol.

Open IP > Firewall > L7 Protocol > select + > Name: facebook
> Regexp: ^.+(facebook.com).*$ > click Apply and OK. Go to

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
 Firewall > Filter Rule > select + > Chain: forward, Src.
Address: 192.168.107.0/24 (wlan1), Protocol: 6(tcp), Dst. Port
80, 443 > Advanced > Layer 7 Protocol: facebook > Action:
drop > click Apply and OK.

Fig. 4.9.9.1 Block File

 After that the author should block any content that contain
“Telkom” word. Open IP > Firewall > L7 Protocol > select >
Name: Telkom, Regexp: ^.+(telkom).*$ > click Apply and
OK.

Fig. 4.19 Block Facebook

 Then block client who want to download mp3 file from the
internet. Open IP > Web Proxy > checklist enable > Cache
Administrator: indrad@smktelkom-bdg.sch.id > checklist
cache on disk > go to Access > Path: *.mp3*, Action: deny >
click Apply and OK. Go to Firewall > NAT > Chain: dstnat,
Src. Address: 192.168.107.0/24, Protocol: 6(tcp), Port: 80 > Fig. 4.21 Block Telkom Content
Action: Redirect, To Ports: 8080 > click Apply and OK.
 After that the author should make a firewall that block internet
access from 7PM into 7AM. Open IP > firewall > Filter Rule >
Chain: forward, Src. Address: 192.168.107.0/24, Protocol:
6(tcp), Port: 80, 443 > Extra > Time (divided into 2
configuration) : 19:00:00 – 23:59:59 and 00:00:00 – 07:00:00
> Action: drop > click Apply and OK.

Fig. 4.20 Block File

Fig. 4.22 Block Internet Access

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ
 REFERENCES
[1] https://smart-telecom.co.id/2018/05/15/kebutuhan-internet-jaman-
now/. Accessed on 21 April 2019.
[2] https://mikrotik.com/aboutus. Accessed on 21 April 2019.
[3] https://whatismyipaddress.com/gateway. Accessed on 21 April
2019.
[4] https://www.techopedia.com/definition/1708/url-redirect.Accessed
on 22 April 2019.
[5] https://www.igi-global.com/dictionary/digital-libraries-overview-
globalization/23909. Accessed on 22 April 2019.
[6] https://www.am-pm.nl/en/. Accessed on 22 April 2019.
[7] http://www.mikrotik-routeros.net/routeros.aspx. Accessed on 22
April 2019.
[8] https://support.bell.ca/internet/connection-help/what-do-ssid-and-
wpa2-mean. Accessed on 22 April 2019.
[9] https://www.lifewire.com/definition-of-service-set-identifier-
816547. Accessed on 22 April 2019.
[10] https://www.websitepulse.com/blog/what-is-ping-test. Accessed on
22 April 2019.
[11] https://personalfirewall.comodo.com/what-is-firewall.html.
Accessed on 22 April 2019.
[12] https://kb.iu.edu/d/aoru. Accessed on 23 April 2019.
[13] https://searchnetworking.techtarget.com/definition/Ethernet.
Accessed on 23 April 2019.
[14] https://www.linksys.com/us/r/resource-center/basics/whats-
ethernet/. Accessed on 23 April 2019.

SMK TELKOM BANDUNG/TEKNIK KOMPUTER DAN JARINGAN/UJI KOMPETENSI KEAHLIAN ©2019 TKJ