Konfigurasi MikroTik RB941-2nD untuk IndiHome
Topologi & Strategi QoS
- Total Bandwidth: IndiHome 75Mbps
- Port 1 (wan-modem): Koneksi IndiHome
- Port 2 (ether2): LAN 192.168.99.1/24 - Limited 10Mbps
- WLAN1: WiFi 192.168.88.1/24 - Maximum 65Mbps (sisa bandwidth)
- Optimasi: Social media, gaming, dan streaming
- Strategi: Hierarchical QoS untuk mencegah saling berebut bandwidth
Langkah 1: Cleanup & Persiapan
1.1 Hapus Bridge yang Tidak Terpakai
/interface bridge remove [find name=bridge-main]
1.2 Reset Queue yang Ada (jika perlu)
/queue simple remove [find] /queue tree remove [find]
Langkah 2: Konfigurasi Interface Dasar
2.1 Rename Interface
/interface ethernet set [ find default-name=ether1 ] name=wan-modem
2.2 Disable Interface yang Tidak Digunakan
/interface ethernet set [ find default-name=ether3 ] disabled=yes set [ find default-name=ether4 ] disabled=yes
2.3 Konfigurasi WiFi Optimal
/interface wireless set [ find default-name=wlan1 ] \ adaptive-noise-immunity=ap-and-client-mode \ band=2ghz-b/g/n \ channel-width=20/40mhz-Ce \ country=indonesia \ disabled=no \ distance=indoors \ frame-lifetime=0 \ hw-retries=4 \ mode=ap-bridge \ ssid=HAFIDZ-WiFi \ wmm-support=enabled \ wps-mode=disabled
Langkah 3: Security Profile WiFi
/interface wireless security-profiles set [ find default=yes ] \ authentication-types=wpa2-psk \ group-ciphers=aes-ccmp \ mode=dynamic-keys \ unicast-ciphers=aes-ccmp \ wpa2-pre-shared-key=PASSWORD_WIFI_ANDA
Langkah 4: IP Address Configuration
/ip address add address=192.168.99.1/24 interface=ether2 network=192.168.99.0 add address=192.168.88.1/24 interface=wlan1 network=192.168.88.0
Langkah 5: DHCP Client untuk IndiHome
/ip dhcp-client add interface=wan-modem disabled=no use-peer-dns=yes use-peer-ntp=yes
Langkah 6: IP Pool Configuration
/ip pool add name=pool-limited ranges=192.168.99.10-192.168.99.100 add name=pool-unlimited ranges=192.168.88.10-192.168.88.100
Langkah 7: DHCP Server Configuration
/ip dhcp-server add address-pool=pool-limited interface=ether2 name=dhcp-limited add address-pool=pool-unlimited interface=wlan1 name=dhcp-unlimited /ip dhcp-server network add address=192.168.99.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.99.1 add address=192.168.88.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.88.1
Langkah 8: DNS Configuration Optimal
/ip dns set allow-remote-requests=yes \ cache-size=2048 \ servers=1.1.1.1,8.8.8.8,180.131.144.144,180.131.145.145
Langkah 9: Interface List
/interface list add name=WAN add name=LAN /interface list member add interface=wan-modem list=WAN add interface=ether2 list=LAN add interface=wlan1 list=LAN
Langkah 10: Firewall NAT
/ip firewall nat add action=masquerade chain=srcnat comment="NAT to Internet" out-interface=wan-modem
Langkah 11: Firewall Filter Rules
/ip firewall filter add action=accept chain=input connection-state=established,related comment="Allow established connections" add action=accept chain=input src-address=127.0.0.1 comment="Allow localhost" add action=accept chain=input src-address=192.168.88.0/24 comment="Allow WiFi subnet" add action=accept chain=input src-address=192.168.99.0/24 comment="Allow limited subnet" add action=accept chain=input protocol=icmp comment="Allow ICMP" add action=accept chain=input dst-port=8291 protocol=tcp comment="Allow Winbox" add action=drop chain=input comment="Drop all other input" ## Langkah 11: Firewall Filter Rules ```bash /ip firewall filter add action=accept chain=input connection-state=established,related comment="Allow established connections" add action=accept chain=input src-address=127.0.0.1 comment="Allow localhost" add action=accept chain=input src-address=192.168.88.0/24 comment="Allow WiFi subnet" add action=accept chain=input src-address=192.168.99.0/24 comment="Allow limited subnet" add action=accept chain=input protocol=icmp comment="Allow ICMP" add action=accept chain=input dst-port=8291 protocol=tcp comment="Allow Winbox" add action=drop chain=input comment="Drop all other input" add action=accept chain=forward connection-state=established,related comment="Allow established forward" add action=drop chain=forward connection-state=invalid comment="Drop invalid forward"
Langkah 12: Packet Marking untuk QoS
12.1 Mangle Rules - Connection Marking
/ip firewall mangle # Mark connections dari subnet yang berbeda add action=mark-connection chain=prerouting \ src-address=192.168.99.0/24 \ new-connection-mark=limited-conn \ comment="Mark limited subnet connections" add action=mark-connection chain=prerouting \ src-address=192.168.88.0/24 \ new-connection-mark=unlimited-conn \ comment="Mark WiFi subnet connections"
12.2 Mangle Rules - Packet Marking
# Mark packets untuk limited subnet add action=mark-packet chain=prerouting \ connection-mark=limited-conn \ new-packet-mark=limited-packet \ comment="Mark limited subnet packets" # Mark packets untuk unlimited subnet add action=mark-packet chain=prerouting \ connection-mark=unlimited-conn \ new-packet-mark=unlimited-packet \ comment="Mark WiFi subnet packets"
12.3 Mangle Rules - Gaming & Streaming Priority
# Gaming Priority - Mobile Legend, FF, Genshin, etc add action=mark-connection chain=prerouting \ dst-port=2099,5000-5500,7081-7083,8001-8012,10001-10110 \ protocol=tcp \ new-connection-mark=gaming-conn \ comment="Gaming TCP ports" add action=mark-connection chain=prerouting \ dst-port=2099,5000-5500,7081-7083,8001-8012,10001-10110 \ protocol=udp \ new-connection-mark=gaming-conn \ comment="Gaming UDP ports" add action=mark-packet chain=prerouting \ connection-mark=gaming-conn \ new-packet-mark=gaming-packet \ comment="Gaming packet marks" # Social Media Priority - Facebook, Instagram, TikTok, YouTube add action=mark-connection chain=prerouting \ dst-port=80,443 \ protocol=tcp \ content=facebook.com,instagram.com,tiktok.com,youtube.com,threads.net \ new-connection-mark=social-conn \ comment="Social media connections" add action=mark-packet chain=prerouting \ connection-mark=social-conn \ new-packet-mark=social-packet \ comment="Social media packets"/ip firewall mangle
# Mobile Legends (2025)
add action=mark-connection chain=prerouting protocol=tcp dst-port=5000-5221,5224-5241,5243-5508,5551-5559,5601-5700,9001,9443,10003,30000-30300 connection-mark=unlimited-conn new-connection-mark=gaming-conn comment="ML TCP 2025" disabled=no
add action=mark-connection chain=prerouting protocol=udp dst-port=4001-4009,5000-5221,5224-5241,5243-5508,5551-5559,5601-5700,2702,3702,8001,9000-9010,9992,30190,30000-30300 connection-mark=unlimited-conn new-connection-mark=gaming-conn comment="ML UDP 2025" disabled=no
# Free Fire & PUBG (Prioritas UDP)
add action=mark-connection chain=prerouting protocol=udp dst-port=6006,6008,7008,8008,9008,10000-10013,7086-7995,10039,11455,12070-12460 new-connection-mark=gaming-conn comment="FF/PUBG UDP 2025"
# Genshin Impact & Higgs Domino
add action=mark-connection chain=prerouting protocol=udp dst-port=22101-22102,42472,40000-40010 new-connection-mark=gaming-conn comment="Genshin/Higgs UDP"
Langkah 13: Queue Tree Configuration (Hierarchical QoS)
13.1 Parent Queue untuk Total Bandwidth
/queue tree # Parent queue untuk total bandwidth add max-limit=75M name=Total-Bandwidth parent=global queue=default # Child queue untuk ether2 (limited) add max-limit=10M name=Ether2-Limited \ packet-mark=limited-packet \ parent=Total-Bandwidth \ priority=3 \ queue=default \ comment="Port 2 limited to 10Mbps" # Child queue untuk WiFi (unlimited tapi ada batas) add max-limit=65M name=WiFi-Unlimited \ packet-mark=unlimited-packet \ parent=Total-Bandwidth \ priority=2 \ queue=default \ comment="WiFi gets remaining bandwidth"
13.2 Sub-Queue untuk Gaming & Social Media
# Gaming priority dalam WiFi add max-limit=30M name=Gaming-Priority \ packet-mark=gaming-packet \ parent=WiFi-Unlimited \ priority=1 \ queue=default \ comment="Gaming gets high priority" # Social media priority dalam WiFi add max-limit=40M name=Social-Priority \ packet-mark=social-packet \ parent=WiFi-Unlimited \ priority=2 \ queue=default \ comment="Social media priority"
Langkah 14: Simple Queue untuk Backup Control
/queue simple # Backup queue untuk ether2 jika tree queue gagal add max-limit=10M/10M \ name=Backup-Ether2-Limit \ target=ether2 \ disabled=yes \ comment="Backup queue for ether2" # Per-connection queue untuk WiFi users add max-limit=75M/75M \ name=WiFi-Per-Connection \ target=wlan1 \ queue=pcq-upload-default/pcq-download-default \ comment="Fair bandwidth sharing for WiFi users"
Langkah 15: PCQ Configuration untuk Fair Sharing
/queue type add kind=pcq name=pcq-download-wifi \ pcq-classifier=dst-address \ pcq-dst-address6-mask=64 \ pcq-rate=0 \ pcq-src-address6-mask=64 add kind=pcq name=pcq-upload-wifi \ pcq-classifier=src-address \ pcq-dst-address6-mask=64 \ pcq-rate=0 \ pcq-src-address6-mask=64
Langkah 16: Optimasi TCP/IP Settings
/ip settings set max-neighbor-entries=2048 \ tcp-syncookies=yes \ ip-forward=yes \ send-redirects=no \ accept-redirects=no \ secure-redirects=yes \ rp-filter=loose
Langkah 17: System Optimization
/system clock set time-zone-name=Asia/Jakarta /system identity set name="MikroTik-IndiHome-75M" /system resource set max-neighbor-entries=2048
Langkah 18: Connection Tracking Optimization
/ip firewall connection tracking set enabled=yes \ tcp-established-timeout=1h \ tcp-time-wait-timeout=10s \ udp-timeout=10s \ icmp-timeout=10s \ generic-timeout=10m
Langkah 19: Bandwidth Monitoring Scripts
/system scheduler add name=Monitor-Bandwidth \ interval=5m \ start-date=jan/01/1970 \ start-time=00:00:00 \ on-event=":log info \"Ether2 Traffic: [/interface monitor-traffic ether2 count=1 as-value]\"; \ :log info \"WiFi Traffic: [/interface monitor-traffic wlan1 count=1 as-value]\"" \ comment="Monitor bandwidth usage every 5 minutes"
Verifikasi & Testing
Cek Queue Tree Status
/queue tree print stats
Monitor Interface Traffic
/interface monitor-traffic ether2,wlan1
Test Bandwidth per Interface
/tool torch interface=ether2 /tool torch interface=wlan1
Cek Connection Tracking
/ip firewall connection print count-only
Troubleshooting Gaming & Streaming
Jika Gaming Lag:
# Tambah gaming ports spesifik /ip firewall mangle add action=mark-connection chain=prerouting \ dst-port=3724,6112-6119,4000,7000-7001 \ protocol=tcp \ new-connection-mark=gaming-conn \ comment="Additional gaming ports"
Jika YouTube/TikTok Buffering:
# Prioritas streaming /queue tree add max-limit=50M name=Streaming-Priority \ packet-mark=social-packet \ parent=WiFi-Unlimited \ priority=1 \ queue=default
Tips Optimasi IndiHome 75Mbps
- Bandwidth Allocation:
- Ether2: 10Mbps (13% dari total)
- WiFi: 65Mbps (87% dari total)
- Gaming: Priority tinggi
- Social Media: Priority sedang
- Queue Strategy:
- Hierarchical Tree untuk kontrol total
- PCQ untuk fair sharing per user
- Priority untuk gaming dan streaming
- Connection Optimization:
- TCP timeout optimization
- Connection tracking limits
- Neighbor table size increase
- Monitoring:
- Real-time bandwidth monitoring
- Queue statistics
- Connection tracking stats