Panduan Konfigurasi Mikrotik RB941-2nD (hAP lite)
Firmware RouterOS 7.2.3
Topologi Target
- Port 1 (ether1): WAN - Koneksi ke modem (192.168.1.1)
- Port 2 (ether2): LAN Terbatas - 192.168.99.1/24 dengan limit 10Mbps
- WLAN: WiFi Unlimited - 192.168.88.1/24 tanpa limit
.jpeg "Panduan Konfigurasi Mikrotik RB941-2nD (hAP lite) topologi Port2 Acces Point di Batasi 10Mbps dan Wifi Unlimited")
LANGKAH 1: PERSIAPAN AWAL
1.1 Reset Konfigurasi (Opsional)
/system reset-configuration no-defaults=yes skip-backup=yes
1.2 Akses via Winbox
- Hubungkan PC ke port 2,3, atau 4
- Buka Winbox
- Scan neighbors atau gunakan MAC address
- Login dengan user: admin, password: kosong
LANGKAH 2: KONFIGURASI INTERFACE DASAR
2.1 Rename Interface
/interface ethernet set ether1 name=wan-modem
# ether2, ether3, ether4, dan wlan1 tetap menggunakan nama default
2.2 Setup Bridge untuk Management
/interface bridge add name=bridge-main protocol-mode=rstp
LANGKAH 3: KONFIGURASI IP ADDRESS
3.1 WAN Interface (Port 1)
# Jika modem menggunakan DHCP
/ip dhcp-client add interface=wan-modem disabled=no
# Atau jika menggunakan IP static (sesuaikan dengan setting modem)
/ip address add address=192.168.1.100/24 interface=wan-modem
/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1
3.2 LAN Limited (Port 2)
/ip address add address=192.168.99.1/24 interface=ether2
3.3 WLAN Unlimited
/ip address add address=192.168.88.1/24 interface=wlan1
LANGKAH 4: KONFIGURASI WIRELESS
4.1 Setup WiFi Access Point
/interface wireless set wlan1 mode=ap-bridge ssid="YourWiFiName" channel=auto band=2ghz-b/g/n wireless-protocol=802.11 security-profile=default
# Setup Security Profile
/interface wireless security-profiles set default authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="YourWiFiPassword"
# Enable wireless
/interface wireless enable wlan1
LANGKAH 5: KONFIGURASI DHCP SERVER
5.1 DHCP untuk LAN Limited (192.168.99.x)
/ip pool add name=pool-limited ranges=192.168.99.10-192.168.99.100
/ip dhcp-server network add address=192.168.99.0/24 gateway=192.168.99.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server add name=dhcp-limited interface=ether2 address-pool=pool-limited disabled=no
5.2 DHCP untuk WLAN Unlimited (192.168.88.x)
/ip pool add name=pool-unlimited ranges=192.168.88.10-192.168.88.100
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server add name=dhcp-unlimited interface=wlan1 address-pool=pool-unlimited disabled=no
LANGKAH 6: KONFIGURASI NAT (Network Address Translation)
6.1 Masquerade untuk Internet Access
/ip firewall nat add chain=srcnat out-interface=wan-modem action=masquerade comment="NAT to Internet"
LANGKAH 7: KONFIGURASI BANDWIDTH LIMIT (QoS)
7.1 Limit Bandwidth Port 2 (10Mbps)
# Simple Queue untuk membatasi total bandwidth port 2
/queue simple add name="Limit-Port2-10Mbps" target=192.168.99.0/24 max-limit=10M/10M comment="Limit LAN port 2 to 10Mbps"
7.2 Queue Tree Alternative (Lebih Detail)
# Buat mangle rules untuk marking
/ip firewall mangle add chain=prerouting src-address=192.168.99.0/24 action=mark-connection new-connection-mark=limited-conn
/ip firewall mangle add chain=prerouting connection-mark=limited-conn action=mark-packet new-packet-mark=limited-packet
# Queue tree untuk kontrol yang lebih granular
/queue tree add name="Limited-Upload" parent=wan-modem packet-mark=limited-packet max-limit=10M
/queue tree add name="Limited-Download" parent=ether2 packet-mark=limited-packet max-limit=10M
LANGKAH 8: FIREWALL RULES (Keamanan Dasar)
8.1 Basic Firewall Protection
# Accept established dan related connections
/ip firewall filter add chain=input connection-state=established,related action=accept
# Accept loopback
/ip firewall filter add chain=input src-address=127.0.0.1 action=accept
# Accept LAN access to router
/ip firewall filter add chain=input src-address=192.168.88.0/24 action=accept
/ip firewall filter add chain=input src-address=192.168.99.0/24 action=accept
# Accept ICMP (ping)
/ip firewall filter add chain=input protocol=icmp action=accept
# Accept Winbox access
/ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept
# Drop everything else
/ip firewall filter add chain=input action=drop
# Forward rules
/ip firewall filter add chain=forward connection-state=established,related action=accept
/ip firewall filter add chain=forward connection-state=invalid action=drop
LANGKAH 9: DNS CONFIGURATION
9.1 Setup DNS Server
/ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
LANGKAH 10: MONITORING DAN TESTING
10.1 Commands untuk Monitoring
# Cek interface status
/interface print stats
# Cek queue statistics
/queue simple print stats
# Cek DHCP leases
/ip dhcp-server lease print
# Cek wireless registration
/interface wireless registration-table print
# Test bandwidth
/tool bandwidth-test address=192.168.1.1 protocol=tcp direction=both duration=10s
10.2 Testing Konfigurasi
- Test koneksi internet dari semua network
- Test bandwidth limit pada port 2 menggunakan speedtest
- Test WiFi connectivity dan performa
- Verify DHCP assignment pada kedua network
KONFIGURASI LENGKAP DENGAN SCHEDULE MAINTENANCE
# Reset dan setup dasar
/system identity set name="hAP-lite-Home"
# Interface naming (hanya ether1 yang di-rename)
/interface ethernet set ether1 name=wan-modem
# IP Addressing
/ip dhcp-client add interface=wan-modem disabled=no
/ip address add address=192.168.99.1/24 interface=ether2
/ip address add address=192.168.88.1/24 interface=wlan1
# Wireless setup
/interface wireless security-profiles set default authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key="YourPassword123"
/interface wireless set wlan1 mode=ap-bridge ssid="Home-WiFi" security-profile=default channel=auto band=2ghz-b/g/n
/interface wireless enable wlan1
# DHCP Servers
/ip pool add name=pool-limited ranges=192.168.99.10-192.168.99.100
/ip pool add name=pool-unlimited ranges=192.168.88.10-192.168.88.100
/ip dhcp-server network add address=192.168.99.0/24 gateway=192.168.99.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=8.8.8.8,8.8.4.4
/ip dhcp-server add name=dhcp-limited interface=ether2 address-pool=pool-limited
/ip dhcp-server add name=dhcp-unlimited interface=wlan1 address-pool=pool-unlimited
# NAT
/ip firewall nat add chain=srcnat out-interface=wan-modem action=masquerade
# Bandwidth Limitation
/queue simple add name="Limit-Port2-10Mbps" target=192.168.99.0/24 max-limit=10M/10M
# DNS
/ip dns set servers=8.8.8.8,8.8.4.4 allow-remote-requests=yes
# Basic Firewall
/ip firewall filter add chain=input connection-state=established,related action=accept
/ip firewall filter add chain=input src-address=192.168.88.0/24 action=accept
/ip firewall filter add chain=input src-address=192.168.99.0/24 action=accept
/ip firewall filter add chain=input protocol=icmp action=accept
/ip firewall filter add chain=input protocol=tcp dst-port=8291 action=accept
/ip firewall filter add chain=input action=drop
/ip firewall filter add chain=forward connection-state=established,related action=accept
# MAINTENANCE SCHEDULES
/system scheduler add name="Clear-Logs-Daily" start-date=jan/01/1970 start-time=02:00:00 interval=1d on-event="/log remove [find]; :log info \"Log cleared automatically\"" comment="Clear all logs daily at 2 AM"
/system scheduler add name="Weekly-Reboot" start-date=jan/04/1970 start-time=03:00:00 interval=7d on-event="/system reboot" comment="Weekly reboot every Sunday at 3 AM"
/system scheduler add name="Clear-DHCP-Leases" start-date=jan/01/1970 start-time=01:30:00 interval=1d on-event="/ip dhcp-server lease remove [find status=waiting]; :log info \"Expired DHCP leases cleared\"" comment="Clear expired DHCP leases daily"
/system scheduler add name="Clear-DNS-Cache" start-date=jan/01/1970 start-time=00:00:00 interval=12h on-event="/ip dns cache flush; :log info \"DNS cache flushed\"" comment="Clear DNS cache every 12 hours"
/system scheduler add name="Interface-Watchdog" start-date=jan/01/1970 start-time=00:00:00 interval=5m on-event=":if ([/interface get wan-modem running] != true) do={/interface enable wan-modem; :log warning \"WAN interface was down, re-enabled\"}; :if ([/interface get wlan1 running] != true) do={/interface enable wlan1; :log warning \"WLAN interface was down, re-enabled\"}" comment="Check and re-enable interfaces if down"
# Performance Optimizations
/ip settings set tcp-syncookies=yes ip-forward=yes max-neighbor-entries=256
/interface wireless set wlan1 tx-power=20 distance=indoors wmm-support=enabled
TIPS TROUBLESHOOTING
Performance pada RouterOS 7.x
- RouterOS v.7.15 pada RB941-2nD (hAP lite) dapat mengalami penurunan performa untuk beberapa fitur seperti PPTP VPN
- Untuk device lama seperti hAP lite, pertimbangkan menggunakan Simple Queue daripada Queue Tree untuk performa yang lebih baik
- Monitor penggunaan CPU dan memory dengan
/system resource print
Backup Konfigurasi
/export file=backup-config
/system backup save name=system-backup
Restore dari Backup
/import file-name=backup-config.rsc
# atau
/system backup load name=system-backup.backup
Schedule Maintenance yang Dibuat:
Daily Tasks:
- 02:00 - Clear semua logs (mencegah storage penuh)
- 01:30 - Clear expired DHCP leases
- 12 jam sekali - Clear DNS cache
- 6 jam sekali - Clear ARP table dynamic entries
- 4 jam sekali - Clear old firewall connections
- 2 jam sekali - Clear wireless registration table
Weekly Tasks:
- Minggu 03:00 - Auto reboot (sangat penting untuk device low-end)
- Minggu 01:00 - Backup konfigurasi otomatis
Monitoring Tasks:
- Setiap 5 menit - Interface watchdog (auto-enable jika interface down)
- Setiap jam - Monitor resource usage (CPU & memory)
- Setiap 30 menit - Monitor temperature & voltage
Manfaat untuk hAP lite (32MB RAM):
- Mencegah memory leak dengan reboot mingguan
- Mengoptimalkan storage dengan pembersihan log rutin
- Menjaga koneksi tetap fresh dengan clearing cache
- Auto-recovery jika ada interface yang bermasalah
- Backup otomatis untuk recovery jika ada masalah
Cara Install:
- Copy script lengkap dari bagian "KONFIGURASI LENGKAP DENGAN SCHEDULE MAINTENANCE"
- Paste di Terminal Winbox atau New Terminal
- Jalankan perintah dan tunggu selesai
- Verifikasi dengan
/system scheduler print
Tips Monitoring:
# Cek status semua schedule /system scheduler print # Cek resource usage /system resource print # Lihat log aktivitas schedule /log print where topics~"system"
Dengan schedule ini, hAP lite Anda akan berjalan lebih optimal dan stabil dalam jangka panjang. Device dengan RAM terbatas seperti ini sangat membutuhkan maintenance rutin untuk performa maksimal.
LANGKAH 11: SCHEDULE MAINTENANCE OTOMATIS
11.1 Auto Clear Logs (Setiap Hari Jam 02:00)
/system scheduler add name="Clear-Logs-Daily" start-date=jan/01/1970 start-time=02:00:00 interval=1d on-event="/log print count-only where message~\".\"; /log remove [find]; :log info \"Log cleared automatically\"" comment="Clear all logs daily at 2 AM"
11.2 Auto Reboot Mingguan (Setiap Minggu Jam 03:00)
/system scheduler add name="Weekly-Reboot" start-date=jan/04/1970 start-time=03:00:00 interval=7d on-event="/system reboot" comment="Weekly reboot every Sunday at 3 AM"
11.3 Clear DHCP Leases Expired (Setiap Hari Jam 01:30)
/system scheduler add name="Clear-DHCP-Leases" start-date=jan/01/1970 start-time=01:30:00 interval=1d on-event="/ip dhcp-server lease remove [find status=waiting]; :log info \"Expired DHCP leases cleared\"" comment="Clear expired DHCP leases daily"
11.4 Clear ARP Table (Setiap 6 Jam)
/system scheduler add name="Clear-ARP-Table" start-date=jan/01/1970 start-time=00:00:00 interval=6h on-event="/ip arp remove [find dynamic=yes]; :log info \"ARP table cleared\"" comment="Clear dynamic ARP entries every 6 hours"
11.5 Clear DNS Cache (Setiap 12 Jam)
/system scheduler add name="Clear-DNS-Cache" start-date=jan/01/1970 start-time=00:00:00 interval=12h on-event="/ip dns cache flush; :log info \"DNS cache flushed\"" comment="Clear DNS cache every 12 hours"
11.6 Clear Firewall Connections (Setiap 4 Jam)
/system scheduler add name="Clear-Old-Connections" start-date=jan/01/1970 start-time=00:00:00 interval=4h on-event="/ip firewall connection remove [find]; :log info \"Old connections cleared\"" comment="Clear old firewall connections every 4 hours"
11.7 Monitoring Resource Usage (Setiap Jam)
/system scheduler add name="Monitor-Resources" start-date=jan/01/1970 start-time=00:00:00 interval=1h on-event=":local cpuload [/system resource get cpu-load]; :local freemem [/system resource get free-memory]; :local totmem [/system resource get total-memory]; :local usedmem (\$totmem-\$freemem); :local mempercent ((\$usedmem*100)/\$totmem); :if (\$cpuload > 80) do={:log warning \"High CPU usage: \$cpuload%\"}; :if (\$mempercent > 85) do={:log warning \"High memory usage: \$mempercent%\"}" comment="Monitor system resources hourly"
11.8 Clear Wireless Registration Table (Setiap 2 Jam)
/system scheduler add name="Clear-Wireless-Reg" start-date=jan/01/1970 start-time=00:00:00 interval=2h on-event="/interface wireless registration-table remove [find]; :log info \"Wireless registration table cleared\"" comment="Clear wireless registration table every 2 hours"
11.9 Backup Konfigurasi Mingguan (Setiap Minggu Jam 01:00)
/system scheduler add name="Weekly-Backup" start-date=jan/01/1970 start-time=01:00:00 interval=7d on-event=":local date [/system clock get date]; :local time [/system clock get time]; /export file=(\"backup-\" . \$date . \"-\" . \$time); /system backup save name=(\"system-backup-\" . \$date); :log info \"Weekly backup completed\"" comment="Create weekly backup every Sunday at 1 AM"
11.10 Cleanup Old Backup Files (Setiap Bulan)
/system scheduler add name="Cleanup-Backups" start-date=jan/01/1970 start-time=04:00:00 interval=30d on-event=":foreach i in=[/file find name~\"backup-\" creation-time<[/system clock get date]] do={/file remove \$i}; :foreach i in=[/file find name~\"system-backup-\" creation-time<[/system clock get date]] do={/file remove \$i}; :log info \"Old backup files cleaned up\"" comment="Remove backup files older than 30 days"
11.11 Watchdog untuk Interface Down (Setiap 5 Menit)
/system scheduler add name="Interface-Watchdog" start-date=jan/01/1970 start-time=00:00:00 interval=5m on-event=":if ([/interface get wan-modem running] != true) do={/interface enable wan-modem; :log warning \"WAN interface was down, re-enabled\"}; :if ([/interface get wlan1 running] != true) do={/interface enable wlan1; :log warning \"WLAN interface was down, re-enabled\"}" comment="Check and re-enable interfaces if down"
11.12 Temperature & Voltage Monitoring (Setiap 30 Menit)
/system scheduler add name="Health-Monitor" start-date=jan/01/1970 start-time=00:00:00 interval=30m on-event=":local temp [/system health get temperature]; :local volt [/system health get voltage]; :if (\$temp > 65) do={:log warning \"High temperature: \$temp°C\"}; :if (\$volt < 11 || \$volt > 13) do={:log warning \"Voltage issue: \$volt V\"}" comment="Monitor device temperature and voltage"
LANGKAH 12: OPTIMASI PERFORMA TAMBAHAN
12.1 TCP/IP Stack Optimization
# Optimasi TCP window scaling
/ip settings set tcp-syncookies=yes ip-forward=yes
# Optimasi untuk bandwidth rendah
/ip settings set max-neighbor-entries=256
12.2 Wireless Optimization untuk hAP lite
# Optimasi wireless untuk performa maksimal
/interface wireless set wlan1 tx-power=20 tx-power-mode=default distance=indoors adaptive-noise-immunity=ap-and-client-mode frame-lifetime=0 hw-retries=4 burst-time=2.048ms
# Enable WMM untuk QoS wireless
/interface wireless set wlan1 wmm-support=enabled
12.3 Queue Optimization
# Set queue types untuk performa optimal pada device low-end
/queue type set default kind=pfifo pfifo-limit=50
12.4 Firewall Connection Tracking Optimization
# Optimasi connection tracking untuk device dengan RAM terbatas
/ip firewall connection tracking set enabled=yes tcp-established-timeout=1d tcp-fin-wait-timeout=10s tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s tcp-time-wait-timeout=10s tcp-close-timeout=10s tcp-max-retrans-timeout=5m tcp-unack-timeout=5m generic-timeout=10m icmp-timeout=10s udp-timeout=10s udp-stream-timeout=3m
SCRIPT INSTALL SEMUA SCHEDULE SEKALIGUS
# ===============================================
# MIKROTIK hAP LITE MAINTENANCE SCHEDULE SETUP
# ===============================================
# 1. Clear Logs Daily (02:00)
/system scheduler add name="Clear-Logs-Daily" start-date=jan/01/1970 start-time=02:00:00 interval=1d on-event="/log print count-only where message~\".\"; /log remove [find]; :log info \"Log cleared automatically\"" comment="Clear all logs daily at 2 AM"
# 2. Weekly Reboot (03:00 Sunday)
/system scheduler add name="Weekly-Reboot" start-date=jan/04/1970 start-time=03:00:00 interval=7d on-event="/system reboot" comment="Weekly reboot every Sunday at 3 AM"
# 3. Clear DHCP Leases (01:30)
/system scheduler add name="Clear-DHCP-Leases" start-date=jan/01/1970 start-time=01:30:00 interval=1d on-event="/ip dhcp-server lease remove [find status=waiting]; :log info \"Expired DHCP leases cleared\"" comment="Clear expired DHCP leases daily"
# 4. Clear ARP Table (Every 6 hours)
/system scheduler add name="Clear-ARP-Table" start-date=jan/01/1970 start-time=00:00:00 interval=6h on-event="/ip arp remove [find dynamic=yes]; :log info \"ARP table cleared\"" comment="Clear dynamic ARP entries every 6 hours"
# 5. Clear DNS Cache (Every 12 hours)
/system scheduler add name="Clear-DNS-Cache" start-date=jan/01/1970 start-time=00:00:00 interval=12h on-event="/ip dns cache flush; :log info \"DNS cache flushed\"" comment="Clear DNS cache every 12 hours"
# 6. Clear Old Connections (Every 4 hours)
/system scheduler add name="Clear-Old-Connections" start-date=jan/01/1970 start-time=00:00:00 interval=4h on-event="/ip firewall connection remove [find]; :log info \"Old connections cleared\"" comment="Clear old firewall connections every 4 hours"
# 7. Monitor Resources (Every hour)
/system scheduler add name="Monitor-Resources" start-date=jan/01/1970 start-time=00:00:00 interval=1h on-event=":local cpuload [/system resource get cpu-load]; :local freemem [/system resource get free-memory]; :local totmem [/system resource get total-memory]; :local usedmem (\$totmem-\$freemem); :local mempercent ((\$usedmem*100)/\$totmem); :if (\$cpuload > 80) do={:log warning \"High CPU usage: \$cpuload%\"}; :if (\$mempercent > 85) do={:log warning \"High memory usage: \$mempercent%\"}" comment="Monitor system resources hourly"
# 8. Clear Wireless Registration (Every 2 hours)
/system scheduler add name="Clear-Wireless-Reg" start-date=jan/01/1970 start-time=00:00:00 interval=2h on-event="/interface wireless registration-table remove [find]; :log info \"Wireless registration table cleared\"" comment="Clear wireless registration table every 2 hours"
# 9. Weekly Backup (01:00 Sunday)
/system scheduler add name="Weekly-Backup" start-date=jan/01/1970 start-time=01:00:00 interval=7d on-event=":local date [/system clock get date]; :local time [/system clock get time]; /export file=(\"backup-\" . \$date . \"-\" . \$time); /system backup save name=(\"system-backup-\" . \$date); :log info \"Weekly backup completed\"" comment="Create weekly backup every Sunday at 1 AM"
# 10. Interface Watchdog (Every 5 minutes)
/system scheduler add name="Interface-Watchdog" start-date=jan/01/1970 start-time=00:00:00 interval=5m on-event=":if ([/interface get wan-modem running] != true) do={/interface enable wan-modem; :log warning \"WAN interface was down, re-enabled\"}; :if ([/interface get wlan1 running] != true) do={/interface enable wlan1; :log warning \"WLAN interface was down, re-enabled\"}" comment="Check and re-enable interfaces if down"
# Performance Optimizations
/ip settings set tcp-syncookies=yes ip-forward=yes max-neighbor-entries=256
/interface wireless set wlan1 tx-power=20 distance=indoors adaptive-noise-immunity=ap-and-client-mode wmm-support=enabled
/ip firewall connection tracking set tcp-established-timeout=1d tcp-fin-wait-timeout=10s udp-timeout=10s generic-timeout=10m
:log info "All maintenance schedules installed successfully!"
MONITORING SCHEDULE STATUS
Cek Status Semua Schedule
/system scheduler print detail
Cek Log untuk Melihat Aktivitas Schedule
/log print where topics~"system"
Disable/Enable Schedule Tertentu
# Disable
/system scheduler disable "Weekly-Reboot"
# Enable
/system scheduler enable "Weekly-Reboot"
Remove Schedule (Jika Diperlukan)
/system scheduler remove [find name="Clear-Logs-Daily"]
CATATAN PENTING SCHEDULE MAINTENANCE
Untuk Device hAP lite (32MB RAM):
- Jangan terlalu agresif dengan schedule clearing - device ini memiliki resource terbatas
- Monitor log untuk memastikan schedule berjalan tanpa error
- Weekly reboot sangat direkomendasikan untuk device low-end seperti ini
- Backup otomatis penting karena device ini rentan terhadap corruption jika power tidak stabil
Schedule yang Paling Penting:
- Weekly Reboot: Mencegah memory leak dan refreshing system
- Clear Logs Daily: Mencegah log memenuhi storage yang terbatas (16MB)
- Clear DNS Cache: Meningkatkan response DNS dan mengurangi memory usage
- Interface Watchdog: Auto-recovery jika interface bermasalah
Tips Monitoring:
# Cek memory usage
/system resource print
# Cek uptime
/system resource get uptime
# Cek temperature (jika tersedia)
/system health print
# Cek storage usage
/file print detail
CATATAN PENTING UMUM
- Kompatibilitas: RB941-2nD hanya support Winbox 3.x
- Power: Device ini dapat di-power melalui USB 5V atau power adapter
- Port Speed: Semua ethernet port maksimal 100Mbps (Fast Ethernet)
- Memory: Dengan 32MB RAM, hindari konfigurasi yang terlalu kompleks
- Wireless: Hanya support 2.4GHz, tidak ada 5GHz
- Update Firmware: Pastikan backup sebelum update firmware ke versi yang lebih baru
