Discussion about UKK TKJ package 2 year 2022/2018 – On this occasion, the admin discusses the topic of the Professional Practical Examination Computer and Network Technology (UPK) Package 2 for 2022/2018 with a 2022 curriculum. With this year’s questions one could say that the questions are more difficult than in previous years, of course below Adding questions with different material.
The discussion about the UPK packet 2 problem in 2022 uses many configurations on the firewall, especially in LAN networks, for wireless networks one focuses more on blocking.
In this discussion, the admin discussed all configurations in detail, starting with LAN and WLAN networks with a GUI (Graphical User Interface) via Winbox.
For MikroTik routers you can use the type RB-941, which already supports wireless. For those of you who don’t have the latest Winbox 2022, you can download it from the article below:
Download the latest Winbox and other versions
Download the UPK TKJ Package 2 Questions HERE
Download the full UKK grid and VET questions HERE
Topology:
Before working on the UPK or Ujikom questions, you should change the identity and password of the Mikrotik router you are using to avoid misunderstandings with friends who are also working on it.
System identity
Change the identity to the participant’s name to make the process easier and check the proxy router
System password
Leave the old password blank and just enter the new password
Discussion about UKK TKJ package 2 year 2022/2018
~ Activate router
The first is to enable the router to connect to the internet.
IP – DHCP Client – Add (+)
Select interface ether1
As in the picture, ether1 got an IP from the server, which is 192.168.43.249 and is in the bound status
open minded New terminal Then test the ping command to google.com to make sure the router is connected to the internet
IP address – add (+)
Enter address 192.168.100.1/24 and select interface ether2 – Apply – OK
IP – DNS
Check Allow remote requests – OK
IP firewall NAT
Chain: srcnat
the end. Interface: Ether1
Action tab
Action masquerade – OK
IP – DHCP server – DHCP setup
Construction :
1. Interface selection ether2 – Next
2. Prefix / 24 – Next
3. Gateway 192.168.100.1 – Next
4. For IP pool, change 192.168.100.254 to 192.168.100.100 – Next
5. DNS as provided by ISP – Next
6. – Next
Up to this point in time, the client connected to the LAN network has automatically received an IP address and Internet access.
~ Static DNS
According to question 11, when you access mikrotik.com you will be redirected to bsnp-indonesia.org, but this should be checked as the IP of bsnp-indonesia.org cannot be redirected to your own site. The following is the static DNS configuration:
IP – DNS – Static – Add (+) Add name: mikrotik.com and address 104.18.48.30 (IP address bsnp-indonesia.org) – OK
At this stage the redirect has a problem, namely the redirect can only reach Cloudflare with a DNS resolution error message, but you can change the address with a server from kangarie.com with the IP 128.199.188.0 that already has direct connections to bsnp-indonesia offers .org. You can also go to other websites such as B. Switch to jalantikus.com
~ Block IP through firewall
According to the discussion of the UKK TKJ Package 2 Year 2022/2018, the client with the IP 192.168.100.2-192.168.100.50 cannot ping the router. The router itself is suitable to have 3 IPs, namely ether1, ether2 and wlan1. Therefore, you need to block ping access from all of these paths. Here is the configuration:
IP firewall filter rules – Add (+)
Chain: entrance
Src address 192.168.100.2-168.100.50
Etc. Address: 192.168.43.249 => IP Ether1 Please check the address, as the IP will be different depending on the ISP
Protocol: icmp
Add (+)
Make the same configuration, with the difference in:
etc. Address: 192.168.100.1 => IP Ether2 does not change according to the problem
Add (+)
Make the same configuration, with the difference in:
etc. Address: 192.168.200.1 => IP wlan1 does not change according to the problem
Action tab
For Action, select all of the above configurations drops
After this stage is completed, the client connected to the LAN network which has an IP pool of 192.168.100.2-192.168.100.50 cannot ping the router, but if it gets another IP it will ping it answers.
~ Rules protocol
Create a rule on the firewall so that every access to the router is logged. here is the configuration:
IP – Firewall – Filter Rules – Add (+)
Chain: entrance
Action tab
Action: log
Protocol prefix: Access – OK
~ HTTP and HTTPS rules
After question number 8, namely bCreate a filter rule that allows HTTP and HTTPS requests from the CLIENT network to the Internet. By default, the Mikrotik router has allowed HTTP and HTTPS requests from clients (https) and is otherwise not accessible. Here are the http and https rule configurations:
IP – Firewall – Filter Rules – Add (+)
Chain: forward
Protocol: tcp
etc. Connections: 80,443
in. Interface: Ether2
the end. Interface: Ether1
Action tab
Action: accept – OK
The configuration on ether2 is complete
~ WiFi configuration
Wireless – check Wlan1
Mode: App Bridge
Enter the subscriber_name @ Proxy for SSID – OK
IP – Hotspot – Hotspot setup
Construction :
1. Interface selection: wlan1 – Next
2. Fill in 192.168.200.1/24 and check Masquerade Network – Next
3. Change 192.168.200.254 to 192.168.200.100 – Next
4. – Next
5. – Next
6. Leave the DNS blank, but the client will still get DNS from the server – Next
7. Enter the hotspot DNS name, this DNS name is the address when you call up the hotspot page such as login, logout and hotspot status – Next
8. For the user, the question is not given by the user, then leave it alone or fill it out – Continue
The discussion of the hotspot configuration in questions 13-15 is closed. Proceed to the locking of the site and the file phase.
~ Block websites and files
Question # 4 says WebProxy = Yes, so the method for blocking sites and files uses the web proxy method. Here is the configuration:
IP – web proxy
Check the box Enable and Cache On Disk, fill in the Cache Administrator according to their respective names, for example: [email protected] – OK
IP – Firewall – NAT – Add (+)
Chain: dstnat
Src. Address: 192.168.200.0/24
Protocol: tcp
etc. Ports: 80
in. Interface: wlan1
Action tab
Action: redirect
To port: 8080 – OK
IP – Web Proxy – Access – Add (+)
etc. Host: linux.or.id
Action: refuse – OK
Path: * .mp3
Action: refuse – OK
Path: * .mkv
Action: refuse – OK
The locking of the linux.or.id site and the .mp3 and .mkv files is complete. Note that this web proxy method cannot block sites with https addresses because the check also checks the http site address as download sites for .mp3 and .mp3 files.mkv.
~ Blocking content
In accordance with the edition of UPK TKJ Package 2 Year 2022/2018, if the router blocks content, sites with Mikrotik words or content, it will delete the site so that it cannot be accessed. Here is the discussion:
IP – Firewall – Filter Rules – Add (+)
Chain: forward
Src. Address: 192.168.200.0/24
in. Interface: wlan1
“Advanced” tab
Content: Mikrotik
Action tab
Action: drop it – OK
~ Block internet access after the specified time
Set the time on the Mikrotik router according to the location and time of the running Internet so that the access block function can later work properly. Two time configurations are required to block Internet access, as the time on the proxy is only valid for 1 day.
The first configuration uses the time 19: 00: 00-23: 59: 59 and the second configuration uses the time 00:00:00 – 07:00:00. However, if you are using a proxy version 6.41 or higher, you can enter the configuration directly from 19:00:00 to 07:00:00. Two configurations are used in the following discussion:
System – NTP client or SNTP client
Check the box
Primary NTP server: id.pool.ntp.org or 203.114.224.31
Secondary NTP server: asia.pool.ntp.org or 202.108.6.95 – OK
System clock
Time zone name: Asia / Jakarta – Apply – OK
IP – Firewall – Filter Rules – Add (+)
Chain: forward
in. Interface: wlan1
Additional tabs
Time: 19:00:00 – 23:59:59
Action tab Action: drop it – OK
Add (+)
Chain: forward
in. Interface: wlan1
Additional tabs
Time: 00:00:00 – 07:00:00
Action tab
Action: Drop – OK
Complete, ………………….
That is the whole discussion about UKK TKJ Package 2 year 2022/2018, if this discussion is too difficult to understand and there are errors, please understand, as you are still learning, the tutorial was made as easy as possible to make it friends to make it easier to work on this problem. Good luck and good luck at this year’s UKK.
