Discussion on UKK TKJ package 2 year 2022/2018 K13

Discussion about UKK TKJ package 2 year 2022/2018

Discussion about UKK TKJ package 2 year 2022/2018 – On this occasion, the admin discusses the topic of the Professional Practical Examination Computer and Network Technology (UPK) Package 2 for 2022/2018 with a 2022 curriculum. With this year’s questions one could say that the questions are more difficult than in previous years, of course below Adding questions with different material.

The discussion about the UPK packet 2 problem in 2022 uses many configurations on the firewall, especially in LAN networks, for wireless networks one focuses more on blocking.
In this discussion, the admin discussed all configurations in detail, starting with LAN and WLAN networks with a GUI (Graphical User Interface) via Winbox.

For MikroTik routers you can use the type RB-941, which already supports wireless. For those of you who don’t have the latest Winbox 2022, you can download it from the article below:
Download the latest Winbox and other versions

Download the UPK TKJ Package 2 Questions HERE
Download the full UKK grid and VET questions HERE


Discussion about UPK TKJ package 2 year 2022/2018 K13 topology

Before working on the UPK or Ujikom questions, you should change the identity and password of the Mikrotik router you are using to avoid misunderstandings with friends who are also working on it.

System identity
Change the identity to the participant’s name to make the process easier and check the proxy router

change the identity of upk tkj package 2

System password
Leave the old password blank and just enter the new password

Discussion about UKK TKJ package 2 year 2022/2018

~ Activate router

The first is to enable the router to connect to the internet.

IP – DHCP Client – Add (+)
Select interface ether1
As in the picture, ether1 got an IP from the server, which is and is in the bound status

Update tkj package 2 routing

open minded New terminal Then test the ping command to google.com to make sure the router is connected to the internet

IP address – add (+)
Enter address and select interface ether2 – Apply – OK

Check Allow remote requests – OK

IP firewall NAT
Chain: srcnat
the end. Interface: Ether1

Action tab

Action masquerade – OK

IP – DHCP server – DHCP setup

Construction :
1. Interface selection ether2 – Next

2. Prefix / 24 – Next

3. Gateway – Next

4. For IP pool, change to – Next

5. DNS as provided by ISP – Next

6. – Next

Update tkj package 2 DHCP server

Up to this point in time, the client connected to the LAN network has automatically received an IP address and Internet access.

~ Static DNS

According to question 11, when you access mikrotik.com you will be redirected to bsnp-indonesia.org, but this should be checked as the IP of bsnp-indonesia.org cannot be redirected to your own site. The following is the static DNS configuration:

IP – DNS – Static – Add (+) Add name: mikrotik.com and address (IP address bsnp-indonesia.org) – OK

Update tkj package 2 static DNS

At this stage the redirect has a problem, namely the redirect can only reach Cloudflare with a DNS resolution error message, but you can change the address with a server from kangarie.com with the IP that already has direct connections to bsnp-indonesia offers .org. You can also go to other websites such as B. Switch to jalantikus.com

~ Block IP through firewall

According to the discussion of the UKK TKJ Package 2 Year 2022/2018, the client with the IP cannot ping the router. The router itself is suitable to have 3 IPs, namely ether1, ether2 and wlan1. Therefore, you need to block ping access from all of these paths. Here is the configuration:

IP firewall filter rules – Add (+)

Chain: entrance

Src address

Etc. Address: => IP Ether1 Please check the address, as the IP will be different depending on the ISP

Protocol: icmp

Update tkj package 2 blocking IP

Add (+)

Make the same configuration, with the difference in:

etc. Address: => IP Ether2 does not change according to the problem

Add (+)

Make the same configuration, with the difference in:

etc. Address: => IP wlan1 does not change according to the problem

Action tab

For Action, select all of the above configurations drops

After this stage is completed, the client connected to the LAN network which has an IP pool of cannot ping the router, but if it gets another IP it will ping it answers.

~ Rules protocol

Create a rule on the firewall so that every access to the router is logged. here is the configuration:

IP – Firewall – Filter Rules – Add (+)

Chain: entrance

Action tab
Action: log
Protocol prefix: Access – OK

Update tkj package 2 rule log

~ HTTP and HTTPS rules

After question number 8, namely bCreate a filter rule that allows HTTP and HTTPS requests from the CLIENT network to the Internet. By default, the Mikrotik router has allowed HTTP and HTTPS requests from clients (https) and is otherwise not accessible. Here are the http and https rule configurations:

IP – Firewall – Filter Rules – Add (+)

Chain: forward

Protocol: tcp

etc. Connections: 80,443

in. Interface: Ether2

the end. Interface: Ether1

Action tab
Action: accept – OK

tkj package 2 rules update https

The configuration on ether2 is complete

~ WiFi configuration

Wireless – check Wlan1

Mode: App Bridge

Enter the subscriber_name @ Proxy for SSID – OK

upgrade tkj package 2 wlan

IP – Hotspot – Hotspot setup

Construction :

1. Interface selection: wlan1 – Next

2. Fill in and check Masquerade Network – Next

3. Change to – Next

4. – Next

5. – Next

6. Leave the DNS blank, but the client will still get DNS from the server – Next

7. Enter the hotspot DNS name, this DNS name is the address when you call up the hotspot page such as login, logout and hotspot status – Next

8. For the user, the question is not given by the user, then leave it alone or fill it out – Continue

Update tkj package 2 hotspot

The discussion of the hotspot configuration in questions 13-15 is closed. Proceed to the locking of the site and the file phase.

~ Block websites and files

Question # 4 says WebProxy = Yes, so the method for blocking sites and files uses the web proxy method. Here is the configuration:

IP – web proxy

Check the box Enable and Cache On Disk, fill in the Cache Administrator according to their respective names, for example: [email protected] – OK

Upgrade tkj package 2 Website blocking

IP – Firewall – NAT – Add (+)

Chain: dstnat

Src. Address:

Protocol: tcp

etc. Ports: 80

in. Interface: wlan1

Action tab
Action: redirect
To port: 8080 – OK

IP – Web Proxy – Access – Add (+)
etc. Host: linux.or.id
Action: refuse – OK

Path: * .mp3
Action: refuse – OK

Path: * .mkv
Action: refuse – OK

The locking of the linux.or.id site and the .mp3 and .mkv files is complete. Note that this web proxy method cannot block sites with https addresses because the check also checks the http site address as download sites for .mp3 and .mp3 files.mkv.

~ Blocking content

In accordance with the edition of UPK TKJ Package 2 Year 2022/2018, if the router blocks content, sites with Mikrotik words or content, it will delete the site so that it cannot be accessed. Here is the discussion:

IP – Firewall – Filter Rules – Add (+)

Chain: forward

Src. Address:

in. Interface: wlan1

“Advanced” tab
Content: Mikrotik

Action tab
Action: drop it – OK

Update tkj package 2 which is blocking content

~ Block internet access after the specified time

Set the time on the Mikrotik router according to the location and time of the running Internet so that the access block function can later work properly. Two time configurations are required to block Internet access, as the time on the proxy is only valid for 1 day.

The first configuration uses the time 19: 00: 00-23: 59: 59 and the second configuration uses the time 00:00:00 – 07:00:00. However, if you are using a proxy version 6.41 or higher, you can enter the configuration directly from 19:00:00 to 07:00:00. Two configurations are used in the following discussion:

System – NTP client or SNTP client

Check the box

Primary NTP server: id.pool.ntp.org or

Secondary NTP server: asia.pool.ntp.org or – OK

tkj package 2 update sntp client

System clock
Time zone name: Asia / Jakarta – Apply – OK

IP – Firewall – Filter Rules – Add (+)
Chain: forward
in. Interface: wlan1

Additional tabs
Time: 19:00:00 – 23:59:59

Action tab Action: drop it – OK

Add (+)
Chain: forward
in. Interface: wlan1

Additional tabs
Time: 00:00:00 – 07:00:00

Action tab
Action: Drop – OK

Complete, ………………….

That is the whole discussion about UKK TKJ Package 2 year 2022/2018, if this discussion is too difficult to understand and there are errors, please understand, as you are still learning, the tutorial was made as easy as possible to make it friends to make it easier to work on this problem. Good luck and good luck at this year’s UKK.

Leave a Reply

Your email address will not be published.