![Page 1: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/1.jpg)
MikroTik RouterOSTraining Class
MTCNA Townet Wispmax 3 Febbraio 2010
![Page 2: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/2.jpg)
Schedule
• Training day: 9AM - 6PM
• 30 minute Breaks: 10:30AM and 4PM• 30 minute Breaks: 10:30AM and 4PM
• 1 hour Lunch: 01:00PM
2
![Page 3: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/3.jpg)
Course Objective
• Overview of RouterOS software and RouterBoard capabilities RouterBoard capabilities
• Hands-on training for MikroTik router configuration, maintenance and basic troubleshooting
3
![Page 4: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/4.jpg)
About MikroTik
• Router software and hardware manufacturer
• Products used by ISPs, companies and individualsindividuals
• Make Internet technologies faster, powerful and affordable to wider range of users
4
![Page 5: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/5.jpg)
MikroTik's History
• 1995: Established
• 1997: RouterOS software for x86 (PC)
•• 2002: RouterBOARD is born
• 2006: First MUM
5
![Page 6: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/6.jpg)
Where is MikroTik?
• www.mikrotik.com
• www.routerboard.com•• Riga, Latvia, Northern Europe,
EU
6
![Page 7: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/7.jpg)
Where is MikroTik ?
7
![Page 8: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/8.jpg)
Introduce Yourself• Please, introduce yourself to the class
• Your name
• Your Company
• Your previous knowledge about RouterOS(?)(?)
• Your previous knowledge about networking (?)
• What do you expect from this course? (?)
• Please, remember your class XY number. _____ 8
![Page 9: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/9.jpg)
MikroTik RouterOSMikroTik RouterOS
9
![Page 10: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/10.jpg)
What is RouterOS ?
• RouterOS is an operating system that will make your device:
• a dedicated router• a dedicated router
• a bandwidth shaper
• a (transparent) packet filter
• any 802.11a,b/g wireless device
10
![Page 11: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/11.jpg)
What is RouterOS ?
•• The operating system of RouterBOARD
• Can be also installed on a PC
11
![Page 12: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/12.jpg)
What is RouterBOARD ?• Hardware created by MikroTik
• Range from small home routers to carrier-class access concentrators
12
![Page 13: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/13.jpg)
First Time Access
Null ModemNull ModemCable
Ethernetcable
13
![Page 14: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/14.jpg)
Winbox
• The application for configuring RouterOS• The application for configuring RouterOS
• It can be downloaded from www.mikrotik.com
14
![Page 15: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/15.jpg)
Download Winbox
15
![Page 16: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/16.jpg)
Connecting
Click on the [...] button to see your router
16
![Page 17: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/17.jpg)
Communication
• Process of communication is divided into seven layersseven layers
• Lowest is physical layer, highest is application layer
17
![Page 18: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/18.jpg)
18
![Page 19: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/19.jpg)
MAC address
• It is the unique physical address of a network devicenetwork device
• It’s used for communication within LAN
• Example: 00:0C:42:20:97:68
19
![Page 20: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/20.jpg)
IP
• It is logical address of network device
•• It is used for communication over networks
• Example: 159.148.60.20
20
![Page 21: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/21.jpg)
Subnets
• Range of logical IP addresses that • Range of logical IP addresses that divides network into segments
• Example: 255.255.255.0 or /24
21
![Page 22: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/22.jpg)
Subnets
• Network address is the first IP address of the subnetthe subnet
• Broadcast address is the last IP address of the subnet
• They are reserved and cannot be used
22
![Page 23: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/23.jpg)
23
![Page 24: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/24.jpg)
Selecting IP address
• Select IP address from the same subnet on local networkson local networks
• Especially for big network with multiple subnets
24
![Page 25: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/25.jpg)
Selecting IP address Example
• Clients use different subnet masks /25 and /26
• A has 192.168.0.200/26 IP address•• B use subnet mask /25, available addresses
192.168.0.129-192.168.0.254
• B should not use 192.168.0.129-192.168.0.192
• B should use IP address from 192.168.0.193 -192.168.0.254/25
25
![Page 26: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/26.jpg)
Connecting
Ethernet
Winbox
EthernetCable
26
![Page 27: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/27.jpg)
Connecting Lab
• Click on the Mac-Address in Winbox• Click on the Mac-Address in Winbox
• Default username “admin” and no password
27
![Page 28: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/28.jpg)
Diagram
Your RouterYour LaptopClass AP
28
![Page 29: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/29.jpg)
Laptop - Router
• Disable any other interfaces (wireless) in your laptop
•• Set 192.168.X.1 as IP address
• Set 255.255.255.0 as Subnet Mask
• Set 192.168.X.254 as Default Gateway
29
![Page 30: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/30.jpg)
Laptop - Router• Connect to router with MAC-Winbox
• Add 192.168.X.254/24 to Ether1
30
![Page 31: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/31.jpg)
Laptop - Router
• Close Winbox and connect again using IP addressIP address
• MAC-address should only be used when there is no IP access
31
![Page 32: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/32.jpg)
Laptop Router Diagram
Your RouterYour LaptopClass AP
192.168.X.1
192.168.X.254
32
![Page 33: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/33.jpg)
Router Internet
Your RouterYour LaptopClass AP
192.168.X.1
192.168.X.254
33
![Page 34: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/34.jpg)
Router - Internet
• The Internet gateway of your class is accessible over wireless - it is an AP (access point)(access point)
• To connect you have to configure the wireless interface of your router as a station
34
![Page 35: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/35.jpg)
Router - Internet
To configure wireless wireless interface, double-click on it’s name
35
![Page 36: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/36.jpg)
Router - Internet
• To see available AP use scan button
• Select class1 and click on connect• Select class1 and click on connect
• Close the scan window
• You are now connected to AP!
• Remember class SSID class1
36
![Page 37: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/37.jpg)
Router - Internet
• The wireless interface also needs an IP address
•• The AP provides automatic IP addresses over DHCP
• You need to enable DHCP client on your router to get an IP address
37
![Page 38: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/38.jpg)
Router - Internet
38
![Page 39: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/39.jpg)
Router - Internet
Check Internet Check Internet connectivity by traceroute
39
![Page 40: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/40.jpg)
Router Internet
Your RouterYour LaptopClass AP
DHCP-ClientWireless
40
![Page 41: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/41.jpg)
Laptop - Internet
Your router too can be a DNS server for your local network (laptop)
41
![Page 42: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/42.jpg)
Laptop - Internet
• Tell your Laptop to use your router as the DNS serverthe DNS server
• Enter your router IP (192.168.x.254) as the DNS server in laptop network settings
42
![Page 43: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/43.jpg)
Laptop - Internet
• Laptop can access the router and the router can access the internet, one more step is requiredstep is required
• Make a Masquerade rule to hide your private network behind the router, make Internet work in your laptop
43
![Page 44: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/44.jpg)
Private and Public space
• Masquerade is used for Public network access, where private addresses are present
• Private networks include 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255
44
![Page 45: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/45.jpg)
Laptop - Internet
45
![Page 46: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/46.jpg)
Check Connectivity
Ping www.mikrotik.com from your laptop
46
![Page 47: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/47.jpg)
What Can Be Wrong• Router cannot ping further than AP
• Router cannot resolve names
• Computer cannot ping further than router• Computer cannot ping further than router
• Computer cannot resolve names
• Is masquerade rule working
• Does the laptop use the router as default gateway and DNS
47
![Page 48: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/48.jpg)
Network Diagram
Your RouterYour LaptopClass AP
Your RouterYour Laptop
192.168.X.1
192.168.X.254
DHCP-Client
48
![Page 49: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/49.jpg)
User Management• Access to the router can be controlled
• You can create different types of users
49
![Page 50: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/50.jpg)
User Management Lab
• Add new router user with full access
• Make sure you remember user name• Make sure you remember user name
• Make admin user as read-only
• Login with your new user
50
![Page 51: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/51.jpg)
Upgrading Router Lab
• Download packages from ftp://192.168.200.254
• Upload them to router with Winbox• Upload them to router with Winbox
• Reboot the router
• Newest packages are always available on www.mikrotik.com
51
![Page 52: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/52.jpg)
Upgrading Router
• Use combined RouterOSRouterOSpackage
• Drag it to the Files window
52
![Page 53: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/53.jpg)
Package Management
RouterOSfunctions are enabled by packages
53
![Page 54: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/54.jpg)
Package Information
54
![Page 55: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/55.jpg)
Package Lab
• Disable wireless
• Reboot• Reboot
• Check interface list
• Enable wireless
55
![Page 56: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/56.jpg)
Router Identity
Option to set name for each router
56
![Page 57: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/57.jpg)
Router IdentityIdentity information is shown in different places
57
![Page 58: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/58.jpg)
Router Identity Lab
Set your number + your name as router identity
58
![Page 59: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/59.jpg)
NTP
• Network Time Protocol, to synchronize time time
• NTP Client and NTP Server support in RouterOS
59
![Page 60: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/60.jpg)
Why NTP
• To get correct clock on router
•• For routers without internal memory to save clock information
• For all RouterBOARDs
60
![Page 61: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/61.jpg)
NTP ClientNTP package is not required
61
![Page 62: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/62.jpg)
Configuration Backup• You can backup and restore
configuration in the Files menu of Winbox
• Backup file is not editable• Backup file is not editable
62
![Page 63: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/63.jpg)
Configuration Backup• Additionally use export and import
commands in CLI
• Export files are editable
•• Passwords are not saved with export
/export file=conf-august-2009/ ip firewall filter export file=firewall-aug-2009/ file print/ import [Tab]
63
![Page 64: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/64.jpg)
Backup Lab
• Create Backup and Export files• Create Backup and Export files
• Download them to your laptop
• Open export file with text editor
64
![Page 65: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/65.jpg)
Netinstall
• Used for installing and reinstalling RouterOS
• Runs on Windows computers• Runs on Windows computers
• Direct network connection to router is required or over switched LAN
• Available at www.mikrotik.com
65
![Page 66: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/66.jpg)
Netinstall1.List of routers
2.Net Booting
3.3.Keep old configuration
4.Packages
5.Install
66
![Page 67: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/67.jpg)
Optional Lab
• Download Netinstall from ftp://192.168.100.254
• Run Netinstall• Run Netinstall
• Enable Net booting, set address 192.168.x.13
• Use null modem cable and Putty to connect
• Set router to boot from Ethernet
67
![Page 68: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/68.jpg)
RouterOS License
• All RouterBOARDs shipped with license
• Several levels available, no upgrades• Several levels available, no upgrades
• Can be viewed in system license menu
• License for PC can be purchased frommikrotik.com or from distributors
68
![Page 69: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/69.jpg)
License
69
![Page 70: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/70.jpg)
Obtain License
Login to Login to your account
70
![Page 71: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/71.jpg)
Update License for 802.11N
71
• 8-symbol software-ID system isintroduced• Update key on existing routers to get fullfeatures support (802.11N, etc.)
![Page 72: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/72.jpg)
SummarySummary
72
![Page 73: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/73.jpg)
Useful Links
• www.mikrotik.com - manage licenses, documentationdocumentation
• forum.mikrotik.com - share experience with other users
• wiki.mikrotik.com - tons of examples
73
![Page 74: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/74.jpg)
FirewallFirewall
74
![Page 75: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/75.jpg)
Firewall
• Protects your router and clients from unauthorized accessunauthorized access
• This can be done by creating rules in Firewall Filter and NAT facilities
75
![Page 76: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/76.jpg)
Firewall Filter
• Consists of user defined rules that work on the IF-Then principleon the IF-Then principle
• These rules are ordered in Chains
• There are predefined Chains, and User created Chains
76
![Page 77: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/77.jpg)
Filter Chains
• Rules can be placed in three default chains
•• input (to router)
• output (from router)
• forward (trough the router)
77
![Page 78: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/78.jpg)
Firewall Chains
Input
OutputPing from Router
Winbox
ForwardWWW E-Mail
78
![Page 79: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/79.jpg)
Firewall Chains
79
![Page 80: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/80.jpg)
Input
• Chain contains filter rules that protect the • Chain contains filter rules that protect the router itself
• Let’s block everyone except your laptop
80
![Page 81: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/81.jpg)
Input
Add an acceptrule for your rule for your Laptop IP address
81
![Page 82: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/82.jpg)
Input
Add a drop rule Add a drop rule in input chain to drop everyone else
82
![Page 83: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/83.jpg)
Input Lab
• Change your laptop IP address, 192.168.x.y192.168.x.y
• Try to connect. The firewall is working
• You can still connect with MAC-address, Firewall Filter is only for IP
83
![Page 84: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/84.jpg)
Input
• Access to your router is blocked
• Internet is not working
•• Because we are blocking DNS requests as well
• Change configuration to make Internet working
84
![Page 85: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/85.jpg)
Input• You can
disable MAC access in the MAC Servermenumenu
• Change the Laptop IP address back to 192.168.X.1, and connect with IP 8
5
![Page 86: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/86.jpg)
Address-List
• Address-list allows you to filter group of the addresses with one rule
•• Automatically add addresses by address-list and then block
86
![Page 87: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/87.jpg)
Address-List• Create different lists
• Subnets, separates ranges, one host addresses are supported
87
![Page 88: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/88.jpg)
Address-List
• Add specific host to address-listaddress-list
• Specify timeout for temporary service
88
![Page 89: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/89.jpg)
Address-List in Firewall
• Ability to block • Ability to block by source and destination addresses
89
![Page 90: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/90.jpg)
Address-List Lab
• Create address-list with allowed IP • Create address-list with allowed IP addresses
• Add accept rule for the allowed addresses
90
![Page 91: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/91.jpg)
Forward
• Chain contains rules that control packets • Chain contains rules that control packets going trough the router
• Control traffic to and from the clients
91
![Page 92: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/92.jpg)
Forward
• Create a rule that will block TCP port 80 TCP port 80 (web browsing)
• Must select protocol to block ports
92
![Page 93: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/93.jpg)
Forward
• Try to open www.mikrotik.com
•• Try to open http://192.168.X.254
• Router web page works because drop rule is for chain=forward traffic
93
![Page 94: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/94.jpg)
List of well-known ports
94
![Page 95: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/95.jpg)
Forward
Create a rule that will Create a rule that will block client’s p2p traffic
95
![Page 96: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/96.jpg)
Firewall Log• Let’s log client
pings to the router
• Log rule should be added before be added before other action
96
![Page 97: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/97.jpg)
Firewall Log
97
![Page 98: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/98.jpg)
Firewall chains
• Except of the built-in chains (input, forward, output), custom chains can be forward, output), custom chains can be created
• Make firewall structure more simple
• Decrease load of the router
98
![Page 99: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/99.jpg)
Firewall chains in Action• Sequence of
the firewall custom chains
• Custom • Custom chains can be for viruses, TCP, UDP protocols, etc.
99
![Page 100: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/100.jpg)
Firewall chain Lab
• Download viruses.rsc from router (access by FTP)(access by FTP)
• Export the configuration by import command
• Check the firewall
10
![Page 101: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/101.jpg)
Connections
10
![Page 102: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/102.jpg)
Connection State
• Advise, drop invalid connections
• Firewall should proceed only new • Firewall should proceed only new packets, it is recommended to exclude other types of states
• Filter rules have the “connection state” matcher for this purpose
10
![Page 103: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/103.jpg)
Connection State
• Add rule to drop invalid packets
• Add rule to accept established packets• Add rule to accept established packets
• Add rule to accept related packets
• Let Firewall to work with new packets only
10
![Page 104: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/104.jpg)
SummarySummary
10
![Page 105: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/105.jpg)
Network Address Translation
10
![Page 106: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/106.jpg)
NAT
• Router is able to change Source or Destination address of packets flowing Destination address of packets flowing trough it
• This process is called src-nat or dst-nat
10
![Page 107: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/107.jpg)
SRC-NAT
SRC-AddressNew
SRC-Address
Your Laptop Remote Server
10
![Page 108: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/108.jpg)
DST-NAT
Private NetworkServer
Public Host
DST-AddressNew DST-Address
Server
10
![Page 109: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/109.jpg)
NAT Chains
• To achieve these scenarios you have to order your NAT rules in appropriate order your NAT rules in appropriate chains: dstnat or srcnat
• NAT rules work on IF-THEN principle
10
![Page 110: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/110.jpg)
DST-NAT
• DST-NAT changes packet’s destination address and portaddress and port
• It can be used to direct internet users to a server in your private network
11
![Page 111: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/111.jpg)
DST-NAT Example
Web Server192.168.1.1
Some Computer
DST-Address207.141.27.45:80
New DST-Address192.168.1.1:80
192.168.1.1
11
![Page 112: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/112.jpg)
DST-NAT ExampleCreate a rule to forward traffic to WEB server in
private network
11
![Page 113: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/113.jpg)
Redirect
• Special type of DST-NAT
• This action redirects packets to the router • This action redirects packets to the router itself
• It can be used for proxying services (DNS, HTTP)
11
![Page 114: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/114.jpg)
Redirect exampleDST-Address
Configured_DNS_Server:53
New DST-AddressRouter:53
DNS Cache
11
![Page 115: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/115.jpg)
Redirect Example
• Let’s make local users to use Router DNS Router DNS cache
• Also make rule for udp protocol
11
![Page 116: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/116.jpg)
SRC-NAT
• SRC-NAT changes packet’s source addressaddress
• You can use it to connect private network to the Internet through public IP address
• Masquerade is one type of SRC-NAT
11
![Page 117: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/117.jpg)
Masquerade
Src Address192.168.X.1
Src Addressrouter address
192.168.X.1 Public Server
11
![Page 118: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/118.jpg)
SRC-NAT Limitations
• Connecting to internal servers from outside is not possible (DST-NAT outside is not possible (DST-NAT needed)
• Some protocols require NAT helpers to work correctly
11
![Page 119: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/119.jpg)
NAT Helpers
11
![Page 120: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/120.jpg)
Firewall Tips
• Add comments to your rules• Add comments to your rules
• Use Connection Tracking or Torch
12
![Page 121: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/121.jpg)
Connection Tracking
• Connection tracking manages • Connection tracking manages information about all active connections.
• It should be enabled for Filter and NAT
12
![Page 122: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/122.jpg)
Connection Tracking
12
![Page 123: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/123.jpg)
Torch
Detailed actual traffic report for interface12
![Page 124: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/124.jpg)
Firewall Actions• Accept
• Drop
• Reject
• Tarpit• Tarpit
• log
• add-src-to-address-list(dst)
• Jump, Return
• Passthrough12
![Page 125: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/125.jpg)
NAT Actions
• Accept
• DST-NAT/SRC-NAT• DST-NAT/SRC-NAT
• Redirect
• Masquerade
• Netmap
12
![Page 126: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/126.jpg)
SummarySummary
12
![Page 127: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/127.jpg)
Bandwidth LimitBandwidth Limit
12
![Page 128: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/128.jpg)
Simple Queue
• The easiest way to limit bandwidth:
• client download• client download
• client upload
• client aggregate, download+upload
12
![Page 129: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/129.jpg)
Simple Queue
• You must use Target -Address for • You must use Target -Address for Simple Queue
• Rule order is important for queue rules
12
![Page 130: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/130.jpg)
Simple Queue• Let’s
create limitation for your for your laptop
• 64k Upload, 128k Download
Client’s address
Limitsto configure
13
![Page 131: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/131.jpg)
Simple Queue
• Check your limits• Check your limits
• Torch is showing bandwidth rate
13
![Page 132: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/132.jpg)
Using Torch
• Select local network interfaceinterface
• See actual bandwidth
Set InterfaceSet LaptopAddress
Check the Results
13
![Page 133: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/133.jpg)
Specific Server Limit
• Let’s create bandwidth limit to MikroTik.comMikroTik.com
• DST-address is used for this
• Rules order is important
13
![Page 134: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/134.jpg)
Specific Server Limit• Ping
www.mikrotik.com
• Put MikroTik• Put MikroTikaddress to DST-address
• MikroTik address can be used as Target-address too
MikroTik.comAddress
13
![Page 135: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/135.jpg)
Specific Server Limit
• DST-address is useful to set unlimited access to the local unlimited access to the local network resources
• Target-address and DST-addresses can be vice versa
13
![Page 136: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/136.jpg)
Bandwidth Test Utility• Bandwidth test can be used to monitor
throughput to remote device
• Bandwidth test works between two MikroTik routersMikroTik routers
• Bandwidth test utility available for Windows
• Bandwidth test is available on MikroTik.com
13
![Page 137: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/137.jpg)
Bandwidth Test on Router
• Set Test To as testing address
• Select protocol
•
13
• TCP supports multiple connections
• Authentication might be required
![Page 138: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/138.jpg)
Bandwidth Server
• Set Test To as testing address
• Select protocol
•
13
• TCP supports multiple connections
• Authentication might be required
![Page 139: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/139.jpg)
Bandwidth Test
• Server should be enabled
13
• It is advised to use enabled Authenticate
![Page 140: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/140.jpg)
Traffic Priority• Let’s configure
higher priority for queues
•• Priority 1 is higher than 8
• There should be at least two priority
Select QueuePriority is in Priority is in Advanced TabAdvanced Tab
Set Higher Priority
14
![Page 141: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/141.jpg)
Simple Queue Monitor
• It is possible to get graph for each queue simple rulesimple rule
• Graphs show how much traffic is passed trough queue
14
![Page 142: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/142.jpg)
Simple Queue Monitor
Let’s enable graphing for Queues
14
![Page 143: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/143.jpg)
Simple Queue Monitor• Graphs are
available on WWW
• To view • To view graphs http://router_IP
• You can give it to your customer
14
![Page 144: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/144.jpg)
Advanced QueingAdvanced Queing
14
![Page 145: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/145.jpg)
Mangle• Mangle is used to mark packets
• Separate different type of traffic
•• Marks are active within the router
• Used for queue to set different limitation
• Mangle do not change packet structure (except DSCP, TTL specific actions)
14
![Page 146: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/146.jpg)
Mangle Actions
14
![Page 147: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/147.jpg)
Mangle Actions
• Mark-connection uses connection tracking
• Information about new connection added to connection tracking table
14
connection tracking table
• Mark-packet works with packet directly
• Router follows each packet to apply mark-packet
![Page 148: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/148.jpg)
Optimal Mangle• Queues have packet-mark option only
14
![Page 149: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/149.jpg)
Optimal Mangle
• Mark new connection with mark-connectionconnection
• Add mark-packet for every mark-connection
14
![Page 150: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/150.jpg)
Mangle Example
• Imagine you have second client on the router network with 192.168.X.55 IP addressaddress
• Let’s create two different marks (Gold , Silver ), one for your computer and second for 192.168.X.55
15
![Page 151: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/151.jpg)
Mark Connection
15
![Page 152: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/152.jpg)
Mark Packet
15
![Page 153: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/153.jpg)
Mangle Example
•
15
• Add Marks for second user too
• There should be 4 mangle rules for two groups
![Page 154: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/154.jpg)
Advanced Queuing
• Replace hundreds of queues with just few
•• Set the same limit to any user
• Equalize available bandwidth between users
15
![Page 155: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/155.jpg)
PCQ
• PCQ is advanced Queue type
• PCQ uses classifier to divide traffic (from client point of view; src-address is upload, client point of view; src-address is upload, dst-address is download)
15
![Page 156: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/156.jpg)
PCQ, one limit to all• PCQ allows to set one limit to all users
with one queue
15
![Page 157: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/157.jpg)
One limit to all
• Multiple queue rules are changed by one
15
![Page 158: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/158.jpg)
PCQ, equalize bandwidth• Equally share bandwidth between
customers
15
![Page 159: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/159.jpg)
Equalize bandwidth
• 1M upload/2M download is shared between users
15
![Page 160: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/160.jpg)
PCQ Lab
• Teacher is going to make PCQ lab on the routerrouter
• Two PCQ scenarios are going to be used with mangle
16
![Page 161: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/161.jpg)
SummarySummary
16
![Page 162: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/162.jpg)
WirelessWireless
16
![Page 163: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/163.jpg)
What is Wireless
• RouterOS supports various radio modules that allow communication over the air (2.4GHz and 5GHz)the air (2.4GHz and 5GHz)
• MikroTik RouterOS provides a complete support for IEEE 802.11a, 802.11b and 802.11g wireless networking standards
16
![Page 164: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/164.jpg)
Wireless Standards• IEEE 802.11b - 2.4GHz frequencies,
11Mbps
• IEEE 802.11g - 2.4GHz frequencies, • IEEE 802.11g - 2.4GHz frequencies, 54Mbps
• IEEE 802.11a - 5GHz frequencies, 54Mbps
• IEEE 802.11n - draft, 2.4GHz - 5GHz
16
![Page 165: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/165.jpg)
802.11 b/g Channels1 2 3 4 5 6 7 8 9 10 11
24002483
• (11) 22 MHz wide channels (US)
• 3 non-overlapping channels
• 3 Access Points can occupy same area without interfering
16
![Page 166: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/166.jpg)
802.11a Channels36 40
5150
44 48 52 56 60 64
53505180 5200 5220 5240 5260 5280 5300 5320
5210 5250 5290
585042
149 153
5735
157 161
5745 5765 5785 5805 5815
5760 5800
152 160
• (12) 20 MHz wide channels
• (5) 40MHz wide turbo channels
16
![Page 167: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/167.jpg)
Supported Bands
All 5GHz (802.11a) and 2.4GHz (802.11b/g), including small channels
16
![Page 168: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/168.jpg)
Supported Frequencies
• Depending on your country regulations wireless card might supportwireless card might support
• 2.4GHz: 2312 - 2499 MHz
• 5GHz: 4920 - 6100 MHz
16
![Page 169: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/169.jpg)
Apply Country Regulations
Set wireless interface to apply your to apply your country regulations
16
![Page 170: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/170.jpg)
RADIO Name
• We will use RADIO Name for the same purposes as router identitypurposes as router identity
• Set RADIO Name as Number+YourName
17
![Page 171: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/171.jpg)
Wireless Network
17
![Page 172: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/172.jpg)
Station Configuration• Set Interface
mode=station
• Select band
• Set SSID, Wireless • Set SSID, Wireless Network Identity
• Frequency is not important for client, use scan-list
17
![Page 173: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/173.jpg)
Connect List
• Set of rules used by used by station to select access-point
17
![Page 174: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/174.jpg)
Connect List Lab
• Currently your router is connected to class access-pointclass access-point
• Let’s make rule to disallow connection to class access-point
• Use connect-list matchers
17
![Page 175: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/175.jpg)
Access Point Configuration
• Set Interface mode=ap-bridge
• Select band• Select band
• Set SSID, Wireless Network Identity
• Set Frequency
17
![Page 176: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/176.jpg)
Snooper wireless monitor
• Use Snooper to get total view of the wireless networks on networks on used band
• Wireless interface is disconnected at this moment
17
![Page 177: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/177.jpg)
Registration Table
• View all • View all connected wireless interfaces
17
![Page 178: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/178.jpg)
Security on Access Point
• Access-list is used to set MAC-address securityaddress security
• Disable Default-Authentication to use only Access-list
17
![Page 179: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/179.jpg)
Default Authentication
• Yes, Access-List rules are checked, client is able to connect, if there is no client is able to connect, if there is no deny rule
• No, only Access-List rule are checked
17
![Page 180: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/180.jpg)
Access-List Lab
• Since you have mode=station configured we are going to make lab on teacher’s we are going to make lab on teacher’s router
• Disable connection for specific client
• Allow connection only for specific clients
18
![Page 181: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/181.jpg)
Security
• Let’s enable encryption on wireless network
•• You must use WPA or WPA2 encryption protocols
• All devices on the network should have the same security options
18
![Page 182: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/182.jpg)
Security
• Let’s create WPA encryption for our wireless network
•• WPA Pre-Shared Key is mikrotiktraining
18
![Page 183: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/183.jpg)
Configuration Tip
• To view hidden Pre-Shared Key, click on Hide Passwords
•• It is possible to view other hidden information, except router password
18
![Page 184: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/184.jpg)
Drop Connections between clients
Default -Forwarding used Default -Forwarding used to disable communications between clients connected to the same access-point
18
![Page 185: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/185.jpg)
Default Forwarding
• Access-List rules have higher priority• Access-List rules have higher priority
• Check your access-list if connection between client is working
18
![Page 186: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/186.jpg)
Nstreme
• MikroTik proprietary wireless protocol
• Improves wireless links, especially long-• Improves wireless links, especially long-range links
• To use it on your network, enable protocol on all wireless devices of this network
18
![Page 187: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/187.jpg)
Nstreme Lab• Enable Nstreme
on your router
• Check the • Check the connection status
• Nstreme should be enabled on both routers
18
![Page 188: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/188.jpg)
SummarySummary
18
![Page 189: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/189.jpg)
BridgingBridging
18
![Page 190: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/190.jpg)
Bridge Wireless Network
Your RouterYour LaptopClass AP
Let’s get back to our configuration
192.168.X.1
192.168.X.254
DHCP-Client
19
![Page 191: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/191.jpg)
Bridge Wireless Network
We are going to create one big network
19
![Page 192: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/192.jpg)
Bridge
• We are going to bridge local Ethernet interface with Internet wireless interface
•• Bridge unites different physical interfaces into one logical interface
• All your laptops will be in the same network
19
![Page 193: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/193.jpg)
Bridge
• To bridge you need to create • To bridge you need to create bridge interface
• Add interfaces to bridge ports
193
![Page 194: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/194.jpg)
Create Bridge• Bridge is configured from /interface
bridge menu
194
![Page 195: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/195.jpg)
Add Bridge Port• Interfaces are added to bridge via
ports
195
![Page 196: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/196.jpg)
Bridge
• There are no problems to bridge Ethernet interfaceinterface
• Wireless Clients (mode=station ) do not support bridging due the limitation of 802.11
19
![Page 197: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/197.jpg)
Bridge Wireless
• WDS allows to add wireless client to bridgebridge
• WDS (Wireless Distribution System) enables connection between Access Point and Access Point
19
![Page 198: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/198.jpg)
Set WDS Mode
• Station-wds is special station
19
mode with WDS support
![Page 199: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/199.jpg)
Add Bridge Ports
• Add public and local interface to bridge
• Ether1 (local), wlan1 (public)
19
![Page 200: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/200.jpg)
Access Point WDS
• Enable WDS on AP-bridge, use mode=dynamic-mesh
• WDS interfaces are created on the fly• WDS interfaces are created on the fly
• Use default bridge for WDS interfaces
• Add Wireless Interface to Bridge
20
![Page 201: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/201.jpg)
AP-bridge
• Set AP-bridge settingssettings
• Add Wireless interface to bridge
20
![Page 202: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/202.jpg)
WDS configuration
• Use dynamic-mesh WDS mode
•• WDS interfaces are created on the fly
• Others AP should use dynamic-mesh too
20
![Page 203: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/203.jpg)
WDS
• WDS link is establishedestablished
• Dynamic interface is present
20
![Page 204: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/204.jpg)
WDS Lab• Delete masquerade rule
• Delete DHCP-client on router wireless interfaceinterface
• Use mode=station-wds on router
• Enable DHCP on your laptop
• Can you ping neighbor’s laptop
20
![Page 205: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/205.jpg)
WDS Lab
• Your Router is Transparent Bridge now
• You should be able to ping neighbor •router and computer now
• Just use correct IP address
20
![Page 206: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/206.jpg)
Restore Configuration• To restore configuration manually
• change back to Station mode
•• Add DHCP-Client on correct interface
• Add masquerade rule
• Set correct network configuration to laptop
20
![Page 207: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/207.jpg)
SummarySummary
20
![Page 208: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/208.jpg)
RoutingRouting
20
![Page 209: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/209.jpg)
Route Networks
• Configuration is back
• Try to ping neighbor’s laptop• Try to ping neighbor’s laptop
• Neighbor’s address 192.168.X.1
• We are going to learn how to use route rules to ping neighbor laptop
20
![Page 210: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/210.jpg)
Route
• ip route rules define where packets • ip route rules define where packets should be sent
• Let’s look at /ip route rules
21
![Page 211: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/211.jpg)
Routes• Destination:
networkswhich can be reachedreached
• Gateway:IP of the next router to reach the destination
21
![Page 212: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/212.jpg)
Default Gateway
Default gateway:Default gateway:next hop router where all (0.0.0.0) traffic is sent
21
![Page 213: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/213.jpg)
Set Default Gateway Lab
• Currently you have default gateway received from DHCP-Clientreceived from DHCP-Client
• Disable automatic receiving of default gateway in DHCP-client settings
• Add default gateway manually
21
![Page 214: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/214.jpg)
Dynamic Routes• Look at the
other routes
• Routes with DAC are added added automatically
• DAC route comes from IP address configuration
21
![Page 215: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/215.jpg)
Routes
• A - active
• D - dynamic• D - dynamic
• C - connected
• S - static
21
![Page 216: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/216.jpg)
Static Routes
• Our goal is to ping neighbor laptop• Our goal is to ping neighbor laptop
• Static route will help us to achieve this
21
![Page 217: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/217.jpg)
Static Route
• Static route specifies how to reach specific destination networkspecific destination network
• Default gateway is also static route, it sends all traffic (destination 0.0.0.0) to host - the gateway
21
![Page 218: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/218.jpg)
Static Route
• Additional static route is required to reach your neighbor laptopreach your neighbor laptop
• Because gateway (teacher’s router) does not have information about student’s private network
21
![Page 219: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/219.jpg)
Route to Your Neighbor
• Remember the network structure
• Neighbor’s local network is • Neighbor’s local network is 192.168.x.0/24
• Ask your neighbor the IP address of their wireless interface
21
![Page 220: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/220.jpg)
Network Structure
22
![Page 221: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/221.jpg)
Route To Your Neighbor
• Add one route rule
• Set Destination, destination is neighbor’s local networkneighbor’s local network
• Set Gateway, address which is used to reach destination - gateway is IP address of neighbor’s router wireless interface
22
![Page 222: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/222.jpg)
Route Your Neighbor
• Add static route
• Set Destination • Set Destination and Gateway
• Try to ping Neighbor’s Laptop
22
![Page 223: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/223.jpg)
Router To Your Neighbor
You should be able to ping neighbor’s laptop nowYou should be able to ping neighbor’s laptop now
22
![Page 224: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/224.jpg)
Dynamic Routes
• The same configuration is possible with dynamic routes
•• Imagine you have to add static routes to all neighbors networks
• Instead of adding tons of rules, dynamic routing protocols can be used
22
![Page 225: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/225.jpg)
Dynamic Routes
•• Easy in configuration, difficult in managing/troubleshooting
• Can use more router resources
22
![Page 226: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/226.jpg)
Dynamic Routes
• We are going to use OSPF• We are going to use OSPF
• OSPF is very fast and optimal for dynamic routing
• Easy in configuration
22
![Page 227: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/227.jpg)
OSPF configuration
• Add correct network to network to OSPF
• OSPF protocol will be enabled
22
![Page 228: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/228.jpg)
OSPF LAB
• Check route table
•
22
• Try to ping other neighbor now
• Remember, additional knowledge required to run OSPF on the big network
![Page 229: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/229.jpg)
SummarySummary
22
![Page 230: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/230.jpg)
Local Network Management
23
![Page 231: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/231.jpg)
Access to Local Network
• Plan network design carefully
• Take care of user’s local access to the • Take care of user’s local access to the network
• Use RouterOS features to secure local network resources
23
![Page 232: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/232.jpg)
ARP
• Address Resolution Protocol
• ARP joins together client’s IP address • ARP joins together client’s IP address with MAC-address
• ARP operates dynamically, but can also be manually configured
23
![Page 233: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/233.jpg)
ARP Table
ARP table provides: IP provides: IP address, MAC-address and Interface
23
![Page 234: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/234.jpg)
Static ARP table
• To increase network security ARP entries can be crated manuallycan be crated manually
• Router’s client will not be able to access Internet with changed IP address
23
![Page 235: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/235.jpg)
Static ARP configuration
• Add Static Entry to ARP table
• Set for interface • Set for interface arp=reply-only to disable dynamic ARP creation
• Disable/enable interface or reboot router
23
![Page 236: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/236.jpg)
Static ARP Lab
• Make your laptop ARP entry as static
• Set arp=reply-only to Local Network • Set arp=reply-only to Local Network interface
• Try to change computer IP address
• Test Internet connectivity
23
![Page 237: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/237.jpg)
DHCP Server
• Dynamic Host Configuration Protocol
•• Used for automatic IP address distribution over local network
• Use DHCP only in secure networks
23
![Page 238: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/238.jpg)
DHCP Server
• To setup DHCP server you should have IP address on the interfaceaddress on the interface
• Use setup command to enable DHCP server
• It will ask you for necessary information
23
![Page 239: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/239.jpg)
DHCP-Server Setup
Click on DHCP Setupto run Setup Wizard
Select interface for DHCP server
Set Network for DHCP,offered automatically
Set Gateway for DHCP clients
Set Addresses thatwill be given to clientsDNS server address
that will be assigned to clientsTime that client may use
IP addressWe are done!
23
![Page 240: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/240.jpg)
Important
• To configure DHCP server on bridge ,set server on bridge interfaceset server on bridge interface
• DHCP server will be invalid , when it is configured on bridge port
24
![Page 241: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/241.jpg)
DHCP Server Lab
• Setup DHCP server on Ethernet Interface where Laptop is connected
•• Change computer Network settings and enable DHCP-client (Obtain an IP address Automatically)
• Check the Internet connectivity
24
![Page 242: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/242.jpg)
DHCP Server Information
Leases provide Leases provide information about DHCP clients
24
![Page 243: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/243.jpg)
Winbox Configuration Tip
Show or hide hide different Winboxcolumns
24
![Page 244: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/244.jpg)
Static Lease
• We can make lease to be staticlease to be static
• Client will not get other IP address
24
![Page 245: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/245.jpg)
Static Lease
• DHCP-server could run without dynamic leasesleases
• Clients will receive only preconfigured IP address
24
![Page 246: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/246.jpg)
Static Lease
•• Set Address-Pool to static-only
• Create Static leases
24
![Page 247: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/247.jpg)
HotSpotHotSpot
24
![Page 248: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/248.jpg)
HotSpot
• Tool for Instant Plug-and-Play Internet access access
• HotSpot provides authentication of clients before access to public network
• It also provides User Accounting
24
![Page 249: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/249.jpg)
HotSpot Usage
• Open Access Points, Internet Cafes, Airports, universities campuses, etc.Airports, universities campuses, etc.
• Different ways of authorization
• Flexible accounting
24
![Page 250: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/250.jpg)
HotSpot Requirements
• Valid IP addresses on Internet and Local InterfacesInterfaces
• DNS servers addresses added to ip dns
• At least one HotSpot user
25
![Page 251: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/251.jpg)
HotSpot Setup
• HotSpot setup is easy• HotSpot setup is easy
• Setup is similar to DHCP Server setup
25
![Page 252: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/252.jpg)
HotSpot Setup
• Run ip hotspot setup
•That’s all for HotSpot
• Select Inteface
• Proceed to answer the questions Select Interface to
run HotSpot on
HotSpot address will be selected automaticallyMasquerade HotSpot network
automaticallyAddresses that will be assigned
to HotSpot clientsWhether to use certificate
together with HotSpot or notIP address to redirect SMTP
(e-mails) to your SMTP serverDNS servers addressfor HotSpot clients
DNS name for HotSpot serverAdd first HotSpot user
Setup
25
![Page 253: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/253.jpg)
Important Notes
• Users connected to HotSpot interface will be disconnected from the Internetbe disconnected from the Internet
• Client will have to authorize in HotSpot to get access to Internet
25
![Page 254: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/254.jpg)
Important Notes
• HotSpot default setup creates additional configuration:
•• DHCP-Server on HotSpot Interface
• Pool for HotSpot Clients
• Dynamic Firewall rules (Filter and NAT)
25
![Page 255: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/255.jpg)
HotSpot Help
• HotSpot login page is provided when user tries to access any web-pageuser tries to access any web-page
• To logout from HotSpot you need to go to http://router_IP or http://HotSpot_DNS
25
![Page 256: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/256.jpg)
HotSpot Setup Lab
• Let’s create HotSpot on local Interface• Let’s create HotSpot on local Interface
• Don’t forget HotSpot login and password or you will not be able to get the Internet
25
![Page 257: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/257.jpg)
HotSpot Network Hosts
Information about clients connected to HotSpot router25
![Page 258: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/258.jpg)
HotSpot Active Table
Information about Information about authorized HotSpot clients
25
![Page 259: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/259.jpg)
User Management
Add/Edit/Remove HotSpot users
25
![Page 260: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/260.jpg)
HotSpot Walled-Garden
• Tool to get access to specific resources without HotSpot authorizationwithout HotSpot authorization
• Walled-Garden for HTTP and HTTPS
• Walled-Garden IP for other resources (Telnet, SSH, Winbox, etc.)
26
![Page 261: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/261.jpg)
HotSpot Walled-Garden
Allow access to mikrotik.com
26
![Page 262: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/262.jpg)
Bypass HotSpot• Bypass specific
clients over HotSpot
•• VoIP phones, printers, superusers
• IP-binding is used for that
26
![Page 263: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/263.jpg)
HotSpot Bandwidth Limits
• It is possible to set every HotSpot user with automatic bandwidth limit with automatic bandwidth limit
• Dynamic queue is created for every client from profile
26
![Page 264: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/264.jpg)
HotSpot User Profile
User Profile - set of options used of options used for specific group of HotSpot clients
26
![Page 265: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/265.jpg)
HotSpot Advanced Lab
To give each client To give each client 64k upload and 128k download, set Rate Limit
26
![Page 266: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/266.jpg)
HotSpot Lab
• Add second user
• Allow access to www.mikrotik.com• Allow access to www.mikrotik.comwithout HotSpot authentication for your laptop
• Add Rate-limit 1M/1M for your laptop
26
![Page 267: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/267.jpg)
TunnelsTunnels
26
![Page 268: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/268.jpg)
PPPoE
• Point to Point Protocol over Ethernet is often used to control client connections for DSL, cable modems and plain for DSL, cable modems and plain Ethernet networks
• MikroTik RouterOS supports PPPoEclient and PPPoE server
26
![Page 269: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/269.jpg)
PPPoE Client Setup• Add
PPPoEclient
• You need • You need to set Interace
• Set Login and Password
26
![Page 270: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/270.jpg)
PPPoE Client Lab• Teachers are going to create PPPoE
server on their router
• Disable DHCP-client on router’s outgoing • Disable DHCP-client on router’s outgoing interface
• Set up PPPoE client on outgoing interface
• Set Username class , password class
27
![Page 271: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/271.jpg)
PPPoE Client Setup
• Check PPP connection
•• Disable PPPoE client
• Enable DHCP client to restore old configuration
27
![Page 272: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/272.jpg)
PPPoE Server Setup
• Select • Select Interface
• Select Profile
27
![Page 273: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/273.jpg)
PPP Secret
• User’s database
• Add login and PasswordPassword
• Select service
• Configuration is takef from profile
27
![Page 274: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/274.jpg)
PPP Profiles
• Set of rules used for PPP clients• Set of rules used for PPP clients
• The way to set same settings for different clients
27
![Page 275: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/275.jpg)
PPP Profile
• Local address -
27
• Local address -Server address
• Remote Address -Client address
![Page 276: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/276.jpg)
PPPoE
• Important, PPPoE server runs on the interface
•• PPPoE interface can be without IP address configured
• For security, leave PPPoE interface without IP address configuration
27
![Page 277: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/277.jpg)
Pools
• Pool defines the range of IP addresses for PPP, DHCP and HotSpot clients
•• We will use a pool, because there will be more than one client
• Addresses are taken from pool automatically
27
![Page 278: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/278.jpg)
Pool
27
![Page 279: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/279.jpg)
PPP Status
27
![Page 280: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/280.jpg)
PPTP• Point to Point Tunnel Protocol provides
encrypted tunnels over IP
• MikroTik RouterOS includes support for PPTP client and serverPPTP client and server
• Used to secure link between Local Networks over Internet
• For mobile or remote clients to access company Local network resources
28
![Page 281: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/281.jpg)
PPTP
28
![Page 282: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/282.jpg)
PPTP configuration
• PPTP configuration is very similar to PPPoEPPPoE
• L2TP configuration is very similar to PPTP and PPPoE
28
![Page 283: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/283.jpg)
PPTP client• Add PPTP
Interface
• Specify • Specify address of PPTP server
• Set login and password
28
![Page 284: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/284.jpg)
PPTP Client
• That’s all for PPTP client configuration
• Use Add Default Gateway to route all • Use Add Default Gateway to route all router’s traffic to PPTP tunnel
• Use static routes to send specific traffic to PPTP tunnel
28
![Page 285: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/285.jpg)
PPTP Server• PPTP
Server is able to maintain multiple multiple clients
• It is easy to enable PPTP server
28
![Page 286: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/286.jpg)
PPTP Server Clients
• PPTP client settings are stored in pppsecret
•• ppp secret is used for PPTP, L2TP, PPPoE clients
• ppp secret database is configured on server
28
![Page 287: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/287.jpg)
PPP Profile
•• The same profile is used for PPTP, PPPoE, L2TP and PPP clients
28
![Page 288: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/288.jpg)
PPTP Lab
• Teachers are going to create PPTP server on Teacher’s router
•• Set up PPTP client on outgoing interface
• Use username class password class
• Disable PPTP interface
28
![Page 289: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/289.jpg)
ProxyProxy
28
![Page 290: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/290.jpg)
What is Proxy
• It can speed up WEB browsing by • It can speed up WEB browsing by caching data
• HTTP Firewall
29
![Page 291: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/291.jpg)
Enable Proxy
The main option is Enable , other settings are optional29
![Page 292: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/292.jpg)
Transparent Proxy
• User need to set additional configuration to browser to use Proxyto browser to use Proxy
• Transparent proxy allows to direct all users to proxy automatically
29
![Page 293: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/293.jpg)
Transparent Proxy
• DST-NAT rules required for transparent proxy
•• HTTP traffic should be redirected to router
29
![Page 294: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/294.jpg)
HTTP Firewall
• Proxy access list provides option to filter • Proxy access list provides option to filter DNS names
• You can make redirect to specific pages
29
![Page 295: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/295.jpg)
HTTP Firewall
• Dst-Host, webpage address (http://test.com)
29
(http://test.com)
• Path, anything after http://test.com/PATH
![Page 296: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/296.jpg)
HTTP Firewall
• Create rule to drop access for specific web-pageweb-page
• Create rule to make redirect from unwanted web-page to your company page
29
![Page 297: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/297.jpg)
Web-page logging
• Proxy can log visited Web-Pages by usersusers
• Make sure you have enough resources for logs (it is better to send them to remote)
29
![Page 298: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/298.jpg)
Web-Pages logging
• Add logging rule• Add logging rule
• Check logs
29
![Page 299: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/299.jpg)
Cashing to External
• Cache can be stored on the external drivesdrives
• Store manipulates all the external drives
• Cache can be stored to IDE, SATA, USB, CF, MicroSD drives
29
![Page 300: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/300.jpg)
Store• Manage all external disks
• Newly connected disk should be formatted
30
![Page 301: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/301.jpg)
Add Store• Add store to save proxy to external disk
• Store supports proxy, user-manager, dude
30
![Page 302: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/302.jpg)
SummarySummary
30
![Page 303: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/303.jpg)
DudeDude
30
![Page 304: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/304.jpg)
Dude
• Network monitor program
• Automatic discovery of devices• Automatic discovery of devices
• Draw and Layout map of your networks
• Services monitor and alerts
• It is Free
30
![Page 305: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/305.jpg)
Dude• Dude consists of two parts:
1.Dude server - the actual monitor program. It does not have a graphical program. It does not have a graphical interface. You can run Dude server even on RouterOS
2.Dude client - connects to Dude server and shows all the information it receives
30
![Page 306: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/306.jpg)
Dude Install
• Dude is available at www.mikrotik.comwww.mikrotik.com
• Install is very easy
• Read and use next button
Install Dude Server on computer30
![Page 307: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/307.jpg)
Dude
• Dude is translated to different languages• Dude is translated to different languages
• Available on wiki.mikrotik.com
30
![Page 308: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/308.jpg)
Dude First Launch• Discover
option is offered for offered for the first launch
• You can discover local network
30
![Page 309: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/309.jpg)
Dude Lab• Download Dude from
ftp://192.168.100.254
• Install Dude• Install Dude
• Discover Network
• Add laptop and router
• Disconnect Laptop from Router
30
![Page 310: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/310.jpg)
Dude Usage
310
![Page 311: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/311.jpg)
Dude Usage
311
![Page 312: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/312.jpg)
TroubleshootingTroubleshooting
31
![Page 313: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/313.jpg)
Lost Password
•• The only solution to reset password is to reinstall the router
313
![Page 314: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/314.jpg)
RouterBOARDLicense
• All purchased licenses are stored in the MikroTik account server
• If your router loses the Key for some • If your router loses the Key for some reason - just log into mikrotik.com to get it from keys list
• If the key is not in the list use Request Key option
314
![Page 315: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/315.jpg)
Bad Wireless Signal• check that the antenna connector is
connected 'main' antenna connector
• check that there is no water or moisture • check that there is no water or moisture in the cable
• check that the default settings for the radio are being used
• Use interface wireless reset-configuration
315
![Page 316: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/316.jpg)
No Connection• Try different Ethernet port or cable
• Use reset jumper on RouterBOARD
•• Use serial console to view any possible messages
• Use netinstall if possible
• Contact support ([email protected])
316
![Page 317: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/317.jpg)
Before Certification Test
• Reset the router
•• Restore backup or restore configuration
• Make sure you have access to the Internet and to training.mikrotik.com
31
![Page 318: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/318.jpg)
Certification TestCertification Test
31
![Page 319: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/319.jpg)
Certification test
• Go to http://training.mikrotik.com
• Login with your account• Login with your account
• Look for US/Dallas Training
• Select Essential Training Test
31
![Page 320: MikroTik RouterOS Training Class - · PDF fileCourse Objective • Overview of RouterOS software and RouterBoard capabilities • Hands-on training for MikroTik router configuration,](https://reader034.vdocument.in/reader034/viewer/2022052215/5a703cc67f8b9aac538bbc45/html5/thumbnails/320.jpg)
InstructionsInstructions
32