Академический Документы
Профессиональный Документы
Культура Документы
Lease time
tunnel
1. Ipconfig/release
2. Ipconfig/renew
Static route: exam config miktotik
Ping static- default gateway
Router flag mikrotik
Router OS
Drag drop
Exatra Package
Manual Package
Package wireless: system and wireless
Wiki.mikrotik.com: tham khao
How to back up our configuration?
. on the same router: backup file (.backup)
. another router: export file (.rsc)
Export file = NAME
Import NAME
DROP AND REJECT: what is the different between drop and reject?
LAB:
1. Reset router
2. The ip we should you is 172.16.x.0/24
3. The ether 2 ip that connected to the routers are 192.168.1.x/24
4. You shoud set identity
5. All router should have default route (default gateway) to 192.168.11.
6. Firewall …..(captured at phone)
14.6.2018
1. Fire wall
2. nat
3. ppp
LAB:
1. Drop all icmp packet on your mikrotik
2. Drop icmp packet to one distinance
LAB2:
1. Make a viber server ip
2. Drop all viber servers
3. Make a list that can connect to viber.
LAB3:
1. Make a rule to add who ping yr mikro (dynamic address list)
2. Then add a rule to block the internet
LAB3:
Drop all winbox connection expect who ping us
LAB5: with more secrets
First make a list the name is 1 is about ping, Second, make list 2 who is in list one with telnet.
Third, allow some who is in list two connect to winbox.
LAB:
Make a rule restrict the webfig of your mikrotik with firewall
3. Disable all services that you do not need
4. Change the winboxport
5. Make a log rule who ping your mikrotik
LAB:
Filter facebook
3. Make a rule with packet size
4.
5.
Private IP:
A: 10.0.0.0-10.255.255.255
B: 172.16.0.0-172.31.255.255
C: 192.168.0.0 - 192.168.255.255
NAT: mean network address translation
LAB:
I have bought this pinlic ip from my provider 8.0.0.1. I want to connect the server which is
172.16.0.2. So do it as soon as you can.
0 write a net rule g
LAB:
1. My ip private address is 172.16.0.0/24
My public address which is static ip is 6.0.0.1 write a nat rule
2. I do not have static ip and isp change my ip every day write a nat rule for this situation my
private range is 172.16.0.0/24
DNS: dns cache;
Udp 53 our request goes with udp 53
TCp 53
Step 1: set dns ip for mikrotik and check allow remote request box
Step 2:
Final Lab:
1. Set system identity
2. Set ip to you mikrotik 10.1.x.0/24 ether 1
LAB1:
1. Check your BW
3. Limit your lap to 1mb/s
TIPS:
Access list: mac filt
Different access list and connect list
16.6.2018
EOIP: enthernet over ip.
TTL should be 128
EIOP makes layer 2 tunnel which means the server and the pc are in the same broadcast domain.
BCP allows to bridge Ethernet packets through the PPP link.
Router OS supports BCP (bridge control protocol) for PPP, PPTP, L2TP, PPPoE.
VNP Server
Step 1: make a bridge
Step2: add port to the bridge
Step 3: add ip address on your bridge
Step4: add bridge to PPP profile
Step 5: change mrru to 1600
Step 6: make a user with the profile that you have done
VPT Client
Step 1: make a bridge
Step 2: add port to the bridge
Step 3: add ip on your bridge
Step 4: you have to make VPN client with the profile which add bridge to it.
Step 5: change mrru to 1600
Hotspot:
Bytes in = upload
Bytes out = download
If you have hotspot on the interface is not possible to connect to user manager with that ip.
So use another ip.
/tool user-manager customer print
Tool user-manager customer add login=Ni password=123
TIP: change hotspot login page
The file is login.html
To rest to the
Summary:
1. ABR: giua cac area
2. ASBR: different protocol.
3. Ext1
4. Ext2
5. Always: luon su dung type cho route
6. In installed: khi co default rout moi su dung cai type
7. Default cost default route: 1
8. Passive interface: don’t send hello packet
9. Hello interval: 10s
10. Dead-interval: 40s
11. Router ID is a name of router In ospf process. Who the router get the router –ID. Id
you didn’t specify the router, the mikrotik choose the lowest ip address of interface
12. Virtual links: non-backbone area
13. DR and BDR
14. Summarize In Ospf (area range menu)
15. Filtering in ospf
16. OSpf authentication
17. Stub area and nssa: a stub area is an area which does not receive AS external static
neighbor
18. NBMA: non-broadcast multi access
19. Scope target scop: scope default is 30; target scope default is 10;
20. Mangel Mark routing
21. TTL: time to life
22. Change TTL: muc dich khong de biet cac host (security)
23. ECMP:
24. Check gateway: every 10s, if you put check
25. Adminstrative distance
26. PPPOE Stage
27. Vrrp ttl
28. Ext2