Вы находитесь на странице: 1из 23

Macwinbox

Lease time
tunnel
1. Ipconfig/release
2. Ipconfig/renew
Static route: exam config miktotik
Ping static- default gateway
Router flag mikrotik
Router OS
Drag drop

Exatra Package 
Manual Package 
Package wireless: system and wireless
Wiki.mikrotik.com: tham khao
How to back up our configuration?
. on the same router: backup file (.backup)
. another router: export file (.rsc)
Export file = NAME
Import NAME

Netinstall use boot protocol 


II.
1. Router OS license
Firewall
Telnet package to mikrotik
IP winbox use: TCP/8291
Write a rule that one person can connect to winbox
LAB:
1. Static route
2. Firewall rules
3. Noone can ping you expect (my IP)
4. No one can connect to ip winbox expect yourself
5. Make a back up file also .rsc file
6. Upgrade yourself routeOS
7. System  identity X_name

DROP AND REJECT: what is the different between drop and reject?

LAB:
1. Reset router
2. The ip we should you is 172.16.x.0/24
3. The ether 2 ip that connected to the routers are 192.168.1.x/24
4. You shoud set identity
5. All router should have default route (default gateway) to 192.168.11.
6. Firewall …..(captured at phone)
14.6.2018
1. Fire wall
2. nat
3. ppp
LAB:
1. Drop all icmp packet on your mikrotik
2. Drop icmp packet to one distinance
LAB2:
1. Make a viber server ip
2. Drop all viber servers
3. Make a list that can connect to viber.
LAB3:
1. Make a rule to add who ping yr mikro (dynamic address list)
2. Then add a rule to block the internet
LAB3:
Drop all winbox connection expect who ping us
LAB5: with more secrets
First make a list the name is 1 is about ping, Second, make list 2 who is in list one with telnet.
Third, allow some who is in list two connect to winbox.
LAB:
Make a rule restrict the webfig of your mikrotik with firewall
3. Disable all services that you do not need
4. Change the winboxport
5. Make a log rule who ping your mikrotik

LAB:
Filter facebook
3. Make a rule with packet size

4.
5.

Private IP:
A: 10.0.0.0-10.255.255.255
B: 172.16.0.0-172.31.255.255
C: 192.168.0.0 - 192.168.255.255
NAT: mean network address translation

LAB:
I have bought this pinlic ip from my provider 8.0.0.1. I want to connect the server which is
172.16.0.2. So do it as soon as you can.
0 write a net rule g

LAB:
1. My ip private address is 172.16.0.0/24
My public address which is static ip is 6.0.0.1 write a nat rule
2. I do not have static ip and isp change my ip every day write a nat rule for this situation my
private range is 172.16.0.0/24
DNS: dns cache;
Udp 53 our request goes with udp 53
TCp 53

Step 1: set dns ip for mikrotik and check allow remote request box
Step 2:

Lab: run DNS cache


Set stactic dns and check it
Redirect just work with DSTNAT. Redirect just redirect to Mikrotik
NAT tabe need enable.
PPPOE is layer 2: it works with broadcast
Broadcash: DHCP,
Ffff.ffff.ffff  broadcast
Routers drop broadcast.

Final Lab:
1. Set system identity
2. Set ip to you mikrotik 10.1.x.0/24 ether 1

3. Set ip ether 2 172.16.1.x/24

4. Set default gateway the mikrotik that connect to the internet


5. Access to the internet from a Mikrotik

6. Run Dns cache

7. Filter Instagram on your Mikrotik

8. Run port knocking on your mikrotik


9. Change the port number of winbox
10. Disable telnet
11. Take backup + rsc

12. Check connection tracking

Mikrotik can be PPPoE Client and PPPoE Service


PPPoE: layer 2

PPTP: port tcp/1723


IP protocol number 47 – GRE
MPLS, QoS

LAB1:
1. Check your BW
3. Limit your lap to 1mb/s
TIPS:
Access list: mac filt
Different access list and connect list
16.6.2018
EOIP: enthernet over ip.
TTL should be 128
EIOP makes layer 2 tunnel which means the server and the pc are in the same broadcast domain.
BCP allows to bridge Ethernet packets through the PPP link.
Router OS supports BCP (bridge control protocol) for PPP, PPTP, L2TP, PPPoE.
VNP Server
Step 1: make a bridge
Step2: add port to the bridge
Step 3: add ip address on your bridge
Step4: add bridge to PPP profile
Step 5: change mrru to 1600
Step 6: make a user with the profile that you have done
VPT Client
Step 1: make a bridge
Step 2: add port to the bridge
Step 3: add ip on your bridge
Step 4: you have to make VPN client with the profile which add bridge to it.
Step 5: change mrru to 1600

Hotspot:
Bytes in = upload
Bytes out = download

LAB: Make 2 users for daily


Make 2 users for weekly
And then reset counter automatically

Note: ip hotspot user reset-counters [find profile=Daily]


Tip:
17.6.2018
Ip binding: less something w  source
Wallet-garden:  destinon

If you have hotspot on the interface is not possible to connect to user manager with that ip.
So use another ip.
/tool user-manager customer print
Tool user-manager customer add login=Ni password=123
TIP: change hotspot login page
The file is login.html
To rest to the

/Tool user-manager database save


/Tool user-manager database load
18.6.2018
Routing protocol: + help find best router.
+ Teach routing protocol to all network in the baranchs
 RIP: it’s going to be expired
 OSPF: standard
 EIGRP: cisco…
OSPF (open shortest path first): V1: expired
V2: IPv4
V3: IPv6
Why we should have ….: design must have had area to decrease ospf database and your router
performance.
Area zero is a backbone area.
--- ABR (area border router)
ASBR: Autonomous system boundary router

Ext2 (external type 2): does not calculate:


Ext1 (external type 1): calculate metric (all cost on the way)
Default cost for default route is 1
If installed means I must have to have default rout, but always mean send default route .

Summary:
1. ABR: giua cac area
2. ASBR: different protocol.
3. Ext1
4. Ext2
5. Always: luon su dung type cho route
6. In installed: khi co default rout moi su dung cai type
7. Default cost default route: 1
8. Passive interface: don’t send hello packet
9. Hello interval: 10s
10. Dead-interval: 40s
11. Router ID  is a name of router In ospf process. Who the router get the router –ID. Id
you didn’t specify the router, the mikrotik choose the lowest ip address of interface
12. Virtual links: non-backbone area
13. DR and BDR
14. Summarize In Ospf (area range menu)
15. Filtering in ospf
16. OSpf authentication
17. Stub area and nssa: a stub area is an area which does not receive AS external  static
neighbor
18. NBMA: non-broadcast multi access
19. Scope target scop: scope default is 30; target scope default is 10;
20. Mangel Mark routing
21. TTL: time to life
22. Change TTL: muc dich khong de biet cac host (security)
23. ECMP:
24. Check gateway: every 10s, if you put check
25. Adminstrative distance
26. PPPOE Stage
27. Vrrp ttl
28. Ext2

OSPF: it is necessary to specify networks and associated areas where to …..

Hello-time in ospf is 10s


Dead-interval in ospf is 40s
Passive interface: The passive interface is an interface which is added to the ospf but ospf does not
send the hello-packet on it.
Our neighbor will be disconnected.
Are 0.0.0.1 is transit area
TIP: MIkrotik get router-id with lowest ip of interface

How DR and BDR choose, we have something which is called priority.


TIP: Default priority is 1, whoever is the highest priority is DR.
Whoever has highest priority from the others will be BDR
The priority: 0 to 255

Вам также может понравиться