Hello! My name is Karl Auer. I'm with Into6. But today is about MikroTik. - and about networking Into6 (

Similar documents
Grandstream Networks, Inc. GWN7000 Command Line Guide

Aggregate Load Balance with BGP and MPLS MUM ID Oktober 2018 Yogyakarta, Indonesia

New Features and Updates in RouterOS

License Management. Table of Contents. General Information. Summary. Specifications. Description. Summary Specifications Description

Guide to Vyatta Documentation

User Manual. AC ac Wireless Access Point/Router. Model WAC124. NETGEAR, Inc.

Please note, instructions in this guide are based on a PC running Windows 7. Please adapt the actions to suit your operating system.

MikroTik, A Router for Today & Tomorrow

LEGUANG N900 Wireless Router Configuration Guide

MikroTik RouterOS Training. Routing. Schedule. Instructors. Housekeeping. Introduce Yourself. Course Objective 7/4/ :00 10:30 Morning Session I

Chapter 5 Advanced Configuration

Guide to Vyatta Documentation

Guide to Vyatta Documentation

User Manual. MP441W High Availability LTE Router

N450R. 3T3R Wireless-N Dual Band Gigabit Router. User s Manual

Configuration Guide. For Managing EAPs via EAP Controller

MikroTik Security : Built-in Default Configuration

User Manual of RCS1~AP10

IP806GA/GB Wireless ADSL Router

N150 WiFi DSL Modem Router Essentials Edition. N300 WiFi DSL Modem Router Essentials Edition

NCT240 IP DSLAM with IAC4500 VLAN Tagging Implementation

MIKROTIK ROUTEROS LAB WITH VIRTUALIZATION TECHNOLOGIES YANGON, MYANMAR

Wireless and Wired Bridging using Vlan.

COURSE O V E R V I E W

3G/4G Wireless N150 Router m2

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

300M Wireless-N Broadband Router User Manual

G806+H3C WSR realize VPN networking

EnGenius Quick Start Guide

User Manual IDG761AM-0P001 Cellular M2M Gateway

AplombTech Smart Router Manual

MikroTik RouterOS Training Class. MTCNA Townet Wispmax 3 Febbraio 2010

Model:BL-WR Mbps Wireless N Router

Features and usage examples of wap device

MIKROTIK ROUTEROS BURMESE VERSION ONLINE TRAINING CLASS CHAPTER 1

UIP1869V User Interface Guide

VLAN & Wireless Infrastructure

Quick Installation Manual

ARGtek Communication Inc. Tel: Fax:

Quick Installation Guide

Skills Assessment Student Training

AC1200 WiFi Router User Manual

Added Features. 1. PPTP (Point-to-Point Tunneling Protocol)

NBG-416N. Wireless N-lite Home Router. Default Login Details. IMPORTANT! READ CAREFULLY BEFORE USE.

Billion BiPAC 7800VDOX. Setup Guide

FastPath Overview MUM USA, 2016

Advanced User Manual. WiFi/3G/USB Mobile Router.

MikroTik Router Certified Network Associate (MTCNA) + Unifi Wifi Access Point (only got at CISMIC)

MIKROTIK ROUTER SETUP SERVICE MANUAL

4-Ethernet Ports Router & WLAN (802.11n 1x1)ADSL2/2+

Rapidlogger Systems. EnGenius ENS202EXT Access Point

admin wireless settings

User Guide TL-R470T+/TL-R480T REV9.0.2

User Manual DIR-615. Wireless N 300 Home Router

FastPath Overview MUM Eu rope, 2016

Smart Machine Smart Decision. R700_User Guide_V1.05 1

User Guide. For TP-Link Pharos Series Products

Certified Network Associate (MTCNA) Riga, Latvia January 1 - January 3, 2016

User Manual DIR-615. Wireless Router with Built-in 4-port Switch

MikroTik RouterOS Training User Management. VRProService Co.,Ltd.

Multi-site Configuration and Installation Guide Port Forwarding Option

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

Billion BiPAC 7700NR2. Setup Guide

User Manual of 11ac 1200Mbps Outdoor CPE NWA220

NWA300 User Manual of NWA ac Ceiling AP

Wireless-G Router User s Guide

UNIBOX. Hotspot Management Application. Quick Start Guide

Datasheet. Gigabit Routers with SFP. Models: ER-4, ER-6P. Sophisticated Routing Features. Next-Generation Price/Performance Value

TP-Link - TL-WR1043N / TL-WR1043ND. 300Mbps Wireless N Gigabit Router Fiber Setup Guide

SITE-TO-SITE LAYER 2 VPN WITH PPP BCP

EVR b/g/n VPN Router PRODUCT DESCRIPTION

Nighthawk AC1900 Smart WiFi Router User Manual

User Manual of 5.8G Outdoor CPE

Version No. Build Date No./ Release Date. Supported OS Apply to Models New Features/Enhancements. Bugs Fixed/Changes

802.11N Wireless Broadband Router

Conceptronic C100BRS4H Quick Installation Guide. Congratulations on the purchase of your Conceptronic 4-ports Broadband Router.

Radiolabs Bridge in a Box Setup

Datasheet. Gigabit Router with SFP. Models: ER-4. Sophisticated Routing Features. Next-Generation Price/Performance Value. SFP Port for Fiber Uplink

firewall { all-ping enable broadcast-ping disable ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name

Wireless b/g/n 150Mbps AP Router

Peplink Balance Multi-WAN Routers

Linksys E2000 Advanced Wireless-N Router. User Guide

LSI Industries AirLink Network Security. Best Practices. System Information 01/31/18. Physical Access. Software Updates. Network Encryption

D-Link DSR Series Router

Calix T07xG HGU ONT Operation and Maintenance Guide

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

User Manual. Wireless-N ADSL2+ Modem Router

Multi-Homing Broadband Router. User Manual

Gigabit SSL VPN Security Router

Configure 6in4 Tunnel in pfsense. Lawrence E. Hughes. 18 November 2017

LKR Port Broadband Router. User's Manual. Revision C

RX3041. User's Manual

Datasheet. 8-Port 10G SFP+ Router. Model: ER-8-XG. 80 Gbps Aggregate Throughput. 10G Ethernet SFP+ Ports. Hot-Swappable Modular Power Supplies

NBG-418N. Wireless N Home Router. Default Login Details. IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

Gigabit SSL VPN Security Router SG-4800

3G Router 431R/421R/321R/311R/221R/211R. Quick Start Guide

MIMO Wireless Broadband Route r User s Manual 1

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Note... 3 Get to know the Broadband Router... 4 Back Panel...

Advanced Network Routers. Datasheet. Model: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

Wireless Broadband Router

Transcription:

Hello! My name is Karl Auer I'm with Into6 But today is about MikroTik - and about networking... 2013 Into6 (www.into6.com.au) Slide #1

Latvian company; www.mikrotik.com Started in 1995, manufacturer since 2002 Specialises in routing and wireless RouterBOARD hardware RouterOS software 2013 Into6 (www.into6.com.au) Slide #2

A typicalmikrotik router 2x flashing lights T he Mikr otik RB915G-2HnD 1x B/G/N wifi 6x flashing lights 1x USB 2.0 5x gigabit ethernet 2013 Into6 (www.into6.com.au) Slide #3

Very rich feature set Very flexible port arrangements Flexible wireless (AP, station, bridge..) Excellent routing (OSFP, BGP, RIP...) Excellent tunnels (GRE, 6to4, EoIP, IPinIP...) IPSec, PPTP, L2TP support VLAN support IPv4 and IPv6 support 2013 Into6 (www.into6.com.au) Slide #4

Very rich feature set Access via web, ssh, telnet, serial... Powerful firewall with scheduling Powerful NAT features Scripting Scheduling Logging to memory, file, network Can be powered by PoE 2013 Into6 (www.into6.com.au) Slide #5

Very cheap... $100 delivered (RB951-2n is $50 delivered) Great home router (no ADSL though) Great for hobbyists, geeks Great for small business Cheap enough to play with Solid enough for the real world From eg www.duxtel.com.au 2013 Into6 (www.into6.com.au) Slide #6

Some ideas... Use virtual APs for guest/gaming/kids wifi Separate your home and business networks Plug in a 3G dongle as a backup link Attach a disk or two cheap NAS! Use one as an SMS gateway [ your brilliant idea here...] 2013 Into6 (www.into6.com.au) Slide #7

Downsides No two-step configuration No easy cloning No HA features No power backup Plastic (good build quality though) Throughput is middle-of-the road Not enterprise grade 2013 Into6 (www.into6.com.au) Slide #8

Playtime Connect via WiFi (SSID: MikroTik) Browse to 192.168.88.1 No password needed (yet) Look around! 2013 Into6 (www.into6.com.au) Slide #9

Playtime Open a terminal window ( DOS box ) ssh to admin@192.168.88.1 OR telnet to 192.168.88.1, login as admin No password needed (yet) Look around! 2013 Into6 (www.into6.com.au) Slide #10

Initial config (1) Set the router identity Set the router password to mikrotik Set the Wifi SSID Set up WPA/WPA2 + passphrase DON'T click Apply Configuration yet! more on next slide... 2013 Into6 (www.into6.com.au) Slide #11

Initial config (2) Set the local LAN address if desired LAN IP Address 192.168.77.1/24 Check DHCP server Set DHCP Server Range to match LAN Check NAT if appropriate DON'T click Apply Configuration yet! more on next slide... 2013 Into6 (www.into6.com.au) Slide #12

Initial config (3) Set the WAN interface appropriately Here we use DHCP But could use PPPoE with an ADSL modem Try the other options, see what changes Click Apply configuration Reconnect, log in You should have Internet 2013 Into6 (www.into6.com.au) Slide #13

Recap The initial config is all you need for home All you need for a typical single-subnet site (You should configure a firewall though) But doesn't scratch the surface! so let's build a real network. 2013 Into6 (www.into6.com.au) Slide #14

Demo network - goal Two routers connected to one upstream Each router with a loopback address One subnet for each person All subnets can reach each other All subnets can reach the Internet Basic routing with OSPF Basic firewalling 2013 Into6 (www.into6.com.au) Slide #15

2013 Into6 (www.into6.com.au) Slide #16

Physical connections Disconnect from Internet! ether1 on Router A will be Internet Router B will be an internal router ether1 on Router B to ether2 on Router A Remaining ethernet interfaces to laptops 2013 Into6 (www.into6.com.au) Slide #17

Router A Internet interface (1) Set WAN to DHCP Check that it is NATting Set up firewall on gateway interface: Allow established in/forward Allow related in/forward Allow ICMP in/forward Block all else in/forward Reconnect Internet 2013 Into6 (www.into6.com.au) Slide #18

Router A Internet interface (2) Check connectivity /ping www.google.com 2013 Into6 (www.into6.com.au) Slide #19

Router A downstream interface (1) Use ether2 Take ether2 out of the switch group /interface ethernet print detail set X master-port=none \ name=ether2 ( set is all on one line) 2013 Into6 (www.into6.com.au) Slide #20

Router A downstream interface (2) Take ether2 out of the bridge group /interface bridge port print detail remove X 2013 Into6 (www.into6.com.au) Slide #21

Router A downstream interface (3) Select a link subnet and interface address, e.g.: Link subnet: 192.168.100.0/30 Local address: 192.168.100.1 Remote address: 192.168.100.2 2013 Into6 (www.into6.com.au) Slide #22

Router A downstream interface (4) Put the local address on ether2: /ip address add address=192.168.100.1/30 \ interface=ether2 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #23

Router B Upstream (1) Set WAN to Static Set the interface address to 192.168.100.2/30 Set the gateway address to 192.168.100.1 Turn off NAT 2013 Into6 (www.into6.com.au) Slide #24

Router B Upstream (2) Add a default route: /ip route add dst-address=0.0.0.0/0 \ gateway=192.168.100.1 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #25

Router B Upstream (3) Add a DNS server: /ip dns set servers=192.168.100.1 2013 Into6 (www.into6.com.au) Slide #26

Router B Upstream (4) Check connectivity: /ping 192.168.100.1 Check DNS /ping www.google.com 2013 Into6 (www.into6.com.au) Slide #27

Everyone gets a subnet Step1: Pick an interface (check diagram) Step 2: Pick a subnet (check diagram) Step 3: Configure the interface Step 4: See if you can ping the interface from your laptop Step 5: What works, what doesn't? 2013 Into6 (www.into6.com.au) Slide #28

New subnet on interface (1) Take your ethernet interface out of its switch group if necessary /interface ethernet print detail set X master-port=none name=whatever 2013 Into6 (www.into6.com.au) Slide #29

New subnet on interface (2) Take your ethernet interface out of bridge group if necessary /interface bridge port print detail remove X 2013 Into6 (www.into6.com.au) Slide #30

New subnet on interface (3) Select a subnet and gateway address for the interface: Subnet: 192.168.7.0/24 Gateway: 192.168.7.1 Use your selected subnet, not this! Make sure your subnet is unique! 2013 Into6 (www.into6.com.au) Slide #31

New subnet on interface (4) Add the gateway address to your ethernet interface: /ip address add address=192.168.7.1/24 \ interface=name_of_interface (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #32

New subnet on interface (5) Set up an address pool for your subnet: /ip pool add name=pool-fred ranges=192.168.7.10-192.168.7.100 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #33

New subnet on interface (6) Add a DHCP server to your interface: /ip dhcp-server add name=dhcp-fred interface=name_of_interface \ address-pool=pool-fred \ authoritative=yes (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #34

New subnet on interface (7) Tell the new server about the new subnet: /ip dhcp-server network add address=192.168.7.0/24 \ gateway=192.168.7.1 \ dns-server=192.168.7.1 (etc) (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #35

Check new subnet Does the router interface have an address? /ip address print Do you have an address on your laptop's connected interface? Can you ping the gateway? Can you ping www.google.com? 2013 Into6 (www.into6.com.au) Slide #36

Problems! Subnets on Router A can reach the Internet Subnets on Router B can't reach the Internet Subnets on Router A can't reach or respond to those on Router B This is because Router A does not know about the subnets on Router B We need to help it out. 2013 Into6 (www.into6.com.au) Slide #37

Simple but wearisome The simple solution is to add static routes on Router A one for each subnet on Router B Means manually updating routes on Router A every time we add/remove subnets on Router B Doesn't scale well to lots of subnets Doesn't scale well to lots of routers Plenty of room for error! 2013 Into6 (www.into6.com.au) Slide #38

Less simple, but more better A better solution is to run a routing protocol such as OSPF Scales well (many routers, many subnets) After setup, only need to add things in one place The rest of the network updates itself Handles multiple paths 2013 Into6 (www.into6.com.au) Slide #39

Static routes On Router A, add a static route for your subnet, pointing to the link address of Router B. E.g., for 192.168.7.0/24: /ip route add dst-address=192.168.7.0/24 \ gateway=192.168.100.2 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #40

Test your static routes With your static route configured on Router A, you should be able to: Ping any subnet on Router A from Router B Reach the Internet from Router B Reach hosts in your subnet from Router A Test other people's routes too :-) 2013 Into6 (www.into6.com.au) Slide #41

OSPF routing (1) Give each router a (different!) loopback address: /interface bridge add name=loopback /ip address add address=192.168.199.1/32 \ interface=loopback (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #42

OSPF routing (2) Set each router's OSPF router ID to the same value as the loopback address: /routing ospf instance set 0 router-id=192.168.199.1 The router ID is needed The loopback address is optional Just convention that they match 2013 Into6 (www.into6.com.au) Slide #43

OSPF routing (3) On Router A, add all connected networks (except the WAN) to Area 0, e.g.: /routing ospf network add area=backbone \ network=192.168.100.0/30 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #44

OSPF routing (4) On Router B, add the link network to Area 0, i.e..: /routing ospf network add area=backbone \ network=192.168.100.0/30 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #45

OSPF routing (5) On Router B, add your subnet to Area 0, e.g.: /routing ospf network add area=backbone \ network=192.168.7.0/24 (the add is all on one line) 2013 Into6 (www.into6.com.au) Slide #46

OSPF routing (6) Check the routes on both routers: /ip route print detail ADC - these are dynamic, connected A S - these are static ADo - these are dynamic, OSPF You can remove the statics now... 2013 Into6 (www.into6.com.au) Slide #47

Fully routed? At this point: Every subnet should be able to reach every other subnet Every subnet should be able to reach the Internet In short We have a network :-) 2013 Into6 (www.into6.com.au) Slide #48

?Questions? 2013 Into6 (www.into6.com.au) Slide #49

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback