New Features and Updates in RouterOS

Similar documents
VPNS BY RICK FREY.

PPP Tunneling. Step by step explanation and configuration for creating PPP Tunnel

Hello! My name is Karl Auer. I'm with Into6. But today is about MikroTik. - and about networking Into6 (

MikroTik Router Certified Network Associate (MTCNA) + Unifi Wifi Access Point (only got at CISMIC)

MikroTik, A Router for Today & Tomorrow

SITE-TO-SITE LAYER 2 VPN WITH PPP BCP

QNAP VPN (Virtual Private Network) Secure network experience

MikroTik Certified Network Associate (MTCRE) Training/Exam

Aggregate Load Balance with BGP and MPLS MUM ID Oktober 2018 Yogyakarta, Indonesia

Setting up L2TP Over IPSec Server for remote access to LAN

MikroTik RouterOS Training. Routing. Schedule. Instructors. Housekeeping. Introduce Yourself. Course Objective 7/4/ :00 10:30 Morning Session I

MikroTik RouterOS v3. New Obvious and Obscure Mikrotik RouterOS v3.0 features

Certified User Management Engineer (MTCUME) Training outline

Certified Network Associate (MTCNA) Riga, Latvia January 1 - January 3, 2016

MUM Ho Chi Minh, Vietnam April Sao Thiên Vương - 1

COURSE O V E R V I E W

Redundancy and Performance on Point to Point link

Manual:BCP bridging (PPP tunnel bridging)

FastPath Overview MUM Eu rope, 2016

Unified Services Routers

USR-G808 User Manual

MikroTik RouterOS Online Training Class Special Series 3

GWN7000 Firmware Release Note IMPORTANT UPGRADING NOTE

FastPath Overview MUM USA, 2016

Secure Access Configuration Guide For Wireless Clients

CAPsMAN Quick Setup Guide, Latest version new features, How to maintain a failover controller(capsman) Georgios Argyrides

Grandstream Networks, Inc. GWN7000 Command Line Guide

Yamaha Router Configuration Training ~ Web GUI ~

How to use VPN L2TP over IPsec

User Guide. For TP-Link Pharos Series Products

MikroTik User Meeting

D-Link DSR Series Router

Hardening MikroTik RouterOS

AplombTech Smart Router Manual

Security SSID Selection: Broadcast SSID:

Monitoring the Network (CPE and WBS)

Series 5000 ADSL Modem / Router. Firmware Release Notes

MikroTik Security : Built-in Default Configuration

MikroTik RouterOS Training User Management. VRProService Co.,Ltd.

NBG-416N. Wireless N-lite Home Router. Default Login Details. IMPORTANT! READ CAREFULLY BEFORE USE.

QVPN Virtual Private Network. Secure network experience

MUM - Beirut, Lebanon - June 14 th 2016

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

Mobile MOUSe WIRELESS TECHNOLOGY SPECIALIST ONLINE COURSE OUTLINE

MWA Deployment Guide. VPN Termination from Smartphone to Cisco ISR G2 Router

MIKROTIK ROUTEROS LAB WITH VIRTUALIZATION TECHNOLOGIES YANGON, MYANMAR

Overview of TDMA Like Protocol v2 protocol

DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0

Configuring Hybrid REAP

User Manual. AC ac Wireless Access Point/Router. Model WAC124. NETGEAR, Inc.

Manual:Interface/Wireless

Cisco CVR100W Wireless-N VPN Router with Highly Secure Business-Class Connectivity for Small Offices/Home Offices (SOHO)

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

802.11N Wireless Broadband Router

DrayTek Vigor Technical Specifications. PPPoE, PPTP, DHCP client, static IP, L2TP*, Ipv6. Redundancy. By WAN interfaces traffic volume

802.11N Wireless ADSL Router

Example - Configuring a Site-to-Site IPsec VPN Tunnel

GE MDS Communications. Product Training & Certification

MikroTik RouterOS v3. New Obvious and Obscure Mikrotik RouterOS v3.0 features

Quick Start Guide for Standalone EAP

300Mbps Wireless N DOCSIS 3.0 Cable Modem Router

MIKROTIK ROUTEROS BURMESE VERSION ONLINE TRAINING CLASS CHAPTER 1

Plug and play solution for managing lan users with MikroTik RouterOS

w w w.apc.com APC 3-in-1 Wireless Mobile Router User s Manual

Configuring your MikroTik as a Standard LucidView Enforcer

MikroTik RouterOS Training Class. MTCNA Townet Wispmax 3 Febbraio 2010

Agile Controller-Campus V100R002C10. Permission Control Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Easy Setup of IP Based CAPsMAN with link failover & CAPs monitor

300Mbps Wireless N Nano Router

802.11ac Wireless Access Point Model WAC104

Wireless-G Router User s Guide

Basic Wireless Settings on the CVR100W VPN Router

Implementing Security in Windows 2003 Network (70-299)

AC1750 Dual Band Wireless Router with StreamBoost Technology. TEW-824DRU (v1.1r) TEW-824DRU

[DOC] MIKROTIK OS CONFIGURATION PRODUCT CATALOG EBOOK

AC1200 WiFi Router User Manual

License Management. Table of Contents. General Information. Summary. Specifications. Description. Summary Specifications Description

Wireless b/g/n 150Mbps AP Router

VPN Routers DSR-150/250/500/1000AC. Product Highlights. Features. Overview. Comprehensive Management Capabilities. Web Authentication Capabilities

BRT-AC828 Dual-WAN VPN Wireless Router

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

PRODUCT OVERVIEW. Learn more about EnGenius Solutions at

AC3000 Tri-Band Wireless Gigabit Dual-WAN VPN SMB Router TEW-829DRU (v1.0r)

VPN2S. Handbook VPN VPN2S. Default Login Details. Firmware V1.12(ABLN.0)b9 Edition 1, 5/ LAN Port IP Address

802.11n Wireless 3G Router WNRT-617G

14 December, Mikrotik V2 9 DAILY BOOKS # Kindle # 3TB3OLQRB7. 14 December, 2017 E-BOOK MIKROTIK V2 9. Document Filetype: PDF 259.

Cloud Hosted Network Monitoring and Authentication. Simple Solution using MikroTik RouterOS

EVR b/g/n VPN Router PRODUCT DESCRIPTION

Wireless LAN Device Series CPE2615. User Manual. v

User Manual. Wireless-N ADSL2+ Modem Router

Wireless LAN Device Series CPE2615. User Manual. v

NBG-418N. Wireless N Home Router. Default Login Details. IMPORTANT! READ CAREFULLY BEFORE USE. KEEP THIS GUIDE FOR FUTURE REFERENCE.

MIKROTIK ROUTER SETUP USERS MANUAL

EVR b/g/n VPN Router

AC1200 Wireless MU-MIMO Gigabit Router

WNAP 3G MOBILE ROUTER. Quick Installation Guide

AC750 Wireless Dual-Band Router CR2. User Manual

Monitoring Remote Access VPN Services

300Mbps. Wireless AP/Client Router TL-WR843N. Highlights

Remote access to router portal

Transcription:

New Features and Updates in RouterOS

About MikroTik SA Independent Network Specialist company Not owned by / affiliated to MikroTik Latvia Official training and support partner for MikroTik Specialist in all forms of wireless and wired networking technologies Offers high speed PTP links, carrier independent backbone services, high availability SLA's, Network Management and Configuration services

About the Presenter David Savage Is a MikroTik Certified Trainer and consultant Installs and manages and wireless networks Has over 25 years experience in the IT field Teaches general networking and MikroTik RouterOS 3

In this Presentation MikroTik RouterOS is under constant development Difficult to keep up to date with new features and improvements to current features I hope to change that and bring you up to date with just some of the new features

System Backup and Restore PROBLEM: RouterOS backup was vulnerable to cracking with a possibility to reveal users and passwords SOLUTION: Since RouterOS v6.13 it is possible to encrypt the backup files with RC4 Encryption - the backup file is encrypted by default, if the current RouterOS user has a password configured, or if the "password" parameter is used If your RouterOS user doesn't have a password set then the backup file is not encrypted To enable encryption in this case, use the "password" parameter. 5

Backup Parameters Encryption - the backup file is encrypted by default, if the current RouterOS user has a password configured, or if the "password" parameter is used If your RouterOS user doesn't have a password set then the backup file is not encrypted To enable encryption in this case, use the "password" parameter.

Web Administration PROBLEM: You want to provide access to the router, but with limited menu options SOLUTION: Use Webfig with a custom designed skin to limit access to certain menus and options

Configuring Skins 1. Login to web interface with admin account 2. Select the Webfig option (top right)

Configuring Skins 1. Choose Design Skin and select / deselect / rename options as required

2. Choose Design Skin and select / deselect / rename options as required

3. Save the modified skin under a new filename

4. Under System User Group add a new group with limited web only permissions 5. Add a new user with membership of the limited group

5. Login with the limited user You now have a strictly limited view as per your defined skin policy

RoMON PROBLEM: RouterOS Winbox can only access directly connected routers by MAC addres SOLUTION: RoMON - Router Management Overlay Network RoMON works by establishing an independent MAC layer peer discovery and data forwarding network RoMON network operates independently from L2 or L3 forwarding configuration

Configure RoMON Tool RoMON allows the service to be enabled/disabled ID can optionally be specified otherwise default is ether1 MAC Secrets will encrypt RoMON comms with MD5 secret must be the same for adjacent ports RoMON Ports allows setting up ports individually with costs

Winbox V3 must be used Select a RoMON enabled router and choose Connect to RoMON RoMON enabled routers will now be displayed Connecting to RoMON

Wireless System Wifi Protected Setup (WPS) NV2 Sync

WPS WiFi Protected Setup (WPS) is a feature for convenient access to the WiFi without entering the passphrase RouterOS supports both WPS accept (for AP) and WPS client (for station) modes To easily allow guest access to your access point WPS accept button can be used When pushed, it will grant an access to connect to the AP for 2min or until a device (station) connects The WPS accept button has to be pushed each time a new device needs to connect

Using WPS A RouterOS devices with a WiFi interface has a virtual WPS push button Certain routers have a front panel button, check for wps button on the router Virtual WPS button is available in QuickSet and in wireless interface menu It can be disabled if needed WPS client is supported by most operating systems

Nstreme Version 2 Nv2 protocol is a proprietary wireless protocol developed by MikroTik for use with Atheros 802.11 wireless chips Nv2 is based on TDMA (Time Division Multiple Access) media access technology instead of CSMA (Carrier Sense Multiple Access) media access technology used in regular 802.11 devices. TDMA media access technology solves hidden node problem and improves media usage, thus improving throughput and latency, especially in PtMP networks.

Nv2 AP Synchronization This (experimental) feature will let multiple MikroTik Nv2 APs on the same location to coexist in a better fashion by reducing the interference between each other. This feature will synchronize the transmit/receive time windows of APs in the same frequency, so that all synced MikroTik Nv2 APs transmits/receives at the same time. That allows to reuse the same wireless frequency on the location for multiple APs giving more flexibility in frequency planning.

Nv2 AP Synchronization For Nv2 Synchronization a Master Nv2 AP should be chosen and "nv2-mode=sync-master" should be specified together with "nv2-sync-secret". For Nv2 Slave APs the same wireless frequency as Master AP should be used and "nv2-mode=sync-slave" should be specified with the same "nv2-sync-secret" as the in Master AP configuration. After Master AP is found the Slave AP will start operating as AP and it adapts the period size and downlink ratio from the synced Master AP.

Nv2 AP Synchronization

Nv2 AP Synchronization

VPN Virtual Private Networks EoIP, VLAN PPTP,L2TP PPPoE

PPTP and L2TP Tunnels PROBLEM: VPN s build with PPTP/L2TP use legacy encryption methods OpenVPN and SSTP (Secure Socket Tunneling Protocol) are far more secure, however client and server certificates are required SOLUTION: Use L2TP with easy IPSEC setup to securely establish road warrior connections for mobile devices

IPSEC Internet Protocol Security (IPsec) - a set of protocols to support secure communication at the IP layer Originally developed alongside IPv6, later backported to IPv4 Provides encryption to the IP protocol for both IPv4 and IPv6 Is an extensible protocol under constant development, update and improvement

L2TP with IPSEC Easy way to provide IPSEC encryption using existing L2TP services Set Use Ipsec to yes or required as per your policy On mobile device choose L2TP/IPsec PSK or similar option

Simple Tunnel with IPSEC IPIP, GRE and EoIP tunnels now also support IPSEC encryption under RouterOS Simply specify IPSEC secret when setting up tunnel to enable

IP Cloud Service If you run a client providing a dynamic IP address you cannot assign a static DNS Past solutions include running a DynDNS client or scripting a solution IP Cloud is a free service from MikroTik that will translate your public outgoing IP to a dynamic DNS server hosted on the MikroTik cloud Since the name is taken from the routers serial number you can predict what the name will be

[admin@trainer Dave] /ip cloud> print ddns-enabled: yes update-time: yes public-address: 41.21.229.146 dns-name: 558104cf9d4c.sn.mynetname.net status: updated warning: DDNS server received request from IP 41.21.229.146 but your local IP was 192.168.5.254; DDNS service might not work.

Firewall Improvements Address list by DNS name Improved rules for adding addresses

Firewall Address List PROBLEM: You need to apply firewall rules by DNS name instead of static address SOLUTION: Firewall address list can now track DNS names for dynamic address generation Lists will be refreshed according to upstream TTL record Domains with multiple servers will generate multiple records

Firewall Address List Firewall action Add src/dst to address list has improved options Choose between a set timeout value, none static or none dynamic

Question Time

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback