This document provides an overview and agenda for a MikroTik Certified Network Associate (MTCNA) training course. The training will cover RouterOS software and RouterBoard hardware capabilities, configuration, maintenance, and troubleshooting over two 3.5 hour sessions with breaks. Attendees will learn about MikroTik as a router and wireless hardware manufacturer, the history and features of RouterOS and RouterBOARD devices, and hands-on configuration including firewalls, bandwidth management, and more.
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Marek Isalski, Faelix.net Ltd, describes the MikroTik range of routers and their applications, gives a pros and cons summary, and recommendations for budget provider edge deployment.
1. Setup router
//to create a name for network card
//to assign ip address to network card
//to create NAT rule
//to assign gateway
//to assign dns
//to create dhcp
2.Create login page(Hotspot)
How to link from Mikrotik to Radius server
Mikrotik IP Settings For Performance and SecurityGLC Networks
Webinar topic: Mikrotik IP Settings For Performance and Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Mikrotik IP Settings For Performance and Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/9ldLm969rxo
CCNA is associate level career certification. It is an International certification course. Which is helpful to improve your career path in networking field. It gives lot of opportunity for Engineers and lots of opportunity having lots of job.
But now in these days,
This International course is offered by SMS Institute of Technology, Lucknow
So ,
There is no need to go anywhere for the training on CCNA Course Certification during summer Training.
I want to give this information because lots of people think about this course. But they have no any other way like - going to the training institute that offers CCNA Training But they give the certification on Own training Institute That is invalid Because CCNA is a International course Certification and these certificate are come on the email Id.
But Now this course Certification offers by SMS Institute of Technology But the certificate are valid through out the world.
Learn more at blog : --
https://solutionbyexpert.blogspot.com/2020/08/become-expert-secret-of-success-ii.html
#coding
#coding development skill program
#java
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
MUM Melbourne May 2018 topic: Build enterprise wireless with CAPsMAN
Presenter: Achmad Mardiansyah
In this MUM series, We are discussing Build enterprise wireless with CAPsMAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
Mikrotik IP Settings For Performance and SecurityGLC Networks
Webinar topic: Mikrotik IP Settings For Performance and Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Mikrotik IP Settings For Performance and Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/9ldLm969rxo
CCNA is associate level career certification. It is an International certification course. Which is helpful to improve your career path in networking field. It gives lot of opportunity for Engineers and lots of opportunity having lots of job.
But now in these days,
This International course is offered by SMS Institute of Technology, Lucknow
So ,
There is no need to go anywhere for the training on CCNA Course Certification during summer Training.
I want to give this information because lots of people think about this course. But they have no any other way like - going to the training institute that offers CCNA Training But they give the certification on Own training Institute That is invalid Because CCNA is a International course Certification and these certificate are come on the email Id.
But Now this course Certification offers by SMS Institute of Technology But the certificate are valid through out the world.
Learn more at blog : --
https://solutionbyexpert.blogspot.com/2020/08/become-expert-secret-of-success-ii.html
#coding
#coding development skill program
#java
MUM Melbourne : Build Enterprise Wireless with CAPsMANGLC Networks
MUM Melbourne May 2018 topic: Build enterprise wireless with CAPsMAN
Presenter: Achmad Mardiansyah
In this MUM series, We are discussing Build enterprise wireless with CAPsMAN
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
A
PROJECT REPORT
On
CISCO CERTIFIED NETWORK ASSOCIATE
A computer network, or simply a network, is a collection of computer and other hardware components interconnected by communication channels that allow sharing of resources and information. Where at least one process in one device is able to send/receive data to/from at least one process residing in a remote device, then the two devices are said to be in a network. Simply, more than one computer interconnected through a communication medium for information interchange is called a computer network.
Webinar NETGEAR - Insight, le funzionalita' per il Networking ManagementNetgear Italia
In questo secondo appuntamento di webinar dedicati ad Insight, si introducono le funzionalita' di gestione e monitaraggio disponibili per tutte le tipologie di prodotti Insight based.
basic router configuration ppt , what is router in networking
I run a knowledge sharing YouTube channel called (SILICON CHIPS TAMILAN). Please like, share, subscribe, and support me.
YouTube Link : https://www.youtube.com/channel/UCenZp9ho_PP0K5iYrdocvrw
Notes Link Below attached
https://siliconchipstamilan.blogspot.com/2022/12/what-is-outlook-mail.html
Network security is back! Whether you are using Azure Kubernetes Services, IaaS virtual machines, App Services, or any other PaaS feature, securing your application or data is critical to the business. Azure security is constantly evolving and how we did things even one year ago isn't necessarily the best way anymore. Learn about Azure network security, design patterns, learn what is new, and even to see some things that are coming soon.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
3. • Overview of RouterOS software and
RouterBoard
capabilities
• Hands-on training for MikroTik router
configuration, maintenance and basic
troubleshooting
4. • Router software and hardware manufacturer
• Products used by ISPs, companies and individuals
• Make Internet technologies faster, powerful and affordable to
wider range of users
5. • 1995: Established
• 1997: RouterOS software for x86
(PC)
• 2002: RouterBOARD is born
• 2006: First MUM
8. • Please, introduce yourself to the class
• Your name
• Your Company
• Your previous knowledge about
RouterOS (?)
• Your previous knowledge about
networking (?)
• What do you expect from this course? (?)
• Please, remember your class XY number.
10. • ROUTEROS IS AN OPERATING SYSTEM
THAT WILL MAKE YOUR
DEVICE:
• a dedicated router
• a bandwidth shaper
• a (transparent) packet filter
• any 802.11a,b/g wireless
device
11. • The operating system of
RouterBOARD
• Can be also installed on a PC
12. WHAT IS ROUTERBOARD ?
• Hardware created by MikroTik
• Range from small home routers to carrier-class access
concentrators
14. • The application for configuring RouterOS
• It can be downloaded from
www.mikrotik.com
15.
16. • CLICK ON THE [...] BUTTON TO
SEE YOUR ROUTER
17. • Process of communication is divided into seven
layers
• Lowest is physical layer, highest is application
layer
18.
19. • It is the unique physical address of a network
device
• It’s used for communication within LAN
• Example: 00:0C:42:20:97:68
20. • It is logical address of network device
• It is used for communication over
networks
• Example: 159.148.60.20
21. • Range of logical IP addresses that divides
network into segments
• Example: 255.255.255.0 or /24
22. • Network address is the first IP address of the
subnet
• Broadcast address is the last IP address of the
subnet
• They are reserved and cannot be used
23.
24. • Select IP address from the same subnet
on local networks
• Especially for big network with multiple
subnets
25. • Clients use different subnet masks /25 and /26
• A has 192.168.0.200/26 IP address
• B use subnet mask /25, available addresses
192.168.0.129- 192.168.0.254
• B should not use 192.168.0.129-192.168.0.192
• B should use IP address from 192.168.0.193 -
192.168.0.254/25
29. • Disable any other interfaces (wireless) in your
laptop
• Set 192.168.XY.1 as IP address
• Set 255.255.255.0 as Subnet Mask
• Set 192.168.XY.254 as Default Gateway
30. • Connect to router with MAC-
Winbox
• Add 192.168.XY.254/24 to
Ether1
31. • Close Winbox and connect again using IP
address
• MAC-address should only be used when there
is no IP access
34. • The Internet gateway of your class is
accessible over wireless - it is an AP (access
point)
• To connect you have to configure the
wireless interface of your router as a
station
36. • To see available AP use scan
button
• Select class1 and click on
connect
• Close the scan window
• You are now connected to AP!
• Remember class SSID class1
37. • The wireless interface also needs an IP
address
• The AP provides automatic IP addresses over
DHCP
• You need to enable DHCP client on your router
to get an IP address
41. • Your router too can be a DNS server for your
local network (laptop)
42. • Tell your Laptop to use your router as the DNS
server
• Enter your router IP (192.168.XY.254) as the
DNS server in laptop network settings
43. • Laptop can access the router and the
router can access the internet, one more
step is required
• Make a Masquerade rule to hide your private
network behind the router, make Internet work in
your laptop
44. • Masquerade is used for Public network access,
where private addresses are present
• Private networks include 10.0.0.0-
10.255.255.255, 172.16.0.0-172.31.255.255,
192.168.0.0-192.168.255.255
44
47. • Router cannot ping further than AP
• Router cannot resolve names
• Computer cannot ping further than router
• Computer cannot resolve names
• Is masquerade rule working
• Does the laptop use the router as default
gateway
and DNS
49. • Access to the router can be
controlled
• You can create different types of
users
50. • Add new router user with full
access
• Make sure you remember user
name
• Make admin user as read-only
• Login with your new user
51. • Download packages from
• www.mikrotik.com
• Upload them to router with Winbox
• Reboot the router
• Newest packages are always available
on
www.mikrotik.com
62. • You can backup and restore configuration in the
Files
menu ofWinbox
• Backup file is not editable
63. • Additionally use export and import
commands in CLI
• Export files are editable
• Passwords are not saved with
export
/export file=conf-august-2009
/ ip firewall filter export file=firewall-aug-
2009
/ file print
/ import [Tab]
64. • Create Backup and Export
files
• Download them to your
laptop
• Open export file with text
editor
65. • All RouterBOARDs shipped with license
• Several levels available, no upgrades
• Can be viewed in system license menu
• License for PC can be purchased from
mikrotik.com or from distributors
68. • 8-symbol software-ID system is
introduced
• Update key on existing routers to get
full features support (802.11N, etc.)
69.
70. • www.mikrotik.com - manage licenses,
documentation
• forum.mikrotik.com - share experience with
other users
• wiki.mikrotik.com - tons of examples
71.
72. • Protects your router and clients from
unauthorized access
• This can be done by creating rules in Firewall
Filter and NAT facilities
73. • Consists of user defined rules that work on
the IF- Then principle
• These rules are ordered in Chains
• There are predefined Chains, and User
created Chains
74. • RULES CAN BE PLACED IN THREE
DEFAULT CHAINS
• input (to router)
• output (from router)
• forward (trough the
router)
77. • Chain contains filter rules that protect the router
itself
• Let’s block everyone except your laptop
78. • Add an accept
rule for your
Laptop IP
address
79. Add a drop
rule in input
chain to drop
everyone else
80. • Change your laptop IP address, 192.168.XY.2
• Try to connect. The firewall is working
• You can still connect with MAC-address,
Firewall Filter is only for IP
81. • Access to your router is blocked
• Internet is not working
• Because we are blocking DNS requests
as well
• Change configuration to make Internet
working
82. • You can
disableMAC access in
the
MAC Server
menu
• Change the
Laptop IP
address back to
192.168.XY.1,
and connect with
IP
83. • Address-list allows you to filter group of the
addresses with one rule
• Automatically add addresses by address-list
and then block
84. • Create different lists
• Subnets, separates ranges, one host
addresses
are supported
85. • Add specific host
to address-list
• Specify timeout
for
temporary
service
87. • Create address-list with allowed IP
addresses
• Add accept rule for the allowed
addresses
88. • Chain contains rules that control packets going
trough
the router
• Control traffic to and from the clients
89. • Create a rule
that will block
TCP port 80
(web browsing)
• Must select
protocol to block
ports
90. • Try to open www.mikrotik.com
• Try to open http://192.168.XY.254
• Router web page works because drop rule
is for
chain=forward traffic
91.
92. • Create a rule that will
block client’s p2p
traffic
93. • Let’s log client pings
to the router
• Log rule should
be added before
other action
94.
95. • Except of the built-in chains (input, forward,
output), custom chains can be created
• Make firewall structure more simple
• Decrease load of the router
96. • Sequence of
the firewall
custom chains
• Custom
chains can
be for
viruses, TCP,
UDP
protocols,
etc.
98. • Advise, drop invalid connections
• Firewall should proceed only new
packets, it is recommended to exclude
other types of states
• Filter rules have the “connection state” matcher
for this purpose
99. • Add rule to drop invalid packets
• Add rule to accept established packets
• Add rule to accept related packets
• Let Firewall to work with new packets
only
100.
101.
102. • Router is able to change Source or
Destination
address of packets flowing trough it
• This process is called src-nat or dst-nat
111. • Let’s make local
users to use
Router DNS
cache
• Also make rule
for
udp protocol
112. • SRC-NAT changes packet’s source
address
• You can use it to connect private network
to the Internet through public IP address
• Masquerade is one type of SRC-NAT
130. • PING WWW.MIKROTIK.COM
• Put MikroTik
address to DST-
address
• MikroTik address
can be used as
Target- address
too
MikroTik.com
Address
131. • DST-address is useful to set
unlimited access to the local
network resources
• Target-address and DST-addresses
can
be vice versa
132. • Bandwidth test can be used to monitor
throughput to remote device
• Bandwidth test works between two MikroTik
routers
• Bandwidth test utility available for Windows
• Bandwidth test is available on MikroTik.com
133. • Set Test To as testing
address
• Select protocol
• TCP supports multiple
connections
• Authentication might be
required
134. • Set Test To as testing
address
• Select protocol
• TCP supports multiple
connections
• Authentication might be
required
135. • SERVER SHOULD BE
ENABLED
• It is advised to use
enabled Authenticate
136. • LET’S CONFIGURE
HIGHER PRIORITY FOR
QUEUES
• Priority 1 is higher
than 8
• There should be
at least two
priority
Set Higher Priority
137. • It is possible to get graph for each queue
simple rule
• Graphs show how much traffic is passed trough
queue
139. • Graphs are
available
on WWW
• To view
graphs
http://router_I
P
• You can give it
to
your customer
140.
141. • Mangle is used to mark packets
• Separate different type of traffic
• Marks are active within the router
• Used for queue to set different limitation
• Mangle do not change packet structure (except
DSCP,
TTL specific actions)
142.
143. • Mark-connection uses connection
tracking
• Information about new connection added
to connection tracking table
• Mark-packet works with packet directly
• Router follows each packet to apply
mark-packet
145. • Mark new connection with mark-
connection
• Add mark-packet for every mark-
connection
146. • Imagine you have second client on the router
network with 192.168.XY.55 IP address
• Let’s create two different marks (Gold, Silver),
one for your computer and second for
192.168.XY.55
147.
148.
149. • Add Marks for second user too
• There should be 4 mangle rules for two
groups
150. • Replace hundreds of queues with just
few
• Set the same limit to any user
• Equalize available bandwidth between
users
151. • PCQ is advanced Queue type
• PCQ uses classifier to divide traffic (from client
point of
view; src-address is upload, dst-address is
download)
152. • PCQ ALLOWS TO SET ONE LIMIT TO ALL
USERS WITH ONE QUEUE
156. • Teacher is going to make PCQ lab on the router
• Two PCQ scenarios are going to be used with
mangle
157.
158.
159. • RouterOS supports various radio modules that
allow communication over the air (2.4GHz and
5GHz)
• MikroTik RouterOS provides a complete
support for IEEE 802.11a, 802.11b and
802.11g wireless networking standards
170. • Currently your router is connected to class
access- point
• Let’s make rule to disallow connection to class
access- point
• Use connect-list matchers
174. • Access-list is
used to set MAC-
address security
• Disable Default-
Authentication to
use only Access-
list
175. • Yes, Access-List rules are checked, client is
able to connect, if there is no deny rule
• No, only Access-List rule are checked
176. • Since you have mode=station configured
we are going to make lab on teacher’s
router
• Disable connection for specific client
• Allow connection only for specific clients
177. • Let’s enable encryption on wireless network
• You must use WPA or WPA2 encryption
protocols
• All devices on the network should have the
same security options
178. • Let’s create WPA
encryption for our
wireless network
• WPA Pre-Shared Key is
mikrotiktraining
179. • To view hidden Pre-
Shared
Key, click on Hide
Passwords
• It is possible to view
other hidden
information, except
router password
181. • Access-List rules have higher priority
• Check your access-list if connection between
client is working
182. • MikroTik proprietary wireless protocol
• Improves wireless links, especially long-
range links
• To use it on your network, enable protocol on
all
wireless devices of this network
183. • Enable Nstreme
on your router
• Check the
connection status
• Nstreme should
be enabled on
both routers
184.
185.
186. Let’s get back to our
configuration
Your RouterYour Laptop
CLASS AP
192.168.X
Y.1
192.168.XY.2
54
DHCP-Client
188. • We are going to bridge local Ethernet interface
with Internet wireless interface
• Bridge unites different physical interfaces
into one logical interface
• All your laptops will be in the same network
189. • To bridge you need to create
bridge interface
• Add interfaces to bridge ports
190. • BRIDGE IS CONFIGURED FROM
/INTERFACE BRIDGE MENU
195. • Add public and
local
interface to bridge
• Ether1 (local),
wlan1 (public)
196. • Enable WDS on AP-bridge, use
mode=dynamic-mesh
• WDS interfaces are created on the fly
• Use default bridge for WDS interfaces
• Add Wireless Interface to Bridge
198. • Use dynamic-mesh WDS
mode
• WDS interfaces are created
on the fly
• Others AP should use
dynamic-
mesh too
200
199. • WDS link is
established
• Dynamic interface
is present
200. • Delete masquerade rule
• Delete DHCP-client on router wireless
interface
• Use mode=station-wds on router
• Enable DHCP on your laptop
• Can you ping neighbor’s laptop
201. • Your Router is Transparent Bridge now
• You should be able to ping neighbor router
and computer now
• Just use correct IP address
202. • TO RESTORE
CONFIGURATION
MANUALLY• change back to Station mode
• Add DHCP-Client on correct interface
• Add masquerade rule
• Set correct network configuration to
laptop
203.
204.
205. • Configuration is back
• Try to ping neighbor’s laptop
• Neighbor’s address 192.168.XY.1
• We are going to learn how to use route rules to
ping neighbor laptop
206. • ip route rules define where packets should
be sent
• Let’s look at /ip route rules
209. • Currently you have default gateway received
from DHCP-Client
• Disable automatic receiving of default
gateway in DHCP-client settings
• Add default gateway manually
210. • Look at the
other routes
• Routes with
DAC are
added
automatically
• DAC route
comes from IP
address
configuration
211. • A - active
• D - dynamic
• C -
connected
• S - static
212. • Our goal is to ping neighbor
laptop
• Static route will help us to achieve
this
213. • Static route specifies how to reach specific
destination network
• Default gateway is also static route, it
sends all traffic (destination 0.0.0.0) to host
- the gateway
214. • Additional static route is required to reach
your neighbor laptop
• Because gateway (teacher’s router) does
not have information about student’s private
network
215. • Remember the network structure
• Neighbor’s local network is 192.168.XY.0/24
• Ask your neighbor the IP address of their
wireless interface
216.
217. • Add one route rule
• Set Destination, destination is
neighbor’s local network
• Set Gateway, address which is used to
reach destination - gateway is IP address
of neighbor’s router wireless interface
218. • Add static route
• Set Destination
and Gateway
• Try to ping
Neighbor’s
Laptop
219. • YOU SHOULD BE ABLE TO PING
NEIGHBOR’S LAPTOP NOW
220. • The same configuration is possible with dynamic
routes
• Imagine you have to add static routes to all
neighbors networks
• Instead of adding tons of rules, dynamic
routing protocols can be used
221. • Easy in configuration, difficult in
managing/troubleshooting
• Can use more router resources
222. • We are going to use OSPF
• OSPF is very fast and optimal for dynamic
routing
• Easy in configuration
224. • Check route table
• Try to ping other neighbor now
• Remember, additional knowledge
required to run OSPF on the big network
225.
226.
227. • Plan network design carefully
• Take care of user’s local access to the
network
• Use RouterOS features to secure local
network resources
228. • Address Resolution Protocol
• ARP joins together client’s IP address with
MAC- address
• ARP operates dynamically, but can also be
manually configured
230. • To increase network security ARP entries
can be crated manually
• Router’s client will not be able to access
Internet with changed IP address
231. • Add Static Entry to
ARP table
• Set for interface
arp=reply-only to
disable dynamic
ARP creation
• Disable/enable
interface or
reboot router
232. • Make your laptop ARP entry as static
• Set arp=reply-only to Local Network
interface
• Try to change computer IP address
• Test Internet connectivity
233. • Dynamic Host Configuration Protocol
• Used for automatic IP address distribution over
local network
• Use DHCP only in secure networks
234. • To setup DHCP server you should have IP
address on the interface
• Use setup command to enable DHCP server
• It will ask you for necessary information
235. Click on DHCP Setup
to run Setup Wizard
Select interface for
DHCP server
Set Network for DHCP,
offered automatically
Set Gateway for
DHCP clients
Set Addresses that
will be given to clients
DNS server address
that will be assigned to clients
Time that client may use
IP address
We are done!
236. • To configure DHCP server on bridge, set
server on
bridge interface
• DHCP server will be invalid, when it is
configured on
bridge port
237. • Setup DHCP server on Ethernet Interface
where Laptop is connected
• Change computer Network settings and
enable DHCP-client (Obtain an IP address
Automatically)
• Check the Internet connectivity
244. • Tool for Instant Plug-and-Play Internet
access
• HotSpot provides authentication of clients
before access to public network
• It also provides User Accounting
245. • Open Access Points, Internet Cafes,
Airports, universities campuses, etc.
• Different ways of authorization
• Flexible accounting
246. • Valid IP addresses on Internet and Local
Interfaces
• DNS servers addresses added to ip dns
• At least one HotSpot user
247. • HotSpot setup is easy
• Setup is similar to DHCP Server
setup
248. • RUN IP
HOTSPOT
SETUP
MasqueradeHotSpot addressHotSpotwillnetwork
be selectedautomatiautomaticallcally y
• Select Inteface
• Proceed to
answer the
questions
Select Interface to
run HotSpot on
ddresses that will be assigne
to HotSpot clients
A Whether to use certificate d
together with HotSpot or not
IP address to redirect SMTP
(e-mails) to your SMTP
server
DNS servers address
for HotSpot clients
DNS name for HotSpot server
Add first HotSpot userThat’s all for HotSpot
Setup
249. • Users connected to HotSpot interface
will be disconnected from the Internet
• Client will have to authorize in HotSpot to get
access to Internet
250. • HOTSPOT DEFAULT SETUP CREATES
ADDITIONAL CONFIGURATION:
• DHCP-Server on HotSpot
Interface
• Pool for HotSpot Clients
• Dynamic Firewall rules (Filter and
NAT)
251. • HotSpot login page is provided when user
tries to access any web-page
• To logout from HotSpot you need to
go to http://router_IP or
http://HotSpot_DNS
252. • Let’s create HotSpot on local Interface
• Don’t forget HotSpot login and password or
you will not be able to get the Internet
256. • Tool to get access to specific resources
without HotSpot authorization
• Walled-Garden for HTTP and HTTPS
• Walled-Garden IP for other resources (Telnet,
SSH, Winbox, etc.)
258. • Bypass specific
clients over
HotSpot
• VoIP phones,
printers,
superusers
• IP-binding is used
for
that
259. • It is possible to set every HotSpot user with
automatic bandwidth limit
• Dynamic queue is created for every client from
profile
260. User Profile -
set of options
used for
specific group
of HotSpot
clients
261. • To give each client
64k upload and 128k
download, set Rate
Limit
262. • Add second user
• Allow access to www.mikrotik.com without
HotSpot authentication for your laptop
• Add Rate-limit 1M/1M for your laptop
263.
264. • Point to Point Protocol over Ethernet is often
used to control client connections for DSL,
cable modems and plain Ethernet networks
• MikroTik RouterOS supports PPPoE client
and PPPoE server
266. • Teachers are going to create PPPoE server
on their router
• Disable DHCP-client on router’s outgoing
interface
• Set up PPPoE client on outgoing interface
• Set Username class, password class
267. • Check PPP connection
• Disable PPPoE client
• Enable DHCP client to restore old
configuration
269. • User’s
database
• Add login
and
Password
• Select service
• Configurationis
takef from
profile
270. • Set of rules used for PPP clients
• The way to set same settings for different
clients
271. • Local address -
Server address
• Remote Address -
Client
address
272. • Important, PPPoE server runs on the interface
• PPPoE interface can be without IP address
configured
• For security, leave PPPoE interface without IP
address configuration
273. • Pool defines the range of IP addresses for PPP,
DHCP and HotSpot clients
• We will use a pool, because there will be more
than one client
• Addresses are taken from pool automatically
274.
275.
276. • Point to Point Tunnel Protocol provides encrypted
tunnels
over IP
• MikroTik RouterOS includes support for PPTP
client and server
• Used to secure link between Local
Networks over Internet
• For mobile or remote clients to access
company Local network resources
277.
278. • PPTP configuration is very similar to PPPoE
• L2TP configuration is very similar to PPTP and
PPPoE
280. • That’s all for PPTP client configuration
• Use Add Default Gateway to route all router’s
traffic to PPTP tunnel
• Use static routes to send specific traffic to PPTP
tunnel
281. • PPTP
Server is
able to
maintain
multiple
clients
• It is easy
to enable
PPTP
server
282. • PPTP client settings are stored in ppp
secret
• ppp secret is used for PPTP, L2TP,
PPPoE clients
• ppp secret database is configured on
server
283. • THE SAME PROFILE IS USED FOR PPTP,
PPPOE, L2TP AND PPP CLIENTS
284. • Teachers are going to create PPTP
server on Teacher’s router
• Set up PPTP client on outgoing
interface
• Use username class password class
• Disable PPTP interface
285.
286. • It can speed up WEB browsing by caching
data
• HTTP Firewall
295. • Cache can be stored on the external drives
• Store manipulates all the external drives
• Cache can be stored to IDE, SATA, USB, CF,
MicroSD drives
296. • Manage all external disks
• Newly connected disk should be
formatted
eral Training Co.
Connection Gen
Trainer: Hamed Farnoudi
298
297. • Add store to save proxy to external
disk
• Store supports proxy, user-manager,
dude
298.
299. • THE ONLY SOLUTION TO RESET
PASSWORD IS TO REINSTALL THE
ROUTER
300. • All purchased licenses are stored in the
MikroTik account server
• If your router loses the Key for some reason -
just log into mikrotik.com to get it from keys list
• If the key is not in the list use Request Key
option
301. • check that the antenna connector is
connected 'main' antenna connector
• check that there is no water or moisture in the
cable
• check that the default settings for the radio are
being used
• Use interface wireless reset-configuration
302. • Try different Ethernet port or cable
• Use reset jumper on RouterBOARD
• Use serial console to view any possible
messages
• Use netinstall if possible
• Contact support (support@mikrotik.com)