prev
next
out of 33

MikroTik Configure

  • Upload
    bogne

  • View
    33

  • Download
    0

Embed Size (px)

DESCRIPTION

MikroTik Configure

Citation preview

  • MikroTik Router OS Installation Process: Boot Sequence: 1st Boot = CDROM Step 1: Select all = Press a Step 2: Locally = Press i Step 3: Initial Configuration ( Y/N )? = Press N Remove the OLD configuration Step 4: Continue ( Y/N ) ? = Press Y It will continue the Process Step 5: Reboot = Press ENTER for Reboot MikroTik Login: admin Password: Press ENTER [admin@MikroTik] > /* Installation Done ! */ IP Setting in MikroTik: [pavel@MikroTik] > ip /* Press ENTER */ [pavel@MikroTik] ip> add /* Press ENTER */ [pavel@MikroTik] ip> add address=192.168.10.2 netmask=255.255.255.0 interface=ether2 /* Press ENTER */ [pavel@MikroTik] > ip /* Press ENTER */ [pavel@MikroTik] ip> route /* Press ENTER */ [pavel@MikroTik] ip route> add gateway=192.168.10.1 /* Press ENTER */ [pavel@MikroTik] ip route> print /* For showing Routing Table */ [pavel@MikroTik] ip route> /ping 192.168.10.1 User Creating with Policy: [pavel@MikroTik]> user /* Press ENTER */ [pavel@MikroTik] user> add name=pavel group: write /* Press ENTER */ [pavel@MikroTik] user> set pavel password=123456

  • New Client Installation Process: Installation of Naf Cable Network and their IP series is 10.3.12.0/24 Step: 1 We have to create a group and assign Bandwidth against that Group as Parent. We can do this by following Command or Manually which is shown in figure below: Parent name="Naf_Cable_Network" target-addresses=10.3.12.0/24 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default-small/default-small limit-at=256000/512000 max-limit=512000/1000000 total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat Procedure: Queues Simple Queues --|-- General

    Advanced

  • Step: 2 We have to create individual Queues also and assign Bandwidth against that Queues as Child. We can do this by following Command or Manually which is shown in figure below: Child name="Nafcable_1" target-addresses=10.3.12.11/32 dst-address=0.0.0.0/0 interface=all parent=Naf_Cable_Network direction=both priority=8 queue=default-small/default-small limit-at=6000/6000 max-limit=32000/56000 total-queue=default-small time=0s-1d,sun,mon,tue,wed,thu,fri,sat Procedure: Queues Simple Queues --|-- General

    Advanced

  • Step: 3 After following Step:1 and Step:2, a Parent will create and every Child will consume Bandwidth from that Parent. Each child has assigned its own Bandwidth but it couldnt be exceed its Group Bandwidth. The following Figure shows the details.

    Step: 4 We have to allowed Gateway 10.3.12.250 for the IP series 10.3.12.0/24. For that, Every IP behind that Network will get Access in Server. Procedure: Gateway is 10.3.12.250 : IP Address --|--

  • Step: 5 ARP entry is Most necessary for accessing Server. If missing it for any IP then IP will not allow for that Server. Procedure: ARP entry: IP ARP --|--

    Step: 6 In order to get Bandwidth from Server, We have to Masquerade that IP Series. Except that no IP will get Bandwidth. Masquerade: IP Firewall NAT

  • If we want to provide PPPOE to any Client then proceed to: Step:1 We have to create user ID by following Figure below: Procedure: ppp Secret --|--

  • Step:2 We have to create Profile for each Package by fulfilling two options shown in Figure below: Procedure: ppp Profile General

  • Procedure: ppp Profile Limits

  • Step:3 We must select Interface from where PPPoE will be connected. Following Figure shows the details. Procedure: ppp Interface PPPoE Server

  • Step:4 IP Pool must be declared for obtaining IP from Server automatically. Procedure: IP Pool

  • If we want to provide DHCP to any Client then proceed to: To activate DHCP in MikroTik we have to fulfill above Six Steps described in New Client Installation Process. Then proceed to following Steps: Step:1 We have to declared IP Pool for obtaining IP automatically from DHCP Lease where we can bound MAC to corresponds IP. In IP Pool we have to assign IP range for Leases. Procedure: IP Pool

  • Step:2 We have to create DHCP Server by selecting its own Interface. Here Lease Time most important and 365d 00:00:00 means DHCP Server will served 365 days for 24 Hours. We must disable Always Broadcast option. Procedure: IP DHCP Server DHCP

  • Step:3 We have fulfill Address as Network Address with Masking and DNS Server with Domain Name. Figure shows the details. Procedure: IP DHCP Networks

  • Step:4 Here we have to create Leases for each IP behind Clients Network by putting the following Info shows the Figure below. The most important thing is Entry on Client ID. In this field we must put 1: before MAC. We also remove tick mark from the Check Box mentioning Always Broadcast. Procedure: IP DHCP Server Leases --|--

  • For Enabling Mangle: Mangle is required for controlling access via Broadband Router or Modem or any other Devices behind our MikroTik. It is actually a HOP Controller. For details please follow Figure:1, Figure:2, Figure:3. Figure: 1 Procedure: IP Firewall Mangle

    Figure: 2 Procedure: IP Firewall Mangle Double Click General

  • Figure: 3 Procedure: IP Firewall Mangle Double Click Action

    In above Figure, New TTL is 1 means it cant cross any HOP except our MikroTik. In this situation, any client under this Network cant use Broadband Router or Modems or any other Devices. If we want to allow to access Broadband router or other Devices then we must increase New TTL field as 2, 3 or more if needed.

    1 = No HOP 2 = 1 HOP 3 = 2 HOP And so on.

  • Service Enabled in MikroTik: Figure shows that 2 Services are enabled and other 5 are disabled. Protocol gre is needed for VPN and pptp is used for login any Server as a client of that Server. Protocol h323 is used for VOIP. Thats why is disable.

  • Security Level -- Firewall: We apply some Filter Rules in Firewall to enhanced Security Level. Following Figure shows the details. Figure: Firewall Procedure: IP Firewall Filter Rules

  • Figure: Firewall (Cont.)

  • Figure: Firewall (Cont.)

  • Figure: Firewall (Cont.)

  • Figure: Firewall (Cont.)

  • Linux Gateway Server

  • Linux Gateway Server using MikroTik: If You want to make a Linux PC as a Gateway Server via MikroTik the You need the physical address of eth0 and put it into IP >ARP in MikroTik. [root@MSTech ~]# ifconfig | more eth0 Link encap:Ethernet HWaddr 00:E0:4C:60:11:F2 inet addr:192.168.190.66 Bcast:192.168.190.71 Mask:255.255.255.248 inet6 addr: fec0::8:2e0:4cff:fe60:11f2/64 Scope:Site inet6 addr: 2002:5a00:13:8:2e0:4cff:fe60:11f2/64 Scope:Global inet6 addr: fe80::2e0:4cff:fe60:11f2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1435879 errors:0 dropped:0 overruns:0 frame:0 TX packets:603868 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:613406478 (584.9 MiB) TX bytes:135034498 (128.7 MiB) Interrupt:10 Base address:0xc000 eth1 Link encap:Ethernet HWaddr 00:B0:4C:39:04:D1 inet addr:192.168.31.1 Bcast:192.168.31.255 Mask:255.255.255.0 inet6 addr: fe80::2b0:4cff:fe39:4d1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:692865 errors:0 dropped:0 overruns:0 frame:0 TX packets:617279 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:148165915 (141.3 MiB) TX bytes:543627803 (518.4 MiB) Interrupt:11 Base address:0xc400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:49 errors:0 dropped:0 overruns:0 frame:0 TX packets:49 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4160 (4.0 KiB) TX bytes:4160 (4.0 KiB)

  • IP Settings on Linux Gateway Server: For setting IP on eth0: [root@MSTech ~]# netconfig

    [root@MSTech ~]# vi /etc/sysconfig/network NETWORKING=yes GATEWAY=192.168.190.65 HOSTNAME=MSTech [root@MSTech ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.190.66 NETMASK=255.255.255.248 GATEWAY=192.168.190.65 TYPE=Ethernet

  • [root@MSTech ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 HWADDR=00:B0:4C:39:04:D1 IPADDR=192.168.31.1 NETMASK=255.255.255.0 BROADCAST=192.168.31.255 ONBOOT=yes TYPE=Ethernet [root@MSTech ~]# service network restart

    For checking interconnectivity of eth0 and eth1: [root@MsTech ~]# mii-tool eth0: negotiated 100baseTx-FD, link ok eth1: negotiated 100baseTx-FD flow-control, link ok

    Rules for getting Internet: [root@MSTech ~]# vi /etc/lan 192.168.31.11 00:13:D4:61:09:AA 192.168.31.12 00:0F:FE:43:2B:A2 192.168.31.13 00:02:44:95:B9:0D 192.168.31.14 00:02:44:B3:B3:FE 192.168.31.15 00:0F:EA:06:C1:A8 [root@MSTech ~]# vi /etc/fire /sbin/iptables -F /sbin/iptables -A FORWARD -s 192.168.31.11/32 -d 0/0 -j ACCEPT /sbin/iptables -A FORWARD -s 192.168.31.12/32 -d 0/0 -j ACCEPT /sbin/iptables -A FORWARD -s 192.168.31.13/32 -d 0/0 -j ACCEPT /sbin/iptables -A FORWARD -s 192.168.31.14/32 -d 0/0 -j ACCEPT /sbin/iptables -A FORWARD -s 192.168.31.15/32 -d 0/0 -j ACCEPT /sbin/iptables -A FORWARD -s 192.168.31.0/24 -d 0/0 -j DROP

  • NAT (Network Address Translation):

    [root@MSTech ~]# vi /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 ~ ~ ~ ~ ~ "/etc/sysctl.conf" 20L, 604C written

    Which process will run on Startup PC: [root@MSTech ~]# vi /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/arp -f /etc/lan /etc/fire ifconfig eth1 192.168.37.250 netmask 255.255.255.0 up ~ ~ ~ ~ ~ ~ ~ "/etc/rc.local" 11L, 345C written

  • Startup Control: [root@MSTech ~]# ntsysv [*]acpid, [*]autofs, [*]crond, [*]iptables, [*]kudzu, [*]network, [*]portmap, [*]sshd, [*]xinetd

  • Local Addressing in MikroTik for entrance Server: IP >Address >Address List >Add address Address Network Broadcast Interface 192.168.190.65/29 192.168.190.64 192.168.190.71 LAN

  • Physical Address of eth0 adding in MikroTik: IP >ARP IP Address MAC Address Interface 192.168.190.66 00:E0:4C:60:11:F2 LAN

  • Masquerade the IP Series 192.168.31.0/24 : IP >Firewall >NAT + Action Chain Src. Address Out Interface Masquerade srcnat 192.168.31.0/24 WAN

  • Bandwidth Assign for Each Client : Queues >Simple Queues + Name Target Address Max Upload Max Download MSTech 192.168.31.0/24 1M 1M MSTech1 192.168.31.11 64k 64k

  • Routing in Mikrotik:

    Terminal vt102 detected, using multiline input mode [pavel@NORTH1] > ip route [pavel@NORTH1] ip route> add dst-address=192.168.31.0/24 gateway=192.168.190.66 [pavel@NORTH1] ip route> print


MikroTik RouterOS V2.6 Basic Setup Guide - MikroTik Routers and

MikroTik RouterOS V2.6 Basic Setup Guide - MikroTik Routers and

Documents
Konfigurasi Mikrotik USER MANAGER Mikrotik RB750 v1.3-2011

Konfigurasi Mikrotik USER MANAGER Mikrotik RB750 v1.3-2011

Documents
mikrotik 600a

mikrotik 600a

Documents
MikroTik Phuket

MikroTik Phuket

Documents
How to configure PPPoE client on MikroTik Router 1. Create ...netmon1.bdktel.com/monitoring/docs/How to configure PPPoE client on... · How to configure PPPoE client on MikroTik Router

How to configure PPPoE client on MikroTik Router 1. Create ...netmon1.bdktel.com/monitoring/docs/How to configure PPPoE client on... · How to configure PPPoE client on MikroTik Router

Documents
mikrotik 411

mikrotik 411

Documents
DMA RADIUS MANAGERdmasoftlab.com › documents › user_manual_4.2.pdf · Now configure the PPP or Hotspot service in your Mikrotik NAS and try to authenticate (PPPoE / PPtP / Hotspot)

DMA RADIUS MANAGERdmasoftlab.com › documents › user_manual_4.2.pdf · Now configure the PPP or Hotspot service in your Mikrotik NAS and try to authenticate (PPPoE / PPtP / Hotspot)

Documents
Mikrotik Advanced

Mikrotik Advanced

Documents
Mikrotik Manual

Mikrotik Manual

Documents
mikrotik vpndslrouter.sourceforge.net/stuff/mikrotik/mikrotik/GregSowell-mikrotik... · PPTP – Point to Point Tunneling Protocol GregSowell.com • PPTP tunnels ALL traffic through

mikrotik vpndslrouter.sourceforge.net/stuff/mikrotik/mikrotik/GregSowell-mikrotik... · PPTP – Point to Point Tunneling Protocol GregSowell.com • PPTP tunnels ALL traffic through

Documents
Mikrotik 2.8

Mikrotik 2.8

Documents
Mikrotik Tutorial

Mikrotik Tutorial

Documents
Certified Mikrotik Training Advance Wireless Classebook.konfigurasi.net/MikroTik/MTCWE/05-MTCWE-WirelessSecurity.pdf · Wireless Security Certified Mikrotik Training Advance Wireless

Certified Mikrotik Training Advance Wireless Classebook.konfigurasi.net/MikroTik/MTCWE/05-MTCWE-WirelessSecurity.pdf · Wireless Security Certified Mikrotik Training Advance Wireless

Documents
MikroTik RouterOS v3 - Linkshoplinkshop.gr/pdf/RouterOS_v3_presentation.pdf · © MikroTik RouterOS 2007 MikroTik RouterOS v3 New Obvious and Obscure Mikrotik RouterOS v3.x features

MikroTik RouterOS v3 - Linkshoplinkshop.gr/pdf/RouterOS_v3_presentation.pdf · © MikroTik RouterOS 2007 MikroTik RouterOS v3 New Obvious and Obscure Mikrotik RouterOS v3.x features

Documents
Mikrotik Overview

Mikrotik Overview

Documents
(Mikrotik) Mikrotik 0.19 Mikrotik G).m MikroTik Certified

(Mikrotik) Mikrotik 0.19 Mikrotik G).m MikroTik Certified

Documents
Mikrotik - Install Mikrotik Di Virtual Machine

Mikrotik - Install Mikrotik Di Virtual Machine

Documents
MikroTik User Meeting - MikroTik Routers and Wirelessi.mt.lv/eu15.pdf · MikroTik User Meeting. More than 80 MUM events . MikroTik ... • Arnis Rieksti

MikroTik User Meeting - MikroTik Routers and Wirelessi.mt.lv/eu15.pdf · MikroTik User Meeting. More than 80 MUM events . MikroTik ... • Arnis Rieksti

Documents
How Can I Install Mikrotik v6 & Configure on GNS3

How Can I Install Mikrotik v6 & Configure on GNS3

Documents
Common MikroTik WiFi mistakes and how to avoid them• MikroTik default config for 2.4GHz is to enable 40MHz and configure for US/FCC channels • There are only 7 US channels with

Common MikroTik WiFi mistakes and how to avoid them• MikroTik default config for 2.4GHz is to enable 40MHz and configure for US/FCC channels • There are only 7 US channels with

Documents
IPv6 On Mikrotik · 2017-10-14 · About Me 2-32 Hasan Asghari Mikrotik Mikrotik Certified Trainer Mikrotik Certified Academy Trainer Mikrotik Consultant RIPE NCC RIPE NCC IPv6 Trainer

IPv6 On Mikrotik · 2017-10-14 · About Me 2-32 Hasan Asghari Mikrotik Mikrotik Certified Trainer Mikrotik Certified Academy Trainer Mikrotik Consultant RIPE NCC RIPE NCC IPv6 Trainer

Documents
MikroTik Vendor Session © MikroTik 2005 1 MikroTik Vendor Session WISPNOG February 17-18 th, 2005 Chicago, IL

MikroTik Vendor Session © MikroTik 2005 1 MikroTik Vendor Session WISPNOG February 17-18 th, 2005 Chicago, IL

Documents
MikroTik RouterOS_v2.9

MikroTik RouterOS_v2.9

Documents
Peranan MikroTik - Seminar MikroTik STIMIK MDP Palembang

Peranan MikroTik - Seminar MikroTik STIMIK MDP Palembang

Internet
MODUL MIKROTIK MTCNAindex-of.es/z0ro-Repository-2/Data/jaringan/Mikrotik...5 Bab 1. Konfigurasi Dasar Mikrotik Lab 1. Akses ke Routerboard Mikrotik Akses ke perangkat mikrotik dapat

MODUL MIKROTIK MTCNAindex-of.es/z0ro-Repository-2/Data/jaringan/Mikrotik...5 Bab 1. Konfigurasi Dasar Mikrotik Lab 1. Akses ke Routerboard Mikrotik Akses ke perangkat mikrotik dapat

Documents
RouterBOARD Wireless Hacks - MikroTik - MUMmum.mikrotik.com/presentations/CN10/converging.pdf · RouterBOARD Wireless Hacks Jesse Liu Convergingstream. MikroTik Distributor 2. MikroTik

RouterBOARD Wireless Hacks - MikroTik - MUMmum.mikrotik.com/presentations/CN10/converging.pdf · RouterBOARD Wireless Hacks Jesse Liu Convergingstream. MikroTik Distributor 2. MikroTik

Documents
Mikrotik refman2.9

Mikrotik refman2.9

Documents
V-Lab MikroTik Academymum.mikrotik.com/presentations/ID12/19_Muhti.pdf · About • MikroTik&Reseller& & • MikroTik&Consultant • MikroTik&Cer5fied&Training&Partner& &

V-Lab MikroTik Academymum.mikrotik.com/presentations/ID12/19_Muhti.pdf · About • MikroTik&Reseller& & • MikroTik&Consultant • MikroTik&Cer5fied&Training&Partner& &

Documents
MikroTik RouterOS™ v3.0 Reference Manualmikrotik.axiom-pro.ru/library/mtman/refman3.0.pdf[admin@MikroTik] > [admin@MikroTik] ip address> export file=address [admin@MikroTik] ip address>

MikroTik RouterOS™ v3.0 Reference Manualmikrotik.axiom-pro.ru/library/mtman/refman3.0.pdf[admin@MikroTik] > [admin@MikroTik] ip address> export file=address [admin@MikroTik] ip address>

Documents
MikroTik User Meeting PIM protocol on MikroTik …mum.mikrotik.com/presentations/PL12/cogiel.pdf · MikroTik User Meeting PIM protocol on MikroTik devices ... create vlan 100,

MikroTik User Meeting PIM protocol on MikroTik …mum.mikrotik.com/presentations/PL12/cogiel.pdf · MikroTik User Meeting PIM protocol on MikroTik devices ... create vlan 100,

Documents