Transcription
Mikrotik Certified Training 4MTAT(MTCNA RE)MTA Nikola Tesla Leposavić2017
About the Trainer Sašo Jordaki MTAAC Experience .ROSuser sinceMTA Nikola Tesla LeposavićROSv 2.x .check on fb :PWHOAMI2
Course Objectives Provide an overview of RouterOS softwareand RouterBOARD productsHands-ontrainingforMikroTikrouter MTA Nikola Tesla Leposavićconfiguration, maintenance and basictroubleshooting3
Learning OutcomesThe student will: Be able to configure, manage and do basicMTA Nikola Tesla Leposavićtroubleshooting of a MikroTik RouterOSdevice Be able to provide basic services to clients Have a solid foundation and valuable toolsto manage a network4
MikroTik Certified CoursesIntroductionCourseMTCNAMTA NikolaTeslaLeposavićMTCRE MTCWE MTCTCE MTCUMEMTCINEFor more info see: http://training.mikrotik.com5
MTCNA Outline Module 1: Introduction Module 2: DHCPMTA ModuleNikolaTesla Leposavić3: Bridging Module 4: Routing Module 5: Wireless Module 6: Firewall6
MTCNA Outline Module 7: QoS Module 8: TunnelsMTA ModuleNikola9: Misc Tesla Leposavić Hands on LABs during each module (morethan 40 in total) Detailed outline available on mikrotik.com7
Schedule Training day: 9AM - 5PM 30 minute breaks: 10:30AM and 3PMMTA 1NikolaTesla Leposavićhour lunch: 12:30PM Certification test: last day, 1 hour8
Housekeeping Emergency exits Bathroom locationMTA FoodNikolaLeposavićand drinksTeslawhile in class Please set phone to 'silence' and take callsoutside the classroom9
Introduce Yourself Your name and company Your prior knowledge about networkingMTA YourNikolaTeslaprior knowledgeaboutLeposavićRouterOS What do you expect from this course? Please, note your number (XY):10
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 1Introduction
About MikroTik Router software and d MTA Nikola Tesla Leposavićindividuals Mission: to make Internet technologiesfaster, more powerful and affordable to awider range of users12
About MikroTik 1996: Established 1997: RouterOS software for x86 (PC)MTA 2002:NikolaTesla deviceLeposavićFirst RouterBOARD 2006: First MikroTik User Meeting (MUM) Prague, Czech Republic 2015: Biggest MUM: Indonesia, 2500 13
About MikroTik Located in Latvia 160 employeesMTA mikrotik.comNikola Tesla Leposavić routerboard.com14
MikroTik RouterOS Is the operating system of MikroTikRouterBOARD hardwareCanalsobeinstalledonaPCorasavirtual MTA Nikola Tesla Leposavićmachine (VM) Stand-alone operating system based on theLinux kernel15
RouterOS Features Full 802.11 a/b/g/n/ac support Firewall/bandwidth shapingMTA Point-to-PointNikola tunnellingTesla(PPTP,LeposavićPPPoE,SSTP, OpenVPN) DHCP/Proxy/HotSpot And many more see: wiki.mikrotik.com16
MikroTik RouterBOARD A family of hardware solutions created byMikroTik that run RouterOSRangingfromsmallhomeroutersto MTA Nikola Tesla Leposavićcarrier-class access concentrators Millions of RouterBOARDs are currentlyrouting the world17
MikroTik RouterBOARD Integrated solutions - ready to use Boards only - for assembling own systemMTA EnclosuresNikolaLeposavić- forTeslacustom RouterBOARDbuilds Interfaces - for expanding functionality Accessories18
First Time Access Null modem cable Ethernet cableMTA WiFiNikola Tesla LeposavićNull ModemCable19WiFiEthernetcable
First Time Access WinBox -http://www.mikrotik.com/download/winbox.exeMTA WebFigNikola Tesla Leposavić SSH Telnet Terminal emulator in case of serial portconnection20
WinBox Default IP address (LAN side): 192.168.88.1 User: adminMTA Password:NikolaTesla Leposavić(blank)21
MAC WinBoxLAB Observe WinBox title when connectedusing IP addressConnecttotherouterusingMACaddress MTA Nikola Tesla Leposavić Observe WinBox title22
ptOLABl Disable IP address on the bridge interface Try to log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić(not possible) Try to log in the router using MAC WinBox(works)23
ptOLABl Enable IP address on the bridge interface Log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić24
WebFig Browser - http://192.168.88.1MTA Nikola Tesla Leposavić25
Quick Set Basic router configuration in one window Accessible from both WinBox and WebFigMTA InNikolaTeslain “IntroductionLeposavićmore detail describedtoMikroTik RouterOS and RouterBOARDs”course26
Quick SetMTA Nikola Tesla Leposavić27
Default Configuration Different default configuration applied For more info seeMTA Nikola Tesla Leposavićdefault configuration wiki page Example: SOHO routers - DHCP client onEther1, DHCP server on rest of ports WiFi Can be discarded and ‘blank’ used instead28
Command Line Interface Available via SSH, Telnet or ‘New Terminal’in WinBox and WebFigMTA Nikola Tesla Leposavić29
Command Line Interface tab completes command double tab shows available commandsMTA ‘?’Nikolashows help Tesla Leposavić Navigate previous commands with , buttons30
Command Line Interface Hierarchical structure (similar to WinBoxmenu)Formoreinfoseeconsolewikipage MTA Nikola Tesla LeposavićIn WinBox: Interfaces menu31
Internet AccessYour laptopLABClass APYour routerMTA Nikola Tesla Leposavić192.168.88.132
Laptop - RouterLAB Connect laptop to the router with a cable,plug it in any of LAN ports (2-4)Disableotherinterfaces(wireless)onyour MTA Nikola Tesla Leposavićlaptop Make sure that Ethernet interface is set toobtain IP configuration automatically (viaDHCP)33
Router - InternetLAB The Internet gateway of your class isaccessible over wireless - it is an accesspoint (AP)MTA Nikola TeslaClassLeposavićAPYour laptopYour router192.168.88.134
Router - InternetLAB To connect to the AP you have to: Remove the wireless interface from thebridge interface (used in defaultconfiguration)MTA Nikola Tesla Leposavić Configure DHCP client to the wirelessinterface35
Router - InternetLAB To connect to the AP you have to: Create and configure a wireless securityprofileMTA NikolaTeslaLeposavić Set the wireless interface to stationmode And configure NAT masquerade36
Router - InternetRemovethe WiFiinterfacefrom thebridgeLABMTA Nikola Tesla LeposavićBridge Ports37
Router - InternetSet DHCPclient tothe WiFiinterfaceLABMTA Nikola Tesla LeposavićIP DHCP Client38
Router - InternetSet NameandPre-SharedKeysLABMTA Nikola Tesla LeposavićWireless Security Profiles39
Router - InternetSet Mode to‘station',SSID to'ClassAP'and SecurityProfile to'class'LABMTA Nikola Tesla LeposavićWireless Interfaces “Scan ” tool can be used to see andconnect to available APs40
WinBox Tip To view hidden information (except userpassword), select Settings HidePasswordsMTA Nikola Tesla LeposavićWireless Security Profiles41
Private and Public Space Masquerade is used for Public networkaccess, where private addresses are presentPrivatenetworksinclude10.0.0.0 MTA Nikola Tesla Leposavić10.255.255.255, 25542
Router - InternetLABMTA Nikola Tesla LeposavićConfiguremasqueradeon the WiFiinterfaceIP Firewall NAT43
Check ConnectivityLAB Ping www.mikrotik.com from your laptopMTA Nikola Tesla Leposavić44
Troubleshooting The router cannot ping further than AP The router cannot resolve namesMTA TheNikolaTeslaLeposavićlaptop cannotping furtherthan the router The laptop cannot resolve domain names Masquerade rule is not working45
RouterOS Releases Bugfix only - fixes, no new features Current - same fixes new featuresMTA ReleaseNikolaTeslaCandidate- considerLeposavićas a 'nightlybuild'46
Upgrading the RouterOS The easiest way to upgradeMTA Nikola Tesla LeposavićSystem Packages Check For Updates47
Upgrading the RouterOS Download the update fromwww.mikrotik.com/download pageCheck the architecture of your router’s CPU MTA Nikola Tesla Leposavić Drag&drop into the WinBox window Other ways: WebFig Files menu, FTP, sFTP Reboot the router48
Package Management RouterOS functions are enabled/disabledby packagesMTA Nikola Tesla LeposavićSystem Packages49
RouterOS , wake-on-LANdhcpDHCP client and serverhotspotHotSpot captive portal serveripv6IPv6 supportpppPPP, PPTP, L2TP, PPPoE clients and serversroutingDynamic routing: RIP, BGP, OSPFsecuritySecure WinBox, SSH, IPsecsystemBasic features: static routing, firewall, bridging, etc.wireless-cm2802.11 a/b/g/n/ac support, CAPsMAN v2MTA Nikola Tesla Leposavić For more info see packages wiki page50
RouterOS Packages Each CPU architecture has a combinedpackage, e.g. ‘routeros-mipsbe’, ‘routerostile’MTA ContainsNikolaTeslaLeposavićall the standard RouterOSfeatures (wireless, dhcp, ppp, routing, etc.) Extra packages can be downloaded fromwww.mikrotik.com/download page51
RouterOS Extra Packages Provides additional functionality Upload package file to the router andMTA Nikola Tesla LeposavićrebootPackageFunctionalitygpsGPS device supportntpNetwork Time Protocol serverupsAPC UPS management supportuser-managerMikroTik User Manager for managing HotSpot users52
Package ManagementLAB Disable the wireless package Reboot the routerMTA ObserveNikolaTeslathe interfacelist Leposavić Enable the wireless package Reboot the router53
ptOLABnaiolPackage Management Observe WinBox System menu (no NTPclient/server)Downloadextrapackagesfileforyour MTA Nikola Tesla Leposavićrouter’s CPU architecture Install ntp package and reboot the router Observe WinBox System menu54
Downgrading Packages From System Packages menu ‘Check For Updates’ and choose differentMTA Nikola Tesla LeposavićChannel (e.g. bugfix-only) Click ‘Download’ Click ‘Downgrade’ in ‘Package List’ window55
ptOLABnaiolDowngrading Packages Downgrade RouterOS from current tobugfix-only versionUpgradeitbacktothecurrentversion MTA Nikola Tesla Leposavić56
RouterBOOT Firmware responsible for startingRouterOS on RouterBOARD devicesTwobootloadersonRouterBOARD MTA Nikola Tesla Leposavićmain and backup Main can be updated Backup loader can be loaded if needed57
RouterBOOTMTA Nikola Tesla LeposavićSystem Routerboard For more info see RouterBOOT wiki page58
Router Identity Option to set a name for each router Identity information available in differentMTA Nikola Tesla LeposavićplacesSystem Identity59
Router IdentityLAB Set the identity of your router as follows:YourNumber(XY) YourNameForexample:13 JohnDoe MTA Nikola Tesla Leposavić Observe the WinBox title menu60
RouterOS Users Default user admin, group full Additional groups - read and writeMTA CanNikolacreate yourTeslaown group Leposavićand fine tuneaccess61
RouterOS UsersMTA Nikola Tesla LeposavićSystem Users62
RouterOS UsersLAB Add a new user to the RouterOS with fullaccess (note name and password)Changeadminusergrouptoread MTA Nikola Tesla Leposavić Login with the new user Login with the admin user and try tochange router’s settings (not possible)63
ptOLABnaiolRouterOS Users Generate SSH private/public key pair using‘ssh-keygen’ (OS X and Linux) or ‘puttygen’(Windows)MTA UploadNikolaTeslaLeposavićthe public part of the key to therouter Import and attach it to the user Login to the router using the private key64
RouterOS Services Different ways to connect to the RouterOS API - Application Programming InterfaceMTA FTPNikolaTesla Leposavić- for uploading/downloadingfilesto/from the RouterOSIP Services65
RouterOS Services SSH - secure command line interface Telnet - insecure command lineMTA Nikola Tesla Leposavićinterface WinBox - GUI access WWW - access from theweb browserIP Services66
RouterOS Services Disable services which arenot usedRestrictaccesswith MTA ‘availableNikolaTeslaLeposavićfrom’ field Default ports can bechangedIP Services67
RouterOS ServicesLAB Open RouterOS web interface http://192.168.88.1InWinBoxdisablewwwservice MTA Nikola Tesla Leposavić Refresh browser page68
Configuration Backup Two types of backups Backup (.backup) file - used for restoringMTA Nikola Tesla Leposavićconfiguration on the same router Export (.rsc) file - used for movingconfiguration to another router69
Configuration Backup Backup file can be created and restoredunder Files menu in WinBoxBackupfileisbinary,bydefaultencrypted MTA Nikola Tesla Leposavićwith user password. Contains a full routerconfiguration (passwords, keys, etc.)70
Configuration Backup Custom name and password can be entered Router identity and current date is used as aMTA Nikola Tesla Leposavićbackup file name71
Configuration Backup Export (.rsc) file is a script with whichrouter configuration can be backed up andrestoredMTA Plain-textNikolaTeslaLeposavićfile (editable) Contains only configuration that is differentthan the factory default configuration72
Configuration Backup Export file is created using ‘export’command in CLIWholeorpartialrouterconfigurationcan MTA Nikola Tesla Leposavićbe saved to an export file RouterOS user passwords are not savedwhen using export73
Configuration BackupStorefilesin‘flash’folder MTA Nikola Tesla Leposavić Contains ready to use RouterOS commands74
Configuration Backup Export file can be edited by hand Can be used to move configuration to aMTA Nikola Tesla Leposavićdifferent RouterBOARD Restore using ‘/import’ command75
Configuration Backup Download to a computer using WinBox(drag&drop), FTP or WebFigDon’tstorethecopyofthebackuponlyon MTA Nikola Tesla Leposavićthe router! It is not a good backupstrategy!76
Reset Configuration Reset to default configuration Retain RouterOS users after resetMTA ResetNikolaTeslaLeposavićto a routerwithout anyconfiguration(‘blank’) Run a script after resetSystem Reset Configuration77
Reset Configuration Using physical ‘reset’ button on the router Load backup RouterBOOT loaderReset router configurationMTA NikolaTesla Leposavić Enable CAPs mode (Controlled AP) Start in Netinstall mode For more info see reset button wiki page78
Netinstall Used for installing and reinstalling RouterOS Direct network connection to the router isMTA Nikola Tesla Leposavićrequired (can be used over switched LAN) Cable must be connected to Ether1 port(except CCR and RB1xxx - last port) Runs on Windows For more info see Netinstall wiki page79
NetinstallMTA Nikola Tesla Leposavić Available at www.mikrotik.com/download80
Configuration BackupLAB Create a .backup file Copy it to your laptopMTA DeleteNikolaTeslathe .backupfile fromLeposavićthe router Reset router configuration Copy .backup file back to the router Restore router configuration81
ptOLABnaiolConfiguration Backup Create a backup using ‘export’ command Copy it to your laptopMTA DeleteNikolaTeslaLeposavićthe exportfile from therouter Reset router configuration Copy export file back to the router Restore router configuration82
ptOLABnaiolNetinstall Download Netinstall Boot your router in Netinstall modeMTA InstallNikolaLeposavićRouterOSTeslaon your routerusingNetinstall Restore configuration from previouslysaved backup file83
RouterOS License All RouterBOARDs are shippedwith a licenseDifferentlicenselevels(features) MTA Nikola Tesla Leposavić RouterOS updates for life x86 license can be purchasedfrom www.mikrotik.com ordistributors84System License
RouterOS LicenseLevelTypeTypical Use0Trial Mode24h trial1Free Demo3CPEWireless client (station), volume only4APWireless AP: WISP, HOME, Office5ISPSupports more tunnels than L46ControllerUnlimited RouterOS featuresMTA Nikola Tesla Leposavić85
Additional Information wiki.mikrotik.com - RouterOSdocumentation and examplesforum.mikrotik.comcommunicatewith MTA Nikola Tesla Leposavićother RouterOS users mum.mikrotik.com - MikroTik User Meetingpage Distributor and consultant support support@mikrotik.com86
Module1MTA Nikola Tesla LeposavićSummary
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 2DHCP
DHCP Dynamic Host Configuration Protocol Used for automatic IP address distributionMTA Nikola Tesla Leposavićover a local network Use DHCP only in trusted networks Works within a broadcast domain RouterOS supports both DHCP client andserver89
DHCP Client Used for automatic acquiring of IP address,subnet mask, default gateway, DNS serveraddress and additional settings if providedMTA MikroTikNikolaTeslaLeposavićSOHO routers by default haveDHCP client configured on ether1(WAN)interface90
DHCP ClientMTA Nikola Tesla LeposavićIP DHCP Client91
DNS By default DHCP clientasks for a DNS server IPaddressMTA ItNikolaTeslaLeposavićcan also be enteredmanually if other DNSserver is needed orDHCP is not usedIP DNS92
DNS RouterOS supports static DNS entries By default there’s a static DNS A recordMTA Nikola Tesla Leposavićnamed router which points to 192.168.88.1 That means you can access the router byusing DNS name instead of IP http://routerIP DNS Static93
DHCP Server Automatically assigns IP addresses torequesting hostsIPaddressshouldbeconfiguredonthe MTA Nikola Tesla Leposavićinterface which DHCP Server will use To enable use ‘DHCP Setup’ command94
DHCP Server Disconnect from the router Reconnect using the router’s MAC addressLABMTA Nikola Tesla Leposavić95
DHCP ServerLAB We’re going to remove existing DHCPServer and setup a new oneWilluseyournumber(XY)forthesubnet, MTA Nikola Tesla Leposaviće.g. 192.168.XY.0/24 To enable DHCP Server on the bridge, itmust be configured on the bridge interface(not on the bridge port)96
DHCP ServerRemoveDHCP ServerLABMTA Nikola Tesla LeposavićRemoveDHCP NetworkIP DHCP Server97
DHCP ServerRemoveIP PoolLABMTA Nikola Tesla LeposavićIP PoolRemoveIP AddressIP Address98
DHCP ServerAdd IP Address192.168.XY.1/24on the bridgeinterfaceLABMTA Nikola Tesla Leposavić For example, XY 19999
DHCP Server1LAB2MTA Nikola Tesla Leposavić3456IP DHCP Server DHCP Setup100
DHCP ServerLAB Disconnect from the router Renew the IP address of your laptopMTA ConnectNikolato theTeslarouter’s newLeposavićIP address192.168.XY.1 Check that the connection to the Internetis available101
DHCP Server DHCP Server Setupwizard has created anew IP pool andDHCP ServerMTA Nikola Tesla Leposavić102
DHCP Static Leases It is possible to always assign the same IPaddress to the same device (identified byMAC address)MTA DHCPNikolaTeslaLeposavićServer could even be used withoutdynamic IP pool and assign onlypreconfigured addresses103
DHCP Static LeasesMTA Nikola Tesla LeposavićConvert dynamiclease to staticIP DHCP Server Leases104
DHCP Static LeasesLAB Set DHCP Address Pool to static-only Create a static lease for your laptopMTA ChangeNikolaTeslaLeposavićthe IP addressassignedto yourlaptop by DHCP server to 192.168.XY.123 Renew the IP address of your laptop Ask your neighbor to connect his/her laptopto your router (will not get an IP address)105
ARP Address Resolution Protocol ARP joins together client’s IP addressMTA Nikola Tesla Leposavić(Layer3) with MAC address (Layer2) ARP operates dynamically Can also be configured manually106
ARP Table Provides information about IP address,MAC address and the interface to whichthe device is connectedMTA Nikola Tesla LeposavićIP ARP107
Static ARP For increased security ARP entries can beadded manuallyNetworkinterfacecanbeconfiguredto MTA Nikola Tesla Leposavićreply-only to known ARP entries Router’s client will not be able to accessthe Internet using a different IP address108
Static ARPMTA Nikola Tesla LeposavićStatic ARP entryIP ARP109
Static ARPInterface willreply only toknown ARPentriesMTA Nikola Tesla LeposavićInterfaces bridge-local110
DHCP and ARP DHCP Server can add ARP ly-only MTA Nikola Tesla LeposavićARP can increase network security whileretaining the ease of use for users111
DHCP and ARPMTA Nikola Tesla LeposavićIP DHCP ServerAdd ARP entriesfor DHCP leases112
Static ARP Make your laptop’s ARP entry static Set the bridge interface ARP to reply-onlyLABMTA Nikola Tesla Leposavićto disable adding dynamic ARP entries You should still have the DHCP server tostatic-only and a static lease for the laptop.If not, repeat the previous LAB Enable ‘Add ARP For Leases’ on DHCPserver113
Static ARPLAB Remove your laptop’s static entry from theARP tableChecktheInternetconnection(notworking) MTA Nikola Tesla Leposavić Renew the IP address of your laptop Check the Internet connection (shouldwork) Connect to the router and observe the ARPtable114
Module2MTA Nikola Tesla LeposavićSummary
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 3Bridging
Bridge Bridges are OSI layer 2 devices Bridge is a transparent deviceMTA TraditionallyNikolausedTeslato join twoLeposavićnetworksegments Bridge splits collision domain in two parts Network switch is multi-port bridge - eachport is a collision domain of one device117
Bridge All hosts can communicate with each other All share the same collision domainMTA Nikola Tesla Leposavić118
Bridge All hosts still can communicate with eachotherNowthereare2collisiondomains MTA Nikola Tesla Leposavić119
Bridge RouterOS implements software bridge Ethernet, wireless, SFP and tunnel interfacesMTA Nikola Tesla Leposavićcan be added to a bridge Default configuration on SOHO routersbridge wireless with ether2 port Ether2-5 are combined together in aswitch. Ether2 is master, 3-5 slave. Wirespeed switching using switch chip120
Bridge It is possible to remove master/slaveconfiguration and use bridge insteadSwitchchipwillnotbeused,higherCPU MTA Nikola Tesla Leposavićusage More control - can use IP firewall forbridge ports121
Bridge Due to limitations of 802.11 standard,wireless clients (mode: station) do notsupport bridgingMTA RouterOSNikolaTeslaLeposavićimplements several modes toovercome this limitation122
Wireless Bridge station bridge - RouterOS to RouterOS station pseudobridge - RouterOS to otherMTA stationNikolaTeslaLeposavićwds (WirelessDistributionSystem)- RouterOS to RouterOS123
Wireless Bridge To use station bridge, ‘Bridge Mode’ has tobe enabled on the APMTA Nikola Tesla Leposavić124
BridgeLAB We are going to create one big network bybridging local Ethernet with wireless(Internet) interfaceMTA AllNikolaTeslaLeposavićthe laptops will be in the same network Note: be careful when bridging networks! Create a backup before starting this LAB!127
BridgeLAB Change wireless to station bridge mode Disable DHCP serverMTA AddNikolaTeslaLeposavićwireless interfaceto existingbridgelocal interface as a port128
BridgeLABSet mode tostation bridgeMTA Nikola Tesla LeposavićWireless wlan1DisableDHCP ServerIP DHCP Server129
BridgeAdd wireless interfaceto the bridgeLABMTA Nikola Tesla LeposavićBridge Ports130
BridgeLAB Renew the IP address of your laptop You should acquire IP from the trainer’sMTA Nikola Tesla Leposavićrouter Ask your neighbor his/her laptop IP addressand try to ping it Your router now is a transparent bridge131
Bridge Firewall RouterOS bridge interface an MTA Nikola Tesla Leposavićbe processed by the firewall To enable: Bridge Settings Use IPFirewall133
Bridge FirewallMTA Nikola Tesla Leposavić134
BridgeLAB Restore your router’s configuration fromthe backup you created before bridgingLABMTA OrNikolaTeslaLeposavićrestore previous configuration by hand135
Module3MTA Nikola Tesla LeposavićSummary
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 4Routing
Routing Works in OSI network layer (L3) RouterOS routing rules define where theMTA Nikola Tesla Leposavićpackets should be sentIP Routes138
Routing Dst. Address: networks which can bereachedGateway:IPaddressofthenextrouterto MTA Nikola Tesla Leposavićreach the destinationIP Routes139
New Static RouteMTA Nikola Tesla LeposavićIP Routes140
Routing Check gateway - every 10 seconds sendeither ICMP echo request (ping) or ARPrequest.MTA IfNikolaTeslaLeposavićseveral routes use the same gateway andthere is one that has check-gateway optionenabled, all routes will be subjected to thebehaviour of check-gateway141
Routing If there are two or more routes pointing tothe same address, the more precise onewill be usedMTA NikolaTeslaLeposavićDst: 192.168.90.0/24, gateway: 1.2.3.4 Dst: 192.168.90.128/25, gateway: 5.6.7.8If a packet needs to be sent to 192.168.90.135,gateway 5.6.7.8 will be used142
Default Gateway Default gateway: a router (next hop) whereall the traffic for which there is no specificdestination defined will be sentMTA ItNikolaTeslaLeposavićis distinguished by 0.0.0.0/0 destinationnetwork143
Default GatewayLAB Currently the default gateway for yourrouter is configured automatically usingDHCP-ClientMTA DisableNikolaTeslaLeposavić‘Add Default Route’ in DHCPClient settings Check the Internet connection (notworking)144
Default GatewayLAB Add default gateway manually rnet MTA Nikola Tesla Leposavićis available145
Dynamic Routes Routes with flags DAC are addedautomaticallyDACrouteoriginatesfromIPaddress MTA Nikola Tesla LeposavićconfigurationIP AddressesIP Routes146
Route Flags A - active C - connectedMTA DNikola- dynamic Tesla Leposavić S - staticIP Routes147
Static Routing Static route defines how to reach a specificdestination networkDefaultgatewayisalsoastaticroute.It MTA Nikola Tesla Leposavićdirects all traffic to the gateway148
Static RoutingLAB The goal is to ping your neighbor’s laptop Static route will be used to achieve thisMTA AskNikolaTeslaLeposavićyour neighborthe IP addressof his/herwireless interface And the subnet address of his/her internalnetwork (192.168.XY.0/24)149
Static Routing Add a new route rule Set Dst. Address - your neighbor’s localLABMTA Nikola Tesla Leposavićnetwork address (eg. 192.168.37.0/24) Set Gateway - the address of yourneighbor’s wireless interface (eg.192.168.250.37) Now you should be able to ping yourneighbor’s laptop150
ptOLABl Team up with 2 of your neighbors Create a static route to one of yournaioStatic RoutingMTA Nikola Tesla Leposavićneighbor’s (A) laptop via the otherneighbor’s router (B) Ask your neighbor B to make a static routeto neighbor’s A laptop Ping your neighbor’s A laptop151
ptOLABNeighbor’sA routerCreate a route tolaptop A viarouter BlNeighbor’s AlaptopnaioStatic RoutingMTA Nikola Tesla LeposavićYour laptopYour routerClass APNeighbor’s BlaptopNeighbor’sB router152
Static Routing Easy to configure on a small network Limits the use of router’s resourcesMTA DoesNikolaLeposavićnot scale Teslawell Manual configuration is required every timea new subnet needs to be reached153
Module4MTA Nikola Tesla LeposavićSummary
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 5Wireless
Wireless MikroTik RouterOS provides a completesupport for IEEE 802.11a/n/ac (5GHz) and802.11b/g/n (2.4GHz) wireless networkingstandardsMTA Nikola Tesla Leposavić156
Wireless StandardsIEEE Hz11Mbps802.11g2.4GHz54Mbps802.11n2.4 and 5GHzUp to 450 Mbps*802.11ac5GHzUp to 1300 Mbps*MTA Nikola Tesla LeposavićDepending on RouterBOARD model157
2.4GHz ChannelsMTA Nikola Tesla Leposavić 13x 22MHz channels (most of the world) 3 non-overlapping channels (1, 6, 11) 3 APs can occupy the same area withoutinterfering158
2.4GHz ChannelsMTA Nikola Tesla Leposavić US: 11 channels, 14th Japan-only Channel width: 802.11b 22MHz, 802.11g 20MHz, 802.11n 20/40MHzwidth159
5GHz Channels RouterOS supports full range of 5GHzfrequencies5180-5320MHz(channels36-64) MTA Nikola Tesla Leposavić 5500-5720MHz (channels 100-144) 5745-5825MHz (channels 149-165) Varies depending on country regulations160
5GHz ChannelsIEEE StandardChannel Width802.11a20MHzMTA Nikola Tesla 160MHz161
Country RegulationsMTA Nikola Tesla Leposavić Switch to ‘Advanced Mode’ and select yourcountry to apply regulations162
Country Regulations Dynamic Frequency Selection (DFS) is afeature which is meant to identify radarswhen using 5GHz band and choose adifferent channel if a radar is foundMTA Nikola Tesla Leposavić Some channels can only be used when DFSis enabled (in EU: 52-140, US: 50-144)163
Country Regulations DFS Mode radar detect will select achannel with the lowest number ofdetected networks and use it if no radar isdetected on it for 60sMTA Nikola Tesla Leposavić Switch to ‘Advanced Mode’ to enable DFSWireless164
Radio Name Wireless interface “name” RouterOS-RouterOS onlyCanbeseeninWirelesstables MTA Nikola Tesla Leposavić165
Radio Name Wireless interface “name” RouterOS-RouterOS onlyCanbeseeninWirelesstables MTA Nikola Tesla LeposavićWireless Registration166
Radio NameLAB Set the radio name of your wirelessinterface as follows:YourNumber(XY) YourNameMTA ForNikolaTeslaLeposavićexample: 13 JohnDoe167
Wireless Chains 802.11n introduced the concept of MIMO(Multiple In and Multiple Out)Sendandreceivedatausingmultipleradios MTA Nikola Tesla Leposavićin parallel 802.11n with one chain (SISO) can onlyachieve 72.2Mbps (on legacy cards 65Mbps)168
Tx Power Use to adjust transmit power of thewireless cardChangetoallratesfixedandadjustthe MTA Nikola Tesla LeposavićpowerWireless Tx Power169
Tx Power Note on imp
About MikroTik 1996: Established 1997: RouterOS software for x86 (PC) 2002: First RouterBOARD device 2006: First MikroTik User Meeting (MUM) Prague, Czech Republic 2015: Biggest MUM: Indonesia, 2500 MTA Nikola Tesla Leposavić
