Professional Documents
Culture Documents
Module 5
2013-01-01
ARP
2013-01-01
ARP
2013-01-01
ARP modes
Enabled : Default mode. ARP requests will be answered and the ARP table
will be filled automatically
Disabled : Interface will not send or reply to ARP requests. Other hosts
MUST be told the routers MAC address
Proxy ARP : The router answers ARP requests coming for its directly
connected network (regardless of origin)
Reply only : The router answers ARP requests. Routers ARP table must be
filled statically
2013-01-01
The ARP Table displays all ARP entries and the interface from which
they are learned
The ARP table provides:
2013-01-01
You can add static entries to the ARP table to secure your network
2013-01-01
ARP syntax
2013-01-01
2013-01-01
DHCP server
2013-01-01
The interface hosting the DHCP-server must have its own IP address
that is NOT in the address pool
2013-01-01
10
2013-01-01
11
Creates an IP Pool
Its name and parameters (such as the interface it will accept requests from)
2013-01-01
12
2013-01-01
13
42 : NTP Servers
70 : POP3-Server
Visit http://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcpparameters.xhtml for more DHCP options
Important note
If you have a bridged environment, DHCP Server MUST be set on the bridge
interface. If set on a bridge port, the DHCP server will not work.
2013-01-01
14
2013-01-01
15
2013-01-01
16
Example of basic
configuration
Example of expanded
configuration
2013-01-01
17
DHCP client
Address
Hostname
Mask
Default gateway
Two DNS servers (if the remote DHCP server is so configured)
2013-01-01
18
2013-01-01
19
Lease management
2013-01-01
Can be very useful when a device needs to maintain the same IP address
Beware! If you change the network card, it will get a new address
20
Lease management
2013-01-01
21
2013-01-01
22
RouterOS tools
2013-01-01
23
/tools e-mail
2013-01-01
24
E-mail, example
/tool e-mail
set address=172.31.2.1 from=mymail@gmail.com last-status=succeeded password=never123! port=\
587 start-tls=yes user=mymail@gmail.com
/export file=export
/tool e-mail send to=home@gmail.com subject="$[/system identity get name] export"\
body="$[/system clock get date] configuration file" file=export.rsc
2013-01-01
25
Netwatch
IP address
Ping interval
Up and/or Down scripts
2013-01-01
26
Netwatch
VERY useful to
2013-01-01
27
Ping
2013-01-01
28
Ping syntax
CLI
159.148.147.196
56
50 163ms
159.148.147.196
56
50 156ms
159.148.147.196
56
50 156ms
159.148.147.196
56
50 160ms
STATUS
2013-01-01
29
Traceroute
It indicates the delay to reach each router in the path to reach your
destination
2013-01-01
30
Traceroute
CLI
LOSS SENT
100%
LAST
AVG
BEST
3 timeout
2 216.113.124.190
0%
13.9ms
12.2
11.1
13.9
1.2
3 216.113.122.230
0%
9.6ms
7.5
9.8
100%
3 timeout
5 216.6.99.14
0%
3 114.4ms
114.7
113.6
116.2
6 80.231.130.121
0%
3 104.5ms
105.7
104.5
107.1
1.1 <MPLS:L=420033,E=0>
7 80.231.130.86
0%
3 103.2ms
107.5
103.2
115.4
5.6 <MPLS:L=795472,E=0>
8 80.231.154.70
0%
3 136.5ms
119
104.3
136.5
13.3 <MPLS:L=485138,E=0>
9 80.231.153.122
0%
110.7
106.4
113
113ms
1.1 <MPLS:L=400657,E=0>
3.1
10 195.219.50.38
0%
3 111.9ms
115
110.7
122.5
5.3
11 87.245.233.178
0%
3 140.7ms
159.6
135.7
202.4
30.3
12 87.245.242.94
0%
169ms
173
169
178.4
13 85.254.1.226
0%
3 173.3ms
168.4
164.6
173.3
3.6
14 85.254.1.6
0%
3 165.2ms
166.7
165.1
169.7
2.1
15 159.148.16.2
0%
3 165.3ms
166.1
165.3
167.3
0.8
16 159.148.42.129
0%
3 167.6ms
166.6
165.6
167.6
0.8
155.7
154.5
156.9
1.2
17
100%
3 timeout
18
100%
3 timeout
19
100%
3 timeout
20
100%
2 timeout
21 159.148.147.196
-- [Q quit|D dump|C-z pause]
2013-01-01
0%
2 156.9ms
31
2013-01-01
32
CLI
/tool profile
NAME
CPU
USAGE
console
all
0%
flash
all
0%
networking
all
0%
radius
all
0%
management
telnet
all
0.5%
idle
all
99%
profiling
all
0%
unclassified
all
0%
2013-01-01
33
System identity
You can't manage 100 routers that all have the name "MikroTik". It makes
troubleshooting almost impossible.
Once set, it will make identifying the router you're working on much
simpler.
Syntax
2013-01-01
34
2013-01-01
35
Supout.rif
Syntax
2013-01-01
36
Supout.rif
2013-01-01
37
Supout.rif Viewer
2013-01-01
38
Supout.rif Viewer
2013-01-01
39
Autosupout.rif
2013-01-01
40
The easiest way to view logs is through the log (Menu) window
The CLI equivalent is
/log print
2013-01-01
41
System logging
Actions
Suggestion
You should define news actions first as custom actions wont be made
available to your rules until they are created
2013-01-01
42
System logging
Actions, examples
NAME
TARGET REMOTE
0 * memory
memory
1 * disk
disk
2 * echo
3 * remote
echo
remote 172.16.1.105
webproxy
remote 172.16.1.105
firewallJournal
remote 172.16.1.105
2013-01-01
43
System logging
Rules
They tell RouterOS what action to undertake with a given event (which is
called a topic)
You can have more than one rule for a same topic, each rule performing a
different action
You can have one rule with two or more topics, performing an action
Adding rules is simple, choose one or many topics, name the rule, choose one
action. (This is why it is suggested to create actions first)
2013-01-01
44
System logging
Rules, examples
TOPICS
* info
ACTION
PREFIX
memory
INF
!firewall
1
* error
memory
ERR
* warning
memory
WRN
* critical
memory
CRT
firewall
memory
FW
firewall
firewallJournal
FW
info
remote
INF
!firewall
7
error
remote
ERR
warning
remote
WRN
critical
remote
CRT
10 X
snmp
memory
SNMP
11
web-proxy
webproxy
PROXY
!debug
2013-01-01
45
View rules
View actions
Create a rule for firewall topics that will use the previous action
2013-01-01
/system logging
add action=firewallJournal prefix=FW topics=firewall
46
2013-01-01
47
Readable configuration
For yourself. In the long run, this will simplify your job and make you look
efficient (again)
2013-01-01
48
Readable configuration
Examples
2013-01-01
49
Network diagrams
2013-01-01
50
Network diagrams
Example
Devices are
identified
Revision # is current
2013-01-01
51
End of module 5
2013-01-01
52
Laboratory
2013-01-01
53
Laboratory : Setup
2013-01-01
54
Laboratory : step 1
2013-01-01
55
Laboratory : step 2
Give the trainer your wlans interface MAC address since your router
hasnt been named yet
Ask the trainer to make a static reservation on his DHCP server. The
fourth digit of your IP address must match your pod
2013-01-01
56
Laboratory : step 3
Cleanup
When creating the DHCP client, the option Add default route was set to
yes. This means that the DHCP client gets a default route dynamically
Display your routes. What do you see for the default route?
What should be done now to cleanup this table?
2013-01-01
57
Laboratory : step 4
The DNS server is at the same address as the default gateway (your router)
Configure your router so that your computer always gets the .20X address
(where X is your pods address)
2013-01-01
58
Laboratory : step 5
Cleanup
Add a comment to your static address to indicate what the reservation is for
In the DHCP tab of DHCP Server, give a meaningful name to the DHCP
server (currently named dhcp 1)
2013-01-01
59
Laboratory : step 6
E-mail setup
You can use your own e-mail account to test this out
2013-01-01
60
Laboratory : step 7
Netwatch
2013-01-01
61
Laboratory : step 8
Netwatch
Up
/tool e-mail send to="<your-e-mail-address>" subject="$[/system identity get name] Netwatch status" \
body="$[/system clock get date] $[/system clock get time] Node up."
Down
/tool e-mail send to=<your-e-mail-address>" subject="$[/system identity get name] Netwatch status" \
body="$[/system clock get date] $[/system clock get time] Node down."
2013-01-01
62
Laboratory : step 9
Netwatch
Turn off the test node. Verify that you receive an e-mail indicating the
change of status. It should look something like this
2013-01-01
63
Laboratory : step 10
Ping
Traceroute
Use the ping tool to validate that the test node answers ICMP echo packets
Use the traceroute tool to see which hops are between you and the test node.
Validate that what you see is what is in the class network diagram
2013-01-01
64
Laboratory : step 11
Profiler
Launch the profiling tool and view the various processes running on your
router
2013-01-01
65
Laboratory : step 12
Supout.rif
Important note : If you don't have a MikroTik account, please create one now as it is required to take the certification exam!!
2013-01-01
66
Laboratory : step 13
Logging
Create an action:
Type is memory
Create a rule:
Action action1
2013-01-01
67
Laboratory : step 14
entry?
2013-01-01
68
Laboratory : step 15
2013-01-01
69
End of Laboratory 5
2013-01-01
70