Schedule: Vahid Shahbazian Fard Jahromy WWW - Learnmikrotik.Ir ©learnmikrotik - Ir 2014

8/1/2014
Schedule
• 09:00 – 10:30 Morning Session I
MikroTik RouterOS Training – 10:30 – 11:00 Morning Break
• 11:00 – 12:30 Morning Session II
User Management – 12:30 – 13:30 Lunch Break
• 13:30 – 15:00 Afternoon Session I
– 15:00 – 15:30 Afternoon Break
• 15:30 – 17:00 (18:00) Afternoon Session II
Vahid Shahbazian fard jahromy www.LearnMikroTik.ir

©LearnMikroTik.ir 2014 2
Instructor Housekeeping
• Vahid Shahbazian fard jahromy • Course materials
– Training, Support & Consultant • Routers, cables
– Specialization: Wireless, Firewall, The Dude, • Break times and lunch
Routing, Monitoring Techniques
©LearnMikroTik.ir 2014 3 ©LearnMikroTik.ir 2014 4
Course Objective Topics Overview

• Provide knowledge and hands-on training for • Point-to-Point Protocols
MikroTik RouterOS basic and advanced user – PPP Profile, PPP Secret
management capabilities for any size – PPTP and L2TP
networks – User Access Control
• Upon completion of the course you will be – PPP interface Bridging
able to plan, implement, adjust and debug • Bridge Control Protocol
user management configurations • PPP Multi-link Protocol
implemented by MikroTik RouterOS
1
8/1/2014
Topics Overview (Cont.) Topics Overview (Cont.)

• Hotspot • RADIUS
– Hotspot Setup – RADIUS client
– Hotspot Login Methods – RADIUS server
– Universal clients • User Manager
– Users – RADIUS incoming
– Group of Users
• IPsec
– Server Configuration
– Exceptions – IPsec Introduction
– Accounting – Transport mode vs. Tunnel mode
Introduce Yourself Class Setup Lab.

• Please, introduce yourself to the class • Create an 192.168.XY.0/24 Ethernet network
– Your name between the laptop (.1) and the router (.254)
– Your Company
– Your previous knowledge about RouterOS • Connect routers to the AP SSID “MTCUMEclass”
– Your previous knowledge about networking • Assign IP address 10.1.1.XY/24 to the wlan1
– What do you expect from this course? • Router’s main GW and DNS address is 10.1.1.254
• Please, remember your class XY number. • Gain access to the internet from your laptops via
(X is number of the row, Y is your seat number in the local router
row)
• Create new full access user for your router and
My number is: X=_____ Y=_____ change “admin” access rights to “read”
Class Setup Class setup Lab (cont.)

• Set system identity of the board and wireless
radio name to “XY_<your_name>”. Example:
“88_Shahbazian”
• Upgrade your router to the latest MikroTik
RouterOS version
• Upgrade your Winbox loader version
• Set up NTP client – use 10.1.1.254 as server
• Create a configuration backup and copy it to
the laptop (it will be default configuration)
2
8/1/2014
Point-to-Point Protocols
PPTP, PPPoE, L2TP, BCP, MLPPP, MRRU, PPP Profile, PPP Secret
Interface routing, Dynamic address-lists, LOCAL USER DATABASE

Dynamic simple queues
©LearnMikroTik.ir 2014 ©LearnMikroTik.ir 2014 14
Point-to-Point protocol tunnels PPP Secret

• little bit sophisticated in configuration • PPP secret (aka local PPP user database)
• Capable of authentication and data encryption • stores PPP user access records
• Such tunnels are: • Make notice that user passwords are displayed
– PPPoE (Point-to-Point Protocol over Ethernet) • in the plain text – anyone who has access to the
– PPTP (Point-to-Point Tunneling Protocol) router with sensitive privilege are able to see all
– L2TP (Layer 2 Tunneling Protocol) passwords
– OVPN (Open Virtual Private Network) • It is possible to assign specific /32 address to
– SSTP (Secure Socket Tunneling Protocol) both ends of the PPTP tunnel for this user
• You should create user information before • Settings in /ppp secret user database override
• creating any tunnels corresponding /ppp profile settings
PPP Secret PPP Profile and IP Pools

• PPP profiles define default values for use
access records stored under /ppp secret
submenu
• PPP profiles are used for more than 1 user so
there must be more than 1 IP address to give
out
– we should use IP pool as “Remote address” value
• Value “default” means – if option is coming
from RADIUS server it won't be overrided
3
8/1/2014
PPP Profile Dynamic Simple Queues

• It is possible to assign
specific limit to each
group belonging to the
same PPP profile
• Every time new user
connects RouterOS will
create new simple
queue
• This option can be
acquired from RADIUS
server
Dynamic Simple Queues (Cont.) Dynamic address-list

• It is possible to select • It is also possible to
– Dynamic Queue order implement custom QoS
– Parent Queue
structures
– Queue Type • Every time new user
connects RouterOS will
create new address-list
entry
• Address-list then can be
utilized by mange
facility for packet
marking.
Change TCP MSS

• Big 1500 byte packets have problems going
through the tunnels because:
– Standard Ethernet MTU is 1500 bytes
– PPTP and L2TP tunnel MTU is 1460 bytes
– PPPOE tunnel MTU is 1488 bytes Point-to-Point Tunnelling Protocol and
• By enabling “change TCP MSS option, dynamic Layer 2 Tunnelling Protocol
mangle rule will be created for each active PPTP AND L2TP
user to ensure right size of TCP packets, so
they will be able to go through the tunnel
4
8/1/2014
PPTP Tunnels L2TP Tunnels

• PPTP uses TCP port 1723 and IP protocol 47/GRE • PPTP and L2TP have mostly the same functionality
• There is a PPTP-server and PPTP-clients • L2TP traffic uses UDP port 1701 only for link
• PPTP clients are available for and/or included establishment, further traffic is using any
in almost all OS available UDP port
• You must use PPTP and GRE “NAT helpers” to • L2TP don't have problems with NATed clients –
connect to any public PPTP server from your it don't required “NAT helpers”
private masqueraded network • Configuration of the both tunnels are identical
in RouterOS
Creating PPTP/L2TP Client PPTP Client Lab

• Create PPTP client
– Server Address: 10.1.2.1
– User: class
– Password: class
– Add default route = yes
• Make necessary adjustments to access the
internet
Creating PPTP/L2TP server PPTP Server Lab

• Create a PPTP server
• Create one user in PPP Secret
• Configure your laptop to connect to your PPTP
server
Internet via the tunnel
• Create PPP Profile for the router to use
encryption
• Configure PPTP-client on the laptop accordingly
5
8/1/2014
Optional: Advanced VPN Lab

• Restore system backup
• Create secure L2TP tunnel with your neighbor
• Create EoIP tunnel over the L2TP tunnel
• Bridge your networks together!
Point to Point Protocol over Ethernet
USER ACCESS CONTROL
User Access Control PPPoE tunnels

• Controlling the Hardware • PPPoE works in OSI 2nd (data link) layer
– Static IP and ARP entries • PPPoE is used to hand out IP addresses to
– DHCP for assigning IP addresses and managing clients based on the user authentication
ARP entries • PPPoE requires a dedicated access
• Controlling the Users concentrator (server), which PPPoE clients
– PPPoE requires PPPoE client configuration connect to.
– Hotspot redirects client request to the sign-up • Most operating systems have PPPoE client
page software. Windows XP has PPPoE client
– PPTP requires PPTP client configuration installed by default
PPPoE client PPPoE Client Lab

• Restore default system backup
• Create PPPoE client
– Interface: wlan1
– Service: internet
– User: class
– Password: class
– Add default route = yes
internet
6
8/1/2014
PPPoE Client Status * PPPoE Lab with Encryption *

• Check your PPPoE connection • The PPPoE access concentrator is changed to
– Is the interface enabled? use encryption now
– Is it “connected” and running (R)? • You should use encryption, either
– Is there a dynamic (D) IP address assigned to the
PPPoE client interface in the IP Address list? – change the PPP profile used for the PPPoE client
to 'default-encryption', or,
– What are the netmask and the network address?
– What routes do you have on the PPPoE client – modify the PPP profile used for the PPPoE client to
interface? use encryption
• See the “Log” for troubleshooting! • See if you get the PPPoE connection running
PPPoE Server Creating PPPoE server (service)

• PPPoE server accepts PPPoE client
connections on a given interface
• Clients can be authenticated against
– the local user database (ppp secrets)
– a remote RADIUS server
– a remote or a local MikroTik User Manager
database
• Clients can have automatic data rate limitation
according to their profile
PPPoE Server Lab

• Create a PPPoE server
• Create one user in PPP Secret
• Configure your laptop to connect to your PPPoE
server
• Make necessary adjustments to access the PPP BCP (Bridge Control Protocol)
internet via the tunnel PPP MP (Multi-link Protocol)
• Create PPP Profile for the router to use PPP INTERFACE BRIDGING
encryption
• Configure PPPoE-client on the laptop accordingly
7
8/1/2014
PPP Bridge Control Protocol Setting up BCP

• RouterOS now have BCP support for all async. • Bridge must be specified the
PPP, PPTP, L2TP & PPPoE (not ISDN) interfaces PPP profiles on both sides of
the tunnel
• BCP allows to bridge Ethernet packets through
• Note that PPP interface
the PPP link don't have any MAC
• BCP is independent part of PPP tunnel - It is addresses – so your bridge
not related to IP address of PPP interface must have a MAC address
before you add PPP to the
• Bridging and routing over PPP link can happen
bridge
at the same time, independently.
PPP MTU Problem PPP Multi-link Protocol

• PPP interface MTU is smaller than standard • PPP Multi-link Protocol allows divide packet to
Ethernet interface multiple channels therefore increasing
• It is impossible to fragment Ethernet frames – possible MTU and MRU (up to 65535 bytes)
tunnels must have inner algorithm how to
transfer Ethernet frames via link with smaller • MLPPP can be created:
MTU – over single physical link – where multiple channels
• EOIP have encapsulation algorithm enabled by run on the same link
default, PPP interfaces doesn't – over multiple physical links - where multiple
• PPP interfaces can utilize PPP Multi-link Protocol channels run on the multiple link
to handle Ethernet frames
MRRU PPP Multi-link Protocol

• To enable PPP Multi-link Protocol over single
link you must specify MRRU option
• If both sides support this feature there are no
need for MSS adjustment (in firewall mangle)
• MRRU is less CPU expensive that 2 mangle
rules per client if you have more that 30
clients
• In MS Windows you must enable "Negotiate
multi-link for single link connections" option
8
8/1/2014
PPP Bridging Lab MLPPP

• Restore default system backup • MikroTik RouterOS have multi-link PPP over
• Create PPP tunnel with your neighbour(s) multiple links client support starting from V3.10
• Bridge PPP tunnels with your local interface • Server support will be added some time in the
future
• Ensure that MTU and MRU of the PPP link is at
• To enable MLPPP just assign multiple interfaces
least 1518 byte (size of Ethernet frame)
for the same PPP client.
• Check the configuration using ping tool with • Note:
different packet size – all PPP lines must have same user name and password
– Server must have support for MLPPP
Interface ECMP Routing

• In case you have more that one PPP connection
from the same server, but MLPPP is impossible
(different user names, server support missing) it Hotspot
is possible to use Interface routing
• Simple IP address routing is impossible all PPP
connections have the same gateway IP address Overview & Setup, Users & Groups,
• To enable interface routing just specify all PPP Universal clients, Server configurations,
interfaces as route gateway-interface Exceptions, Accounting
• Works only on PPP interfaces.
©LearnMikroTik.ir 2014 51 ©LearnMikroTik.ir 2014
Hotspot Overview
• Tool for Instant Plug-and-Play Internet access
• Hotspot provides authentication of clients
before access to public network
• Walled-garden to allow resources without
Introduction Hotspot authentication
HOTSPOT OVERVIEW • It also provides User Accounting
• Transparent proxy
9
8/1/2014
Hotspot Usage Hotspot Operation

• Open Access Points, Internet Cafes, Airports, • Client can use wrong network configuration
universities campuses, etc. settings, Hotspot server translates them to
• Different ways of authorization correct ones
• Flexible accounting • No Internet available before Hotspot
• Anywhere Authorization or Accounting are authorization
required • Exceptions are added to walled-garden and
/ip hotspot ip-binding
Hotspot Operation
• Enter username/password in Hotspot login
page to get the Internet
• Other login methods available
• Different accounting options
How to setup Hotspot
HOTSPOT SETUP
Hotspot Requirements Hotspot Setup

(Before setup)
• Valid IP address configuration on local • Setup is launched by the command,

(Hotspot) and Public (Internet) interfaces /ip hotspot setup
• DNS servers added in /ip dns • Use /ip hotspot setup for Hotspot server
• One Hotspot user (added by setup command) setup, strongly recommended
• All configuration settings can be added
manually
10
8/1/2014
Hotspot Setup Important Notes

• Run ip • Users connected to Hotspot interface will be
hotspot disconnected from the Internet
setup
• Client will have to authorize in Hotspot to get
• Select
Interface
access to Internet
• Proceed to
answer the
questions
Configuration Created Common Mistakes

• Additional configuration is created in different • Hotspot on bridge, configure server on bridge
sections by Hotspot setup interface not on the bridge port (hotspot can
• Hotspot default setup creates additional not run on slave interface)
configuration: • Correct DNS name for Hotspot server FQDN
– DHCP-Server on Hotspot Interface
required
– Pool for Hotspot Clients
– Dynamic Firewall rules (Filter and NAT) • arp=enabled for the interface
• No additional configuration necessary with /ip
hotspot setup
Hotspot Help Hotspot Lab

• Hotspot login page is provided when user tries • Let’s create Hotspot on local Interface
to access any web-page • Don’t forget Hotspot login and password or
• To logout from Hotspot you need to go to you will not be able to get the Internet
http://routerIP or • Make sure you get to the Internet
http://HotSpotDNS
11
8/1/2014
Remember
• Access to public networks is blocked (Internet,
Winbox to the router)
• Login to the Hotspot to get the Internet
• Login by Hotspot page
USERS
Hotspot users Users Settings

• Users are added and managed from • Server, Hotspot server user
/ip hotspot user belongs to
• Name, client username
• Required settings are username and password
• Password, user’s password
• Address, Hotspot IP address to be
used by client
• MAC-address, login only from the
specific MAC-address
• Profile, user’s profile name
Users Limits Users lab

• Uptime, time allowed to be online • Add additional Hotspot user
for user
• Set this user to login only from your laptop
• Bytes In, bytes user can upload
• Restrict user to 5 hours 1Gb upload and 1Gb
• Bytes Out, bytes user can
download
download per day
• Bytes Total = Bytes In + Bytes Out
12
8/1/2014
Daily users
• For the
previous lab,
use scheduler
and simple
script
• /ip hotspot user
reset-counters
command to MONITOR USERS
reset uptime
Hotspot Network Hosts Authorized Users

• Information • Authorized
about clients users are
connected to shown in
Hotspot /ip hotspot
interface active
shown in
/ip hotspot host
Login Methods
• HTTP CHAP, HTTP PAP
• HTTPS
• MAC-Address
• Cookie
• Trial method
HOTSPOT LOGIN METHODS
13
8/1/2014
Login Configuration HTTP CHAP, PAP

• /ip hotspot profile • Login page is shown for users
stores Login • login/password is necessary
Method to get Internet
configuration
• CHAP, CHAP challenge for
login, enabled browser’s
JavaScript
• PAP, login in plain text for
legacy browsers
HTTPS Cookie
• Login page is shown for users • Cookie is sent to
client, after
• Authorization is encrypted by SSL protocol
successful HTTP
• Certificate should be imported to router login
• Hotspot does not
ask for
login/password for
second time access
MAC-Address Trial
• Avoid Hotspot • Use Hotspot free of
login page charge for the period
• Add MAC- • Set usage time over
address as specific period
username
• Authentication
occurs, as user is
connected to
the Hotspot
14
8/1/2014
Login Methods Lab Hotspot Sequence

• Enable cookie login for 2 days lifetime • User is connected to the Router
• Enable trial for 1 hour over 24 hours Universal Client • IP address is translated, if necessary
• Enable MAC-address authentication for your MAC-Address • MAC-address users authentication
laptop HTTP, HTTPS • Login page is shown for user
Cookie • Cookie used for second HTTP login
Exceptions Sequence Hotspot Logout

• Logout from Hotspot to stop accounting
IP-Binding • Present on Universal client level • Logout from login page, http://hotspot or
http://router_ip
Walled-Garden • Allow access to specific resources • After keepalive timeout reached
User Profile
• To apply common settings for the group of users
GROUP OF USERS
15
8/1/2014
Profile Settings Rate Limit

• Bandwidth limit for Hotspot
• Address-Pool, to enable
clients
universal client
• Creates dynamic simple queue
• Session Timeout, user is
logged out after this time • Syntax, rx-rate[/tx-rate] [rx-
burstrate[/tx-burst-rate] [rx-
• Keepalive Timeout, burstthreshold[/tx-burst-
detects whether client is threshold] [rxburst-time[/tx-
reachable burst-time] [priority][rx-rate-
• Shared Users, allowed min[/tx-rate-min]]]]
simultaneous logins with • rx client’s upload, tx client’s
the same username download
Rate Limit (Continue) Firewall and Mangle

• It is possible to select • Filter, check users
– Dynamic Queue order through the specific
– Parent Queue
firewall filter chain
– Queue Type • Packet Mark, to set
mangle mark for the
users
• Add jump from built-in
chains (input, forward,
output) to hotspot
chain
Advertise Alternative Advertising

• To show advertise web- • Put the advertisement
page after period of information to status page
time • HTML knowledge required
• Internet is blocked, if to modify alogin.html
not shown (status)
• Popup blockers can • Open-status page=always,
disturb advertise shows status page for all
clients
16
8/1/2014
Scripts User Profile Lab

• Execute scripts on • Set max-limit=1M/2M limit-at=512k/1M
Hotspot user login and priority=3 for every Hotspot user
logout
• Log Hotspot users traffic in firewall chain=log
• Set static queue and make sure they are
before dynamic all the time
Hotspot server
Server’s menu lists all Hotspot
servers
• Interface, specifies interface
Hotspot is configured on
• Address-Pool, Universal
client for non-authorized
clients
• Timeouts, timeouts for
unauthorized clients
SERVER CONFIGURATION • Addresses-Per-Mac,
number of IP addresses
allowed per one MAC
address
Hotspot Server Lab Hotspot Server

• Create Bridge on the router between Hotspot • Profile, contains all
interface and unused interface settings for the
• Modify Hotspot servers settings appropriately Hotspot server
17
8/1/2014
Login Server Profile

• Hotspot login • DNS name, Hotspot
server DNS name, use
method selection FQDN
• Additional • Rate-Limit, set
authentication bandwidth limit for the
entire Hotspot server
settings
• HTTP proxy, parent
• Trial User proxy settings
configuration • SMTP server, to
redirect e-mails to
your mail server
Hotspot Customization Hotspot pages

• HTML-directory, sets • redirect.html - redirect users to another url
location of the Hotspot • login.html - login page shown to a user
server files
• md5.js – Java script for MD5 password hashing
• Use FTP client to get
Hotspot login page files
• status.html - statistics for the client
• logout.html - logout page
• error.html - error page
• You can put necessary information with basic
HTML knowledge
Customize Hotspot Hotspot Profile Lab

• /ip hotspot reset- • Set Trial Login on the Hotspot server
html <hotspotX>,
• Set DNS-Name for Hotspot, use it to login and
command to get
back default login logout
page • Modify Hotspot page to login without login
and password
18
8/1/2014
Previous Lab Page Modifications

• Get login.html page from ftp://router • Change two lines
• Open login.html with text editor – <type=”text” value=”$(username)> to
• <input type=”hidden” name=”username” value=”yourname”?>
– <input type=”password”>
• <input type=”hidden” name=password value=”password”>
Login without password

• No login/password required
• Put advertising information or any information
for user to accept
• Increase shared-users
EXCEPTIONS
Hotspot Exceptions Hotspot Walled-Garden

• Hotspot blocks connection to the Internet • Tool to get access to specific resources
• Servers, switches, telephony terminals without HotSpot authorization
perhaps do not have browser for the login • Walled-Garden for HTTP and HTTPS
• There are few ways to bypass HotSpot • Walled-Garden IP for other resources (Telnet,
authentication SSH, Winbox, etc.)
19
8/1/2014
Walled-Garden Walled-Garden
• Access for HTTP and HTTPS pages without
authentication • Src. address, Hotspot client address
• Ability to block pages • Dst. address, HTTP/HTTPs IP address
• Dst. Host, DNS name, example www.test.com
• Path, www.test.com/path
Walled-Garden IP IP Binding
• Bypass other services without authentication
• Allows full Hotspot bypass for the user
• Bypass for protocols and ports, SSH, Telnet, Winbox,
SIP calls, etc. • Static Universal client (one-to-one NAT)
translations
• Block unauthorized hosts or networks
One-to-One NAT IP Binding types

• Address, Hotspot client • regular, no action for
address the client
• To Address, new • bypassed, client is
address of the Hotspot bypassed without
client authentication
• blocked, block access
for the client or
network
20
8/1/2014
Firewall rules Filter and NAT

• Hotspot setup creates dynamic firewall rules • Static rules to be placed before dynamic
• Static rules are moved to the bottom after
reboot
• Special chain available for placing static rules
over dynamic
Firewall rules Exceptions lab

• Jump rules are red, because there is no rules • Set www.mikrotik.com without
in custom chain authentication
• Red rules does not make any problem for • Set SSH without authentication
HotSpot or firewall operation • Block Telnet for all Hotspot users
• Set access for Hotspot only for users with local
network IP address
Accounting
ACCOUNTING
21
8/1/2014
SNMP
• Information provided by SNMP
©LearnMikroTik.ir 2014 127
22

Schedule: Vahid Shahbazian Fard Jahromy WWW - Learnmikrotik.Ir ©learnmikrotik - Ir 2014

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Schedule: Vahid Shahbazian Fard Jahromy WWW - Learnmikrotik.Ir ©learnmikrotik - Ir 2014

Uploaded by

Copyright:

Available Formats

8/1/2014

Vahid Shahbazian fard jahromy www.LearnMikroTik.ir

©LearnMikroTik.ir 2014 3 ©LearnMikroTik.ir 2014 4

Course Objective Topics Overview

©LearnMikroTik.ir 2014 5 ©LearnMikroTik.ir 2014 6

Topics Overview (Cont.) Topics Overview (Cont.)

©LearnMikroTik.ir 2014 7 ©LearnMikroTik.ir 2014 8

Introduce Yourself Class Setup Lab.

©LearnMikroTik.ir 2014 9 ©LearnMikroTik.ir 2014 10

Class Setup Class setup Lab (cont.)

Interface routing, Dynamic address-lists, LOCAL USER DATABASE

©LearnMikroTik.ir 2014 ©LearnMikroTik.ir 2014 14

Point-to-Point protocol tunnels PPP Secret

©LearnMikroTik.ir 2014 15 ©LearnMikroTik.ir 2014 16

PPP Secret PPP Profile and IP Pools

©LearnMikroTik.ir 2014 17 ©LearnMikroTik.ir 2014 18

PPP Profile Dynamic Simple Queues

Dynamic Simple Queues (Cont.) Dynamic address-list

Change TCP MSS

©LearnMikroTik.ir 2014 23 ©LearnMikroTik.ir 2014 24

PPTP Tunnels L2TP Tunnels

©LearnMikroTik.ir 2014 25 ©LearnMikroTik.ir 2014 26

Creating PPTP/L2TP Client PPTP Client Lab

©LearnMikroTik.ir 2014 27 ©LearnMikroTik.ir 2014 28

Creating PPTP/L2TP server PPTP Server Lab

©LearnMikroTik.ir 2014 29 ©LearnMikroTik.ir 2014 30

Optional: Advanced VPN Lab

USER ACCESS CONTROL

©LearnMikroTik.ir 2014 31 ©LearnMikroTik.ir 2014 32

User Access Control PPPoE tunnels

PPPoE client PPPoE Client Lab

PPPoE Client Status * PPPoE Lab with Encryption *

©LearnMikroTik.ir 2014 37 ©LearnMikroTik.ir 2014 38

PPPoE Server Creating PPPoE server (service)

©LearnMikroTik.ir 2014 39 ©LearnMikroTik.ir 2014 40

PPPoE Server Lab

©LearnMikroTik.ir 2014 41 ©LearnMikroTik.ir 2014 42

PPP Bridge Control Protocol Setting up BCP

©LearnMikroTik.ir 2014 43 ©LearnMikroTik.ir 2014 44

PPP MTU Problem PPP Multi-link Protocol

MRRU PPP Multi-link Protocol

PPP Bridging Lab MLPPP

Interface ECMP Routing

©LearnMikroTik.ir 2014 53 ©LearnMikroTik.ir 2014 54

Hotspot Usage Hotspot Operation

©LearnMikroTik.ir 2014 55 ©LearnMikroTik.ir 2014 56

©LearnMikroTik.ir 2014 57 ©LearnMikroTik.ir 2014 58

Hotspot Requirements Hotspot Setup

• Valid IP address configuration on local • Setup is launched by the command,

©LearnMikroTik.ir 2014 59 ©LearnMikroTik.ir 2014 60

Hotspot Setup Important Notes

©LearnMikroTik.ir 2014 61 ©LearnMikroTik.ir 2014 62

Configuration Created Common Mistakes

Hotspot Help Hotspot Lab

©LearnMikroTik.ir 2014 65 ©LearnMikroTik.ir 2014 66

©LearnMikroTik.ir 2014 67 ©LearnMikroTik.ir 2014 68

Hotspot users Users Settings

©LearnMikroTik.ir 2014 69 ©LearnMikroTik.ir 2014 70

Users Limits Users lab

©LearnMikroTik.ir 2014 71 ©LearnMikroTik.ir 2014 72

©LearnMikroTik.ir 2014 73 ©LearnMikroTik.ir 2014 74

Hotspot Network Hosts Authorized Users

©LearnMikroTik.ir 2014 75 ©LearnMikroTik.ir 2014 76