['admin @Rl ] > syst em/

[admin @Rl ] / system> I

Then if you write "identity" then you go also into the "identity" folder which is
under the "system" folder.

[admin@Rl ] / system> identity/

[admin@Rl ] / system/ i dentity> I
Now let's make "Tab" to see what commands come after that.

[admin@Rl ] / s ys t em/identi t y>

edit export get print set
[admin@Rl ] / s ystem/identi t y> I
You see, we have only 5 commands possible in the "identity" folder.
What ifl am on that folder and I remembered that I should do a ping to an IP address.
Would the ping command work from that folder? Let's try:

[admi n@Rl ] /system/identity> ping 8.8.8.8

bad command name ping {l ine 1 col umn 1 )
[admin@Rl ] /system/identity> I
Unfortunately, not. And the reason is because "ping" is not listed as a command in
the "identity" folder as to what we have seen. But is there any way to get over this
problem so I remain in the "identity" folder, and I make the ping working? The
answer is yes.

The ping always runs from the "root" level. So, we have 1 of the 3 options to use
pmg:

• Option t: quit the "identity" folder and go back to the root level and do the
ping ·command from there. However, this is not what we want. The mission
i s to do ping without exiting the "identity" folder.

MyNetworkTraining.com - Maher Haddad 45

 • Option 2: use the "slash" (/) before the ping command. When you do(/)
then you are saying to the router that you want to use the following command
from the root level without you go back to the root level. Let me show You
how this can be done:
[admin@Rl ] / sys t em/ide n t i ty> /pi ng 8.8.8.8 ST'•'TUS
SIZE 'l"1'L TIME A
SEQ BOST 56 117 9ms529us
0 8.8.8.8
1 8.8.8.8 56 117 9ms384us
2 8.8. 8 . 8 56 117 9ms937us
3 8.8.8.8 56 117 9ms600us
4 8.8.8.8 56 117 9ms390us
s ent=5 r e c e i ved~5 packe t - l oss=0% min- r t t ~9ms384us avg- rtt=9ms568us ma x - rtt ~9ms937us

[admi n@Rl ] / sys tem/ i de ntity> I

• Option 3: use "dot dot"( ..) twice then the ping command after it. One "dot
dot" takes you one level back. We are into 2 folder levels which are "system"
and "identity", then we should use "dot dot" twice as the following:
[admin@Rl ] / system/identi ty> ping 8.8.8.8
SEQ BOST SIZE 'l"1'L TIME STATUS
0 8.8 . 8.8 56 117 9ms602us
1 8.8.8.8 56 117 9ms756us
2 8.8.8.8 56 117 20ms701us
3 8.8.8.8 56 117 9ms265us
4 8.8.8.8 56 117 9ms740us
sent=5 received=5 pa c ket - los s =O% mi n- rtt~9ms265us avg - r tt=llms81 2us max-rt t =20ms70lus
[adrnin@Rl ] / system/ide ntity> I

You see that I did the ping will I am still on the "identity" folder.

Now I will do ping again. The ping will keep running until you press "Ctrl + C".·
On RouterOS, "Ctrl + C" doesn't . .
mean copy but this will stop a process happemng
on the CLI like ping.
[a =n~~ / s ys tem/identity> ping 8.8.8.8
0 8.8.8.8 SIZB TTL TIMR STATUS
1 8 . 8.8.8 56 117 9ms602us
2 8.8.8.8 56 117 9ms756us
3 8.8.8 . 8 56 117 20ms701us
4 8.8.8 . 8 . 56 117 9ms265us
s e nt ~s r e c e 1ved=5 pac ket- ! _ . 56 117 9ms7 4 o
os s - 0% m1 n -rt t - 9 us
[ a d mi· n @Rl ] 1 s ys t em/iden tit y> - ms 265Us avg - r t t =llms812us max - r t t ; 2Qms?OlU5
I

Once I have clicked on "Ctrl + C" th . .

' e pmg that was ongoing has stopped directlY·

MyNetworkTraining.com _ M ah Pr u n...l -1 _ ,
So now we know that using the "slash" will take me back to the root mode and using
"dot dot" will take me one level back.
Let's go to the root mode now. I will use the "slash" for this.

[admin@Rl ] /system/identity> /
[admin@Rl ] > I
Excellent!!! I am on the root mode. Now If I click one "Tab" I should see what
commands I can use from that root level as we already know:

Rl ) >
j[admin@
fiaps-ma, disk ip metarouter port radius special-login user export ping undo
ertificate file ipv6. mpls PPP routi ng system beep import quit
onsole interface log partitions queue snmp tool blink password redo
admin@ Rl ) > I

What if I use another time the "Tab"? What will happen then?
Rl J >
1ladmin@
terminal error for if nothing put rndnurn time tobool toip6 tot ime
( delay execute foreach len parse resolve rndstr tirnestamp toid tonum typeof
~nvironment do find global local pick return set toarray toip tostr while
Rl ) > I
i[admin@

Once I have pressed on the "Tab" another time, I have some other commands shown.
Actually, those are programming syntaxes that you can use in case you want to run
scripts on the MikroTik,router. As being based on Linux kernel, we can run scripts
on the MikroTik RouterOS to achieve some tasks. For example, we can run a script
that the .bandwidth speed changes during the night to a faster one than the one
allocated to the daytime. We can run a script for failover, for routing, for anything
we want. Of course, scripting is out of scope of this course, and it is not part of the
MTCNA certification exam.

The last step that I want to do in this LAB, is to close the Terminal without using
the mouse. We can do that using "Ctrl+D". Once you do it, you will see that the
Terminal has closed.

MyNetworkTraining.com - Maher Haddad 47

This is all what I wanted to explain in this chapter. I hope you enjoyed .
. the upcormng. one. It and ~
you In

MyNetworkTraining.com - Maher Haddad 48

 3 Initial configuration (Internet access)
In this chapter, I have to show you how you can conne ct the Mikro Tik router to the
to
internet, and how you can share the internet servic e from the MikroTik router
your conne cted PC. We will be coveri ng the following topics:
• WAN DHCP -clien t

• LAN IP addres s and defaul t gatew ay

• Basic Firew all - NAT masqu erade
• Troub leshoo ting

st
Let's start direct ly with the 1 LAB of this chapter.

LAB: Connecting the MikroTik router to the internet

192.168.88.0/24 .2

Eth1 Eth2
R1
on
I am still on the same LAB scenario. My router is conne cted to the ISP router
need to
Etherl interface. To be able to make the router able to go to the internet, I
DHCP
enable the DHCP client on the interface Etherl becau se the ISP router has
server enabled.
on that
Once I enable d the DHCP client on Etherl interface, then I will receive
ea
interface an IP and a subne t mask from the ISP DHCP server. Also, I will receiv
to the
DNS and NTP server addresses, as well as a default route so the router can go
internet.

subne t
If we check now on the router, we see no IP is set on Ether I interface, no
mask, no DNS and no defaul t route. Let me show you.

k 49
yNetworkTraining.com - Maher Haddad
-
; <llskSol

~
.. -
! ~
1111 -

;a PPP
~

)'( Ml!lo
I_J Vatfy lloH ~

l!f - ~,-~R eq-

~--s
-:-

~
~ IP

:Jt lb.-.g
Max UDP Peclcat Size· [◄Oil&

·-
f;l ~
19a--
' - 1~
'+J=-l ffi§ ! J
iii Log
a• RADIUS
;.,;, r.-
■ -r.­
<I> DollX
~ l4olallOI.ITTR
c-
o--
~ -~
■ ea

You can see clearl y; I don't have any of those information on the router.
Let's enabl ed the DHCP client on Ether ! and see if I get all those information.

8 admin@0 8:SS:31 :47:88:58 (R1) -WinBox (64bit) v7.1.2 on hAP ac lite (mipsbe)
Session Settings Dashb oard
@J~ 1 Safe ~ Session=□
/ QuaSet
~ CAPsMAN
• lnlerfaoes
~ Wnless
ff Wir&Guard
)( Bridge
~ PPP
~ Switch
ARP
Addresses
-----·~
DHCPClient l o HCPC11ent 0ptions l

+ = [JO] [gj [fJ / Rel~ase [ R;;;;;]

· i: Mesh
Cloud --- ~ - .• . - Slah
1~ IP I ··- d use P~ DNST,4\dcfr)~,~~t R~~ilPA<kiffl IE,cpi'es Alt8I'
_..le-
I DHCP Client I
MPLS I
DHCPRela y New lJltCI' Client Iii £1
§!.) IM r·
DHCPServer DHCP / Advanced Status ;
:¢ Routing I
~ System I'
DNS
Firewall
l interface· etherl I _______ .l!J
9 Queues
Hotspot ~ Use Peer DNS Apply
• Fies
IPsec ~ Use Peer NTP
00 Log Disable
I ? RADIUS KidConlrol
Neighbors
Add Default Route: li!i _ ___~ l!] Comment
:)( Tools I' Copy
Padang
■ New T8fT!Wlal
Pool RamOIIII
<f> DotlX
Routes Release
G1J Mot:,Anl rTF'A

t,[S''
I have enabl ed DHCP client on Ether I interface. I have also left the "Use peer Dfroitl
and "Use Peer NTP" check ed so I can get the DNS and NTP server addresses
It
the provi der. Also, I have put the "Add Defau lt Route " to yes so I can get the defall

MyNet workT raining.com - Maher Haddad 50

route as well. When you enabled the DHCP client on Etherl, then there will be a
communication between my router and the ISP router to get all those information
from it.

Let's see if I have received all those information from the ISP router .

• admln008:55:31:47:88:58 (RI)· W..SO~ (64bit) v7.1 .2 on MP ac lie (mlpsboo)

Session Settings Duhboard

BEJ c-:~.:. -□

·--
/, QDSII
~ CAPJMAN

.
! _~

~-
~
)( lllillgt
~ PPP

-;: .....
~ -I!' .
0 lol!I.S
!ifiii.o !·

·-
~ Aallq
~ -!!Jia-, r·

■ Fh l~ i . ; .
wlJ,g
&f
RADIUS _,

~ T- ~
■ N■-TIIIIINI

: r l•:··----=--------;----~E-:-
♦ DotllC

i) -s..,cwtl ,3.... 0ltolJ . , _ , . : '

Y'!
~ •· . •·•- :. ~

Here we go. I have received from the ISP an IP on Ether 1 interface of

192.168.23.254/24 (so that's the IP and subnet mask).
I have received the DNS servers also which are 8.8.8.8 and 8.8.4.4
I have also received the default route.
That's really awesome. So now my router is able to go to the internet. Let's try to
ping the google DNS 8.8.8.8 from the router.

MyNetworkTraining.com - Maher Haddad 51

r-

8 admin@OS:55:31 :47:88:58 (R1). WinBox (64b.,t) v 7 .1.2 on hAP ac lite (mipsbe)

Session Settings Dashboard

~
--
I01
/
- ' --
~Set
I Safe Mode
-- Session:□
------
--
,Z CAPsMAN P111q ,r~1J11111nq)
jll lnla'faoes
~ Wieless
~ 'M-eGuard
) ( Bridge
I Pllg To:
Interface: [
fa.ii. . I -- -- -- -
~ , PPP - - - ~ -.:.
lJ ARPPing Cbse

~
~ SWitch
-i: Mesh Packet Count: L
::::::._------=---==-=====:....:: - - ~ ,. ~
Tmeout: [ 1000
~ IP ----, I
- rns
0 MPLS - - - - - J
liJ 1M
Tmo (ms} R91»1Size
~ TTl- -;-tus
9.886 50 58
.:Ji Rouing 9.460 50 58
2 8.8.8.8
.;. System I· 10.192 50 58
38.8 .8.8
~ Queues 9.553 50 58
4 8.8 .8 .8
Emai 9.400 50 58
11 Fies 5 8.8 .8 .8
10.460 50 58
Flood Ping 6 8.8.8.8
~ Log 9.562 50 58
Graplw,g 7 8.8.8.8
I• RADIUS 20.674 50 58
IP Scan
~ Tools
MACSerw r
B New Teminal
Nelwatch
<I> DctlX
Packet Sniffer
~ MelaROUTER
C Partition Gil
PingSpeed
il Make~
~ -- ... - Prolie

It is working! ! !!

Now I wish to ping to googl e.com just to check if the DNS is also working.

MyNetworkTraining.com - Maher Hadda d 52

 l '11 1q(l ~111 1rnnq) ~Cl
I
General Advanced 1 I Start

Ping To: l!Fififj@@ II Stop

Interface: • I Close
0ARPPing
I New'Nlndow
Packet-count: ...__ _________ _______ •
lms-
Tri (ms) Reptt Size TTL S1atus
0 172.217.168.206 4.896 50 116
1172.217.168.206 4.839 50 116
- - ·- - .
2 172.217.168.206 4.712
1
50 116
·- . ·- - -- . .
3 172.217.168.206 4.655 50 116
4 ·1t2.2f1I 68.206 ,5.486 50 116_
... --- - .. --
'. 5.425 50 116 ·
5 172217.168.206
6·112.2iii68.206
- - -- . .
:4.917 50 116
7172.217.168.206
~

··s.381 50 116
8 172.217.168.206 T 5.178 ~ •· 50 116

It is working as well. So, my DNS is working too.

Now we have the router fully connected to the internet, I wish to share the internet
from the router to my PC which is connected on internet Ether2 of the router. Let's
do this task in the upcoming LAB.

LAB: Connecting the PC to the internet

192.188.88.0/24 .2

Eth1 Eth2
R1

We are still in the same LAB scenario. Rl is fully connected to the internet. I want
now that my PC get connected to the internet. To do this, we require to do couple

MyNetworkTraining.com - Maher Haddad 53

 things on the router and on the PC to make it work.

P' thing let's check if the PC is able to ping to the router IP 192.168_ _1 beca
88
. Use
this is going to be his gateway to go to the mtemet.

i·~ic ,,o soft l·!incio1•JS [Vet's ion 10. 0 . 10042 . 1466]

(c1 r-1 i cr'osof t Cot' pcwati on . All r'igl,t s r' eser've d .

c: \U se r' s \r•lAICT >ping 192 .1 68. 88 .1

Pin gi ng 192.16 8.88.l \•Ji th 32 bytes of data:
Rep l v ft' Otll 19 2. lGS.88 . l: bytes= 32 time=3ms TTL=64
Reo l y fr' Otll 192.16 8. 88.1: bytes= 32 time=l ms TTL=64
ReDly -f r'Otll 19 2.168. S8.l: bytes= 32 time <lms TTL=64
Reply f t' Olll 19 2. 168 .88.1: bytes= 32 time=l ms TTL=64

P~ng st atisti cs f or 192.16 8.88.1 :

Packet s: Sen t= 4, Recei ved= 4, Lost= 0 (0% loss),
.:L,o,,ox i mate ,·o und tt'ip times in milli- second s:
r1in imu m = Oms, r•laximum = 3ms, Avet'age = lms

C: · Uset'S \r-lAICT >

The ping to the router IP is working successfully.

The 2nd step is to check whether we have put on the PC the right gateway andDN5·
We need to put on the PC the gateway as 192.168.88.1 because the router is the waY
for the PC to go to the internet. aps
Also, we need to put the DNS server IPs so we are able to open web 51.tes (DNS rn
the domain names to IP addresses). rcP/IP
I think we have already added the right gateway and DNS on the
configuration of the PC, but let's double check:

MyNetworkTraining.com - Maher Haddad

;! Network and Sharing Center
{I Network Connections
.
.,. 'z « Nltworlt and
•• t.J.-..&
(fllCJJJa > Networt Connections

Rfflameth

Internet Protocol Version 4-(TCP/1Pv4) Properties X

. ~
-
General
Ccmec:t
Yau can get IP Rt1111g111111r.t autamaticaly If YGI.I' netwark ~
this aipablty~Olhei wtle, ya, need ID ak ~ netwarkachiattator
fur h 1141apnate IP lletlql.

Qaai, _. IP _..,e11.,'0 Nllally

@UR the falcMi,g JP-mies
IPadli'es: I 192. 168. • . 2
~fflllllc I 255. 255 .255. 0
Defiut gateway: 1 192 . 168.88 . 1

, · •Obtart ~ sen1er _.ess autmnat>cilly

@UR the foblilg DNS 1erwr dews.
Prefared CNS sieswr: - -,-_-
=:- ,...,- &- . -a ,--.,
Ahl!ml1l!.DNS aierver: 1 1 . 1 . 1 . 1 I
f ~ -.._ j

1 ac II earm

Indeed, all information are there,

As all information are there, and the PC has the router as his gateway, let's try to
ping to an IP on the internet. I will ping google DNS which is 8.8.8.8 and see the
result.

MyNetworkTraining.com - Maher Haddad 55

C: 1Llser'S \f•1;}.l( T,ping S . 8 . 8 . 8

p _; 'l t:,
a 1· ,, :::,
a u,u.u.
" Q ,;;: u
" ,, 1· ....l n 3 2 b Vt
I '
_ e s Of d at a :
Re J u e s t t 1111 e ,J o u t .
Re J u e s t t i r, e d o u t .
Re _1ues t -t.:. 11: ::-L1 ;.:,,ut .
1

Re~ue st :imed out .

D: ., g ::, tat i 5 ti:.., 5 f O 1' 8 . S . 3 , 8 :

~acke: s: Sent= ~. Receiv ed= 0 , Lost= .i r. 101:c,o__ l
' t..t.. -"-oss,

It is not working. But why? What is the problem ?

Well let's think of it. The PC can reach to the router, so Layer 3 connectivity is
working . The PC has a gateway, so it can send all its internet traffic to the router
which in turn will send it to the internet. Then I assume that the problem is on the
router itself.

The exact problem is that we did not configu re the Networ k Address Translation
(NAT) on the router.

The PC has a private IP from the range of 192.168 .88.0/24. This IP is not routed to
the internet. It should be translated to the IP that is provide d from the ISP to the
WAN interface on the router which is Ether 1.
Someon e can say that the WAN IP on Ehter 1 is also a private IP, so how it is going
to the internet. Well actually , it is also NAT to a public IP from the ISP router. But
for us we need to have the NAT configured on the router. On MikroT ik, this is called
"masqu erade".

Let me show you how to do it.

MyNetworkTraining.com - Maher Haddad 56

• tdmih008:S!d1:~7:88:S8 (RI) · Wln8ox (64bll) v7.1.2 on hAP ac It• (mlpsbe)
S1a1on Settings O.hbo«d
,•? , cw Slf9Modlt (~ f!
, , QIAl:ltSII

~--
,.= CN'.......
'<J WNQuad
INAH

)( ll!idlJa
" • PPP
s_i 9111id>

··-
.
0
IP
MPlS
- F-
r
~

Cloud
DHCPCllnl
"-I, w~,\'

0.-11
11 I•

t~
I
Eldra ,·Acllon Stallltics
Chaln: jilalal L -_ -- --- - .
~-~ ~ II 1 !,, _
j
[= canc.f
===i
OK
~ Cl

OHCPRay
¥ .... ,..
OHCPS...
Sn:.Adchu[ - . ---- - - --- ~
_--=---1 • I
=
Af/(llf
:Jt ~ i'
~ ......
ONS
Ollallle

... .
~ S,0-,
9Q.- Hollpat
Oamilwlt

CCII¥
ti Lag l(ldoan.d ~
l' MONJS Arri Pofl R..iecur,ln
~ nm In. tni.i- [ r= ===-~=-=-_=_=_=_=_=_=_
=_
=-~=-=_=_=
_,I • ReeelMCour.s

<I> Qat1X
Plld
Raia
J out lnler!aee O ietlllf1 1-:-. :: __ _ . ..:.....-:. __ -;-:_ ::: _~~ I
la;! MllaAOl.lTER
SN8 In. lnwf-Lill: L_ - -- - ···-- ·- - I· I
0FwWan SNMP OW. lni.i-lllt: r-·-- • I

1614411 □ X
General Advanced · Exira Action Statistics I OK

• cancel
- □ Log - ---- - - · - --~-- -- - - - - - - - ---- Apptf I
Log PrefilC:
' - -- - - -- - -_ -_-_-
_ -_ - __--_-~_-_-_-
_ -:::_-
_ -_-_-
_ -_ -_ -__--_-_ -_ -_ -_ -_ _ ....J
,.. Disable I
To Ports:
Comment I
'----------,--------'----- -- . . . .l ,.. I
Cop/

RerncJV9 I
j Reset Counters I
I R~tAIComtefs I

With this NAT rule, I am saying that any IP going out of the interface Ether 1, then
the action is to masquerade, that means to be natted.

Let's try now if the PC can ping to 8.8.8.8:

MyNetworkTraining.com - Maher Haddad 57

C:\Us ers \ MAICT>ping 8.8.8 .8

Pingin g 8.8.8 .8 with 32 bytes of data:

Reply from 8.8.8 .8: bytes= 32 time=1 0ms TTL=57
Reply from 8.8.8 .8: bytes= 32 time=2 1ms TTL=57
Reply from 8.8.8 .8: bytes= 32 time= llms TTL=57
Reply from 8.8.8 .8: bytes= 32 time=1 0ms TTL=57
Ping statis tics for 8.8.8 .8:
Packe ts: Sent= 4, Recei ved= 4, Lost= 0 (0% loss )
App r oxima te round trip times in milli- secon ds: '
Minimu m= 10ms, Maximum= 21ms, Avera ge= 13ms

C: Us er s f·lAICT >

Excellent!!! It is reachin g google DNS now.

What if I ping google.com from the PC to check if the DNS is working?

C: \ Us ers \MAICT>ping google .com

Pi nging google .com (172.2 17.168 .206] with 32 bytes of data:

Reply from 172.21 7.168. 206: bytes= 32 time=S ms TTL=llS
Reply from 172.21 7.168. 206: bytes= 32 time=S ms TTL=llS
Reply from 172.21 7.168. 206: bytes= 32 time=6 ms TTL=llS
Reply from 172.21 7.168. 206: bytes= 32 time=Sms TTL=115
Ping statis tics for 172.21 7.168. 206:
Packe ts: Sent = 4, Receiv ed= 4, Lost= 0 (0% loss),
Approx imate r ound trip times in milli- secon ds:
Mi nimum = Sms, Maximum= 6ms, Avera ge= Sms

C: \ Users \ MAICT >

. . . . . Mikfo'fik
Also 1t 1s working . So now my PC is fully connec ted to the mtemet via the
router.

do tl1e
I will do some changes on the router and PC settings , so we can learn hoW to

MyNetw orkTrain ing.com - Maher Haddad 58

troubleshooting in case we fall into connectivity problems.

LAB: Troubleshooting connectivity problems

192.168.88.0/24 .2 ·

Eth1 Eth2
R1

We are still on the same LAB scenario. We are going to work into different cases to
do troubleshooting. Let's start with case 1.

Case 1:
You got an issue that PCs in your LAN aren't able to go to the internet.
Let's login to the router and see what the issue is.

I will ping 1st from my Router to the ISP router interface which is my gateway. In
my case, the ISP router's interface which is connected to me is: 192.168.23.1/24
(normally the ISP should tell you what your g_ateway IP address)

MyNetworkTraining.com - Maher Haddad 59

 ~~ 1t1 11l1::::::::::::::::::~::;_-J ~
1111iz.,.,i1u1
lntertace: .: _P_Pin9_·-=--------=-=-=--
'□~AR ~ : ~
Packet eount ~==========-=-=-=- =-=-=-=-=- -=-=-=-=-=~ ] ms
Timeout Oooo
Tme (ms) Reply Size TTL Statu s
Seq # I Host 0.648 50 64
O 192.16823.1 50 64
0.608
1 19216 823.1 64
0.590 50
2 19216 823. 1 64
0.562 50
3 192168.23. 1 50 64
0.587
4 192.16823.1
0.569 50 64
51921 6823.1
0.589 50 64
6192.16823.1

ay IP, that
I can see that I can reach that IP. Let's try now to ping after that gatew
means an IP on the internet. I will ping to 8.8.8 .8:

Ping
li!EI
I
General Advancsd l Start ]

I Stop J
t
/
Ping To: ~:•~•~·~tj
~ ============================:_J
,. [ CloS8 J
Interface:
~---------------_j
0 ARPPilg [ NeW~
Packet Count •

Tmeout: j 1000r.~~=========================~jms
Seq# / Host Tme (ms) Reply Size TTL Statu s
0 no route to h05t
timeout
1 no route to t,oSt
timeout
2 no route to h()St
timeout
3 no route to h()St
timeout no route to h()St
4
timeout 1
5 no route to h05
timeout
6 no route to i,ost
timeout

60
MyNetworkTraining.com - M
aherHaddad
Aha!!!! I see "no route to host" from the ping to 8.8.8.8
This clearly tells me that the problem is on the route. Let's check if my router has
still the default route on his routing table:

- ~S:31l47:81tS8 (Rt) - WlnBox (64bit) 117.1.2 on hAP ac lit• (mips!M)

Session Settings ~
~J.~J~ J 5eai01tlJ
/ ~Sel
~ CN'rNM
. . lnlwfacM
i -.-
# WnGLad
)( ar-.
~ PPP
~ !Wdl ~

~ ..
•• Nesh

liFl.S
r·
~
0Dud
OHCPClllnl
OHCPAmf
~ PAI r· OHCPS.-
:Ji RDulir,g DNS
~~ ,,._
9~ Habpot
• Flis
IPsec
mlag KidOonlrol
1' RADIUS NlqDllS
j( Tools
Pactq
■ --T......al Pool
♦ oanx
!! MalaR(JUTI:R I
Aolas
5141
I
CParlian SIM'
~ -·- . - . -

Ooopssss! !! The default route is missing. Looks like some engineer has played with
the config. To get the default route back, I have to go to the DHCP client again and
enable it from there. The otlier way is to add it manually, but for this LAB I will
enable it from the DHCP client.

Let's first check if it is disabled on the DHCP client:

MyNetworkTraining.com - Maher Haddad 61

 • x 64 bit ) v7.12 on hA

~~Das~bh oar~dn_-------~==========------
~5 5: 31 :.. 47 :8
8: 58 !R1l - WlnBo P ac lite (mlpsbe)
(
~SessiOn~·
@ J~~ [SetSa llt ModeJ seaion:O

---
~tin ·QS

/ . Qd dc sel

~
.. ---
~~
jlll~

x~
~

:it PPP
~ SMlch
Adm9SS85
Mesh
IP Cloud
•
...- l.5
I' IDHCP Clart i
I' DH CP Rll ay
~ IM r- - - .
DH CP
~ Rcuing Se Mr
I' ·OHS
.:~
~ Sp lln l
I' Fiv wa l Int erf ace: lether1 I l
~Q ua lB S -
~ Us e
l• I I Cancel
I
Ii Flis Ha lsp at Pe er OHS
~ Log
IP9a: ~ Use Pe er NTP
I ~
I
,, RADJJS KidConlrol
Add DefatA Ro ute: - - - -- - I Di sab le
I
j( Tools I' Paclalg
no
• I Comment
I
IIN N T. ... .i
♦ Da tlX Pm I Co py
l
l!!tl MllaBOt.JTER
Aoulls
I Remow
l
SMB
I Re lea se
l
I ~
I
Indeed. It is disabled
. I w il l enable it no w .

MyNet\l,
 DHCP Client <el her 1 > [i) Cl
DHCP IAdvanced •stitusJ OK
tnterface: 0.therl a cance1
~ Use Peer DNS
I Appt/
I
~ Use Peer NTP

f dd DefaullRoute: i'-'-
yes_· ·_- _ ___
, _ _-_- ~ -
I
I
Disable

Comment
I
I
I Copy
I
I Remove
I
I Release I
I Renew
I
Let's check ifl have received the default route again on the router:

''\ , · i- • t .... ♦
~El
Routes L
Rues
. -

~ E] 0[ill ~ [!] IFind

lfkt A~ I In
DAd ► o_o_o_o,o 192_16823_1
I•
I
DAC ~ 192.168_23_0/24 etherl
DAC -► 192_168_88.0124 ether2

•I I I•
3 items out of 7

Here it is.

Now the problem should be solved. I will ping from my router again to 8.8.8.8:

MyNetworkTraining.com - Maher Haddad 63

t
 ◄

Ping

I I I Start J
Ping To:
General nced
l[=====;;;;;;;;;;;;;;=-=-=--;;_;;_~
IJl!1!1!j
Adval~ '
Interface: ~=== = = = = = = - - - - - - .., I
=- ! I· Stop
Close
J
-
]

□
;=_ARP
__ _:___________7 ..,
Ping I New Window]
Packet Count ~==============================i
Tlffl80Ut: \~1000~--------=-========
Seq# I Host
Time (ms) Reply Size TTL Status
0 8.8.8.8 9.874 50 58
1 8.8.8.8 -10.019 50 58
2 8.8.8.8 9.n4 50 58
3·8.8.8.8 9.695 50 58'
4 8.8.8.8 9.526 50 58
5 8.8.8.8 9.826 50 58

Now the ping is working, and the LAN PCs are able to go to the internet.

Case 2:

A Junior engineer has contact you saying that the Router can ping to 8.8.8.8 but
cannot ping to google.com. He is asking for your assistance on this.

If the router is able to ping to 8.8.8.8 that means the connectivity to the internet is
working. The problem is only when pinging to the domain names like google.coro.
For me, this means that the DNS is not functioning on the router.
Let's check if the router has a DNS set on it:
-
v71 2 .
MP lite .
O ectmin@08:SS:31:47:88:S8 (R1) - WN'IBox (64bit) · • on ac (mipsbe)
Session Settings Dashboard
K)lt~l ~~J ~...,tJ
/ 01.ickS.C
~ CAPIMAN
. . lnlerfa ces
~ Wirlllllss
.. WhGuard
)( Bridge
: . PPP
~ Slliich M:hsses
-i• Mesh
Cloud
.., IP t-
DHCPClllnt

I ...
U.Dc iHS. .: ' - - - - - --.- J ~
r·

.
~ MPLS
I'
DHC P~ 0 Vir ftD oH~
lj_l1Pv6 DHCP s.r_. cache
~ Rouq
I IDNS I •0 Aluw'Remote R81p15ts •
@ ~an I' Fnwal . Mai UbP Padait'Sl_zlt .._l_ _ _ _ ____.
-4096
9Qa,es Hotspo(
• Fies IPsec a
ro Log KldCcntrol
II RADIUS
Nai!1lbors
j( Tools I'
Paclcing
■ New Terminal Pool

-- ··-·---·~
ct, DotlX Routes

ive DNS addresses automatically

Here I can see clearly that the router dido 't rece
set manually on the router.
from the ISP, also there is no any DNS address
DNS address(es) manually on
In this case, we can solve the problem by setting up st
nd
it from the DH CP clie nt. I will use the 2 met hod. But 1
the router, or we ena ble
on the DHCP client:
let me che ck if the "Us e Pee r DN S" is disabled

65
. • _ M.,,, _ Maher Haddad
 -uu110

p Client <elt1erl >

I
DHCP Advanced Status j I OK
~--
Interface: etherl ___ _
I Cancel

0 Use Peer DNS

I Apply
~ Use Peer NTP Disable
--- -
Add Defa!Jt Route: j L!.yes~ - - - - ~11 ~ Comment
Copy
Remove
Release
Renew

Indeed. Someone has disabled it.

I will enable it now then check if I have received the DNS addresses automatically.

MyNetworkTraining com l.xah H

• - iv1 er addad 66
 ~ : : wa:; :
DHCP Clent OHCPI Clent Options 1

l£JEJ~1~ § [f] [R-Jj Renew I

Interface UsePeerDNS Expires Afte
etherl

I
OHCP ,~ ,l~,
DHCP Chem! <Ol~lrn 1>

Interface: cance1
I~ Use Peer DNS I Apply
~ Use Peer NTP Disable

Add OefalM Route: l~yes___ ____,t!] Comment

Copy
R8fl'KMt
Release
Renew

This has been enabled. Let's check if I have received the DNS addresses on the
router.

DNS Settings ~ 13

*· OK

-·-_j. _ mc
_Oyna _·_.
Sawn:
~.;...:•1:•:•~•: ~ ,.:::~::
Serwrs : _=-~- _:-_,
-::e_=_:'.'_= cance1

Static
Use OoH Server: 1 - - - - - - - - - - - - ' ,..
0 Verify DoH Certificate cache

D AloN Remote Requests

_ _ _ _ _ _ __
4096
Max UDP Packet Size: L.j
-- - -- - -- ------ - --

67
MyNetworkTraining.com - Maher Haddad
Inde ed, they have been received.

t.
I will ping now to google.com from my router and see the resul

I
Gene ral Advanced 1
Start
J
Ping To: [B@hiM,h
...
Stop
J
Interf ace: l . __ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _~ Close
J
NewWindow]
□ ARP Ping

'
Packe t Coun t:.=-== ====
_ _
====
_
====
_ _
====
_ _
====
_
====
_ _
====
_ _
====
~ j
; ..,
ms
::....::.._
Tmeo ut Ll1~000

Host Tune (ms) Reply Size TTL Statu s

Seq# I
0 142.250.179.174 10.08 7 50 117
1 142.250.17 9.174 9.689 50 117
2 142.2 50.17 9.174 9.770 50 117
3 142.2 50.17 9.174 9.424 50 117
4 142.2 50.17 9.174 9.681 50 117
5 142.2 50.17 9.174 17.69 9 50 117
6 142.2 50.17 9.174 24.831 50 117

It is work ing now. So, we have solved the prob lem of this case.

Case 3:
that his PC can ping to
You have recei ved a call from one of your colle ague s sayin g
have checked the
the gatew ay 192.168.88.1 but not to the internet. You
well. So, you have
conf igura tion on the router, and everything look s work ing
conc lude d that the prob lem is on the PC itsel f.

ectiv ity is working.

If he is able to ping to his gateway, that mean s the Laye r 3 conn
way whic h is set to his
So here you assu me that the problem coul d be from the gate
PC.
Let's chec k his TCP /IP settings on his PC:

etworkTraining.com - Maher Hadd ad 68