SlideShare a Scribd company logo

MTCNA

Download as PPTX, PDF
G
gurubelajarmandiri

chapter 1 materi mikrotik MTCNA

Education
1 of 99
MikroTik Certified Network Associate (MTCNA) Laval, Canada January 1st to 3rd, 2013 2013-01-01 1
Why take the MTCNA course? •Introduction to RouterOS and RouterBOARD products. •Gives you an overview of what that can be done with RouterOS and RouterBOARD products. •Will give you a solid foundation and valuable tools to do your work. 2013-01-01 2
Course objectives At the end of this course, the student will: •Be familiar with RouterOS software and RouterBoard products •Be able to configure, manage, do basic troubleshooting of a MikroTik router •Be able to provide basic services to clients 2013-01-01 3
About the trainer •A •B •C 2013-01-01 4
Schedule •Typical day (3 of them) –9h00 to 17h00 •30 minute breaks –10h30 and 15h00 •Lunch break –11h30 to 12h30 •Exam –On last day, 1 hour duration 2013-01-01 5
House keeping •Emergency exits •Dress code •Food and drinks while in class •This course is based on RouterOS 6 and RB951-2n –Module 1 is based on ROS 5.25 2013-01-01 6
Various Out of respect for the other students and the trainer: •Put you cell phone and other business tools on vibration mode •Take your calls outside the classroom 2013-01-01 7
Module 1 Introduction 2013-01-01 8
RouterOS and RouterBoard 2013-01-01 9
What is RouterOS? •MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. •It has all the necessary features for an ISP or network administrator such as routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. 2013-01-01 10
What is RouterOS? •RouterOS is a stand-alone operating system based on the Linux v3.3.5 kernel and provides all the functions in a quick and simple installation and with an easy to use interface 2013-01-01 11
What is RouterBOARD? •A family of hardware solutions created by MikroTik to answer the needs of customers around the world. •All operate with RouterOS. routerboard.com or 2013-01-01 12
Integrated Solutions •These products are provided complete with cases and power adapters. •Ready to use and preconfigured with the most basic functionality. •All you need to do is to plug it in and connect to the Internet or a corporate network. 2013-01-01 13
RouterBOARD (boards only) •Small motherboard devices that are sold “as is”. You must choose the case, power adapter and interfaces separately. Perfect for assembling your own systems as they offer the biggest customization options. 2013-01-01 14
Enclosures •Indoor and outdoor casings to house your RouterBOARD devices. Select based on: –intended location of use –the RouterBOARD model –the type of connections needed (USB, antennas, etc.). 2013-01-01 15
Interfaces •Ethernet modules, fiber SFPs or wireless radio cards to expand the functionality of RouterBOARD devices and PCs running RouterOS. •Once again, selection is based on your needs. 2013-01-01 16
Accessories •These devices are made for MikroTik products - power adapters, mounts, antennas and PoE injectors. 2013-01-01 17
MFM •With the MFM (Made for Mikrotik) program, 3rd party options make creating your router even better! 2013-01-01 18
Why get an integrated router? •Can address many needs •Some add-on options •Little to no expansion •Fixed configuration •Simple, yet solid solution for many needs 2013-01-01 19
Integrated router, examples RB951G-2HnD •Good for home or small office •5 Gig ports •Built-in Wi-Fi (2,4GHz) •License level 4 2013-01-01 20
Integrated router, examples SXT Sixpack (1 OmniTIK U-5HnD with 5 SXT-5HPnD) •Good for WISP or company with branch offices •5 100Mbps ports (OmniTik) •5GHz 802.11a/n radios •Can cover 5Km2013-01-01 21
Integrated router, examples CCR1036-12G-4S Cloud Router Flagship model •Good for ISPs or company networks •1U rack mount •12 Gig ports •Serial console, USB and color2013-01-01 22
Note of interest •Router names are selected according to feature set. Here are some examples: –CCR : Cloud Core Router –RB : RouterBoard –2, 5 : 2,4GHZ or 5GHz wifi radio –H : High powered radio –S : SFP –U : USB –i : Injector –G : Gigabit ethernet 2013-01-01 23
Why build your own router? •Can address a greater variety of needs •Many add-on options / Lots of expansion •Customizable configuration •Can be integrated into client equipment or cabinet •More complete solution for particular needs 2013-01-01 24
Custom router, examples Flexible CPE •RB411UAHR –1 100Mbps port –1 2,4GHz radio (b/g) –Level 4 license •Add power supply or PoE module •Add 3rd party enclosure 2013-01-01 25
Custom router, examples Powerful Hotspot •RB493G –9 gig ports –Level 5 license •Add power supply or PoE module •Add R2SHPn (2,4GHz radio card) •Add R5SHPn (5GHz radio card) •Add 3rd party2013-01-01 26
First time accessing the router 2013-01-01 27
Internet browser •Intuitive way of connecting to a RouterOS router. 2013-01-01 28
Internet browser •Connect to router with Ethernet cable •Launch browser •Type in the IP address •If asked for, log in. Username is “admin” and password is blank 2013-01-01 29
Internet browser •You will see: 2013-01-01 30
WinBox and MAC-Winbox •WinBox is MikroTik’s proprietary interface to access RouterOS routers. •It can be downloaded from MikroTik’s website or from the router. •It is used to access the router through IP (OSI layer 3) or MAC (OSI layer 2). 2013-01-01 31
WinBox and MAC-Winbox •If still in the browser, scroll down and click “logout” •You will see: •Click on “Winbox” •Save “winbox.exe” 2013-01-01 32
WinBox and MAC-WinBox •Click on WinBox’s icon. •IP address 192.168.88.1 then click “Connect” •You will see: –Click “OK” 2013-01-01 33
WinBox’s menus •Take 5 minutes to go through the menus •Take special notice of: –IP  Addresses –IP  Routes –System  SNTP –System  Packages –System  Routerboard 2013-01-01 34
Console port •Requires the computer be connected to the router via a null- modem (RS-232 port). –Default is 115200bps, 8 data bits, 1 stop bit, no parity 2013-01-01 35
SSH and Telnet •Standard IP tools to access router •Telnet communications are in clear text –Available on most Operating Systems –Unsecured!! •SSH communications are encrypted –Secured!! –Many Open Source (free) tools available such as PuTTY (http://www.putty.org/) 2013-01-01 36
CLI •Stands for Command Line Interface •It’s what you see when you use the console port, SSH, Telnet, or New Terminal (inside Winbox) •A must know if you plan to use scripts or automate tasks! 2013-01-01 37
Initial configuration (Internet access) 2013-01-01 38
Basic or blank configuration? •You may or may not have a basic configuration when freshly installed •You may choose not to take the default basic configuration •Check the following web page to find out how your device will behave: –http://wiki.mikrotik.com/wiki/Manual:Default_Configurations 2013-01-01 39
Basic configuration •Depending on your hardware, you will have a default setup, which may include: –WAN port –LAN port(s) –DHCP client (WAN) and server (LAN) –Basic firewall rules –NAT rule –Default LAN IP address 2013-01-01 40
Basic configuration •When connecting for the first time with WinBox, click on “OK” •The router now has the default basic configuration. 2013-01-01 41
Blank configuration •Can be used in situations when the default basic configuration is not required. –No need for firewall rules –No need for NATing 2013-01-01 42
Blank configuration •The minimal steps to setup a basic access to the Internet (if your router does not have a default basic configuration) –LAN IP addresses, Default gateway and DNS server –WAN IP address –NAT rule (masquerade) –SNTP client and time zone 2013-01-01 43
Upgrading the router 2013-01-01 44
When to upgrade •Fix a known bug. •Need a new feature. •Improved performance. NOTE : PLEASE read the changelog!! 2013-01-01 45 What's new in 5.25 (2013-Apr-25 15:59): *) web proxy - speed up startup; *) metarouter - fixed occasional lockups on mipsbe boards; *) wireless - update required when using small width channel RB2011 RB9xx caveat: update remote end/s before updating AP as both side are required to use new/same version for a link
The procedure •It requires planning. –Steps may have to be done in precise order. •It requires testing… –And testing… –And, yes, testing! 2013-01-01 46
Before you upgrade •Know what architecture (mipsbe, ppc, x86, mipsle, tile) you are upgrading. –If in doubt, Winbox indicates the architecture in top left corner! •Know what files you require: –NPK : Base RouterOS image with standard packages (Always) –ZIP : Additional packages (based on needs) –Changelog : Indicates what has changed and special indications (Always) 2013-01-01 47
How to upgrade •Get the package files from MikroTik’s website –Downloads page 2013-01-01 48
How to upgrade •Three ways –Download file(s) and copy over to router. –“Check for updates” (System -> Packages) –Auto Upgrade (System -> Auto Upgrade) 2013-01-01 49
Downloading the files •Copy file(s) to the router via “Files” window. Examples are: –routeros-mipsbe-5.25.npk –ntp-5.25-mipsbe.npk •Reboot •Validate state of router 2013-01-01 50
Checking for updates (with /system packages) •Through the menu “System -> Packages” •Click on “Check for Updates” then “Download & Upgrade” •Reboots automatically •Validate packages2013-01-01 51
Auto upgrading •Copy required files by all routers to an internal router (source). •Configure all routers to point to source router •Display available packages •Select and download packages •Reboot and validate router 2013-01-01 52
Auto upgrading 2013-01-01 53
RouterBOOT firmware upgrade •Check current version 2013-01-01 54 [admin@MikroTik] > /system routerboard print routerboard: yes model: 951-2n serial-number: 35F60246052A current-firmware: 3.02 upgrade-firmware: 3.05 [admin@MikroTik] >
RouterBOOT firmware upgrade •Upgrade if required (It is in this example) 2013-01-01 55 [admin@MikroTik] > /system routerboard upgrade Do you really want to upgrade firmware? [y/n] y firmware upgraded successfully, please reboot for changes to take effect! [admin@MikroTik] > /system reboot Reboot, yes? [y/N]:
Managing RouterOS logins 2013-01-01 56
User accounts •Create user accounts to –Manage privileges –Log user actions •Create user groups to –Have greater flexibility when assigning privileges 2013-01-01 57
Managing RouterOS services 2013-01-01 58
IP Services •Manage IP services to –Limit resource usage (CPU, memory) –Limit security threats (Open ports) –Change TCP ports –Limit accepted IP addresses / IP subnets 2013-01-01 59
IP Services •To control services, go to “IP -> Services” •Disable or enable required services. 2013-01-01 60
Access to IP Services •Double-click on a service •If needed, specify which hosts or subnets can access the service –Good practice to limit certain services to network administrators 2013-01-01 61
Managing configuration backups 2013-01-01 62
Types of backups •Binary backup •Configuration export 2013-01-01 63
Binary backups •Complete system backup •Includes passwords •Assumes that restores will be on same router 2013-01-01 64
Export files •Complete or partial configuration •Generates a script file or sends to screen •Use “compact” to show only non- default configurations (default on ROS6) •Use “verbose” to2013-01-01 65
Archiving backup files •Once generated, copy them to a server –With SFTP (secured approach) –With FTP, if enabled in IP Services –Using drag and drop from “Files” window •Leaving backup files on the router IS NOT a good archival strategy –No tape or CD backups are made of routers 2013-01-01 66
RouterOS licenses 2013-01-01 67
License levels •6 levels of licenses –0 : Demo (24 hours) –1 : Free (very limited) –3 : WISP CPE (Wi-Fi client) –4 : WISP (required to run an access point) –5 : WISP (more capabilities) –6 : Controller (unlimited capabilities) 2013-01-01 68
Licenses •Determines the capabilities allowed on your router. •RouterBOARD come with a preinstalled license. –Levels vary •Licenses must be purchased for an X86 system. –One license is valid for only one machine. 2013-01-01 69
Updating licenses •Levels are described at the web page http://wiki.mikrotik.com/wiki/Manual:License •Typical uses –Level 3: CPE, wireless client –Level 4: WISP –Level 5: Larger WISP –Level 6: ISP internal infrastructure (Cloud Core) 2013-01-01 70
Use of licenses •Cannot upgrade license level. Buy the right device / license right from the start. •The license is bound to the drive it is installed on. Be careful not to format the drive using non-Mikrotik tools. •Read the license web page for more details! 2013-01-01 71
Netinstall 2013-01-01 72
Uses of Netinstall •Reinstall RouterOS if the original one became damaged •Reinstall RouterOS if the “admin” password was lost •Can be found on MikroTik’s web site under the download tab 2013-01-01 73
Procedure, no COM port For RBs without a COM port. •Connect computer to Ethernet port 1 –Give computer a static IP address and mask •Launch Netinstall –Click on “Net booting” and write a random IP address in the same subnet as computer •In “Packages” section, click “Browse” and select directory containing valid NPK files 2013-01-01 74
Procedure, no COM port •Press the “reset” button until the “ACT” LED turns off –Router will appear in “Routers/Drives” section –Select it! •Select required RouterOS version from “Packages” section –“Install” button becomes available; click it! 2013-01-01 75
Procedure, no COM port •The progress bar will turn blue as the NPK file is being transferred •Once completed, reconnect the computer cable in one of valid ports and Internet access cable in port 1 •Use MAC-Winbox to connect as configuration will be blank –Even if “Keep old configuration” was checked!! 2013-01-01 76
Procedure, no COM port •Upload a configuration backup and reboot –(thus the importance of proper backup management!) •If the problem was a lost password, redo the configuration from scratch, as the backup will use the same forgotten password –(thus the importance of proper access management!) 2013-01-01 77
Procedure, with COM port For RBs with a COM port •It starts off (almost) the same –PC in Ethernet port 1 with static address –Connect PC’s serial port to RouterBOARD’s console (COM) port –Launch Netinstall (and configure the “Net Booting” parameter) –Select directory with NPK files 2013-01-01 78
Procedure, with COM port •Reboot the router •Press “Enter”, when prompted, to enter setup •Press “o” for boot device •Press “e” for Ethernet •Press “x” to exit setup (which reboots the router) 2013-01-01 79
Procedure, with COM port •Router will appear in “Routers/Drives” section –Select it •Select RouterOS package that will be installed •Click “Keep old configuration” •“Install” button becomes available; click it! 2013-01-01 80
Procedure, with COM port •The progress bar will turn blue as the NPK file is being transferred •Once completed, reconnect the computer cable in one of valid ports and Internet access cable in port 1 •You can use Winbox to connect –The “Keep old configuration” option works here!! 2013-01-01 81
Procedure, with COM port •Reboot the router •Press “Enter”, when prompted, to enter setup •Press “o” for boot device •Press “n” for NAND then Ethernet on fail –If you forget, you will always boot from Ethernet •Press “x” to exit setup (which reboots the router) 2013-01-01 82
Additional Ressources 2013-01-01 83
Wiki http://wiki.mikrotik.com/wiki/Manual:TOC •RouterOS main Wiki page •Documentation on all RouterOS commands –Explanation –Syntax –Examples •Extra tips and tricks 2013-01-01 84
Tiktube http://www.tiktube.com/ •Video resources on various subjects •Presented by trainers, partners, ISPs, etc. •May include presentation slides •Various languages 2013-01-01 85
Forum http://forum.mikrotik.com/ •Moderated by Mikrotik staff •Discussion board on various topics •A LOT of information can be found here –You could find a solution to your problem! •Please search BEFORE posting a question –Standard forum etiquette 2013-01-01 86
Mikrotik support support@mikrotik.com •Support procedures explained at http://www.mikrotik.com/support.html •Support from Mikrotik for 15 days (license level 4) and 30 days (license level 5 and level 6) if router bought from them 2013-01-01 87
Distributor / consultant support •Support is given by distributor when router is purchased from them •Certified consultants can be hired for special needs. Visit http://www.mikrotik.com/consultants.html for more information 2013-01-01 88
End of module 1 Time for a practical exercise 2013-01-01 89
Laboratory •Goals of the lab –Familiarise students with access methods –Configure Internet access –Upgrade the router with current RouterOS –Create a limited access group, assign it a user –Manage IP services –Do a backup of current configuration and restore it after doing a factory reset 2013-01-01 90
Laboratory : Setup 2013-01-01 91
Laboratory : step 1 •Configure your computer with the static IP address of your pod –Specify subnet mask –Specify default gateway (your router) –Specify DNS server (your router) •Do a Netinstall of ROS 6 •Once rebooted, connect to it in the manner that will allow you full access 2013-01-01 92
Laboratory : step 2 •Configure the router’s LAN IP address •Configure the router’s WAN IP address •Configure the router’s NAT rule •Configure the router’s DNS server •Configure the router’s default route* 2013-01-01 93
Laboratory : step 3 •Add a group named “minimal” –Give it the “telnet”, “read”, and “winbox” rights –Explain these rights •Add a user and give it your name –Assign it to “minimal” group –Give it a password •Assign a password to “admin” –Give it “podX”, where “X” is your pod number –Open a new terminal. What happened? 2013-01-01 94
Laboratory : step 4 •Insure that RouterBOARD firmware is up to date. •Copy NTP package (NPK file) –Check System -> SNTP Client –Check System -> NTP Client and NTP Server –What happened? •Once rebooted –Check System -> SNTP Client –Check System -> NTP Client and NTP Server •Configure NTP client and clock’s timezone 2013-01-01 95
Laboratory : step 5 •The students will telnet into the router •The students will disable these IP services: –Telnet –WWW •The students will connect to the router using Telnet, a Web browser and SSH –Explain the results 2013-01-01 96
Laboratory : step 6 •Open a “New Terminal” and the “Files” window •Export the configuration, from the root, to a file named “module1-podX” •Do a binary backup •Copy both files to your computer –Open both of them and view contents –Delete your NAT rule and use the “exported” file to recreate it rapidly 2013-01-01 97
Laboratory : step 7 •View the routerBOARD’s license –Check the level of the router and indicate it’s meaning –As a group, discuss the potential uses from this level of license 2013-01-01 98
End of Laboratory 1 2013-01-01 99

Recommended

MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network
GLC Networks
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
Achmad Mardiansyah
 
MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2
Yaser Rahmati
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
Jignesh H. Bhalsod
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
GLC Networks
 

Recommended

MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
Ali Layth
 
Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network Using Mikrotik Switch Features to Improve Your Network
Using Mikrotik Switch Features to Improve Your Network
GLC Networks
 
MikroTik & RouterOS
MikroTik & RouterOSMikroTik & RouterOS
MikroTik & RouterOS
Faelix Ltd
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
Achmad Mardiansyah
 
MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2MTCNA - MikroTik Certified Network Associate - v2
MTCNA - MikroTik Certified Network Associate - v2
Yaser Rahmati
 
Mikro tik advanced training
Mikro tik advanced trainingMikro tik advanced training
Mikro tik advanced training
Jignesh H. Bhalsod
 
MikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port KnockingMikroTik Firewall : Securing your Router with Port Knocking
MikroTik Firewall : Securing your Router with Port Knocking
Akbar Azwir, MM, PMP, PMI-SP, PSM I, CISSP
 
Tunnel vs VPN on Mikrotik
Tunnel vs VPN on MikrotikTunnel vs VPN on Mikrotik
Tunnel vs VPN on Mikrotik
GLC Networks
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
Rofiq Fauzi
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
Bryley Systems Inc.
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
JoAnna Cheshire
 
Data center network reference architecture with hpe flex fabric
Data center network reference architecture with hpe flex fabricData center network reference architecture with hpe flex fabric
Data center network reference architecture with hpe flex fabric
Aruba, a Hewlett Packard Enterprise company
 
Vpc notes
Vpc notesVpc notes
Vpc notes
Krunal Shah
 
Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2
Aruba, a Hewlett Packard Enterprise company
 
Ccna
CcnaCcna
Ccna
AdityaKumar1548
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
GLC Networks
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
Aruba, a Hewlett Packard Enterprise company
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
Simon Vass
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
MehtabRohela
 
BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1
GLC Networks
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
Md Sohrab Hossain Sourav
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configuration
Tola LENG
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
ssuser5824cf
 
Biznet guideline configuration mikrotik router
Biznet guideline configuration mikrotik routerBiznet guideline configuration mikrotik router
Biznet guideline configuration mikrotik router
arimayawulantara
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotik
Achmad Mardiansyah
 
(Mikrotik)MTCNA presentation Material-IDN
(Mikrotik)MTCNA presentation Material-IDN(Mikrotik)MTCNA presentation Material-IDN
(Mikrotik)MTCNA presentation Material-IDN
Andry Ansah
 
Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)
Rofiq Fauzi
 

More Related Content

What's hot

What's hot (20)

EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Data center network reference architecture with hpe flex fabric
Data center network reference architecture with hpe flex fabricData center network reference architecture with hpe flex fabric
Data center network reference architecture with hpe flex fabric
 
Vpc notes
Vpc notesVpc notes
Vpc notes
 
Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2
 
Ccna
CcnaCcna
Ccna
 
Mikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and SecurityMikrotik IP Settings For Performance and Security
Mikrotik IP Settings For Performance and Security
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
pfSense presentation
pfSense presentationpfSense presentation
pfSense presentation
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
 
BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1BGP on RouterOS7 -Part 1
BGP on RouterOS7 -Part 1
 
Mikrotik Tutorial
Mikrotik TutorialMikrotik Tutorial
Mikrotik Tutorial
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configuration
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
 
Biznet guideline configuration mikrotik router
Biznet guideline configuration mikrotik routerBiznet guideline configuration mikrotik router
Biznet guideline configuration mikrotik router
 
VLAN on mikrotik
VLAN on mikrotikVLAN on mikrotik
VLAN on mikrotik
 

Viewers also liked

Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)
Rofiq Fauzi
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu
theviper0308
 

Viewers also liked (20)

(Mikrotik)MTCNA presentation Material-IDN
(Mikrotik)MTCNA presentation Material-IDN(Mikrotik)MTCNA presentation Material-IDN
(Mikrotik)MTCNA presentation Material-IDN
 
Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)Mikrotik Network Simulator (MUM Presentation Material 2013)
Mikrotik Network Simulator (MUM Presentation Material 2013)
 
soal latihan mikrotik
soal latihan mikrotik soal latihan mikrotik
soal latihan mikrotik
 
Examen mtca lima2011
Examen mtca lima2011Examen mtca lima2011
Examen mtca lima2011
 
Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu Tutorial mikrotik step by step anung muhandanu
Tutorial mikrotik step by step anung muhandanu
 
Mikrotik advanced
Mikrotik advancedMikrotik advanced
Mikrotik advanced
 
Latihan soal MikroTik 1
Latihan soal MikroTik 1Latihan soal MikroTik 1
Latihan soal MikroTik 1
 
Class 1
Class 1Class 1
Class 1
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
 
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
MikroTik Hotspot 2.0 (IEEE 802.11u) - MUM Jakarta 2016
 
Memahami arti kode seri mikrotik
Memahami arti kode seri mikrotikMemahami arti kode seri mikrotik
Memahami arti kode seri mikrotik
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
Meta Router mum-yogya Nov 2013
Meta Router mum-yogya Nov 2013Meta Router mum-yogya Nov 2013
Meta Router mum-yogya Nov 2013
 
Class 4
Class 4Class 4
Class 4
 
Class 2
Class 2Class 2
Class 2
 
Basic Mikrotik
Basic MikrotikBasic Mikrotik
Basic Mikrotik
 
Mikrotik ppt
Mikrotik pptMikrotik ppt
Mikrotik ppt
 
P4 membangun hotspot menggunakan mikro tik rb941 2nd
P4 membangun hotspot menggunakan mikro tik rb941 2ndP4 membangun hotspot menggunakan mikro tik rb941 2nd
P4 membangun hotspot menggunakan mikro tik rb941 2nd
 
Class 3
Class 3Class 3
Class 3
 
P1 pengenalan mikrotik
P1 pengenalan mikrotikP1 pengenalan mikrotik
P1 pengenalan mikrotik
 

Similar to MTCNA

252461724-Pengenalan-MikroTik-MTCNA.pdf
252461724-Pengenalan-MikroTik-MTCNA.pdf252461724-Pengenalan-MikroTik-MTCNA.pdf
252461724-Pengenalan-MikroTik-MTCNA.pdf
QuynTrnVn4
 
Mohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -fMohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -f
mimo1000
 
chapter10-120827115414-phpapp02.pdf
chapter10-120827115414-phpapp02.pdfchapter10-120827115414-phpapp02.pdf
chapter10-120827115414-phpapp02.pdf
AxmedMaxamuud6
 
Kordik fundamental guidtoindustrialnetworking -v_imp
Kordik fundamental guidtoindustrialnetworking -v_impKordik fundamental guidtoindustrialnetworking -v_imp
Kordik fundamental guidtoindustrialnetworking -v_imp
amsubramanyam
 
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
mfrancis
 

Similar to MTCNA (20)

Ebr 2310 revb-manual_2.1.0_en
Ebr 2310 revb-manual_2.1.0_enEbr 2310 revb-manual_2.1.0_en
Ebr 2310 revb-manual_2.1.0_en
 
252461724-Pengenalan-MikroTik-MTCNA.pdf
252461724-Pengenalan-MikroTik-MTCNA.pdf252461724-Pengenalan-MikroTik-MTCNA.pdf
252461724-Pengenalan-MikroTik-MTCNA.pdf
 
Open19 9/2016
Open19 9/2016Open19 9/2016
Open19 9/2016
 
Chapter 10 System Architecture.Information Technology Project Management pptx
Chapter 10 System Architecture.Information Technology Project Management pptxChapter 10 System Architecture.Information Technology Project Management pptx
Chapter 10 System Architecture.Information Technology Project Management pptx
 
Mohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -fMohamed Malik Resume PC-LAN PR1 -f
Mohamed Malik Resume PC-LAN PR1 -f
 
chapter10-120827115414-phpapp02.pdf
chapter10-120827115414-phpapp02.pdfchapter10-120827115414-phpapp02.pdf
chapter10-120827115414-phpapp02.pdf
 
IPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPsIPv6 Transition Considerations for ISPs
IPv6 Transition Considerations for ISPs
 
HomeControl
HomeControlHomeControl
HomeControl
 
OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...
OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...
OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...
 
4_SDN.pdf
4_SDN.pdf4_SDN.pdf
4_SDN.pdf
 
Enterprise Networks for Connected Buildings
Enterprise Networks for Connected BuildingsEnterprise Networks for Connected Buildings
Enterprise Networks for Connected Buildings
 
Kordik fundamental guidtoindustrialnetworking -v_imp
Kordik fundamental guidtoindustrialnetworking -v_impKordik fundamental guidtoindustrialnetworking -v_imp
Kordik fundamental guidtoindustrialnetworking -v_imp
 
Central Office ReArchitected as a Data Center
Central Office ReArchitected as a Data CenterCentral Office ReArchitected as a Data Center
Central Office ReArchitected as a Data Center
 
network design and administration
network design and administrationnetwork design and administration
network design and administration
 
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
 
Sandeeprana
SandeepranaSandeeprana
Sandeeprana
 
Presentatie Alcom - Meetup
Presentatie Alcom - Meetup Presentatie Alcom - Meetup
Presentatie Alcom - Meetup
 
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
OSGi Technology in the France Telecom Plugs Home Platform - Gilles Deflandre,...
 
subok
suboksubok
subok
 
CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11CCNA v6.0 ITN - Chapter 11
CCNA v6.0 ITN - Chapter 11
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
 

Recently uploaded (20)

IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 

MTCNA

  • 1. MikroTik Certified Network Associate (MTCNA) Laval, Canada January 1st to 3rd, 2013 2013-01-01 1
  • 2. Why take the MTCNA course? •Introduction to RouterOS and RouterBOARD products. •Gives you an overview of what that can be done with RouterOS and RouterBOARD products. •Will give you a solid foundation and valuable tools to do your work. 2013-01-01 2
  • 3. Course objectives At the end of this course, the student will: •Be familiar with RouterOS software and RouterBoard products •Be able to configure, manage, do basic troubleshooting of a MikroTik router •Be able to provide basic services to clients 2013-01-01 3
  • 5. Schedule •Typical day (3 of them) –9h00 to 17h00 •30 minute breaks –10h30 and 15h00 •Lunch break –11h30 to 12h30 •Exam –On last day, 1 hour duration 2013-01-01 5
  • 6. House keeping •Emergency exits •Dress code •Food and drinks while in class •This course is based on RouterOS 6 and RB951-2n –Module 1 is based on ROS 5.25 2013-01-01 6
  • 7. Various Out of respect for the other students and the trainer: •Put you cell phone and other business tools on vibration mode •Take your calls outside the classroom 2013-01-01 7
  • 10. What is RouterOS? •MikroTik RouterOS is the operating system of MikroTik RouterBOARD hardware. •It has all the necessary features for an ISP or network administrator such as routing, firewall, bandwidth management, wireless access point, backhaul link, hotspot gateway, VPN server and more. 2013-01-01 10
  • 11. What is RouterOS? •RouterOS is a stand-alone operating system based on the Linux v3.3.5 kernel and provides all the functions in a quick and simple installation and with an easy to use interface 2013-01-01 11
  • 12. What is RouterBOARD? •A family of hardware solutions created by MikroTik to answer the needs of customers around the world. •All operate with RouterOS. routerboard.com or 2013-01-01 12
  • 13. Integrated Solutions •These products are provided complete with cases and power adapters. •Ready to use and preconfigured with the most basic functionality. •All you need to do is to plug it in and connect to the Internet or a corporate network. 2013-01-01 13
  • 14. RouterBOARD (boards only) •Small motherboard devices that are sold “as is”. You must choose the case, power adapter and interfaces separately. Perfect for assembling your own systems as they offer the biggest customization options. 2013-01-01 14
  • 15. Enclosures •Indoor and outdoor casings to house your RouterBOARD devices. Select based on: –intended location of use –the RouterBOARD model –the type of connections needed (USB, antennas, etc.). 2013-01-01 15
  • 16. Interfaces •Ethernet modules, fiber SFPs or wireless radio cards to expand the functionality of RouterBOARD devices and PCs running RouterOS. •Once again, selection is based on your needs. 2013-01-01 16
  • 17. Accessories •These devices are made for MikroTik products - power adapters, mounts, antennas and PoE injectors. 2013-01-01 17
  • 18. MFM •With the MFM (Made for Mikrotik) program, 3rd party options make creating your router even better! 2013-01-01 18
  • 19. Why get an integrated router? •Can address many needs •Some add-on options •Little to no expansion •Fixed configuration •Simple, yet solid solution for many needs 2013-01-01 19
  • 20. Integrated router, examples RB951G-2HnD •Good for home or small office •5 Gig ports •Built-in Wi-Fi (2,4GHz) •License level 4 2013-01-01 20
  • 21. Integrated router, examples SXT Sixpack (1 OmniTIK U-5HnD with 5 SXT-5HPnD) •Good for WISP or company with branch offices •5 100Mbps ports (OmniTik) •5GHz 802.11a/n radios •Can cover 5Km2013-01-01 21
  • 22. Integrated router, examples CCR1036-12G-4S Cloud Router Flagship model •Good for ISPs or company networks •1U rack mount •12 Gig ports •Serial console, USB and color2013-01-01 22
  • 23. Note of interest •Router names are selected according to feature set. Here are some examples: –CCR : Cloud Core Router –RB : RouterBoard –2, 5 : 2,4GHZ or 5GHz wifi radio –H : High powered radio –S : SFP –U : USB –i : Injector –G : Gigabit ethernet 2013-01-01 23
  • 24. Why build your own router? •Can address a greater variety of needs •Many add-on options / Lots of expansion •Customizable configuration •Can be integrated into client equipment or cabinet •More complete solution for particular needs 2013-01-01 24
  • 25. Custom router, examples Flexible CPE •RB411UAHR –1 100Mbps port –1 2,4GHz radio (b/g) –Level 4 license •Add power supply or PoE module •Add 3rd party enclosure 2013-01-01 25
  • 26. Custom router, examples Powerful Hotspot •RB493G –9 gig ports –Level 5 license •Add power supply or PoE module •Add R2SHPn (2,4GHz radio card) •Add R5SHPn (5GHz radio card) •Add 3rd party2013-01-01 26
  • 27. First time accessing the router 2013-01-01 27
  • 28. Internet browser •Intuitive way of connecting to a RouterOS router. 2013-01-01 28
  • 29. Internet browser •Connect to router with Ethernet cable •Launch browser •Type in the IP address •If asked for, log in. Username is “admin” and password is blank 2013-01-01 29
  • 30. Internet browser •You will see: 2013-01-01 30
  • 31. WinBox and MAC-Winbox •WinBox is MikroTik’s proprietary interface to access RouterOS routers. •It can be downloaded from MikroTik’s website or from the router. •It is used to access the router through IP (OSI layer 3) or MAC (OSI layer 2). 2013-01-01 31
  • 32. WinBox and MAC-Winbox •If still in the browser, scroll down and click “logout” •You will see: •Click on “Winbox” •Save “winbox.exe” 2013-01-01 32
  • 33. WinBox and MAC-WinBox •Click on WinBox’s icon. •IP address 192.168.88.1 then click “Connect” •You will see: –Click “OK” 2013-01-01 33
  • 34. WinBox’s menus •Take 5 minutes to go through the menus •Take special notice of: –IP  Addresses –IP  Routes –System  SNTP –System  Packages –System  Routerboard 2013-01-01 34
  • 35. Console port •Requires the computer be connected to the router via a null- modem (RS-232 port). –Default is 115200bps, 8 data bits, 1 stop bit, no parity 2013-01-01 35
  • 36. SSH and Telnet •Standard IP tools to access router •Telnet communications are in clear text –Available on most Operating Systems –Unsecured!! •SSH communications are encrypted –Secured!! –Many Open Source (free) tools available such as PuTTY (http://www.putty.org/) 2013-01-01 36
  • 37. CLI •Stands for Command Line Interface •It’s what you see when you use the console port, SSH, Telnet, or New Terminal (inside Winbox) •A must know if you plan to use scripts or automate tasks! 2013-01-01 37
  • 39. Basic or blank configuration? •You may or may not have a basic configuration when freshly installed •You may choose not to take the default basic configuration •Check the following web page to find out how your device will behave: –http://wiki.mikrotik.com/wiki/Manual:Default_Configurations 2013-01-01 39
  • 40. Basic configuration •Depending on your hardware, you will have a default setup, which may include: –WAN port –LAN port(s) –DHCP client (WAN) and server (LAN) –Basic firewall rules –NAT rule –Default LAN IP address 2013-01-01 40
  • 41. Basic configuration •When connecting for the first time with WinBox, click on “OK” •The router now has the default basic configuration. 2013-01-01 41
  • 42. Blank configuration •Can be used in situations when the default basic configuration is not required. –No need for firewall rules –No need for NATing 2013-01-01 42
  • 43. Blank configuration •The minimal steps to setup a basic access to the Internet (if your router does not have a default basic configuration) –LAN IP addresses, Default gateway and DNS server –WAN IP address –NAT rule (masquerade) –SNTP client and time zone 2013-01-01 43
  • 45. When to upgrade •Fix a known bug. •Need a new feature. •Improved performance. NOTE : PLEASE read the changelog!! 2013-01-01 45 What's new in 5.25 (2013-Apr-25 15:59): *) web proxy - speed up startup; *) metarouter - fixed occasional lockups on mipsbe boards; *) wireless - update required when using small width channel RB2011 RB9xx caveat: update remote end/s before updating AP as both side are required to use new/same version for a link
  • 46. The procedure •It requires planning. –Steps may have to be done in precise order. •It requires testing… –And testing… –And, yes, testing! 2013-01-01 46
  • 47. Before you upgrade •Know what architecture (mipsbe, ppc, x86, mipsle, tile) you are upgrading. –If in doubt, Winbox indicates the architecture in top left corner! •Know what files you require: –NPK : Base RouterOS image with standard packages (Always) –ZIP : Additional packages (based on needs) –Changelog : Indicates what has changed and special indications (Always) 2013-01-01 47
  • 48. How to upgrade •Get the package files from MikroTik’s website –Downloads page 2013-01-01 48
  • 49. How to upgrade •Three ways –Download file(s) and copy over to router. –“Check for updates” (System -> Packages) –Auto Upgrade (System -> Auto Upgrade) 2013-01-01 49
  • 50. Downloading the files •Copy file(s) to the router via “Files” window. Examples are: –routeros-mipsbe-5.25.npk –ntp-5.25-mipsbe.npk •Reboot •Validate state of router 2013-01-01 50
  • 51. Checking for updates (with /system packages) •Through the menu “System -> Packages” •Click on “Check for Updates” then “Download & Upgrade” •Reboots automatically •Validate packages2013-01-01 51
  • 52. Auto upgrading •Copy required files by all routers to an internal router (source). •Configure all routers to point to source router •Display available packages •Select and download packages •Reboot and validate router 2013-01-01 52
  • 54. RouterBOOT firmware upgrade •Check current version 2013-01-01 54 [admin@MikroTik] > /system routerboard print routerboard: yes model: 951-2n serial-number: 35F60246052A current-firmware: 3.02 upgrade-firmware: 3.05 [admin@MikroTik] >
  • 55. RouterBOOT firmware upgrade •Upgrade if required (It is in this example) 2013-01-01 55 [admin@MikroTik] > /system routerboard upgrade Do you really want to upgrade firmware? [y/n] y firmware upgraded successfully, please reboot for changes to take effect! [admin@MikroTik] > /system reboot Reboot, yes? [y/N]:
  • 57. User accounts •Create user accounts to –Manage privileges –Log user actions •Create user groups to –Have greater flexibility when assigning privileges 2013-01-01 57
  • 59. IP Services •Manage IP services to –Limit resource usage (CPU, memory) –Limit security threats (Open ports) –Change TCP ports –Limit accepted IP addresses / IP subnets 2013-01-01 59
  • 60. IP Services •To control services, go to “IP -> Services” •Disable or enable required services. 2013-01-01 60
  • 61. Access to IP Services •Double-click on a service •If needed, specify which hosts or subnets can access the service –Good practice to limit certain services to network administrators 2013-01-01 61
  • 63. Types of backups •Binary backup •Configuration export 2013-01-01 63
  • 64. Binary backups •Complete system backup •Includes passwords •Assumes that restores will be on same router 2013-01-01 64
  • 65. Export files •Complete or partial configuration •Generates a script file or sends to screen •Use “compact” to show only non- default configurations (default on ROS6) •Use “verbose” to2013-01-01 65
  • 66. Archiving backup files •Once generated, copy them to a server –With SFTP (secured approach) –With FTP, if enabled in IP Services –Using drag and drop from “Files” window •Leaving backup files on the router IS NOT a good archival strategy –No tape or CD backups are made of routers 2013-01-01 66
  • 68. License levels •6 levels of licenses –0 : Demo (24 hours) –1 : Free (very limited) –3 : WISP CPE (Wi-Fi client) –4 : WISP (required to run an access point) –5 : WISP (more capabilities) –6 : Controller (unlimited capabilities) 2013-01-01 68
  • 69. Licenses •Determines the capabilities allowed on your router. •RouterBOARD come with a preinstalled license. –Levels vary •Licenses must be purchased for an X86 system. –One license is valid for only one machine. 2013-01-01 69
  • 70. Updating licenses •Levels are described at the web page http://wiki.mikrotik.com/wiki/Manual:License •Typical uses –Level 3: CPE, wireless client –Level 4: WISP –Level 5: Larger WISP –Level 6: ISP internal infrastructure (Cloud Core) 2013-01-01 70
  • 71. Use of licenses •Cannot upgrade license level. Buy the right device / license right from the start. •The license is bound to the drive it is installed on. Be careful not to format the drive using non-Mikrotik tools. •Read the license web page for more details! 2013-01-01 71
  • 73. Uses of Netinstall •Reinstall RouterOS if the original one became damaged •Reinstall RouterOS if the “admin” password was lost •Can be found on MikroTik’s web site under the download tab 2013-01-01 73
  • 74. Procedure, no COM port For RBs without a COM port. •Connect computer to Ethernet port 1 –Give computer a static IP address and mask •Launch Netinstall –Click on “Net booting” and write a random IP address in the same subnet as computer •In “Packages” section, click “Browse” and select directory containing valid NPK files 2013-01-01 74
  • 75. Procedure, no COM port •Press the “reset” button until the “ACT” LED turns off –Router will appear in “Routers/Drives” section –Select it! •Select required RouterOS version from “Packages” section –“Install” button becomes available; click it! 2013-01-01 75
  • 76. Procedure, no COM port •The progress bar will turn blue as the NPK file is being transferred •Once completed, reconnect the computer cable in one of valid ports and Internet access cable in port 1 •Use MAC-Winbox to connect as configuration will be blank –Even if “Keep old configuration” was checked!! 2013-01-01 76
  • 77. Procedure, no COM port •Upload a configuration backup and reboot –(thus the importance of proper backup management!) •If the problem was a lost password, redo the configuration from scratch, as the backup will use the same forgotten password –(thus the importance of proper access management!) 2013-01-01 77
  • 78. Procedure, with COM port For RBs with a COM port •It starts off (almost) the same –PC in Ethernet port 1 with static address –Connect PC’s serial port to RouterBOARD’s console (COM) port –Launch Netinstall (and configure the “Net Booting” parameter) –Select directory with NPK files 2013-01-01 78
  • 79. Procedure, with COM port •Reboot the router •Press “Enter”, when prompted, to enter setup •Press “o” for boot device •Press “e” for Ethernet •Press “x” to exit setup (which reboots the router) 2013-01-01 79
  • 80. Procedure, with COM port •Router will appear in “Routers/Drives” section –Select it •Select RouterOS package that will be installed •Click “Keep old configuration” •“Install” button becomes available; click it! 2013-01-01 80
  • 81. Procedure, with COM port •The progress bar will turn blue as the NPK file is being transferred •Once completed, reconnect the computer cable in one of valid ports and Internet access cable in port 1 •You can use Winbox to connect –The “Keep old configuration” option works here!! 2013-01-01 81
  • 82. Procedure, with COM port •Reboot the router •Press “Enter”, when prompted, to enter setup •Press “o” for boot device •Press “n” for NAND then Ethernet on fail –If you forget, you will always boot from Ethernet •Press “x” to exit setup (which reboots the router) 2013-01-01 82
  • 84. Wiki http://wiki.mikrotik.com/wiki/Manual:TOC •RouterOS main Wiki page •Documentation on all RouterOS commands –Explanation –Syntax –Examples •Extra tips and tricks 2013-01-01 84
  • 85. Tiktube http://www.tiktube.com/ •Video resources on various subjects •Presented by trainers, partners, ISPs, etc. •May include presentation slides •Various languages 2013-01-01 85
  • 86. Forum http://forum.mikrotik.com/ •Moderated by Mikrotik staff •Discussion board on various topics •A LOT of information can be found here –You could find a solution to your problem! •Please search BEFORE posting a question –Standard forum etiquette 2013-01-01 86
  • 87. Mikrotik support support@mikrotik.com •Support procedures explained at http://www.mikrotik.com/support.html •Support from Mikrotik for 15 days (license level 4) and 30 days (license level 5 and level 6) if router bought from them 2013-01-01 87
  • 88. Distributor / consultant support •Support is given by distributor when router is purchased from them •Certified consultants can be hired for special needs. Visit http://www.mikrotik.com/consultants.html for more information 2013-01-01 88
  • 89. End of module 1 Time for a practical exercise 2013-01-01 89
  • 90. Laboratory •Goals of the lab –Familiarise students with access methods –Configure Internet access –Upgrade the router with current RouterOS –Create a limited access group, assign it a user –Manage IP services –Do a backup of current configuration and restore it after doing a factory reset 2013-01-01 90
  • 92. Laboratory : step 1 •Configure your computer with the static IP address of your pod –Specify subnet mask –Specify default gateway (your router) –Specify DNS server (your router) •Do a Netinstall of ROS 6 •Once rebooted, connect to it in the manner that will allow you full access 2013-01-01 92
  • 93. Laboratory : step 2 •Configure the router’s LAN IP address •Configure the router’s WAN IP address •Configure the router’s NAT rule •Configure the router’s DNS server •Configure the router’s default route* 2013-01-01 93
  • 94. Laboratory : step 3 •Add a group named “minimal” –Give it the “telnet”, “read”, and “winbox” rights –Explain these rights •Add a user and give it your name –Assign it to “minimal” group –Give it a password •Assign a password to “admin” –Give it “podX”, where “X” is your pod number –Open a new terminal. What happened? 2013-01-01 94
  • 95. Laboratory : step 4 •Insure that RouterBOARD firmware is up to date. •Copy NTP package (NPK file) –Check System -> SNTP Client –Check System -> NTP Client and NTP Server –What happened? •Once rebooted –Check System -> SNTP Client –Check System -> NTP Client and NTP Server •Configure NTP client and clock’s timezone 2013-01-01 95
  • 96. Laboratory : step 5 •The students will telnet into the router •The students will disable these IP services: –Telnet –WWW •The students will connect to the router using Telnet, a Web browser and SSH –Explain the results 2013-01-01 96
  • 97. Laboratory : step 6 •Open a “New Terminal” and the “Files” window •Export the configuration, from the root, to a file named “module1-podX” •Do a binary backup •Copy both files to your computer –Open both of them and view contents –Delete your NAT rule and use the “exported” file to recreate it rapidly 2013-01-01 97
  • 98. Laboratory : step 7 •View the routerBOARD’s license –Check the level of the router and indicate it’s meaning –As a group, discuss the potential uses from this level of license 2013-01-01 98
  • 99. End of Laboratory 1 2013-01-01 99

Editor's Notes

  1. 6
  2. 9
  3. 10
  4. 12
  5. 18
  6. 19
  7. 20
  8. 21
  9. 22
  10. 23
  11. 24
  12. 25
  13. 26
  14. 27
  15. 28
  16. 29
  17. 30
  18. 31
  19. 32
  20. 33
  21. 35
  22. 36
  23. 37
  24. 39
  25. 42
  26. 43
  27. 45
  28. 46
  29. 47
  30. 49
  31. 50
  32. 51
  33. 52
  34. 53
  35. 57
  36. 59
  37. 60
  38. 61
  39. 65
  40. 66
  41. 70
  42. 74
  43. 88
  44. 90
  45. 91
  46. 92
  47. 93
  48. 94
  49. 95
  50. 96
  51. 97
  52. 98