Anda di halaman 1dari 13

RouterOS

by Example

Understanding MikroTik RouterOS
Through Real Life Applications







Stephen R.W. Discher

Editor: Bruce Pinnell


Cover Design: Enrique Gonzales
Illustrator: Phillip Crawford

Copyright 2011 by Stephen R.W. Discher. All rights reserved.


This book or any portion thereof may not be reproduced or used in any
manner whatsoever without the express written permission of the author
except for the use of brief quotations in a book review.
Printed in the United States of America, first printing, 2011.
ISBN 978-0-615-54704-6
Stephen R.W. Discher
LearnMikroTik.com
10770 State Highway 30
Suite 200
College Station, Texas 77845

Table of Contents

Acknowledgement ....................................................................... 15
INTRODUCTION ............................................................................ 16
Who or What is MikroTik? .................................................... 16
About The Author ......................................................................... 18
What is RouterOS? ................................................................... 20
About This Book ....................................................................... 20
Chapter 1 - First Time Access ................................................... 22
WinBox ........................................................................................ 22
Navigating WinBox .................................................................. 23
Inside WinBox ........................................................................... 25
Safe Mode .................................................................................... 25
Example Entering Safe Mode .................................................. 26
Command Line Terminal Options ...................................... 27
Telnet and SSH .......................................................................... 27
Serial Terminal ......................................................................... 27
Example- Forgotten Password .................................................. 28
3

Creating the Basic Configuration ........................................ 31


Example Add an IP Address .................................................... 35
Chapter 2 User Management ................................................ 36
Example - User and Group Assignments and Policy ........ 38
Chapter 3 Upgrading and Downgrading the Operating
System, Package Management ................................................ 41
Example Upgrading the Operating System ....................... 42
Example Downgrading the Operating System ................ 45
Example Upgrading using FTP ............................................... 46
Example Adding a Package ...................................................... 46
Example Best Practice for Package Management .......... 46
Chapter 4 Router Identity ...................................................... 48
Example Setting the System Identity .................................. 49
Chapter 5 System Time and the NTP Protocol ................ 50
NTP Client Setup ....................................................................... 50
Example Setting Up the NTP Client ...................................... 50
System Clock .............................................................................. 51
Example Setting the System Clock Manually and Setting
the Time Zone ................................................................................... 51
Advanced NTP Server Setup ................................................. 52
4

Example Enabling NTP Server ............................................... 53


Chapter 6 Backups .................................................................... 54
Example Creating a Binary Backup ...................................... 55
Example Restoring a Binary Backup ................................... 55
Text Based Backups ................................................................ 57
Example Creating a Text Export (text backup) ............... 57
Example Importing a Text Backup ....................................... 58
Chapter 7 Licensing .................................................................. 60
Example Determining Your License Level ........................ 63
Example Install a License ......................................................... 63
Chapter 8 Firewalls .................................................................. 66
Connections ................................................................................ 71
Two Ways To Control Access ................................................ 74
Forward Chain ........................................................................... 76
Address Lists .............................................................................. 78
Example The Basic Firewall .................................................... 79
Chapter 9 NAT, Network Address Translation ................ 89
Source NAT ................................................................................. 89
Destination NAT ....................................................................... 91
5

Special Types of NAT Rules .................................................. 94


Source NAT With Multiple Public IP Addresses ............ 94
Destination NAT with Action Redirect ............................. 95
Example A Simple Masquerade Rule ................................... 97
Example Destination NAT for a Web Server on the
Private Network with Port Translation ................................. 99
Example Source NAT to Source Traffic From a Certain
IP Address ........................................................................................ 101
Example Destination NAT with the Action Redirect .. 103
Service Ports - NAT Helpers .............................................. 104
Connection Tracking (on and off) ................................... 105
Example Disable Connection Tracking ............................. 106
Tools Torch .......................................................................... 107
Example Determining the Source of Traffic on a
Network ............................................................................................. 108
Chapter 10 - Bandwidth Limits ............................................ 110
Simple Queues ....................................................................... 110
Bursting ................................................................................... 112
Example Creating a Simple Queue for Computers in an
Office Network ................................................................................ 116
Example Creating a Queue for a Destination Host ...... 118
6

Example Create a Queue for Local Computers with


Burst ................................................................................................... 120
Packet Mangling .................................................................... 122
Example Packet Mangling Using Optimum Mangle ... 122
Traffic Prioritization ............................................................ 126
For Further Study: QOS ........................................................ 127
Example Queue Priority for VOIP Traffic ....................... 127
PCQ Per Connection Queuing ......................................... 132
Example Using PCQ with a Simple Queue, One Limit to
All ........................................................................................................ 133
Chapter 11 Tools .................................................................... 138
Bandwidth Test Utility ........................................................ 138
Example - Bandwidth Test Utility ......................................... 139
Monitoring Tools ................................................................... 141
Torch ......................................................................................... 142
Example Using Torch to Troubleshoot Slow Networks
.............................................................................................................. 144
Traffic Graphing .................................................................... 145
Example Configure a Graph for all Users in a Subnet 147
SNMP Simple Network Management Protocol ......... 150
Chapter 12 Local Area Networks ...................................... 152
7

ARP ............................................................................................ 153


Example Create a LAN that Requires Static ARP .......... 155
DNS ............................................................................................ 158
Example Configure DNS Client and Caching DNS Server
............................................................................................................... 158
DHCP Dynamic Host Configuration Protocol ............ 160
DHCP Client ............................................................................. 160
Example Add a DHCP Client .................................................. 161
DHCP Server ........................................................................... 162
Example Create a DHCP Server ........................................... 163
Example DHCP Static Leases ................................................. 166
Example DHCP Server Without an IP Pool ..................... 167
Hotspot Instant Public Internet .................................... 168
Example Set up hotspot .......................................................... 169
Example Create IP Bindings .................................................. 172
Example Create additional Users ........................................ 174
Example User Profiles .............................................................. 175
Example Server Profiles .......................................................... 177
Example Walled Garden ......................................................... 179
Example Creating a Custom Login Page ........................... 180
8

Web Proxy ............................................................................... 182


Example Configuring a Transparent Web Proxy ......... 183
Example Http Firewall, Allowing or Blocking Certain
Sites .................................................................................................... 187
Example Redirect Users to Certain Sites ........................ 191
Example Logging Web Traffic ............................................. 193
Example Logging to a Remote Syslog Server ................ 194
Chapter 13 Storage ................................................................ 197
System Stores ......................................................................... 197
Example Explore Stores ......................................................... 197
Example Create a Store .......................................................... 198
Chapter 14 More RouterOS Tools ..................................... 200
Email Tool ................................................................................ 200
Example Configure the Email Tool .................................... 201
Example Use a script With the Email Tool and
Scheduler to Create and Send a Backup ............................. 202
Netwatch .................................................................................. 205
Example Reboot the Router Using Netwatch ............... 205
Ping ............................................................................................ 206
Traceroute ............................................................................... 207
9

Profile ....................................................................................... 208


Chapter 15 Wireless ............................................................. 209
Wireless Theory .................................................................... 209
802.11b .................................................................................... 210
802.11g ..................................................................................... 210
802.11n .................................................................................... 211
Channelization 2.4 GHz 802.11b/g/n ......................... 211
Small Channels ...................................................................... 214
Bridged Versus Routed Access Points and Stations .. 214
Routed ...................................................................................... 214
Bridged ..................................................................................... 215
Example Configure an Access Point (PMP) With DHCP
Server ................................................................................................. 215
Example - Initial Wireless Interface Configuration ........ 216
Wireless Security .................................................................. 220
Controlling Access with MAC Lists .................................. 221
Example Create an Access List on an AP ......................... 222
Example Create a Connect List on a Station ................... 223
Example - Encryption Using WEP .................................... 226
Example Encryption Using WPA(2) ................................... 228
10

Example - IP Addressing ........................................................... 230


Example Configure a Wireless Interface to be a Routed
Station (client) ............................................................................... 231
Example Create a Virtual AP ................................................ 233
Bridging Point to Point or Point to Multi Point ........ 234
Example Transparently Bridging a Link ......................... 235
Point to Point Links .............................................................. 238
Example Pseudobridge Modes ............................................ 239
Wireless Mode Station-pseudobridge ............................ 239
Wireless Mode Station-pseudobridge-clone ................ 240
Example Bridge a Station Using Pseudobridge ............ 240
Supporting Mixed Clients, Routed Stations and Bridged
Stations ..................................................................................... 242
WDS, Wireless Distribution System ................................ 243
Example Build a WDS System .............................................. 244
NV2- Nstreme Version Two ................................................ 246
Example Converting an 802.11n PMP System to NV2
.............................................................................................................. 246
Example Hiding the SSID ....................................................... 249
Chapter 16 Routing ............................................................... 251
Simple Static Routes ............................................................. 252
11

Most Specific Route .............................................................. 253


Default Routes ....................................................................... 254
Example - Tying it All Together With Static Routes ....... 254
Route Distance ....................................................................... 257
Dynamic Routes .................................................................... 258
Routing Flags .......................................................................... 259
OSPF A Dynamic Routing Protocol ............................... 260
Link State Protocol ............................................................... 260
Areas ......................................................................................... 261
Configuring OSPF .................................................................. 262
Example Add a Static Route .................................................. 263
Example Add a Default Route ............................................... 264
Example Set up OSPF, the Basics ........................................ 265
Chapter 17 VPN Tunnels ..................................................... 268
General ..................................................................................... 268
Point to Point Addressing .................................................. 270
PPPoE Point to Point Protocol over Ethernet,
Applying PTP Addressing .................................................. 272
Example - IP Pools ........................................................................ 274
Example - PPP Profiles ................................................................ 275
12

Example Create a PPPoE Server ......................................... 276


Example Create a User (Secret) .......................................... 278
Example Create a Client Profile .......................................... 278
Example Create a PPPoE Client .......................................... 280
PPTP and L2TP Tunnels ...................................................... 282
Example Create a PPTP or L2TP Server .......................... 283
Adding Routes for Tunnels ................................................ 283
Configuring L2TP Server .................................................... 285
PPP Status Tab ....................................................................... 285
Bridging Tunnels ................................................................... 286
Example Create a Bridged EoIP Tunnel .......................... 286
Example Create a VPLS Tunnel ........................................... 288
Near End of Tunnel ............................................................... 288
Far End of Tunnel .................................................................. 290
Chapter 18 - Conclusion .......................................................... 293
References ................................................................................... 294
Appendix 1 .................................................................................. 295
Table of Figures ......................................................................... 300
Index ................................................................................................... 1
13