Mikrotik Certified Training 4MTAT MTA Nikola Tesla .

2y ago
118 Views
39 Downloads
6.32 MB
340 Pages
Last View : 2m ago
Last Download : 2m ago
Upload by : Rafael Ruffin
Transcription

Mikrotik Certified Training 4MTAT(MTCNA RE)MTA Nikola Tesla Leposavić2017

About the Trainer Sašo Jordaki MTAAC Experience .ROSuser sinceMTA Nikola Tesla LeposavićROSv 2.x .check on fb :PWHOAMI2

Course Objectives Provide an overview of RouterOS softwareand RouterBOARD productsHands-ontrainingforMikroTikrouter MTA Nikola Tesla Leposavićconfiguration, maintenance and basictroubleshooting3

Learning OutcomesThe student will: Be able to configure, manage and do basicMTA Nikola Tesla Leposavićtroubleshooting of a MikroTik RouterOSdevice Be able to provide basic services to clients Have a solid foundation and valuable toolsto manage a network4

MikroTik Certified CoursesIntroductionCourseMTCNAMTA NikolaTeslaLeposavićMTCRE MTCWE MTCTCE MTCUMEMTCINEFor more info see: http://training.mikrotik.com5

MTCNA Outline Module 1: Introduction Module 2: DHCPMTA ModuleNikolaTesla Leposavić3: Bridging Module 4: Routing Module 5: Wireless Module 6: Firewall6

MTCNA Outline Module 7: QoS Module 8: TunnelsMTA ModuleNikola9: Misc Tesla Leposavić Hands on LABs during each module (morethan 40 in total) Detailed outline available on mikrotik.com7

Schedule Training day: 9AM - 5PM 30 minute breaks: 10:30AM and 3PMMTA 1NikolaTesla Leposavićhour lunch: 12:30PM Certification test: last day, 1 hour8

Housekeeping Emergency exits Bathroom locationMTA FoodNikolaLeposavićand drinksTeslawhile in class Please set phone to 'silence' and take callsoutside the classroom9

Introduce Yourself Your name and company Your prior knowledge about networkingMTA YourNikolaTeslaprior knowledgeaboutLeposavićRouterOS What do you expect from this course? Please, note your number (XY):10

Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 1Introduction

About MikroTik Router software and d MTA Nikola Tesla Leposavićindividuals Mission: to make Internet technologiesfaster, more powerful and affordable to awider range of users12

About MikroTik 1996: Established 1997: RouterOS software for x86 (PC)MTA 2002:NikolaTesla deviceLeposavićFirst RouterBOARD 2006: First MikroTik User Meeting (MUM) Prague, Czech Republic 2015: Biggest MUM: Indonesia, 2500 13

About MikroTik Located in Latvia 160 employeesMTA mikrotik.comNikola Tesla Leposavić routerboard.com14

MikroTik RouterOS Is the operating system of MikroTikRouterBOARD hardwareCanalsobeinstalledonaPCorasavirtual MTA Nikola Tesla Leposavićmachine (VM) Stand-alone operating system based on theLinux kernel15

RouterOS Features Full 802.11 a/b/g/n/ac support Firewall/bandwidth shapingMTA Point-to-PointNikola tunnellingTesla(PPTP,LeposavićPPPoE,SSTP, OpenVPN) DHCP/Proxy/HotSpot And many more see: wiki.mikrotik.com16

MikroTik RouterBOARD A family of hardware solutions created byMikroTik that run RouterOSRangingfromsmallhomeroutersto MTA Nikola Tesla Leposavićcarrier-class access concentrators Millions of RouterBOARDs are currentlyrouting the world17

MikroTik RouterBOARD Integrated solutions - ready to use Boards only - for assembling own systemMTA EnclosuresNikolaLeposavić- forTeslacustom RouterBOARDbuilds Interfaces - for expanding functionality Accessories18

First Time Access Null modem cable Ethernet cableMTA WiFiNikola Tesla LeposavićNull ModemCable19WiFiEthernetcable

First Time Access WinBox -http://www.mikrotik.com/download/winbox.exeMTA WebFigNikola Tesla Leposavić SSH Telnet Terminal emulator in case of serial portconnection20

WinBox Default IP address (LAN side): 192.168.88.1 User: adminMTA Password:NikolaTesla Leposavić(blank)21

MAC WinBoxLAB Observe WinBox title when connectedusing IP addressConnecttotherouterusingMACaddress MTA Nikola Tesla Leposavić Observe WinBox title22

ptOLABl Disable IP address on the bridge interface Try to log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić(not possible) Try to log in the router using MAC WinBox(works)23

ptOLABl Enable IP address on the bridge interface Log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić24

WebFig Browser - http://192.168.88.1MTA Nikola Tesla Leposavić25

Quick Set Basic router configuration in one window Accessible from both WinBox and WebFigMTA InNikolaTeslain “IntroductionLeposavićmore detail describedtoMikroTik RouterOS and RouterBOARDs”course26

Quick SetMTA Nikola Tesla Leposavić27

Default Configuration Different default configuration applied For more info seeMTA Nikola Tesla Leposavićdefault configuration wiki page Example: SOHO routers - DHCP client onEther1, DHCP server on rest of ports WiFi Can be discarded and ‘blank’ used instead28

Command Line Interface Available via SSH, Telnet or ‘New Terminal’in WinBox and WebFigMTA Nikola Tesla Leposavić29

Command Line Interface tab completes command double tab shows available commandsMTA ‘?’Nikolashows help Tesla Leposavić Navigate previous commands with , buttons30

Command Line Interface Hierarchical structure (similar to WinBoxmenu)Formoreinfoseeconsolewikipage MTA Nikola Tesla LeposavićIn WinBox: Interfaces menu31

Internet AccessYour laptopLABClass APYour routerMTA Nikola Tesla Leposavić192.168.88.132

Laptop - RouterLAB Connect laptop to the router with a cable,plug it in any of LAN ports (2-4)Disableotherinterfaces(wireless)onyour MTA Nikola Tesla Leposavićlaptop Make sure that Ethernet interface is set toobtain IP configuration automatically (viaDHCP)33

Router - InternetLAB The Internet gateway of your class isaccessible over wireless - it is an accesspoint (AP)MTA Nikola TeslaClassLeposavićAPYour laptopYour router192.168.88.134

Router - InternetLAB To connect to the AP you have to: Remove the wireless interface from thebridge interface (used in defaultconfiguration)MTA Nikola Tesla Leposavić Configure DHCP client to the wirelessinterface35

Router - InternetLAB To connect to the AP you have to: Create and configure a wireless securityprofileMTA NikolaTeslaLeposavić Set the wireless interface to stationmode And configure NAT masquerade36

Router - InternetRemovethe WiFiinterfacefrom thebridgeLABMTA Nikola Tesla LeposavićBridge Ports37

Router - InternetSet DHCPclient tothe WiFiinterfaceLABMTA Nikola Tesla LeposavićIP DHCP Client38

Router - InternetSet NameandPre-SharedKeysLABMTA Nikola Tesla LeposavićWireless Security Profiles39

Router - InternetSet Mode to‘station',SSID to'ClassAP'and SecurityProfile to'class'LABMTA Nikola Tesla LeposavićWireless Interfaces “Scan ” tool can be used to see andconnect to available APs40

WinBox Tip To view hidden information (except userpassword), select Settings HidePasswordsMTA Nikola Tesla LeposavićWireless Security Profiles41

Private and Public Space Masquerade is used for Public networkaccess, where private addresses are presentPrivatenetworksinclude10.0.0.0 MTA Nikola Tesla Leposavić10.255.255.255, 25542

Router - InternetLABMTA Nikola Tesla LeposavićConfiguremasqueradeon the WiFiinterfaceIP Firewall NAT43

Check ConnectivityLAB Ping www.mikrotik.com from your laptopMTA Nikola Tesla Leposavić44

Troubleshooting The router cannot ping further than AP The router cannot resolve namesMTA TheNikolaTeslaLeposavićlaptop cannotping furtherthan the router The laptop cannot resolve domain names Masquerade rule is not working45

RouterOS Releases Bugfix only - fixes, no new features Current - same fixes new featuresMTA ReleaseNikolaTeslaCandidate- considerLeposavićas a 'nightlybuild'46

Upgrading the RouterOS The easiest way to upgradeMTA Nikola Tesla LeposavićSystem Packages Check For Updates47

Upgrading the RouterOS Download the update fromwww.mikrotik.com/download pageCheck the architecture of your router’s CPU MTA Nikola Tesla Leposavić Drag&drop into the WinBox window Other ways: WebFig Files menu, FTP, sFTP Reboot the router48

Package Management RouterOS functions are enabled/disabledby packagesMTA Nikola Tesla LeposavićSystem Packages49

RouterOS , wake-on-LANdhcpDHCP client and serverhotspotHotSpot captive portal serveripv6IPv6 supportpppPPP, PPTP, L2TP, PPPoE clients and serversroutingDynamic routing: RIP, BGP, OSPFsecuritySecure WinBox, SSH, IPsecsystemBasic features: static routing, firewall, bridging, etc.wireless-cm2802.11 a/b/g/n/ac support, CAPsMAN v2MTA Nikola Tesla Leposavić For more info see packages wiki page50

RouterOS Packages Each CPU architecture has a combinedpackage, e.g. ‘routeros-mipsbe’, ‘routerostile’MTA ContainsNikolaTeslaLeposavićall the standard RouterOSfeatures (wireless, dhcp, ppp, routing, etc.) Extra packages can be downloaded fromwww.mikrotik.com/download page51

RouterOS Extra Packages Provides additional functionality Upload package file to the router andMTA Nikola Tesla LeposavićrebootPackageFunctionalitygpsGPS device supportntpNetwork Time Protocol serverupsAPC UPS management supportuser-managerMikroTik User Manager for managing HotSpot users52

Package ManagementLAB Disable the wireless package Reboot the routerMTA ObserveNikolaTeslathe interfacelist Leposavić Enable the wireless package Reboot the router53

ptOLABnaiolPackage Management Observe WinBox System menu (no NTPclient/server)Downloadextrapackagesfileforyour MTA Nikola Tesla Leposavićrouter’s CPU architecture Install ntp package and reboot the router Observe WinBox System menu54

Downgrading Packages From System Packages menu ‘Check For Updates’ and choose differentMTA Nikola Tesla LeposavićChannel (e.g. bugfix-only) Click ‘Download’ Click ‘Downgrade’ in ‘Package List’ window55

ptOLABnaiolDowngrading Packages Downgrade RouterOS from current tobugfix-only versionUpgradeitbacktothecurrentversion MTA Nikola Tesla Leposavić56

RouterBOOT Firmware responsible for startingRouterOS on RouterBOARD devicesTwobootloadersonRouterBOARD MTA Nikola Tesla Leposavićmain and backup Main can be updated Backup loader can be loaded if needed57

RouterBOOTMTA Nikola Tesla LeposavićSystem Routerboard For more info see RouterBOOT wiki page58

Router Identity Option to set a name for each router Identity information available in differentMTA Nikola Tesla LeposavićplacesSystem Identity59

Router IdentityLAB Set the identity of your router as follows:YourNumber(XY) YourNameForexample:13 JohnDoe MTA Nikola Tesla Leposavić Observe the WinBox title menu60

RouterOS Users Default user admin, group full Additional groups - read and writeMTA CanNikolacreate yourTeslaown group Leposavićand fine tuneaccess61

RouterOS UsersMTA Nikola Tesla LeposavićSystem Users62

RouterOS UsersLAB Add a new user to the RouterOS with fullaccess (note name and password)Changeadminusergrouptoread MTA Nikola Tesla Leposavić Login with the new user Login with the admin user and try tochange router’s settings (not possible)63

ptOLABnaiolRouterOS Users Generate SSH private/public key pair using‘ssh-keygen’ (OS X and Linux) or ‘puttygen’(Windows)MTA UploadNikolaTeslaLeposavićthe public part of the key to therouter Import and attach it to the user Login to the router using the private key64

RouterOS Services Different ways to connect to the RouterOS API - Application Programming InterfaceMTA FTPNikolaTesla Leposavić- for uploading/downloadingfilesto/from the RouterOSIP Services65

RouterOS Services SSH - secure command line interface Telnet - insecure command lineMTA Nikola Tesla Leposavićinterface WinBox - GUI access WWW - access from theweb browserIP Services66

RouterOS Services Disable services which arenot usedRestrictaccesswith MTA ‘availableNikolaTeslaLeposavićfrom’ field Default ports can bechangedIP Services67

RouterOS ServicesLAB Open RouterOS web interface http://192.168.88.1InWinBoxdisablewwwservice MTA Nikola Tesla Leposavić Refresh browser page68

Configuration Backup Two types of backups Backup (.backup) file - used for restoringMTA Nikola Tesla Leposavićconfiguration on the same router Export (.rsc) file - used for movingconfiguration to another router69

Configuration Backup Backup file can be created and restoredunder Files menu in WinBoxBackupfileisbinary,bydefaultencrypted MTA Nikola Tesla Leposavićwith user password. Contains a full routerconfiguration (passwords, keys, etc.)70

Configuration Backup Custom name and password can be entered Router identity and current date is used as aMTA Nikola Tesla Leposavićbackup file name71

Configuration Backup Export (.rsc) file is a script with whichrouter configuration can be backed up andrestoredMTA Plain-textNikolaTeslaLeposavićfile (editable) Contains only configuration that is differentthan the factory default configuration72

Configuration Backup Export file is created using ‘export’command in CLIWholeorpartialrouterconfigurationcan MTA Nikola Tesla Leposavićbe saved to an export file RouterOS user passwords are not savedwhen using export73

Configuration BackupStorefilesin‘flash’folder MTA Nikola Tesla Leposavić Contains ready to use RouterOS commands74

Configuration Backup Export file can be edited by hand Can be used to move configuration to aMTA Nikola Tesla Leposavićdifferent RouterBOARD Restore using ‘/import’ command75

Configuration Backup Download to a computer using WinBox(drag&drop), FTP or WebFigDon’tstorethecopyofthebackuponlyon MTA Nikola Tesla Leposavićthe router! It is not a good backupstrategy!76

Reset Configuration Reset to default configuration Retain RouterOS users after resetMTA ResetNikolaTeslaLeposavićto a routerwithout anyconfiguration(‘blank’) Run a script after resetSystem Reset Configuration77

Reset Configuration Using physical ‘reset’ button on the router Load backup RouterBOOT loaderReset router configurationMTA NikolaTesla Leposavić Enable CAPs mode (Controlled AP) Start in Netinstall mode For more info see reset button wiki page78

Netinstall Used for installing and reinstalling RouterOS Direct network connection to the router isMTA Nikola Tesla Leposavićrequired (can be used over switched LAN) Cable must be connected to Ether1 port(except CCR and RB1xxx - last port) Runs on Windows For more info see Netinstall wiki page79

NetinstallMTA Nikola Tesla Leposavić Available at www.mikrotik.com/download80

Configuration BackupLAB Create a .backup file Copy it to your laptopMTA DeleteNikolaTeslathe .backupfile fromLeposavićthe router Reset router configuration Copy .backup file back to the router Restore router configuration81

ptOLABnaiolConfiguration Backup Create a backup using ‘export’ command Copy it to your laptopMTA DeleteNikolaTeslaLeposavićthe exportfile from therouter Reset router configuration Copy export file back to the router Restore router configuration82

ptOLABnaiolNetinstall Download Netinstall Boot your router in Netinstall modeMTA InstallNikolaLeposavićRouterOSTeslaon your routerusingNetinstall Restore configuration from previouslysaved backup file83

RouterOS License All RouterBOARDs are shippedwith a licenseDifferentlicenselevels(features) MTA Nikola Tesla Leposavić RouterOS updates for life x86 license can be purchasedfrom www.mikrotik.com ordistributors84System License

RouterOS LicenseLevelTypeTypical Use0Trial Mode24h trial1Free Demo3CPEWireless client (station), volume only4APWireless AP: WISP, HOME, Office5ISPSupports more tunnels than L46ControllerUnlimited RouterOS featuresMTA Nikola Tesla Leposavić85

Additional Information wiki.mikrotik.com - RouterOSdocumentation and examplesforum.mikrotik.comcommunicatewith MTA Nikola Tesla Leposavićother RouterOS users mum.mikrotik.com - MikroTik User Meetingpage Distributor and consultant support support@mikrotik.com86

Module1MTA Nikola Tesla LeposavićSummary

Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 2DHCP

DHCP Dynamic Host Configuration Protocol Used for automatic IP address distributionMTA Nikola Tesla Leposavićover a local network Use DHCP only in trusted networks Works within a broadcast domain RouterOS supports both DHCP client andserver89

DHCP Client Used for automatic acquiring of IP address,subnet mask, default gateway, DNS serveraddress and additional settings if providedMTA MikroTikNikolaTeslaLeposavićSOHO routers by default haveDHCP client configured on ether1(WAN)interface90

DHCP ClientMTA Nikola Tesla LeposavićIP DHCP Client91

DNS By default DHCP clientasks for a DNS server IPaddressMTA ItNikolaTeslaLeposavićcan also be enteredmanually if other DNSserver is needed orDHCP is not usedIP DNS92

DNS RouterOS supports static DNS entries By default there’s a static DNS A recordMTA Nikola Tesla Leposavićnamed router which points to 192.168.88.1 That means you can access the router byusing DNS name instead of IP http://routerIP DNS Static93

DHCP Server Automatically assigns IP addresses torequesting hostsIPaddressshouldbeconfiguredonthe MTA Nikola Tesla Leposavićinterface which DHCP Server will use To enable use ‘DHCP Setup’ command94

DHCP Server Disconnect from the router Reconnect using the router’s MAC addressLABMTA Nikola Tesla Leposavić95

DHCP ServerLAB We’re going to remove existing DHCPServer and setup a new oneWilluseyournumber(XY)forthesubnet, MTA Nikola Tesla Leposaviće.g. 192.168.XY.0/24 To enable DHCP Server on the bridge, itmust be configured on the bridge interface(not on the bridge port)96

DHCP ServerRemoveDHCP ServerLABMTA Nikola Tesla LeposavićRemoveDHCP NetworkIP DHCP Server97

DHCP ServerRemoveIP PoolLABMTA Nikola Tesla LeposavićIP PoolRemoveIP AddressIP Address98

DHCP ServerAdd IP Address192.168.XY.1/24on the bridgeinterfaceLABMTA Nikola Tesla Leposavić For example, XY 19999

DHCP Server1LAB2MTA Nikola Tesla Leposavić3456IP DHCP Server DHCP Setup100

DHCP ServerLAB Disconnect from the router Renew the IP address of your laptopMTA ConnectNikolato theTeslarouter’s newLeposavićIP address192.168.XY.1 Check that the connection to the Internetis available101

DHCP Server DHCP Server Setupwizard has created anew IP pool andDHCP ServerMTA Nikola Tesla Leposavić102

DHCP Static Leases It is possible to always assign the same IPaddress to the same device (identified byMAC address)MTA DHCPNikolaTeslaLeposavićServer could even be used withoutdynamic IP pool and assign onlypreconfigured addresses103

DHCP Static LeasesMTA Nikola Tesla LeposavićConvert dynamiclease to staticIP DHCP Server Leases104

DHCP Static LeasesLAB Set DHCP Address Pool to static-only Create a static lease for your laptopMTA ChangeNikolaTeslaLeposavićthe IP addressassignedto yourlaptop by DHCP server to 192.168.XY.123 Renew the IP address of your laptop Ask your neighbor to connect his/her laptopto your router (will not get an IP address)105

ARP Address Resolution Protocol ARP joins together client’s IP addressMTA Nikola Tesla Leposavić(Layer3) with MAC address (Layer2) ARP operates dynamically Can also be configured manually106

ARP Table Provides information about IP address,MAC address and the interface to whichthe device is connectedMTA Nikola Tesla LeposavićIP ARP107

Static ARP For increased security ARP entries can beadded manuallyNetworkinterfacecanbeconfiguredto MTA Nikola Tesla Leposavićreply-only to known ARP entries Router’s client will not be able to accessthe Internet using a different IP address108

Static ARPMTA Nikola Tesla LeposavićStatic ARP entryIP ARP109

Static ARPInterface willreply only toknown ARPentriesMTA Nikola Tesla LeposavićInte

3 Course Objectives Provide an overview of RouterOS software and RouterBOARD products Hands-on training for MikroTik router configuration, maintenance and basic troubleshooting MTA Nikola Tesla Leposavić

Related Documents:

Media Convertor AT-MC103XL-20 3 Mikrotik S-3553LC20D SFP 20km BiDir (pair) 4 Mikrotik S 31DLC10D SFP 10km 3 Mikrotik S 2332LC10D SFP 10km BiDir (pair) 3 Mikrotik SFP 3m direct attach cable 2 Mikrotik S-31DLC20D 2 D-Link DGE-528T 5 Dell Memory Upgrade - 32GB - 4Rx4 DDR

MTA values its employees and MTA employees value their jobs. The average tenure at MTA is 10.4 Years. That’s nearly 3x longer than the national private sector average (3.7 years). MTA employee contributions are more affordable than in large private companies. MTA offe

RouterOS history 2001 – MikroTik v2.2 Router Software – MikroTik v2.3 Router Software npk first mentioned as method for extending functionality Jan 2002 – MikroTik

check DHCP server configuration of MikroTik. 5. Check the IP range/subnet of LAN PC client. IP range should be as per prefix/subnet which is received from MikroTik (R-Series will get prefix/subnet from MikroTik router). if LAN IP of the subnet does not match with prefix/subnet, execute the IP and IP renew process in LAN PC to get new IP. 6.

China alone contributes 50-70% of the new capacity during another two round of expansion in 2019 and 2023. Average Annual New Capacity of Basic Petrochemicals 1996-2000 2007-2009 2012-2013 2018-2019 2021-2025 Note: Basic chemicals including ethylene, propylene, butadiene, benzene, toluene, PX and methanol MTA 14 30 21 15 25 MTA MTA MTA MTA 11% .

RouterOS, which can be used for MTCNA preparation. MikroTik certification exams are not available at public test center. A certified trainer is the one who delivers official training and exam to students. MikroTik required students to join the class and meet face-to-face with the

formed by an MTA. The most common MTA for UNIX systems is Sendmail, and MTA for Windows is Mi-crosoft Exchange 2000/2003. In addition to stable host-based e-mail servers, Microsoft Corporation has devel-oped LDAP/Active-directory servers and B2B-servers that enhance mail-delivery practices. Users normally do not deal with the MTA.

An Offer from a Gentleman novel tells Sophie’s life in her family and society. Sophie is an illegitimate child of a nobleman having difficulty in living her life. She is forced to work as a servant because her stepmother does not like her. One day, Sophie meets a guy, a son of a nobleman, named Benedict. They fall in love and Sophie asks him to marry her legally. Nevertheless Benedict cannot .