Mikrotik Certified Training 4MTAT(MTCNA RE)MTA Nikola Tesla Leposavić2017
About the Trainer Sašo Jordaki MTAAC Experience .ROSuser sinceMTA Nikola Tesla LeposavićROSv 2.x .check on fb :PWHOAMI2
Course Objectives Provide an overview of RouterOS softwareand RouterBOARD productsHands-ontrainingforMikroTikrouter MTA Nikola Tesla Leposavićconfiguration, maintenance and basictroubleshooting3
Learning OutcomesThe student will: Be able to configure, manage and do basicMTA Nikola Tesla Leposavićtroubleshooting of a MikroTik RouterOSdevice Be able to provide basic services to clients Have a solid foundation and valuable toolsto manage a network4
MikroTik Certified CoursesIntroductionCourseMTCNAMTA NikolaTeslaLeposavićMTCRE MTCWE MTCTCE MTCUMEMTCINEFor more info see: http://training.mikrotik.com5
MTCNA Outline Module 1: Introduction Module 2: DHCPMTA ModuleNikolaTesla Leposavić3: Bridging Module 4: Routing Module 5: Wireless Module 6: Firewall6
MTCNA Outline Module 7: QoS Module 8: TunnelsMTA ModuleNikola9: Misc Tesla Leposavić Hands on LABs during each module (morethan 40 in total) Detailed outline available on mikrotik.com7
Schedule Training day: 9AM - 5PM 30 minute breaks: 10:30AM and 3PMMTA 1NikolaTesla Leposavićhour lunch: 12:30PM Certification test: last day, 1 hour8
Housekeeping Emergency exits Bathroom locationMTA FoodNikolaLeposavićand drinksTeslawhile in class Please set phone to 'silence' and take callsoutside the classroom9
Introduce Yourself Your name and company Your prior knowledge about networkingMTA YourNikolaTeslaprior knowledgeaboutLeposavićRouterOS What do you expect from this course? Please, note your number (XY):10
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 1Introduction
About MikroTik Router software and d MTA Nikola Tesla Leposavićindividuals Mission: to make Internet technologiesfaster, more powerful and affordable to awider range of users12
About MikroTik 1996: Established 1997: RouterOS software for x86 (PC)MTA 2002:NikolaTesla deviceLeposavićFirst RouterBOARD 2006: First MikroTik User Meeting (MUM) Prague, Czech Republic 2015: Biggest MUM: Indonesia, 2500 13
About MikroTik Located in Latvia 160 employeesMTA mikrotik.comNikola Tesla Leposavić routerboard.com14
MikroTik RouterOS Is the operating system of MikroTikRouterBOARD hardwareCanalsobeinstalledonaPCorasavirtual MTA Nikola Tesla Leposavićmachine (VM) Stand-alone operating system based on theLinux kernel15
RouterOS Features Full 802.11 a/b/g/n/ac support Firewall/bandwidth shapingMTA Point-to-PointNikola tunnellingTesla(PPTP,LeposavićPPPoE,SSTP, OpenVPN) DHCP/Proxy/HotSpot And many more see: wiki.mikrotik.com16
MikroTik RouterBOARD A family of hardware solutions created byMikroTik that run RouterOSRangingfromsmallhomeroutersto MTA Nikola Tesla Leposavićcarrier-class access concentrators Millions of RouterBOARDs are currentlyrouting the world17
MikroTik RouterBOARD Integrated solutions - ready to use Boards only - for assembling own systemMTA EnclosuresNikolaLeposavić- forTeslacustom RouterBOARDbuilds Interfaces - for expanding functionality Accessories18
First Time Access Null modem cable Ethernet cableMTA WiFiNikola Tesla LeposavićNull ModemCable19WiFiEthernetcable
First Time Access WinBox -http://www.mikrotik.com/download/winbox.exeMTA WebFigNikola Tesla Leposavić SSH Telnet Terminal emulator in case of serial portconnection20
WinBox Default IP address (LAN side): 192.168.88.1 User: adminMTA Password:NikolaTesla Leposavić(blank)21
MAC WinBoxLAB Observe WinBox title when connectedusing IP addressConnecttotherouterusingMACaddress MTA Nikola Tesla Leposavić Observe WinBox title22
ptOLABl Disable IP address on the bridge interface Try to log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić(not possible) Try to log in the router using MAC WinBox(works)23
ptOLABl Enable IP address on the bridge interface Log in the router using IP addressnaioMAC WinBoxMTA Nikola Tesla Leposavić24
WebFig Browser - http://192.168.88.1MTA Nikola Tesla Leposavić25
Quick Set Basic router configuration in one window Accessible from both WinBox and WebFigMTA InNikolaTeslain “IntroductionLeposavićmore detail describedtoMikroTik RouterOS and RouterBOARDs”course26
Quick SetMTA Nikola Tesla Leposavić27
Default Configuration Different default configuration applied For more info seeMTA Nikola Tesla Leposavićdefault configuration wiki page Example: SOHO routers - DHCP client onEther1, DHCP server on rest of ports WiFi Can be discarded and ‘blank’ used instead28
Command Line Interface Available via SSH, Telnet or ‘New Terminal’in WinBox and WebFigMTA Nikola Tesla Leposavić29
Command Line Interface tab completes command double tab shows available commandsMTA ‘?’Nikolashows help Tesla Leposavić Navigate previous commands with , buttons30
Command Line Interface Hierarchical structure (similar to WinBoxmenu)Formoreinfoseeconsolewikipage MTA Nikola Tesla LeposavićIn WinBox: Interfaces menu31
Internet AccessYour laptopLABClass APYour routerMTA Nikola Tesla Leposavić192.168.88.132
Laptop - RouterLAB Connect laptop to the router with a cable,plug it in any of LAN ports (2-4)Disableotherinterfaces(wireless)onyour MTA Nikola Tesla Leposavićlaptop Make sure that Ethernet interface is set toobtain IP configuration automatically (viaDHCP)33
Router - InternetLAB The Internet gateway of your class isaccessible over wireless - it is an accesspoint (AP)MTA Nikola TeslaClassLeposavićAPYour laptopYour router192.168.88.134
Router - InternetLAB To connect to the AP you have to: Remove the wireless interface from thebridge interface (used in defaultconfiguration)MTA Nikola Tesla Leposavić Configure DHCP client to the wirelessinterface35
Router - InternetLAB To connect to the AP you have to: Create and configure a wireless securityprofileMTA NikolaTeslaLeposavić Set the wireless interface to stationmode And configure NAT masquerade36
Router - InternetRemovethe WiFiinterfacefrom thebridgeLABMTA Nikola Tesla LeposavićBridge Ports37
Router - InternetSet DHCPclient tothe WiFiinterfaceLABMTA Nikola Tesla LeposavićIP DHCP Client38
Router - InternetSet NameandPre-SharedKeysLABMTA Nikola Tesla LeposavićWireless Security Profiles39
Router - InternetSet Mode to‘station',SSID to'ClassAP'and SecurityProfile to'class'LABMTA Nikola Tesla LeposavićWireless Interfaces “Scan ” tool can be used to see andconnect to available APs40
WinBox Tip To view hidden information (except userpassword), select Settings HidePasswordsMTA Nikola Tesla LeposavićWireless Security Profiles41
Private and Public Space Masquerade is used for Public networkaccess, where private addresses are presentPrivatenetworksinclude10.0.0.0 MTA Nikola Tesla Leposavić10.255.255.255, 25542
Router - InternetLABMTA Nikola Tesla LeposavićConfiguremasqueradeon the WiFiinterfaceIP Firewall NAT43
Check ConnectivityLAB Ping www.mikrotik.com from your laptopMTA Nikola Tesla Leposavić44
Troubleshooting The router cannot ping further than AP The router cannot resolve namesMTA TheNikolaTeslaLeposavićlaptop cannotping furtherthan the router The laptop cannot resolve domain names Masquerade rule is not working45
RouterOS Releases Bugfix only - fixes, no new features Current - same fixes new featuresMTA ReleaseNikolaTeslaCandidate- considerLeposavićas a 'nightlybuild'46
Upgrading the RouterOS The easiest way to upgradeMTA Nikola Tesla LeposavićSystem Packages Check For Updates47
Upgrading the RouterOS Download the update fromwww.mikrotik.com/download pageCheck the architecture of your router’s CPU MTA Nikola Tesla Leposavić Drag&drop into the WinBox window Other ways: WebFig Files menu, FTP, sFTP Reboot the router48
Package Management RouterOS functions are enabled/disabledby packagesMTA Nikola Tesla LeposavićSystem Packages49
RouterOS , wake-on-LANdhcpDHCP client and serverhotspotHotSpot captive portal serveripv6IPv6 supportpppPPP, PPTP, L2TP, PPPoE clients and serversroutingDynamic routing: RIP, BGP, OSPFsecuritySecure WinBox, SSH, IPsecsystemBasic features: static routing, firewall, bridging, etc.wireless-cm2802.11 a/b/g/n/ac support, CAPsMAN v2MTA Nikola Tesla Leposavić For more info see packages wiki page50
RouterOS Packages Each CPU architecture has a combinedpackage, e.g. ‘routeros-mipsbe’, ‘routerostile’MTA ContainsNikolaTeslaLeposavićall the standard RouterOSfeatures (wireless, dhcp, ppp, routing, etc.) Extra packages can be downloaded fromwww.mikrotik.com/download page51
RouterOS Extra Packages Provides additional functionality Upload package file to the router andMTA Nikola Tesla LeposavićrebootPackageFunctionalitygpsGPS device supportntpNetwork Time Protocol serverupsAPC UPS management supportuser-managerMikroTik User Manager for managing HotSpot users52
Package ManagementLAB Disable the wireless package Reboot the routerMTA ObserveNikolaTeslathe interfacelist Leposavić Enable the wireless package Reboot the router53
ptOLABnaiolPackage Management Observe WinBox System menu (no NTPclient/server)Downloadextrapackagesfileforyour MTA Nikola Tesla Leposavićrouter’s CPU architecture Install ntp package and reboot the router Observe WinBox System menu54
Downgrading Packages From System Packages menu ‘Check For Updates’ and choose differentMTA Nikola Tesla LeposavićChannel (e.g. bugfix-only) Click ‘Download’ Click ‘Downgrade’ in ‘Package List’ window55
ptOLABnaiolDowngrading Packages Downgrade RouterOS from current tobugfix-only versionUpgradeitbacktothecurrentversion MTA Nikola Tesla Leposavić56
RouterBOOT Firmware responsible for startingRouterOS on RouterBOARD devicesTwobootloadersonRouterBOARD MTA Nikola Tesla Leposavićmain and backup Main can be updated Backup loader can be loaded if needed57
RouterBOOTMTA Nikola Tesla LeposavićSystem Routerboard For more info see RouterBOOT wiki page58
Router Identity Option to set a name for each router Identity information available in differentMTA Nikola Tesla LeposavićplacesSystem Identity59
Router IdentityLAB Set the identity of your router as follows:YourNumber(XY) YourNameForexample:13 JohnDoe MTA Nikola Tesla Leposavić Observe the WinBox title menu60
RouterOS Users Default user admin, group full Additional groups - read and writeMTA CanNikolacreate yourTeslaown group Leposavićand fine tuneaccess61
RouterOS UsersMTA Nikola Tesla LeposavićSystem Users62
RouterOS UsersLAB Add a new user to the RouterOS with fullaccess (note name and password)Changeadminusergrouptoread MTA Nikola Tesla Leposavić Login with the new user Login with the admin user and try tochange router’s settings (not possible)63
ptOLABnaiolRouterOS Users Generate SSH private/public key pair using‘ssh-keygen’ (OS X and Linux) or ‘puttygen’(Windows)MTA UploadNikolaTeslaLeposavićthe public part of the key to therouter Import and attach it to the user Login to the router using the private key64
RouterOS Services Different ways to connect to the RouterOS API - Application Programming InterfaceMTA FTPNikolaTesla Leposavić- for uploading/downloadingfilesto/from the RouterOSIP Services65
RouterOS Services SSH - secure command line interface Telnet - insecure command lineMTA Nikola Tesla Leposavićinterface WinBox - GUI access WWW - access from theweb browserIP Services66
RouterOS Services Disable services which arenot usedRestrictaccesswith MTA ‘availableNikolaTeslaLeposavićfrom’ field Default ports can bechangedIP Services67
RouterOS ServicesLAB Open RouterOS web interface http://192.168.88.1InWinBoxdisablewwwservice MTA Nikola Tesla Leposavić Refresh browser page68
Configuration Backup Two types of backups Backup (.backup) file - used for restoringMTA Nikola Tesla Leposavićconfiguration on the same router Export (.rsc) file - used for movingconfiguration to another router69
Configuration Backup Backup file can be created and restoredunder Files menu in WinBoxBackupfileisbinary,bydefaultencrypted MTA Nikola Tesla Leposavićwith user password. Contains a full routerconfiguration (passwords, keys, etc.)70
Configuration Backup Custom name and password can be entered Router identity and current date is used as aMTA Nikola Tesla Leposavićbackup file name71
Configuration Backup Export (.rsc) file is a script with whichrouter configuration can be backed up andrestoredMTA Plain-textNikolaTeslaLeposavićfile (editable) Contains only configuration that is differentthan the factory default configuration72
Configuration Backup Export file is created using ‘export’command in CLIWholeorpartialrouterconfigurationcan MTA Nikola Tesla Leposavićbe saved to an export file RouterOS user passwords are not savedwhen using export73
Configuration BackupStorefilesin‘flash’folder MTA Nikola Tesla Leposavić Contains ready to use RouterOS commands74
Configuration Backup Export file can be edited by hand Can be used to move configuration to aMTA Nikola Tesla Leposavićdifferent RouterBOARD Restore using ‘/import’ command75
Configuration Backup Download to a computer using WinBox(drag&drop), FTP or WebFigDon’tstorethecopyofthebackuponlyon MTA Nikola Tesla Leposavićthe router! It is not a good backupstrategy!76
Reset Configuration Reset to default configuration Retain RouterOS users after resetMTA ResetNikolaTeslaLeposavićto a routerwithout anyconfiguration(‘blank’) Run a script after resetSystem Reset Configuration77
Reset Configuration Using physical ‘reset’ button on the router Load backup RouterBOOT loaderReset router configurationMTA NikolaTesla Leposavić Enable CAPs mode (Controlled AP) Start in Netinstall mode For more info see reset button wiki page78
Netinstall Used for installing and reinstalling RouterOS Direct network connection to the router isMTA Nikola Tesla Leposavićrequired (can be used over switched LAN) Cable must be connected to Ether1 port(except CCR and RB1xxx - last port) Runs on Windows For more info see Netinstall wiki page79
NetinstallMTA Nikola Tesla Leposavić Available at www.mikrotik.com/download80
Configuration BackupLAB Create a .backup file Copy it to your laptopMTA DeleteNikolaTeslathe .backupfile fromLeposavićthe router Reset router configuration Copy .backup file back to the router Restore router configuration81
ptOLABnaiolConfiguration Backup Create a backup using ‘export’ command Copy it to your laptopMTA DeleteNikolaTeslaLeposavićthe exportfile from therouter Reset router configuration Copy export file back to the router Restore router configuration82
ptOLABnaiolNetinstall Download Netinstall Boot your router in Netinstall modeMTA InstallNikolaLeposavićRouterOSTeslaon your routerusingNetinstall Restore configuration from previouslysaved backup file83
RouterOS License All RouterBOARDs are shippedwith a licenseDifferentlicenselevels(features) MTA Nikola Tesla Leposavić RouterOS updates for life x86 license can be purchasedfrom www.mikrotik.com ordistributors84System License
RouterOS LicenseLevelTypeTypical Use0Trial Mode24h trial1Free Demo3CPEWireless client (station), volume only4APWireless AP: WISP, HOME, Office5ISPSupports more tunnels than L46ControllerUnlimited RouterOS featuresMTA Nikola Tesla Leposavić85
Additional Information wiki.mikrotik.com - RouterOSdocumentation and examplesforum.mikrotik.comcommunicatewith MTA Nikola Tesla Leposavićother RouterOS users mum.mikrotik.com - MikroTik User Meetingpage Distributor and consultant support support@mikrotik.com86
Module1MTA Nikola Tesla LeposavićSummary
Certified Network Associate(MTCNA)MTA Nikola Tesla LeposavićModule 2DHCP
DHCP Dynamic Host Configuration Protocol Used for automatic IP address distributionMTA Nikola Tesla Leposavićover a local network Use DHCP only in trusted networks Works within a broadcast domain RouterOS supports both DHCP client andserver89
DHCP Client Used for automatic acquiring of IP address,subnet mask, default gateway, DNS serveraddress and additional settings if providedMTA MikroTikNikolaTeslaLeposavićSOHO routers by default haveDHCP client configured on ether1(WAN)interface90
DHCP ClientMTA Nikola Tesla LeposavićIP DHCP Client91
DNS By default DHCP clientasks for a DNS server IPaddressMTA ItNikolaTeslaLeposavićcan also be enteredmanually if other DNSserver is needed orDHCP is not usedIP DNS92
DNS RouterOS supports static DNS entries By default there’s a static DNS A recordMTA Nikola Tesla Leposavićnamed router which points to 192.168.88.1 That means you can access the router byusing DNS name instead of IP http://routerIP DNS Static93
DHCP Server Automatically assigns IP addresses torequesting hostsIPaddressshouldbeconfiguredonthe MTA Nikola Tesla Leposavićinterface which DHCP Server will use To enable use ‘DHCP Setup’ command94
DHCP Server Disconnect from the router Reconnect using the router’s MAC addressLABMTA Nikola Tesla Leposavić95
DHCP ServerLAB We’re going to remove existing DHCPServer and setup a new oneWilluseyournumber(XY)forthesubnet, MTA Nikola Tesla Leposaviće.g. 192.168.XY.0/24 To enable DHCP Server on the bridge, itmust be configured on the bridge interface(not on the bridge port)96
DHCP ServerRemoveDHCP ServerLABMTA Nikola Tesla LeposavićRemoveDHCP NetworkIP DHCP Server97
DHCP ServerRemoveIP PoolLABMTA Nikola Tesla LeposavićIP PoolRemoveIP AddressIP Address98
DHCP ServerAdd IP Address192.168.XY.1/24on the bridgeinterfaceLABMTA Nikola Tesla Leposavić For example, XY 19999
DHCP Server1LAB2MTA Nikola Tesla Leposavić3456IP DHCP Server DHCP Setup100
DHCP ServerLAB Disconnect from the router Renew the IP address of your laptopMTA ConnectNikolato theTeslarouter’s newLeposavićIP address192.168.XY.1 Check that the connection to the Internetis available101
DHCP Server DHCP Server Setupwizard has created anew IP pool andDHCP ServerMTA Nikola Tesla Leposavić102
DHCP Static Leases It is possible to always assign the same IPaddress to the same device (identified byMAC address)MTA DHCPNikolaTeslaLeposavićServer could even be used withoutdynamic IP pool and assign onlypreconfigured addresses103
DHCP Static LeasesMTA Nikola Tesla LeposavićConvert dynamiclease to staticIP DHCP Server Leases104
DHCP Static LeasesLAB Set DHCP Address Pool to static-only Create a static lease for your laptopMTA ChangeNikolaTeslaLeposavićthe IP addressassignedto yourlaptop by DHCP server to 192.168.XY.123 Renew the IP address of your laptop Ask your neighbor to connect his/her laptopto your router (will not get an IP address)105
ARP Address Resolution Protocol ARP joins together client’s IP addressMTA Nikola Tesla Leposavić(Layer3) with MAC address (Layer2) ARP operates dynamically Can also be configured manually106
ARP Table Provides information about IP address,MAC address and the interface to whichthe device is connectedMTA Nikola Tesla LeposavićIP ARP107
Static ARP For increased security ARP entries can beadded manuallyNetworkinterfacecanbeconfiguredto MTA Nikola Tesla Leposavićreply-only to known ARP entries Router’s client will not be able to accessthe Internet using a different IP address108
Static ARPMTA Nikola Tesla LeposavićStatic ARP entryIP ARP109
Static ARPInterface willreply only toknown ARPentriesMTA Nikola Tesla LeposavićInte
3 Course Objectives Provide an overview of RouterOS software and RouterBOARD products Hands-on training for MikroTik router configuration, maintenance and basic troubleshooting MTA Nikola Tesla Leposavić
Media Convertor AT-MC103XL-20 3 Mikrotik S-3553LC20D SFP 20km BiDir (pair) 4 Mikrotik S 31DLC10D SFP 10km 3 Mikrotik S 2332LC10D SFP 10km BiDir (pair) 3 Mikrotik SFP 3m direct attach cable 2 Mikrotik S-31DLC20D 2 D-Link DGE-528T 5 Dell Memory Upgrade - 32GB - 4Rx4 DDR
MTA values its employees and MTA employees value their jobs. The average tenure at MTA is 10.4 Years. That’s nearly 3x longer than the national private sector average (3.7 years). MTA employee contributions are more affordable than in large private companies. MTA offe
RouterOS history 2001 – MikroTik v2.2 Router Software – MikroTik v2.3 Router Software npk first mentioned as method for extending functionality Jan 2002 – MikroTik
check DHCP server configuration of MikroTik. 5. Check the IP range/subnet of LAN PC client. IP range should be as per prefix/subnet which is received from MikroTik (R-Series will get prefix/subnet from MikroTik router). if LAN IP of the subnet does not match with prefix/subnet, execute the IP and IP renew process in LAN PC to get new IP. 6.
China alone contributes 50-70% of the new capacity during another two round of expansion in 2019 and 2023. Average Annual New Capacity of Basic Petrochemicals 1996-2000 2007-2009 2012-2013 2018-2019 2021-2025 Note: Basic chemicals including ethylene, propylene, butadiene, benzene, toluene, PX and methanol MTA 14 30 21 15 25 MTA MTA MTA MTA 11% .
RouterOS, which can be used for MTCNA preparation. MikroTik certification exams are not available at public test center. A certified trainer is the one who delivers official training and exam to students. MikroTik required students to join the class and meet face-to-face with the
formed by an MTA. The most common MTA for UNIX systems is Sendmail, and MTA for Windows is Mi-crosoft Exchange 2000/2003. In addition to stable host-based e-mail servers, Microsoft Corporation has devel-oped LDAP/Active-directory servers and B2B-servers that enhance mail-delivery practices. Users normally do not deal with the MTA.
An Offer from a Gentleman novel tells Sophie’s life in her family and society. Sophie is an illegitimate child of a nobleman having difficulty in living her life. She is forced to work as a servant because her stepmother does not like her. One day, Sophie meets a guy, a son of a nobleman, named Benedict. They fall in love and Sophie asks him to marry her legally. Nevertheless Benedict cannot .