Beruflich Dokumente
Kultur Dokumente
Wirac.Net d.o.o.
Schedule
-Training day: 9AM 5PM
Teachers Profile:
IS Architect
WiracNet d.o.o.
Training
Certified
OEM Integrators
Consultants
Distributor
Mission Statement
MikroTik
MikroTik's History
Incorporated in 1996
2009: 60 employees
www.wirac.ba - Copyright 2011
Where is MikroTik?
Course Objective
RouterBoard capabilities
Router OS
Configuration
Maintenance
Troubleshooting
Certified distributor
Certified consultand
10
Introduce Yourself
- Please, introduce yourself to the class
- Your name
- Your Company
- Your previous knowledge about RouterOS (?)
- Your previous knowledge about networking (?)
- What do you expect from this course? (?)
- Please, remember your class XY number. _____
11
How
How
What
What
What
Is
12
Power
/Device / Interface
How
13
14
15
16
17
What is RouterBOARD ?
18
19
RB1100AH
TCP Routed Throughput
1.87Gb/s 166,000* PPS (approx)
ROS
Level 6 License
1066MHz
1.5
5
PPC E CPU
GB Ram
PCI-E Lanes,
2x
5 Port Switch
13
Ports Total
LAN
Bypass Feature
Ideal
Usage
Switch/Router Combination
Distribution Router
VPN Concentrator
Firewall
20
RB1100
TCP Routed Throughput
1.41Gb/s 125,000 PPS
ROS
Level 6 License
800MHz
512
5
PPC CPU
1.5 GB Ram
PCI-E Lanes,
2x
5 Port Switch
13
Ports Total
LAN
Bypass Feature
Ideal
Usage
Switch/Router Combination
Distribution Router
Firewall
21
RB800
ROS
Level 5 License
800MHz
256
CF
PPC CPU
MB DDR2 RAM
Flash
Ideal
Usage
Distribution Router
22
RB493G
ROS
Level 5License
Atheros AR7130
300MHz network
processor
256
MB DDR RAM
GbE
9x
Hardware Switch :)
Ideal
Usage
23
RB816
Compatible with
2x8
port Switches
10/100
Mb/s Ports
Wire-speed
Throughput
Can
be operated as 16 independent
interfaces
Ideal
And
offices.
www.wirac.ba - Copyright 2011
24
RB450G
256MB DDR2 SDRAM
Logs
User
manager DB
DUDE Agents
Meta
Routers
25
RB433AH
ROS
Level 5 License
680MHz Atheros
128MB
DDR Ram
MicroSD
High
MIPS CPU
Storage Option
speed AP/router
Voltage
www.wirac.ba
2011
5-6 times faster
than- Copyright
RB532
26
RB433
ROS
Level 4 License
Atheros
64MB
Ideal
197.34
300MHz
DDR Ram
Three
LAN ports
Optimized
27
RB433UAH
RB433AH Platform with 2 USB
2.0 Ports at rear of the board
External
for
Meta Routers
Dude Storage
USB
3G Modems
www.wirac.ba - Copyright 2011
28
RB411AH
TCP Routed Throughput
197.34 Mb/s 79,000 PPS
ROS
Level 4 License
Atheros AR7161
64MB
Ideal
680/800MHz
DDR SDRAM
Performance AP
29
RB411
TCP Routed Throughput
197.34 Mb/s 39,400 PPS
ROS
Level 3 License
Atheros AR7130
32MB
1x
300MHz
DDR SDRAM
Mini
PC Speaker
Optional
wireless cards.
30
RB411AR
TCP Routed Throughput
197.34 Mb/s 39,400 PPS
ROS
Level 3 License
Atheros AR7130
32MB
1x
300MHz
DDR SDRAM
Mini
PC Speaker
Ideal
31
RB411U
ROS
Level 4 License
Also
MB DDR SDRAM
USB
PCI
2.0 Port
Expansion Slot
PCI-E
Expansion Slot
Integrated
32
RB711(A)
TCP Routed Throughput
197.34 Mb/s 47,300 PPS
ROS
Level 4 License
Atheros AR7240
64MB
DDR SDRAM
integrated
802.11n
Mini
400MHz
802.11a/n WLAN
PC Speaker
Ideal
5GHz AP Applications
33
RB711
ROS
Level 3 License
Atheros AR7240
32MB
DDR SDRAM
integrated
802.11n
Mini
400MHz
802.11a/n WLAN
PC Speaker
Ideal
5GHz
Client Applications
www.wirac.ba - Copyright 2011
34
RB711
Radio Specifications
Tx Power
Receive Sensitvity
35
RB450
TCP Routed Throughput
197.34 Mb/s 39,400 PPS
ROS
Level 4 License
Atheros AR7130
32MB
5
300MHz
DDR SDRAM
100Mb/s
Ideal
Switching :)
Usage
36
RB493
ROS
Level 4 License
Atheros AR7130
300MHz network
processor
64MB
DDR RAM
100Mb/s
9
Hardware Switch :)
Ideal
Usage
37
RB493AH
ROS
Level 4 License
Atheros AR7130
300MHz network
processor
128MB
DDR RAM
100Mb/s
9
Hardware Switch :)
Ideal
Usage
38
RB750 Series
32MB SDRAM
5x 10/100Mb/s Ethernet
interfaces
Plastic Case
Domestic / SOHO
39
RB750G Series
Atheros AR7161 MIPS-BE
680MHz
508Mb/s Throughput
92100 PPsec
32MB SDRAM
5x 10/100/1000Mb/s
Ethernet interfaces
Plastic Case
Domestic / SOHO
www.wirac.ba - Copyright 2011
40
RB250GS Series
CPU Taifatech TF470 NAT
accelerator (RISC, 50MHz)
MikroTik SwOS
Mac Filtering
Port Mirroring
5x 10/100/1000Mb/s Ethernet
interfaces
Plastic Case
Domestic / SOHO
41
2.4Ghz + 5Ghz
Reliable Card
Connector U.FL
42
2.4Ghz + 5Ghz
Versatile Card
Connector U.FL
43
5Ghz
Connector MMCX
44
2.4Ghz
Connector MMCX
45
Best Performance
Connector MMCX
www.wirac.ba - Copyright 2011
46
Best Performance
Receive Sensitivity
47
Routerboard SXT
32MB RAM
26 dB Tx output 2Chains
23 dB Tx output 1Chain
-97 dB Rx Sensitivity
15 dB Antenna
5GHz Only
48
49
5Ghz
Gain 19dBi
50
Wireless
Standard
Xen
Kernel
Virtual Machines
Vmware
Virtualised Appliances
51
52
Intel
Intel
I7
Intel
Intel
VIA Nano,
AMD
53
Serial
Remote
Remote
Hardware Telemetry
Error
Mirrored
/ Raided Disks
Redundant
Power Supplies
www.wirac.ba - Copyright 2011
54
Xeon
Fast
/ Opteron Processors
DDR3
Multiple
PCI/X buses
Multiple
55
OC2500 Series
1x CPU Intel Quad Core system
1x CF Slot
56
3,937Mb/s
349.4Mb/s
(328,083P/s)
(28,771P/s)
568,941P/s
3.8Gb/s
57
MikroTik RB 1100
800MHz-1GHz Processor
58
MikroTik RB 1100AH
1GHz Processor
59
RB1000 Results
2099Mb/s (172,818P/s)
906Mb/s
125.4Mb/s (10,326P/s)
(90,991P/s)
(74,605P/s)
60
Virtualised Appliances
61
Virtualised Appliances
62
63
64
Virtual Router
65
66
What is RouterOS ?
RouterOS is an operating system that will make your
device:
router
bandwidth shaper
any
A Proxy
A firewall
VPN
Concentrator
NTP
Server
DNS
Relay / Proxy
www.wirac.ba - Copyright 2011
67
68
Puts a Powerful GUI around the Linux Kernel & other excellent
opensource systems such as Squid, Quagga,
69
70
X86
71
Note that MT ROS 3 supports Multi Core/ Multi CPU (SMP Support)
72
73
74
Virtual
Virtual
Virtual
75
Portswitching
76
77
78
Managing Router OS
79
80
Download Winbox
81
http://mikrotik.ba software
Winbox
82
83
84
85
Managing a Router
Serial Console
Local Terminal
Winbox IP
Remote User-friendly
Winbox MAC
Telnet terminal
SSH terminal
Remote,CLI Secure
SNMP
MAC Telnet
86
Serial Console
Available on all Mikrotik RBXXX Routers
Commandline interface
Serial settings
Speed:
Flow
control:
115Kb/s
None
Parity
None
Data
bits:
Stop
bits
87
Local Terminal
88
Telnet Access
Remote Command line interface
Layer 3 IP access
89
SSH Access
Remote Command line interface
Layer 3 IP access
90
WinBox IP Access
Winbox, MikroTik's main configuration
Mechanism
91
Address format
00:0c:29:79:52:9b
Or
000c2979529b
www.wirac.ba - Copyright 2011
92
WinBox Access
Save IP Addresses and User-names
for your convenience
93
WinBox Access
Winbox Downloads
pluggins from TCP Port
8291 (running on the
router)
94
WinBox Access
Winbox Downloads plugins to the Mikrotik
Application Data folder in a
windows user profile
A separate folder is
created for each Version of
Router OS
95
96
Neighbour Viewer
97
Mac Telnet
Information is broadcast
within the subnet.
(security on untrusted
networks)
One can mac telnet
from a remote router to
another inaccessible
router
www.wirac.ba - Copyright 2011
98
Mac Telnet
IP Address Migration
IP Routes issues
99
100
What is Netinstall ?
PXE server
101
Netinstall Interface
102
Netinstall PXE
103
104
105
Communication Theory
106
107
108
Theory to Practice
109
Better separation of
duties
110
111
112
Physical
Layer
Copper
Glass
113
Ethernet
ATM
FrameRelay
ISDN
PSTN
GPRS
UMTS
114
Example: 00:0C:42:20:97:68
115
Network Layer
Ipv4
Ipv6
116
8bit.8bit.8bit.8bit ( 4 x 8 = 32)
IP Address
Example: 89.18.76.3
117
118
Transport
119
Hand shake
Yes
Reliable
120
Un reliable
No hand shake
Stateless
121
TCP Reliabe
UDP Huge volumes of data can be transferred without
using huge resources on server /client
122
Subnetworks / Subnets
255.255.255.0
11111111.11111111.11111111.00000000
123
11111111.11111111.11111111.00000000
1100001.11001100.10101010.11100111
1100001.11001100.10101010.0000000
124
192.168.10.22 =ip
11111111.11111111.11111111.00000000 (255.255.255.0)
11000000.10101000.00001010.00010110(192.168.10.22)
11000000.10101000.00001010.0000000 (192.168.10.0)
125
126
127
Selecting IP Addresses
128
192.168.0.129-192.168.0.254
192.168.0.254/25
129
130
LAYER 1 Devices
131
Layer 2 Devices
Bridges
Switches
Hubs
132
Layer 3 Devices
Routers
133
Layer 4 Devices
Firewalls
134
Layer 7 Devices
135
Summary
136
137
138
Open Winbox
Click Files
139
ftp://192.168.200.254
www.mikrotik.com
www.wirac.ba - Copyright 2011
140
Lab1a Demo
Use combined
RouterOS package
Drag it to the Files
window
Optional Packages are
Available and can be
added the same way
141
142
Lab1b cont
143
Winbox Interface
Add
Remove
Enable
Disable
Comment
Filter
144
Winbox Secure
145
146
147
148
149
IP Winbox
150
151
152
153
154
155
156
DHCP Server
DHCP Client
DHCP Relay
157
158
Check Internet
connectivity
with traceroute
Check Internet
connectivity
with ping
159
160
161
DNS Cache
162
163
164
165
Masqurade Setup
Ip / Firwewall/
Nat
Click General
Tab
Select Srcnat
Chain
Select
Outbound /
WAN /Internet
Interface.
166
Masqurade Setup
Select Masquerade
Click Ok
167
Check Connectivity
Ping wirac.ba
168
Troubleshooting Connectivity
169
170
Warning Notices
Logging Setup
System Identity
Update Router OS
171
Full
Read
Write
172
173
User Setup
Enter Username
Select Group
Set Password
192.168.0.0/16
10.0.0.0/8
172.16.0.0/12
174
Group Setup
175
176
Packages
RouterOS functions
are enabled by
packages
Packages can be
enabled/ disabled
Packages can be
downgraded ( bug
work arounds)
Packages can be
uninstalled
www.wirac.ba - Copyright 2011
177
178
Disable wireless
Reboot
Enable wireless
179
180
181
182
183
NTP
184
NTP Why ?
185
186
Tick Enabled
187
188
189
Configuration Backup
190
Configuration Backups
commands in CLI
/export file=conf-sept-2011
/ file print
/ import [Tab]
www.wirac.ba - Copyright 2011
191
192
Netinstall
Available at www.mikrotik.com
193
Netinstall Features
List routers /
HDDs
Net Booting
(bootp/ dhcp+tftp)
Can keep old
configuration
(rescue)
Multiple Packages
can be installed
simultaneously
Can install a
custom default
configuration
www.wirac.ba - Copyright 2011
194
Run Netinstall
115200b/s
8 Data bits
1 Stop bits
No Parity
No Flow Control
www.wirac.ba - Copyright 2011
195
RouterOS License
196
You Can migrate between old Software Ids from Version 3.25
onwards
Remember to update licenses when moving from Version ROS
3 to 4
197
198
Broadcast
Manycast
Multicast
199
FTP
Telnet
Http:80
200
201
202
Https setup
203
Https Setup
Import Certificate
204
Imported Certificate
205
Https Setup
206
Https
207
208
Https Running
209
CPU
Memory
Architecture
IRQs,
Hardware detected
210
Log Management
Logging is Essential
Targeted Rules
211
Logging Actions
212
213
History
214
License Management
Each Licence Level has different
Capabilities,
See wirelessconnect.eu /
Mikrotik.com for licence options
215
SFTP Client
FTP Client
HTTP
TFTP
TFTP
www.wirac.ba - Copyright 2011
216
Getting support
Support.rif is essential for getting
support from MikroTik
No password/ sensitive
information contained in the Rif
kernel
dump
config
dump
Company
Router
name
identity
Date
No
217
218
Simple Setup
You can use safe Setup
configuration where you to
create a basic setup
219
220
221
By typing # before a
message on the
command line, the
message would be
displayed to all users on
the logged onto the
console (once enter is
pressed
222
Back Up Router
223
224
225
Section 2 Firewall
226
Firewall purpose:
227
Firewall Chains
228
Predefined Chains
229
230
Firewall Chains
231
232
233
234
Ip firewall Filter
235
236
Lab8
Add an accept
rule for your
Laptop
IPaddress
237
Lab8
Input your ip
address the
src address
238
239
240
241
Lab8c
242
243
244
245
Create a rule
that will block
TCP port 80
(web browsing)
Must select
protocol to block
ports
246
Lab8d
247
248
A complete list of
standard ports are listed
in http://www.iana.org/
Always double check
standard ports when
creating rules to prevent
unexpected results
Check /etc/services file
in linux / BSD
249
Peer to Peer
250
Peer 2 Peer
251
Firewall Logs
Traffic Logging is
easy,
Remember to insert
Log Rules before
any other action;
Drop
Accept
252
Lab8f Logging
Select ICMP
Note ICMP is not just for
Pings... can select ICMP
number to be more specific
253
254
255
Connection Tracking
256
Connection Tracking
257
3.ACK
258
IP Firewall
Connection
Check the
Enabled Check
box
Check TCP
SynCookie (Anti
Syn Attack
System) ( Denial
Of Service
Mitigation)
259
260
261
Summary
262
263
NAT
264
Src-nat
265
Src-nat
266
Src nat
267
Dst-NAT
268
DST-Nat
269
Dst-NAT
270
271
272
NAT Chains
273
DST NAT
274
DST-NAT Example
275
DST-NAT
276
DST-NAT
277
Dst-Nat Example
Select Original
Destination IP
Select Original
Number
278
DST-NAT Example
279
Redirect
280
281
Redirect
282
Redirect Example
283
LAB - Redirect
284
285
286
SRC NAT
287
288
SrcNAT Masquerade
289
290
SRC-NAT Limitations
Sip
Tftp
Quake
PPTP
FTP
H323
GRE
291
292
Firewall Tips
293
Connection Tracking
294
295
Torch
296
Summary
297
Bandwidth Limit
298
Simple Queue
client download
client upload
299
Simple Queue
300
Simple Queue
To create
limitation for
your laptop
64k Upload,
128k
Download
301
Create a limitation
for your laptop
64k Upload,
128k Download
302
Limitations
Create a
limitation for
your laptop
64k Upload,
128k Download
303
MT Bandwidth Test
304
Using Torch
Select local
network interface
See actual
bandwidth
305
Using Torch
306
Using Torch
307
Torch Results
308
Create bandwidth
limit to your local
network
Order of rules is
important
309
Create bandwidth
limit to your local
network
Order of rules is
important
310
311
312
Udp /Tcp
protocol
Send/ receive
/both
Directions
Udp packet
size
313
314
Bandwidth Test
Send
Receive
Both
315
Bandwidth Test
Bandwidth username
/password = login
username & password
on remote bandwidth
test server
316
Bandwidth Test
317
Protocols
TCP
UDP
318
Configure higher
priority for
neighbor router
queue
Priority 1 is higher
than 8
319
Configure higher
priority for neighbor
router queue
Priority 1 is higher
than 8
320
Configure higher
priority for
neighbor router
queue
Priority 1 is higher
than 8
321
Set interfaces
Set Limits
322
Traffic Priority
Lets configure higher
priority for queues
Priority
is
in
Select Queue
Advanced Tab
Set Higher Priority
www.wirac.ba -3Copyright 2011
323
324
Lets enable
graphing for
Queues
325
Not Recommended
326
Graphs are
available via http
(www)
To view graphs
visit
Http://router_IP in
your browser
You can give it to
your customer
(transparency)
327
Burst
328
Burst
Prosjena brzina se rauna na sljedei nain:
Burst time se dijeli na 16 perioda
Ruter preraunava prosjenu brzinu za svaki mali period
vremena
Obratite panju na actual burst period nije isto to i
burst-time. On je viestruko krai nego burst-time u
ovisnosti od max-limit, bburst-time, burst-treshold i
actual data rate history (vidi sljedei grafikon)
329
Configuration of Burst
330
Burst Lab
Izbrisati sva prethodna ogranienja
Kreirajte ogranienje kojom limitirate Laptop na
(upload/download) 64kbps/256kbps
Postaviti Burst
Burst-limit na 128kbps/256kbps
Burst-treshold na32kbps/64kbps
Burst-time na 20 sec
Koristite bandwich-test za testiranje
331
Advanced Queing
332
Mangle
333
Mangle Actions
334
Mangle Actions
Mark-connection uses connection tracking
Information about new connection added to connection tracking
table
335
Optimal Mangle
336
Optimal Mangle
337
Mangle Example
338
Mark Connection
339
Mark Packet
340
Mangle Example
341
Advanced Queuing
342
PCQ
343
344
345
346
Equalize bandwidth
1M upload/2M download is
shared between users
347
PCQ Lab
348
Always Classify traffic on entering and leaving your network (mark / paint
traffic on ingress and egress points)
Use Queues to set Priority inside the Router based on packet marks
Modifying DSCP / TOS Bit allows you to mark packets beyond the
Router.
349
Define a per hop behaviour (PHB) on each router through out the network.
Mark packets based on DSCP (TOS) on each bit (set by edge routers)
Use Queues to set Priority inside the Router based on packet marks
350
If you are the bottle neck you get to choose what packets get
discarded
QoS Policies only are active in the event of congestion (real
congestion or administrative congestion)
351
Wireless
352
What is Wireless
353
Wireless Standards
354
3 non-overlapping channels
355
356
Supported Bands
2.4GHz (802.11b/g),
357
Supported Frequencies
3.5GHz
4.9GHz
Regulation
359
Click Apply
360
361
362
Wireless Stations
363
Station Configuration
Set Interface
mode=station
Select band
Set SSID, Wireless
Network Identity
Frequency is not
important for client, use
scan-list
364
Connect List
365
366
Select band
Set Frequency
367
368
Snooper
Access Points
Stations
Mac Addresses
Radio Names
Frequencies
channel Usage
369
Registration Table
370
Frame Forwarding
Individual Keys
Signal Strength
371
Registration Table
372
Access-list is used to
set MAC address
security
Disable Default
Authentication to use
only Accesslist (MAC
Authentication
Security step is
limited
Easy to circumvent
373
Default Authenticate
374
Default Authentication
Default Authentication = ON
375
LAB -Access-List
376
377
Click on Wireless
Security Profiles
Click on red +
378
379
Configuration Tip
380
381
Default Forwarding
382
Nstreme
383
384
Nstreme Nv2
Available in
Upgrade clients,
385
NV2 Security
8 - 63 Characters long
386
Nv2 Settings
Cell Radius
Queue Count
No of queues 8 (maximum)
Qos
387
388
Nstreme Lab
389
Enable Nstreme
Enable Poling
Ruins RF environments
390
391
392
393
Fresnel Zone
394
Geometry
395
dB is a Logarithmic number,
dB to distance
Increase of 6 = Quadruple the Power and Double the distance ( Inverse Square
Law)
Larger Antennas are far more effective at increasing Range than increasing Power or
Rx Sensitivity on the Radio Card
R52 Vs R52NH R52NH can see twice as Far (6dB in the Difference)
Calculate budgets by adding Tx Power & antenna Gains together, and subtracting
any losses ( all units must be in dBm)
www.wirac.ba - Copyright 2011
396
Link Budget
397
398
Link Calculation
You will Have a Link If your Link Budget > your total
losses on the link
You should have a safety factor to take account of
deteriorating conditions ( 10 dB)
Link should be symmetrical for Tx and Rx,
399
Summary of recommendations
400
401
402
403
404
405
Bridge Setup
406
407
408
409
Bridge Wireless
410
In wireless interface
settings,Set
mode=station wds
Create bridge
Add Ethernet and
Wireless interfaces to
bridge
411
412
413
414
415
Create a Bridge
(same as before)
Add Wireless
Interface to Bridge
Set Dynamic-WDS
mode and
Set WDS interface to
be added to the
bridge
416
Wireless Settings
417
418
WDS Wireless
419
WDS is like a
sub-interface
WDS Interface
as the parent
Wireless interface
www.wirac.ba - Copyright 2011
420
WDS Lab
421
WDS Lab
422
423
424
425
Restore Configuration
426
Summary
427
Routing :)
428
Route
429
Routes
IP Route
Destination
networks
which can be
reached via a
gateway
Gateway:IP of
the next router
to reach
destination
www.wirac.ba - Copyright 2011
430
Routing Question
431
Default Gateway
432
433
Route Types
AS Active Static
DAS Dynamic Active Static (DHCP Assigned / PPPoE
assigned)
434
Dynamic Routes
435
DAC Routes
Derived from IP
Address
Configuration
436
Static Routes
437
Static Route
438
Static Route
439
440
441
442
Network Structure
443
444
If not check
445
Routing issues
- loops
Routing Loops
Router1
Router2
Router3
Router2
Router3
Router2
446
Summary
447
448
449
ARP
450
ARP Table
451
452
Reboot Router
453
454
455
456
DHCP Server
457
DHCP Server
458
DHCP-Server Setup
459
460
461
462
Hotspot locations
463
DHCP Server
464
465
DHCP Setup
466
467
468
IP addresses
Hostnames
Mac addresses
Status
Lease time
Remaining
469
470
We can make
lease static
Client will not get
another IP
address
Address will be
reserved from pool
471
Static Lease
472
473
474
Hotspot
475
Hotspot Uses
Flexible accounting
Schools
476
HotSpot Requirements
477
HotSpot Setup
478
HotSpot Setup
Run ip hotspot
setup
Select Inteface
Proceed to answer
the questions
479
HotSpot Setup
480
481
482
483
484
Hotspots
485
networks)
(anti spam no
open-relay)
www.wirac.ba - Copyright 2011
486
487
488
489
490
491
492
http://router_IP or
http://HotSpot_DNS_name
Note User must open web browser first (to be give the
opportunity to authenticate to the hotspot) before using
any other network application such as Email/ Remote
Desktop/VMP
493
494
495
Hotspot Hosts
496
Hotspot Active
497
498
HotSpot Walled-Garden
http://shoppingcentre.com
http://cafemenu.com/specials
http://localauthority/public_information
http://tourisim.com/tourist_info
499
500
501
VoIP phones,
Printers
Superusers
cameras
IP-binding facilitates
that
502
503
504
505
To give each
client 64k upload
and 128k
download, set
the Rate Limit
506
Hotspot LAB
507
Summary
508
509
PPPoE
510
Add PPPoE
client
Set Interace it
runs on
Set Login And
Password
511
512
513
514
515
Select Interface
Select Profile
Set Profile
516
Users database
Configuration is taken
from profile
Locally Stored Auth Info
( Not Radius)
517
PPP Profiles
518
PPP Profile
519
PPPOE
520
PPPoE
521
Pools
522
Pool Configuration
Pool Defination, Set Name, IP Range & Next Pool to use when current
pool is
exhausted
523
PPP Status
Active Connections
Using the -
a config change)
524
PPTP
525
526
527
Router A
Tunnel Interface IP
172.16.1.1
10.1.1.0/24 Site B
10.2.2.0/24 Site A
www.wirac.ba - Copyright 2011
528
529
PPTP configuration
530
PPTP Configuration
531
532
PPTP Client
533
PPTP
534
535
PPTP Server
536
537
PPP Profile
538
PPTP LAB
539
540
Open VPN
OpenSSL encryption
SSLv3/TLSv1 protocol.
541
OpenVPN
542
SSTP Tunnels
543
IP/IP Tunnel
Fast
544
545
Tunnels
546
547
EoIP Tunnels
MikroTik Proprietary
548
EOIP Implementation
549
VPLS
550
Proxy
551
Block Content
552
Enable Proxy
553
Enable Proxy
554
Enable Proxy
8080
1080
3128
80 (Reverse Proxy)
555
3 options
None
Memory
Disk
556
Transparent Proxy
557
Transparent Proxy
transparent proxy
558
Redirect Action
559
Http Firewall
DNS names
Urls
Filetypes
Getback to work
560
Protect your web servers by placing a proxy between the world and
your web server
Reverse proxy listens to the world makes requests to your web server
Host IP
DNS names
Urls
Filetypes
TRACE
CONNECT
DELETE
PUT
www.wirac.ba - Copyright 2011
561
DUDE
562
Syslog Facility
563
564
Dude Recommendations
Run DUDE as windows service and disable clear text DUDE admin
network access with firewall rules
You should have a small external dude server hosted on another
network, probing your firewalls externally to allow alerting in the event
of your main internet link going down
You should have a Dude agent for each physical site,(to prevent
probing of devices across your WAN)
Use Remote Desktop across slow links to improve remote
performance ( Dont use local Dude Client with remote dude Server)
www.wirac.ba - Copyright 2011
565
Adjust your pole intervals & down counts to minimise false positives.
Use DUDE Agents on Flash based Devices with Care, Do not install
DUDE on Critical Core routers,
Backup the DUDE using the backup tool or windows backup prior to
installing a new version of the DUDE.
Restrict access to the DUDE for Security Purposes
www.wirac.ba - Copyright 2011
566
DUDE Maintenance
Proxy Logs
Firewall Logs,
567
DUDE Enterprise
568
Thank You
569