General Information

More documents

Recommendations

Info

designated-cost: 0 -- [Q quit|D dump|C-z pause] Bridge Host Monitoring Command name: /interface bridge host Property Description age (read-only: time) - the time since the last packet was received from the host bridge (read-only: name) - the bridge the entry belongs to mac-address (read-only: MAC address) - host's MAC address on-interface (read-only: name) - which of the bridged interfaces the host is connected to Example To get the active host table: [admin@MikroTik] interface bridge host> print Flags: L - local BRIDGE MAC-ADDRESS ON-INTERFACE AGE bridge1 00:00:B4:5B:A6:58 ether1 4m48s bridge1 00:30:4F:18:58:17 ether1 4m50s L bridge1 00:50:08:00:00:F5 ether1 0s L bridge1 00:50:08:00:00:F6 ether2 0s bridge1 00:60:52:0B:B4:81 ether1 4m50s bridge1 00:C0:DF:07:5E:E6 ether1 4m46s bridge1 00:E0:C5:6E:23:25 prism1 4m48s bridge1 00:E0:F7:7F:0A:B8 ether1 1s [admin@MikroTik] interface bridge host> Bridge Firewall Home menu level: /interface bridge firewall Description Traffic between bridged interfaces can be filtered. Note that packets between bridged interfaces are also passed through the 'generic' /ip firewall rules, so they even can be NATted. These rules can be used with real, physical receiving/transmitting interfaces, as well as with bridge interface that simply groups bridged interfaces. Property Description action (accept | drop | passthrough; default: accept) - action to undertake if the packet matches the rule: • accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action, and no more rules are processed • drop - silently drop the packet (without sending the ICMP reject message) • passthrough - ignore this rule. Acts the same way as a disabled rule, except for ability to count packets Page 182 of 568 Copyright 1999-2005, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
dst-address (IP address/mask; default: 0.0.0.0/0) - destination IP address of the packet in-interface (name; default: all) - interface the packet has entered the bridge through • all - any interface in-interface (name; default: all) - interface the packet is coming into the bridge • all - any interface mac-dst-address (MAC address; default: 00:00:00:00:00:00) - MAC address of the destination host mac-protocol (all | integer; default: all) - the MAC protocol of the packet. Most widely used MAC protocols are (many other exist): • all - all MAC protocols • 0x0004 - 802.2 • 0x0800 - IP • 0x0806 - ARP • 0x8035 - RARP • 0x809B - AppleTalk (EtherTalk) • 0x80F3 - AppleTalk Address Resolution Protocol (AARP) • 0x8037 - IPX • 0x8100 - VLAN • 0x8137 - Novell (old) NetWare IPX (ECONFIG E option) • 0x8191 - NetBEUI • 0x86DD - IPv6 mac-src-address (MAC address; default: 00:00:00:00:00:00) - MAC address of the source host out-interface (name; default: all) - interface the packet is leaving the bridge through • all - any interface protocol (all | egp | ggp | icmp | igmp | ip-encap | ip-sec | tcp | udp | integer; default: all) - IP protocol name/number • all - match all the IP protocols src-address (IP address/mask; default: 0.0.0.0/0) - source IP address of the packet Drop broadcast packets [admin@MikroTik] interface bridge firewall> add mac-dst-address=FF:FF:FF:FF:FF:FF action=drop [admin@MikroTik] interface bridge firewall> print Flags: X - disabled, I - invalid 0 mac-src-address=00:00:00:00:00:00 in-interface=all mac-dst-address=FF:FF:FF:FF:FF:FF out-interface=all mac-protocol=all src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all action=drop [admin@MikroTik] interface bridge firewall> Drop IP, ARP and RARP To make a brouter (the router that routes routable (IP in our case) protocols and bridges unroutable protocols), make a rule that drops IP, ARP, and RARP traffic (these protocols should be disabled in Page 183 of 568 Copyright 1999-2005, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 1 and 2:
MikroTik RouterOS v2.8 Reference Ma
Page 3 and 4:
Removing Device Drivers............
Page 5 and 6:
General Information................
Page 7 and 8:
Source NAT.........................
Page 9 and 10:
Router User Groups.................
Page 11 and 12:
LCD Information Display Configurati
Page 13 and 14:
Basic Setup Guide Document revision
Page 15 and 16:
Downloading and Installing the Mikr
Page 17 and 18:
• You shoud have an account on ou
Page 19 and 20:
The list of available commands at a
Page 21 and 22:
Description Interface Management Be
Page 23 and 24:
e assigned. If the setup offers you
Page 25 and 26:
2 DC 10.0.0.0/24 r 0.0.0.0 0 Public
Page 27 and 28:
interface=Local queue=default prior
Page 29 and 30:
Terminal Console Document revision
Page 31 and 32:
[admin@MikroTik] ip route> /ping 10
Page 33 and 34:
Notes Pressing [Tab] key while ente
Page 35 and 36:
edit - this command is in every pla
Page 37 and 38:
Package Management Document revisio
Page 39 and 40:
• Check the information about the
Page 41 and 42:
• Ethernet interface support •
Page 43 and 44:
Specifications Sheet Document revis
Page 45 and 46:
"El Torito" bootable CDs (you might
Page 47 and 48:
Device Driver List Document revisio
Page 49 and 50:
• 3c905B Cyclone 10/100/BNC • 3
Page 51 and 52:
• Macronix 98715 PMAC • Macroni
Page 53 and 54:
Compatibility: • Planet ENW-9601T
Page 55 and 56:
• Olicom OC-2326 VIA vt612x 'Velo
Page 57 and 58:
• Samsung SWL2000-N 11Mbit/s 802.
Page 59 and 60:
• Moxa Smartio C104H/PCI, CP-114,
Page 61 and 62:
Driver Management Document revision
Page 63 and 64:
0xF0-0xFF FPU 0x100-0x13F [prism2_c
Page 65 and 66:
General Interface Settings Document
Page 67 and 68:
Description The traffic passing thr
Page 69 and 70:
Additional Documents • http://www
Page 71 and 72:
The interface should be enabled acc
Page 73 and 74:
1 1.1.1.2/32 1.1.1.1 1.1.1.1 farsyn
Page 75 and 76:
Finally we need to add IP addresses
Page 77 and 78:
• accessing an Intranet/LAN of a
Page 79 and 80:
[admin@MikroTik] interface l2tp-cli
Page 81 and 82:
[admin@MikroTik] interface l2tp-ser
Page 83 and 84:
To route the local Intranets over t
Page 85 and 86:
On the L2TP server a user must be s
Page 87 and 88:
CISCO/Aironet 2.4GHz 11Mbps Wireles
Page 89 and 90:
Try to change the I/O base address
Page 91 and 92:
Troubleshooting Description Keep in
Page 93 and 94:
The default route should be set to
Page 95 and 96:
The second router will have address
Page 97 and 98:
1. Add an IPIP interface (by defaul
Page 99 and 100:
[admin@MikroTik] interface ipip> pr
Page 101 and 102:
Additional Documents • http://www
Page 103 and 104:
MOXA C502 Dual-port Synchronous Int
Page 105 and 106:
Example [admin@MikroTik] interface
Page 107 and 108:
[admin@MikroTik] ip route> print Fl
Page 109 and 110:
Flags: X - disabled, I - invalid, D
Page 111 and 112:
Description VLANs are simply a way
Page 113 and 114:
[admin@MikroTik] interface vlan> pr
Page 115 and 116:
Description Installing the Wireless
Page 117 and 118:
[admin@MikroTik] interface radiolan
Page 119 and 120:
Ethernet interfaces respectively. T
Page 122 and 123:
Flags: X - disabled, R - running 0
Page 124 and 125:
Example with MikroTik Router to Mik
Page 126 and 127:
ISDN (Integrated Services Digital N
Page 128 and 129:
name (name) - name of the driver is
Page 130 and 131:
undle-128K (yes | no; default: yes)
Page 132 and 133:
# NAME SERVICE CALLER-ID PASSWORD P
Page 134 and 135:
[admin@Mikrotik] ip route> add gate
Page 136 and 137:
• For mobile or remote clients to
Page 138 and 139:
10.1.1.12 PPTP server and use it as
Page 140 and 141:
encoding (text) - encryption and en
Page 142 and 143:
To route the local Intranets over t
Page 144 and 145: On the PPTP server a user must be s
Page 146 and 147: Wireless Client and Wireless Access
Page 148 and 149: protocol created to improve point-t
Page 150 and 151: with Atheros cards. There might be
Page 152 and 153: • ap-bridge - the interface is op
Page 154 and 155: wds-mode=disabled wds-default-bridg
Page 156 and 157: • exact-size - put as much packet
Page 158 and 159: ap (read-only: no | yes) - whether
Page 160 and 161: Property Description 2ghz-b-channel
Page 162 and 163: 5305,5310,5315,5320,5325,5330,5335,
Page 164 and 165: arp (disabled | enabled | proxy-arp
Page 166 and 167: Description This command is used to
Page 168 and 169: • none - do not use encryption an
Page 170 and 171: ssid="test1" frequency=5180 band=5G
Page 172 and 173: Flags: X - disabled, R - running, D
Page 174 and 175: select the frequency that is used b
Page 176 and 177: 2. On router with IP address 10.1.0
Page 178 and 179: To make a secure Ethernet bridge be
Page 180 and 181: Xpeed SDSL Interface Document revis
Page 182 and 183: [admin@r1] interface> print Flags:
Page 184 and 185: • I tried to connect two routers
Page 186 and 187: To add the driver for Arlan 655 ada
Page 188 and 189: Obtain the required license for 2.4
Page 190 and 191: MAC level bridging of Ethernet, Eth
Page 192 and 193: Always take care not to bridge virt
Page 196 and 197: idge firewall, not in forwarded pro
Page 198 and 199: [admin@MikroTik] ip address> print
Page 200 and 201: • Log Management Description You
Page 202 and 203: [admin@MikroTik] interface moxa-c10
Page 204 and 205: [admin@MikroTik] ip route> print Fl
Page 206 and 207: Flags: X - disabled, I - invalid, D
Page 208 and 209: • IP Addresses and ARP • Log Ma
Page 210 and 211: The driver for the Cyclades PC300/R
Page 212 and 213: PPPoE Document revision 1.4 (Fri Ap
Page 214 and 215: License required: level1 (limited t
Page 216 and 217: uptime (time) - connection time dis
Page 218 and 219: [admin@MikroTik] interface pppoe-se
Page 220 and 221: [admin@MT_Prism_AP] interface prism
Page 222 and 223: PPP and Asynchronous Interfaces Doc
Page 224 and 225: Example [admin@MikroTik] > /port pr
Page 226 and 227: Example You can add a PPP client us
Page 228 and 229: IP Addresses and ARP Document revis
Page 230 and 231: ether1 or ether2. Example [admin@Mi
Page 232 and 233: The MikroTik Router setup is as fol
Page 234 and 235: IP Security Document revision 3.1 (
Page 236 and 237: associated with matching SPD rule),
Page 238 and 239: traffic. AH is applied after ESP, a
Page 240 and 241: Such policies are created dynamical
Page 242 and 243: auth-algorithm (multiple choice, re
Page 244 and 245:
in-accept: 12 in-accept-isakmp: 0 i
Page 246 and 247:
[admin@Router1] > ip firewall src-n
Page 248 and 249:
• on MikroTik router we can see i
Page 250 and 251:
Routes, Equal Cost Multipath Routin
Page 252 and 253:
dst-address (IP address/mask; defau
Page 254 and 255:
Example There is always a table cal
Page 256 and 257:
Command sequence to achieve this: 1
Page 258 and 259:
Connection Tracking and Service Por
Page 260 and 261:
appropriate ICMP request icmp-optio
Page 262 and 263:
Packet Marking (Mangle) Document re
Page 264 and 265:
action (accept | passthrough; defau
Page 266 and 267:
How to Mangle NATted Traffic Suppos
Page 268 and 269:
• Package Management • M3P Desc
Page 270 and 271:
Firewall Filters Document revision
Page 272 and 273:
As we can see, a packet can enter t
Page 274 and 275:
may be among the slowest. Therefore
Page 276 and 277:
Keep in mind, that protocol must be
Page 278 and 279:
• Protect the customer's hosts Co
Page 280 and 281:
comment="Reject and log everything
Page 282 and 283:
ip firewall dst-nat add action=nat
Page 284 and 285:
Notes Whenever possible, the same i
Page 286 and 287:
Hardware usage: Increases with rule
Page 288 and 289:
Description You can limit peer-to-p
Page 290 and 291:
• Then create custom queue type w
Page 292 and 293:
• Package Management • IP Addre
Page 294 and 295:
The virtual IP addresses should be
Page 296 and 297:
[admin@MikroTik] ip vrrp> address a
Page 298 and 299:
Specifications Packages required: s
Page 300 and 301:
limit-count (integer; default: 0) -
Page 302 and 303:
limit-count (integer; default: 0) -
Page 304 and 305:
IP address on it, and as many inter
Page 306 and 307:
# INTERFACE TYPE 0 X ether1 externa
Page 308 and 309:
Description The wireless protocol I
Page 310 and 311:
DNS Client and Cache Document revis
Page 312 and 313:
[admin@MikroTik] ip dns> Cache Moni
Page 314 and 315:
Services, Protocols, and Ports Docu
Page 316 and 317:
1719/udp 1720/tcp 1723/tcp 2000/tcp
Page 318 and 319:
Example Walled Garden Description P
Page 320 and 321:
The HotSpot interface should have a
Page 322 and 323:
consulted first, then - a RADIUS se
Page 324 and 325:
use transparent web proxy (yes | no
Page 326 and 327:
allow-unencrypted-password=yes and
Page 328 and 329:
[admin@MikroTik] ip hotspot profile
Page 330 and 331:
ytes-out (read-only: integer) - how
Page 332 and 333:
[admin@MikroTik] ip hotspot server>
Page 334 and 335:
1. request for a remote host • if
Page 336 and 337:
• popup - whether to pop-up check
Page 338 and 339:
href="https://login.server.serv/log
Page 340 and 341:
There are two kinds of errors: fata
Page 342 and 343:
choose the address ranges, just mak
Page 344 and 345:
13. Add hotspot chain: /ip firewall
Page 346 and 347:
As we see from example, only hotspo
Page 348 and 349:
DHCP Client and Server Document rev
Page 350 and 351:
Standards and Technologies: DHCP De
Page 352 and 353:
• requesting... - the DHCP client
Page 354 and 355:
dns-server (text) - the DHCP client
Page 356 and 357:
[admin@MikroTik] ip dhcp-server lea
Page 358 and 359:
# NAME RANGES 0 dhcp_pool1 10.0.0.2
Page 360 and 361:
one network address translation so
Page 362 and 363:
mac-address (MAC address) - client'
Page 364 and 365:
Audio CODECs Description Example AA
Page 366 and 367:
The larger the jitter buffer, the l
Page 368 and 369:
find-best-balance - series of test-
Page 370 and 371:
monitor - monitor status of the voi
Page 372 and 373:
(plugged | unplugged) - state of th
Page 374 and 375:
aec (yes | no) - wheteher echo dete
Page 376 and 377:
• to which voice port route the c
Page 378 and 379:
• If nr=112 => matches the record
Page 380 and 381:
• NAS-Port-Type - always Async
Page 382 and 383:
marked as dynamic and can not be re
Page 384 and 385:
egistering endpoint (with IP addres
Page 386 and 387:
VOICE-PORT PREFIX 0 31 rob 31 1 33
Page 388 and 389:
Volume levels : voice volume : 54 i
Page 390 and 391:
call rsvp-sync voice rtp send-recv
Page 392 and 393:
OSPF Document revision 1.3 (Mon Sep
Page 394 and 395:
• if-installed-as-type-1 - send t
Page 396 and 397:
• none - do not use authenticatio
Page 398 and 399:
[admin@MikroTik] routing ospf> inte
Page 400 and 401:
OSPF backup without using a tunnel
Page 402 and 403:
Set redistribute-connected as as-ty
Page 404 and 405:
We should change cost value in both
Page 406 and 407:
0 Io 192.168.0.0/24 110 1 DC 192.16
Page 408 and 409:
Packages required: routing License
Page 410 and 411:
eceive (v1 | v1-2 | v2; default: v2
Page 412 and 413:
Example To view the list of the rou
Page 414 and 415:
[admin@MikroTik] routing rip> • C
Page 416 and 417:
Related Documents • Package Manag
Page 418 and 419:
[admin@modux] routing bgp network>
Page 420 and 421:
Prefix Lists Document revision 1.2
Page 422 and 423:
To accept the routes to the 172.16.
Page 424 and 425:
Example Example Local IP Traffic Ac
Page 426 and 427:
Notes There are three system groups
Page 428 and 429:
Router User Remote AAA Home menu le
Page 430 and 431:
To add the profile ex that will ass
Page 432 and 433:
RADIUS user database is consulted o
Page 434 and 435:
7 159.148.172.197 192.168.0.2 835 1
Page 436 and 437:
timeouts: 5 bad-replies: 0 last-req
Page 438 and 439:
• Session-Timeout - overrides ses
Page 440 and 441:
• Acct-Output-Packets - number of
Page 442 and 443:
OK:...", but the user cannot log on
Page 444 and 445:
To use a Certificate (which contain
Page 446 and 447:
equirements of your CA Example To i
Page 448 and 449:
There you can delete unnecessary fi
Page 450 and 451:
The Ping Command Command name: /pin
Page 452 and 453:
Bandwidth Control Document revision
Page 454 and 455:
you put no limit and choose all cla
Page 456 and 457:
than burst-threshold. This type of
Page 458 and 459:
[admin@MikroTik] queue interface> C
Page 460 and 461:
Example To mark all the traffic goi
Page 462 and 463:
[admin@MikroTik] queue simple> prin
Page 464 and 465:
max-limit=131072 And the same for L
Page 466 and 467:
3. Add a queue tree rule that will
Page 468 and 469:
Configuration Export and Import Doc
Page 470 and 471:
Home menu level: /import Descriptio
Page 472 and 473:
• No Set support • No Trap supp
Page 474 and 475:
• /system resource Example To see
Page 476 and 477:
ip.ipNetToMediaTable.ipNetToMediaEn
Page 478 and 479:
Description MRTG (Multi Router Traf
Page 480 and 481:
MAC Telnet Server and Client Docume
Page 482 and 483:
Ping Document revision 08-Jun-2004
Page 484 and 485:
Example To disable MAC pings: [admi
Page 486 and 487:
Additional Documents • DNS relate
Page 488 and 489:
interface (name) - the name of the
Page 490 and 491:
Bandwidth Test Document revision 1.
Page 492 and 493:
[admin@MikroTik] tool bandwidth-ser
Page 494 and 495:
Packet Sniffer Document revision 1.
Page 496 and 497:
filter-address1 and filter-address2
Page 498 and 499:
• ospf - Open Shortest Path First
Page 500 and 501:
Packet Sniffer Host Home menu level
Page 502 and 503:
Traceroute Document revision 1.2 (F
Page 504 and 505:
ICMP Bandwidth Test Document revisi
Page 506 and 507:
System Resource Management Document
Page 508 and 509:
IRQ Usage Monitor Command name: /sy
Page 510 and 511:
7 00:0e.0 Atheros Communications AR
Page 512 and 513:
[admin@Gateway] system clock> print
Page 514 and 515:
How to Connect PowerTip LCD to a Pa
Page 516 and 517:
[admin@MikroTik] system lcd> print
Page 518 and 519:
Support Output File Document revisi
Page 520 and 521:
SSH (Secure Shell) Server and Clien
Page 522 and 523:
SSH Client Command name: /system ss
Page 524 and 525:
General Information Command name: /
Page 526 and 527:
• http://www.ctsystems.org/rs.htm
Page 528 and 529:
To connect to a device connected to
Page 530 and 531:
• Precise Positioning Service (PP
Page 532 and 533:
Scripting Host and Complementary To
Page 534 and 535:
License required: level1 Home menu
Page 536 and 537:
[admin@MikroTik] ip address> /user
Page 538 and 539:
* - multiplication. Binary operator
Page 540 and 541:
[admin@MikroTik] interface> :put (~
Page 542 and 543:
Local Variables g1=this is global v
Page 544 and 545:
In the example below monitor action
Page 546 and 547:
Home menu level: /system script job
Page 548 and 549:
Specifications Packages required: s
Page 550 and 551:
[admin@MikroTik] system script> ..
Page 552 and 553:
Specifications Packages required: a
Page 554 and 555:
In the following example we will ad
Page 556 and 557:
Packages required: ups License requ
Page 558 and 559:
Runtime Calibration Command name: /
Page 560 and 561:
NTP (Network Time Protocol) Documen
Page 562 and 563:
• synchronized - local clock is s
Page 564 and 565:
RouterBoard-specific functions Docu
Page 566 and 567:
Firmware upgrade can take up to 20s
Page 568 and 569:
LED Managment Command name: :led De
Page 570 and 571:
License Management Document revisio
Page 572 and 573:
can not move license on another har
Page 574 and 575:
• ERROR: Key for specified softwa
Page 576 and 577:
MikroTik RouterOS implements indust
Page 578 and 579:
Router has several global configura
Page 580:
Notes print command has the followi
show all

General Information

Create successful ePaper yourself

Delete template?

Save as template?