General Information

More documents

Recommendations

Info

• on MikroTik router we can see installed SAs [admin@MikroTik] ip ipsec installed-sa> print Flags: A - AH, E - ESP, P - pfs, M - manual 0 E spi=9437482 direction=out src-address=10.0.1.1 dst-address=10.0.1.2 auth-algorithm=sha1 enc-algorithm=des replay=4 state=mature auth-key="9cf2123b8b5add950e3e67b9eac79421d406aa09" enc-key="ffe7ec65b7a385c3" add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0 current-addtime=jul/12/2002 16:13:21 current-usetime=jul/12/2002 16:13:21 current-bytes=71896 1 E spi=319317260 direction=in src-address=10.0.1.2 dst-address=10.0.1.1 auth-algorithm=sha1 enc-algorithm=des replay=4 state=mature auth-key="7575f5624914dd312839694db2622a318030bc3b" enc-key="633593f809c9d6af" add-lifetime=24m/30m use-lifetime=0s/0s lifebytes=0/0 current-addtime=jul/12/2002 16:13:21 current-usetime=jul/12/2002 16:13:21 current-bytes=0 [admin@MikroTik] ip ipsec installed-sa> • on CISCO router cisco# show interface Serial 0 interface: Serial1 Crypto map tag: mymap, local addr. 10.0.1.2 local ident (addr/mask/prot/port): (10.0.2.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (10.0.0.0/255.255.255.0/0/0) current_peer: 10.0.1.1 PERMIT, flags={origin_is_acl,} #pkts encaps: 1810, #pkts encrypt: 1810, #pkts digest 1810 #pkts decaps: 1861, #pkts decrypt: 1861, #pkts verify 1861 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 local crypto endpt.: 10.0.1.2, remote crypto endpt.: 10.0.1.1 path mtu 1500, media mtu 1500 current outbound spi: 1308650C inbound esp sas: spi: 0x90012A(9437482) transform: esp-des esp-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2000, flow_id: 1, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4607891/1034) IV size: 8 bytes replay detection support: Y inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x1308650C(319317260) transform: esp-des esp-sha-hmac , in use settings ={Tunnel, } slot: 0, conn id: 2001, flow_id: 2, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4607893/1034) IV size: 8 bytes replay detection support: Y outbound ah sas: outbound pcp sas: MikroTik Router and Linux FreeS/WAN In the test scenario we have 2 private networks: 10.0.0.0/24 connected to the MT and 192.168.87.0/24 connected to Linux. MT and Linux are connected together over the "public" network 192.168.0.0/24: Page 236 of 568 Copyright 1999-2005, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
• FreeS/WAN configuration: config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=all plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig conn mt left=192.168.0.108 leftsubnet=192.168.87.0/24 right=192.168.0.155 rightsubnet=10.0.0.0/24 authby=secret pfs=no auto=add • ipsec.secrets config file: 192.168.0.108 192.168.0.155 : PSK "gvejimezyfopmekun" • MikroTik Router configuration: [admin@MikroTik] > /ip ipsec peer add address=192.168.0.108 \ \... secret="gvejimezyfopmekun" hash-algorithm=md5 enc-algorithm=3des \ \... dh-group=modp1024 lifetime=28800s [admin@MikroTik] > /ip ipsec proposal auth-algorithms=md5 \ \... enc-algorithms=3des pfs-group=none [admin@MikroTik] > /ip ipsec policy add sa-src-address=192.168.0.155 \ \... sa-dst-address=192.168.0.108 src-address=10.0.0.0/24 \ \... dst-address=192.168.87.0/24 tunnel=yes Page 237 of 568 Copyright 1999-2005, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 1 and 2:
MikroTik RouterOS v2.8 Reference Ma
Page 3 and 4:
Removing Device Drivers............
Page 5 and 6:
General Information................
Page 7 and 8:
Source NAT.........................
Page 9 and 10:
Router User Groups.................
Page 11 and 12:
LCD Information Display Configurati
Page 13 and 14:
Basic Setup Guide Document revision
Page 15 and 16:
Downloading and Installing the Mikr
Page 17 and 18:
• You shoud have an account on ou
Page 19 and 20:
The list of available commands at a
Page 21 and 22:
Description Interface Management Be
Page 23 and 24:
e assigned. If the setup offers you
Page 25 and 26:
2 DC 10.0.0.0/24 r 0.0.0.0 0 Public
Page 27 and 28:
interface=Local queue=default prior
Page 29 and 30:
Terminal Console Document revision
Page 31 and 32:
[admin@MikroTik] ip route> /ping 10
Page 33 and 34:
Notes Pressing [Tab] key while ente
Page 35 and 36:
edit - this command is in every pla
Page 37 and 38:
Package Management Document revisio
Page 39 and 40:
• Check the information about the
Page 41 and 42:
• Ethernet interface support •
Page 43 and 44:
Specifications Sheet Document revis
Page 45 and 46:
"El Torito" bootable CDs (you might
Page 47 and 48:
Device Driver List Document revisio
Page 49 and 50:
• 3c905B Cyclone 10/100/BNC • 3
Page 51 and 52:
• Macronix 98715 PMAC • Macroni
Page 53 and 54:
Compatibility: • Planet ENW-9601T
Page 55 and 56:
• Olicom OC-2326 VIA vt612x 'Velo
Page 57 and 58:
• Samsung SWL2000-N 11Mbit/s 802.
Page 59 and 60:
• Moxa Smartio C104H/PCI, CP-114,
Page 61 and 62:
Driver Management Document revision
Page 63 and 64:
0xF0-0xFF FPU 0x100-0x13F [prism2_c
Page 65 and 66:
General Interface Settings Document
Page 67 and 68:
Description The traffic passing thr
Page 69 and 70:
Additional Documents • http://www
Page 71 and 72:
The interface should be enabled acc
Page 73 and 74:
1 1.1.1.2/32 1.1.1.1 1.1.1.1 farsyn
Page 75 and 76:
Finally we need to add IP addresses
Page 77 and 78:
• accessing an Intranet/LAN of a
Page 79 and 80:
[admin@MikroTik] interface l2tp-cli
Page 81 and 82:
[admin@MikroTik] interface l2tp-ser
Page 83 and 84:
To route the local Intranets over t
Page 85 and 86:
On the L2TP server a user must be s
Page 87 and 88:
CISCO/Aironet 2.4GHz 11Mbps Wireles
Page 89 and 90:
Try to change the I/O base address
Page 91 and 92:
Troubleshooting Description Keep in
Page 93 and 94:
The default route should be set to
Page 95 and 96:
The second router will have address
Page 97 and 98:
1. Add an IPIP interface (by defaul
Page 99 and 100:
[admin@MikroTik] interface ipip> pr
Page 101 and 102:
Additional Documents • http://www
Page 103 and 104:
MOXA C502 Dual-port Synchronous Int
Page 105 and 106:
Example [admin@MikroTik] interface
Page 107 and 108:
[admin@MikroTik] ip route> print Fl
Page 109 and 110:
Flags: X - disabled, I - invalid, D
Page 111 and 112:
Description VLANs are simply a way
Page 113 and 114:
[admin@MikroTik] interface vlan> pr
Page 115 and 116:
Description Installing the Wireless
Page 117 and 118:
[admin@MikroTik] interface radiolan
Page 119 and 120:
Ethernet interfaces respectively. T
Page 122 and 123:
Flags: X - disabled, R - running 0
Page 124 and 125:
Example with MikroTik Router to Mik
Page 126 and 127:
ISDN (Integrated Services Digital N
Page 128 and 129:
name (name) - name of the driver is
Page 130 and 131:
undle-128K (yes | no; default: yes)
Page 132 and 133:
# NAME SERVICE CALLER-ID PASSWORD P
Page 134 and 135:
[admin@Mikrotik] ip route> add gate
Page 136 and 137:
• For mobile or remote clients to
Page 138 and 139:
10.1.1.12 PPTP server and use it as
Page 140 and 141:
encoding (text) - encryption and en
Page 142 and 143:
To route the local Intranets over t
Page 144 and 145:
On the PPTP server a user must be s
Page 146 and 147:
Wireless Client and Wireless Access
Page 148 and 149:
protocol created to improve point-t
Page 150 and 151:
with Atheros cards. There might be
Page 152 and 153:
• ap-bridge - the interface is op
Page 154 and 155:
wds-mode=disabled wds-default-bridg
Page 156 and 157:
• exact-size - put as much packet
Page 158 and 159:
ap (read-only: no | yes) - whether
Page 160 and 161:
Property Description 2ghz-b-channel
Page 162 and 163:
5305,5310,5315,5320,5325,5330,5335,
Page 164 and 165:
arp (disabled | enabled | proxy-arp
Page 166 and 167:
Description This command is used to
Page 168 and 169:
• none - do not use encryption an
Page 170 and 171:
ssid="test1" frequency=5180 band=5G
Page 172 and 173:
Flags: X - disabled, R - running, D
Page 174 and 175:
select the frequency that is used b
Page 176 and 177:
2. On router with IP address 10.1.0
Page 178 and 179:
To make a secure Ethernet bridge be
Page 180 and 181:
Xpeed SDSL Interface Document revis
Page 182 and 183:
[admin@r1] interface> print Flags:
Page 184 and 185:
• I tried to connect two routers
Page 186 and 187:
To add the driver for Arlan 655 ada
Page 188 and 189:
Obtain the required license for 2.4
Page 190 and 191:
MAC level bridging of Ethernet, Eth
Page 192 and 193:
Always take care not to bridge virt
Page 194 and 195:
designated-cost: 0 -- [Q quit|D dum
Page 196 and 197:
idge firewall, not in forwarded pro
Page 198 and 199: [admin@MikroTik] ip address> print
Page 200 and 201: • Log Management Description You
Page 202 and 203: [admin@MikroTik] interface moxa-c10
Page 204 and 205: [admin@MikroTik] ip route> print Fl
Page 206 and 207: Flags: X - disabled, I - invalid, D
Page 208 and 209: • IP Addresses and ARP • Log Ma
Page 210 and 211: The driver for the Cyclades PC300/R
Page 212 and 213: PPPoE Document revision 1.4 (Fri Ap
Page 214 and 215: License required: level1 (limited t
Page 216 and 217: uptime (time) - connection time dis
Page 218 and 219: [admin@MikroTik] interface pppoe-se
Page 220 and 221: [admin@MT_Prism_AP] interface prism
Page 222 and 223: PPP and Asynchronous Interfaces Doc
Page 224 and 225: Example [admin@MikroTik] > /port pr
Page 226 and 227: Example You can add a PPP client us
Page 228 and 229: IP Addresses and ARP Document revis
Page 230 and 231: ether1 or ether2. Example [admin@Mi
Page 232 and 233: The MikroTik Router setup is as fol
Page 234 and 235: IP Security Document revision 3.1 (
Page 236 and 237: associated with matching SPD rule),
Page 238 and 239: traffic. AH is applied after ESP, a
Page 240 and 241: Such policies are created dynamical
Page 242 and 243: auth-algorithm (multiple choice, re
Page 244 and 245: in-accept: 12 in-accept-isakmp: 0 i
Page 246 and 247: [admin@Router1] > ip firewall src-n
Page 250 and 251: Routes, Equal Cost Multipath Routin
Page 252 and 253: dst-address (IP address/mask; defau
Page 254 and 255: Example There is always a table cal
Page 256 and 257: Command sequence to achieve this: 1
Page 258 and 259: Connection Tracking and Service Por
Page 260 and 261: appropriate ICMP request icmp-optio
Page 262 and 263: Packet Marking (Mangle) Document re
Page 264 and 265: action (accept | passthrough; defau
Page 266 and 267: How to Mangle NATted Traffic Suppos
Page 268 and 269: • Package Management • M3P Desc
Page 270 and 271: Firewall Filters Document revision
Page 272 and 273: As we can see, a packet can enter t
Page 274 and 275: may be among the slowest. Therefore
Page 276 and 277: Keep in mind, that protocol must be
Page 278 and 279: • Protect the customer's hosts Co
Page 280 and 281: comment="Reject and log everything
Page 282 and 283: ip firewall dst-nat add action=nat
Page 284 and 285: Notes Whenever possible, the same i
Page 286 and 287: Hardware usage: Increases with rule
Page 288 and 289: Description You can limit peer-to-p
Page 290 and 291: • Then create custom queue type w
Page 292 and 293: • Package Management • IP Addre
Page 294 and 295: The virtual IP addresses should be
Page 296 and 297: [admin@MikroTik] ip vrrp> address a
Page 298 and 299:
Specifications Packages required: s
Page 300 and 301:
limit-count (integer; default: 0) -
Page 302 and 303:
limit-count (integer; default: 0) -
Page 304 and 305:
IP address on it, and as many inter
Page 306 and 307:
# INTERFACE TYPE 0 X ether1 externa
Page 308 and 309:
Description The wireless protocol I
Page 310 and 311:
DNS Client and Cache Document revis
Page 312 and 313:
[admin@MikroTik] ip dns> Cache Moni
Page 314 and 315:
Services, Protocols, and Ports Docu
Page 316 and 317:
1719/udp 1720/tcp 1723/tcp 2000/tcp
Page 318 and 319:
Example Walled Garden Description P
Page 320 and 321:
The HotSpot interface should have a
Page 322 and 323:
consulted first, then - a RADIUS se
Page 324 and 325:
use transparent web proxy (yes | no
Page 326 and 327:
allow-unencrypted-password=yes and
Page 328 and 329:
[admin@MikroTik] ip hotspot profile
Page 330 and 331:
ytes-out (read-only: integer) - how
Page 332 and 333:
[admin@MikroTik] ip hotspot server>
Page 334 and 335:
1. request for a remote host • if
Page 336 and 337:
• popup - whether to pop-up check
Page 338 and 339:
href="https://login.server.serv/log
Page 340 and 341:
There are two kinds of errors: fata
Page 342 and 343:
choose the address ranges, just mak
Page 344 and 345:
13. Add hotspot chain: /ip firewall
Page 346 and 347:
As we see from example, only hotspo
Page 348 and 349:
DHCP Client and Server Document rev
Page 350 and 351:
Standards and Technologies: DHCP De
Page 352 and 353:
• requesting... - the DHCP client
Page 354 and 355:
dns-server (text) - the DHCP client
Page 356 and 357:
[admin@MikroTik] ip dhcp-server lea
Page 358 and 359:
# NAME RANGES 0 dhcp_pool1 10.0.0.2
Page 360 and 361:
one network address translation so
Page 362 and 363:
mac-address (MAC address) - client'
Page 364 and 365:
Audio CODECs Description Example AA
Page 366 and 367:
The larger the jitter buffer, the l
Page 368 and 369:
find-best-balance - series of test-
Page 370 and 371:
monitor - monitor status of the voi
Page 372 and 373:
(plugged | unplugged) - state of th
Page 374 and 375:
aec (yes | no) - wheteher echo dete
Page 376 and 377:
• to which voice port route the c
Page 378 and 379:
• If nr=112 => matches the record
Page 380 and 381:
• NAS-Port-Type - always Async
Page 382 and 383:
marked as dynamic and can not be re
Page 384 and 385:
egistering endpoint (with IP addres
Page 386 and 387:
VOICE-PORT PREFIX 0 31 rob 31 1 33
Page 388 and 389:
Volume levels : voice volume : 54 i
Page 390 and 391:
call rsvp-sync voice rtp send-recv
Page 392 and 393:
OSPF Document revision 1.3 (Mon Sep
Page 394 and 395:
• if-installed-as-type-1 - send t
Page 396 and 397:
• none - do not use authenticatio
Page 398 and 399:
[admin@MikroTik] routing ospf> inte
Page 400 and 401:
OSPF backup without using a tunnel
Page 402 and 403:
Set redistribute-connected as as-ty
Page 404 and 405:
We should change cost value in both
Page 406 and 407:
0 Io 192.168.0.0/24 110 1 DC 192.16
Page 408 and 409:
Packages required: routing License
Page 410 and 411:
eceive (v1 | v1-2 | v2; default: v2
Page 412 and 413:
Example To view the list of the rou
Page 414 and 415:
[admin@MikroTik] routing rip> • C
Page 416 and 417:
Related Documents • Package Manag
Page 418 and 419:
[admin@modux] routing bgp network>
Page 420 and 421:
Prefix Lists Document revision 1.2
Page 422 and 423:
To accept the routes to the 172.16.
Page 424 and 425:
Example Example Local IP Traffic Ac
Page 426 and 427:
Notes There are three system groups
Page 428 and 429:
Router User Remote AAA Home menu le
Page 430 and 431:
To add the profile ex that will ass
Page 432 and 433:
RADIUS user database is consulted o
Page 434 and 435:
7 159.148.172.197 192.168.0.2 835 1
Page 436 and 437:
timeouts: 5 bad-replies: 0 last-req
Page 438 and 439:
• Session-Timeout - overrides ses
Page 440 and 441:
• Acct-Output-Packets - number of
Page 442 and 443:
OK:...", but the user cannot log on
Page 444 and 445:
To use a Certificate (which contain
Page 446 and 447:
equirements of your CA Example To i
Page 448 and 449:
There you can delete unnecessary fi
Page 450 and 451:
The Ping Command Command name: /pin
Page 452 and 453:
Bandwidth Control Document revision
Page 454 and 455:
you put no limit and choose all cla
Page 456 and 457:
than burst-threshold. This type of
Page 458 and 459:
[admin@MikroTik] queue interface> C
Page 460 and 461:
Example To mark all the traffic goi
Page 462 and 463:
[admin@MikroTik] queue simple> prin
Page 464 and 465:
max-limit=131072 And the same for L
Page 466 and 467:
3. Add a queue tree rule that will
Page 468 and 469:
Configuration Export and Import Doc
Page 470 and 471:
Home menu level: /import Descriptio
Page 472 and 473:
• No Set support • No Trap supp
Page 474 and 475:
• /system resource Example To see
Page 476 and 477:
ip.ipNetToMediaTable.ipNetToMediaEn
Page 478 and 479:
Description MRTG (Multi Router Traf
Page 480 and 481:
MAC Telnet Server and Client Docume
Page 482 and 483:
Ping Document revision 08-Jun-2004
Page 484 and 485:
Example To disable MAC pings: [admi
Page 486 and 487:
Additional Documents • DNS relate
Page 488 and 489:
interface (name) - the name of the
Page 490 and 491:
Bandwidth Test Document revision 1.
Page 492 and 493:
[admin@MikroTik] tool bandwidth-ser
Page 494 and 495:
Packet Sniffer Document revision 1.
Page 496 and 497:
filter-address1 and filter-address2
Page 498 and 499:
• ospf - Open Shortest Path First
Page 500 and 501:
Packet Sniffer Host Home menu level
Page 502 and 503:
Traceroute Document revision 1.2 (F
Page 504 and 505:
ICMP Bandwidth Test Document revisi
Page 506 and 507:
System Resource Management Document
Page 508 and 509:
IRQ Usage Monitor Command name: /sy
Page 510 and 511:
7 00:0e.0 Atheros Communications AR
Page 512 and 513:
[admin@Gateway] system clock> print
Page 514 and 515:
How to Connect PowerTip LCD to a Pa
Page 516 and 517:
[admin@MikroTik] system lcd> print
Page 518 and 519:
Support Output File Document revisi
Page 520 and 521:
SSH (Secure Shell) Server and Clien
Page 522 and 523:
SSH Client Command name: /system ss
Page 524 and 525:
General Information Command name: /
Page 526 and 527:
• http://www.ctsystems.org/rs.htm
Page 528 and 529:
To connect to a device connected to
Page 530 and 531:
• Precise Positioning Service (PP
Page 532 and 533:
Scripting Host and Complementary To
Page 534 and 535:
License required: level1 Home menu
Page 536 and 537:
[admin@MikroTik] ip address> /user
Page 538 and 539:
* - multiplication. Binary operator
Page 540 and 541:
[admin@MikroTik] interface> :put (~
Page 542 and 543:
Local Variables g1=this is global v
Page 544 and 545:
In the example below monitor action
Page 546 and 547:
Home menu level: /system script job
Page 548 and 549:
Specifications Packages required: s
Page 550 and 551:
[admin@MikroTik] system script> ..
Page 552 and 553:
Specifications Packages required: a
Page 554 and 555:
In the following example we will ad
Page 556 and 557:
Packages required: ups License requ
Page 558 and 559:
Runtime Calibration Command name: /
Page 560 and 561:
NTP (Network Time Protocol) Documen
Page 562 and 563:
• synchronized - local clock is s
Page 564 and 565:
RouterBoard-specific functions Docu
Page 566 and 567:
Firmware upgrade can take up to 20s
Page 568 and 569:
LED Managment Command name: :led De
Page 570 and 571:
License Management Document revisio
Page 572 and 573:
can not move license on another har
Page 574 and 575:
• ERROR: Key for specified softwa
Page 576 and 577:
MikroTik RouterOS implements indust
Page 578 and 579:
Router has several global configura
Page 580:
Notes print command has the followi
show all

General Information

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?