MikroTik RouterOSâ¢ v2.9

More documents

Recommendations

Info

src-address (IP address; default: 0.0.0.0/0) - source IP address (only if MAC protocol is set to IPv4) src-mac-address (MAC address; default: 00:00:00:00:00:00) - source MAC address src-port (integer: 0..65535) - source port number or range (only for TCP or UDP protocols) stp-flags (topology-change | topology-change-ack) - The BPDU (Bridge Protocol Data Unit) flags. Bridge exchange configuration messages named BPDU peridiocally for preventing from loop • topology-change - topology change flag is set when a bridge detects port state change, to force all other bridges to drop their host tables and recalculate network topology • topology-change-ack - topology change acknowledgement flag is sen in replies to the notification packets stp-forward-delay (time: 0..65535) - forward delay timer stp-hello-time (time: 0..65535) - stp hello packets time stp-max-age (time: 0..65535) - maximal STP message age stp-msg-age (time: 0..65535) - STP message age stp-port (integer: 0..65535) - stp port identifier stp-root-address (MAC address) - root bridge MAC address stp-root-cost (integer: 0..65535) - root bridge cost stp-root-priority (time: 0..65535) - root bridge priority stp-sender-address (MAC address) - stp message sender MAC address stp-sender-priority (integer: 0..65535) - sender priority stp-type (config | tcn) - the BPDU type • config - configuration BPDU • tcn - topology change notification vlan-encap (802.2 | arp | ip | ipv6 | ipx | rarp | vlan) - the MAC protocol type encapsulated in the VLAN frame vlan-id (integer: 0..4095) - VLAN identifier field vlan-priority (integer: 0..7) - the user priority field Notes stpmatchers are only valid if destination MAC address is 01:80:C2:00:00:00/FF:FF:FF:FF:FF:FF (Bridge Group address), also stp should be enabled. ARP matchers are only valid if mac-protocol is arp or rarp VLAN matchers are only valid for vlan ethernet protocol IP-related matchers are only valid if mac-protocol is set as ipv4 802.3 matchers are only consulted if the actual frame is compliant with IEEE 802.2 and IEEE 802.3 standards (note: it is not the industry-standard Ethernet frame format used in most networks worldwide!). These matchers are ignored for other packets. Bridge Packet Filter Page 141 of 615 Copyright 1999-2005, <strong>MikroTik</strong>. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Home menu level: /interface bridge filter Description This section describes bridge packet filter specific filtering options, which were omitted in the general firewall description Property Description action (accept | drop | jump | log | mark | passthrough | return; default: accept) - action to undertake if the packet matches the rule, one of the: • accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action, and no more rules are processed in the relevant list/chain • drop - silently drop the packet (without sending the ICMP reject message) • jump - jump to the chain specified by the value of the jump-target argument • log - log the packet • mark - mark the packet to use the mark later • passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except for ability to count packets • return - return to the previous chain, from where the jump took place out-bridge (name) - outgoing bridge interface out-interface (name) - interface via packet is leaving the bridge Bridge NAT Home menu level: /interface bridge nat Description This section describes bridge NAT options, which were omitted in the general firewall description Property Description action (accept | arp-reply | drop | dst-nat | jump | log | mark | passthrough | redirect | return | src-nat; default: accept) - action to undertake if the packet matches the rule, one of the: • accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action, and no more rules are processed in the relevant list/chain • arp-reply - send a reply to an ARP request (any other packets will be ignored by this rule) with the specified MAC address (only valid in dstnat chain) • drop - silently drop the packet (without sending the ICMP reject message) • dst-nat - change destination MAC address of a packet (only valid in dstnat chain) • jump - jump to the chain specified by the value of the jump-target argument • log - log the packet • mark - mark the packet to use the mark later • passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, Page 142 of 615 Copyright 1999-2005, <strong>MikroTik</strong>. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 1 and 2:
MikroTik RouterOS v2.9 Reference Ma
Page 3 and 4:
General Information ...............
Page 5 and 6:
Bridge Host Monitoring.............
Page 7 and 8:
Frame Relay Configuration Examples.
Page 9 and 10:
Queue Trees........................
Page 11 and 12:
Dynamic DNS Update.................
Page 13 and 14:
Scheduler Configuration............
Page 15 and 16:
Description General Information Sum
Page 17 and 18:
Broadcom Tigon3 Chipset type: Broad
Page 19 and 20:
Chipset type: Marvell Yukon 88E80xx
Page 21 and 22:
Compatibility: • RealTek RTL8129
Page 23 and 24:
Description Atheros Chipset type: A
Page 25 and 26:
Description This is driver for lega
Page 27 and 28:
xDSL Packages required: synchronous
Page 29 and 30:
License Management Document revisio
Page 31 and 32:
Important: the abovementioned limit
Page 33 and 34:
• ERROR: You are not allowed to u
Page 35 and 36:
• NTP - Network Time Protocol ser
Page 37 and 38:
package is installed) • MAC Telne
Page 39 and 40:
Related Documents • Software Pack
Page 41 and 42:
from this type of media; if El Tori
Page 43 and 44:
etype new password: ************ [a
Page 45 and 46:
| from any level [admin@MikroTik] i
Page 47 and 48:
0 D RealTek 8139 1 D Intel EtherExp
Page 49 and 50:
when the addresses were added in th
Page 51 and 52:
y the ISP, you should use the sourc
Page 53 and 54:
Installing RouterOS with CD-Install
Page 55 and 56:
Installing RouterOS with Floppies D
Page 57 and 58:
• IP address/mask - address with
Page 59 and 60:
Configuration Management Document r
Page 61 and 62:
Description The export command prin
Page 63 and 64:
FTP (File Transfer Protocol) Server
Page 65 and 66:
MAC Level Access (Telnet and Winbox
Page 67 and 68:
Flags: X - disabled # INTERFACE 0 a
Page 69 and 70:
Description The Serial Console (man
Page 71 and 72:
Notes [Ctrl]+[Q] and [Ctrl]+[X] hav
Page 73 and 74:
License required: level1 Home menu
Page 75 and 76:
Uninstalling Command name: /system
Page 77 and 78:
10 ppp 2.9.11 11 dhcp 2.9.11 12 hot
Page 79 and 80:
To add a router with IP address 192
Page 81 and 82:
thinrouter-pcipc forces PCI-to-Card
Page 83 and 84:
Description In this submenu you can
Page 85 and 86:
SSH (Secure Shell) Server and Clien
Page 87 and 88:
Example [admin@MikroTik] > /system
Page 89 and 90:
MikroTik RouterOS implements indust
Page 91 and 92:
Common Console Functions Descriptio
Page 93 and 94:
[admin@MikroTik] interface> set 0 m
Page 95 and 96:
Description There are some commands
Page 97 and 98:
owner of safe mode is notified abou
Page 99 and 100:
where: • discovers and shows MNDP
Page 101 and 102:
IP Addresses and ARP Document revis
Page 103 and 104: ether1 or ether2. Example [admin@Mi
Page 105 and 106: 0 10.0.0.217/24 10.0.0.0 10.0.0.255
Page 107 and 108: OSPF Document revision 1.4 (Wed Dec
Page 109 and 110: • if-installed-as-type-1 - send t
Page 111 and 112: • none - do not use authenticatio
Page 113 and 114: [admin@MikroTik] routing ospf> inte
Page 115 and 116: OSPF backup without using a tunnel
Page 117 and 118: # NETWORK AREA 0 10.3.0.0/24 local_
Page 119 and 120: [admin@OSPF_peer_2] > ip route prin
Page 121 and 122: Packages required: routing License
Page 123 and 124: eceive (v1 | v1-2 | v2; default: v2
Page 125 and 126: Example To view the list of the rou
Page 127 and 128: [admin@MikroTik] routing rip> • C
Page 129 and 130: • dynamic routes - automatically
Page 131 and 132: Static Equal Cost Multi-Path routin
Page 133 and 134: General Interface Settings Document
Page 135 and 136: ARLAN 655 Wireless Client Card Docu
Page 137 and 138: Example [admin@MikroTik] > interfac
Page 139 and 140: Interface Bonding Document revision
Page 141 and 142: determenation relies on the device
Page 143 and 144: • for Office1through ISP2 [admin@
Page 145 and 146: Bridge Document revision 2.1 (Fri M
Page 147 and 148: • Filter Description Ethernet-lik
Page 149 and 150: To group ether1 and ether2 in the a
Page 151 and 152: idge1 00:C0:DF:07:5E:E6 ether1 4m46
Page 153: • ddp - datagram delivery protoco
Page 157 and 158: action=dst-nat is selected Troubles
Page 159 and 160: • Device Driver List • IP Addre
Page 161 and 162: tx-antenna (both | default | left |
Page 163 and 164: The access point is connected to th
Page 165 and 166: • One of the units (slave) should
Page 167 and 168: Cyclades PC300 PCI Adapters Documen
Page 169 and 170: chdlc-keepalive (time; default: 10s
Page 171 and 172: [admin@MikroTik] ip route> add gate
Page 173 and 174: Additional Documents • http://www
Page 175 and 176: ut it does not affect the NIC's per
Page 177 and 178: Additional Documents • http://www
Page 179 and 180: The interface should be enabled acc
Page 181 and 182: 1 1.1.1.2/32 1.1.1.1 1.1.1.1 farsyn
Page 183 and 184: Finally we need to add IP addresses
Page 185 and 186: • Moxa C502 Dual Port Synchronous
Page 187 and 188: 0 1.1.1.1/24 1.1.1.0 1.1.1.255 pvc1
Page 189 and 190: Troubleshooting Description • I c
Page 191 and 192: [admin@MikroTik] interface ppp-clie
Page 193 and 194: Hardware usage: Not significant Rel
Page 195 and 196: mtu (integer; default: 1500) - Maxi
Page 197 and 198: session-timeout=0s idle-timeout=0s
Page 199 and 200: • And finally, you have to add sc
Page 201 and 202: Description With the introduction o
Page 203 and 204: M3P Document revision 0.3.0 (Wed Ma
Page 205 and 206:
unpacking (none | simple | compress
Page 207 and 208:
• Log Management Description You
Page 209 and 210:
[admin@MikroTik] interface moxa-c10
Page 211 and 212:
[admin@MikroTik] ip route> print Fl
Page 213 and 214:
Flags: X - disabled, I - invalid, D
Page 215 and 216:
• Log Management Description You
Page 217 and 218:
The driver for MOXA C502 card shoul
Page 219 and 220:
The driver for MOXA C502 card shoul
Page 221 and 222:
PPP and Asynchronous Interfaces Doc
Page 223 and 224:
Example [admin@MikroTik] > /port pr
Page 225 and 226:
Example You can add a PPP client us
Page 227 and 228:
RadioLAN 5.8GHz Wireless Interface
Page 229 and 230:
default-destination (ap | as-specif
Page 231 and 232:
1. Setting the Service Set Identifi
Page 233 and 234:
Property Description Notes WDS Inte
Page 235 and 236:
Service Set Identifier test, do the
Page 237 and 238:
acceptance timeout) in microseconds
Page 239 and 240:
• manual-tx-power - channels in c
Page 241 and 242:
Notes It is strongly suggested to l
Page 243 and 244:
• none - do nothing special, do n
Page 245 and 246:
WDS cannot be used on Nstreme-dual
Page 247 and 248:
access point routeros-version (read
Page 249 and 250:
client-tx-limit (integer; default:
Page 251 and 252:
nstreme-support (read-only: yes | n
Page 253 and 254:
Property Description arp (disabled
Page 255 and 256:
Align Home menu level: /interface w
Page 257 and 258:
2412MHz 3.8% 2417MHz 9.8% 2422MHz 2
Page 259 and 260:
Property Description group-key-upda
Page 261 and 262:
Prism card doesn't report that the
Page 263 and 264:
2 2412 -45dBm@1Mbps 00:02:6F:05:68:
Page 265 and 266:
ack-timeout=dynamic tx-power=defaul
Page 267 and 268:
This example will show you how to c
Page 269 and 270:
adio-name: "000C42050022" signal-st
Page 271 and 272:
Flags: X - disabled, R - running 0
Page 273 and 274:
[admin@WEP_StationX] interface wire
Page 275 and 276:
Xpeed SDSL Interface Document revis
Page 277 and 278:
[admin@r1] interface> print Flags:
Page 279 and 280:
• I tried to connect two routers
Page 281 and 282:
2. On router with IP address 10.1.0
Page 283 and 284:
network. Example Our goal is to cre
Page 285 and 286:
IP Security Document revision 3.4 (
Page 287 and 288:
Internet Key Exchange The Internet
Page 289 and 290:
level (acquire | require | use; def
Page 291 and 292:
hash-algorithm (multiple choice: md
Page 293 and 294:
current-bytes (read-only: integer)
Page 295 and 296:
General Information MikroTik Router
Page 297 and 298:
! Create IPsec transform set - tran
Page 299 and 300:
[admin@MikroTik] > /ip ipsec policy
Page 301 and 302:
1. Add an IPIP interface (by defaul
Page 303 and 304:
[admin@MikroTik] interface ipip> pr
Page 305 and 306:
• accessing an Intranet/LAN of a
Page 307 and 308:
[admin@MikroTik] interface l2tp-cli
Page 309 and 310:
[admin@MikroTik] interface l2tp-ser
Page 311 and 312:
To route the local Intranets over t
Page 313 and 314:
On the L2TP server a user must be s
Page 315 and 316:
PPPoE Document revision 1.5 (Fri No
Page 317 and 318:
License required: level1 (limited t
Page 319 and 320:
Example To monitor the pppoe-out1 c
Page 321 and 322:
To disconnect the user ex: [admin@M
Page 323 and 324:
disconnect, they are still shown an
Page 325 and 326:
• For mobile or remote clients to
Page 327 and 328:
Example To set up PPTP client named
Page 329 and 330:
connection mtu (integer) - (cannot
Page 331 and 332:
ound-trip min/avg/max = 3/3.0/3 ms
Page 333 and 334:
VLAN Document revision 1.2 (Mon Sep
Page 335 and 336:
• http://www.cisco.com/warp/publi
Page 337 and 338:
Graphing Document revision 1.0 (09-
Page 339 and 340:
allow-address (IP address | netmask
Page 341 and 342:
HotSpot User AAA Document revision
Page 343 and 344:
name (name) - profile reference nam
Page 345 and 346:
Example To add user ex with passwor
Page 347 and 348:
IP accounting Document revision 2.1
Page 349 and 350:
enabled: yes account-local-traffic:
Page 351 and 352:
PPP User AAA Document revision 2.4
Page 353 and 354:
was no activity present. There is n
Page 355 and 356:
is the caller's number (that may or
Page 357 and 358:
RADIUS client Document revision 0.4
Page 359 and 360:
• ppp - Point-to-Point clients au
Page 361 and 362:
address of the client) • User-Nam
Page 363 and 364:
• Advertise-Interval - Time inter
Page 365 and 366:
Framed-IP-Address 8 RFC2865 Framed-
Page 367 and 368:
Router User AAA Document revision 2
Page 369 and 370:
• password - policy that grants r
Page 371 and 372:
when (read-only: date) - log in dat
Page 373 and 374:
information included • version 9
Page 375 and 376:
Bandwidth Control Document revision
Page 377 and 378:
disciplines are set under /queue in
Page 379 and 380:
picture, Leaf1 will be served only
Page 381 and 382:
PFIFO and BFIFO These queuing disci
Page 383 and 384:
Interface Default Queues Home menu
Page 385 and 386:
Home menu level: /queue tree Descri
Page 387 and 388:
upload to the Server and Workstatio
Page 389 and 390:
Filter Document revision 2.7 (Fri N
Page 391 and 392:
• packet arrival time • and muc
Page 393 and 394:
connection-type (ftp | gre | h323 |
Page 395 and 396:
ipsec-esp | iso-tp4 | ospf | pup |
Page 397 and 398:
add chain=forward src-address=0.0.0
Page 399 and 400:
The address list records could be u
Page 401 and 402:
Mangle Home menu level: /ip firewal
Page 403 and 404:
hotspot (multiple choice: from-clie
Page 405 and 406:
coming from the same host to be tre
Page 407 and 408:
Change MSS It is a well known fact
Page 409 and 410:
NAT Description Network Address Tra
Page 411 and 412:
chain (dstnat | srcnat | name) - sp
Page 413 and 414:
out-interface (name) - interface th
Page 415 and 416:
Example of Destination NAT If you w
Page 417 and 418:
Packet Flow Description MikroTik Ro
Page 419 and 420:
Property Description connection-mar
Page 421 and 422:
Description ICMP TYPE:CODE values I
Page 423 and 424:
DHCP Client and Server Document rev
Page 425 and 426:
Flags: X - disabled, I - invalid 0
Page 427 and 428:
DHCP Server Setup Home menu level:
Page 429 and 430:
DHCP lease in case it is directly r
Page 431 and 432:
6. in other case, the lease becomes
Page 433 and 434:
Description To find any rogue DHCP
Page 435 and 436:
• 0.0.0.0 - the IP address will b
Page 437 and 438:
IP addresses of DHCP-Relay: [admin@
Page 439 and 440:
DNS Client and Cache Document revis
Page 441 and 442:
secondary-dns: 0.0.0.0 allow-remote
Page 443 and 444:
HotSpot Gateway Document revision 4
Page 445 and 446:
for that interface: /ip hotspot add
Page 447 and 448:
You may wish not to require authori
Page 449 and 450:
While client is blocked, FTP and ot
Page 451 and 452:
set up in the server profile, and a
Page 453 and 454:
split-user-domain (yes | no; defaul
Page 455 and 456:
• deny - the authorization is req
Page 457 and 458:
• bypassed - perform the translat
Page 459 and 460:
NAT rules From /ip firewall nat pri
Page 461 and 462:
finished session • error.html - e
Page 463 and 464:
• link-login - link to login page
Page 465 and 466:
Notes If you want to use HTTP-CHAP
Page 467 and 468:
• Hotspot will ask RADIUS server
Page 469 and 470:
that they will have login-free acce
Page 471 and 472:
[admin@MikroTik] ip proxy> print en
Page 473 and 474:
path (wildcard) - name of the reque
Page 475 and 476:
esponse may be used to update previ
Page 477 and 478:
Description IP pools simply group I
Page 479 and 480:
SOCKS Proxy Server Document revisio
Page 481 and 482:
Access List Home menu level: /ip so
Page 483 and 484:
client. In this case IP address wou
Page 485 and 486:
IP address on it, and as many inter
Page 487 and 488:
Web Proxy Document revision 1.1 (We
Page 489 and 490:
Note that it may be useful to have
Page 491 and 492:
Description Access list is implemen
Page 493 and 494:
src-address (IP address | netmask)
Page 495 and 496:
This method retrieves whatever info
Page 497 and 498:
Certificate Management Document rev
Page 499 and 500:
decrypt - decrypt and cache public
Page 501 and 502:
DDNS Update Tool Document revision
Page 503 and 504:
GPS Synchronization Document revisi
Page 505 and 506:
[admin@MikroTik] system gps> print
Page 507 and 508:
Description How to Connect PowerTip
Page 509 and 510:
contrast: 0 [admin@MikroTik] system
Page 511 and 512:
MNDP Document revision 1.4 (Fri Mar
Page 513 and 514:
Description This submenu allows you
Page 515 and 516:
MikroTik RouterOS provides both - N
Page 517 and 518:
Home menu level: /system clock Note
Page 519 and 520:
• Health monitoring (RouterBOARD
Page 521 and 522:
• optimal - the BIOS tries to det
Page 523 and 524:
led3 (yes | no; default: no) - whet
Page 525 and 526:
Support Output File Document revisi
Page 527 and 528:
Command Description Notes Example S
Page 529 and 530:
0xCF8-0xCFF [PCI conf1] 0x4000-0x40
Page 531 and 532:
Only users, which are members of gr
Page 533 and 534:
Home menu level: Command name: /sys
Page 535 and 536:
Bandwidth Test Document revision 1.
Page 537 and 538:
[admin@MikroTik] tool bandwidth-ser
Page 539 and 540:
ICMP Bandwidth Test Document revisi
Page 541 and 542:
Packet Sniffer Document revision 1.
Page 543 and 544:
filter-address1 and filter-address2
Page 545 and 546:
• ospf - Open Shortest Path First
Page 547 and 548:
Packet Sniffer Host Home menu level
Page 549 and 550:
Ping Document revision 1 (Mon Jul 1
Page 551 and 552:
and press the [Tab] key: [admin@Mik
Page 553 and 554:
interface (name) - the name of the
Page 555 and 556:
Traceroute Document revision 1.8 (F
Page 557 and 558:
Network Monitor Document revision 1
Page 559 and 560:
done There are two scripts. The scr
Page 561 and 562:
eboot and on most item configuratio
Page 563 and 564:
Scripting Host Document revision 2.
Page 565 and 566:
Console commands are made of the fo
Page 567 and 568:
Variables Description RouterOS scri
Page 569 and 570:
= - greater or equal. Binary operat
Page 571 and 572:
[admin@MikroTik] interface> :put (1
Page 573 and 574:
epeatedly (yes | no) - condition, w
Page 575 and 576:
• omitted - altar LED state forev
Page 577 and 578:
3 4 5 6 7 8 9 [admin@MikroTik] > Sp
Page 579 and 580:
policy (multiple choice: ftp | loca
Page 581 and 582:
Command Description edit (name) - o
Page 583 and 584:
interval (time; default: 0s) - inte
Page 585 and 586:
Traffic Monitor Document revision 1
Page 587 and 588:
IP Telephony Document revision 2.2
Page 589 and 590:
Description IP telephony, known as
Page 591 and 592:
If autodial does not exactly match
Page 593 and 594:
name (name) - name given by the use
Page 595 and 596:
ing-cadence (text) - a 16-symbol ri
Page 597 and 598:
number of packets received by this
Page 599 and 600:
There is a possibility to enter som
Page 601 and 602:
ZZ • If nr=444, it matches the re
Page 603 and 604:
To generate a tone, frequency and c
Page 605 and 606:
• 10 - Call failed as could not f
Page 607 and 608:
0 11 phonejack1 1 _ voip1 [admin@Mi
Page 609 and 610:
Setting up the MikroTik IP Telephon
Page 611 and 612:
# DST-PATTERN VOICE-PORT PREFIX 0 3
Page 613 and 614:
• G.729a codec MUST be disabled (
Page 615 and 616:
We want to be able to use make call
Page 617 and 618:
no-ping-delay (time; default: 5m) -
Page 619 and 620:
Packages required: ups License requ
Page 621 and 622:
Notes The test begins only if the b
Page 623 and 624:
VRRP Document revision 1.4 (Fri Mar
Page 625 and 626:
advertisement packets • none - no
Page 627 and 628:
This example shows how to configure
show all

MikroTik RouterOSâ¢ v2.9

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

MikroTik RouterOSâ¢ v2.9