Scribd
Upload
21 views39 pages

Mikrotik Firewall Trainingpdf Compress

The document provides a comprehensive training guide on MikroTik RouterOS, covering basics, configuration, firewall setup, bandwidth management, local network management, VPN routing, and troubleshooting. It outlines the requirements for training and objectives, including fundamental networking concepts and practical configurations. Additionally, it includes detailed instructions for various RouterOS features and management tasks.

Uploaded by

rishikesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views39 pages

Mikrotik Firewall Trainingpdf Compress

The document provides a comprehensive training guide on MikroTik RouterOS, covering basics, configuration, firewall setup, bandwidth management, local network management, VPN routing, and troubleshooting. It outlines the requirements for training and objectives, including fundamental networking concepts and practical configurations. Additionally, it includes detailed instructions for various RouterOS features and management tasks.

Uploaded by

rishikesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

Indirect Manager: Mr.

Glenn Miller
Direct Manager: Mr. Chhann Sokob
Supervisor: Mr. Im Somara
Team Member: Mr. Heng Vichet
Mr. Sous Vichea
Mrs. Yun Sophearum
Trainer: Mr. Va Vandy

4/12/2012 1
Content

1. MikroTik RouterOS ‐ Basics


2. MikroTik RouterOS ‐ Basic Configuration
3. MikroTik RouterOS ‐ Firewall and Web‐Proxy
4. MikroTik RouterOS ‐ Bandwidth Limit
5. MikroTik RouterOS ‐ Local Network Management
6. MikroTik RouterOS – Routing for VPN
7. MikroTik RouterOS ‐ Troubleshooting

4/12/2012 2
Requirements & Objective
1. Requirements
 Network basics
 TCP/IP Basics
 Internet & VPN technologies
2. Objective of training
 Fundamentals / Basics
 Firewalling
 Quality of Service
 Virtual Private Networks

4/12/2012 3
MikroTik‐routerOS‐Basic
1. Advance of Router
 Networking device that forwards the data packets.
 Routing occurs at Network layer.
 Acts as a junction between two or more networks.
 Different from a Switch and a Hub.
2. RouterOS and its Features
 It is a router operating system and software which turns a regular PC
into a dedicated router
 Router
 Bandwidth Control
 Firewall
 Hot‐Spot Gateway
 VPN Server/Client
 Wireless AP/Router
 All in one box

4/12/2012 4
MikroTik‐routerOS‐Basic
3. Router may be managed through the following
interfaces:
 Local terminal console
 Serial console
 Telnet
 SSH ‐ SSH (secure shell)
 MAC Telnet
 Winbox (Popular)

4/12/2012 5
MikroTik‐routerOS‐Basic
 WinBox remote to MKT

4/12/2012 6
MikroTik‐routerOS‐Basic
 WinBox Interface

4/12/2012 7
MikroTik‐routerOS‐Basic Structure
 Internet Structure with P3oE Client/IPBase
Connection

4/12/2012 8
MikroTik RouterOS ‐ Basic Configuration
1. Interface Description (Name)
2. Create Virtual Interface (Bridge & Switch port)
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
4. DNS & DHCP server configuration
5. Setup of IP Masquerading
6. Network Time Protocol (NTP) to synchronize clock
7. Configuration backup and export of selected settings
8. MikroTik licenses

4/12/2012 9
MikroTik RouterOS ‐ Basic Configuration
1. Interface Description (Name)
 Click Interfaces  General Tab  Name  Apply OK

4/12/2012 10
MikroTik RouterOS ‐ Basic Configuration
2. Create Virtual Interface (Bridge & Switch port)
a) Create Bridge
 Click Bridge  Bridge Tab  Add  General Tab  Name (Input
Bridge Name)  Apply  OK

4/12/2012 11
MikroTik RouterOS ‐ Basic Configuration
2. Create Virtual Interface (Bridge & Switch port)
 Click Bridge  Bridge Tab  Add  General Tab  Name
(Input Bridge Name)  Apply  OK

4/12/2012 12
MikroTik RouterOS ‐ Basic Configuration
2. Create Virtual Interface (Bridge & Switch port)
b) Add interface to bridge
 Click Bridge  Port Tab  Add  General Tab  Interface(Num)
 Select Bridge Name  Apply  OK

4/12/2012 13
MikroTik RouterOS ‐ Basic Configuration
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
 Set up WAN (IPBase‐IP Address)
 Click IP Select Address  Add  Address
(110.74.204.40/27)  Select Interface  Apply  OK

4/12/2012 14
MikroTik RouterOS ‐ Basic Configuration
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
 Set up WAN (IPBase‐Gateways)
 Click IP Select Routes  Add  Dst. Address
(0.0.0.0/0)  Gateways (110.74.204.62)  Apply  OK

4/12/2012 15
MikroTik RouterOS ‐ Basic Configuration
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
 Set up WAN (PPPoE Client)
 Click PPP Interface Tab  Add PPPoE Client 
General Tab  Select Interface Name(Ezecom‐Conn)
Max MTU (1454)  Select Interface  Dial Out Tab User
and password (SIP Account)  Other Option
(Default)Apply  OK

4/12/2012 16
MikroTik RouterOS ‐ Basic Configuration
3. Router configuration ‐ set ip addresses WAN(P3oE or
IPBase) and LAN
 Set up WAN (PPPoE Client)

4/12/2012 17
MikroTik RouterOS ‐ Basic Configuration
4. DNS & DHCP server configuration
a) DSN Server
 Click IP  Select DNS  Setting  type server ip  Tick
Allow Remote Request Apply  OK

4/12/2012 18
MikroTik RouterOS ‐ Basic Configuration
4. DNS & DHCP server configuration
a) DHCP Process

4/12/2012 19
MikroTik RouterOS ‐ Basic Configuration
4. DNS & DHCP server configuration
a) DHCP Server
 Click IP  Select DHCP  DHCP Setup  Select DHCP
Server interface(LAN)  Next DHCP Address Space
(192.168.1.0/24) Next  Gateway for DHCP(LAN ip)
Next  Address to Give Out  Next  DNS Server  Next
 Lease time(3d:00:00:00)  Next  OK

4/12/2012 20
MikroTik RouterOS ‐ Basic Configuration
5. Setup of IP Masquerading
 Click IP  Firewall  Tab NAT  Add  General Tab
 Chain (Scrnat)  Interface Out(Ether‐WAN or P3oE
Client Name)  Action Tab  Apply  OK

4/12/2012 21
MikroTik RouterOS ‐ Basic Configuration
6. Network Time Protocol (NTP) to synchronize clock
 NTP Client
 Click System  Select SNTP Client  Tick Enable  Mode
(Unicast)  Primary NTP & Secondary of ISP Apply  OK

4/12/2012 22
MikroTik RouterOS ‐ Basic Configuration
6. Network Time Protocol (NTP) to synchronize clock
 Clock/ Time zone
 Click System  Clock  Time Tab  Time zone name
(Asia/Phnom Penh)  Manual Time Zone Time
Zone(+07:00)Apply  OK

4/12/2012 23
MikroTik RouterOS ‐ Basic Configuration
7. Configuration backup and export of selected settings
a) Backup Configuration
 Click Files  Click Backup

b) Restore Configuration
 Click Files  Select on Backup file  Click on Restore

4/12/2012 24
MikroTik RouterOS ‐ Basic Configuration
9. MikroTik licenses
 Click System  Licenses: Software ID, Upgradealbe To, Level

4/12/2012 25
MikroTik RouterOS ‐ Firewall and Web Proxy
1. Enable proxy server
 Go to New Terminal

4/12/2012 26
MikroTik RouterOS ‐ Firewall and Web Proxy
1. Create Filter Rule and NAT for proxy server
 Firewall RULE Drop
 Click IP  Firewall  Filter Rules Tab Add 
Chain(input)  Protocol(tcp)  Dst.Port (8080) 
In.Interface (WAN)  Action Tab Action (Drop)  Apply 
Ok

4/12/2012 27
MikroTik RouterOS ‐ Firewall and Web Proxy
1. Create Filter Rule and NAT for proxy server
 NAT RULE
 Click IP  Firewall  NAT Tab  Add  Chain(dsnat) 
Protocol(tcp)  Dst.Port (80)  Action Tab  Action(dst‐
nat)  To Address (192.168.20.1) To port (8080) Apply 
Ok

4/12/2012 28
MikroTik RouterOS ‐ Firewall and Web Proxy
1. Create Filter Rule and NAT for proxy server
 Block Web Site
 Click IP  General Tab  Click Access  Add  Dst.
Host (web site www.facebook.com)  Action (Deny)  Apply
 OK

4/12/2012 29
MikroTik RouterOS ‐ Bandwidth Limit
1. Simple Queues
 Click Queues  Simple Queues Tab Add  Name(IP‐
19)  Target Address (192.168.20.19)  Max.
Limit(Up/Down)  Apply  OK

4/12/2012 30
MikroTik RouterOS ‐ Local Network Management
1. Address Resolution Protocol (ARP)
a) The ARP protocol provides two basic functions:
 Resolving IPv4 addresses to MAC addresses
 Maintaining a cache of mappings
b) ARP Process
 ARP request(Broadcast)
 ARP reply(unicast)

4/12/2012 31
MikroTik RouterOS ‐ Local Network Management
2. DHCP server with dynamic and static IP address
allocation
 Lease Time (DHCP client)

4/12/2012 32
MikroTik RouterOS – Routing for VPN
1. VPN Sample

4/12/2012 33
MikroTik RouterOS – Routing for VPN
2. Routing (Static Route): We configure route depend
on customer’s requirement or actual situation.
3. Verify static in routing table

4/12/2012 34
MikroTik RouterOS – Routing for VPN
3. Add Static route in MKT
 Click IP  Routes  Add  Dst. Address
(192.168.2.0/24) & Gateways (10.82.253.194)  Apply OK

4. Add Default route in MKT


 Click IP  Routes  Add  Dst. Address (0.0.0.0/0) &
Gateways (10.82.253.200)  Apply OK

4/12/2012 35
MikroTik RouterOS ‐ Troubleshooting
1. Check Physical Network
a) Cable, Connector, Router and Modem
2. Logical (Configuration)
a) Router Resource
 CPU
 Member
 Disk
b) Router Interface & Queue
 P3oE interface
 Queue limitation
3. More Practice
4/12/2012 36
MikroTik RouterOS ‐ Troubleshooting
1. Suggestion (except customer have IT guy)
a) Username and password router

 Power User(Full)
• Username: admin
• Password: net@admin
 Privilege User(Write)
• Username: ezecom
• Password: ezecomit

4/12/2012 37
MikroTik RouterOS ‐ References
1. http://www.mikrotik.com/
2. http://wiki.mikrotik.com/wiki/Manual:TOC
3. http://www.ispsupplies.com/mikrotik‐license‐
levels.html
4. http://gregsowell.com/?p=680
5. https://powercode.fogbugz.com/default.asp?W37

4/12/2012 38
Thank for your attention

4/12/2012 39

You might also like