Scribd Logo
Upload

Welcome to Scribd!

  • Mikrotik Firewall Training PDF

    Uploaded by

    Vichet Heng
    2K views39 pages

    Original Title

    Mikrotik Firewall Training.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2K views39 pages

    Mikrotik Firewall Training PDF

    Uploaded by

    Vichet Heng

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 39

    IndirectManager:

    DirectManager:
    Supervisor:
    TeamMember:

    Trainer:

    4/12/2012

    Mr.GlennMiller
    Mr.ChhannSokob
    Mr.ImSomara
    Mr.HengVichet
    Mr.SousVichea
    Mrs.YunSophearum
    Mr.VaVandy

    Content

    1. MikroTikRouterOSBasics
    2. MikroTikRouterOSBasicConfiguration
    3. MikroTikRouterOSFirewallandWebProxy
    4. MikroTikRouterOSBandwidthLimit
    5. MikroTikRouterOSLocalNetworkManagement
    6. MikroTikRouterOSRoutingforVPN
    7. MikroTikRouterOSTroubleshooting

    4/12/2012
    2

    Requirements&Objective
    Requirements

    1.

    Networkbasics
    TCP/IPBasics
    Internet&VPNtechnologies

    2. Objectiveoftraining

    4/12/2012

    Fundamentals/Basics
    Firewalling
    QualityofService
    VirtualPrivateNetworks

    MikroTikrouterOSBasic
    AdvanceofRouter
    Networkingdevicethatforwardsthedatapackets.
    RoutingoccursatNetworklayer.
    Actsasajunctionbetweentwoormorenetworks.
    DifferentfromaSwitchandaHub.
    2. RouterOSanditsFeatures
    ItisarouteroperatingsystemandsoftwarewhichturnsaregularPC
    intoadedicatedrouter
    Router
    BandwidthControl
    Firewall
    HotSpotGateway
    VPNServer/Client
    WirelessAP/Router
    Allinonebox

    1.

    4/12/2012

    MikroTikrouterOSBasic
    3. Routermaybemanagedthroughthefollowing

    interfaces:
    Localterminalconsole
    Serialconsole
    Telnet
    SSHSSH(secureshell)
    MACTelnet
    Winbox(Popular)

    4/12/2012

    MikroTikrouterOSBasic
    WinBoxremotetoMKT

    4/12/2012

    MikroTikrouterOSBasic
    WinBoxInterface

    4/12/2012

    MikroTikrouterOSBasicStructure
    InternetStructurewithP3oEClient/IPBase

    Connection

    4/12/2012

    MikroTikRouterOSBasicConfiguration
    1.
    2.
    3.
    4.
    5.
    6.
    7.
    8.

    InterfaceDescription(Name)
    CreateVirtualInterface(Bridge&Switchport)
    RouterconfigurationsetipaddressesWAN(P3oEor
    IPBase)andLAN
    DNS&DHCPserverconfiguration
    SetupofIPMasquerading
    NetworkTimeProtocol(NTP)tosynchronizeclock
    Configurationbackupandexportofselectedsettings
    MikroTiklicenses

    4/12/2012

    MikroTikRouterOSBasicConfiguration
    InterfaceDescription(Name)

    1.

    ClickInterfacesGeneralTabNameApplyOK

    4/12/2012

    10

    MikroTikRouterOSBasicConfiguration
    2. CreateVirtualInterface(Bridge&Switchport)
    CreateBridge

    a)

    4/12/2012

    ClickBridgeBridgeTabAddGeneralTabName(Input
    BridgeName)ApplyOK

    11

    MikroTikRouterOSBasicConfiguration
    2. CreateVirtualInterface(Bridge&Switchport)

    4/12/2012

    ClickBridgeBridgeTabAddGeneralTabName
    (InputBridgeName)ApplyOK

    12

    MikroTikRouterOSBasicConfiguration
    2. CreateVirtualInterface(Bridge&Switchport)
    Addinterfacetobridge

    b)

    ClickBridgePortTabAddGeneralTabInterface(Num)
    SelectBridgeNameApplyOK

    4/12/2012

    13

    MikroTikRouterOSBasicConfiguration
    3. RouterconfigurationsetipaddressesWAN(P3oEor

    IPBase)andLAN
    SetupWAN(IPBaseIPAddress)

    ClickIPSelectAddressAddAddress
    (110.74.204.40/27)SelectInterfaceApplyOK

    4/12/2012

    14

    MikroTikRouterOSBasicConfiguration
    3. RouterconfigurationsetipaddressesWAN(P3oEor

    IPBase)andLAN
    SetupWAN(IPBaseGateways)

    ClickIPSelectRoutesAddDst.Address
    (0.0.0.0/0)Gateways(110.74.204.62)ApplyOK

    4/12/2012

    15

    MikroTikRouterOSBasicConfiguration
    3. RouterconfigurationsetipaddressesWAN(P3oEor

    IPBase)andLAN
    SetupWAN(PPPoEClient)

    ClickPPPInterfaceTabAddPPPoEClient
    GeneralTabSelectInterfaceName(EzecomConn)
    MaxMTU(1454)SelectInterfaceDialOutTabUser
    andpassword(SIPAccount)OtherOption
    (Default)ApplyOK

    4/12/2012

    16

    MikroTikRouterOSBasicConfiguration
    3. RouterconfigurationsetipaddressesWAN(P3oEor

    IPBase)andLAN
    SetupWAN(PPPoEClient)

    4/12/2012

    17

    MikroTikRouterOSBasicConfiguration
    4. DNS&DHCPserverconfiguration
    a) DSNServer

    ClickIPSelectDNSSettingtypeserveripTick
    AllowRemoteRequestApplyOK

    4/12/2012

    18

    MikroTikRouterOSBasicConfiguration
    4. DNS&DHCPserverconfiguration
    a) DHCPProcess

    4/12/2012

    19

    MikroTikRouterOSBasicConfiguration
    4. DNS&DHCPserverconfiguration
    a) DHCPServer

    ClickIPSelectDHCPDHCPSetupSelectDHCP
    Serverinterface(LAN)NextDHCPAddressSpace
    (192.168.1.0/24)NextGatewayforDHCP(LANip)
    NextAddresstoGiveOutNextDNSServerNext
    Leasetime(3d:00:00:00)NextOK

    4/12/2012

    20

    MikroTikRouterOSBasicConfiguration
    5. SetupofIPMasquerading

    4/12/2012

    ClickIPFirewallTabNATAddGeneralTab
    Chain(Scrnat)InterfaceOut(EtherWANorP3oE
    ClientName)ActionTabApplyOK

    21

    MikroTikRouterOSBasicConfiguration
    6. NetworkTimeProtocol(NTP)tosynchronizeclock
    NTPClient

    ClickSystemSelectSNTPClientTickEnableMode
    (Unicast)PrimaryNTP&SecondaryofISPApplyOK

    4/12/2012

    22

    MikroTikRouterOSBasicConfiguration
    6. NetworkTimeProtocol(NTP)tosynchronizeclock
    Clock/Timezone

    ClickSystemClockTimeTabTimezonename
    (Asia/PhnomPenh)ManualTimeZoneTime
    Zone(+07:00)ApplyOK

    4/12/2012

    23

    MikroTikRouterOSBasicConfiguration
    7. Configurationbackupandexportofselectedsettings
    a) BackupConfiguration

    ClickFilesClickBackup

    b) RestoreConfiguration

    ClickFilesSelectonBackupfileClickonRestore

    4/12/2012

    24

    MikroTikRouterOSBasicConfiguration
    9. MikroTiklicenses

    ClickSystemLicenses:SoftwareID,UpgradealbeTo,Level

    4/12/2012

    25

    MikroTikRouterOSFirewallandWebProxy
    1.

    Enableproxyserver
    GotoNewTerminal

    4/12/2012

    26

    MikroTikRouterOSFirewallandWebProxy
    1.

    CreateFilterRuleandNATforproxyserver
    FirewallRULEDrop

    4/12/2012

    ClickIPFirewallFilterRulesTabAdd
    Chain(input)Protocol(tcp)Dst.Port(8080)
    In.Interface(WAN)ActionTabAction(Drop)Apply
    Ok

    27

    MikroTikRouterOSFirewallandWebProxy
    1.

    CreateFilterRuleandNATforproxyserver
    NATRULE

    ClickIPFirewallNATTabAddChain(dsnat)
    Protocol(tcp)Dst.Port(80)ActionTabAction(dst
    nat)ToAddress(192.168.20.1)Toport(8080)Apply
    Ok

    4/12/2012

    28

    MikroTikRouterOSFirewallandWebProxy
    1.

    CreateFilterRuleandNATforproxyserver
    BlockWebSite

    ClickIPGeneralTabClickAccessAddDst.
    Host(websitewww.facebook.com)Action(Deny)Apply
    OK

    4/12/2012

    29

    MikroTikRouterOSBandwidthLimit
    1. SimpleQueues

    ClickQueuesSimpleQueuesTabAddName(IP
    19)TargetAddress(192.168.20.19)Max.
    Limit(Up/Down)ApplyOK

    4/12/2012

    30

    MikroTikRouterOSLocalNetworkManagement
    1.

    AddressResolutionProtocol(ARP)
    a) TheARPprotocolprovidestwobasicfunctions:

    ResolvingIPv4addressestoMACaddresses
    Maintainingacacheofmappings

    ARPProcess

    b)

    ARPrequest(Broadcast)
    ARPreply(unicast)

    4/12/2012

    31

    MikroTikRouterOSLocalNetworkManagement
    2. DHCPserverwithdynamicandstaticIPaddress

    allocation
    LeaseTime(DHCPclient)

    4/12/2012

    32

    MikroTikRouterOSRoutingforVPN
    1. VPNSample

    4/12/2012

    33

    MikroTikRouterOSRoutingforVPN
    2. Routing(StaticRoute):Weconfigureroutedepend

    oncustomersrequirementoractualsituation.
    3. Verifystaticinroutingtable

    4/12/2012

    34

    MikroTikRouterOSRoutingforVPN
    3. AddStaticrouteinMKT

    ClickIPRoutesAddDst.Address
    (192.168.2.0/24)&Gateways(10.82.253.194)ApplyOK

    4. AddDefaultrouteinMKT

    ClickIPRoutesAddDst.Address(0.0.0.0/0)&
    Gateways(10.82.253.200)ApplyOK

    4/12/2012

    35

    MikroTikRouterOSTroubleshooting
    1. CheckPhysicalNetwork
    a) Cable,Connector,RouterandModem
    2. Logical(Configuration)
    a) RouterResource

    CPU
    Member
    Disk

    RouterInterface&Queue

    b)

    P3oEinterface
    Queuelimitation

    3. MorePractice

    4/12/2012

    36

    MikroTikRouterOSTroubleshooting
    1. Suggestion(exceptcustomerhaveITguy)
    a) Usernameandpasswordrouter

    PowerUser(Full)

    Username:admin
    Password:net@admin

    PrivilegeUser(Write)

    Username:ezecom
    Password:ezecomit

    4/12/2012

    37

    MikroTikRouterOSReferences
    1.
    2.
    3.
    4.
    5.

    http://www.mikrotik.com/
    http://wiki.mikrotik.com/wiki/Manual:TOC
    http://www.ispsupplies.com/mikrotiklicense
    levels.html
    http://gregsowell.com/?p=680
    https://powercode.fogbugz.com/default.asp?W37

    4/12/2012

    38

    Thankforyourattention

    4/12/2012

    39

    You might also like