Internet si Intranet MTCNA

-

MikroTik RouterOS

 RouterOS is an operating system that will make your device:
• a dedicated router
• a bandwidth shaper
• a (transparent) packet filter
• any 802.11a,b/g wireless device
• The operating system of RouterBOARD
• Can be also installed on a PC
RouterBOARD is:
• Hardware created by MikroTik
• Range from small home routers to carrier-class access concentrators
First Time Access - Interconnect the router and the PC with the null modem cable and Ethernet cable
Winbox - the application for configuring RouterOS
Communication - divided into seven layers: lowest is physical layer, highest is application layer (Application, Presentation, Session, Transport, Network, Data Link, Physical)
MAC address - the unique physical address of a network device used for communication within LAN. Example: 00:0C:42:20:97:68
IP - logical address of network device used for communication over networks. Example: 159.148.60.20
Subnets
• Range of logical IP addresses that divides network into segments
• Example: 255.255.255.0 or /24
• Network address is the first IP address of the subnet
• Broadcast address is the last IP address of the subnet
• They are reserved and cannot be used
Selecting IP address
• Select IP address from the same subnet on local networks
• Especially for big network with multiple subnets
Connecting Lab
• Click on the Mac-Address in Winbox
• Default username “admin” and no password
Laptop - Router
• Disable any other interfaces (wireless) in your laptop
• Set 192.168.X.1 as IP address
• Set 255.255.255.0 as Subnet Mask
• Set 192.168.X.254 as Default Gateway
• Connect to router with MAC-Winbox
• IP - Addresses: Add 192.168.X.254/24 to Ether1
• Close Winbox and connect again using IP address
• MAC-address should only be used when there is no IP access
Router - Internet
• The Internet gateway of your class is accessible over wireless - it is an AP (access point)
• To connect you have to configure the wireless interface of your router as a station
• To see available AP use scan button
• Select class1 and click on connect
• Close the scan window
• You are now connected to AP!
• Remember class SSID class1
• The wireless interface also needs an IP address
• The AP provides automatic IP addresses over DHCP
• You need to enable DHCP client on your router to get an IP address
Laptop - Internet
• Tell your Laptop to use your router as the DNS server
• Enter your router IP (192.168.x.254) as the DNS server in laptop network settings
• Laptop can access the router and the router can access the internet, one more step is required
• Make a Masquerade rule to hide your private network behind the router, make Internet work in your laptop
Private and Public space
• Masquerade is used for Public network access, where private addresses are present
• Private networks include 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, 192.168.0.0-192.168.255.255
What Can Be Wrong
• Router cannot ping further than AP
• Router cannot resolve names
• Computer cannot ping further than router
• Computer cannot resolve names
• Is masquerade rule working
• Does the laptop use the router as default gateway and DNS
User Management
• Access to the router can be controlled
• You can create different types of users
Package Management
RouterOS functions are enabled by packages
Package Information: pag 54
Router Identity: 
Option to set name for each router: system - identity
NTP
• Network Time Protocol, to synchronize time 
• NTP Client and NTP Server support in RouterOS
Why NTP?
• To get correct clock on router
• For routers without internal memory to save clock information
• For all RouterBOARDs
Netinstall
• Used for installing and reinstalling RouterOS
• Runs on Windows computers
• Direct network connection to router is required or over switched LAN
1. List of routers
2. Net Booting
3. Keep old configuration
4. Packages
5. Install
Firewall
• Protects your router and clients from unauthorized access
• This can be done by creating rules in Firewall Filter and NAT facilities
Firewall Filter ip-firewall-filter rules
• Consists of user defined rules that work on the IF-Then principle
• These rules are ordered in Chains
• There are predefined Chains, and User created Chains
Filter Chains
• Rules can be placed in three default chains
• input  (to router)
• output (from router)
• forward (trough the router)
Input
• Chain contains filter rules that protect the 
router itself
• Let’s block everyone except your laptop
Add an accept rule for your Laptop IP address
Add a drop rule in input chain to drop everyone else
Address-List
• Address-list allows you to filter group of the addresses with one rule
• Automatically add addresses by address-list and then block
• Create different lists
• Subnets, separates ranges, one host addresses  are supported
• Add specific host to address-list
• Specify timeout for temporary service
• Ability to block by source and destination addresses
Forward
• Chain contains rules that control packets going trough the router
• Control traffic to and from the clients
• Create a rule that will block TCP port 80 (web browsing)
• Must select protocol to block ports
List of well-known ports pag 94
Create a rule that will block client’s p2p traffic
Firewall Log
• Let’s log client pings to the router
• Log rule should be added before other action
Firewall chains
• Except of the built-in chains (input, forward, output), custom chains can be created
• Make firewall structure more simple
• Decrease load of the router
Firewall chains in Action
• Sequence of the firewall custom chains
• Custom chains can be for viruses, TCP, UDP protocols, etc.
Network Address Translation (NAT)
• Router is able to change Source or Destination address of packets flowing trough it
• This process is called src-nat or dst-nat
NAT Chains
• To achieve these scenarios you have to order your NAT rules in appropriate chains: dstnat or srcnat
• NAT rules work on IF-THEN principle
DST-NAT
• DST-NAT changes packet’s destination address and port
• It can be used to direct internet users to a server in your private network
Redirect
• Special type of DST-NAT
• This action redirects packets to the router itself
• It can be used for proxying services (DNS, HTTP)
• Let’s make local users to use Router DNS cache
• Also make rule for udp protocol
SRC-NAT
• SRC-NAT changes packet’s source address
• You can use it to connect private network to the Internet through public IP address
• Masquerade is one type of SRC-NAT
SRC-NAT Limitations
• Connecting to internal servers from outside is not possible (DST-NAT needed)
• Some protocols require NAT helpers to work correctly
Firewall Tips
• Add comments to your rules
• Use Connection Tracking or Torch
Connection Tracking
• Connection tracking manages information about all active connections.
• It should be enabled for Filter and NAT
Torch - Detailed actual traffic report for interface
Firewall Actions:
Accept, Drop, Reject, Tarpit, log, add-src-to-address-list(dst), Jump, Return, Passthrough, Accept, DST-NAT/SRC-NAT, Redirect, Masquerade, Netmap
Bandwidth Limit
Simple Queue
• The easiest way to limit bandwidth:
• client download
• client upload
• client aggregate, download+upload
• You must use Target-Address for Simple Queue
• Rule order is important for queue rules
• Let’s create limitation for your laptop
• 64k Upload,  128k Download
• Check your limits
• Torch is showing bandwidth rate
Using Torch
• Select local network interface
• See actual bandwidth
Specific Server Limit
• Let’s create bandwidth limit to MikroTik.com
• DST-address is used for this
• Rules order is important
• Ping 
• Put MikroTik address to DST-address
• MikroTik address can be used as Target-address too
• DST-address is useful to set unlimited access to the local network resources
• Target-address and DST-addresses can be vice versa 
Bandwidth Test Utility
• Bandwidth test can be used to monitor throughput to remote device
• Bandwidth test works between two MikroTik routers
• Bandwidth test utility available for Windows
• Bandwidth test is available on MikroTik.com
• Server should be enabled
• It is advised to use enabled Authenticate
Bandwidth Test on Router / Bandwidth Server
• Set Test To as testing address
• Select protocol
• TCP supports multiple connections
• Authentication might be required
Traffic Priority
• Let’s configure higher priority for queues
• Priority 1 is higher than 8
• There should be at least two priority
Simple Queue Monitor
• It is possible to get graph for each queue simple rule
• Graphs show how much traffic is passed trough queue
Let’s enable graphing for Queues
Advanced Queing
• Replace hundreds of queues with just few
• Set the same limit to any user
• Equalize available bandwidth between users
Mangle
• Mangle is used to mark packets
• Separate different type of traffic
• Marks are active within the router
• Used for queue to set different limitation
• Mangle do not change packet structure (except DSCP,  TTL specific actions)
Mangle Actions
• Mark-connection uses connection tracking
• Information about new connection added to connection tracking table
• Mark-packet works with packet directly
• Router follows each packet to apply mark-packet
Optimal Mangle
• Queues have packet-mark option only
Optimal Mangle
• Mark new connection with mark-connection
• Add mark-packet for every mark-connection
PCQ
• PCQ is advanced Queue type
• PCQ uses classifier to divide traffic (from client point of view; src-address is upload, dst-address is download)
• PCQ allows to set one limit to all users with one queue
• Multiple queue rules are changed by one
• Equally share bandwidth between customers
• 1M upload/2M download is shared between users

 Wireless
• RouterOS supports various radio modules that allow communication over the air (2.4GHz and 5GHz)
• MikroTik RouterOS provides a complete support for IEEE 802.11a, 802.11b and 802.11g wireless networking standards
• Standards: IEEE 802.11b - 2.4GHz frequencies, 11Mbps, 802.11g - 2.4GHz frequencies, 54Mbps,  802.11a - 5GHz frequencies, 54Mbps, IEEE 802.11n -  draft, 2.4GHz - 5GHz
802.11 b/g Channels
• (11)  22 MHz wide channels (US)‏
• 3 non-overlapping channels
• 3 Access Points can occupy same area without interfering
802.11a Channels
• (12)  20 MHz wide channels
• (5) 40MHz wide turbo channels
Supported Bands
All 5GHz (802.11a) and 2.4GHz (802.11b/g), including small channels
Supported Frequencies
• Depending on your country regulations 
wireless card might support
• 2.4GHz: 2312 - 2499 MHz
• 5GHz: 4920 - 6100 MHz
Set wireless interface to apply your country regulations
RADIO Name
• We will use RADIO Name for the same purposes as router identity
• Set RADIO Name as Number+Your Name
Station Configuration
• Set Interface mode=station
• Select band
• Set SSID, Wireless Network Identity
• Frequency is not important for client, use scan-list
Connect List
• Set of rules used by station to select access-point
• Currently your router is connected to class access-point
• Let’s make rule to disallow connection to class access-point
• Use connect-list matchers
Access Point Configuration
• Set Interface mode=ap-bridge
• Select band
• Set SSID, Wireless 
Network Identity
• Set Frequency
Snooper wireless monitor
• Use Snooper to get total view of the wireless networks on used band
• Wireless interface is disconnected at this moment
Registration Table
• View all connected wireless interfaces
Security on Access Point
• Access-list is used to set MAC-address security
• Disable Default-Authentication to use only Access-list
Default Authentication
• Yes, Access-List rules are checked, client is able to connect, if there is no deny rule
• No, only Access-List rule are checked
• Since you have mode=station configured we are going to make lab on teacher’s router
• Disable connection for specific client
• Allow connection only for specific clients
• Let’s enable encryption on wireless network
• You must use WPA or WPA2 encryption protocols
• All devices on the network should have the same security options
• Let’s create WPA encryption for our wireless network
• WPA Pre-Shared Key is mikrotiktraining
• To view hidden Pre-Shared Key, click on Hide Passwords
• It is possible to view other hidden information, except router password
Drop Connections between clients
Default-Forwarding 
used to disable communications between clients connected to the same access-point Default Forwarding
• Access-List rules have higher priority
• Check your access-list if connection between client is working
Nstreme
• MikroTik proprietary wireless protocol
• Improves wireless links, especially long-range links
• To use it on your network, enable protocol on all wireless devices of this network
• Enable Nstreme on your router
• Check the connection status
• Nstreme should be enabled on both routers


Popular Posts

Expresii frazeologice

-
A o lua razna,  a avea ac de cojocul cuiva a calca ca pe ace a scapa ca prin urechile acului nici cat un varf de ac imbracat la patru ace a-si aduce aminte a aduce la cunostinta a aduce pe cineva la realitate a aduce vorba ce vant te aduce? a-si da aere a fi ceva in aer in aer liber a lua aer a fi in aer a ajunge cineva a-i ajunge cutitul la os a ajunge departe a ajunge de rasul lumii a ajunge pe drumuri cusut cu ata alba a avea zile albe a-i iesi peri albi negru pe alb noapte alba pana in panzele albe apa chioara a baga pe cineva la apa a da apa la moara a se duce pe apa sambetei a se face o apa si un pamant a fi numai o apa a-i lasa gura apa a lasa in apele lui a pescui in ape tulburi a scoate apa din piatra seaca a arde de dor a sari ca ars asa si asa asa ca asa-i cantecul asa si pe dincolo azi asa, miine asa cam asa atat e de mine atata paguba atat iti trebuie cu atat mai vartos nici atat a avea cautare a avea carlig
Read more

Corespondenta economica

-
1) Noţiuni generale despre corespondenţă. Noţiunea de corespondenţă semnifică schimbul de scrisori realizat de persoane fizice sau juridice cu scopul de a transmite un mesaj sau informaţie. Corespondenţa realizată dintre 2 persoane fizice poate fi neoficială sau privată. Corespondenţa oficială include scrisorile şi actele care servesc ca mijloc de legătură şi schimb de informaţie între persoanele juridice sau între cele fizice şi cele juridice. Corespondenţa oficială soluţionează probleme cu conţinut juridic, organizatoric, diplomatic, administrativ etc., în fiecare dintre ele prevalând caracterul economic al conţinutului, ca rezultat firesc al unei economii în continuă dezvoltare. Corespondenţa economică cuprinde totalitatea scrisorilor dintre agenţii economici, cu scopul de promovare a schimbărilor sau a noutăţilor economice. Ca disciplină de studiu, corespondenţa are drept scop însuşirea de către cei care îşi desfăşoară (sau îşi vor desfăşura)  activitatea în administraţia pub
Read more

Exam la filozofie: Primele 24 intrebari

-
1.    Filosofia ca concepţie despre lume şi modalitate de gândire. Corelaţia dintre filosofie şi alte forme de cultură: mitologie, religie, ştiinţă. Filosofia şi ştiinţa economică. Filozofia este o concepție generalг despre lume și viațг: opinii, viziuni, cunostinte, aprecieri despre lume si sine, raport om-lume, norme comportament. structura Conceptului: cunostinte, aprecieri, convingeri, idealuri , scopuri. Mitologia (mituri, povestiri, poeme, credinte in eroi, zeitati), religia (bazate pe mituri insa e mai complex: credinta, dogme, ritualuri, organizatii), filosofia (totalitatea cunostintelor nereligioase, laice), Stiinta (studiul naturii prin observație și raționament) prezinta conceptii despre lume; Economia este o știință social care studiaza aspectul economic al lumii cu ajutorul metodelor stiintifice cantitative si calitative axindu-se pe producția și desfacerea, comerțul și consumul de bunuri și servicii. Insa bazele acestei stiinte ca si a celorlalte stiinte au fost puse ma
Read more

Analiza economico - financiara

-
1. Obiectul analizei: economia entitatilor; studierea indicatorilor, factorilor, rezervelor de imbunatatire, cauzelor, conditiilor AEF a entitatii. Componentele: indicatorii, factorii, rezervele interne, resursele si nivelul de folosire a lor. 2. Metoda compararii permite de a caracteriza fenomenul studiat prin prisma altor fenomene sau procese; studiaza schimbarile ce au loc in obiectele si fenomenele studiate, caracterul si tendintele dezvoltarii lor. Feluri de comparare: compararea marimilor efective cu cele de plan ale perioadei analizate; se aplica la efectuarea controlului si aprecierii indeplinirii planului; compararea marimilor efective cu cele normate; se aplica pentru efectuarea controlului asupra consumurilor, pentru a evidentia economia sa asupra consumului de resurse, pentru a aprecia eficienta utilizarii lor in productie; in timp: se raporta cu datele din alte perioade anterioare; in spatiu: rezultatele entitatii se compara cu cele ale altor entitati din aceeasi
Read more

Motive

-
Motivul literar const ă î ntr-un simbol, o idee, o imagine reluate sau subliniate cu insisten ţă ş i care contribuie la definirea mesajului unei opere. Motive flotante: carpe diem (traieste clipa), vanitas vanitatum (desertaciunea desertaciunilor), fortuna labilis (soarta schimbatoare), fugit irreparabile tempus (curgerea ireversibila a timpului), jertfa in numele creatiei, lumea ca teatru Obiecte: motive acvatice (izvorul, lacul, marea, ploaia, lacrima; apa vie/apa moart ă ; z ă pada), motivul focului, al pietrei (pre ţ ioase), motive vegetale (iarba; motive florale: floarea albastr ă , crinul, trandafirul…; arborele sacru: teiul, salc â mul, bradul, gorunul…); motive terestre (codrul, gr ă dina, muntele, dealul), motive astrale (steaua, luceaf ă rul, luna, soarele, norul); motivul obiectelor fermecate (palo ş ul fermecat, armura tat ă lui, oglinda, peria, basmaua…) obiecte simbolice ( cartea -simbol cultural, treapta -simbol ascensiv, oglinda -simbol al reflect ă rii
Read more

Integrale

-
Image
Tabelul integralelor functiilor elementare: Metoda integrarii prin parti : ∫udv = uv - ∫vdu ex: ∫(2x+1)sinxdx Notam: u = 2x+1 du = (2x+1)'dx = 2dx dv = sinx dx v = ∫dv = ∫sinx dx = - cosx + c Metoda substitutiei sau metoda schimbului de variabila: 1. Substituim radicalul cu t ; 2. Exprimam x prin t ; 3. Calculam dx ; (La integrala definita se calculeaza si limitele noi de integrare) 4. Inlocuim in integrala. Metoda coeficientilor nedeterminati: ∆>0   ∫(2x-1)dx/(x+2)(x+3);  A/(x+2) + B/(x+3) A(x+3)+B(x+2)=2x+1 (A+B)x-(3A+2B)=2x-1 ∆<0 1. Facem coeficientii sa fie 1; 2. Calculam diferentiala expresiei de jos si o organizam sus la numarator; 3. Despartim in 2 fractii si 2 integrale; 4. In prima integrala inlocuim diferentiala prin expresia obtinuta mai sus si obtinem formula de integrare n7; 5. In a 2-a integrala la numitor separam un patrat perfect si obtinem formula de integrare n10. Calcularea unor integrale din functii trigonometrice: ex: ∫dx/(sinx+3cosx+2) Formule
Read more

Finantele Intreprinderii exam

-
1.        Conceptul privind finanţele întreprinderii şi rolul acestora la nivel macroeconomic Finanțele întreprinderii- ansamblul de relații economice care îmbracă forma bănească ce apare în legatură cu formarea și repartizarea fondurilor. Finanțele reprezintă exprimarea valorică, prin bani, a căror semnificație s-a conturat sub impactul dezvoltării schimbului de mărfuri. Cuvîntul ”finanțe” este de origine latină ”finatio”, ”financias”, ”financia pecuniară”- plată în bani. 2.        Factorii care influenţează organizarea activităţii financiare la întreprindere * forma de proprietate : în funcție de care  apar deosebiri în sursele și metodele de construire a fondurilor * particularitățile procesului de producție : în funcție de care apar deosebiri in structura capitalului fix și circulant * Condițiile pieții: a)piața de capital:care influenț.capacit. de împrumuta întrepr.prin nivelul ratei dobînzii b)piața consumatorilor:cererea infl.nivelul vînzării întrepr.; iar of
Read more

Dreptul Afacerilor T1

-
1. Conceptii generale privind dreptul privat Dreptul reprezintă sistemul normelor juridice, adoptate sau acceptate de către stat, care reglementează cele mai importante relaţii sociale, în scopul organizării şi disciplinării comportamentului uman, conform unor valori şi unor standarde sociale recunoscute, stabilind drepturi, libertăţi şi obligaţiuni juridice a căror realizare practică este asigurată, în caz de necesitate prin forţa de constrîngere a statului. In ceea ce priveste structura dreptului o importanta diviziune  este aceea in drept public si drept privat. D reptul public este acecla care se refera la interesele statului, iar dreptul privat este acela care se refera la interesele diferitelor persoane . Această diviziune a dreptului priveşte atît dreptul naţionali (intern) cît şi dreptul internaţional. In esenta dreptul international are aceiasi caracteristici ca ale dreptului in general, in sensul ca emana de la state ca autoritati sociale competente sa elabo
Read more

Genuri si specii

-
Genul liric Ex.: Eu nu strivesc corola de minuni a lumii’’ de Lucian Blaga Specii ale genului liric: *Elegie-specie a genului liric cult, meditative, care e pătrunsă de o tristeţe, melancolie, jale, deznădejde printr-o filosofe profundă, intr-o atmosfera de adînci framintari existentiale(sin prezente metafore si simboluri.). Ex.: ,,Trecut-au anii’’ de Mihai Eminescu, ,,11 elegii’’ de Nichita Stanescu *Romanta- cantec specific doar românilor, trist,melancolic, sentimental. *Meditatie- specie a genului liric, cu caracter filosofic in care sint puse probleme , teme mari, legate de existenta omului: binele, raul, (societatea) trecerea timpului, conditia geniului, viata, nasterea, moartea- ca element al destinului. Ex.: ,,La steaua’’ de Mihai Eminescu, ,,De ce-as fi trist’’ de Tudor Arghezi *Satira- specie a genului liric in care sunt biciuite defectele morale ale oamenilor sau ale societatii cu intentii moralizatoare. Ex.: ,,Satira Duhului meu’’ de G.Alexandrescu; ,,O scrisoare pierduta’
Read more

Integrarea Economica

-
1. Conceptul de integrare economică internaţională: noţiuni şi esenţă. Integrarea economică internaţională - procesul complex de realizare a interdependenţelor economice dintre economiile naţionale, proces care se concretizează în formarea şi funcţionarea unor organizaţii regionale, subregionale, zonale etc., cu caracter economic al statelor interesate, urmărindu-se dezvoltarea economică durabilă şi adâncirea colaborării economice şi de alt gen dintre statele respective. Integrarea economică internaţională poate fi considerată o modalitate calitativ superioară de colaborare economică a ţărilor, un răspuns la problemele complexe şi variate cu care se confruntă statele lumii în condiţiile adâncirii interacţiunii economice internaţionale şi care impun soluţii adecvate de colaborare economică. Procesul de integrare economică internaţională are la bază instituţionalizarea activităţii de colaborare economică a statelor participante. Structura şi mecanismele de funcţionare ale acest
Read more