Allied Telesis AT-WR4500 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Allied Telesis AT-WR4500. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Allied Telesis AT-WR4500 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Allied Telesis AT-WR4500 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Allied Telesis AT-WR4500 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Allied Telesis AT-WR4500
- nom du fabricant et année de fabrication Allied Telesis AT-WR4500
- instructions d'utilisation, de réglage et d’entretien de l'équipement Allied Telesis AT-WR4500
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Allied Telesis AT-WR4500 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Allied Telesis AT-WR4500 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Allied Telesis en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Allied Telesis AT-WR4500, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Allied Telesis AT-WR4500, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Allied Telesis AT-WR4500. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    PN 613-0 00813 Rev. B AT-WR4500 Series IEEE 802.11abgh O utdoor Wireles s Rou ters RouterOS v3 Configu ration and U ser Gu ide[...]

  • Page 2

    2 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Copyright © 2009 Allied Telesis International All rights r eserved. No part of this pu blication m ay be reproduce d without pr ior written permission from Allied Teles is International. Microsoft and Internet Explorer are registered t rade[...]

  • Page 3

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 3 RouterOS v3 Con figuration a nd User Gui de LIMITATION OF LIABILITY AND DAMAGES THE PRODUCT AND THE SOFTWARES WITHIN ARE PROVIDED "AS IS," BASIS. THE MANUFACTURER AND MANUFAC TURER’S RESE LLERS (C OLLECTIVELY REFERRED TO A S “THE SELLERS”) DISC LAIM ALL WARR ANTIES, EX[...]

  • Page 4

    4 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de C ONTENTS 1 Introduction ........... ............ ............. ................ ............. ............ .................. ............ ............. ............ .................. ....... 12 1.1 Features ..................... .........[...]

  • Page 5

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 5 RouterOS v3 Con figuration a nd User Gui de 4.3.15 Network Scan .............. ............ ................. ............ ............. ............ .................. ............. ............ ...... 55 4.3.16 Security Profiles ................... ............ ................ ....[...]

  • Page 6

    6 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 6.1.2 DHCP Client Setu p................ ............ ................. ............ ............ ............. .................. ............ ..... 117 6.1.3 DHCP Server Set up ................. ............. ................ ............ [...]

  • Page 7

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 7 RouterOS v3 Con figuration a nd User Gui de 8.5.3 Monitoring L2 TP Client ................... ............... ............. ............ ............. .................. ............ ...... 163 8.5.4 L2TP Server Setup .............. ............ ................ ............. ........[...]

  • Page 8

    8 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.1.5 HotSpot User Profiles ...................... ............... ............. ............ ............ .................. ............. .......2 29 10.2 HotSpot Users .................... ............. ............ .................. ..[...]

  • Page 9

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 9 RouterOS v3 Con figuration a nd User Gui de F IGURES Figure 1: AT-WR4 500 Ser ies typical application ............. ............. ............ ............. ................. ............. ............ ............. ........12 Figure 2: WinBo x Loader dis covering ......... ..........[...]

  • Page 10

    10 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de P REFACE Purpose of Th is Guid e This guide describes the AT-WR450 0 Series Outdoor Wi reless Rou ters Rout erOS command structure and configuratio n for allowin g users or networ k managers to corr ectly configure t he router getting th e [...]

  • Page 11

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 11 RouterOS v3 Con figuration a nd User Gui de C ONTACTING A LLIED T ELESIS This section provides Allied Telesis contact information for technical supp ort as well as sales and corporate infor mation. Online Sup port You can requ est technical supp ort online by accessing the Allied Tel[...]

  • Page 12

    12 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 1 Intr oduc tion Thank you for p urchasing an AT-WR450 0 series Wireless Router .     Please refer to th e ATWR45xx Quick Installation Guid e for infor mation on how t o install connec t and initially setup each rou ter model. T[...]

  • Page 13

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 13 RouterOS v3 Con figuration a nd User Gui de 1.1 F eatur es The AT-WR450 0 series Rout erOS firmware is very rich of features and very flexible. Among oth ers: • Real IP routing fu nctionalities • 2.4 GHz and 5 GHz dual band operation s • IEEE 802 .11a/b/g/h compliant • Certif[...]

  • Page 14

    14 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 2 Conf iguring RouterOS 2.1 Logging in the A T -WR4500 Rout er There are m any options for a ccessing your AT-WR450 0 Router command f acility: • Accessing t he router Co mmand Lin e Interface e ither via T elnet or SSH using any t ext-mo[...]

  • Page 15

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 15 RouterOS v3 Con figuration a nd User Gui de Figure 3: Win Box main wi ndow Select f rom t he menu bar located in th e left most part of the window the comman d or menu that you want to access and st art con figuring th e equip ment. For instance you can click on th e “New Termin al[...]

  • Page 16

    16 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de After log ging int o th e rou ter you will be present ed with the Router OS™ Welco me Scre en an d command prompt, fo r example: AA TTTTTTTTT TTTTTTTTT oo ooo AA AAA TTTTTTTT TTTTTTT oooo oooo AAAA AAAA TTTTT TTT I ooo ooo AAAAAA AAAAA TT[...]

  • Page 17

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 17 RouterOS v3 Con figuration a nd User Gui de A comm and or an argument does not need to be completed, if it is not ambiguou s. Fo r e xample, instead of typing interf ace you can t ype just in or int . To complete a command use the [Tab] ke y.     The completion is optiona[...]

  • Page 18

    18 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 3 Conf iguration and Softwar e Mana g em ent Document revisi on: 1.6 (Mon Sep 19 12:55: 52 GMT 2005) Applies to: V2.9 3.1 General In formation Summar y This chapter intr oduces you with comman ds which are used to perfo rm the followin g fu[...]

  • Page 19

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 19 RouterOS v3 Con figuration a nd User Gui de To see the files st ored on th e router: [admin@AT-WR 4562] > file print # NAME TYP E SIZE CREATI ON-TIME 0 test.bac kup bac kup 1256 7 sep/08 /2004 21:07:5 0 [admin@AT-WR 4562] > To load the sa ved backup file test : [admin@AT-WR 456[...]

  • Page 20

    20 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     It is impossible to i mport the wh ole router confi guration using thi s feature. It can only be used to import a part of configura tion (for exa mple, firewall rules) in order to spare you som e typing. Command Description [...]

  • Page 21

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 21 RouterOS v3 Con figuration a nd User Gui de Standards and Te chnologies: None Hardware usage : Not signifi cant 3.2.2 System Upgr ade Submenu level: /system u pgrade Description This s ubmenu gives you t he ability to download RouterO S so ftware packages f rom a remot e Ro uterOS ro[...]

  • Page 22

    22 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 3.2.3 Adding P ackage Source Submenu level: /system u pgrade upgra de-package- source Description In this su bmenu you can add remote r outers fro m which to download RouterOS soft ware packages. Property Description address ( IP addre ss )[...]

  • Page 23

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 23 RouterOS v3 Con figuration a nd User Gui de • The package dep endency is checked befo re installing a soft ware package. The package will not b e installed, if the r equired softw are package is m issing • The version of th e feature p ackage should be t he same as t hat of the s[...]

  • Page 24

    24 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If a package is marked for unins tallation, but it is required for an other (depend ent) package, th en the marked package ca nnot be unin stalled. You should un install the dependent pack age too. For th e list of package d[...]

  • Page 25

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 25 RouterOS v3 Con figuration a nd User Gui de Example To downgrade th e RouterOS (assuming that all needed pac kages are already uploade d): [admin@AT-WR 4562] system package> down grade Router will be rebooted. Continue? [y/ N]: y system will reboot shortl y 3.3.5 Disabling and Ena[...]

  • Page 26

    26 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Suppose we need to cancel security pack age uninst allation action schedule d on reb oot: [admin@AT-WR 4562] system package> prin t Flags: X – d isabled # NAME VERSION SCHEDULED 0 routeros -rb500 3.0 1 system 3.0 2 X ipv6 3.0 3[...]

  • Page 27

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 27 RouterOS v3 Con figuration a nd User Gui de Example See the available p ackages: [admin@AT-WR 4562] system upgrade> refr esh [admin@AT-WR 4562] system upgrade> prin t # SOURCE NAME VER SION STAT US COMPL ETED 0 192.168.2 5.8 router os-x86 2. 9.44 ava ilable 1 192.168.2 5.8 rout[...]

  • Page 28

    28 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • Ethern et interface supp ort • IP over IP tun nel interf ace support • Ethern et over IP tunnel in terface support • driver management for Eth ernet ISA cards • serial port mana gement • local user man agement • export and i[...]

  • Page 29

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 29 RouterOS v3 Con figuration a nd User Gui de Package name Contents Prerequisite s Additional Li cense wireless Support for wireless interfaces with updated Countr y Re gulatory Dom ain settings none None[...]

  • Page 30

    30 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4 Conf iguring Interfaces 4.1 General In terface Set tings Document revisi on: 1.1 (Fri Mar 05 08:08:52 GMT 200 4) Applies to: V2.9 4.1.1 Gener a l Information Summar y AT-WR4500 Rou terOS supports a variety of physical and virtual interfac[...]

  • Page 31

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 31 RouterOS v3 Con figuration a nd User Gui de     One or more inter faces can be monitored at t he same time. To see overall traff ic passing thr ough all interfac es at time, use aggregate instead of interface name. Example Multiple inte rface monitoring: /interface m onit[...]

  • Page 32

    32 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de default - sup ort long cables short - suppo rt short cables standard - same as default disable-running-c heck (yes | no; defau lt: yes ) - disable ru nnin g check. If this value is set to 'n o', the router aut omatically detects w[...]

  • Page 33

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 33 RouterOS v3 Con figuration a nd User Gui de full-duplex (yes | no) - wh ether tran smission of data o ccurs in tw o directions simu ltaneou sly rate (10 Mb ps | 100 Mbps | 1 Gbps) - th e actual data r ate of the con nection status (link-ok | n o-link | un known ) - status of t he int[...]

  • Page 34

    34 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • No implied pro tocol limits on link distan ce • No implied pro tocol speed de gradation for lon g link distan ces • Dynamic protoco l adjustment depending on tr affic type an d resour ce usage Quick Setup Guide Let's consider t[...]

  • Page 35

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 35 RouterOS v3 Con figuration a nd User Gui de ack-tim eout range 5GHz 5GHz-turbo 2.4GHz-G 30km 249 137 368 35km 298 168 320 40km 350 190 375 45km 405 - -     These are not the pr ecise value s. Depending on hardware used and many other f actors they may vary up to +/- 15 mi[...]

  • Page 36

    36 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de band - operatin g band 2.4ghz-b - IEEE 802. 11b 2.4ghz-b/g - IEE E 802 .11g (support s also legacy IEEE 802.11b p rotocol) 2.4ghz-g-turbo - IEEE 802.11g using double channel, provi ding air rate of u p to 10 8 Mbit 2.4ghz-onlyg - on ly IEEE[...]

  • Page 37

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 37 RouterOS v3 Con figuration a nd User Gui de radar-detect - A P scans ch annel list fr om "scan-list" and chooses t he frequen cy which is with the lowest amount of ot her net works detected, if no radar is detected in this channe l for 60 secon ds, the AP st arts to operate[...]

  • Page 38

    38 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de address to the one of a differ ent device. In case no address is set in th e station-bridge- clone-m ac propert y, the station p ostpones connecting to an AP until so me packet, with t he source MAC address different fro m any of the rou te[...]

  • Page 39

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 39 RouterOS v3 Con figuration a nd User Gui de wds-cost-range ( integer ; def ault: 50-150 ) - r ange, within which the b ridge port cost of the WDS link s are adjusted. Th e calculations are based o n the p-throug hput value of t he respective WDS interf ace, which repre sents estimate[...]

  • Page 40

    40 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de To see current interface sett ings: [admin@AT-WR 4562] interfa ce wireless> print Flags: X - d isabled, R - running Flags: X - disabled, R - running 0 name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:18: 5C:3D arp=ena bled interf [...]

  • Page 41

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 41 RouterOS v3 Con figuration a nd User Gui de overhead (and th us increase s peed). The card is not w aiting for frames, bu t in case a n umber of packets are queue d for transmitting, t hey can be co mbined. There are several methods of fra ming: none - do not hing special, do not com[...]

  • Page 42

    42 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de mtu ( integer : 0 ..1600; default : 1500 ) - Maximum Tr ansmissi on Unit name ( name ) - refe rence name of the int erface rates-a/g ( mul tiple choice: 6M bps, 9 Mbps, 12 Mbps, 18Mbps, 24 Mbps, 36 Mbps, 48Mbps, 54Mbp s) - rates to be supp [...]

  • Page 43

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 43 RouterOS v3 Con figuration a nd User Gui de [admin@AT-WR 4562] interfa ce wireless> print Flags: X - d isabled, R - running 0 R name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:05: 00:14 arp=ena bled interf ace-type=Athe ros AR5413 mo de=station ssi d="AT-WR4560" [...]

  • Page 44

    44 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de client- tx-limit ( read-only: integer ) - t ransmit rate limit on the AP, in bits pe r second compression ( re ad-only: yes | no) - wh ether data compress on is us ed for this peer encryption ( read-onl y: aes-cc m | tkip) - u nicast encryp[...]

  • Page 45

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 45 RouterOS v3 Con figuration a nd User Gui de To get additional statistics: [admin@AT-WR 4562] interfa ce wireless> registration-t able print st ats 0 interface= wlan1 radio-n ame="000C4218 5C3D" mac-addr ess=00:0C:42: 18:5C:3D ap=no wds =no rx-rate=" 1Mbps" tx-r[...]

  • Page 46

    46 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The association p rocedure is as follows: w hen a new client w ants to associate t o the AP that is confi gured on interface wlanN , an e ntry with client's MAC address and inte rface wl anN is look ed up sequ entially from top to bo t[...]

  • Page 47

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 47 RouterOS v3 Con figuration a nd User Gui de 2512 , 2532, 2552, 2572 , 2592, 2612, 2 632, 2652, 2672 , 2692, 2712, 2 732) - the list of 2GHz IEEE 802.11b channels (freq uencies are give n in MHz ) 2ghz-g-chan nels ( multipl e choice, read-only : 2312, 2317, 23 22, 232 7, 2332, 2337, 2[...]

  • Page 48

    48 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     There is a special ar gument for t he print command - p rint count- only. It forces th e print comman d to print only the coun t of informati on topics. /interface wirele ss info pri nt command sho ws only chann els supporte[...]

  • Page 49

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 49 RouterOS v3 Con figuration a nd User Gui de Example [admin@AT-WR 4562] interfa ce wireless i nfo> print 0 interface -type=Atheros AR5413 chip-info ="mac:0xa/0x5 , phy:0x61, a 5:0x63, a2:0x0 , eeprom:0x50 02" tx-power- control=yes a ck-timeout-co ntrol=yes alig nment-mode[...]

  • Page 50

    50 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 59 60:0,5965:0,5 970:0,5975:0,5 980:0,5985:0, 5990:0,5995:0 , 60 00:0,6005:0,6 010:0,6015:0,6 020:0,6025:0, 6030:0,6035:0 , 60 40:0,6045:0,6 050:0,6055:0,6 060:0,6065:0, 6070:0,6075:0 , 60 80:0,6085:0,6 090:0,6095:0,6 100:0 2ghz-g-ch annels[...]

  • Page 51

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 51 RouterOS v3 Con figuration a nd User Gui de max-station-c ount ( integer ; default: 2007 ) - numb er of clien ts that can conne ct to this AP simultaneously mtu ( integer : 6 8..1600 ; default: 1500 ) - Maximum Transmiss ion Unit name ( name ; def ault: wlanN ) - interface name propr[...]

  • Page 52

    52 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description arp (disabled | en abled | pro xy-arp | reply-on ly; default: en abled ) - Ad dress Resolut ion Protocol disabled - the in terface will no t use ARP enabled - the int erface will us e ARP proxy-arp - the interface will [...]

  • Page 53

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 53 RouterOS v3 Con figuration a nd User Gui de audio-min ( i nteger ; default: - 100 ) - signal-st rength at wh ich audio (beep er) frequ ency will be the low est audio-monitor ( MAC addres s ; default: 00:00:00:00: 00:00 ) - MAC address of th e remote h ost which will be 'listened[...]

  • Page 54

    54 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example [admin@AT-WR 4562] interfa ce wireless a lign> monitor wlan2 # ADDRESS SSID RXQ AVG-RXQ LAST- RX TXQ LAST-T X CORRECT 0 00:01:24: 70:4B:FC wire lesa -60 -60 0.01 -67 0.01 100 % [admin@AT-WR 4562] interfa ce wireless a lign> 4.[...]

  • Page 55

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 55 RouterOS v3 Con figuration a nd User Gui de Example To set t he followin g transmit po wers at e ach rates: 1Mbp s@10dBm, 2 Mbps@1 0dBm, 5.5M bps@9dBm, 11Mbp s@7dBm, do the f ollowing: [admin@AT-WR 4562] interfa ce wireless m anual-tx-power -table> print 0 name="wla n1" [...]

  • Page 56

    56 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4.3.16 Security Pr ofiles Submenu level: /interface wi reless security- profile s Description This section pro vides WEP (Wired Equivalent Privacy) and W PA/WPA2 (Wi-Fi Pr otected A ccess) functions t o wireless inte rfaces. WPA The Wi-Fi P[...]

  • Page 57

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 57 RouterOS v3 Con figuration a nd User Gui de radius-mac-m ode (as-usern ame | as-userna me-and-passw ord; default: a s-username ) - whethe r to use MAC address as username on ly or ad both u sername and passwo rd for RADIU S auth entication static-al go-0 (none | 40bit-wep | 10 4bit-w[...]

  • Page 58

    58 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de tls-mode (no-cer tificates | d ont-verify-certific ate | verify-c ertificate; def ault: no-certi ficates ) - TLS certificate mode no-certific ates - certificates are negotiate d dynamically u sing anonymou s Diffie-He llman MODP 20 48 bit a[...]

  • Page 59

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 59 RouterOS v3 Con figuration a nd User Gui de file-size ( read-onl y: integer ) - c urrent file size (kB) memory-over-l imit- packets ( read-onl y: integer ) - numb er of packets t hat are drop ped be cause of exceeding memo ry-limit memory-save d-packets ( re ad-only: integer ) - h ow[...]

  • Page 60

    60 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description channel-ti me ( time ; default: 200ms ) - how long to snoop each chann el, if multiple-chan nels is set to yes multiple- channels (yes | no ; default: no ) - wh ether t o snoop mu ltiple channels or a single chann el no[...]

  • Page 61

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 61 RouterOS v3 Con figuration a nd User Gui de • disabled=no • On client (station): • mode=station • band=5ghz • ssid=test • disabled=no Configure th e Access Point a nd add an IP address (10.1.0.1 ) to it: [admin@Acces sPoint] inter face wireless > set wlan1 mo de=ap-bri[...]

  • Page 62

    62 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Configure th e station and add an IP address (1 0.1.0.2) to it: [admin@Stati on] interface wireless> se t wlan1 name=T o-AP mode=sta tion ssid=test band=5ghz di sabled=no [admin@Stati on] interface wireless> pr int Flags: X - d isab[...]

  • Page 63

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 63 RouterOS v3 Con figuration a nd User Gui de • Configure AP to sup port W DS connection s • Set wds-defa ult-bridge to b ridge1 • On WDS station : • Configure it as a WDS Statio n, using mode= station-wds • Configure t he WDS Access Point. Co nfigure th e w ireless interf ac[...]

  • Page 64

    64 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Now configure the WD S st ation and put th e wire less ( wl an1 ) an d eth ernet ( Local ) i nterfaces into a bridge: [admin@WDS_S tation] > int erface bridge [admin@WDS_S tation] inter face bridge> add [admin@WDS_S tation] inter face[...]

  • Page 65

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 65 RouterOS v3 Con figuration a nd User Gui de This example wil l show you h ow to create a VAP: [admin@VAP] interface wir eless> print Flags: X - d isabled, R - running 0 name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:05: 00:22 arp=ena bled disabl e-running-che ck=no interf[...]

  • Page 66

    66 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Nstr eme This example sho ws you how to configure a point-to-p oint Nstrem e link. Nstreme 2 Nstreme 1 Figure 7: Nstrem e networ k example The set up of Nst reme is similar to u sual wireless configurat ion, ex cept t hat you have to do som[...]

  • Page 67

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 67 RouterOS v3 Con figuration a nd User Gui de Configure Nstreme -Client wireless sett ings and enable N streme on it: [admin@Nstre me-Client] in terface wirel ess> set wlan1 mode=station ssid=nstreme band=5ghz frequency=58 05 disabled=n o [admin@Nstre me-Client] in terface wirel e[...]

  • Page 68

    68 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 5180 MHz [DualNS - 2] [DualNS - 1] 5805 MHz Figure 8: Nstrem e dual ne twork exam ple Configure Dual NS-1 : [admin@DualN S-1] interfac e wireless> s et wlan1,wlan2 mode=nstreme -dual-slave [admin@DualN S-1] interfac e wireless> p rint[...]

  • Page 69

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 69 RouterOS v3 Con figuration a nd User Gui de     As we have not c onfigured the DualNS-2 rou ter, we cann ot define the remo te-mac param eter on DualNS-1 . We wil l do it after c onfiguring DualN S-2 ! The configuration o f DualNS -2 : [admin@DualN S-2] interfac e wireles[...]

  • Page 70

    70 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de WEP Security This example shows h ow to configure WEP (Wired Eq uivalent Privacy) on Access Point and Clients . In example w e will configure an Ac cess Point which will use 104bit-wep for on e station and 40bit-w ep for other clients. Th e[...]

  • Page 71

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 71 RouterOS v3 Con figuration a nd User Gui de Configure th e Access Point: [admin@WEP_A P] interface wireless secu rity-profiles> add name=Sta tionX ... mode=st atic-keys-req uired static- algo-1=40bit-w ep static-key -1=1234567890 ... static- transmit-key= key-1 [admin@WEP_A [...]

  • Page 72

    72 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Configure WEP_St ation1: [admin@WEP_S tation1] inte rface wireles s security-pro files> add na me=Station1 ... mode=st atic-keys-req uired static- sta-private-al go=104bit-wep ... static- sta-private-k ey=6543210987 65432109876543 [...]

  • Page 73

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 73 RouterOS v3 Con figuration a nd User Gui de Config of WE P_StationX: [admin@WEP_S tationX] inte rface wireles s security-pro files> add na me=StationX ... mode=st atic-keys-req uired static- algo-1=40bit-w ep static-key -1=1234567890 ... static- transmit-key= key-1 [admin@WE[...]

  • Page 74

    74 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de On t he AP in default or in your own made profile as an e ncryption algorithm choose w pa-psk . Sp ecify the pre-share d-key , wpa-uni cast-cipher s and wpa-group-c ipher [admin@WPA_A P] interface wireless secu rity-profiles> set default[...]

  • Page 75

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 75 RouterOS v3 Con figuration a nd User Gui de 4.4 VLAN Int erfaces Document revisi on: 1.2 (Mon Sep 19 13:46: 34 GMT 2005) Applies to: V2.9 4.4.1 Gener a l Information Summar y VLAN is an implementation o f the 802.1 Q VLAN protocol for RouterOS. It allows you to h ave multiple Virtual[...]

  • Page 76

    76 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de reply-only - the interface wil l only reply t o the req uests for to its ow n IP addresses , but ne ighbor MAC addresses will b e gathered fr om /ip arp statical ly set table o nly interface ( name ) - physical in terface to t he netw ork w[...]

  • Page 77

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 77 RouterOS v3 Con figuration a nd User Gui de On Router 1 : [admin@AT-WR 4562] ip addr ess> add addr ess=10.10.10.1 /24 interface =test [admin@AT-WR 4562] ip addr ess> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRES S NETWORK BROADCAST INTERFAC E 0 10.0.0 .204/24 10[...]

  • Page 78

    78 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Quick Setup Guide To put int erface ether1 and ether2 in a brid ge. Add a bridge int erface, called MyBridge : /interface b ridge add nam e="MyBridge" disabled=no Add ether1 and ether2 to MyB ridge inte rface: /interface b ridge p[...]

  • Page 79

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 79 RouterOS v3 Con figuration a nd User Gui de Property Description admin-mac: (MAC address) - MAC address ass igned to t he bridge if aut o-mac = no ageing-tim e ( time ; default: 5 m ) - how lon g a host informa tion will be kep t in the b ridge database arp (disabled | en abled | pro[...]

  • Page 80

    80 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To group ether1 and ether2 in the already created bridg e1 bridge (ver sions from 2.9 .9): [admin@AT-WR 4562] interfa ce bridge por t> add interfa ce=ether1 bri dge=bridge1 [admin@AT-WR 4562] interfa ce bridge por t> add inter[...]

  • Page 81

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 81 RouterOS v3 Con figuration a nd User Gui de Example To monitor a bri dge port: [admin@AT-WR 4562] interfa ce bridge por t> mo 0 status: in -bridge po rt-number: 1 role: de signated-port edge-port: no edge-port- discovery: ye s point-to-p oint-port: no ext ernal-fdb: no sen ding-rs[...]

  • Page 82

    82 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de There are thr ee bridge filter tables: • filter - bridge firew all with th ree predefin ed chains: • input - filters packets, which destination is th e bridge ( including those packets that will be routed, as they are anyway destined to[...]

  • Page 83

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 83 RouterOS v3 Con figuration a nd User Gui de dst-address ( IP ad dress ; defa ult: 0.0.0 .0/0 ) - destination IP address (only if M AC prot ocol is set to IP v4) dst-mac-addre ss ( MAC addr ess ; default: 00:00: 00:00:00:00 ) - destination MAC address dst-port ( integer : 0. .6553 5) [...]

  • Page 84

    84 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de stp-forward-dela y ( time : 0.. 655 35) - forward delay time r stp-hello-tim e ( time : 0..655 35) - stp hello packets time stp-max-age ( time : 0..6553 5) - maximal STP message age stp-msg-age ( tim e : 0..65535 ) - STP messa ge age stp-po[...]

  • Page 85

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 85 RouterOS v3 Con figuration a nd User Gui de Property Description action (accept | arp-reply | dr op | dst-nat | jump | log | mark | passthrou gh | redirect | r eturn | src-nat; default: accept ) - action to u ndertake if t he packet m atches the ru le, one of th e: accept - accep t t[...]

  • Page 86

    86 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4.5.11 T roubl eshooting Description Router shows that my rule i s invali d • in-interface, in-b ridge (or in-br idge-port) is spec ified, but such an interf ace does not e xist • there is an action =mark-pack et, but n o new-packet-mar[...]

  • Page 87

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 87 RouterOS v3 Con figuration a nd User Gui de 5 IP and Routing 5.1 IP Addr esses an d ARP Document revisi on: 1.3 (Tue Sep 20 19:02: 32 GMT 2005) Applies to: V2.9 5.1.1 Gener a l Information Summar y The following Manual discuss es IP address management and the Address Resolution Pr ot[...]

  • Page 88

    88 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description actual-interface (re ad-only: name) - only applicable to log ical interf aces like bridges o r tun nels. Holds the name of t he actual hardw are interface th e logical one is boun d to. address (IP addres s) - IP addr e[...]

  • Page 89

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 89 RouterOS v3 Con figuration a nd User Gui de If ARP fe ature is t urned of f on the interface, i.e., arp=di sabled is use d, ARP requ ests from clients are not answered b y the rou ter. There fore, st atic ARP entry should be added to t he clients as well. For example, the route r&apo[...]

  • Page 90

    90 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Network A 192 .168.0.0/24 198 .168.0.130/25 Network B 192.168.0 .128/25 ether2 198.168.0 .129/25 198.168.0.20/2 4 198 .168.0.30/24 198 .168.0.1/25 ethe r1 A B C Figure 11: Prox y ARP Suppose the host A n eeds to commun icate to ho st C. To [...]

  • Page 91

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 91 RouterOS v3 Con figuration a nd User Gui de Example Consider the following conf iguration: Reserved for dial in 10.0.0.230 ..240 Pppoe - inX addresses 10.0.0.217 /32 10.0.0.217/24 ether1 10.0.0.1/24 Internet Laptop 10.0.0.231 /24 Server 10.0.0.2/24 WS 10.0.0.230/24 Figure 12: Prox y [...]

  • Page 92

    92 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de interface with th e networ k being th e same as the a ddress o n the r outer on the ot her side of t he p2p link (there may be n o IP on that in terface, bu t there is an IP fo r that ro uter). Example [admin@AT-WR 4562] ip addr ess> add[...]

  • Page 93

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 93 RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP Routes, Eq ual Cost Multip ath Routing, Polic y Routing Description Routing In formation Proto col (RIP) is o ne pro tocol in a s eries o f routin g p rotocols ba sed on B ellman- Ford (or distance vect[...]

  • Page 94

    94 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To enable RIP p rotocol to re distribute the rou tes to the conne cted network s: [admin@AT-WR 4562] routing rip> set red istribute-conn ected=yes [admin@AT-WR 4562] routing rip> print distri bute-default: never redistr ibute-[...]

  • Page 95

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 95 RouterOS v3 Con figuration a nd User Gui de 5.2.4 Networks Submenu level: /routing rip network Description To start the RIP p rotocol, yo u have to define t he netw orks on wh ich RIP will run. Property Description network ( IP addr ess mask ; de fault: 0.0. 0.0/0 ) - specifies t he [...]

  • Page 96

    96 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     This list shows rout es learned by all dynamic rou ting protocols ( RIP, OSPF and BGP) Example To view the list of t he route s: [admin@AT-WR 4562] routing rip route> p rint Flags: S - s tatic, R - ri p, O - ospf, C - con[...]

  • Page 97

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 97 RouterOS v3 Con figuration a nd User Gui de The necessary con figuration o f the RIP general settings is as follows: [admin@AT-WR 4562] routing rip> set red istribute-conn ected=yes [admin@AT-WR 4562] routing rip> print dist ribute-defaul t: never redis tribute-stati c: no redi[...]

  • Page 98

    98 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Alliedware+ Route r Configur ation ... interface Et hernet0 ip address 10.0.0.26 255 .255.255.0 no ip direc ted-broadcast ! interface Se rial1 ip address 192.168.1.1 2 55.255.255.25 2 ip directed -broadcast ! router rip version 2 redistribu[...]

  • Page 99

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 99 RouterOS v3 Con figuration a nd User Gui de Related T opic s • IP Addresses and ARP • Routes, Equ al Cost Multipath Routing, Polic y Routing • Log Management Description Open Shortest Pat h Fir st p rotocol is a link-state routin g pr otocol. It's uses a lin k-state algori[...]

  • Page 100

    100 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Within one area, only the rou ter that is conn ected to an other a rea (i.e. Area bord er rou ter) or to another AS (i.e. Autonomou s System bou ndary router) shoul d have the pr opagation of th e default rout e enabled. OS[...]

  • Page 101

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 101 RouterOS v3 Con figuration a nd User Gui de However, are as do not need t o be ph ysical connected to ba ckbone. It can be done with virtual link. The name and are a-id for this area can not be change d authenticat ion (none | simp le | md5; defau lt: none ) - spe cifies authe ntica[...]

  • Page 102

    102 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 5.3.5 Interfac es Submenu level: /routing ospf interface Description This fac ility pro vides tool s f or ad ditional in -depth configuration of OSPF interface sp ecific p arameters. You do not h ave to configure interf aces in order to ru[...]

  • Page 103

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 103 RouterOS v3 Con figuration a nd User Gui de Property Description neighbor-id ( IP addr ess ; def ault: 0.0. 0.0 ) - spe cifies router-id of th e neighbor transit-area ( na me ; default: (unknown) ) - a non-backbon e area the two r outers have i n common     Virtual links[...]

  • Page 104

    104 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example The following tex t can be obs erved just after adding an O SPF net work: admin@AT-WR4 562] routing ospf> neighbo r print router-id=1 0.0.0.204 add ress=10.0.0.2 04 priority=1 state="2-Way" state-ch anges=0 ls-re trans[...]

  • Page 105

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 105 RouterOS v3 Con figuration a nd User Gui de Now let's set up th e OSPF_MAIN router . The route r should have 3 NI Cs: [admin@OSPF_ MAIN] interfa ce> print Flags: X - d isabled, D - dynamic, R - running # NAME TYPE RX-RATE TX- RATE MT U 0 R main_gw ether 0 0 1500 1 R to_peer_[...]

  • Page 106

    106 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Assign IP addre sses to the se interfaces: [admin@OSPF_ peer_1] ip ad dress> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRE SS NETWOR K BROADCAST INTERFA CE 0 10.1. 0.1/24 10.1.0 .0 10.1.0.255 to_main 1 10.3. 0.1/24 10.3.0[...]

  • Page 107

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 107 RouterOS v3 Con figuration a nd User Gui de Add the same area as in pr evious rou ters: [admin@OSPF_ peer_2] routi ng ospf area> print Flags: X - d isabled, I - invalid # NAME AREA-ID STUB DEFAULT-COST AUTHENTICATI ON 0 backbone 0.0.0.0 none 1 local_10 0.0.0.1 no 1 none Add conne[...]

  • Page 108

    108 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Routing tables with Revised Link Cost This example sho ws how to set u p link cost. L et us assume, that th e link between the rou ters OSPF_peer_1 and OSPF_ peer_2 has a h igher cost (might b e slower, we have to pay more f or the traffic[...]

  • Page 109

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 109 RouterOS v3 Con figuration a nd User Gui de On OSPF_peer _1: [admin@OSPF_ peer_1] > ip route pr Flags: X - d isabled, I - invalid, D - dynamic, J - r ejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST -ADDRESS G GATE WAY DISTANCE IN TERFACE 0 Do 192.1 68.0.0/24 r [...]

  • Page 110

    110 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The OSPF rout ing changes as follows: Routes on OSPF_MAIN rou ter: [admin@OSPF_ MAIN] ip rout e> print Flags: X - d isabled, I - invalid, D - dynamic, J - r ejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST -ADDRESS G G[...]

  • Page 111

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 111 RouterOS v3 Con figuration a nd User Gui de Filter NAT Description RouterOS has follow ing types of rout es: dynamic ro utes - aut omatically created route s for ne tworks, wh ich are directl y accesse d through an interface. They appear autom atically, whe n addin g a new IP a ddre[...]

  • Page 112

    112 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de bgp-origin (inco mplete | igp | egp) - th e origin of the route prefix bgp-prepend ( in teger : 0..16) - numb er which indicates how many time s to prep end AS_NAME t o AS_PATH check-gate way (arp | ping; d efault: ping ) - which proto col[...]

  • Page 113

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 113 RouterOS v3 Con figuration a nd User Gui de     You can use policy r outing even i f you use masquerading on y our private n etworks. The sour ce address will be the same a s it is in the lo cal network. In p revious ver sions of Router OS the source addr ess changed to [...]

  • Page 114

    114 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     ISP1 gives us 2 Mbps and ISP2 - 4Mbps so w e want a traff ic ratio 1:2 (1/3 of the source/d estination IP pairs from 192.168. 0.0/24 go es through ISP1 , and 2/3 throu gh ISP2). IP addresses of th e router: [admin@ECMP- Rou[...]

  • Page 115

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 115 RouterOS v3 Con figuration a nd User Gui de Configuration o f the IP addres ses: [admin@PB-Ro uter] ip addr ess> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRESS N ETWORK BROADCAST INTERFACE 0 192.168 .0.1/24 1 92.168.0.0 192.168.0.25 5 Local1 1 192.168 .1.1/24 1 92[...]

  • Page 116

    116 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 6 DHCP and DNS 6.1 DHCP Client and Ser ver Document revisi on: 2.7 (Mon Apr 18 22:24: 18 GMT 2005) Applies to: V2.9 6.1.1 Gener a l Information Summar y The DHCP (Dynami c Host Conf iguration Protoco l) is needed for easy distribu tion of [...]

  • Page 117

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 117 RouterOS v3 Con figuration a nd User Gui de 68 po rt. The initial negotiati on involves commu nication b etween broadcast addresses (on some ph ases sender will u se source address o f 0. 0.0.0 and/or destinati on address o f 255.255. 255.255 ). You shou ld be aware of this w hen bu[...]

  • Page 118

    118 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If host-name pr operty is not specified, client's sy stem identity wi ll be sent in th e respective f ield of DHCP request. If client-i d property is not speci fied, client's MAC address will be sent in the re spe[...]

  • Page 119

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 119 RouterOS v3 Con figuration a nd User Gui de • specified, rx -rate is as tx- rate too. Same goes for tx- burst-rate an d tx -burst- threshold and tx -burst- time. • If b oth rx-bu rst-thresho ld and tx- burst-thre shold are n ot spe cified (bu t burst -rate is specified), r x- ra[...]

  • Page 120

    120 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de the sour ce-address is left as 0 .0.0 .0 , then the static address will be u sed. If there are multiple ad dresses on the in terface, an address in the same sub net as the range of given ad dresses should be used use-radius (yes | no; defa[...]

  • Page 121

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 121 RouterOS v3 Con figuration a nd User Gui de Property Description store-leases-dis k (time-interv al | immediate ly | never; defau lt: 5min ) - ho w freque ntly lease changes should be sto red on disk 6.1.5 DHCP Networks Submenu level: /ip dhcp-ser ver netw ork Property Description a[...]

  • Page 122

    122 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Note that the IP addresses as signed static ally are not pr obed. Property Description active-addres s ( read-only: IP address ) - actual IP address f or th is lease active-c lient-id ( read-only: text ) - actual clien t-id of the clie nt [...]

  • Page 123

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 123 RouterOS v3 Con figuration a nd User Gui de Example To assign 10.5 .2.100 st atic IP address for th e existing DHC P client (sh own in th e lease table as item #0) : [admin@AT-WR 4562] ip dhcp -server lease > print Flags: X - d isabled, R - radius, D - d ynamic, B - bl ocked # AD[...]

  • Page 124

    124 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description code ( integer : 1..25 4) - dhcp o ption code. A ll codes are available at http://www.iana.or g/assignme nts/boo tp-dhcp-p arameters name ( name ) - des criptive name of the op tion value ( text ) - p arameter's v[...]

  • Page 125

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 125 RouterOS v3 Con figuration a nd User Gui de Example To add a DH CP relay named relay on ether1 interface resendin g all rece ived requests to the 10.0.0.1 DHCP server: [admin@AT-WR 4562] ip dhcp -relay> add n ame=relay inte rface=ether1 ... dhcp-se rver=10.0.0.1 disabled=no [a[...]

  • Page 126

    126 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The wizard h as made the follo wing configur ation based on t he answe rs above: [admin@AT-WR 4562] ip dhcp -server> prin t Flags: X - d isabled, I - invalid # NAME INT ERFACE RELAY ADDR ESS-POOL LEAS E-TIME ADD-AR P 0 dhcp1 eth er1 0.0[...]

  • Page 127

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 127 RouterOS v3 Con figuration a nd User Gui de IP addresses of D HCP-Rela y : [admin@DHCP- Relay] ip add ress> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRESS N ETWORK BROADCAST INTERFACE 0 192.168 .0.1/24 1 92.168.0.0 192.168.0.25 5 To-DHCP-S erver 1 192.168 .1.1/24 [...]

  • Page 128

    128 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de [DHCP-Server] Local 192.168.0.1/24 Public 10.1.0.2/24 Internet RADIUS Server 172.16.0.2/24 To - Radius 172.16.0.1/24 Local Network Address Range : 19 2.168.0.0/24 Figure 19: DHC P with RA DIUS We assume th at you already have installed Fre[...]

  • Page 129

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 129 RouterOS v3 Con figuration a nd User Gui de 6.2 DNS Client a nd Ca che Document revisi on: 1.2 (Fri Apr 15 17:37: 43 GMT 2005) Applies to: V2.9 6.2.1 Gener a l Information Summar y DNS cache is u sed to minimize DNS requ ests to an e xternal DNS server as we ll as to minimize DNS re[...]

  • Page 130

    130 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To set 159.1 48.60.2 as the pr imary DNS server and allow the rout er to be used as a DN S server, do the following: [admin@AT-WR 4562] ip dns> set primary- dns=159.148.60 .2 ... allow-r emote-request s=yes [admin@AT-WR 4562][...]

  • Page 131

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 131 RouterOS v3 Con figuration a nd User Gui de Description The Router OS has an embed ded DNS ser ver feature in DNS cache. It a llows you t o link the particular dom ain names with the resp ective IP addresses an d advertize th ese links to t he DNS client s using the rou ter as their[...]

  • Page 132

    132 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 7 AAA Conf ig uration 7.1 RADIUS cli ent Document revisi on: 1.6 (February 14, 200 7, 12:00 GMT) Applies to: V2.9 7.1.1 Gener a l Information Summar y This document provides info rmation abou t Route rOS built-in RADIUS client configurat i[...]

  • Page 133

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 133 RouterOS v3 Con figuration a nd User Gui de domain ( text ; defau lt: "" ) - M icrosoft Win dows doma in of client passed to RADIUS ser vers t hat require domain validation realm ( text ) - exp licitly stated real m (user dom ain), so the users do not have to prov ide prop[...]

  • Page 134

    134 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de port ( integer ; defau lt: 1700 ) - The p ort numb er to listen f or the reque sts on     RouterOS doesn't support POD ( Packet of Disconnect) the other RADIUS a ccess reques t packet t hat performs a simil ar function as [...]

  • Page 135

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 135 RouterOS v3 Con figuration a nd User Gui de • NAS-Port-Id - async PPP - serial port name; PPPoE - ethernet interface name on which se rver is running; HotSpot - name of th e physical HotSpot interface (if b ridged, th e b ridge port name is showed here ); not pre sent for ISDN, PP[...]

  • Page 136

    136 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de you should firs t cre ate a ppp chain and make jum p r ules that would put actual traffic to this chain). The same app lies for HotSp ot, but t he rules will be create d in hotspot cha in • Mikrotik-Mark- Id - f irewall mangle chain n am[...]

  • Page 137

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 137 RouterOS v3 Con figuration a nd User Gui de instances may b e send by RADIUS ser ver to sp ecify add itional URLs wh ich are choo sen in r ound robin fashion . • Mikrotik-Ad vertise-Inter val - Time interval between tw o adjacent advertisement s. Mu ltiple attribute inst ances ma [...]

  • Page 138

    138 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Change of Autho rization RADIUS d isconnect and Change of Auth orization ( according to RFC3576) are supported as well. These attributes may be changed b y a CoA req uest from t he RADIUS server: • Mikrotik-Group • Mikrotik-Recv-Limit [...]

  • Page 139

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 139 RouterOS v3 Con figuration a nd User Gui de Name VendorID Value RFC where it i s defined Called-Station-Id 30 RFC2865 Calling-Station-Id 31 RFC2865 CHAP-Challen ge 60 RFC2866 CHAP-Password 3 RFC2865 Class 25 RFC2865 Filter-Id 11 RFC2865 Framed-IP-Address 8 RFC2865 Framed-IP-Net mask[...]

  • Page 140

    140 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Name VendorID Value RFC where it i s defined MS-CHAP2-Succes s 31 1 26 RFC2548 MS-MPPE-Encrypt ion-Policy 311 7 RFC25 48 MS-MPPE-Encrypt ion-Types 311 8 RFC2548 MS-MPPE-Recv- Key 311 1 7 RFC25 48 MS-MPPE-Send- Key 311 16 RFC2548 NAS-Identi[...]

  • Page 141

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 141 RouterOS v3 Con figuration a nd User Gui de 7.2 PPP User A AA Document revisi on: 2.5 (Fri Jul 07 14:52:59 GMT 2006) Applies to: V2.9 7.2.1 Gener a l Information Summar y This document provides summary, conf iguration ref erence and examples on PPP user mana gement. Th is includes a[...]

  • Page 142

    142 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de default - derive this value fro m the inte rface default profile; same as no if t his is the int erface default profile dns-server ( IP addr ess {1,2} ) - IP address o f the DNS server to sup ply to clients idle-ti meout ( time ) - specifi[...]

  • Page 143

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 143 RouterOS v3 Con figuration a nd User Gui de     There are two defaul t profil es that cannot be remo ved: [admin@rb13] ppp profile> print Flags: * - d efault 0 * name="default" use-compression =default use-vj-compression=defa ult use- encryption=d efault onl[...]

  • Page 144

    144 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de routes ( text ) - rou tes that ap pear on t he server wh en the client is con nected. The rou te format is: d st- address [[gat eway] [metr ic]] (for example , 10.1.0.0/24 10.0.0.1 1 ). Several routes may be specified separated with co mma[...]

  • Page 145

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 145 RouterOS v3 Con figuration a nd User Gui de 7.2.5 PPP User Remote AA A Submenu level: /ppp aaa Property Description accounting (yes | no; default : yes ) - enable R ADIUS accou nting interim-updat e ( time ; defaul t: 0s ) - Inte rim-Update time inte rval use-radius (yes | no; defau[...]

  • Page 146

    146 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 7.3.2 Router User Gr oups Submenu level: /user group Description The rout er u ser grou ps provide a convenien t way to assign different pe rmissions and access right s to different u ser classes. Property Description name ( name ) - th e [...]

  • Page 147

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 147 RouterOS v3 Con figuration a nd User Gui de Example To add rebo ot group t hat is allowed to reboot the ro uter locally or using t elnet, as well as rea d the router' s configuration, ent er the follow ing command: [admin@rb13] user group> add name=rebo ot policy=teln et,reb[...]

  • Page 148

    148 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To add user joe w ith passwor d j1o2e3 belongin g to write grou p, enter t he following co mmand: [admin@AT-WR 4562] user> a dd name=joe p assword=j1o2e3 group=write [admin@AT-WR 4562] user> p rint Flags: X - d isabled 0 ;;; [...]

  • Page 149

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 149 RouterOS v3 Con figuration a nd User Gui de use-radius (yes | no; default: no ) - specifies wh ether a use r database on a R ADIUS serve r shou ld be consulted     The RADIUS user da tabase is q ueried only if the required us ername is no t found in the local u ser datab[...]

  • Page 150

    150 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8 VPNs and T u nneling 8.1 EoIP Document revisi on: 1.4 (Fri Nov 04 20: 53:13 GMT 2005) Applies to: V2.9 8.1.1 Gener a l Information Summar y Ethern et over IP (EoIP) Tu nneling is a RouterOS protocol that creates an Ethern et tunnel betwe[...]

  • Page 151

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 151 RouterOS v3 Con figuration a nd User Gui de The EoIP inte rface appears as an Ether net interface under t he interf ace list. This interf ace support s all fe atures of an Eth ernet inte rface. IP addresses and other tunnels may b e run over the int erface. The EoIP prot ocol e ncap[...]

  • Page 152

    152 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.1.3 EoIP Application Ex ample Description Let us assume we want to bridge tw o networks: 'Office LAN' and 'Remot e LAN'. The network s are connected to an I P net work th rough th e rout ers [Our_GW] and [Rem ote]. Th[...]

  • Page 153

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 153 RouterOS v3 Con figuration a nd User Gui de Configure the E oIP tunnel b y adding the eoip t unnel interfaces at b oth rout ers. Use the ip addresses of the pp tp tunnel interf aces when spe cifying the argument values f or the Eo IP tunnel: [admin@Our_G W] interface eoip> add na[...]

  • Page 154

    154 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.2 Interface Bond ing Document revisi on: 1.1 (oct-26-2004) Applies to: V2.9 8.3 General In formation 8.3.1 Summar y Bonding is a technolo gy that allows to aggregate multiple e therne t-like int erfaces into a single virtual link, thus g[...]

  • Page 155

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 155 RouterOS v3 Con figuration a nd User Gui de Description To provide a prop er failover, you should specify link-moni toring paramet er. It can be : • MII (Media Indepe ndent Interface) type 1 or type2 - Me dia In dependen t Int erface is an ab stract layer between the op erating sy[...]

  • Page 156

    156 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de name ( name ) - descriptive na me of bon ding interface primary ( name ; default: non e ) - Int erface is used as prim ary outp ut media. If prim ary interface fa ils, only then ot hers slaves will be use d. This v alue works only with mod[...]

  • Page 157

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 157 RouterOS v3 Con figuration a nd User Gui de Office2 configu ration: [admin@offic e2] interface > print Flags: X - d isabled, D - dynamic, R - running # NAME TYP E RX-RATE TX -RATE MTU 0 R isp2 eth er 0 0 1500 1 R isp1 eth er 0 0 1500 [admin@offic e2] interface > /ip add pri nt[...]

  • Page 158

    158 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Bonding co nfiguratio n for Office1 [admin@offic e1] interface bonding> add slaves=eoip-t unnel1,eoip-t unnel2 [admin@offic e1] interface bonding> pri nt Flags: X - d isabled, R - running 0 R name=" bonding1" mtu =1500 mac-[...]

  • Page 159

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 159 RouterOS v3 Con figuration a nd User Gui de Add an IPIP inter face (by def ault, its name w ill be ipip1 ): [admin@10.5. 8.104] interf ace ipip> add local-address =10.5.8.104 remote-addre ss=10.1.0.172 disabled=no Add an IP address to create d ipip1 inter face: [admin@10.5. 8.1[...]

  • Page 160

    160 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Use /ip address ad d command to assign an IP add ress to the IPIP interface. There is no authentica tion or 'st ate' for this int erface. The band width usage of th e interface ma y be monitored with the monitor f[...]

  • Page 161

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 161 RouterOS v3 Con figuration a nd User Gui de Now both routers can p ing each other: [admin@AT-WR 4562] interfa ce ipip> /pin g 1.1.1.2 1.1.1.2 64 b yte ping: ttl =64 time=24 m s 1.1.1.2 64 b yte ping: ttl =64 time=19 m s 1.1.1.2 64 b yte ping: ttl =64 time=20 m s 3 packets tr ansm[...]

  • Page 162

    162 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP AAA Configur ation EoIP IP Security Additional Resour ces http://www.linu xguide.it/docs.p hp?Ne tworking:VPN:IPSec% 2FL2TP http://en.wikip edia.org/wiki/L2 tp Description L2TP is a secure tunn el p ro[...]

  • Page 163

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 163 RouterOS v3 Con figuration a nd User Gui de mrru ( integer : 512 ..65535 ; default: disabled ) - maximum p acket size t hat can be rece ived on the link. If a packet is bigger th an tunn el MTU, it will be sp lit into multip le packets, allowing full size I P or Eth ernet packets to[...]

  • Page 164

    164 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.5.4 L2TP Ser ver Setup Submenu level: /interface l 2tp-server ser ver Description The L2 TP server creates a dy namic in terface for each connected L2TP client. Th e L2 TP conn ection count from clients depends on the license level you h[...]

  • Page 165

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 165 RouterOS v3 Con figuration a nd User Gui de so if you need a persiste nt rules fo r that u ser, create a static entry for him/her . Otherwise it is safe t o use dynamic configur ation.     In both cases PPP u sers must be configured pr operly. Property Description client[...]

  • Page 166

    166 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.5.6 L2TP Application E xamples Router -to-Router Secure T unnel Example W ISP#1 192.168.8 0.0/24 W ISP# 2 192.168.8 1.0/24 Home Office To Intern et 192.168.8 0.1/24 LAN 10.150.2. 254/24 Remote Offic e To Intern et 192.168.8 1.1/24 LAN 10[...]

  • Page 167

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 167 RouterOS v3 Con figuration a nd User Gui de And finally, the server must b e enabled: [admin@HomeO ffice] interf ace l2tp-serv er server> set enabled=yes [admin@HomeO ffice] interf ace l2tp-serv er server> pri nt enabled: yes mtu: 1460 mru: 1460 authent ication: msch ap2 defau[...]

  • Page 168

    168 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de On the L2 TP server it can alt ernatively b e done using r outes paramete r of the u ser configuration: [admin@HomeO ffice] ppp se cret> print d etail Flags: X - d isabled 0 name=" ex" service=l 2tp caller-id ="" pas[...]

  • Page 169

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 169 RouterOS v3 Con figuration a nd User Gui de ISP#1 192 .168.80.0/24 W ISP# 2 192 .168.81.0/2 4 Remote Off ice To Int ernet 192 .168.81.1/2 4 LAN 10.15 0.1.254/2 4 192.168.80 .111/24 1 0 .1 50 . 1 . 1 /24 Big Internet Encrypted L2T P tun nel To Office 10.150 .1.2/32 From Laptop 10.150[...]

  • Page 170

    170 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Finally, the pro xy APR must b e enabled on the 'Office' in terface: [admin@Remot eOffice] inte rface etherne t> set Office arp=proxy-arp [admin@Remot eOffice] inte rface etherne t> print Flags: X - d isabled, R - running #[...]

  • Page 171

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 171 RouterOS v3 Con figuration a nd User Gui de Generally sp eaking, PPPoE is used t o hand out IP addresses to clients based on the user (and workst ation, if desired) authen tication as opp osed to workstation only authe ntication, when static IP a ddresses or DHCP are used. It is adv[...]

  • Page 172

    172 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP RADIUS client PPP User AA A Log Management Additional Resour ces Links for PPPoE documentati on: http://www.f aqs.org/rfcs/rfc2 516.ht ml PPPoE Clients: RASPPPoE for Windows 95 , 98, 98SE , ME, NT4, 20[...]

  • Page 173

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 173 RouterOS v3 Con figuration a nd User Gui de Example To add and enable PPPoE clie nt on the gig interf ace connecting to the AC that p rovides testSN ser vice using user name j ohn with the password pa ssword : [admin@Remot eOffice] inte rface pppoe-c lient> add int erface=gig [...]

  • Page 174

    174 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If no service name is specified i n WindowsXP, it will use only servi ce with no name . So if you want to serve WindowsXP cli ents, leave your service na me empty. Property Description authenticat ion ( multiple choi ce: ms[...]

  • Page 175

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 175 RouterOS v3 Con figuration a nd User Gui de 8.6.5 PPPoE Users Description The PPPoE users are auth enticated th rough a RADIUS server (if conf igured), and if RADI US fails, th en the local PPP user databese is use d. See the r espective manu al section s for more inf ormation: • [...]

  • Page 176

    176 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.6.7 Application Exampl es PPPoE in a multipoint wireles s 802.11g network In a wireless n etwork, the PPPoE s erver may be attached to an Ac cess Point (as well as to a re gular station of wireless inf rastructure) . E ither our RouterOS[...]

  • Page 177

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 177 RouterOS v3 Con figuration a nd User Gui de Now, configure th e Ethe rnet interface, add the IP address and set th e default rout e: [admin@PPPoE -Server] ip a ddress> add a ddress=10.1.0. 3/24 interfac e=Local [admin@PPPoE -Server] ip a ddress> print Flags: X - d isabled, I -[...]

  • Page 178

    178 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.6.8 T roubleshooting Description I can connect to my PPPo E server. Th e ping go es even through it, bu t I still ca nnot open w eb pages Make sure that you have spe cified a valid DNS s erver in the r outer ( in /ip dns or in /ppp p rof[...]

  • Page 179

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 179 RouterOS v3 Con figuration a nd User Gui de Quick Setup Guide To make a P PTP tunne l between 2 RouterOS routers with IP addresses 10.5 .8.104 (PPTP se rver) and 10.1.0.172 (PPTP client), follo w the next steps. Configuratio n on PPTP serv er router: Add a user: [admin@PPTP- Server][...]

  • Page 180

    180 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Additional Resour ces http://msdn.mi crosoft.com/lib rary/backgrnd/ht ml/underst anding_ppt p.htm http://sup port.microsoft.com/ suppo rt/kb/articles/q162/8 /47.asp http://sup port.microsoft.com/ kb/154 062/en-us http://www.iet f.org/rfc/r[...]

  • Page 181

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 181 RouterOS v3 Con figuration a nd User Gui de 8.7.3 Monitoring PPTP C lient Command name: /interface pptp-cli ent monitor Property Description encoding ( text ) - e ncryption and encoding (if asymmetric , separated with '/') being use d in t his connection idle-ti me ( read-[...]

  • Page 182

    182 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Specifying MRRU means enabling MP ( Multilink PPP) over singl e link. This prot ocol is us ed to split big packets into smaller on es. Under Windows it can be e nabled in Networ king tag, Settin gs button, "Negotiate m[...]

  • Page 183

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 183 RouterOS v3 Con figuration a nd User Gui de Example To add a static en try for ex1 us er: [admin@AT-WR 4562] interfa ce pptp-serve r> add user=ex 1 [admin@AT-WR 4562] interfa ce pptp-serve r> print Flags: X - d isabled, D - dynamic, R - running # NAME USER MTU CLIE NT-ADDRESS [...]

  • Page 184

    184 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Then the user shou ld be added in the PP TP server list: [admin@HomeO ffice] interf ace pptp-serv er> add user=e x [admin@HomeO ffice] interf ace pptp-serv er> print Flags: X - d isabled, D - dynamic, R - running # NAME USER MTU CLIE[...]

  • Page 185

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 185 RouterOS v3 Con figuration a nd User Gui de On the PPTP server it can alt ernatively be don e using rout es parameter of the user configuration: [admin@HomeO ffice] ppp se cret> print d etail Flags: X - d isabled 0 name=" ex" service=p ptp caller-id ="" passwo[...]

  • Page 186

    186 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de [ Remote Office ] 192.168.81.1/24 Internet ISP #2 192.168.81.0/ 24 ISP #1 192.168.80.0/ 24 192 .1 68 . 80 . 111 / 24 10.150.1.1 /24 10.150.1.25 4/24 To RemoteOffice 10.150.1.1/32 Tunnel_To_Home Office 10.150.1.25 4/32 Encrypted PPTP Tunnel[...]

  • Page 187

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 187 RouterOS v3 Con figuration a nd User Gui de Finally, the pro xy APR must b e enabled on the 'Office' in terface: [admin@Remot eOffice] inte rface etherne t> set Office arp=proxy-arp [admin@Remot eOffice] inte rface etherne t> print Flags: X - d isabled, R - running #[...]

  • Page 188

    188 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Description IPsec (IP Security) su pports se cure (encrypte d) communicati ons over IP net works. Encryption After packet is sr c-natted (if n eeded), but befo re puttin g it into interf ace queue , IPsec p olicy d atabase is consulted to [...]

  • Page 189

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 189 RouterOS v3 Con figuration a nd User Gui de • Phase 2 - The peers establish one or more SAs that will b e used by IPsec to encr ypt data. All S As established by IKE daemon w ill have lifetime value s (either limitin g time, after which S A will become invalid, or amount of data t[...]

  • Page 190

    190 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de large packets with don't fragm ent flag will no t be able to pass the r outer inherit - do not change the f ield set - set the f ield, so that eac h packet matchin g the rule wil l not be f ragmented. Not re commen ded dst-address ( I[...]

  • Page 191

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 191 RouterOS v3 Con figuration a nd User Gui de Example To ad d a policy to encrypt all th e traffic bet ween t wo hosts (1 0.0.0.147 and 1 0.0.0.14 8), we n eed do the following: [admin@WiFi] ip ipsec pol icy> add sa-s rc-address=10. 0.0.147 ... sa-dst- address=10.0. 0.148 action[...]

  • Page 192

    192 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de lifeti me ( time ; default: 1d ) - phase 1 lifet ime: specifies how long the SA wi ll be valid; S A will be disc arded after this time nat-traversal (yes | no; defa ult: no ) - use Linux NAT-T m echanism to sol ve IPsec incomp atibility wi[...]

  • Page 193

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 193 RouterOS v3 Con figuration a nd User Gui de remote-addre ss ( read-only: I P address ) - p eer's IP address side ( multiple choic e, read-only: in itiator | respo nder) - show s which side init iated the conn ection initiator - ph ase 1 negotiatio n was started b y this rout er[...]

  • Page 194

    194 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Sample printou t looks as follo ws: [admin@WiFi] ip ipsec> in stalled-sa pr int Flags: A - A H, E - ESP, P - pfs 0 E spi= E727605 src-a ddress=10.0.0 .148 dst-addre ss=10.0.0.147 auth -algorithm=sh a1 enc-algori thm=3des repla y[...]

  • Page 195

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 195 RouterOS v3 Con figuration a nd User Gui de Example To flush all the S As installed: [admin@AT-WR 4562] ip ipse c installed-s a> flush [admin@AT-WR 4562] ip ipse c installed-s a> print [admin@AT-WR 4562] ip ipse c installed-s a> 8.8.7 Application Exampl es RouterOS Router t[...]

  • Page 196

    196 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de for Router1 [admin@Route r1] > ip ipse c manual-sa a dd name=ah-sa1 ... ah-spi= 0x101/0x100 a h-key=abcfed [admin@Route r1] > ip ipse c policy add src-address=10 .1.0.0/24 ... dst-add ress=10.2.0.0 /24 action=en crypt ipsec-pr [...]

  • Page 197

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 197 RouterOS v3 Con figuration a nd User Gui de configure IPsec for Router1 [admin@Route r1] > ip ipse c policy add src-address=10 .1.0.0/24 ... dst-add ress=10.2.0.0 /24 action=en crypt tunnel=y es ... sa-src- address=1.0.0 .1 sa-dst-add ress=1.0.0.2 [admin@Route r1] > ip i[...]

  • Page 198

    198 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 9 Fir ewall and QoS 9.1 Filter Document revisi on: 2.7 (Fri Nov 04 16: 04:37 GMT 2005) Applies to: V2.9 9.1.1 Gener a l Information Summar y The firewall implements p acket filtering and thereby provides security fun ctions that are used t[...]

  • Page 199

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 199 RouterOS v3 Con figuration a nd User Gui de RouterOS has very powerfu l firewall implement ation with fe atures including: • stateful packet filte ring • peer-to-p eer protocols filterin g • traffic classification by: source MAC ad dress IP addresses (net work or list) and add[...]

  • Page 200

    200 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description action (accept | add-dst-to -address-list | add-src-t o-addres s-list | drop | jump | log | pa ssth rough | reject | return | tarpit; default: acc ept ) - action to un dertake if the packet mat ches the ru le accept - [...]

  • Page 201

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 201 RouterOS v3 Con figuration a nd User Gui de unicast - IP addres ses used f or one p oint to anot her point transmission. There is only o ne sender and one receiver in th is case local - matches a ddresses ass igned to route r's interfaces broadcast - th e IP packet is sent fr o[...]

  • Page 202

    202 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de time - sp ecifies the time in terval over which t he packe t rate is measur ed burst - number of packets to match in a bu rst log-prefix ( tex t ) - all messa ges writte n to logs will cont ain the prefix spe cified herein. Used in conjunc[...]

  • Page 203

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 203 RouterOS v3 Con figuration a nd User Gui de tcp-flags (ack | cwr | ece | f in | psh | rst | syn | ur g) - tcp flags to match ack - acknowled ging data cwr - congestion w indow re duced ece - ECN- echo flag (explicit congestion n otification) fin - close conn ection psh - push fu nct[...]

  • Page 204

    204 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Make jumps to n ew chains: add chain=fo rward protoco l=tcp action= jump jump-targ et=tcp add chain=fo rward protoco l=udp action= jump jump-targ et=udp add chain=fo rward protoco l=icmp action =jump jump-tar get=icmp Create tcp chain and [...]

  • Page 205

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 205 RouterOS v3 Con figuration a nd User Gui de Submenu level: /ip firewall mangle Standards and Te chnologies: IP Hardware usage : Increases wi th count of man gle rules Related T opic s • IP Addresses and ARP • Routes, Equ al Cost Multipath Routing, Polic y Routing • NAT • Fil[...]

  • Page 206

    206 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de chain (forwar d | input | output | p ostrouting | pr erouting) - specify the cha in to pu t a particular rule in to. As the differen t traffic is passe d through different chains, always be carefu l in choosin g the right chain for a new r[...]

  • Page 207

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 207 RouterOS v3 Con figuration a nd User Gui de that particular clien t local-dst - tru e, if a packet h as local destin ation IP a ddress to-clie nt - true, if a packet is sent to a client icmp-option s ( integer : integ er ) - match ICM P Type:Code f ields in-bridge-port ( na me ) - a[...]

  • Page 208

    208 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de every - match e very every +1 th p acket. For example, if every=1 th en the r ule matches every 2n d packet counter - specifies w hich co unter t o use. A counte r increments each time the rule con taining nth match matches packet - match [...]

  • Page 209

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 209 RouterOS v3 Con figuration a nd User Gui de rst - drop conn ection syn - new conne ction urg - urgent dat a tcp-mss ( integ er : 0..65535 ) - matches TCP MSS value of an IP packet time ( time - time ,s at | fri | thu | wed | tue | mo n | sun{ +}) - allows to create f ilter based on [...]

  • Page 210

    210 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Change MSS It is a well kn own fact t hat VPN links h ave smaller pack et s ize due to incapsulation o verhead. A large packet with MSS that e xceeds the MSS of th e V PN link should be fragmented prior to sending it via that kind of conne[...]

  • Page 211

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 211 RouterOS v3 Con figuration a nd User Gui de The packet flow t hrough th e route r is depicted in the follo wing diagram : Figure 32: Pac ket Flow Di agram As c an b e seen on the diagram, there are five chains in the processin g pip eline. These are prerouting , input , forward , ou[...]

  • Page 212

    212 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Routed traffi c The traffic re ceived for the rou ter's M AC address on th e respe ctive port, is passed to the routing procedures and can be of one of th ese four t ypes: • the traffic which is destined to the route r it self. The [...]

  • Page 213

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 213 RouterOS v3 Con figuration a nd User Gui de Property Description assured ( read-onl y: true | false ) - shows wh ether re play was seen fo r the last packet mat ching this ent ry connection-mar k ( read-only: t ext ) - Conn ection mark set in mangle dst-address ( read-onl y: IP addr[...]

  • Page 214

    214 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de max-entries ( re ad-only: integ er ) - the maximu m number o f conn ections the connection state table can contain, depends on an amou nt of to tal memory tcp-close-t imeout ( time ; def ault: 10s ) - maxim al amount o f time conn ection t[...]

  • Page 215

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 215 RouterOS v3 Con figuration a nd User Gui de 9.3.6 Gener a l Fir ew all Information Description ICMP TYPE:CO DE values In or der to protect your rout er and atta ched pri vate netw orks, you n eed to con figure firew all to drop o r reject most of ICMP tr affic. However, some I CMP p[...]

  • Page 216

    216 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de widely ab used f or u nlicensed software and media destribution . Even wh en it is use d for legal p urposes, p2p may he avily di sturb oth er net work traffic, su ch as ht tp and e-m ail. RouterOS is able to recognize connections o f the [...]

  • Page 217

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 217 RouterOS v3 Con figuration a nd User Gui de 9.4.2 NA T Description Network Address Translation is an Int ernet standard that allow s host s on local are a net works to u se one set of IP addresses for in tern al commun ications and another set of IP a ddresses for external communica[...]

  • Page 218

    218 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de address-list p arameter add-src-to-addre ss-li st - adds source ad dress of an IP p acket to the address list sp ecified by add ress- list parameter dst-nat - repla ces destination address of an IP packet to values sp ecified by to-addre s[...]

  • Page 219

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 219 RouterOS v3 Con figuration a nd User Gui de dst-limit ( integer / time {0,1} , integer ,dst-address | dst-port | sr c-address{ +}, time {0,1}) - limits the packet per second (pps) rate on a per destination IP or p er destination port base. As opp osed to the lim it match, every dest[...]

  • Page 220

    220 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de every - match e very every +1 th p acket. For example, if every=1 th en the r ule matches every 2n d packet counter - specifies w hich co unter t o use. A counte r increments each time the rule con taining nth match matches packet - match [...]

  • Page 221

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 221 RouterOS v3 Con figuration a nd User Gui de 9.4.3 NA T Applications Description In this section some NAT app lications and ex amples of them are discussed. Basic NAT confi guration Assume we want t o create ro uter that: "hides" the p rivate LAN "behi nd" one a d[...]

  • Page 222

    222 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10 Hot Spot Ser vice 10.1 HotSpot Gatewa y Document revisi on: 4.2 (Tue Jul 04 14:49:38 GMT 2006) Applies to: V2.9 10.1.1 Gener al Information Summar y The Rou terOS Hot Spot Gatew ay enables p roviding of public network acces s for client[...]

  • Page 223

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 223 RouterOS v3 Con figuration a nd User Gui de [HotSpot Gat eway] WAN/LAN Interf ace Internet RADIUS HotSpot Interf ace Figure 34: HotS pot exam ple network The Hot Spot int erface shou ld have an IP address ass igned to it. Physic al network connection has to be established betw een t[...]

  • Page 224

    224 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Before the au thentication When enablin g H otSpot on an int erface, the s ystem auto matically set s up ever ything needed to sh ow login pa ge fo r all clients that are not lo gged in. Th is is d one by adding dynamic dest ination NAT ru[...]

  • Page 225

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 225 RouterOS v3 Con figuration a nd User Gui de amount of time pe r MAC address to be freely used with some limitations imp osed by the provided u ser profile. In case the M AC address still has som e trial time unu sed, the login pa ge will con tain th e link for trial login. The time [...]

  • Page 226

    226 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • /ip hotspot ser vice-port - a ddress translation helpers fo r the one-to- one NAT • /ip hotspot walled-garden - Walled G arden rules at HTTP level ( DNS names, HTTP reque st substrin gs) • /ip hotspot wal led-garden ip - Walled Gar[...]

  • Page 227

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 227 RouterOS v3 Con figuration a nd User Gui de 10.1.3 HotSpot In terfac e Setup Submenu level: /ip hotspot Description HotSpot system is put on in dividual interfa ces. You can ru n comp letely diff erent HotSpot con figurations on different interfaces Property Description HTTPS ( read[...]

  • Page 228

    228 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.1.4 HotSpot S er ver Pr ofiles Submenu level: /ip hotspot p rofile Property Description dns-name ( text ) - DNS name of the HotSpot server. This is th e DNS name used as the n ame of the HotSpot server (i.e., it appe ars as the location[...]

  • Page 229

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 229 RouterOS v3 Con figuration a nd User Gui de smtp-server ( IP addr ess ; def ault: 0.0. 0.0 ) - default SM TP server to b e used to redire ct uncondition ally all user SMTP requ ests to split-user-domai n (yes | no; default: no ) - wh ether to split us ername from dom ain name wh en [...]

  • Page 230

    230 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     There can be mul tiple cookies w ith the same M AC address. For example, there will be a separate cookie for each web brows er on the same c omputer. Cookies can expire - that's the w ay how it is supp osed to be. Defa[...]

  • Page 231

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 231 RouterOS v3 Con figuration a nd User Gui de Example To allow unaut horized req uests to t he www.e xample.com domain 's /paynow.html page: [admin@AT-WR 4562] ip hots pot walled-ga rden> add path ="/paynow.htm l" ... dst-hos t="www.exampl e.com" [admin@[...]

  • Page 232

    232 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     This is an ordered lis t, so you can put more specifi c entries on th e top of th e list for them to o verride more common rule s that appear lower. You can even put an en try with 0.0.0. 0/0 addres s at the end of the list[...]

  • Page 233

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 233 RouterOS v3 Con figuration a nd User Gui de Property Description name ( read-only : name ) - prot ocol name ports ( read-only: int eger ) - list of the ports on w hich the protocol is workin g Example To set the FTP pr otocol uses both 2 0 and 21 TCP port : [admin@AT-WR 4562] ip hot[...]

  • Page 234

    234 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de All o ther packets ex cept DNS and lo gin requests fr om unauthorized clients sho uld pass thro ugh the hs- unauth chain 7 D chain=ho tspot action= jump jump-tar get=hs-auth ho tspot=auth pr otocol=tcp And packets fro m the auth orized cli[...]

  • Page 235

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 235 RouterOS v3 Con figuration a nd User Gui de Packet filter rule s From /ip firewal l filt er print dynamic command, you can get so mething like this (commen ts follow after each of the rules): 0 D chain=fo rward action= jump jump-tar get=hs-unauth hotspot=from- client,!auth Any packe[...]

  • Page 236

    236 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.3.10 Customi zing HotSpot: HTTP Serv let P ages Description You can create a complet ely different set of servlet pa ges for each HotSpo t s erver you have, specifyin g the directory it will be sto red in html-direc tory propert y of a [...]

  • Page 237

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 237 RouterOS v3 Con figuration a nd User Gui de if user is logged in, rstatus.htm l is displayed; if rstatus.htm l is not fo und, redirect.html is used to redirect to the status page if user is not logged in , rlogin.html is displayed; if rlogin. html is not found, re direct.html is use[...]

  • Page 238

    238 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de server-name - Hot Spot serv er name (set in the /ip hotsp ot menu, as th e name pro perty) Links: link-logi n - link to login page including ori ginal URL requ ested ("http://10.5 .50.1/login?dst=htt p://www.example. com/") link-[...]

  • Page 239

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 239 RouterOS v3 Con figuration a nd User Gui de radius<id>u - show the attri bute iden tified with <id> in unsigned integer f orm (in case RADIUS authent ication was used; "0" o therwise ) radius<id>-<v nd-id> - show the attrib ute identified wit h <[...]

  • Page 240

    240 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If you want to us e HTTP-CHAP authentication me thod it is supp osed that you incl ude the doLog in() function (which r eferences to th e md5.js which m ust be already loaded) before th e Submit ac tion of the login form. O[...]

  • Page 241

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 241 RouterOS v3 Con figuration a nd User Gui de (you should corre ct the link to point t o your server) • To erase the cook ie on logof f, in the page con taining link t o the logout (fo r example, in statu s.html) change: open('$(link -logout)', 'h otspot_logout '[...]

  • Page 242

    242 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • Hotspot will ask RADIUS ser ver whethe r to allow the login or not. If n ot allowed, alogin .html page will be displaye d (it can be modified to do an ything!). If not allowed, flog in.html (or login.html) page will be displayed, wh ic[...]

  • Page 243

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 243 RouterOS v3 Con figuration a nd User Gui de RADIUS client non-fatal error s: • invalid username o r pa sswor d - RADIU S server has rejected th e username and pas sword sent to it wit hout specifying a r eason. Cause : either wro ng us ername and/or password, or ot her error. Solu[...]

  • Page 244

    244 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de If all fields has been filled in th e ip-b inding table and type h as been set to bypas sed , th en the IP a ddress of this ent ry will be accessible from pub lic interfaces immed iately: [admin@AT-WR 4562] ip hots pot ip-bindin g> prin[...]

  • Page 245

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 245 RouterOS v3 Con figuration a nd User Gui de advertise-url ( multiple choice: t ext ; default: htt p://www.all iedtelesis.c om/ ) - list of URL s to show as advertisement popup s. The list is cyclic, so w hen the last item reached, ne xt time th e first is shown idle-ti meout ( time [...]

  • Page 246

    246 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.4.3 HotSpot U ser s Submenu level: /ip hotspot u ser Property Description address ( IP addre ss ; default: 0 .0. 0.0 ) - static IP address. If not 0. 0.0.0 , client w ill always get th e same IP address. A confi gured address implies, t[...]

  • Page 247

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 247 RouterOS v3 Con figuration a nd User Gui de Example To add user ex with password ex that is allowed to log in on ly with 01:23:45:67 :89:AB MAC address and is limited to 1 hour of work: [admin@AT-WR 4562] ip hots pot user> add name=ex passw ord=ex ... mac-add ress=01:23:45 :67[...]

  • Page 248

    248 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To get the list of active user s: [admin@AT-WR 4562] ip hots pot active> p rint Flags: R - r adius, B - bl ocked # USER ADD RESS UPTIME S ESSION-TIMEOU T IDLE-TIMEOU T 0 ex 10. 0.0.144 4m17s 5 5m43s [admin@AT-WR 4562] ip hots po[...]

  • Page 249

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 249 RouterOS v3 Con figuration a nd User Gui de 11 High A vailability pr otocols and techniqu es 11.1 VRRP Document revisi on: 1.5 (Mon Jul 10 16:51:20 GMT 2006) Applies to: V2.9 11.1.1 Gener al Information Summar y Virtual Router Redun dancy Prot ocol (VRR P) imple mentation in the Rou[...]

  • Page 250

    250 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de other configuration) active. A backup instance is no t 'ru nning', so all the settings attached to t hat inte rface is inactive. Property Description arp (disabled | en abled | pro xy-arp | reply-on ly; default: en abled ) - Ad d[...]

  • Page 251

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 251 RouterOS v3 Con figuration a nd User Gui de 11.1.3 Vir tual IP addr esses Submenu level: /ip vrrp ad dress Property Description address ( IP addre ss ) - IP addr ess belon gs to the virtu al router broadcast ( IP add ress ) - broadc asting IP address interface ( name ; default: def [...]

  • Page 252

    252 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de This example sh ows how to configure VRRP on the tw o rou ters sho wn on the diagram. The rou ters must have initial configuration : inte rfaces are enabled, e ach interface have approp riate IP address, and routing table is set correctl y[...]

  • Page 253

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 253 RouterOS v3 Con figuration a nd User Gui de Testing fail over Now, when we will disconne ct the master router, t he backup on e will switch to th e master s tate: [admin@AT-WR 4562] ip vrrp > print Flags: X - d isabled, I - invalid, R - running, M - m aster, B - ba ckup 0 RM name[...]

  • Page 254

    254 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To make s ystem gen erate a supp ort outp ut file and sen t it auto matically to support@ex ample.com through t he 192.0.2. 1 smtp server in case of a software cr ash: [admin@AT-WR 4562] system watchdog> set auto-send-sup out=ye[...]

  • Page 255

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 255 RouterOS v3 Con figuration a nd User Gui de 12 Monitoring and Mana gement 12.1 Log Manag e ment Document revisi on: 2.3 (Mon Jul 19 07:23:35 GMT 2004) Applies to: V2.9 12.1.1 Gener al Information Summar y Various syste m e vents and s tatus information can be logged. L ogs can b e s[...]

  • Page 256

    256 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 12.1.3 Actions Submenu level: /system logg ing acti on Property Description disk-lines ( int eger ; default: 10 0 ) - numb er of records in lo g file saved on the disk (onl y if action target is set to disk ) disk-stop-on-full (yes | no; d[...]

  • Page 257

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 257 RouterOS v3 Con figuration a nd User Gui de Command Description print - shows lo g messages buffer - prints lo g messages t hat were save d in specified lo cal buffer follow - monitor system logs without-paging - p rints logs withou t paging file - saves the log informatio n on loca[...]

  • Page 258

    258 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Specifications Packages requ ired: system , p pp (optional) License requ ired: Level1 Submenu level: /snmp Standards and Te chnologies: SNMP (RFC 11 57) Hardware usage : Not signifi cant Related T opic s Software Package M anagemen t IP Ad[...]

  • Page 259

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 259 RouterOS v3 Con figuration a nd User Gui de Property Description active-fl ow-timeout ( time ; def ault: 30m ) - maximu m life-time of a flow cache-entries (1 k | 2k | 4 k | 8k | 1 6k | 32k | 64k | 128k | 256 k | 512k; default: 1k ) - number o f flows which can reside in the rout er[...]

  • Page 260

    260 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Some screensh ots from NTop program, which has gather ed Traffic-Flo w information from our router and displays it in ni ce graphs a nd statistics. For example, wh ere what kin d of traffic has flo wn: Figure 36: Host I nformati on Top thr[...]

  • Page 261

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 261 RouterOS v3 Con figuration a nd User Gui de Figure 38: Netw ork load profile by ti me Figure 39: Tra ffic Load by protocol[...]

  • Page 262

    262 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 12.4 Graphin g Document revisi on: 1.1 (Wed Mar 15 09:46: 17 GMT 2006) Applies to: V2.9 12.4.1 Gener al Information Summar y Graphing is a t ool which is us ed for monitor ing various Ro uterOS p arameters over a period of time. Specificat[...]

  • Page 263

    AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 263 RouterOS v3 Con figuration a nd User Gui de 12.4.3 Health Gr aphing Submenu level: /tool graphing health Description This submenu p rovides information about Rout erBoard's 'health' - voltage and t emperature . For this option, you h ave to install th e routerboard pa[...]

  • Page 264

    264 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Add a simple qu eue to Graph er list with simple-queue name queue1 , allow limit ed clients to access Grapher from web , store info rmation abou t traffic on disk: [admin@AT-WR 4562] tool gr aphing queue> add simple-qu eue=queue[...]