Allied Telesis AT-WR4500 manual

PN 613-0 00813 Rev. B AT-WR4500 Series IEEE 802.11abgh O utdoor Wireles s Rou ters RouterOS v3 Configu ration and U ser Gu ide[...]

2 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Copyright © 2009 Allied Telesis International All rights r eserved. No part of this pu blication m ay be reproduce d without pr ior written permission from Allied Teles is International. Microsoft and Internet Explorer are registered t rade[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 3 RouterOS v3 Con figuration a nd User Gui de LIMITATION OF LIABILITY AND DAMAGES THE PRODUCT AND THE SOFTWARES WITHIN ARE PROVIDED "AS IS," BASIS. THE MANUFACTURER AND MANUFAC TURER’S RESE LLERS (C OLLECTIVELY REFERRED TO A S “THE SELLERS”) DISC LAIM ALL WARR ANTIES, EX[...]

4 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de C ONTENTS 1 Introduction ........... ............ ............. ................ ............. ............ .................. ............ ............. ............ .................. ....... 12 1.1 Features ..................... .........[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 5 RouterOS v3 Con figuration a nd User Gui de 4.3.15 Network Scan .............. ............ ................. ............ ............. ............ .................. ............. ............ ...... 55 4.3.16 Security Profiles ................... ............ ................ ....[...]

6 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 6.1.2 DHCP Client Setu p................ ............ ................. ............ ............ ............. .................. ............ ..... 117 6.1.3 DHCP Server Set up ................. ............. ................ ............ [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 7 RouterOS v3 Con figuration a nd User Gui de 8.5.3 Monitoring L2 TP Client ................... ............... ............. ............ ............. .................. ............ ...... 163 8.5.4 L2TP Server Setup .............. ............ ................ ............. ........[...]

8 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.1.5 HotSpot User Profiles ...................... ............... ............. ............ ............ .................. ............. .......2 29 10.2 HotSpot Users .................... ............. ............ .................. ..[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 9 RouterOS v3 Con figuration a nd User Gui de F IGURES Figure 1: AT-WR4 500 Ser ies typical application ............. ............. ............ ............. ................. ............. ............ ............. ........12 Figure 2: WinBo x Loader dis covering ......... ..........[...]

10 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de P REFACE Purpose of Th is Guid e This guide describes the AT-WR450 0 Series Outdoor Wi reless Rou ters Rout erOS command structure and configuratio n for allowin g users or networ k managers to corr ectly configure t he router getting th e [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 11 RouterOS v3 Con figuration a nd User Gui de C ONTACTING A LLIED T ELESIS This section provides Allied Telesis contact information for technical supp ort as well as sales and corporate infor mation. Online Sup port You can requ est technical supp ort online by accessing the Allied Tel[...]

12 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 1 Intr oduc tion Thank you for p urchasing an AT-WR450 0 series Wireless Router .     Please refer to th e ATWR45xx Quick Installation Guid e for infor mation on how t o install connec t and initially setup each rou ter model. T[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 13 RouterOS v3 Con figuration a nd User Gui de 1.1 F eatur es The AT-WR450 0 series Rout erOS firmware is very rich of features and very flexible. Among oth ers: • Real IP routing fu nctionalities • 2.4 GHz and 5 GHz dual band operation s • IEEE 802 .11a/b/g/h compliant • Certif[...]

14 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 2 Conf iguring RouterOS 2.1 Logging in the A T -WR4500 Rout er There are m any options for a ccessing your AT-WR450 0 Router command f acility: • Accessing t he router Co mmand Lin e Interface e ither via T elnet or SSH using any t ext-mo[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 15 RouterOS v3 Con figuration a nd User Gui de Figure 3: Win Box main wi ndow Select f rom t he menu bar located in th e left most part of the window the comman d or menu that you want to access and st art con figuring th e equip ment. For instance you can click on th e “New Termin al[...]

16 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de After log ging int o th e rou ter you will be present ed with the Router OS™ Welco me Scre en an d command prompt, fo r example: AA TTTTTTTTT TTTTTTTTT oo ooo AA AAA TTTTTTTT TTTTTTT oooo oooo AAAA AAAA TTTTT TTT I ooo ooo AAAAAA AAAAA TT[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 17 RouterOS v3 Con figuration a nd User Gui de A comm and or an argument does not need to be completed, if it is not ambiguou s. Fo r e xample, instead of typing interf ace you can t ype just in or int . To complete a command use the [Tab] ke y.     The completion is optiona[...]

18 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 3 Conf iguration and Softwar e Mana g em ent Document revisi on: 1.6 (Mon Sep 19 12:55: 52 GMT 2005) Applies to: V2.9 3.1 General In formation Summar y This chapter intr oduces you with comman ds which are used to perfo rm the followin g fu[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 19 RouterOS v3 Con figuration a nd User Gui de To see the files st ored on th e router: [admin@AT-WR 4562] > file print # NAME TYP E SIZE CREATI ON-TIME 0 test.bac kup bac kup 1256 7 sep/08 /2004 21:07:5 0 [admin@AT-WR 4562] > To load the sa ved backup file test : [admin@AT-WR 456[...]

20 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     It is impossible to i mport the wh ole router confi guration using thi s feature. It can only be used to import a part of configura tion (for exa mple, firewall rules) in order to spare you som e typing. Command Description [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 21 RouterOS v3 Con figuration a nd User Gui de Standards and Te chnologies: None Hardware usage : Not signifi cant 3.2.2 System Upgr ade Submenu level: /system u pgrade Description This s ubmenu gives you t he ability to download RouterO S so ftware packages f rom a remot e Ro uterOS ro[...]

22 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 3.2.3 Adding P ackage Source Submenu level: /system u pgrade upgra de-package- source Description In this su bmenu you can add remote r outers fro m which to download RouterOS soft ware packages. Property Description address ( IP addre ss )[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 23 RouterOS v3 Con figuration a nd User Gui de • The package dep endency is checked befo re installing a soft ware package. The package will not b e installed, if the r equired softw are package is m issing • The version of th e feature p ackage should be t he same as t hat of the s[...]

24 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If a package is marked for unins tallation, but it is required for an other (depend ent) package, th en the marked package ca nnot be unin stalled. You should un install the dependent pack age too. For th e list of package d[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 25 RouterOS v3 Con figuration a nd User Gui de Example To downgrade th e RouterOS (assuming that all needed pac kages are already uploade d): [admin@AT-WR 4562] system package> down grade Router will be rebooted. Continue? [y/ N]: y system will reboot shortl y 3.3.5 Disabling and Ena[...]

26 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Suppose we need to cancel security pack age uninst allation action schedule d on reb oot: [admin@AT-WR 4562] system package> prin t Flags: X – d isabled # NAME VERSION SCHEDULED 0 routeros -rb500 3.0 1 system 3.0 2 X ipv6 3.0 3[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 27 RouterOS v3 Con figuration a nd User Gui de Example See the available p ackages: [admin@AT-WR 4562] system upgrade> refr esh [admin@AT-WR 4562] system upgrade> prin t # SOURCE NAME VER SION STAT US COMPL ETED 0 192.168.2 5.8 router os-x86 2. 9.44 ava ilable 1 192.168.2 5.8 rout[...]

28 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • Ethern et interface supp ort • IP over IP tun nel interf ace support • Ethern et over IP tunnel in terface support • driver management for Eth ernet ISA cards • serial port mana gement • local user man agement • export and i[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 29 RouterOS v3 Con figuration a nd User Gui de Package name Contents Prerequisite s Additional Li cense wireless Support for wireless interfaces with updated Countr y Re gulatory Dom ain settings none None[...]

30 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4 Conf iguring Interfaces 4.1 General In terface Set tings Document revisi on: 1.1 (Fri Mar 05 08:08:52 GMT 200 4) Applies to: V2.9 4.1.1 Gener a l Information Summar y AT-WR4500 Rou terOS supports a variety of physical and virtual interfac[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 31 RouterOS v3 Con figuration a nd User Gui de     One or more inter faces can be monitored at t he same time. To see overall traff ic passing thr ough all interfac es at time, use aggregate instead of interface name. Example Multiple inte rface monitoring: /interface m onit[...]

32 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de default - sup ort long cables short - suppo rt short cables standard - same as default disable-running-c heck (yes | no; defau lt: yes ) - disable ru nnin g check. If this value is set to 'n o', the router aut omatically detects w[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 33 RouterOS v3 Con figuration a nd User Gui de full-duplex (yes | no) - wh ether tran smission of data o ccurs in tw o directions simu ltaneou sly rate (10 Mb ps | 100 Mbps | 1 Gbps) - th e actual data r ate of the con nection status (link-ok | n o-link | un known ) - status of t he int[...]

34 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • No implied pro tocol limits on link distan ce • No implied pro tocol speed de gradation for lon g link distan ces • Dynamic protoco l adjustment depending on tr affic type an d resour ce usage Quick Setup Guide Let's consider t[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 35 RouterOS v3 Con figuration a nd User Gui de ack-tim eout range 5GHz 5GHz-turbo 2.4GHz-G 30km 249 137 368 35km 298 168 320 40km 350 190 375 45km 405 - -     These are not the pr ecise value s. Depending on hardware used and many other f actors they may vary up to +/- 15 mi[...]

36 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de band - operatin g band 2.4ghz-b - IEEE 802. 11b 2.4ghz-b/g - IEE E 802 .11g (support s also legacy IEEE 802.11b p rotocol) 2.4ghz-g-turbo - IEEE 802.11g using double channel, provi ding air rate of u p to 10 8 Mbit 2.4ghz-onlyg - on ly IEEE[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 37 RouterOS v3 Con figuration a nd User Gui de radar-detect - A P scans ch annel list fr om "scan-list" and chooses t he frequen cy which is with the lowest amount of ot her net works detected, if no radar is detected in this channe l for 60 secon ds, the AP st arts to operate[...]

38 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de address to the one of a differ ent device. In case no address is set in th e station-bridge- clone-m ac propert y, the station p ostpones connecting to an AP until so me packet, with t he source MAC address different fro m any of the rou te[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 39 RouterOS v3 Con figuration a nd User Gui de wds-cost-range ( integer ; def ault: 50-150 ) - r ange, within which the b ridge port cost of the WDS link s are adjusted. Th e calculations are based o n the p-throug hput value of t he respective WDS interf ace, which repre sents estimate[...]

40 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de To see current interface sett ings: [admin@AT-WR 4562] interfa ce wireless> print Flags: X - d isabled, R - running Flags: X - disabled, R - running 0 name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:18: 5C:3D arp=ena bled interf [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 41 RouterOS v3 Con figuration a nd User Gui de overhead (and th us increase s peed). The card is not w aiting for frames, bu t in case a n umber of packets are queue d for transmitting, t hey can be co mbined. There are several methods of fra ming: none - do not hing special, do not com[...]

42 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de mtu ( integer : 0 ..1600; default : 1500 ) - Maximum Tr ansmissi on Unit name ( name ) - refe rence name of the int erface rates-a/g ( mul tiple choice: 6M bps, 9 Mbps, 12 Mbps, 18Mbps, 24 Mbps, 36 Mbps, 48Mbps, 54Mbp s) - rates to be supp [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 43 RouterOS v3 Con figuration a nd User Gui de [admin@AT-WR 4562] interfa ce wireless> print Flags: X - d isabled, R - running 0 R name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:05: 00:14 arp=ena bled interf ace-type=Athe ros AR5413 mo de=station ssi d="AT-WR4560" [...]

44 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de client- tx-limit ( read-only: integer ) - t ransmit rate limit on the AP, in bits pe r second compression ( re ad-only: yes | no) - wh ether data compress on is us ed for this peer encryption ( read-onl y: aes-cc m | tkip) - u nicast encryp[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 45 RouterOS v3 Con figuration a nd User Gui de To get additional statistics: [admin@AT-WR 4562] interfa ce wireless> registration-t able print st ats 0 interface= wlan1 radio-n ame="000C4218 5C3D" mac-addr ess=00:0C:42: 18:5C:3D ap=no wds =no rx-rate=" 1Mbps" tx-r[...]

46 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The association p rocedure is as follows: w hen a new client w ants to associate t o the AP that is confi gured on interface wlanN , an e ntry with client's MAC address and inte rface wl anN is look ed up sequ entially from top to bo t[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 47 RouterOS v3 Con figuration a nd User Gui de 2512 , 2532, 2552, 2572 , 2592, 2612, 2 632, 2652, 2672 , 2692, 2712, 2 732) - the list of 2GHz IEEE 802.11b channels (freq uencies are give n in MHz ) 2ghz-g-chan nels ( multipl e choice, read-only : 2312, 2317, 23 22, 232 7, 2332, 2337, 2[...]

48 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     There is a special ar gument for t he print command - p rint count- only. It forces th e print comman d to print only the coun t of informati on topics. /interface wirele ss info pri nt command sho ws only chann els supporte[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 49 RouterOS v3 Con figuration a nd User Gui de Example [admin@AT-WR 4562] interfa ce wireless i nfo> print 0 interface -type=Atheros AR5413 chip-info ="mac:0xa/0x5 , phy:0x61, a 5:0x63, a2:0x0 , eeprom:0x50 02" tx-power- control=yes a ck-timeout-co ntrol=yes alig nment-mode[...]

50 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 59 60:0,5965:0,5 970:0,5975:0,5 980:0,5985:0, 5990:0,5995:0 , 60 00:0,6005:0,6 010:0,6015:0,6 020:0,6025:0, 6030:0,6035:0 , 60 40:0,6045:0,6 050:0,6055:0,6 060:0,6065:0, 6070:0,6075:0 , 60 80:0,6085:0,6 090:0,6095:0,6 100:0 2ghz-g-ch annels[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 51 RouterOS v3 Con figuration a nd User Gui de max-station-c ount ( integer ; default: 2007 ) - numb er of clien ts that can conne ct to this AP simultaneously mtu ( integer : 6 8..1600 ; default: 1500 ) - Maximum Transmiss ion Unit name ( name ; def ault: wlanN ) - interface name propr[...]

52 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description arp (disabled | en abled | pro xy-arp | reply-on ly; default: en abled ) - Ad dress Resolut ion Protocol disabled - the in terface will no t use ARP enabled - the int erface will us e ARP proxy-arp - the interface will [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 53 RouterOS v3 Con figuration a nd User Gui de audio-min ( i nteger ; default: - 100 ) - signal-st rength at wh ich audio (beep er) frequ ency will be the low est audio-monitor ( MAC addres s ; default: 00:00:00:00: 00:00 ) - MAC address of th e remote h ost which will be 'listened[...]

54 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example [admin@AT-WR 4562] interfa ce wireless a lign> monitor wlan2 # ADDRESS SSID RXQ AVG-RXQ LAST- RX TXQ LAST-T X CORRECT 0 00:01:24: 70:4B:FC wire lesa -60 -60 0.01 -67 0.01 100 % [admin@AT-WR 4562] interfa ce wireless a lign> 4.[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 55 RouterOS v3 Con figuration a nd User Gui de Example To set t he followin g transmit po wers at e ach rates: 1Mbp s@10dBm, 2 Mbps@1 0dBm, 5.5M bps@9dBm, 11Mbp s@7dBm, do the f ollowing: [admin@AT-WR 4562] interfa ce wireless m anual-tx-power -table> print 0 name="wla n1" [...]

56 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4.3.16 Security Pr ofiles Submenu level: /interface wi reless security- profile s Description This section pro vides WEP (Wired Equivalent Privacy) and W PA/WPA2 (Wi-Fi Pr otected A ccess) functions t o wireless inte rfaces. WPA The Wi-Fi P[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 57 RouterOS v3 Con figuration a nd User Gui de radius-mac-m ode (as-usern ame | as-userna me-and-passw ord; default: a s-username ) - whethe r to use MAC address as username on ly or ad both u sername and passwo rd for RADIU S auth entication static-al go-0 (none | 40bit-wep | 10 4bit-w[...]

58 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de tls-mode (no-cer tificates | d ont-verify-certific ate | verify-c ertificate; def ault: no-certi ficates ) - TLS certificate mode no-certific ates - certificates are negotiate d dynamically u sing anonymou s Diffie-He llman MODP 20 48 bit a[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 59 RouterOS v3 Con figuration a nd User Gui de file-size ( read-onl y: integer ) - c urrent file size (kB) memory-over-l imit- packets ( read-onl y: integer ) - numb er of packets t hat are drop ped be cause of exceeding memo ry-limit memory-save d-packets ( re ad-only: integer ) - h ow[...]

60 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description channel-ti me ( time ; default: 200ms ) - how long to snoop each chann el, if multiple-chan nels is set to yes multiple- channels (yes | no ; default: no ) - wh ether t o snoop mu ltiple channels or a single chann el no[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 61 RouterOS v3 Con figuration a nd User Gui de • disabled=no • On client (station): • mode=station • band=5ghz • ssid=test • disabled=no Configure th e Access Point a nd add an IP address (10.1.0.1 ) to it: [admin@Acces sPoint] inter face wireless > set wlan1 mo de=ap-bri[...]

62 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Configure th e station and add an IP address (1 0.1.0.2) to it: [admin@Stati on] interface wireless> se t wlan1 name=T o-AP mode=sta tion ssid=test band=5ghz di sabled=no [admin@Stati on] interface wireless> pr int Flags: X - d isab[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 63 RouterOS v3 Con figuration a nd User Gui de • Configure AP to sup port W DS connection s • Set wds-defa ult-bridge to b ridge1 • On WDS station : • Configure it as a WDS Statio n, using mode= station-wds • Configure t he WDS Access Point. Co nfigure th e w ireless interf ac[...]

64 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Now configure the WD S st ation and put th e wire less ( wl an1 ) an d eth ernet ( Local ) i nterfaces into a bridge: [admin@WDS_S tation] > int erface bridge [admin@WDS_S tation] inter face bridge> add [admin@WDS_S tation] inter face[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 65 RouterOS v3 Con figuration a nd User Gui de This example wil l show you h ow to create a VAP: [admin@VAP] interface wir eless> print Flags: X - d isabled, R - running 0 name=" wlan1" mtu=15 00 mac-addres s=00:0C:42:05: 00:22 arp=ena bled disabl e-running-che ck=no interf[...]

66 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Nstr eme This example sho ws you how to configure a point-to-p oint Nstrem e link. Nstreme 2 Nstreme 1 Figure 7: Nstrem e networ k example The set up of Nst reme is similar to u sual wireless configurat ion, ex cept t hat you have to do som[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 67 RouterOS v3 Con figuration a nd User Gui de Configure Nstreme -Client wireless sett ings and enable N streme on it: [admin@Nstre me-Client] in terface wirel ess> set wlan1 mode=station ssid=nstreme band=5ghz frequency=58 05 disabled=n o [admin@Nstre me-Client] in terface wirel e[...]

68 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 5180 MHz [DualNS - 2] [DualNS - 1] 5805 MHz Figure 8: Nstrem e dual ne twork exam ple Configure Dual NS-1 : [admin@DualN S-1] interfac e wireless> s et wlan1,wlan2 mode=nstreme -dual-slave [admin@DualN S-1] interfac e wireless> p rint[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 69 RouterOS v3 Con figuration a nd User Gui de     As we have not c onfigured the DualNS-2 rou ter, we cann ot define the remo te-mac param eter on DualNS-1 . We wil l do it after c onfiguring DualN S-2 ! The configuration o f DualNS -2 : [admin@DualN S-2] interfac e wireles[...]

70 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de WEP Security This example shows h ow to configure WEP (Wired Eq uivalent Privacy) on Access Point and Clients . In example w e will configure an Ac cess Point which will use 104bit-wep for on e station and 40bit-w ep for other clients. Th e[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 71 RouterOS v3 Con figuration a nd User Gui de Configure th e Access Point: [admin@WEP_A P] interface wireless secu rity-profiles> add name=Sta tionX ... mode=st atic-keys-req uired static- algo-1=40bit-w ep static-key -1=1234567890 ... static- transmit-key= key-1 [admin@WEP_A [...]

72 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Configure WEP_St ation1: [admin@WEP_S tation1] inte rface wireles s security-pro files> add na me=Station1 ... mode=st atic-keys-req uired static- sta-private-al go=104bit-wep ... static- sta-private-k ey=6543210987 65432109876543 [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 73 RouterOS v3 Con figuration a nd User Gui de Config of WE P_StationX: [admin@WEP_S tationX] inte rface wireles s security-pro files> add na me=StationX ... mode=st atic-keys-req uired static- algo-1=40bit-w ep static-key -1=1234567890 ... static- transmit-key= key-1 [admin@WE[...]

74 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de On t he AP in default or in your own made profile as an e ncryption algorithm choose w pa-psk . Sp ecify the pre-share d-key , wpa-uni cast-cipher s and wpa-group-c ipher [admin@WPA_A P] interface wireless secu rity-profiles> set default[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 75 RouterOS v3 Con figuration a nd User Gui de 4.4 VLAN Int erfaces Document revisi on: 1.2 (Mon Sep 19 13:46: 34 GMT 2005) Applies to: V2.9 4.4.1 Gener a l Information Summar y VLAN is an implementation o f the 802.1 Q VLAN protocol for RouterOS. It allows you to h ave multiple Virtual[...]

76 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de reply-only - the interface wil l only reply t o the req uests for to its ow n IP addresses , but ne ighbor MAC addresses will b e gathered fr om /ip arp statical ly set table o nly interface ( name ) - physical in terface to t he netw ork w[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 77 RouterOS v3 Con figuration a nd User Gui de On Router 1 : [admin@AT-WR 4562] ip addr ess> add addr ess=10.10.10.1 /24 interface =test [admin@AT-WR 4562] ip addr ess> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRES S NETWORK BROADCAST INTERFAC E 0 10.0.0 .204/24 10[...]

78 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Quick Setup Guide To put int erface ether1 and ether2 in a brid ge. Add a bridge int erface, called MyBridge : /interface b ridge add nam e="MyBridge" disabled=no Add ether1 and ether2 to MyB ridge inte rface: /interface b ridge p[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 79 RouterOS v3 Con figuration a nd User Gui de Property Description admin-mac: (MAC address) - MAC address ass igned to t he bridge if aut o-mac = no ageing-tim e ( time ; default: 5 m ) - how lon g a host informa tion will be kep t in the b ridge database arp (disabled | en abled | pro[...]

80 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To group ether1 and ether2 in the already created bridg e1 bridge (ver sions from 2.9 .9): [admin@AT-WR 4562] interfa ce bridge por t> add interfa ce=ether1 bri dge=bridge1 [admin@AT-WR 4562] interfa ce bridge por t> add inter[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 81 RouterOS v3 Con figuration a nd User Gui de Example To monitor a bri dge port: [admin@AT-WR 4562] interfa ce bridge por t> mo 0 status: in -bridge po rt-number: 1 role: de signated-port edge-port: no edge-port- discovery: ye s point-to-p oint-port: no ext ernal-fdb: no sen ding-rs[...]

82 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de There are thr ee bridge filter tables: • filter - bridge firew all with th ree predefin ed chains: • input - filters packets, which destination is th e bridge ( including those packets that will be routed, as they are anyway destined to[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 83 RouterOS v3 Con figuration a nd User Gui de dst-address ( IP ad dress ; defa ult: 0.0.0 .0/0 ) - destination IP address (only if M AC prot ocol is set to IP v4) dst-mac-addre ss ( MAC addr ess ; default: 00:00: 00:00:00:00 ) - destination MAC address dst-port ( integer : 0. .6553 5) [...]

84 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de stp-forward-dela y ( time : 0.. 655 35) - forward delay time r stp-hello-tim e ( time : 0..655 35) - stp hello packets time stp-max-age ( time : 0..6553 5) - maximal STP message age stp-msg-age ( tim e : 0..65535 ) - STP messa ge age stp-po[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 85 RouterOS v3 Con figuration a nd User Gui de Property Description action (accept | arp-reply | dr op | dst-nat | jump | log | mark | passthrou gh | redirect | r eturn | src-nat; default: accept ) - action to u ndertake if t he packet m atches the ru le, one of th e: accept - accep t t[...]

86 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 4.5.11 T roubl eshooting Description Router shows that my rule i s invali d • in-interface, in-b ridge (or in-br idge-port) is spec ified, but such an interf ace does not e xist • there is an action =mark-pack et, but n o new-packet-mar[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 87 RouterOS v3 Con figuration a nd User Gui de 5 IP and Routing 5.1 IP Addr esses an d ARP Document revisi on: 1.3 (Tue Sep 20 19:02: 32 GMT 2005) Applies to: V2.9 5.1.1 Gener a l Information Summar y The following Manual discuss es IP address management and the Address Resolution Pr ot[...]

88 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description actual-interface (re ad-only: name) - only applicable to log ical interf aces like bridges o r tun nels. Holds the name of t he actual hardw are interface th e logical one is boun d to. address (IP addres s) - IP addr e[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 89 RouterOS v3 Con figuration a nd User Gui de If ARP fe ature is t urned of f on the interface, i.e., arp=di sabled is use d, ARP requ ests from clients are not answered b y the rou ter. There fore, st atic ARP entry should be added to t he clients as well. For example, the route r&apo[...]

90 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Network A 192 .168.0.0/24 198 .168.0.130/25 Network B 192.168.0 .128/25 ether2 198.168.0 .129/25 198.168.0.20/2 4 198 .168.0.30/24 198 .168.0.1/25 ethe r1 A B C Figure 11: Prox y ARP Suppose the host A n eeds to commun icate to ho st C. To [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 91 RouterOS v3 Con figuration a nd User Gui de Example Consider the following conf iguration: Reserved for dial in 10.0.0.230 ..240 Pppoe - inX addresses 10.0.0.217 /32 10.0.0.217/24 ether1 10.0.0.1/24 Internet Laptop 10.0.0.231 /24 Server 10.0.0.2/24 WS 10.0.0.230/24 Figure 12: Prox y [...]

92 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de interface with th e networ k being th e same as the a ddress o n the r outer on the ot her side of t he p2p link (there may be n o IP on that in terface, bu t there is an IP fo r that ro uter). Example [admin@AT-WR 4562] ip addr ess> add[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 93 RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP Routes, Eq ual Cost Multip ath Routing, Polic y Routing Description Routing In formation Proto col (RIP) is o ne pro tocol in a s eries o f routin g p rotocols ba sed on B ellman- Ford (or distance vect[...]

94 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To enable RIP p rotocol to re distribute the rou tes to the conne cted network s: [admin@AT-WR 4562] routing rip> set red istribute-conn ected=yes [admin@AT-WR 4562] routing rip> print distri bute-default: never redistr ibute-[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 95 RouterOS v3 Con figuration a nd User Gui de 5.2.4 Networks Submenu level: /routing rip network Description To start the RIP p rotocol, yo u have to define t he netw orks on wh ich RIP will run. Property Description network ( IP addr ess mask ; de fault: 0.0. 0.0/0 ) - specifies t he [...]

96 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     This list shows rout es learned by all dynamic rou ting protocols ( RIP, OSPF and BGP) Example To view the list of t he route s: [admin@AT-WR 4562] routing rip route> p rint Flags: S - s tatic, R - ri p, O - ospf, C - con[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 97 RouterOS v3 Con figuration a nd User Gui de The necessary con figuration o f the RIP general settings is as follows: [admin@AT-WR 4562] routing rip> set red istribute-conn ected=yes [admin@AT-WR 4562] routing rip> print dist ribute-defaul t: never redis tribute-stati c: no redi[...]

98 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Alliedware+ Route r Configur ation ... interface Et hernet0 ip address 10.0.0.26 255 .255.255.0 no ip direc ted-broadcast ! interface Se rial1 ip address 192.168.1.1 2 55.255.255.25 2 ip directed -broadcast ! router rip version 2 redistribu[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 99 RouterOS v3 Con figuration a nd User Gui de Related T opic s • IP Addresses and ARP • Routes, Equ al Cost Multipath Routing, Polic y Routing • Log Management Description Open Shortest Pat h Fir st p rotocol is a link-state routin g pr otocol. It's uses a lin k-state algori[...]

100 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Within one area, only the rou ter that is conn ected to an other a rea (i.e. Area bord er rou ter) or to another AS (i.e. Autonomou s System bou ndary router) shoul d have the pr opagation of th e default rout e enabled. OS[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 101 RouterOS v3 Con figuration a nd User Gui de However, are as do not need t o be ph ysical connected to ba ckbone. It can be done with virtual link. The name and are a-id for this area can not be change d authenticat ion (none | simp le | md5; defau lt: none ) - spe cifies authe ntica[...]

102 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 5.3.5 Interfac es Submenu level: /routing ospf interface Description This fac ility pro vides tool s f or ad ditional in -depth configuration of OSPF interface sp ecific p arameters. You do not h ave to configure interf aces in order to ru[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 103 RouterOS v3 Con figuration a nd User Gui de Property Description neighbor-id ( IP addr ess ; def ault: 0.0. 0.0 ) - spe cifies router-id of th e neighbor transit-area ( na me ; default: (unknown) ) - a non-backbon e area the two r outers have i n common     Virtual links[...]

104 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example The following tex t can be obs erved just after adding an O SPF net work: admin@AT-WR4 562] routing ospf> neighbo r print router-id=1 0.0.0.204 add ress=10.0.0.2 04 priority=1 state="2-Way" state-ch anges=0 ls-re trans[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 105 RouterOS v3 Con figuration a nd User Gui de Now let's set up th e OSPF_MAIN router . The route r should have 3 NI Cs: [admin@OSPF_ MAIN] interfa ce> print Flags: X - d isabled, D - dynamic, R - running # NAME TYPE RX-RATE TX- RATE MT U 0 R main_gw ether 0 0 1500 1 R to_peer_[...]

106 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Assign IP addre sses to the se interfaces: [admin@OSPF_ peer_1] ip ad dress> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRE SS NETWOR K BROADCAST INTERFA CE 0 10.1. 0.1/24 10.1.0 .0 10.1.0.255 to_main 1 10.3. 0.1/24 10.3.0[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 107 RouterOS v3 Con figuration a nd User Gui de Add the same area as in pr evious rou ters: [admin@OSPF_ peer_2] routi ng ospf area> print Flags: X - d isabled, I - invalid # NAME AREA-ID STUB DEFAULT-COST AUTHENTICATI ON 0 backbone 0.0.0.0 none 1 local_10 0.0.0.1 no 1 none Add conne[...]

108 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Routing tables with Revised Link Cost This example sho ws how to set u p link cost. L et us assume, that th e link between the rou ters OSPF_peer_1 and OSPF_ peer_2 has a h igher cost (might b e slower, we have to pay more f or the traffic[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 109 RouterOS v3 Con figuration a nd User Gui de On OSPF_peer _1: [admin@OSPF_ peer_1] > ip route pr Flags: X - d isabled, I - invalid, D - dynamic, J - r ejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST -ADDRESS G GATE WAY DISTANCE IN TERFACE 0 Do 192.1 68.0.0/24 r [...]

110 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The OSPF rout ing changes as follows: Routes on OSPF_MAIN rou ter: [admin@OSPF_ MAIN] ip rout e> print Flags: X - d isabled, I - invalid, D - dynamic, J - r ejected, C - connect, S - static, r - rip, o - ospf, b - bgp # DST -ADDRESS G G[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 111 RouterOS v3 Con figuration a nd User Gui de Filter NAT Description RouterOS has follow ing types of rout es: dynamic ro utes - aut omatically created route s for ne tworks, wh ich are directl y accesse d through an interface. They appear autom atically, whe n addin g a new IP a ddre[...]

112 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de bgp-origin (inco mplete | igp | egp) - th e origin of the route prefix bgp-prepend ( in teger : 0..16) - numb er which indicates how many time s to prep end AS_NAME t o AS_PATH check-gate way (arp | ping; d efault: ping ) - which proto col[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 113 RouterOS v3 Con figuration a nd User Gui de     You can use policy r outing even i f you use masquerading on y our private n etworks. The sour ce address will be the same a s it is in the lo cal network. In p revious ver sions of Router OS the source addr ess changed to [...]

114 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     ISP1 gives us 2 Mbps and ISP2 - 4Mbps so w e want a traff ic ratio 1:2 (1/3 of the source/d estination IP pairs from 192.168. 0.0/24 go es through ISP1 , and 2/3 throu gh ISP2). IP addresses of th e router: [admin@ECMP- Rou[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 115 RouterOS v3 Con figuration a nd User Gui de Configuration o f the IP addres ses: [admin@PB-Ro uter] ip addr ess> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRESS N ETWORK BROADCAST INTERFACE 0 192.168 .0.1/24 1 92.168.0.0 192.168.0.25 5 Local1 1 192.168 .1.1/24 1 92[...]

116 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 6 DHCP and DNS 6.1 DHCP Client and Ser ver Document revisi on: 2.7 (Mon Apr 18 22:24: 18 GMT 2005) Applies to: V2.9 6.1.1 Gener a l Information Summar y The DHCP (Dynami c Host Conf iguration Protoco l) is needed for easy distribu tion of [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 117 RouterOS v3 Con figuration a nd User Gui de 68 po rt. The initial negotiati on involves commu nication b etween broadcast addresses (on some ph ases sender will u se source address o f 0. 0.0.0 and/or destinati on address o f 255.255. 255.255 ). You shou ld be aware of this w hen bu[...]

118 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If host-name pr operty is not specified, client's sy stem identity wi ll be sent in th e respective f ield of DHCP request. If client-i d property is not speci fied, client's MAC address will be sent in the re spe[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 119 RouterOS v3 Con figuration a nd User Gui de • specified, rx -rate is as tx- rate too. Same goes for tx- burst-rate an d tx -burst- threshold and tx -burst- time. • If b oth rx-bu rst-thresho ld and tx- burst-thre shold are n ot spe cified (bu t burst -rate is specified), r x- ra[...]

120 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de the sour ce-address is left as 0 .0.0 .0 , then the static address will be u sed. If there are multiple ad dresses on the in terface, an address in the same sub net as the range of given ad dresses should be used use-radius (yes | no; defa[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 121 RouterOS v3 Con figuration a nd User Gui de Property Description store-leases-dis k (time-interv al | immediate ly | never; defau lt: 5min ) - ho w freque ntly lease changes should be sto red on disk 6.1.5 DHCP Networks Submenu level: /ip dhcp-ser ver netw ork Property Description a[...]

122 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Note that the IP addresses as signed static ally are not pr obed. Property Description active-addres s ( read-only: IP address ) - actual IP address f or th is lease active-c lient-id ( read-only: text ) - actual clien t-id of the clie nt [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 123 RouterOS v3 Con figuration a nd User Gui de Example To assign 10.5 .2.100 st atic IP address for th e existing DHC P client (sh own in th e lease table as item #0) : [admin@AT-WR 4562] ip dhcp -server lease > print Flags: X - d isabled, R - radius, D - d ynamic, B - bl ocked # AD[...]

124 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description code ( integer : 1..25 4) - dhcp o ption code. A ll codes are available at http://www.iana.or g/assignme nts/boo tp-dhcp-p arameters name ( name ) - des criptive name of the op tion value ( text ) - p arameter's v[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 125 RouterOS v3 Con figuration a nd User Gui de Example To add a DH CP relay named relay on ether1 interface resendin g all rece ived requests to the 10.0.0.1 DHCP server: [admin@AT-WR 4562] ip dhcp -relay> add n ame=relay inte rface=ether1 ... dhcp-se rver=10.0.0.1 disabled=no [a[...]

126 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de The wizard h as made the follo wing configur ation based on t he answe rs above: [admin@AT-WR 4562] ip dhcp -server> prin t Flags: X - d isabled, I - invalid # NAME INT ERFACE RELAY ADDR ESS-POOL LEAS E-TIME ADD-AR P 0 dhcp1 eth er1 0.0[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 127 RouterOS v3 Con figuration a nd User Gui de IP addresses of D HCP-Rela y : [admin@DHCP- Relay] ip add ress> print Flags: X - d isabled, I - invalid, D - dynamic # ADDRESS N ETWORK BROADCAST INTERFACE 0 192.168 .0.1/24 1 92.168.0.0 192.168.0.25 5 To-DHCP-S erver 1 192.168 .1.1/24 [...]

128 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de [DHCP-Server] Local 192.168.0.1/24 Public 10.1.0.2/24 Internet RADIUS Server 172.16.0.2/24 To - Radius 172.16.0.1/24 Local Network Address Range : 19 2.168.0.0/24 Figure 19: DHC P with RA DIUS We assume th at you already have installed Fre[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 129 RouterOS v3 Con figuration a nd User Gui de 6.2 DNS Client a nd Ca che Document revisi on: 1.2 (Fri Apr 15 17:37: 43 GMT 2005) Applies to: V2.9 6.2.1 Gener a l Information Summar y DNS cache is u sed to minimize DNS requ ests to an e xternal DNS server as we ll as to minimize DNS re[...]

130 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To set 159.1 48.60.2 as the pr imary DNS server and allow the rout er to be used as a DN S server, do the following: [admin@AT-WR 4562] ip dns> set primary- dns=159.148.60 .2 ... allow-r emote-request s=yes [admin@AT-WR 4562][...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 131 RouterOS v3 Con figuration a nd User Gui de Description The Router OS has an embed ded DNS ser ver feature in DNS cache. It a llows you t o link the particular dom ain names with the resp ective IP addresses an d advertize th ese links to t he DNS client s using the rou ter as their[...]

132 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 7 AAA Conf ig uration 7.1 RADIUS cli ent Document revisi on: 1.6 (February 14, 200 7, 12:00 GMT) Applies to: V2.9 7.1.1 Gener a l Information Summar y This document provides info rmation abou t Route rOS built-in RADIUS client configurat i[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 133 RouterOS v3 Con figuration a nd User Gui de domain ( text ; defau lt: "" ) - M icrosoft Win dows doma in of client passed to RADIUS ser vers t hat require domain validation realm ( text ) - exp licitly stated real m (user dom ain), so the users do not have to prov ide prop[...]

134 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de port ( integer ; defau lt: 1700 ) - The p ort numb er to listen f or the reque sts on     RouterOS doesn't support POD ( Packet of Disconnect) the other RADIUS a ccess reques t packet t hat performs a simil ar function as [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 135 RouterOS v3 Con figuration a nd User Gui de • NAS-Port-Id - async PPP - serial port name; PPPoE - ethernet interface name on which se rver is running; HotSpot - name of th e physical HotSpot interface (if b ridged, th e b ridge port name is showed here ); not pre sent for ISDN, PP[...]

136 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de you should firs t cre ate a ppp chain and make jum p r ules that would put actual traffic to this chain). The same app lies for HotSp ot, but t he rules will be create d in hotspot cha in • Mikrotik-Mark- Id - f irewall mangle chain n am[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 137 RouterOS v3 Con figuration a nd User Gui de instances may b e send by RADIUS ser ver to sp ecify add itional URLs wh ich are choo sen in r ound robin fashion . • Mikrotik-Ad vertise-Inter val - Time interval between tw o adjacent advertisement s. Mu ltiple attribute inst ances ma [...]

138 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Change of Autho rization RADIUS d isconnect and Change of Auth orization ( according to RFC3576) are supported as well. These attributes may be changed b y a CoA req uest from t he RADIUS server: • Mikrotik-Group • Mikrotik-Recv-Limit [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 139 RouterOS v3 Con figuration a nd User Gui de Name VendorID Value RFC where it i s defined Called-Station-Id 30 RFC2865 Calling-Station-Id 31 RFC2865 CHAP-Challen ge 60 RFC2866 CHAP-Password 3 RFC2865 Class 25 RFC2865 Filter-Id 11 RFC2865 Framed-IP-Address 8 RFC2865 Framed-IP-Net mask[...]

140 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Name VendorID Value RFC where it i s defined MS-CHAP2-Succes s 31 1 26 RFC2548 MS-MPPE-Encrypt ion-Policy 311 7 RFC25 48 MS-MPPE-Encrypt ion-Types 311 8 RFC2548 MS-MPPE-Recv- Key 311 1 7 RFC25 48 MS-MPPE-Send- Key 311 16 RFC2548 NAS-Identi[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 141 RouterOS v3 Con figuration a nd User Gui de 7.2 PPP User A AA Document revisi on: 2.5 (Fri Jul 07 14:52:59 GMT 2006) Applies to: V2.9 7.2.1 Gener a l Information Summar y This document provides summary, conf iguration ref erence and examples on PPP user mana gement. Th is includes a[...]

142 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de default - derive this value fro m the inte rface default profile; same as no if t his is the int erface default profile dns-server ( IP addr ess {1,2} ) - IP address o f the DNS server to sup ply to clients idle-ti meout ( time ) - specifi[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 143 RouterOS v3 Con figuration a nd User Gui de     There are two defaul t profil es that cannot be remo ved: [admin@rb13] ppp profile> print Flags: * - d efault 0 * name="default" use-compression =default use-vj-compression=defa ult use- encryption=d efault onl[...]

144 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de routes ( text ) - rou tes that ap pear on t he server wh en the client is con nected. The rou te format is: d st- address [[gat eway] [metr ic]] (for example , 10.1.0.0/24 10.0.0.1 1 ). Several routes may be specified separated with co mma[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 145 RouterOS v3 Con figuration a nd User Gui de 7.2.5 PPP User Remote AA A Submenu level: /ppp aaa Property Description accounting (yes | no; default : yes ) - enable R ADIUS accou nting interim-updat e ( time ; defaul t: 0s ) - Inte rim-Update time inte rval use-radius (yes | no; defau[...]

146 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 7.3.2 Router User Gr oups Submenu level: /user group Description The rout er u ser grou ps provide a convenien t way to assign different pe rmissions and access right s to different u ser classes. Property Description name ( name ) - th e [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 147 RouterOS v3 Con figuration a nd User Gui de Example To add rebo ot group t hat is allowed to reboot the ro uter locally or using t elnet, as well as rea d the router' s configuration, ent er the follow ing command: [admin@rb13] user group> add name=rebo ot policy=teln et,reb[...]

148 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To add user joe w ith passwor d j1o2e3 belongin g to write grou p, enter t he following co mmand: [admin@AT-WR 4562] user> a dd name=joe p assword=j1o2e3 group=write [admin@AT-WR 4562] user> p rint Flags: X - d isabled 0 ;;; [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 149 RouterOS v3 Con figuration a nd User Gui de use-radius (yes | no; default: no ) - specifies wh ether a use r database on a R ADIUS serve r shou ld be consulted     The RADIUS user da tabase is q ueried only if the required us ername is no t found in the local u ser datab[...]

150 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8 VPNs and T u nneling 8.1 EoIP Document revisi on: 1.4 (Fri Nov 04 20: 53:13 GMT 2005) Applies to: V2.9 8.1.1 Gener a l Information Summar y Ethern et over IP (EoIP) Tu nneling is a RouterOS protocol that creates an Ethern et tunnel betwe[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 151 RouterOS v3 Con figuration a nd User Gui de The EoIP inte rface appears as an Ether net interface under t he interf ace list. This interf ace support s all fe atures of an Eth ernet inte rface. IP addresses and other tunnels may b e run over the int erface. The EoIP prot ocol e ncap[...]

152 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.1.3 EoIP Application Ex ample Description Let us assume we want to bridge tw o networks: 'Office LAN' and 'Remot e LAN'. The network s are connected to an I P net work th rough th e rout ers [Our_GW] and [Rem ote]. Th[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 153 RouterOS v3 Con figuration a nd User Gui de Configure the E oIP tunnel b y adding the eoip t unnel interfaces at b oth rout ers. Use the ip addresses of the pp tp tunnel interf aces when spe cifying the argument values f or the Eo IP tunnel: [admin@Our_G W] interface eoip> add na[...]

154 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.2 Interface Bond ing Document revisi on: 1.1 (oct-26-2004) Applies to: V2.9 8.3 General In formation 8.3.1 Summar y Bonding is a technolo gy that allows to aggregate multiple e therne t-like int erfaces into a single virtual link, thus g[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 155 RouterOS v3 Con figuration a nd User Gui de Description To provide a prop er failover, you should specify link-moni toring paramet er. It can be : • MII (Media Indepe ndent Interface) type 1 or type2 - Me dia In dependen t Int erface is an ab stract layer between the op erating sy[...]

156 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de name ( name ) - descriptive na me of bon ding interface primary ( name ; default: non e ) - Int erface is used as prim ary outp ut media. If prim ary interface fa ils, only then ot hers slaves will be use d. This v alue works only with mod[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 157 RouterOS v3 Con figuration a nd User Gui de Office2 configu ration: [admin@offic e2] interface > print Flags: X - d isabled, D - dynamic, R - running # NAME TYP E RX-RATE TX -RATE MTU 0 R isp2 eth er 0 0 1500 1 R isp1 eth er 0 0 1500 [admin@offic e2] interface > /ip add pri nt[...]

158 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Bonding co nfiguratio n for Office1 [admin@offic e1] interface bonding> add slaves=eoip-t unnel1,eoip-t unnel2 [admin@offic e1] interface bonding> pri nt Flags: X - d isabled, R - running 0 R name=" bonding1" mtu =1500 mac-[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 159 RouterOS v3 Con figuration a nd User Gui de Add an IPIP inter face (by def ault, its name w ill be ipip1 ): [admin@10.5. 8.104] interf ace ipip> add local-address =10.5.8.104 remote-addre ss=10.1.0.172 disabled=no Add an IP address to create d ipip1 inter face: [admin@10.5. 8.1[...]

160 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Use /ip address ad d command to assign an IP add ress to the IPIP interface. There is no authentica tion or 'st ate' for this int erface. The band width usage of th e interface ma y be monitored with the monitor f[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 161 RouterOS v3 Con figuration a nd User Gui de Now both routers can p ing each other: [admin@AT-WR 4562] interfa ce ipip> /pin g 1.1.1.2 1.1.1.2 64 b yte ping: ttl =64 time=24 m s 1.1.1.2 64 b yte ping: ttl =64 time=19 m s 1.1.1.2 64 b yte ping: ttl =64 time=20 m s 3 packets tr ansm[...]

162 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP AAA Configur ation EoIP IP Security Additional Resour ces http://www.linu xguide.it/docs.p hp?Ne tworking:VPN:IPSec% 2FL2TP http://en.wikip edia.org/wiki/L2 tp Description L2TP is a secure tunn el p ro[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 163 RouterOS v3 Con figuration a nd User Gui de mrru ( integer : 512 ..65535 ; default: disabled ) - maximum p acket size t hat can be rece ived on the link. If a packet is bigger th an tunn el MTU, it will be sp lit into multip le packets, allowing full size I P or Eth ernet packets to[...]

164 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.5.4 L2TP Ser ver Setup Submenu level: /interface l 2tp-server ser ver Description The L2 TP server creates a dy namic in terface for each connected L2TP client. Th e L2 TP conn ection count from clients depends on the license level you h[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 165 RouterOS v3 Con figuration a nd User Gui de so if you need a persiste nt rules fo r that u ser, create a static entry for him/her . Otherwise it is safe t o use dynamic configur ation.     In both cases PPP u sers must be configured pr operly. Property Description client[...]

166 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.5.6 L2TP Application E xamples Router -to-Router Secure T unnel Example W ISP#1 192.168.8 0.0/24 W ISP# 2 192.168.8 1.0/24 Home Office To Intern et 192.168.8 0.1/24 LAN 10.150.2. 254/24 Remote Offic e To Intern et 192.168.8 1.1/24 LAN 10[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 167 RouterOS v3 Con figuration a nd User Gui de And finally, the server must b e enabled: [admin@HomeO ffice] interf ace l2tp-serv er server> set enabled=yes [admin@HomeO ffice] interf ace l2tp-serv er server> pri nt enabled: yes mtu: 1460 mru: 1460 authent ication: msch ap2 defau[...]

168 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de On the L2 TP server it can alt ernatively b e done using r outes paramete r of the u ser configuration: [admin@HomeO ffice] ppp se cret> print d etail Flags: X - d isabled 0 name=" ex" service=l 2tp caller-id ="" pas[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 169 RouterOS v3 Con figuration a nd User Gui de ISP#1 192 .168.80.0/24 W ISP# 2 192 .168.81.0/2 4 Remote Off ice To Int ernet 192 .168.81.1/2 4 LAN 10.15 0.1.254/2 4 192.168.80 .111/24 1 0 .1 50 . 1 . 1 /24 Big Internet Encrypted L2T P tun nel To Office 10.150 .1.2/32 From Laptop 10.150[...]

170 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Finally, the pro xy APR must b e enabled on the 'Office' in terface: [admin@Remot eOffice] inte rface etherne t> set Office arp=proxy-arp [admin@Remot eOffice] inte rface etherne t> print Flags: X - d isabled, R - running #[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 171 RouterOS v3 Con figuration a nd User Gui de Generally sp eaking, PPPoE is used t o hand out IP addresses to clients based on the user (and workst ation, if desired) authen tication as opp osed to workstation only authe ntication, when static IP a ddresses or DHCP are used. It is adv[...]

172 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Related T opic s IP Addresses and ARP RADIUS client PPP User AA A Log Management Additional Resour ces Links for PPPoE documentati on: http://www.f aqs.org/rfcs/rfc2 516.ht ml PPPoE Clients: RASPPPoE for Windows 95 , 98, 98SE , ME, NT4, 20[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 173 RouterOS v3 Con figuration a nd User Gui de Example To add and enable PPPoE clie nt on the gig interf ace connecting to the AC that p rovides testSN ser vice using user name j ohn with the password pa ssword : [admin@Remot eOffice] inte rface pppoe-c lient> add int erface=gig [...]

174 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If no service name is specified i n WindowsXP, it will use only servi ce with no name . So if you want to serve WindowsXP cli ents, leave your service na me empty. Property Description authenticat ion ( multiple choi ce: ms[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 175 RouterOS v3 Con figuration a nd User Gui de 8.6.5 PPPoE Users Description The PPPoE users are auth enticated th rough a RADIUS server (if conf igured), and if RADI US fails, th en the local PPP user databese is use d. See the r espective manu al section s for more inf ormation: • [...]

176 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.6.7 Application Exampl es PPPoE in a multipoint wireles s 802.11g network In a wireless n etwork, the PPPoE s erver may be attached to an Ac cess Point (as well as to a re gular station of wireless inf rastructure) . E ither our RouterOS[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 177 RouterOS v3 Con figuration a nd User Gui de Now, configure th e Ethe rnet interface, add the IP address and set th e default rout e: [admin@PPPoE -Server] ip a ddress> add a ddress=10.1.0. 3/24 interfac e=Local [admin@PPPoE -Server] ip a ddress> print Flags: X - d isabled, I -[...]

178 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 8.6.8 T roubleshooting Description I can connect to my PPPo E server. Th e ping go es even through it, bu t I still ca nnot open w eb pages Make sure that you have spe cified a valid DNS s erver in the r outer ( in /ip dns or in /ppp p rof[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 179 RouterOS v3 Con figuration a nd User Gui de Quick Setup Guide To make a P PTP tunne l between 2 RouterOS routers with IP addresses 10.5 .8.104 (PPTP se rver) and 10.1.0.172 (PPTP client), follo w the next steps. Configuratio n on PPTP serv er router: Add a user: [admin@PPTP- Server][...]

180 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Additional Resour ces http://msdn.mi crosoft.com/lib rary/backgrnd/ht ml/underst anding_ppt p.htm http://sup port.microsoft.com/ suppo rt/kb/articles/q162/8 /47.asp http://sup port.microsoft.com/ kb/154 062/en-us http://www.iet f.org/rfc/r[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 181 RouterOS v3 Con figuration a nd User Gui de 8.7.3 Monitoring PPTP C lient Command name: /interface pptp-cli ent monitor Property Description encoding ( text ) - e ncryption and encoding (if asymmetric , separated with '/') being use d in t his connection idle-ti me ( read-[...]

182 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     Specifying MRRU means enabling MP ( Multilink PPP) over singl e link. This prot ocol is us ed to split big packets into smaller on es. Under Windows it can be e nabled in Networ king tag, Settin gs button, "Negotiate m[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 183 RouterOS v3 Con figuration a nd User Gui de Example To add a static en try for ex1 us er: [admin@AT-WR 4562] interfa ce pptp-serve r> add user=ex 1 [admin@AT-WR 4562] interfa ce pptp-serve r> print Flags: X - d isabled, D - dynamic, R - running # NAME USER MTU CLIE NT-ADDRESS [...]

184 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Then the user shou ld be added in the PP TP server list: [admin@HomeO ffice] interf ace pptp-serv er> add user=e x [admin@HomeO ffice] interf ace pptp-serv er> print Flags: X - d isabled, D - dynamic, R - running # NAME USER MTU CLIE[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 185 RouterOS v3 Con figuration a nd User Gui de On the PPTP server it can alt ernatively be don e using rout es parameter of the user configuration: [admin@HomeO ffice] ppp se cret> print d etail Flags: X - d isabled 0 name=" ex" service=p ptp caller-id ="" passwo[...]

186 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de [ Remote Office ] 192.168.81.1/24 Internet ISP #2 192.168.81.0/ 24 ISP #1 192.168.80.0/ 24 192 .1 68 . 80 . 111 / 24 10.150.1.1 /24 10.150.1.25 4/24 To RemoteOffice 10.150.1.1/32 Tunnel_To_Home Office 10.150.1.25 4/32 Encrypted PPTP Tunnel[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 187 RouterOS v3 Con figuration a nd User Gui de Finally, the pro xy APR must b e enabled on the 'Office' in terface: [admin@Remot eOffice] inte rface etherne t> set Office arp=proxy-arp [admin@Remot eOffice] inte rface etherne t> print Flags: X - d isabled, R - running #[...]

188 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Description IPsec (IP Security) su pports se cure (encrypte d) communicati ons over IP net works. Encryption After packet is sr c-natted (if n eeded), but befo re puttin g it into interf ace queue , IPsec p olicy d atabase is consulted to [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 189 RouterOS v3 Con figuration a nd User Gui de • Phase 2 - The peers establish one or more SAs that will b e used by IPsec to encr ypt data. All S As established by IKE daemon w ill have lifetime value s (either limitin g time, after which S A will become invalid, or amount of data t[...]

190 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de large packets with don't fragm ent flag will no t be able to pass the r outer inherit - do not change the f ield set - set the f ield, so that eac h packet matchin g the rule wil l not be f ragmented. Not re commen ded dst-address ( I[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 191 RouterOS v3 Con figuration a nd User Gui de Example To ad d a policy to encrypt all th e traffic bet ween t wo hosts (1 0.0.0.147 and 1 0.0.0.14 8), we n eed do the following: [admin@WiFi] ip ipsec pol icy> add sa-s rc-address=10. 0.0.147 ... sa-dst- address=10.0. 0.148 action[...]

192 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de lifeti me ( time ; default: 1d ) - phase 1 lifet ime: specifies how long the SA wi ll be valid; S A will be disc arded after this time nat-traversal (yes | no; defa ult: no ) - use Linux NAT-T m echanism to sol ve IPsec incomp atibility wi[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 193 RouterOS v3 Con figuration a nd User Gui de remote-addre ss ( read-only: I P address ) - p eer's IP address side ( multiple choic e, read-only: in itiator | respo nder) - show s which side init iated the conn ection initiator - ph ase 1 negotiatio n was started b y this rout er[...]

194 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Sample printou t looks as follo ws: [admin@WiFi] ip ipsec> in stalled-sa pr int Flags: A - A H, E - ESP, P - pfs 0 E spi= E727605 src-a ddress=10.0.0 .148 dst-addre ss=10.0.0.147 auth -algorithm=sh a1 enc-algori thm=3des repla y[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 195 RouterOS v3 Con figuration a nd User Gui de Example To flush all the S As installed: [admin@AT-WR 4562] ip ipse c installed-s a> flush [admin@AT-WR 4562] ip ipse c installed-s a> print [admin@AT-WR 4562] ip ipse c installed-s a> 8.8.7 Application Exampl es RouterOS Router t[...]

196 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de for Router1 [admin@Route r1] > ip ipse c manual-sa a dd name=ah-sa1 ... ah-spi= 0x101/0x100 a h-key=abcfed [admin@Route r1] > ip ipse c policy add src-address=10 .1.0.0/24 ... dst-add ress=10.2.0.0 /24 action=en crypt ipsec-pr [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 197 RouterOS v3 Con figuration a nd User Gui de configure IPsec for Router1 [admin@Route r1] > ip ipse c policy add src-address=10 .1.0.0/24 ... dst-add ress=10.2.0.0 /24 action=en crypt tunnel=y es ... sa-src- address=1.0.0 .1 sa-dst-add ress=1.0.0.2 [admin@Route r1] > ip i[...]

198 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 9 Fir ewall and QoS 9.1 Filter Document revisi on: 2.7 (Fri Nov 04 16: 04:37 GMT 2005) Applies to: V2.9 9.1.1 Gener a l Information Summar y The firewall implements p acket filtering and thereby provides security fun ctions that are used t[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 199 RouterOS v3 Con figuration a nd User Gui de RouterOS has very powerfu l firewall implement ation with fe atures including: • stateful packet filte ring • peer-to-p eer protocols filterin g • traffic classification by: source MAC ad dress IP addresses (net work or list) and add[...]

200 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Property Description action (accept | add-dst-to -address-list | add-src-t o-addres s-list | drop | jump | log | pa ssth rough | reject | return | tarpit; default: acc ept ) - action to un dertake if the packet mat ches the ru le accept - [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 201 RouterOS v3 Con figuration a nd User Gui de unicast - IP addres ses used f or one p oint to anot her point transmission. There is only o ne sender and one receiver in th is case local - matches a ddresses ass igned to route r's interfaces broadcast - th e IP packet is sent fr o[...]

202 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de time - sp ecifies the time in terval over which t he packe t rate is measur ed burst - number of packets to match in a bu rst log-prefix ( tex t ) - all messa ges writte n to logs will cont ain the prefix spe cified herein. Used in conjunc[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 203 RouterOS v3 Con figuration a nd User Gui de tcp-flags (ack | cwr | ece | f in | psh | rst | syn | ur g) - tcp flags to match ack - acknowled ging data cwr - congestion w indow re duced ece - ECN- echo flag (explicit congestion n otification) fin - close conn ection psh - push fu nct[...]

204 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Make jumps to n ew chains: add chain=fo rward protoco l=tcp action= jump jump-targ et=tcp add chain=fo rward protoco l=udp action= jump jump-targ et=udp add chain=fo rward protoco l=icmp action =jump jump-tar get=icmp Create tcp chain and [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 205 RouterOS v3 Con figuration a nd User Gui de Submenu level: /ip firewall mangle Standards and Te chnologies: IP Hardware usage : Increases wi th count of man gle rules Related T opic s • IP Addresses and ARP • Routes, Equ al Cost Multipath Routing, Polic y Routing • NAT • Fil[...]

206 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de chain (forwar d | input | output | p ostrouting | pr erouting) - specify the cha in to pu t a particular rule in to. As the differen t traffic is passe d through different chains, always be carefu l in choosin g the right chain for a new r[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 207 RouterOS v3 Con figuration a nd User Gui de that particular clien t local-dst - tru e, if a packet h as local destin ation IP a ddress to-clie nt - true, if a packet is sent to a client icmp-option s ( integer : integ er ) - match ICM P Type:Code f ields in-bridge-port ( na me ) - a[...]

208 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de every - match e very every +1 th p acket. For example, if every=1 th en the r ule matches every 2n d packet counter - specifies w hich co unter t o use. A counte r increments each time the rule con taining nth match matches packet - match [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 209 RouterOS v3 Con figuration a nd User Gui de rst - drop conn ection syn - new conne ction urg - urgent dat a tcp-mss ( integ er : 0..65535 ) - matches TCP MSS value of an IP packet time ( time - time ,s at | fri | thu | wed | tue | mo n | sun{ +}) - allows to create f ilter based on [...]

210 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Change MSS It is a well kn own fact t hat VPN links h ave smaller pack et s ize due to incapsulation o verhead. A large packet with MSS that e xceeds the MSS of th e V PN link should be fragmented prior to sending it via that kind of conne[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 211 RouterOS v3 Con figuration a nd User Gui de The packet flow t hrough th e route r is depicted in the follo wing diagram : Figure 32: Pac ket Flow Di agram As c an b e seen on the diagram, there are five chains in the processin g pip eline. These are prerouting , input , forward , ou[...]

212 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Routed traffi c The traffic re ceived for the rou ter's M AC address on th e respe ctive port, is passed to the routing procedures and can be of one of th ese four t ypes: • the traffic which is destined to the route r it self. The [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 213 RouterOS v3 Con figuration a nd User Gui de Property Description assured ( read-onl y: true | false ) - shows wh ether re play was seen fo r the last packet mat ching this ent ry connection-mar k ( read-only: t ext ) - Conn ection mark set in mangle dst-address ( read-onl y: IP addr[...]

214 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de max-entries ( re ad-only: integ er ) - the maximu m number o f conn ections the connection state table can contain, depends on an amou nt of to tal memory tcp-close-t imeout ( time ; def ault: 10s ) - maxim al amount o f time conn ection t[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 215 RouterOS v3 Con figuration a nd User Gui de 9.3.6 Gener a l Fir ew all Information Description ICMP TYPE:CO DE values In or der to protect your rout er and atta ched pri vate netw orks, you n eed to con figure firew all to drop o r reject most of ICMP tr affic. However, some I CMP p[...]

216 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de widely ab used f or u nlicensed software and media destribution . Even wh en it is use d for legal p urposes, p2p may he avily di sturb oth er net work traffic, su ch as ht tp and e-m ail. RouterOS is able to recognize connections o f the [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 217 RouterOS v3 Con figuration a nd User Gui de 9.4.2 NA T Description Network Address Translation is an Int ernet standard that allow s host s on local are a net works to u se one set of IP addresses for in tern al commun ications and another set of IP a ddresses for external communica[...]

218 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de address-list p arameter add-src-to-addre ss-li st - adds source ad dress of an IP p acket to the address list sp ecified by add ress- list parameter dst-nat - repla ces destination address of an IP packet to values sp ecified by to-addre s[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 219 RouterOS v3 Con figuration a nd User Gui de dst-limit ( integer / time {0,1} , integer ,dst-address | dst-port | sr c-address{ +}, time {0,1}) - limits the packet per second (pps) rate on a per destination IP or p er destination port base. As opp osed to the lim it match, every dest[...]

220 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de every - match e very every +1 th p acket. For example, if every=1 th en the r ule matches every 2n d packet counter - specifies w hich co unter t o use. A counte r increments each time the rule con taining nth match matches packet - match [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 221 RouterOS v3 Con figuration a nd User Gui de 9.4.3 NA T Applications Description In this section some NAT app lications and ex amples of them are discussed. Basic NAT confi guration Assume we want t o create ro uter that: "hides" the p rivate LAN "behi nd" one a d[...]

222 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10 Hot Spot Ser vice 10.1 HotSpot Gatewa y Document revisi on: 4.2 (Tue Jul 04 14:49:38 GMT 2006) Applies to: V2.9 10.1.1 Gener al Information Summar y The Rou terOS Hot Spot Gatew ay enables p roviding of public network acces s for client[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 223 RouterOS v3 Con figuration a nd User Gui de [HotSpot Gat eway] WAN/LAN Interf ace Internet RADIUS HotSpot Interf ace Figure 34: HotS pot exam ple network The Hot Spot int erface shou ld have an IP address ass igned to it. Physic al network connection has to be established betw een t[...]

224 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Before the au thentication When enablin g H otSpot on an int erface, the s ystem auto matically set s up ever ything needed to sh ow login pa ge fo r all clients that are not lo gged in. Th is is d one by adding dynamic dest ination NAT ru[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 225 RouterOS v3 Con figuration a nd User Gui de amount of time pe r MAC address to be freely used with some limitations imp osed by the provided u ser profile. In case the M AC address still has som e trial time unu sed, the login pa ge will con tain th e link for trial login. The time [...]

226 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • /ip hotspot ser vice-port - a ddress translation helpers fo r the one-to- one NAT • /ip hotspot walled-garden - Walled G arden rules at HTTP level ( DNS names, HTTP reque st substrin gs) • /ip hotspot wal led-garden ip - Walled Gar[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 227 RouterOS v3 Con figuration a nd User Gui de 10.1.3 HotSpot In terfac e Setup Submenu level: /ip hotspot Description HotSpot system is put on in dividual interfa ces. You can ru n comp letely diff erent HotSpot con figurations on different interfaces Property Description HTTPS ( read[...]

228 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.1.4 HotSpot S er ver Pr ofiles Submenu level: /ip hotspot p rofile Property Description dns-name ( text ) - DNS name of the HotSpot server. This is th e DNS name used as the n ame of the HotSpot server (i.e., it appe ars as the location[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 229 RouterOS v3 Con figuration a nd User Gui de smtp-server ( IP addr ess ; def ault: 0.0. 0.0 ) - default SM TP server to b e used to redire ct uncondition ally all user SMTP requ ests to split-user-domai n (yes | no; default: no ) - wh ether to split us ername from dom ain name wh en [...]

230 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     There can be mul tiple cookies w ith the same M AC address. For example, there will be a separate cookie for each web brows er on the same c omputer. Cookies can expire - that's the w ay how it is supp osed to be. Defa[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 231 RouterOS v3 Con figuration a nd User Gui de Example To allow unaut horized req uests to t he www.e xample.com domain 's /paynow.html page: [admin@AT-WR 4562] ip hots pot walled-ga rden> add path ="/paynow.htm l" ... dst-hos t="www.exampl e.com" [admin@[...]

232 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     This is an ordered lis t, so you can put more specifi c entries on th e top of th e list for them to o verride more common rule s that appear lower. You can even put an en try with 0.0.0. 0/0 addres s at the end of the list[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 233 RouterOS v3 Con figuration a nd User Gui de Property Description name ( read-only : name ) - prot ocol name ports ( read-only: int eger ) - list of the ports on w hich the protocol is workin g Example To set the FTP pr otocol uses both 2 0 and 21 TCP port : [admin@AT-WR 4562] ip hot[...]

234 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de All o ther packets ex cept DNS and lo gin requests fr om unauthorized clients sho uld pass thro ugh the hs- unauth chain 7 D chain=ho tspot action= jump jump-tar get=hs-auth ho tspot=auth pr otocol=tcp And packets fro m the auth orized cli[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 235 RouterOS v3 Con figuration a nd User Gui de Packet filter rule s From /ip firewal l filt er print dynamic command, you can get so mething like this (commen ts follow after each of the rules): 0 D chain=fo rward action= jump jump-tar get=hs-unauth hotspot=from- client,!auth Any packe[...]

236 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.3.10 Customi zing HotSpot: HTTP Serv let P ages Description You can create a complet ely different set of servlet pa ges for each HotSpo t s erver you have, specifyin g the directory it will be sto red in html-direc tory propert y of a [...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 237 RouterOS v3 Con figuration a nd User Gui de if user is logged in, rstatus.htm l is displayed; if rstatus.htm l is not fo und, redirect.html is used to redirect to the status page if user is not logged in , rlogin.html is displayed; if rlogin. html is not found, re direct.html is use[...]

238 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de server-name - Hot Spot serv er name (set in the /ip hotsp ot menu, as th e name pro perty) Links: link-logi n - link to login page including ori ginal URL requ ested ("http://10.5 .50.1/login?dst=htt p://www.example. com/") link-[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 239 RouterOS v3 Con figuration a nd User Gui de radius<id>u - show the attri bute iden tified with <id> in unsigned integer f orm (in case RADIUS authent ication was used; "0" o therwise ) radius<id>-<v nd-id> - show the attrib ute identified wit h <[...]

240 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de     If you want to us e HTTP-CHAP authentication me thod it is supp osed that you incl ude the doLog in() function (which r eferences to th e md5.js which m ust be already loaded) before th e Submit ac tion of the login form. O[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 241 RouterOS v3 Con figuration a nd User Gui de (you should corre ct the link to point t o your server) • To erase the cook ie on logof f, in the page con taining link t o the logout (fo r example, in statu s.html) change: open('$(link -logout)', 'h otspot_logout '[...]

242 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de • Hotspot will ask RADIUS ser ver whethe r to allow the login or not. If n ot allowed, alogin .html page will be displaye d (it can be modified to do an ything!). If not allowed, flog in.html (or login.html) page will be displayed, wh ic[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 243 RouterOS v3 Con figuration a nd User Gui de RADIUS client non-fatal error s: • invalid username o r pa sswor d - RADIU S server has rejected th e username and pas sword sent to it wit hout specifying a r eason. Cause : either wro ng us ername and/or password, or ot her error. Solu[...]

244 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de If all fields has been filled in th e ip-b inding table and type h as been set to bypas sed , th en the IP a ddress of this ent ry will be accessible from pub lic interfaces immed iately: [admin@AT-WR 4562] ip hots pot ip-bindin g> prin[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 245 RouterOS v3 Con figuration a nd User Gui de advertise-url ( multiple choice: t ext ; default: htt p://www.all iedtelesis.c om/ ) - list of URL s to show as advertisement popup s. The list is cyclic, so w hen the last item reached, ne xt time th e first is shown idle-ti meout ( time [...]

246 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 10.4.3 HotSpot U ser s Submenu level: /ip hotspot u ser Property Description address ( IP addre ss ; default: 0 .0. 0.0 ) - static IP address. If not 0. 0.0.0 , client w ill always get th e same IP address. A confi gured address implies, t[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 247 RouterOS v3 Con figuration a nd User Gui de Example To add user ex with password ex that is allowed to log in on ly with 01:23:45:67 :89:AB MAC address and is limited to 1 hour of work: [admin@AT-WR 4562] ip hots pot user> add name=ex passw ord=ex ... mac-add ress=01:23:45 :67[...]

248 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To get the list of active user s: [admin@AT-WR 4562] ip hots pot active> p rint Flags: R - r adius, B - bl ocked # USER ADD RESS UPTIME S ESSION-TIMEOU T IDLE-TIMEOU T 0 ex 10. 0.0.144 4m17s 5 5m43s [admin@AT-WR 4562] ip hots po[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 249 RouterOS v3 Con figuration a nd User Gui de 11 High A vailability pr otocols and techniqu es 11.1 VRRP Document revisi on: 1.5 (Mon Jul 10 16:51:20 GMT 2006) Applies to: V2.9 11.1.1 Gener al Information Summar y Virtual Router Redun dancy Prot ocol (VRR P) imple mentation in the Rou[...]

250 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de other configuration) active. A backup instance is no t 'ru nning', so all the settings attached to t hat inte rface is inactive. Property Description arp (disabled | en abled | pro xy-arp | reply-on ly; default: en abled ) - Ad d[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 251 RouterOS v3 Con figuration a nd User Gui de 11.1.3 Vir tual IP addr esses Submenu level: /ip vrrp ad dress Property Description address ( IP addre ss ) - IP addr ess belon gs to the virtu al router broadcast ( IP add ress ) - broadc asting IP address interface ( name ; default: def [...]

252 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de This example sh ows how to configure VRRP on the tw o rou ters sho wn on the diagram. The rou ters must have initial configuration : inte rfaces are enabled, e ach interface have approp riate IP address, and routing table is set correctl y[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 253 RouterOS v3 Con figuration a nd User Gui de Testing fail over Now, when we will disconne ct the master router, t he backup on e will switch to th e master s tate: [admin@AT-WR 4562] ip vrrp > print Flags: X - d isabled, I - invalid, R - running, M - m aster, B - ba ckup 0 RM name[...]

254 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example To make s ystem gen erate a supp ort outp ut file and sen t it auto matically to support@ex ample.com through t he 192.0.2. 1 smtp server in case of a software cr ash: [admin@AT-WR 4562] system watchdog> set auto-send-sup out=ye[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 255 RouterOS v3 Con figuration a nd User Gui de 12 Monitoring and Mana gement 12.1 Log Manag e ment Document revisi on: 2.3 (Mon Jul 19 07:23:35 GMT 2004) Applies to: V2.9 12.1.1 Gener al Information Summar y Various syste m e vents and s tatus information can be logged. L ogs can b e s[...]

256 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 12.1.3 Actions Submenu level: /system logg ing acti on Property Description disk-lines ( int eger ; default: 10 0 ) - numb er of records in lo g file saved on the disk (onl y if action target is set to disk ) disk-stop-on-full (yes | no; d[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 257 RouterOS v3 Con figuration a nd User Gui de Command Description print - shows lo g messages buffer - prints lo g messages t hat were save d in specified lo cal buffer follow - monitor system logs without-paging - p rints logs withou t paging file - saves the log informatio n on loca[...]

258 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Specifications Packages requ ired: system , p pp (optional) License requ ired: Level1 Submenu level: /snmp Standards and Te chnologies: SNMP (RFC 11 57) Hardware usage : Not signifi cant Related T opic s Software Package M anagemen t IP Ad[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 259 RouterOS v3 Con figuration a nd User Gui de Property Description active-fl ow-timeout ( time ; def ault: 30m ) - maximu m life-time of a flow cache-entries (1 k | 2k | 4 k | 8k | 1 6k | 32k | 64k | 128k | 256 k | 512k; default: 1k ) - number o f flows which can reside in the rout er[...]

260 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Some screensh ots from NTop program, which has gather ed Traffic-Flo w information from our router and displays it in ni ce graphs a nd statistics. For example, wh ere what kin d of traffic has flo wn: Figure 36: Host I nformati on Top thr[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 261 RouterOS v3 Con figuration a nd User Gui de Figure 38: Netw ork load profile by ti me Figure 39: Tra ffic Load by protocol[...]

262 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de 12.4 Graphin g Document revisi on: 1.1 (Wed Mar 15 09:46: 17 GMT 2006) Applies to: V2.9 12.4.1 Gener al Information Summar y Graphing is a t ool which is us ed for monitor ing various Ro uterOS p arameters over a period of time. Specificat[...]

AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers 263 RouterOS v3 Con figuration a nd User Gui de 12.4.3 Health Gr aphing Submenu level: /tool graphing health Description This submenu p rovides information about Rout erBoard's 'health' - voltage and t emperature . For this option, you h ave to install th e routerboard pa[...]

264 AT-WR4500 Series - IEE E 802.11abgh Ou tdoor Wireless R outers RouterOS v3 Con figuration a nd User Gui de Example Add a simple qu eue to Graph er list with simple-queue name queue1 , allow limit ed clients to access Grapher from web , store info rmation abou t traffic on disk: [admin@AT-WR 4562] tool gr aphing queue> add simple-qu eue=queue[...]