Working with Interfaces
Before configuring the IP addresses and routes please check the /interface menu to see the list of available interfaces. If you have Plug-and-Play cards installed in the router, it is most likely that the device drivers have been loaded for them automatically, and the relevant interfaces appear on the /interface print list, for example:
interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0R ether1 ether 1500
1R ether2 ether 1500
2R ether3 ether 1500
3R ether4 ether 1500
4R ether5 ether 1500
5R sync1 sync 1500
6R pc1 pc 1500
7R ether6 ether 1500
8R prism1 prism 1500
interface>
The interfaces need to be enabled, if you want to use them for communications. Use the /interface enable name command to enable the interface with a given name or number, for example:
interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 Xether1 ether 1500
0 Xether2 ether 1500
interface> enable 0
interface> enable ether2
interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME MTU TYPE
0R ether1 ether 1500
0R ether2 ether 1500
interface>
The interface name can be changed to a more descriptive one by using the /interface set command:
interface> set 0 name=Public
interface> set 1 name=Local
interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME MTU TYPE
0R Public ether 1500
0R Local ether 1500
interface>
Use of the 'setup' Command
The initial setup of the router can be done by using the /setup command which enables an interface, assigns an address/netmask to it, and configures the default route. If you do not use the setup command, or need to modify/add the settings for addresses and routes, please follow the steps described below.
Notes
The device drivers for NE2000 compatible ISA cards need to be loaded using the add command under the /drivers menu. For example, to load the driver for a card with IO address 0x280 and IRQ 5, it is enough to issue the command:
driver> add name=ne2k-isa io=0x280
driver> print
Flags: I - invalid, D - dynamic
# DRIVER IRQ IO MEMORY ISDN-PROTOCOL
0 D RealTek 8139
1 D Intel EtherExpressPro
2 D PCI NE2000
3 ISA NE2000 280
4 Moxa C101 Synchronous C8000
driver>
There are some other drivers that should be added manually. Please refer to the respective manual sections for the detailed information on how drivers are to be loaded.
Adding Addresses
Assume you need to configure the MikroTik router for the following network setup:
In the current example we use two networks:
The local LAN with network address 192.168.0.0 and 24-bit netmask 255.255.255.0 The router's address is 192.168.0.254 in this network.
The ISP's network with address 10.0.0.0 and 24-bit netmask 255.255.255.0 The router's address is 10.0.0.217 in this network.
The addresses can be added and viewed using the following commands:
ip address> add address 10.0.0.217/24 interface Public
ip address> add address 192.168.0.254/24 interface Local
ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.0.0.217/24 10.0.0.217 10.0.0.255 Public
1 192.168.0.254/24 192.168.0.0 192.168.0.255 Local
ip address>
Here, the network mask has been specified in the value of the address argument. Alternatively, the argument 'netmask' could have been used with the value '255.255.255.0'. The network and broadcast addresses were not specified in the input since they could be calculated automatically.
Notes
Please note that the addresses assigned to different interfaces of the router should belong to different networks.
Configuring the Default Route
You can see two dynamic (D) and connected ?routes, which have been added automatically when the addresses were added in the example above:
ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 DC 192.168.0.0/24 r 0.0.0.0 0 Local
1 DC 10.0.0.0/24 r 0.0.0.0 0 Public
ip route> print detail
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
0 DC dst-address=192.168.0.0/24 preferred-source=192.168.0.254
gateway=0.0.0.0 gateway-state=reachable distance=0 interface=Local
1 DC dst-address=10.0.0.0/24 preferred-source=10.0.0.217 gateway=0.0.0.0
gateway-state=reachable distance=0 interface=Public
ip route>
These routes show, that IP packets with destination to 10.0.0.0/24 would be sent through the interface Public, whereas IP packets with destination to 192.168.0.0/24 would be sent through the interface Local. However, you need to specify where the router should forward packets, which have destination other than networks connected directly to the router.
Example
In the following example the default route (destination 0.0.0.0, netmask 0.0.0.0) will be added. In this case it is the ISP's gateway 10.0.0.1, which can be reached through the interface Public:
ip route> add gateway=10.0.0.1
ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0S 0.0.0.0/0 r 10.0.0.1 1 Public
1 DC 192.168.0.0/24 r 0.0.0.0 0 Local
2 DC 10.0.0.0/24 r 0.0.0.0 0 Public
ip route>
Here, the default route is listed under #0. As we see, the gateway 10.0.0.1 can be reached through the interface 'Public'. If the gateway was specified incorrectly, the value for the argument 'interface' would be unknown.
Notes
You cannot add two routes to the same destination, i.e., destination-address/netmask! It applies to the default routes as well. Instead, you can enter multiple gateways for one destination. For more information on IP routes, please read the relevant topic in the Manual.
If you have added an unwanted static route accidentally, use the remove command to delete the unneeded one. You will not be able to delete dynamic (DC) routes. They are added automatically and represent routes to the networks the router connected directly.
Testing the Network Connectivity
From now on, the /ping command can be used to test the network connectivity on both interfaces. You can reach any host on both connected networks from the router.
Example
In the example below it's seen, hows does ping command work:
ip route> /ping 10.0.0.4
10.0.0.4 64 byte ping: ttl=255 time=7 ms
10.0.0.4 64 byte ping: ttl=255 time=5 ms
10.0.0.4 64 byte ping: ttl=255 time=5 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 5/5.6/7 ms
ip route>
ip route> /ping 192.168.0.1
192.168.0.1 64 byte ping: ttl=255 time=1 ms
192.168.0.1 64 byte ping: ttl=255 time=1 ms
192.168.0.1 64 byte ping: ttl=255 time=1 ms
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 1/1.0/1 ms
ip route>
The workstation and the laptop can reach (ping) the router at its local address 192.168.0.254, If the router's address 192.168.0.254 is specified as the default gateway in the TCP/IP configuration of both the workstation and the laptop, then you should be able to ping the router:
C:>ping 192.168.0.254
Reply from 192.168.0.254: bytes=32 time=10ms TTL=253
Reply from 192.168.0.254: bytes=32 time add action=masquerade out-interface=Public
ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=0.0.0.0/0:0-65535 dst-address=0.0.0.0/0:0-65535
out-interface=Public protocol=all icmp-options=any:any flow=""
connection="" content="" limit-count=0 limit-burst=0 limit-time=0s
action=masquerade to-src-address=0.0.0.0 to-src-port=0-65535
ip firewall src-nat>
Notes
Please consult the Firewall Manual for more information on masquerading.
Application Example with Bandwidth Management
Mikrotik RouterOS V2.7 offers extensive queue management.
Assume you want to limit the bandwidth to 128kbps on downloads and 64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by applying queues for outgoing interfaces regarding the traffic flow. It is enough to add two queues at the MikroTik router:
queue simple> add interface=Local max-limit=128000
queue simple> add interface=Public max-limit=64000
queue simple> print
Flags: X - disabled, I - invalid, D - dynamic
0 name="queue1" src-address=0.0.0.0/0 dst-address=0.0.0.0/0
interface=Local limit-at=0 queue=default priority=8 max-limit=128000
1 name="queue2" src-address=0.0.0.0/0 dst-address=0.0.0.0/0
interface=Public limit-at=0 queue=default priority=8 max-limit=64000
queue simple>
Leave all other parameters as set by default. The limit is approximately 128kbps going to the LAN (download) and 64kbps leaving the client's LAN (upload).
Notes
The queues have been added for the outgoing interfaces regarding the traffic flow.
Please consult the Queues Manual for more information on bandwidth management and queuing.
Application Example with NAT
Assume we have moved the server in our previous examples from the public network to our local one:
The server'would have been s address now is 192.168.0.4, and we are running web server on it that listens to the TCP port 80. We want to make it accessible from the Internet at address:port 10.0.0.217:80. This can be done by means of Static Network Address translation (NAT) at the MikroTik Router. The Public address:port 10.0.0.217:80 will be translated to the Local address:port 192.168.0.4:80. One destination NAT rule is required for translating the destination address and port:
ip firewall dst-nat> add action=nat protocol=tcp
dst-address=10.0.0.217/32:80 to-dst-address=192.168.0.4
ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=10.1.0.217/32:80 protocol=tcp icmp-options=any:any flow=""
src-mac-address=00:00:00:00:00:00 limit-count=0 limit-burst=0
limit-time=0s action=nat to-dst-address=192.168.0.4 to-dst-port=0-65535
ip firewall dst-nat>
Notes
Please consult the Firewall Manual for more information on NAT. http://www.cdnat.com/mikrotik/manual_2.7/Basic/Basic.html#ht63166021 我的也是 不需要这么麻烦吧?我已经搞好了,其实关键的两步是:
1.在IPRoutesnew route里添加ISP提供的光纤固定IP的网关。
2.在IPFirewallsource nat添加一条新的规则,所有的设置取默认值就行了。
页:
[1]