This is an old revision of the document!
Mikrotik
- Mikrotik script example
[admin@MikroTik] > :global a {x=1; y=2} [admin@MikroTik] > :set ($a->"x") 5 [admin@MikroTik] > :environment print a={x=5; y=2} /interface bridge port {:put [get [find interface=ether2] ]} .id=*7;.nextid=*8;auto-isolate=false;bpdu-guard=false;bridge=bridge-agp;broadcast-flood=true;debug-info= prio 0x8000 num ... # by id /interface bridge port {:put [get *7 ]} [admin@MikroTik] /interface bridge port> /interface bridge port {:put [get *7 ]} .id=*7;.nextid=*8;auto-isolate=false;bpdu-guard=false;bridge=bridge-agp;broadcast-flood=true;debug-info= prio 0x8000 num 2 .... print all key values of config [admin@MikroTik] /interface bridge port> /interface bridge port {:foreach k,v in=[get *7 ] do={:put ("$k=$v")}} .id=*7 .nextid=*8 auto-isolate=false bpdu-guard=false bridge=bridge-agp broadcast-flood=true debug-info= prio 0x8000 num 2 role:Dis (0) learn 0 forward 0 infoIs Dis edge 0 sendRSTP 1 proposing 0 agreed 0 agree 0 synced 1 isolate 0 newInfo 0 migration:CHK_RSTP tc:INACTIVE ptimes: Msg:1668247142 Max: 0 FD: 80 HT: 2004064648 pprio: RBI: 8000:0000 00000000 RPC: 0 BI: 8000:000000000000 tP: 0x0 rP: 0x0 dtimes: Msg:0 Max: 5120 FD: 3840 HT: 512 dprio: RBI: 8000:000000000000 RPC: 0 BI: 8000:000000000000 tP: 0x0 rP: 0x0 disabled=false</WRAP> * [[https://mikrotik.wiki/w/index.php?title=Лженастройки_и_ошибки_при_настройке_файрвола_на_MikroTik&utm_source=yandex&utm_medium=cpa-tg&utm_campaign=firewall&utm_content=mrakobesie&yclid=1839320034808692735 Лженастройки_и_ошибки_при_настройке_файрвола_на_MikroTik]] * https://www.youtube.com/watch?v=hFwqnH8c7A0 - http://mkrtk.ru/wbpfd - routing decision - diagram * https://pnetlab.com/pages/main - laboratory * статьи для начала * настройка с 0 * https://mikrotik.com/product/rb5009ug_s_in rb5009ug * |как правильно делать multi wan * Mikrotik Настройка двух Интернет-каналов (резервирование) * ДЛЯ ЧЕГО НЕОБХОДИМ MPLS * IPSEC https://asp24.ru/mikrotik/vpn/obzor-ipsec-v-mikrotik/ * – mikrotik queues * – mikrotik sip shaping https://mum.mikrotik.com/presentations/US16/presentation_3004_1462512668.pdf * – split dns ===== mikrotik simulating симуляция обучение ===== * https://www.eve-ng.net/ eve ===== mikrotik.configure.vip sip ===== * https://www.youtube.com/watch?v=_q1-_dNzlig&list=PLvQ2ZHtskbolPgUdIGHSk_Zk5D_OVDRoF&index=2 ===== mikrotik.packet sniffer tcpdump ===== * для работы torch + sniffer нужно отключить
hardware offload в bridge → ports → eth0 → hardware offload* https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration - если нужно перехватывать на уровне layer 2 - раздел “Packet flow with hardware offloading and MAC learning” * https://wiki.merionet.ru/seti/6/perexvat-paketov-na-mikrotik/ ==== Mikrotik security ==== * https://www.youtube.com/watch?v=FsCN6a65otM ==== Mikrotik logstash ==== * https://github.com/frap/logstash * https://archyslife.blogspot.com/2019/08/push-logs-and-data-into-elasticsearch_16.html ==== Microtik Примеры конфигурации ==== * interface wireless - отключать пользователей при падении уровня сигнала|# Создать access-list подключающийся только с определенным уровнем сигнала /interface wireless access-list add allow-signal-out-of-range=30s\ comment="connect only with good level" \ signal-range=-75..0 \ forwarding=no \ interface=wlan3-agp-zal4-captive add authentication=no \ comment="default disconnect" \ vlan-mode=no-tag \ forwarding=no \ interface=wlan3-agp-zal4-captive # Включить логирование событий вайфай /system logging add topics=wireless,debug /
++
- BGP for РКНhttps://habr.com/ru/post/413049/
- mikrotik redudant VRRP - https://mum.mikrotik.com/presentations/HR13/ramires.pdf
Microtik VLAN
# Пример настройки VLAN с SWITCH chip, native vlan - :!: в mikrotik NATIVE VLAN = VID:0 [admin@MikroTik-304] > /interface/ethernet/switch/vlan/ [admin@MikroTik-304] /interface/ethernet/switch/vlan> export # feb/25/2024 19:05:42 by RouterOS 7.8beta2 # software id = W523-SWBT # # model = RBD52G-5HacD2HnD # serial number = BEEB0A75E122 /interface ethernet switch vlan add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=112 add independent-learning=yes ports=ether1,ether5,switch1-cpu switch=switch1 vlan-id=111 add independent-learning=yes ports=ether1,switch1-cpu,ether2,ether3,ether4,ether5 switch=switch1 [admin@MikroTik-304] /interface/ethernet/switch/vlan> /interface/ethernet/switch/port [admin@MikroTik-304] /interface/ethernet/switch/port> export # feb/25/2024 19:05:54 by RouterOS 7.8beta2 # software id = W523-SWBT # # model = RBD52G-5HacD2HnD # serial number = BEEB0A75E122 /interface ethernet switch port set 0 default-vlan-id=0 vlan-header=add-if-missing set 1 default-vlan-id=0 set 2 default-vlan-id=0 set 3 default-vlan-id=0 set 4 default-vlan-id=111 vlan-header=always-strip vlan-mode=secure set 5 default-vlan-id=0 [admin@MikroTik-304] /interface/ethernet/switch/port> # WIFI configure # Under /interface ethernet switch vlan switch1-cpu passes traffic from the switch chip to the CPU, only required for VLANs connected to services provided by the CPU such as IP address, routing, DHCP server and software-based # interfaces (tunnels, wireless). # Under /interface ethernet switch port use vlan-header=leave-as-is for the switch chip in the hAP ac as mentioned in the wiki and help pages. # Under interface wireless use both vlan-mode=use-tag AND vlan-id= to specify which VLAN the interface should be connected to. # Under /interface bridge port setting hw=yes for the wireless interfaces is pointless, the drivers are implemented in software.
- hardware/mikrotik.1755511023.txt.gz
- Last modified: 2025/08/18 09:57
- by admin