konfigurasi ospf
router 1 ( main ospf )
[admin@UfoAkses] > ip addr pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.165.165.7/24 10.165.165.0 10.165.165.255 ether1 ( internet )
1 10.1.0.1/30 10.1.0.0 10.1.0.3 wlan1 ( ospf router 1 )
2 10.2.0.1/30 10.2.0.0 10.2.0.3 wlan2 ( ospf router 2 )
[admin@UfoAkses] routing> ospf pr
router-id: 0.0.0.0
distribute-default: never
redistribute-connected: as-type-1
redistribute-static: no
redistribute-rip: no
redistribute-bgp: no
metric-default: 1
metric-connected: 20
metric-static: 20
metric-rip: 20
metric-bgp: 20
[admin@UfoAkses] routing ospf> area pr
Flags: X - disabled
# NAME AREA-ID TYPE DEFAULT-COST AUTHENTICATION
0 backbone 0.0.0.0 default none
1 area1 0.0.0.1 default 1 none
[admin@UfoAkses] routing ospf> network pr
Flags: X - disabled, I - invalid
# NETWORK AREA
0 10.1.0.0/30 area1
1 10.2.0.0/30 area1
2 10.3.0.0/30 area1
[admin@UfoAkses] > ip rou pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.1.0.0/30 10.1.0.1 wlan1
1 Do 10.1.0.0/30
2 ADC 10.2.0.0/30 10.2.0.1 wlan2
3 Do 10.2.0.0/30
4 ADo 10.3.0.0/30 r 10.1.0.2 wlan1
r 10.2.0.2 wlan2
5 ADC 10.165.165.0/24 10.165.165.7 ether1
6 ADo 172.31.17.0/24 r 10.2.0.2 wlan2
7 ADo 192.168.30.0/24 r 10.1.0.2 wlan1
8 A S 0.0.0.0/0 r 10.165.165.1 ether1
router 2 ( ospf peer 1 )
[admin@MikroTik] > ip add pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 10.1.0.2/30 10.1.0.0 10.1.0.3 wlan1 ( ke main ospf )
1 10.3.0.1/30 10.3.0.0 10.3.0.3 ether4 ( backup link )
2 192.168.30.1/24 192.168.30.0 192.168.30.255 ether7 ( ke lan )
[admin@MikroTik] /routing ospf> pr
router-id: 0.0.0.0
distribute-default: never
redistribute-connected: as-type-1
redistribute-static: as-type-1
redistribute-rip: no
redistribute-bgp: no
metric-default: 1
metric-connected: 20
metric-static: 20
metric-rip: 20
metric-bgp: 20
[admin@MikroTik] /routing ospf> area pr
Flags: X - disabled
# NAME AREA-ID TYPE DEFAULT-COST
0 backbone 0.0.0.0 default
1 area1 0.0.0.1 default
[admin@MikroTik] /routing ospf> network pr
Flags: X - disabled, I - invalid
# NETWORK AREA
0 10.1.0.0/30 area1
1 10.3.0.0/30 area1
[admin@MikroTik] > ip rou pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DIS INT...
0 ADC 10.1.0.0/30 10.1.0.2 0 wlan1
1 ADo 10.2.0.0/30 r 10.1.0.1 110 wlan1
r 10.3.0.2 ether4
2 ADC 10.3.0.0/30 10.3.0.1 0 ether4
3 ADo 10.165.165.0/24 r 10.1.0.1 110 wlan1
4 ADo 172.31.17.0/24 r 10.3.0.2 110 ether4
5 ADC 192.168.30.0/24 192.168.30.1 0 ether7
\router 3 sama dengan konfigurasinya dengan router 2....
selamat mencoba
Wednesday, December 24, 2014
Tuesday, December 23, 2014
Ujian MTCNA
Certification example test
1. Is ARP used in the IPv6 protocol ?
[True / False]
[True / False]
2. Select which of the following are ‘Public IP
addresses’:
[multiple answers]
a. 192.168.0.1
b. 11.63.72.21
c. 172.28.73.21
d. 10.110.50.37
e. 172.168.254.2
[multiple answers]
a. 192.168.0.1
b. 11.63.72.21
c. 172.28.73.21
d. 10.110.50.37
e. 172.168.254.2
3. In MikroTik RouterOS, Layer-3 communication between
2 hosts can be achieved by using an address subnet of:
[multiple answers]
a. /30
b. /29
c. /32
d. /31
[multiple answers]
a. /30
b. /29
c. /32
d. /31
4. A PC with IP 192.168.1.2 can access internet, and
static ARP has been set for that IP address on gateway. When the PC Ethernet
card failed, the user change it with a new card and set the same IP for it.
What else should be done?
[multiple answers]
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing – it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access
What else should be done?
[multiple answers]
a. Old static ARP entry on gateway has to be updated for the new card
b. Nothing – it will work as before
c. MAC-address of the new card has to be changed to MAC address of old card
d. Another IP has to be added for Internet access
5. How many usable IP addresses are there in a 20-bit
subnet?
[single answer]
a. 2047
b. 4096
c. 2048
d. 2046
e. 4094
[single answer]
a. 2047
b. 4096
c. 2048
d. 2046
e. 4094
6. What is the default TTL (time to live) on a router
that an IP packet can experience before it will be discarded ?
[multiple answers]
a. 60
b. 30
c. 1
d. 64
[multiple answers]
a. 60
b. 30
c. 1
d. 64
7. The network address is
[multiple answers]
[multiple answers]
a. The first usable address of the subnet
b. The last address of the subnet
c. The first address of the subnet
b. The last address of the subnet
c. The first address of the subnet
8. Choose all valid hosts address range for subnet
15.242.55.62/27
[single answer]
a. 15.242.55.32-15.242.55.63
b. 15.242.55.33-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.31-15.242.55.62
[single answer]
a. 15.242.55.32-15.242.55.63
b. 15.242.55.33-15.242.55.63
c. 15.242.55.33-15.242.55.62
d. 15.242.55.31-15.242.55.62
9. Which ones of the following are valid IP addresses?
[multiple answers]
a. 192.168.13.255
b. 1.27.14.254
c. 10.10.14.0
d. 192.168.256.1
[multiple answers]
a. 192.168.13.255
b. 1.27.14.254
c. 10.10.14.0
d. 192.168.256.1
10. Which of the following is NOT a valid MAC Address?
[multiple answers]
a. 95:B5:DD:EE:78:8A
b. 13:16:86:53:89:43
c. 80:GF:AA:67:13:5D
d. 88:0C:00:99:5F:EF
e. EA:BA:AA:EE:FF:CB
[multiple answers]
a. 95:B5:DD:EE:78:8A
b. 13:16:86:53:89:43
c. 80:GF:AA:67:13:5D
d. 88:0C:00:99:5F:EF
e. EA:BA:AA:EE:FF:CB
11. If ARP=reply-only is configured on an interface,
what will this interface do
[multiple answers]
a. Add new IP addresses in /ip arp list
b. Accept all IP/MAC combinations listed in /ip arp as static entries
c. Accept all MAC-addresses listed in /ip arp as static entries
d. Add new MAC addresses in /ip arp list
e. Accept all IP addresses listed in /ip arp as static entries
[multiple answers]
a. Add new IP addresses in /ip arp list
b. Accept all IP/MAC combinations listed in /ip arp as static entries
c. Accept all MAC-addresses listed in /ip arp as static entries
d. Add new MAC addresses in /ip arp list
e. Accept all IP addresses listed in /ip arp as static entries
12. What is term for the hardware coded address found
on an interface?
[single answer]
a. IP Address
b. Interface Address
c. MAC Address
d. FQDN Address
[single answer]
a. IP Address
b. Interface Address
c. MAC Address
d. FQDN Address
13. Which of the following IP addresses are publicly
routable?
[multiple answers]
a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4
[multiple answers]
a. 127.34.155.3
b. 192.168.1.4
c. 172.16.13.23
d. 11.3.10.4
14. What protocol does ping use?
[single answer]
a. UDP
b. TCP
c. ARP
d. ICMP
[single answer]
a. UDP
b. TCP
c. ARP
d. ICMP
15. MAC layer by OSI model is also known as
[single answer]
a. Layer 3
b. Layer 7
c. Layer 2
d. Layer 6
e. Layer 1
[single answer]
a. Layer 3
b. Layer 7
c. Layer 2
d. Layer 6
e. Layer 1
16. How many layers does Open Systems Interconnection
model have?
[single answer]
a. 12
b. 6
c. 9
d. 5
e. 7
[single answer]
a. 12
b. 6
c. 9
d. 5
e. 7
17. How many IP addresses can one find in the header
of an IP packet?
[single answer]
a. 3
b. 4
c. 1
d. 2
[single answer]
a. 3
b. 4
c. 1
d. 2
18. Select valid MAC-address
[single answer]
a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. 192.168.0.0/16
d. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201
[single answer]
a. G2:60:CF:21:99:H0
b. 00:00:5E:80:EE:B0
c. 192.168.0.0/16
d. AEC8:21F1:AA44:54FF:1111:DDAE:0212:1201
19. The basic unit of a physical network (OSI Layer 1)
is the:
[single answer]
a. Byte
b. Frame
c. Bit
d. Header
[single answer]
a. Byte
b. Frame
c. Bit
d. Header
20. You have a router with configuration
- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet
[single answer]
a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.253/24 gateway:202.168.0.1
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.2/24 gateway:202.168.125.45
- Public IP :202.168.125.45/24
- Default gateway:202.168.125.1
- DNS server: 248.115.148.136, 248.115.148.137
- Local IP: 192.168.2.1/24
Mark the correct configuration on client PC to access to the Internet
[single answer]
a. IP:192.168.0.1/24 gateway:192.168.2.1
b. IP:192.168.2.253/24 gateway:202.168.0.1
c. IP:192.168.1.223/24 gateway:248.115.148.136
d. IP:192.168.2.115/24 gateway: 192.168.2.1
e. IP:192.168.2.2/24 gateway:202.168.125.45
Real Test
1. On the advanced menu of the wireless setup there is
a parameter called “Area”, it works directly with:
A. Connect List
B. Access List
C. None of these
D. Security Profile
B. Access List
C. None of these
D. Security Profile
2. What menus should be used to allow certain websites
to be accessed from behind a hotspot interface, without client authentication
A. ip hotspot ip-binding
B. ip hotspot profile
C. ip hotspot walled-garden
D. ip hotspot walled-garden ip
B. ip hotspot profile
C. ip hotspot walled-garden
D. ip hotspot walled-garden ip
3. You want to use PCQ and allow 256k maximum download
and upload for each client. Choose correct argument values for the required
queue.
A. kind=pcq pcq-limit=1256000
pcq-classifier=dst-address
B. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
C. kind=pcq pcq-limit=5000000 pcq-classifier=src-address
D. kind=pcq pcq-limit=256000 pcq-classifier=src-address
E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address
B. kind=pcq pcq-limit=256000 pcq-classifier=dst-address
C. kind=pcq pcq-limit=5000000 pcq-classifier=src-address
D. kind=pcq pcq-limit=256000 pcq-classifier=src-address
E. kind=pcq pcq-limit=5000000 pcq-classifier=dst-address
4. Which of the following is true for connection
tracking
A. Enabling connection tracking reduces CPU usage in
RouterOS
B. Connection tracking must be enabled for firewall to be effective
C. Connection tracking must be enable for NAT’ed network
D. Disable connection tracking for mangle to work
B. Connection tracking must be enabled for firewall to be effective
C. Connection tracking must be enable for NAT’ed network
D. Disable connection tracking for mangle to work
5. Which of these are possible solutions to bridge two
networks over a wireless link:
A. Both devices in AP mode and enable WDS mode
B. One device in AP mode, another one in station-pseudobridge-clone
C. One device in AP mode, another one in station-pseudobridge
D. One device in AP mode, another one in station
B. One device in AP mode, another one in station-pseudobridge-clone
C. One device in AP mode, another one in station-pseudobridge
D. One device in AP mode, another one in station
6. What kind of users are listed in the Secrets window
of the PPP menu?
A. hotspot users
B. pppoe users
C. pptp users
D. l2tp users
E. wireless users
F. winbox users
B. pppoe users
C. pptp users
D. l2tp users
E. wireless users
F. winbox users
7. Router A and B are both running as PPPoE servers on
different broadcast domains of your network. Is it possible to set Router A to
use “/ppp secret” accounts from Router B to authenticate PPPoE customers ?
8. You have a 802.11b/g wireless card. Which
frequencies can be set?
A. 5210MHz
B. 2327MHz
C. 2422MHz
D. 2412MHz
E. 5800MHz
B. 2327MHz
C. 2422MHz
D. 2412MHz
E. 5800MHz
9. Which of the following Routes statuses are
possible?
A. C = Connected
B. S = Static
C. A = Active
D. D = Drop
B. S = Static
C. A = Active
D. D = Drop
10. Can you manually add drivers to RouterOS in case
your PCI Ethernet card is not recognized, and you suspect it is a driver issue?
A. No
B. Yes
B. Yes
11. Action=redirect applies to
A. Route rules
B. DST-NAT rules
C. Firewall Filter rules
D. SRC-NAT rules
B. DST-NAT rules
C. Firewall Filter rules
D. SRC-NAT rules
12. When backing up your router by using the ‘Export’
command, the following happens:
A. Winbox usernames and passwords are backed up
B. The Export file can be edited with a standard text editor after its creation
C. You are requested to give the export file a name
B. The Export file can be edited with a standard text editor after its creation
C. You are requested to give the export file a name
13. You need to reboot a RouterBoard after importing a
previously exported rsc file to activate the new configuration.
14. If ARP=reply-only is configured on an interface,
what will this interface do
A. Add new IP addresses in /ip arp list
B. Accept all IP/MAC combinations listed in /ip arp as static entries
C. Add new MAC addresses in /ip arp list
D. Accept all IP addresses listed in /ip arp as static entries
E. Accept all MAC-addresses listed in /ip arp as static entries
B. Accept all IP/MAC combinations listed in /ip arp as static entries
C. Add new MAC addresses in /ip arp list
D. Accept all IP addresses listed in /ip arp as static entries
E. Accept all MAC-addresses listed in /ip arp as static entries
15. It is impossible to disable user “admin” at the
menu “/user”
16. If a packet comes to a router and starts a new,
previously unseen connection, which connection state would be applied to it?
A. no connection state would be applied to such packet
B. new
C. unknown
D. invalid
E. established
B. new
C. unknown
D. invalid
E. established
17. We have two radio cards in a point-to-point link
with settings:
Card Nr 1.: mode=ap-bridge ssid=”office”
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa
frequency=2447 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa
Card Nr 2.: mode=station ssid=”office”
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa2
frequency=2412 band=2.4ghz-b/g default-authentication=yes default-forwarding=yes security-profile=wpa2
Is Card Nr2. able to connect to Card Nr 1.?
A. Yes, if Nstreme is enabled or disabled on both
B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both
C. No, because of the different frequencies
D. No, because of the different security profiles
B. Yes, when security profile settings are compatible with each other and Nstreme is enabled or disabled on both
C. No, because of the different frequencies
D. No, because of the different security profiles
18. If you need to make sure that one computer in your
HotSpot network can access the Internet without HotSpot authentication, which
menu allows you to do this?
A. Walled-garden IP
B. Walled-garden
C. Users
D. IP bindings
B. Walled-garden
C. Users
D. IP bindings
19. Consider the following network diagram. In R1, you
have the following configuration:
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.2
/ip firewall nat
add chain=srcnat out-interface=Ether1 action=masquerade
add chain=srcnat out-interface=Ether1 action=masquerade
On R2, if you wish to prevent all access to a server
located at 192.168.1.10 from LAN1 devices, which of the following rules would
be needed?
A. /ip firewall filter add chain=forward
src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop
B. /ip firewall filter add chain=input src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
C. /ip firewall nat add chain=dstnat src-address=192.168.99.1 dst-address=192.168.1.10 action=drop
D. /ip firewall filter add chain=forward src-address=192.168.0.0/24 dst-address=192.168.1.10 action=drop
20. What is the default protocol/port of (secure)
winbox?
A. UDP/5678
B. TCP/8291
C. TCP/22
D. TCP/8080
B. TCP/8291
C. TCP/22
D. TCP/8080
21. What protocol is used for Ping and Trace route?
A. UDP
B. ICMP
C. IP
D. TCP
E. DHCP
B. ICMP
C. IP
D. TCP
E. DHCP
22. Mark the queue types that are available in
RouterOS
A. SFQ – Stochastic Fairness Queuing
B. DRR – Deficit Round Robin
C. FIFO – First In First Out (for Bytes or for Packets)
D. LIFO – Last In First Out
E. PCQ – Per Connection Queuing
F. RED – Random Early Detect (or Drop)
B. DRR – Deficit Round Robin
C. FIFO – First In First Out (for Bytes or for Packets)
D. LIFO – Last In First Out
E. PCQ – Per Connection Queuing
F. RED – Random Early Detect (or Drop)
23. Select which of the following are ‘Public IP
addresses’:
A. 10.110.50.37
B. 11.63.72.21
C. 172.28.73.21
D. 192.168.0.1
E. 172.168.254.2
B. 11.63.72.21
C. 172.28.73.21
D. 192.168.0.1
E. 172.168.254.2
24. What letters appear next to a route, which is
automatically created by RouterOS when user adds a valid address to an active
interface?
A. S
B. I
C. A
D. D
E. C
B. I
C. A
D. D
E. C
25. Which is the default port of IP-Winbox?
A. TCP 80
B. TCP 8291
C. TCP 8192
D. UDP 8291
B. TCP 8291
C. TCP 8192
D. UDP 8291
Sunday, December 21, 2014
Load Balance Script Mikrotik
2 WAN Loadbalancing NTH methode
/ip address
add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 comment="" disabled=no
add address=192.168.2.3/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 comment="" disabled=no
add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=internal comment="" disabled=no
/ip firewall mangle
add chain=prerouting in-interface=internal connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
add chain=prerouting in-interface=internal connection-state=new nth=1,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ip firewall nat
add chain=srcnat connection-mark=conn1 action=masquerade out-interface=WAN1 comment="" disabled=no
add chain=srcnat connection-mark=conn2 action=masquerade out-interface=WAN2 comment="" disabled=no
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
/ip address
add address=192.168.1.3/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1 comment="" disabled=no
add address=192.168.2.3/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2 comment="" disabled=no
add address=10.10.0.1/24 network=10.10.0.0 broadcast=10.10.0.255 interface=internal comment="" disabled=no
/ip firewall mangle
add chain=prerouting in-interface=internal connection-state=new nth=2,1 action=mark-connection new-connection-mark=conn1 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn1 action=mark-routing new-routing-mark=conn1 passthrough=no comment="" disabled=no
add chain=prerouting in-interface=internal connection-state=new nth=1,1 action=mark-connection new-connection-mark=conn2 passthrough=yes comment="" disabled=no
add chain=prerouting in-interface=internal connection-mark=conn2 action=mark-routing new-routing-mark=conn2 passthrough=no comment="" disabled=no
/ip firewall nat
add chain=srcnat connection-mark=conn1 action=masquerade out-interface=WAN1 comment="" disabled=no
add chain=srcnat connection-mark=conn2 action=masquerade out-interface=WAN2 comment="" disabled=no
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=255 target-scope=10 routing-mark=conn1 comment="" disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=255 target-scope=10 routing-mark=conn2 comment="" disabled=no
2WAN PCC Methode
/ip address
add address=192.168.0.1/24 network=192.168.0.0 broadcast=192.168.0.255 interface=Local
add address=192.168.1.2/24 network=192.168.1.0 broadcast=192.168.1.255 interface=WAN1
add address=192.168.2.2/24 network=192.168.2.0 broadcast=192.168.2.255 interface=WAN2
/ip dns set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB max-udp-packet-size=512 servers=221.132.112.8,8.8.8.8
/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=output connection-mark=WAN1_conn action=mark-routing new-routing-mark=to_WAN1
add chain=output connection-mark=WAN2_conn action=mark-routing new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=Local
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/0 action=mark-connection new-connection-mark=WAN1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=Local per-connection-classifier=both-addresses-and-ports:2/1 action=mark-connection new-connection-mark=WAN2_conn passthrough=yes
add chain=prerouting connection-mark=WAN1_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN1
add chain=prerouting connection-mark=WAN2_conn in-interface=Local action=mark-routing new-routing-mark=to_WAN2
/ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.1 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=2 check-gateway=ping
/ip firewall nat
add chain=srcnat out-interface=WAN1 action=masquerade
add chain=srcnat out-interface=WAN2 action=masquerade
4 WAN LoadBalancing PCC Methode
/ip address
add address=172.16.0.1/16 broadcast=172.16.255.255 comment="" disabled=no interface=Local network=172.16.0.0
add address=192.168.1.2/24 broadcast=192.168.1.255 comment="" disabled=no interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 broadcast=192.168.2.255 comment="" disabled=no interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 broadcast=192.168.3.255 comment="" disabled=no interface=WAN3 network=192.168.3.0
add address=192.168.4.2/24 broadcast=192.168.4.255 comment="" disabled=no interface=WAN4 network=192.168.4.0
/ip firewall mangle
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN3 new-connection-mark=WAN3_conn passthrough=yes
add action=mark-connection chain=input comment="" disabled=no in-interface=WAN4 new-connection-mark=WAN4_conn passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=output comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.1.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.2.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.3.0/24
add action=accept chain=prerouting comment="" disabled=no dst-address=192.168.4.0/24
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/0 src-address=10.0.0.1-10.0.0.255
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/1 src-address=10.0.0.1-10.0.0.255
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/2 src-address=10.0.0.1-10.0.0.255
add action=mark-connection chain=prerouting comment="" disabled=no dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:4/3 src-address=10.0.0.1-10.0.0.255
add action=mark-routing chain=prerouting comment="" connection-mark=WAN1_conn disabled=no new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN2_conn disabled=no new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN3_conn disabled=no new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting comment="" connection-mark=WAN4_conn disabled=no new-routing-mark=to_WAN4 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN1 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN2 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN3 src-address=10.0.0.1-10.0.0.255
add action=masquerade chain=srcnat comment="" disabled=no out-interface=WAN4 src-address=10.0.0.1-10.0.0.255
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 routing-mark=to_WAN1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 routing-mark=to_WAN2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 routing-mark=to_WAN3 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 routing-mark=to_WAN4 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.1.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.3.1 scope=30 target-scope=10
add check-gateway=ping comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.4.1 scope=30 target-scope=10
DDNS Script for Changeip.com
# Define User Variables
:global ddnsuser "USERNAME"
:global ddnspass "PASS"
:global ddnshost "DOMAIN NAME"
# Define Global Variables
:global ddnsip
:global ddnslastip
:if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip "0" }
:global ddnsinterface
:global ddnssystem ("mt-" . [/system package get system version] )
# Define Local Variables
:local int
# Loop thru interfaces and look for ones containing
# default gateways without routing-marks
:foreach int in=[/ip route find dst-address=0.0.0.0/0 active=yes ] do={
:if ([:typeof [/ip route get $int routing-mark ]] != str ) do={
:global ddnsinterface [/ip route get $int interface]
}
}
# Grab the current IP address on that interface.
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface ] address ]
# Did we get an IP address to compare?
:if ([ :typeof $ddnsip ] = nil ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")
} else={
:if ($ddnsip != $ddnslastip) do={
:log info "DDNS: Sending UPDATE!"
:log info [ :put [/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ] ]
:global ddnslastip $ddnsip
} else={
:log info "DDNS: No update required."
}
}
# End of script
Freemikrotik @ SMKN 2 Malang...
Daripada hilang taruh sini dulu ya :) ini adalah Blog saya pribadi dari apa yang saya ikut kumpulkan selama di freemikrotik.com isi lebih lengkap dan asli silahkan kunjungi freemikrotik.com
Laptop saya mungkin akan saya format atau juga hardisknya rusak, server juga bisa jadi akan saya format, apakah admin baru punya atau tidak data yang lama kalau tidak ada saya masih menyimpan di blog saya ini. Jadi memang ini koleksi di laptop atau server saya, namun pemberian dari rekan-rekan freemikrotik juga. Daripada hilang deh taruh sini. Penerus Freemikrotik.com juga masih bisa memanfaatkan foto-foto ini.
Ini adalah foto-foto saat SMKN 2 Malang datang ke Freemikrotik dan launching spanduk saat Freemikrotik launching di MUM 2013... Koment disini juga ya anak2 SMKN 2 Malang....
Laptop saya mungkin akan saya format atau juga hardisknya rusak, server juga bisa jadi akan saya format, apakah admin baru punya atau tidak data yang lama kalau tidak ada saya masih menyimpan di blog saya ini. Jadi memang ini koleksi di laptop atau server saya, namun pemberian dari rekan-rekan freemikrotik juga. Daripada hilang deh taruh sini. Penerus Freemikrotik.com juga masih bisa memanfaatkan foto-foto ini.
Ini adalah foto-foto saat SMKN 2 Malang datang ke Freemikrotik dan launching spanduk saat Freemikrotik launching di MUM 2013... Koment disini juga ya anak2 SMKN 2 Malang....
Freemikrotik @ mum 2013
Freemikrotik diterima oleh Mikrotik.com pada saat MUM 2013...
Foto-foto ini merupakan dokumen FREEMIKROTIK yang ada di laptop saya.... Kunjungi Freemikrotik.com untuk info perkembangan Forum Freemikrotik.
Foto-foto ini merupakan dokumen FREEMIKROTIK yang ada di laptop saya.... Kunjungi Freemikrotik.com untuk info perkembangan Forum Freemikrotik.
Freemikrotik Blogs...
Freemikrotik adalah sebuah forum yang menyediakan interaksi gratis dan material gratis yang berslogan dari MU untuk MU. MU adalah mikrotik user. Mengumpulkan sebanyak mungkin praktisi dan pengguna mikrotik.
Freemikrotik.com saat ini dikelola oleh Sdr. Irfan, Dan saya sendiri masih memiliki beberapa material mikrotik dan daripada hilang dan emang hosting kami belum memiliki IP sendiri sehingga asal ada phising atau sesuatu langsung saja pemilik IP menutup atau memblokir IP kami dan web kami tentu saja down. Kesalahan kadang pada client-klient namun terakhir kami tidak bisa update freemikrotik forum script dan tiba-tiba ada yang menyusupkan sesuatu pada web kami dan kami mendapatkan email. Pada saat terakhir itu server Freemikrotik sudah terpisah dengan server lain. Yach karena pada 1 Oktober hingga akhir November saya cukup sibuk di Parlemen Indonesia juga ada pameran di JCC maka setelah liburan reses Akhir Tahun ini saya akan berusaha menyimpan semua catatan dan foto selama di freemikrotik semoga pengunjung freemikrotik masih bisa memanfaatkan hasil labs, ataupun apapun yang pernah ditulis di blog Freemikrotik.
Saya akan upload content Laptop saya tentang freemikrotik.com sebelum saya hapus semuanya. :)
Freemikrotik.com saat ini dikelola oleh Sdr. Irfan, Dan saya sendiri masih memiliki beberapa material mikrotik dan daripada hilang dan emang hosting kami belum memiliki IP sendiri sehingga asal ada phising atau sesuatu langsung saja pemilik IP menutup atau memblokir IP kami dan web kami tentu saja down. Kesalahan kadang pada client-klient namun terakhir kami tidak bisa update freemikrotik forum script dan tiba-tiba ada yang menyusupkan sesuatu pada web kami dan kami mendapatkan email. Pada saat terakhir itu server Freemikrotik sudah terpisah dengan server lain. Yach karena pada 1 Oktober hingga akhir November saya cukup sibuk di Parlemen Indonesia juga ada pameran di JCC maka setelah liburan reses Akhir Tahun ini saya akan berusaha menyimpan semua catatan dan foto selama di freemikrotik semoga pengunjung freemikrotik masih bisa memanfaatkan hasil labs, ataupun apapun yang pernah ditulis di blog Freemikrotik.
 |
Bersama Team Freemikrotik.com saat MUM (mikrotik User Metting)
 |
| suasana Parlemen Indonesia Jam 9 Malam 1 oktober |
Saya akan upload content Laptop saya tentang freemikrotik.com sebelum saya hapus semuanya. :)
Okey Terima kasih telah berkunjung ke blog saya ini.
Subscribe to:
Comments (Atom)