NetWatch: Emergency Response Network Problem

NetWatch: Emergency Response Network Problem

Newatch MikroTik is one feature that is used to monitor the condition of the host. There are cases where we need to monitor the state of a host can be a very important hot so that if something happens to the host, network admin can get information immediately and can take precautions that are also responsive as possible. It would be very inefficient if a remote or network administrator should monitor the server within 24 hours. To facilitate monitoring, MikroTik provide NetWatch feature.

This feature can be accessed from the Tools menu -> NetWatch. When we click the plus (+), we can fill in the ip address of the host to be monitored.

• Host: IP address of the device information to be monitored.
• Interval: NetWatch works by sending a ping. At intervals of parameters, we can set a time period for the router sends a ping to check the condition of the host.
• Time Out: Timed how long the host will be considered down if the ping is sent from the router does not receive a response (unreachable).

In the picture above, we can see that the setting NetWatch will be monitoring the host with IP address 192.168.230.2. Information listed status "up" because the router can ping the IP address. If the router fails to send a ping, then the status will change to "down".

Subsequent need when there is a change of status, the router will send an email notification, so that network admins can know immediately and can perform the necessary tindaka. So that the router can send an email, we need an email server settings under Tools -> Email.

Without setting up Leih, NetWatch only displays status information monitored host, up or down. In order for the router to provide notification when the host changed status, we can write a script on the Tab "UP" and Tab "DOWN".

No Script tab "Up" will be run if the host is connected properly monitored. In the case this time, we will be set so that the router immediately sends an email notification when there erubahan status, then we need to add the script to the settings tab "UP" and Tab "Down". An example for a script to be run ketka Berbah status becomes "UP".

And the script on the tab "Down" will run if the host can not ping the router.

With the above script, the router will soon envy email notifications when the host down and also will send email notification when the router back up.

Scripts can also be run not only the script to send an email, we can create a custom script if we are familiar with scripting in MikroTik. Manual on scripting in proxy you can explore here: http://wiki.mikrotik.com/wiki/Manual:Scripting

http://freakscontent.blogspot.com/ 

Mapping the connections with Mark-Route

Mapping the connections with Mark-Route

Choice of using more than one internet connection could be a solution for the need netwok more smoothly and reliably. However, poor management can create the appearance of new problems. With the presence of more than one link, the connection will be passing through both links depending on the link which was empty. With some considerations, network admins sometimes choose to skip a connection to a particular path, ie the connection is an important application connections.

In the present case example suppose we have 2 internet connections with different bandiwdth. Then will we distinguish IIX path to the ISP with more bandwidth, namely ISP 1, and for the connection to the international will use an ISP with a smaller badwidth, call the ISP 2. If we image topology, it will look like the following image :

We use Mangle feature on the MikroTik router to mark a connection. First, to distinguish the target by the client traffic is traffic to IIX or international, we need a list of IPs that have been advertised in IIX (IP address in Indonesia) with address-list. The address list that will be used later weeks to determine whether the client access to web based ip local or international destination.

Do not worry, mikrotik.co.id has provided a list of IP addresses IIX script named nice.rsc that you can copy-paste at the terminal MikroTik. Nice.rsc files can also be downloaded directly from the terminal in RouterOS. Example command:

After downloading the file nice.rsc finished, do not forget to import into address-list, then the router will make a list of IP addresses in the firewall address-list called "nice"

Selanjuntya we will use a feature mangle to mark connections from the client, meuju to IIX or international. First we mark the connection that led to the IIX.

In the in-interface parameters please select the interface connected to the local network. Then we make another mangle to mark connections in addition to leading to the IIX, we will mark the leading international connections.

After successfully marking the connection, the next is the direct connection to one ISP by using the route, based on mark-routers that have been made previously. Quite easy, we create a new routing rule with dst address = 0.0.0.0 / 0 gateway ISP 1. Do not forget to mark part-route, we choose to mangle IIX connection, as well as for routing rule inernational connection.

The settings are finished, check the trace route to the IP address and the IP address international IIX, then note where the gateway traversed. Do not forget to do a masquerade NAT settings for both gateway that the client can connect to the internet. Usage will mangle can also be custom made, eg by port and protocol.

http://freakscontent.blogspot.com/ 

Know the System BIOS on RouterBoard

Know the System BIOS on RouterBoard

 

 As we all know, that the RouterBoard is a PC, which also has a processor, RAM, storage, and so on - another, but the dimensions are quite small. Designed to meet the needs of an optimal network. As with PCs in general, in the RouterBoard BIOS systems are also simple. - I wonder what the function of the BIOS?. One of them, the system bios is quite useful when we run into problems on RouterBoard, eg RouterBoard suddenly die and not come back on. Simple troubleshooting steps can we do to observe the processes that occur with access to RouterBoot or RouterBoard bootloader. RouterBoard bios access can be done via the serial port with cable   RS232/DB9 .

If we try to access the router through the console to the PC / laptop that does not have a serial port, then we can combine with serial to USB converters.

Topology is simple, we connect the computer's USB port to a serial port on RouterBoard using a serial cable. If the topology has been awakened, prepare an application such as HyperTerminal, PuTTY, or the like. The program that we will use to look at the process of booting the RouterBoard via console. The trick hyperterminal settings at baudrate 115200 and make sure the correct port is in use already. If we are not sure, we can check in Device Manager in Windows.

For the normal boot process, meaning that the router is not experiencing problems or damage the hardware, it will show the following:

In the bios system we can also configure the bios properly on the PC. For example, change the boot device, the boot protocol, cpu modes, and much more. Case, if it arrives - arrives RouterBoard can not boot normally. Then we can check the booting process RouterBoard using serial Kable, eg turns the boot process stops. Sample fails to boot because the kernel is damaged or missing.

With damage to the kernel as above, we can troubleshoot a way to reinstall the RouterBoard using NetInstall. At first boot process, press any key to enter the bios settings.

Press the "o" to change the boot device previously via NAND, we will change into via ethernet. Do not forget to run the NetInstall program on your PC / Laptop to be used to reinstall the RouterBoard.

Then connect the router to the PC / laptop with an ethernet cable. If RouterBoard successfully booting via ethernet will display the following:

At the same time, the mac-adress RouterBoard will appear on the application NetInstall. Do the NetInstall just as usual. In addition, there are some who view the boot process can be used to analyze the damage. For example, display "kernel panic", it means the kernel is damaged so the router RouterOS fails to boot. If we encounter an error like this, the solution is to do a NetInstall. Eg There is no display or boot process, the solution that we can try to do for example with the downgrade, and then try NetInstall, if still can not, check the hardware. For example, when a remote console, which will be displayed instead of characters unreadable. This could be an indicator of a hardware malfunction, usually RAM is problematic. The solution we can claim warranty through the RMA process. In addition, the bios can also do some settings such as changing the boot delay, memory testing and so on. Unfortunately, not all RouterBoard have a serial port. Maybe not many are aware of the function.

User Manager For Wireless & DHCP Server Radius

User Manager For Wireless & DHCP Server Radius

Radius is short for Remote Authentication Dial In User Service, is a network protocol that runs the service management Authentication, Authorization, and Accounting (AAA) for centrally connected users and want to use the resource in the network.

MikroTik has a feature called UserManager radius server. UserManager that will make it easier when we want to create a network service that didistribusaikan widely, eg hotspots in cafes, malls, hotels and so on. By using this UserManager we can simply create a user account on the main router and the user account can be used or accessed from router DHCP / Wireless. Picture of the network topology that uses UserManager as the radius server:

With the above example topology we run UserManager radius server in the primary router connected directly to the internet. In the edge router running wireless and dhcp server for the local network. Then we will use the UserManager for memanagement client that will connect to the router's DHCP / Wireless. That said, this function will replace the function UserManager Static DHCP Lease on Server and Wireless Access List function. This means that the client will not be able to connect before the mac-address listed on the Radius Server.

First the settings first in the DHCP & Wireless Router as Radius Client. Go to the menu "Radius". Check the DHCP & Wireless, because of DHCP users and wireless users will later be managed by the UserManager. In the "Address", we point to the IP address of the primary router running the service User Manager.

In the example above, we use the IP address 127.0.0.1 for service and service UserManager DHCP / Wireless still be in the same router. If the real implementation, when a UserManager separate router with a DHCP router / Wireless, IP address with the IP Address of your content routers that run the service UserManager.

Do not forget in the DHCP server settings, check the option "Use Radius". Go to the menu IP -> DHCP Server -> Tab "Servers, double-click the DHCP server for setting properties.

 So is the wireless security profile, so that wireless clients can be managed by the UserManager. Go to the Wireless menu -> click on the tab "Security Profiles". Create a new Security Profiles, the RADIUS tab, click the option "MAC Authentication".

 Setting The Radius Client-side has been completed. Then now we will start setting in Radius Server-side UserManager. Add radius client router (Router DHCP & Wireless) on the UserManager. Go to the web-base manager to address user http://ip-router/userman

Login page will appear UserManager web-base, by default we can login with the admin user password is empty. On the page that we will be setting UserManager. To add a Radius client router, go to "Router", then click "Add".

After adding a router, then create a user profile and limitation for DHCP and wireless. Suppose we'll limitation DHCP client / Wireless with bandwidth 256kbps for upload and download, then we can make the following limitation:

 If the limitation is already created, create a profile and add a limitation that has been made into the profile.

  
Lastly, create a user in the UserManager with the mac-address DHCP client or Wireless as the username. Go to the menu "User" -> click "Add". Fill in the client mac-address as the username.
 

If the DHCP client or wireless connect successfully, then the limitations that have been made in the UserManager will apply. In setting UserManager limitation, we limit the bandwidth of 256kbps. Then the router will automatically create a dynamic queue that will melimit DHCP client / Wireless are successfully connected.

With this UserManager us instead of setting static leases on the DHCP Server and the Access List in wireless becomes centralized. If no UserManager we need to set a static lease and Access List on each router, with the radius server, we are setting in the router enough radius server, then the client is connected from the router will use the Radius client authentication from radius server.