Monday, June 23, 2014

Bandwidth Test Using Mikrotik

Bandwidth Test Using Mikrotik

Besides the main function of network management, Mikrotik Router also has a tool that can be used to determine how much traffic can be passed on a link or connection point.

Tool question is BTEST Server and Bandwidth Test. Can be accessed on the menu / tool.

Proxy will generate traffic that will then be sent to another device via a connection line. This process is commonly called the Bandwidth test. A process consists of a test Bandwidth Bandwidth Bandwidth test servers and test client.
All versions can be used as a RouterOS Mikrotik Bandwidth Test or Bandwidth test server client.

Here is an explanation for both the tool.
1. BTEST Server (/ tool BTEST server)
By default the proxy already contained Bandwidth Test Server and can be used. So enough with the default configuration can be done on the Router Mikrotik bandwidth test.

But we also can do the policy settings on the Mikrotik Bandwidth Test Server. This setting can be done in the menu / tool BTEST server. There are several parameters that can be used.


a. Enabled parameter (default: yes)
used to enable bandwidth test server on the router. If the position enabled = no (disable) or not checked (uncheck) it can not be done to test the bandwidth of the router.

b. Authenticate (default: yes)
As the regulator granting Bandwidth test for client authentication. Authenticate: yes (check), to be able to do the bandwidth test, Bandwidth Test Client must enter a username and password as the one used to perform remote server config Router BTEST.
Authenticate: no (unchecked), Bandwidth Test Client does not need to enter your username and password to perform the bandwidth test.

c. Parameter Max session
Used to set limitations on how Max session / bandwidth connection test which took place simultaneously.

2. Bandwidth Test Tool (/ tool Bandwidth Test)
In addition to the bandwidth test server, Mikrotik Bandwidth can also be used as a test client. Mikrotik Bandwidth test as Client can be configured on the menu / tool bandwidth test

As a test client bandwidth setting can also be done with the existing parameters.


a. Test Parameters To
Used to designate the IP address of Router bandwidth test server.

b. Protocol
We can change the protocol to be used in a bandwidth test on the parameters of the protocol (TCP / UDP)

c. Direction
Used to specify the direction of traffic. There are 3 choices of direction of traffic to be generated
  • upload (send)
  • download (receive)
  • uploading and downloading (both)

d. Local and remote tx tx speed speed
Used to determine the current transfer speed bandwidth test. Units bps (bits per second).

e. Username and password
Adjust the router settings Btestserver. If the router BTEST server authentication parameters: yes then enter the username and password you use for the remote router.

Now we are trying to do the bandwidth test. There is a network with a topology as follows. The main requirement of the bandwidth test server and the client previously had been able to communicate using IP Address.


BTEST Mikrotik Router on each server using the default settings.

We are trying to do bandwidth tests between MikroTik router with the following conditions:
IP Router Server = 192.168.5.215, tests using UDP protocol with the direction of traffic upload (send).
We try to skip traffic with data transfer rate of 10Mbps. Fill in the username and password as the BTEST Server.



If the value of Local and Remote tx speed is determined, then the router will generate traffic with a maximum speed in accordance with the value of the local and remote tx speed.
Whereas if the value is not specified then both routers will try to generate traffic to limit the ability of the device or the maximum traffic that can be passed on the connection path.

In addition to using Mikrotik Routers, Bandwidth test client could also use a PC with the help of Mikrotik Btest.exe applications. This application can be used to make Windows-based PCs as client and server bandwidth test. Can be downloaded free of charge here .

As bandwidth test client, setting the Btest.exe almost the same as when using Mikrotik Router.

,


At the time of the bandwidth test, note the router that serves as BTEST Server on the menu / tool BTEST server session. It would appear that the information bandwidth test is in progress.


This is where the use of the parameter Max Session. If in the example image max session = 2 then the number of sessions / connections test bandwidth that can run concurrently only 2 connections.

If the test is usually bandwidth on the network that is running is done with the help of a website, then the test tools bandwidth proxy can be done with no internet connection.

Bandwidth test is also usually done in the construction of a wireless link before it is used to handle the actual network traffic (real traffic).

Diposkan oleh di No comments:
Label: ,

Setting Time On Mikrotik

Setting Time On Mikrotik

Setting time (hour / day / month / year) on Mikrotik Router is absolutely necessary when you are implementing some rules based on time parameters, where the rule is configured to run at a certain time. For example scheduler.
Time discrepancy between Mikrotik Router with real circumstances, will result in the rule does not go according to needs. In addition, recording log on the Router is also information at the time the log was made, so it would be confusing readings if the information does not match the time the real situation.
The timing on Mikrotik Router can be performed on the System> Clock. By default time on Mikrotik Router shows the date Jan/02/1970 0:00:00 hours. Should be an adjustment time on the Router.
In RouterBoard, manual settings on the System> Clock will return to the default settings when the router reboots. RouterBoard hardware is not designed to be able to perform its storage time as a computer case.
Alternatively, can use the service NTP (Network Time Protocol) which allows the router to synchronize time to other devices on the network.
Mikrotik can function as an NTP server and NTP client or his second simultaneously.

Mikrotik As an NTP Client
On Mikrotik RouterOS package system already has features SNTP (Simple Network Time Protocol) client that can be used to enable the router as an NTP client. When lit, the Router will automatically synchronize the time on the NTP server that is designated so that the timing will remain updated.
There are many NTP servers on the Internet that can be used. Example: id.pool.ntp.org, ntp.nasa.gov, etc.. Use mode = unicast.
There are only two modes in the SNTP Client, broadcast and unicast. For another mode (Multicast and Manycast) can use the NTP Client install package ntp.npk.
Looks SNTP Client has been successfully synchronize. After successful sync, not necessarily when the Router is correct. Checks on the System> Clock. You will notice that the date was appropriate but the hour is not yet. Adjust to set the Time Zone Name.

Mikrotik As an NTP Server
NTP Server on Mikrotik functions not found in the default package RouterOS, so it must be installed manually ntp.npk package.
With NTP Server function we could have a server in our network so that other RouterBoard enough time searching for information on the local network, no need to use the bandwidth for public access to the NTP server on the internet.
NTP servers we can build on a hardware that can perform the storage time, ie the router.
We can determine the time dissemination methods, can use the Broadcast, Multicast or Manycast.
Here's an example of setting the NTP server to be heard on a network segment 192.168.30.0/24 IP Address.
Setting the NTP server using Broadcast deployment type, so that the NTP client must use the same mode in order to synchronize the time on the NTP server.

 

Diposkan oleh di No comments:
Label: ,

Maintain Security Router First Step

Maintain Security Router First Step

When finished with the setting of the required features, network admins often ignore the security side of the router. It would be very risky attack against the router, especially when the router is directly connected to the internet and has a public ip. But make no mistake, the attack against the router does not always come from the Internet, could also originate from the local network. We will try to discuss the first steps that need to be done to keep the router from people who are not responsible.
Services
Mikrotik router running multiple services to facilitate the user in how to access the router, or use other features. The by-default service will be run by the router continuously. We can check the service is run by proxy at the IP menu -> Services
There are several services that run by default mikrotik router. The following information details the MikroTik router service and usefulness.
  • API: Application Programmable Interface, a service that allows users to create custom software or applications that communicate with the router, for example to retrieve the information in the router, or even configure the router. Using port 8728.
  • API-SSL: It has the same functionality as the API, it's just for the API SSL more secure because it comes with a ssl certificate. API is running SSL using port 8729.
  • FTP: FTP Mikrotik provides a standard service that uses ports 20 and 21. Commonly used FTP to upload or download the data router, eg backup files. Authorisation to use the FTP user account and password of the router.
  • SSH: remote is one way to secure the router console. Almost the same as telnet, only is more secure because the data is encrypted SSH ditrasmisikan by. MikroTik SSH uses port 22 by default.
  • Telnet: It has functions similar to ssh only has a few limitations and a low level of security. Usually used as a router for remote console. MikroTik telnet service uses port 23.
  • Winbox: Service that allows connection to the router Winbox application. Of course we are familiar with the Winbox application that is used to remotely graphically router. Winbox connection using port 8291.
  • WWW: In addition to the remote console and Winbox, the proxy also provides a means of access via a web-base router using a browser. Ports used are standard HTTP port, which is port 80.
  • WWW-SSL: Same as the WWW service that allows access to the router using the web-base, www-ssl but it is more secure because it uses SSL certificae to establish a connection between the router and client that will perform remote. By default it uses port 443.
Next is the question for the network administrator, whether then all of them will be used?. Sometimes network admins do not really care, service is still running when not needed, so that the service can be used by people who are not responsible at all times. Have you ever opened a terminal MikroTik router then appear notice "failure for user root from xx.xx.x.xxx via ssh"? The error informs that a user tries to access the router by guessing the username and password of the router.
Disable Service
To minimize user trying to access the router using a particular service, the network administrator can turn off services that are found to be used. Suppose we just need memngakses router via winbox and web-base, then we can turn off the service in addition to two earlier services.
Available From
The network administrator can restrict which network routers can be accessed on a particular service by specifying the parameter "Available From" in the service setting. to determine the "Available From", then the service can only be accessed from a specified network. When someone tries to access the router from outside the network-address allowed, will automatically be rejected by the router. Parameters "Available From" can be filled with the IP address or network address.
Change Port
In addition to determining the allowed addresses, network administrators can also change the port used by a particular service. A person working in the world of networking can easily guess the default port used by the service - limited service.
User Management
Some administrators sometimes think that by giving a password alone is enough. Then to share your username and password to some fellow technicians, even for technicians who only have access router monitoring also granted admin permissions. It would be very risky when the router is a router that is handled is important. Here are some tips wise user management.
Group Policies
Technicians who only have the responsibility of monitoring the network does not require full access rights to the router. Usually full access rights are owned only by the person most knowledgeable about the condition and configuration of the router. Network administrator can create a user in accordance with their job responsibilities - each with the group and determining policies on user settings. If using Winbox, go to System -> Users -> Tab Group.
There are several policy options that will be given to determine the user privilege. The following details the policy options and rights held:
  • local: a policy that allows the user login via the local console (keyboard, monitor)
  • telnet: use policies that allow remote login via telnet
  • ssh: policies that allow the user to log in remotely via secure shell protocol
  • ftp: Policies that allow login via FTP full rights, including the dar file transfer to / from the router. Users with this policy have the right read, write, and delete files.
  • reboot: Policies that allow the user to restart the router.
  • read: Policies that allow to see the router configuration. All console command that is not accessible configuration.
  • write: Policies that allow to configure the router, except for user management. This policy does not allow the user to read the configuration of the router, the user is given wirte policy is also given policy is also recommended read.
  • policy: The policy for the management of user rights meemberikan. Should be used together with write policy. Allows also to see the global variables created by other users (requires also 'test' policy).
  • test: Policies that give the right to run ping, traceroute, bandwidth-test, wireless scan, sniffer, snooper and test other commands.
  • Web: Policies that give the right to a remote router via WebBox
  • Winbox: Policies that give the right to a remote router via WinBox
  • password: Policies that give the right to change passwords
  • sensitive: policy which entitles the router to see sensitive information, such as secret radius-key authentication, etc..
  • Fire: Policies that give the right to a remote router via the API.
  • Sniff: Policies that give the right to use a packet sniffer tool.
Allowed Address
"Allowed Address" is used to determine which network the user is allowed access to the router. Suppose the network admin has a policy that technicians may only mengankses router via a local network, should not be through the public network. in such cases, we can use the option "Allowed Address".
Allowed to address the ip address or network addresss. If we are content with the ip address, then the user can only login when using a particular IP address, if we fill the network address, the user can be used to segment a specific Ip address.
MikroTik Neighbor Discovery Protocol (MNDP)
Is a Layer 2 broadcast domain that allows devices that support MNDP or CDP for each "find". The simplest example when we scan Winbox to the router remotely. By performing a scan, will appear mac address information, identity, and the ip address of the router. So when this MNDP running, users in the network, the router can easily find the router, and the router knows some information. In Mikrotik routers, routers that are running can be seen in the menu MNDP IP -> Neighbors. It would seem that the router was connected and running MNDP.
So that the router does not display information when a user scans discovery protocols, network administrators are advised to disable discovery interface. If using Winbox, go to IP -> neighboor -> Tab Discovery Interfaces.
For example, we disable the setting ether2 discovery interfaces, the router can not be scanned or "found" on the network that is connected to ether2.

 

Diposkan oleh di No comments:
Label: ,

Dissecting Details MikroTik Router Default Configuration

Dissecting Details MikroTik Router Default Configuration

 At the moment we first MikroTik router settings that are new, we sometimes difficult to remote in ether1, or when we've managed remote router, in the router configuration seen already there are not so familiar. This is not because malfuction MiktoTik router, but because of the default configuration. For some people, it's easier than the initial configuration of a router when no configuration at all. But for those who are still learning MiktoTik settings, the default configuration will be very helpful. We will try to describe more details about the default configuration.
router has a default configuration will typically show that there is a default configuration information after login console or display a dialog box when the remote using Winbox. Examples of the dialog box when the remote with Winbox:
This dialog box displays 3 options. "Remove Configuration" will remove the default configuration so that the router will be clean, without any configuration at all. The option "Show Script" will display the default configuration script. And the option "OK" to install the default configuration into the router.
Each type of router has a different configuration defaults depending on the condition of the device hardware. Scripts default router configuration can be displayed with the command / system default-configuration print
Now we try to describe in general the default configuration.
Ethernet

Default configuration will give the name of the user interface that is intended to be easier to determine which interface cable will be installed.
  • Ether 1 will be named ether1-gateway assuming the user will install the cable that connects to the Internet to ether1.
  • Ether 2, will be named etherx-master-local.
  • Ether until the ether last 3 will be named ether3-slave-local. At this interface, setting master-port will be redirected to ether2 that are in the same network segment with ether2 interface.
Users can connect to the local network ether2, ether3, and so on except ether1. Local network segment should also be in the same segment.
IP Address
The default configuration will put up the IP address for the interface connected to the local network with the IP address 192.168.88.1/24. So that would use the local network segment 192.168.88.0/24 network.
But these hi not apply to products that have 1 ethernet interface, series RB411, RB433 series, series RB435, RB800 series, CCR series and RB1000 series. Fixed IP address on ether1 interface installed.
DHCP
DHCP Server will diajalankan by default in the configuration interface connected to the local network. Client quite connect to the ethernet interface in addition to ether1, it will automatically get the ip address.
The default configuration is also running DHCP Client service on ether1 interface is assumed to be connected to the internet. ISP usually provides the IP address dynamically so that the client does not need kesulitasn setting the IP address, gateway, dns, etc.. If the ISP or modem automatically assigns ip address, then simply connect the cable from the Internet / ISP to ether1 MikroTik router, the router was able to get an IP address and connected to the internet.
Wireless
For devices that have embedded wireless interface, there is also the default configuration for multiple settings depending on the condition of the router hardware.
  • Mode, which has a license for the device leve 4 and above, by default will use the mode "AP Bridge", while for a router that has a level 3 license using station mode.
  • Band, if the router only support at 2GHz and support MIMO, it will use the band "2Ghz-b/g/n" and routers only support 5GHz band and MIMO will use "-5GHz a / n".
  • Frequency, on the support Roiter 2GHz will use the 2412 frequency. And the router will use the 5GHz frequency support 5300.
  • Chain, for which the router supports dual chain, will use the default settings enable the chain 0.1. and for routers that are still single chain, will only use the chain 0.
  • Security Profile, the default config will create a security profile with the serial number of the router as WPA and WPA2 Key.
  • SSID, will be determined based on the wireless interface mac-address. usually will set the SSID "MikroTik-[Six Digit Last MAC-address]"
In addition to providing some of the above settings, the wireless interface will be bridged with ethernet interface so that the local wireless networks are in the same segment of the cable network.
For devices with additional wireless interface installed in MiniPCI port will be disabled.
Firewall
There are some firewall rules to be made by the default security configuration for the router and the router to save resources by conducting drop packets that are not needed. Here's the default firewall rule configuration:
/ Ip firewall
filter add chain = input action = accept protocol = icmp comment = "default configuration"
filter add chain = input action = accept connection-state = established in-interface = ether1-gateway comment = "default configuration"
filter add chain = input action = accept connection-state = related in-interface = ether1-gateway comment = "default configuration"
filter add chain = input action = drop in-interface = ether1-gateway comment = "default configuration"
nat add chain = srcnat out-interface = ether1-gateway action = masquerade comment = "default configuration"
The first rule in the firewall will menijinkan bound ICMP connection to the router. The second rule allows connections that already have established status heading into the router. The third rule allows connections that already have a status that is also related to the router. The fourth rule will do drop any incoming connection to the router through interface ether1-gateway. And the last rule is a NAT rule that allows a client to borrow under the ip router router to be connected to the Internet.
DNS
Static DNS configuration is created by default with the dns name "router" and the IP address 192.168.88.1. This means that the router is also running as a DNS server. If we open our browser and then type in the address bar with the address of the addressee http://router by the browser is 192.168.88.1 and the display will show a web-base MikroTik router.
Tips
The default configuration can be edited or removed as needed. If it turns out the default configuration makes it difficult or even confusion in setting up the features we need, we can eliminate a number of ways.
First, the remote router must necessarily first, ktika dialog box appears informing about the default configuration as the first picture in this article, select the option "Remove Configuration". Or if you find that the default configuration is installed, can be removed by a reset or netinstall.
So, from now on do not be confused or even panic when the remote router could not be the first time.

 

Diposkan oleh di No comments:
Label: ,
Subscribe to: Posts (Atom)