Page 17
[admin@AT-WR4562] ip route> print [admin@AT-WR4562] ip route> .. address print [admin@AT-WR4562] ip route> /ip address print /ip address add address 10.0.0.1 netmask 255.255.255.0 interface ether1 | Prints the routing table | Prints the IP address table | Prints the IP address table...
Page 18
• • • • • [admin@AT-WR4562] system backup> save name=test Configuration backup saved [admin@AT-WR4562] system backup>...
Page 19
[admin@AT-WR4562] > file print # NAME 0 test.backup [admin@AT-WR4562] > [admin@AT-WR4562] system backup> load name=test Restore and reboot? [y/N]: Restoring system configuration System configuration restored, rebooting now [admin@AT-WR4562] > ip address print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.1.0.172/24...
Page 21
[admin@AT-WR4562] system upgrade> refresh [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade> download 1 [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> VERSION STATUS COMPLETED...
Page 24
[admin@AT-WR4562] system package> print Flags: X - disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> uninstall security [admin@AT-WR4562] > .. reboot • • • • • • VERSION SCHEDULED...
Page 25
[admin@AT-WR4562] system package> downgrade Router will be rebooted. Continue? [y/N]: system will reboot shortly [admin@AT-WR4562] system package> print Flags: X – disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> enable ipv6 [admin@AT-WR4562] system package>...
Page 26
[admin@AT-WR4562] system package> print Flags: X – disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> unschedule security [admin@AT-WR4562] system package> • • • • • • VERSION SCHEDULED scheduled for uninstall...
Page 27
[admin@AT-WR4562] system upgrade> refresh [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade> download 1 [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade upgrade-package-source>...
Page 30
[admin@AT-WR4562] interface> print Flags: X - disabled, D - dynamic, R - running NAME R ether1 R bridge1 R ether2 R wlan1 [admin@AT-WR4562] interface> TYPE RX-RATE TX-RATE ether bridge ether wlan 1500 1500 1500 1500...
[admin@AT-WR4562] > interface print Flags: X - disabled, D - dynamic, R - running NAME X ether1 [admin@AT-WR4562] > interface enable ether1 [admin@AT-WR4562] > interface print Flags: X - disabled, D - dynamic, R - running NAME R ether1 [admin@AT-WR4562] > interface ethernet [admin@AT-WR4562] interface ethernet>...
Page 55
AB R 00:02:6F:20:34:82 aap1 00:0B:6B:30:80:0F www AB R 00:0B:6B:31:B6:D7 www AB R 00:0B:6B:33:1A:D5 R52_test_new AB R 00:0B:6B:33:0D:EA short5 AB R 00:0B:6B:31:52:69 AT-WR4500 AB R 00:0B:6B:33:12:BF long2 -- [Q quit|D dump|C-z pause] [admin@AT-WR4562] interface wireless> 9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17, 36Mbps:17,48Mbps:17,54Mbps:17 BAND FREQ SIG RADIO-NAME 5ghz...
Page 76
[admin@AT-WR4562] interface vlan> add name=test vlan-id=1 interface=ether1 [admin@AT-WR4562] interface vlan> print Flags: X - disabled, R - running NAME test 1500 enabled [admin@AT-WR4562] interface vlan> enable 0 [admin@AT-WR4562] interface vlan> print Flags: X - disabled, R - running NAME R test 1500 enabled [admin@AT-WR4562] interface vlan>...
Page 77
[admin@AT-WR4562] ip address> add address=10.10.10.1/24 interface=test [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.0.0.204/24 10.0.0.0 10.20.0.1/24 10.20.0.0 10.10.10.1/24 10.10.10.0 [admin@AT-WR4562] ip address> [admin@AT-WR4562] ip address> add address=10.10.10.2/24 interface=test [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK...
Page 88
[admin@AT-WR4562] ip address> add address=10.10.10.1/24 interface=ether2 [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 2.2.2.1/24 2.2.2.0 10.5.7.244/24 10.5.7.0 10.10.10.1/24 10.10.10.0 [admin@AT-WR4562] ip address> BROADCAST INTERFACE 2.2.2.255 ether2 10.5.7.255 ether1 10.10.10.255 ether2...
Page 89
C:\> arp -s 10.5.8.254 00-aa-00-62-c6-09 [admin@AT-WR4562] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \ \... :21:00:56:00:12 [admin@AT-WR4562] ip arp> print Flags: X - disabled, I - invalid, H - DHCP, D - dynamic ADDRESS MAC-ADDRESS 0 D 2.2.2.2 00:30:4F:1B:B3:D9 ether2 1 D 10.5.7.242 00:A0:24:9D:52:A4 ether1 10.10.10.10 06:21:00:56:00:12 ether2...
Page 91
admin@AT-WR4562] ip arp> /interface ethernet print Flags: X - disabled, R - running NAME R eth-LAN 1500 [admin@AT-WR4562] ip arp> /interface print Flags: X - disabled, D - dynamic, R - running NAME TYPE eth-LAN ether prism1 prism pppoe-in25 pppoe-in pppoe-in26 pppoe-in [admin@AT-WR4562] ip arp>...
Page 92
[admin@AT-WR4562] ip address> add address=10.0.0.214/32 network=192.168.0.1 \ \... interface=pppsync [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.0.0.214/32 192.168.0.1 [admin@AT-WR4562] ip address> [admin@AT-WR4562] ip address> .. route print detail Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, R - rip, O - ospf, B - bgp S dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=192.168.0.1 gateway-state=reachable distance=1 interface=pppsync...
Page 96
[admin@AT-WR4562] routing rip route> print Flags: S - static, R - rip, O - ospf, C - connect, B - bgp 0 O dst-address=0.0.0.0/32 gateway=10.7.1.254 metric=1 from=0.0.0.0 33 R dst-address=159.148.10.104/29 gateway=10.6.1.1 metric=2 from=10.6.1.1 34 R dst-address=159.148.10.112/28 gateway=10.6.1.1 metric=2 from=10.6.1.1 [admin@AT-WR4562] routing rip route> [admin@AT-WR4562] >...
Page 97
[admin@AT-WR4562] routing rip> set redistribute-connected=yes [admin@AT-WR4562] routing rip> print distribute-default: never redistribute-static: no redistribute-connected: yes redistribute-ospf: no redistribute-bgp: no metric-default: 1 metric-static: 1 metric-connected: 1 metric-ospf: 1 metric-bgp: 1 update-timer: 30s timeout-timer: 3m garbage-timer: 2m [admin@AT-WR4562] routing rip> [admin@AT-WR4562] routing rip network> add network=10.0.0.0/2 [admin@AT-WR4562] routing rip network>...
Page 98
interface Ethernet0 ip address 10.0.0.26 255.255.255.0 no ip directed-broadcast interface Serial1 ip address 192.168.1.1 255.255.255.252 ip directed-broadcast router rip version 2 redistribute connected redistribute static network 10.0.0.0 network 192.168.1.0 ip classless awplus#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP...
Page 105
[admin@OSPF_MAIN] interface> print Flags: X - disabled, D - dynamic, R - running NAME RATE R main_gw 1500 R to_peer_1 1500 R to_peer_2 1500 [admin@OSPF_MAIN] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS 192.168.0.11/24 10.1.0.2/24 10.2.0.2/24 [admin@OSPF_MAIN] routing ospf>...
Page 106
[admin@OSPF_peer_1] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS 10.1.0.1/24 10.3.0.1/24 [admin@OSPF_peer_1] routing ospf> print router-id: 0.0.0.0 distribute-default: never redistribute-connected: as-type-1 redistribute-static: no redistribute-rip: no redistribute-bgp: no metric-default: 1 metric-connected: 0 metric-static: 0 metric-rip: 0 metric-bgp: 0 [admin@OSPF_peer_1] routing ospf area>...
Page 107
[admin@OSPF_peer_2] routing ospf area> print Flags: X - disabled, I - invalid NAME AUTHENTICATION backbone none local_10 none [admin@OSPF_peer_2] routing ospf network> print Flags: X - disabled, I - invalid NETWORK 10.2.0.0/24 10.3.0.0/24 [admin@OSPF_MAIN] ip route> print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Io 192.168.0.0/24...
Page 109
[admin@OSPF_peer_1] > ip route pr Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Do 192.168.0.0/24 1 Io 10.3.0.0/24 2 DC 10.3.0.0/24 3 Do 10.2.0.0/24 4 Io 10.1.0.0/24...
Page 110
[admin@OSPF_MAIN] ip route> print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Io 192.168.0.0/24 1 DC 192.168.0.0/24 2 Do 10.3.0.0/24 3 Io 10.2.0.0/24 4 DC 10.2.0.0/24 5 Io 10.1.0.0/24...
Page 112
[admin@AT-WR4562] ip route> add dst-address=10.1.12.0/24 gateway=192.168.0.253 [admin@AT-WR4562] ip route> add gateway=10.5.8.1 [admin@AT-WR4562] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY 0 A S 10.1.12.0/24...
Page 113
[admin@AT-WR4562] ip firewall mangle add action=mark-routing new-routing-mark=at \ \... chain=prerouting [admin@AT-WR4562] ip route> add gateway=10.0.0.254 routing-mark=mt [admin@AT-WR4562] ip route rule> add src-address=10.0.0.144/32 \ \... table=mt action=lookup [admin@AT-WR4562] ip route rule> print Flags: X - disabled, I - invalid src-address=192.168.0.144/32 action=lookup table=mt [admin@AT-WR4562] ip route rule>...
Page 114
[admin@ECMP-Router] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.254/24 192.168.0.0 10.1.0.2/28 10.1.0.0 10.1.1.2/28 10.1.1.0 [admin@ECMP-Router] ip address> [admin@ECMP-Router] ip route> add gateway=10.1.0.1,10.1.1.1,10.1.1.1 [admin@ECMP-Router] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY...
Page 115
[admin@PB-Router] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.1/24 192.168.0.0 192.168.1.1/24 192.168.1.0 10.0.0.7/24 10.0.0.0 [admin@PB-Router] ip address> [admin@PB-Router] ip firewall mangle> add src-address=192.168.0.0/24 \ \... action=mark-routing new-routing-mark=net1 chain=prerouting [admin@PB-Router] ip firewall mangle> add src-address=192.168.1.0/24 \ \...
Page 120
/ip dhcp-server add name=dhcp-office disabled=no [admin@AT-WR4562] ip dhcp-server> print detail Flags: X - disabled, I – invalid interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes status=bound address=192.168.0.65/24 gateway=192.168.0.1 dhcp-server=192.168.0.1 primary-dns=192.168.0.1 primary-ntp=192.168.0.1 expires-after=9m44s dhcp-clients 02:00:00 [admin@AT-WR4562] ip dhcp-server> /ip dhcp-server add name=dhcp-office disabled=no address-pool=dhcp-clients \ interface=ether1 lease-time=2h [admin@AT-WR4562] ip dhcp-server>...
Page 123
[admin@AT-WR4562] ip dhcp-server lease> print Flags: X - disabled, R - radius, D - dynamic, B - blocked ADDRESS MAC-ADDRESS 0 D 10.5.2.90 00:04:EA:C6:0E:40 1 D 10.5.2.91 00:04:EA:99:63:C0 [admin@AT-WR4562] ip dhcp-server lease> add copy-from=0 address=10.5.2.100 [admin@AT-WR4562] ip dhcp-server lease> print Flags: X - disabled, R - radius, D - dynamic, B - blocked ADDRESS MAC-ADDRESS...
Page 124
[admin@AT-WR4562] ip dhcp-server option> add name=Hostname code=12 \ value="Host-A" [admin@AT-WR4562] ip dhcp-server option> print # NAME 0 Option-Hostname [admin@AT-WR4562] ip dhcp-server option> [admin@AT-WR4562] ip dhcp-server network> add address=10.1.0.0/24 \ \... gateway=10.1.0.1 dhcp-option=Option-Hostname dns-server=159.148.60.20 [admin@AT-WR4562] ip dhcp-server network> print detail 0 address=10.1.0.0/24 gateway=10.1.0.1 dns-server=159.148.60.20 dhcp-option=Option-Hostname [admin@AT-WR4562] ip dhcp-server network>...
[admin@AT-WR4562] ip dhcp-relay> add name=relay interface=ether1 \ \... dhcp-server=10.0.0.1 disabled=no [admin@AT-WR4562] ip dhcp-relay> print Flags: X - disabled, I - invalid NAME relay [admin@AT-WR4562] ip dhcp-relay> [admin@AT-WR4562] ip dhcp-server> setup Select interface to run DHCP server on dhcp server interface: ether1 Select network for DHCP addresses dhcp address space: 10.0.0.0/24 Select gateway for given network...
Page 126
[admin@AT-WR4562] ip dhcp-server> print Flags: X - disabled, I - invalid NAME INTERFACE RELAY dhcp1 ether1 [admin@AT-WR4562] ip dhcp-server> network print # ADDRESS GATEWAY 0 10.0.0.0/24 10.0.0.1 [admin@AT-WR4562] ip dhcp-server> /ip pool print # NAME 0 dhcp_pool1 [admin@AT-WR4562] ip dhcp-server> [admin@DHCP-Server] ip address>...
Page 127
[admin@DHCP-Relay] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.1/24 192.168.0.0 192.168.1.1/24 192.168.1.0 192.168.2.1/24 192.168.2.0 [admin@DHCP-Relay] ip address> /ip pool add name=Local1-Pool ranges=192.168.1.11-192.168.1.100 /ip pool add name=Local1-Pool ranges=192.168.2.11-192.168.2.100 [admin@DHCP-Server] ip pool> print # NAME 0 Local1-Pool 1 Local2-Pool [admin@DHCP-Server] ip pool>...
Page 130
[admin@AT-WR4562] ip dns> set primary-dns=159.148.60.2 \ \... allow-remote-requests=yes [admin@AT-WR4562] ip dns> print primary-dns: 159.148.60.2 secondary-dns: 0.0.0.0 allow-remote-requests: yes cache-size: 2048KiB cache-max-ttl: 1w cache-used: 17KiB [admin@AT-WR4562] ip dns>...
Page 131
[admin@AT-WR4562] ip dns static> add name www.example.com address=10.0.0.1 [admin@AT-WR4562] ip dns static> print Flags: D - dynamic, X - disabled, R - regexp NAME ADDRESS www.example.com 10.0.0.1 [admin@AT-WR4562] ip dns static> [admin@AT-WR4562] ip dns> cache flush [admin@AT-WR4562] ip dns> print primary-dns: 159.148.60.2 secondary-dns: 0.0.0.0 allow-remote-requests: yes...
Page 133
[admin@AT-WR4562] radius> add service=hotspot,ppp address=10.0.0.3 secret=ex [admin@AT-WR4562] radius> print Flags: X - disabled SERVICE CALLED-ID ppp,hotspot [admin@AT-WR4562] radius> AAA for the respective services should be enabled too: [admin@AT-WR4562] radius> /ppp aaa set use-radius=yes [admin@AT-WR4562] radius> /ip hotspot profile set default use-radius=yes To view some statistics for a client: [admin@AT-WR4562] radius>...
[admin@rb13] user group> add name=reboot policy=telnet,reboot,read,local [admin@rb13] user group> print 0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web, sniff,!ftp,!write,!policy 1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password, web,sniff,!ftp,!policy 2 name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox, password,web,sniff 3 name="reboot" policy=local,telnet,reboot,read,!ssh,!ftp,!write,!policy,!test, !winbox,!password,!web,!sniff [admin@rb13] user group> [admin@AT-WR4562] user> print Flags: X - disabled NAME ;;; system default user admin [admin@AT-WR4562] user>...
Page 148
[admin@AT-WR4562] user> add name=joe password=j1o2e3 group=write [admin@AT-WR4562] user> print Flags: X - disabled ;;; system default user name="admin" group=full address=0.0.0.0/0 name="joe" group=write address=0.0.0.0/0 [admin@AT-WR4562] user> [admin@rb13] user> active print Flags: R - radius WHEN NAME feb/27/2004 00:41:41 admin feb/27/2004 01:22:34 admin winbox [admin@rb13] user>...
Page 149
[admin@AT-WR4562] user aaa> set use-radius=yes [admin@AT-WR4562] user aaa> print use-radius: yes accounting: yes interim-update: 0s default-group: read [admin@AT-WR4562] user aaa> sh-3.00$ ssh-keygen -t dsa -f ./id_dsa Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./id_dsa.
Page 156
[admin@office1] > /interface print Flags: X - disabled, D - dynamic, R - running NAME R isp1 R isp2 [admin@office1] > /ip address print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 1.1.1.1/24 1.1.1.0 10.1.0.111/24 10.1.0.0 TYPE RX-RATE TX-RATE...
Page 157
[admin@office2] interface> print Flags: X - disabled, D - dynamic, R - running NAME R isp2 R isp1 [admin@office2] interface> /ip add print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 2.2.2.1/24 2.2.2.0 10.1.0.112/24 10.1.0.0 [admin@office1] > interface eoip add remote-address=10.1.0.112 tunnel-id=2 \...
Page 158
[admin@office1] interface bonding> add slaves=eoip-tunnel1,eoip-tunnel2 [admin@office1] interface bonding> print Flags: X - disabled, R - running R name="bonding1" mtu=1500 mac-address=00:0C:42:03:20:E7 arp=enabled slaves=eoip-tunnel1,eoip-tunnel2 mode=balance-rr primary=none link-monitoring=none arp-interval=00:00:00.100 arp-ip-targets="" mii-interval=00:00:00.100 down-delay=00:00:00 up-delay=00:00:00 lacp-rate=30secs [admin@office1] ip address> add address=3.3.3.1/24 interface=bonding1 [admin@office1] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK...
Page 177
[admin@PPPoE-Server] ip address> add address=10.1.0.3/24 interface=Local [admin@PPPoE-Server] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.1.0.3/24 10.1.0.0 [admin@PPPoE-Server] ip address> /ip route [admin@PPPoE-Server] ip route> add gateway=10.1.0.1 [admin@PPPoE-Server] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY...
• • • • • • • • • [admin@AT-WR4562] > ip hotspot setup hotspot interface: ether1 local address of network: 192.0.2.1/24 masquerade network: yes address pool of network: 192.0.2.2-192.0.2.126 select certificate: none ip address of smtp server: 0.0.0.0 dns servers: 192.0.2.254 dns name: hs.example.net name of local hotspot user: admin password for the user: rubbish...
Page 227
[admin@AT-WR4562] ip hotspot> add interface=local address-pool=HS-real [admin@AT-WR4562] ip hotspot> print Flags: X - disabled, I - invalid, S - HTTPS NAME hs-local [admin@AT-WR4562] ip hotspot> INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT local HS-real default 00:05:00...
/ip hotspot profile set default http-cookie-lifetime=1d [admin@AT-WR4562] ip hotspot cookie> print # USER DOMAIN 0 ex [admin@AT-WR4562] ip hotspot cookie> MAC-ADDRESS EXPIRES-IN 01:23:45:67:89:AB 23h54m16s...
Page 231
[admin@AT-WR4562] ip hotspot walled-garden> add path="/paynow.html" \ \... dst-host="www.example.com" [admin@AT-WR4562] ip hotspot walled-garden> print Flags: X - disabled, D - dynamic dst-host="www.example.com" path="/paynow.html" action=allow [admin@AT-WR4562] ip hotspot walled-garden>...
Page 233
[admin@AT-WR4562] ip hotspot service-port> print Flags: X - disabled NAME [admin@AT-WR4562] ip hotspot service-port> set ftp ports=20,21 [admin@AT-WR4562] ip hotspot service-port> print Flags: X - disabled NAME [admin@AT-WR4562] ip hotspot service-port> 0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 1 I chain=hotspot action=jump jump-target=pre-hotspot 2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp 3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp 4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80...
Page 234
7 D chain=hotspot action=jump jump-target=hs-auth hotspot=auth protocol=tcp 8 D ;;; www.alliedtelesis.com chain=hs-unauth dst-address=159.148.147.196 protocol=tcp dst-port=80 action=return 9 D chain=hs-unauth action=redirect to-ports=64874 dst-port=80 protocol=tcp 10 D chain=hs-unauth action=redirect to-ports=64874 dst-port=3128 protocol=tcp 11 D chain=hs-unauth action=redirect to-ports=64874 dst-port=8080 protocol=tcp 11 D chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875 13 I chain=hs-unauth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 15 I chain=hs-auth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 14 D chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp...
Page 235
0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth 2 D chain=input action=jump jump-target=hs-input hotspot=from-client I chain=hs-input action=jump jump-target=pre-hs-input 4 D chain=hs-input action=accept dst-port=64872 protocol=udp 5 D chain=hs-input action=accept dst-port=64872-64875 protocol=tcp 6 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 7 D chain=hs-unauth protocol=icmp action=return 8 D ;;;...
Page 239
$(if <var_name>) $(elif <var_name>) $(else) some content, which will always be displayed $(if username == john) Hey, your username is john $(elif username == dizzy) Hello, Dizzy! How are you? Your administrator. $(elif ip == 10.1.2.3) You are sitting at that crappy computer, which is damn slow... $(elif mac == 00:01:02:03:04:05) This is an ethernet card, which was stolen few months ago...
Page 243
• • • [admin@AT-WR4562] > /certificate print Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa 0 KR name="hotspot.example.net" subject=C=LV,L=Riga,O=MT,OU=dev,CN=hotspot.example.net, emailAddress=admin@hotsot.example.net issuer=C=LV,L=Riga,O=MT,OU=dev,CN=hotsot.example.net, emailAddress=admin@hotsot.example.net serial-number="0" email=admin@hotsot.example.net invalid-before=oct/27/2004 11:43:22 invalid-after=oct/27/2005 11:43:22 ca=yes ip hotspot profile set default login-by=cookie,http-chap,https \ ssl-certificate=hotsot.example.net [admin@AT-WR4562] >...
Page 244
[admin@AT-WR4562] ip hotspot ip-binding> print Flags: X - disabled, P - bypassed, B - blocked MAC-ADDRESS ADDRESS 10.11.12.3 1 P 00:01:02:03:04:05 10.11.12.3 [admin@AT-WR4562] ip hotspot ip-binding> .. host print Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed MAC-ADDRESS ADDRESS 0 SB 00:01:02:03:04:05 10.11.12.3...
Page 247
[admin@AT-WR4562] ip hotspot user> add name=ex password=ex \ \... mac-address=01:23:45:67:89:AB limit-uptime=1h [admin@AT-WR4562] ip hotspot user> print Flags: X - disabled SERVER NAME [admin@AT-WR4562] ip hotspot user> print detail Flags: X - disabled name="ex" password="ex" mac-address=01:23:45:67:89:AB profile=default limit-uptime=01:00:00 uptime=00:00:00 bytes-in=0 bytes-out=0 packets-in=0 packets-out=0 [admin@AT-WR4562] ip hotspot user>...
Page 248
[admin@AT-WR4562] ip hotspot active> print Flags: R - radius, B - blocked USER ADDRESS 10.0.0.144 [admin@AT-WR4562] ip hotspot active> UPTIME SESSION-TIMEOUT IDLE-TIMEOUT 4m17s 55m43s...
Page 259
[admin@AT-WR4562] ip traffic-flow> set enabled=yes [admin@AT-WR4562] ip traffic-flow> print enabled: yes interfaces: all cache-entries: 1k active-flow-timeout: 30m inactive-flow-timeout: 15s [admin@AT-WR4562] ip traffic-flow> [admin@AT-WR4562] ip traffic-flow target> add address=192.168.0.2:2055 \ \... version=9 [admin@AT-WR4562] ip traffic-flow target> print Flags: X - disabled ADDRESS VERSION 192.168.0.2:2055...