1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Network Router
  5. AT-WR4500 Series
  6. User manual

Allied Telesis AT-WR4500 Series User Manual

Ieee 802.11abgh outdoor wireless routers routeros v3 configuration and user guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading

Related Manuals for Allied Telesis AT-WR4500 Series

Summary of Contents for Allied Telesis AT-WR4500 Series

  • Page 11 • •...
  • Page 12 Access Network 5GHz 2.4GHz 2.4 / 5GHz 2.4GHz Backbone Network 5GHz 5GHz Landline IP Net...

  • Page 13: System

    • • • • • • • • • • • • [admin@AT-WR4541g] > /system license print software-id: "NCL8-3TT" upgradable-to: v4.x nlevel: 4 features: [admin@AT-WR4541g] >...
  • Page 14 • • •...
  • Page 15 AT-WR4500 v3.0 Login: admin Password: [admin@AT-WR4562] > password old password: new password: ************ retype new password: ************ [admin@AT-WR4562] >...
  • Page 16 TTTTTTTT AAAAAAAAAAA TTTTTTT AAAAAAA AAAAA TTTT IIIIIIIIII AAAAAAA AAAAA IIIIIIIIII AT-WR4500 RouterOS 3.10 (c) 1999-2008 [admin@AT-WR4562] > [admin@AT-WR4562] >interface [admin@AT-WR4562] interface> [admin@AT-WR4562] >ip address [admin@AT-WR4562] ip address> [admin@AT-WR4541g] > ? blink -- certificate -- Certificate management driver -- Driver management file -- Local router file storage.
  • Page 17 [admin@AT-WR4562] ip route> print [admin@AT-WR4562] ip route> .. address print [admin@AT-WR4562] ip route> /ip address print /ip address add address 10.0.0.1 netmask 255.255.255.0 interface ether1 | Prints the routing table | Prints the IP address table | Prints the IP address table...
  • Page 18 • • • • • [admin@AT-WR4562] system backup> save name=test Configuration backup saved [admin@AT-WR4562] system backup>...
  • Page 19 [admin@AT-WR4562] > file print # NAME 0 test.backup [admin@AT-WR4562] > [admin@AT-WR4562] system backup> load name=test Restore and reboot? [y/N]: Restoring system configuration System configuration restored, rebooting now [admin@AT-WR4562] > ip address print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.1.0.172/24...
  • Page 20 [admin@AT-WR4562] > import address.rsc Opening script file address.rsc Script file loaded successfully [admin@AT-WR4562] > [admin@AT-WR4562] > system reset Dangerous! Reset anyway? [y/N]: n action cancelled [admin@AT-WR4562] >...
  • Page 21 [admin@AT-WR4562] system upgrade> refresh [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade> download 1 [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> VERSION STATUS COMPLETED...
  • Page 22 [admin@AT-WR4562] system upgrade upgrade-package-source> add \ \... address=192.168.25.8 user=admin password: [admin@AT-WR4562] ystem upgrade upgrade-package-source> print # ADDRESS USER 0 192.168.25.8 admin [admin@AT-WR4562] system upgrade upgrade-package-source> • • • • •...
  • Page 23 • • • • • • • • • • •...
  • Page 24 [admin@AT-WR4562] system package> print Flags: X - disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> uninstall security [admin@AT-WR4562] > .. reboot • • • • • • VERSION SCHEDULED...
  • Page 25 [admin@AT-WR4562] system package> downgrade Router will be rebooted. Continue? [y/N]: system will reboot shortly [admin@AT-WR4562] system package> print Flags: X – disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> enable ipv6 [admin@AT-WR4562] system package>...
  • Page 26 [admin@AT-WR4562] system package> print Flags: X – disabled NAME routeros-rb500 system 2 X ipv6 wireless dhcp routing routerboard advanced-tools hotspot security [admin@AT-WR4562] system package> unschedule security [admin@AT-WR4562] system package> • • • • • • VERSION SCHEDULED scheduled for uninstall...
  • Page 27 [admin@AT-WR4562] system upgrade> refresh [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade> download 1 [admin@AT-WR4562] system upgrade> print # SOURCE NAME 0 192.168.25.8 routeros-x86 1 192.168.25.8 routeros-rb500 [admin@AT-WR4562] system upgrade> [admin@AT-WR4562] system upgrade upgrade-package-source>...
  • Page 28 • • • • • • • • • • • • • • • •...
  • Page 30 [admin@AT-WR4562] interface> print Flags: X - disabled, D - dynamic, R - running NAME R ether1 R bridge1 R ether2 R wlan1 [admin@AT-WR4562] interface> TYPE RX-RATE TX-RATE ether bridge ether wlan 1500 1500 1500 1500...
  • Page 31 /interface monitor-traffic ether1,aggregate received-packets-per-second: 9 received-bits-per-second: 4.39kbps 6.19kbps sent-packets-per-second: 16 sent-bits-per-second: 101kbps [Q quit|D dump|C-z pause] • • • • • • • 101kbps...

  • Page 32: Mac Address

    [admin@AT-WR4562] > interface print Flags: X - disabled, D - dynamic, R - running NAME X ether1 [admin@AT-WR4562] > interface enable ether1 [admin@AT-WR4562] > interface print Flags: X - disabled, D - dynamic, R - running NAME R ether1 [admin@AT-WR4562] > interface ethernet [admin@AT-WR4562] interface ethernet>...
  • Page 33 [admin@AT-WR4562] interface ethernet> monitor ether1,ether2 status: link-ok link-ok auto-negotiation: done done rate: 100Mbps 100Mbps default-cable-setting: standard standard • •...
  • Page 34 • • • /interface wireless set wlan1 ssid=test frequency=2442 band=2.4ghz-b/g \ mode=ap-bridge disabled=no /interface wireless set wlan1 ssid="p2p" frequency=5805 band=5ghz \ mode=bridge disabled=no /interface wireless set wlan1 ssid="p2p" band=5ghz mode=station disabled=no • •...
  • Page 35 • • • •...
  • Page 40 [admin@AT-WR4562] interface wireless> print Flags: X - disabled, R - running Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:18:5C:3D arp=enabled interface-type=Atheros AR5413 mode=station ssid="AT-WR4560" frequency=2412 band=2.4ghz-b scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no [admin@AT-WR4562] interface wireless>...
  • Page 41 [admin@AT-WR4562] interface wireless nstreme> print 0 name="wlan1" enable-nstreme=no enable-polling=yes disable-csma=no framer-policy=none framer-limit=3200 [admin@AT-WR4562] interface wireless nstreme> set wlan1 enable-nstreme=yes \ \... framer-policy=exact-size • • • • • •...
  • Page 43 [admin@AT-WR4562] interface wireless> print Flags: X - disabled, R - running R name="wlan1" mtu=1500 mac-address=00:0C:42:05:00:14 arp=enabled interface-type=Atheros AR5413 mode=station ssid="AT-WR4560" frequency=2412 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no name="wlan2" mtu=1500 mac-address=00:80:48:41:AF:2A arp=enabled interface-type=Atheros AR5413 mode=station ssid="AT-WR4560" frequency=2412 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0...
  • Page 44 [admin@AT-WR4562] interface wireless registration-table> print # INTERFACE RADIO-NAME MAC-ADDRESS SIGNAL... TX-RATE 0 wlan1 000C42185C3D 00:0C:42:18:5C:3D no -38dBm... 54Mbps [admin@AT-WR4562] interface wireless registration-table>...
  • Page 45 [admin@AT-WR4562] interface wireless> registration-table print stats 0 interface=wlan1 radio-name="000C42185C3D" mac-address=00:0C:42:18:5C:3D ap=no wds=no rx-rate="1Mbps" tx-rate="54Mbps" packets=696,4147 bytes=5589,96698 frames=696,4147 frame-bytes=5589,71816 hw-frames=770,4162 hw-frame-bytes=24661,171784 tx-frames-timed-out=0 uptime=3h50m35s last-activity=2s440ms signal-strength=-38dBm@1Mbps signal-to-noise=54dB strength-at-rates=-38dBm@1Mbps 2s440ms,-37dBm@2Mbps 3h50m35s180ms,- 37dBm@5.5Mbps 3h50m23s330ms,-36dBm@11Mbps 3h45m8s330ms,- 37dBm@9Mbps 3h44m13s340ms,-36dBm@12Mbps 3h43m55s170ms,- 36dBm@18Mbps 3h43m43s340ms,-36dBm@24Mbps 3h43m25s180ms,- 37dBm@36Mbps 3h43m8s130ms,-42dBm@48Mbps 55s180ms,- 41dBm@54Mbps 3s610ms tx-signal-strength=-43dBm tx-ccq=66% rx-ccq=88% p-throughput=30119 ack-timeout=56 nstreme=no framing-mode=none routeros-version="3.0"...
  • Page 46 [admin@AT-WR4562] interface wireless access-list> add mac-address= \ \... 00:01:24:70:3A:BB interface=wlan1 private-algo=40bit-wep private-key=1234567890 [admin@AT-WR4562] interface wireless access-list> print Flags: X - disabled mac-address=00:01:24:70:3A:BB interface=wlan1 signal-range=-120.120 authentication=yes forwarding=yes ap-tx-limit=0 client-tx-limit=0 private-algo=40bit-wep private-key="1234567890" private-pre-shared-key="" [admin@AT-WR4562] interface wireless access-list>...
  • Page 49 [admin@AT-WR4562] interface wireless info> print 0 interface-type=Atheros AR5413 chip-info="mac:0xa/0x5, phy:0x61, a5:0x63, a2:0x0, eeprom:0x5002" tx-power-control=yes ack-timeout-control=yes alignment-mode=yes virtual-aps=yes noise-floor-control=yes scan-support=yes burst-support=yes nstreme-support=yes default-periodic-calibration=enabled supported-bands=2ghz-b,5ghz,5ghz-turbo,2ghz-g,2ghz-g-turbo 2ghz-b-channels=2312:0,2317:0,2322:0,2327:0,2332:0,2337:0,2342:0,2347:0, 2352:0,2357:0,2362:0,2367:0,2372:0,2377:0,2382:0,2387:0, 2392:0,2397:0,2402:0,2407:0,2412:0,2417:0,2422:0,2427:0, 2432:0,2437:0,2442:0,2447:0,2452:0,2457:0,2462:0,2467:0, 2472:0,2477:0,2482:0,2487:0,2492:0,2497:0,2314:0,2319:0, 2324:0,2329:0,2334:0,2339:0,2344:0,2349:0,2354:0,2359:0, 2364:0,2369:0,2374:0,2379:0,2384:0,2389:0,2394:0,2399:0, 2404:0,2409:0,2414:0,2419:0,2424:0,2429:0,2434:0,2439:0, 2444:0,2449:0,2454:0,2459:0,2464:0,2469:0,2474:0,2479:0, 2484:0,2489:0,2494:0,2499:0 5ghz-channels=4920:0,4925:0,4930:0,4935:0,4940:0,4945:0,4950:0,4955:0, 4960:0,4965:0,4970:0,4975:0,4980:0,4985:0,4990:0,4995:0, 5000:0,5005:0,5010:0,5015:0,5020:0,5025:0,5030:0,5035:0, 5040:0,5045:0,5050:0,5055:0,5060:0,5065:0,5070:0,5075:0, 5080:0,5085:0,5090:0,5095:0,5100:0,5105:0,5110:0,5115:0, 5120:0,5125:0,5130:0,5135:0,5140:0,5145:0,5150:0,5155:0, 5160:0,5165:0,5170:0,5175:0,5180:0,5185:0,5190:0,5195:0, 5200:0,5205:0,5210:0,5215:0,5220:0,5225:0,5230:0,5235:0, 5240:0,5245:0,5250:0,5255:0,5260:0,5265:0,5270:0,5275:0, 5280:0,5285:0,5290:0,5295:0,5300:0,5305:0,5310:0,5315:0,...
  • Page 50 5960:0,5965:0,5970:0,5975:0,5980:0,5985:0,5990:0,5995:0, 6000:0,6005:0,6010:0,6015:0,6020:0,6025:0,6030:0,6035:0, 6040:0,6045:0,6050:0,6055:0,6060:0,6065:0,6070:0,6075:0, 6080:0,6085:0,6090:0,6095:0,6100:0 2ghz-g-channels=2312:0,2317:0,2322:0,2327:0,2332:0,2337:0,2342:0,2347:0, 2352:0,2357:0,2362:0,2367:0,2372:0,2377:0,2382:0,2387:0, 2392:0,2397:0,2402:0,2407:0,2412:0,2417:0,2422:0,2427:0, 2432:0,2437:0,2442:0,2447:0,2452:0,2457:0,2462:0,2467:0, 2472:0,2477:0,2482:0,2487:0,2492:0,2497:0,2314:0,2319:0, 2324:0,2329:0,2334:0,2339:0,2344:0,2349:0,2354:0,2359:0, 2364:0,2369:0,2374:0,2379:0,2384:0,2389:0,2394:0,2399:0, 2404:0,2409:0,2414:0,2419:0,2424:0,2429:0,2434:0,2439:0, 2444:0,2449:0,2454:0,2459:0,2464:0,2469:0,2474:0,2479:0, 2484:0,2489:0,2494:0,2499:0 2ghz-g-turbo-channels=2312:0,2317:0,2322:0,2327:0,2332:0,2337:0,2342:0, 2347:0,2352:0,2357:0,2362:0,2367:0,2372:0,2377:0, 2382:0,2387:0,2392:0,2397:0,2402:0,2407:0,2412:0, 2417:0,2422:0,2427:0,2432:0,2437:0,2442:0,2447:0, 2452:0,2457:0,2462:0,2467:0,2472:0,2477:0,2482:0, 2487:0,2492:0,2497:0,2314:0,2319:0,2324:0,2329:0, 2334:0,2339:0,2344:0,2349:0,2354:0,2359:0,2364:0, 2369:0,2374:0,2379:0,2384:0,2389:0,2394:0,2399:0, 2404:0,2409:0,2414:0,2419:0,2424:0,2429:0,2434:0, 2439:0,2444:0,2449:0,2454:0,2459:0,2464:0,2469:0, 2474:0,2479:0,2484:0,2489:0,2494:0,2499:0 [admin@AT-WR4562] interface wireless>...
  • Page 51 • •...
  • Page 52 [admin@AT-WR4562] interface wireless wds> add master-interface=wlan1 \ \... wds-address=00:0B:6B:30:2B:27 disabled=no [admin@AT-WR4562] interface wireless wds> print Flags: X - disabled, R - running, D - dynamic name="wds1" mtu=1500 mac-address=00:0B:6B:30:2B:23 arp=enabled disable-running-check=no master-inteface=wlan1 wds-address=00:0B:6B:30:2B:27 [admin@AT-WR4562] interface wireless wds>...
  • Page 53 [admin@AT-WR4562] interface wireless align> print frame-size: 300 active-mode: yes receive-all: yes audio-monitor: 00:00:00:00:00:00 filter-mac: 00:00:00:00:00:00 ssid-all: no frames-per-second: 25 audio-min: -100 audio-max: -20 [admin@AT-WR4562] interface wireless align>...
  • Page 54 [admin@AT-WR4562] interface wireless align> monitor wlan2 # ADDRESS SSID 0 00:01:24:70:4B:FC wirelesa [admin@AT-WR4562] interface wireless align> [admin@AT-WR4562] interface wireless> frequency-monitor wlan1 FREQ 2412MHz 3.8% 2417MHz 9.8% 2422MHz 2427MHz 0.8% 2432MHz 2437MHz 0.9% 2442MHz 0.9% 2447MHz 2.4% 2452MHz 3.9% 2457MHz 7.5% 2462MHz 0.9% RXQ AVG-RXQ LAST-RX TXQ LAST-TX CORRECT...
  • Page 55 AB R 00:02:6F:20:34:82 aap1 00:0B:6B:30:80:0F www AB R 00:0B:6B:31:B6:D7 www AB R 00:0B:6B:33:1A:D5 R52_test_new AB R 00:0B:6B:33:0D:EA short5 AB R 00:0B:6B:31:52:69 AT-WR4500 AB R 00:0B:6B:33:12:BF long2 -- [Q quit|D dump|C-z pause] [admin@AT-WR4562] interface wireless> 9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17, 36Mbps:17,48Mbps:17,54Mbps:17 BAND FREQ SIG RADIO-NAME 5ghz...
  • Page 59 [admin@AT-WR4562] interface wireless sniffer packet> pr Flags: E - crc-error FREQ SIGNAL@RATE 2412 -73dBm@1Mbps 00:0B:6B:31:00:53 FF:FF:FF:FF:FF:FF beacon 2412 -91dBm@1Mbps 00:02:6F:01:CE:2E FF:FF:FF:FF:FF:FF beacon 2412 -45dBm@1Mbps 00:02:6F:05:68:D3 FF:FF:FF:FF:FF:FF beacon 2412 -72dBm@1Mbps 00:60:B3:8C:98:3F FF:FF:FF:FF:FF:FF beacon 2412 -65dBm@1Mbps 00:01:24:70:3D:4E FF:FF:FF:FF:FF:FF probe-req 2412 -60dBm@1Mbps 00:01:24:70:3D:4E FF:FF:FF:FF:FF:FF probe-req 2412 -61dBm@1Mbps 00:01:24:70:3D:4E FF:FF:FF:FF:FF:FF probe-req TYPE...
  • Page 60 [admin@AT-WR4562] interface wireless snooper> snoop wlan1 BAND FREQ 2.4ghz-b 2412MHz 1.5% 11.8kbps 2.4ghz-b 2417MHz 1.3% 6.83kbps 2.4ghz-b 2422MHz 0.6% 4.38kbps 2.4ghz-b 2427MHz 0.6% 4.43kbps 2.4ghz-b 2432MHz 0.3% 2.22kbps 2.4ghz-b 2437MHz 0% 0bps 2.4ghz-b 2442MHz 1% 8.1kbps 2.4ghz-b 2447MHz 1% 8.22kbps 2.4ghz-b 2452MHz 1% 8.3kbps...
  • Page 61 • • • • • • [admin@AccessPoint] interface wireless> set wlan1 mode=ap-bridge frequency=5805 \ band=5ghz disabled=no ssid=test name=AP [admin@AccessPoint] interface wireless> print Flags: X - disabled, R - running name="AP" mtu=1500 mac-address=00:0C:42:05:00:22 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C42050022" mode=ap-bridge ssid="test" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5805 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps...
  • Page 62 [admin@Station] interface wireless> set wlan1 name=To-AP mode=station \ ssid=test band=5ghz disabled=no [admin@Station] interface wireless> print Flags: X - disabled, R - running name="To-AP" mtu=1500 mac-address=00:0B:6B:34:5A:91 arp=enabled disable-running-check=no interface-type=Atheros AR5213 radio-name="000B6B345A91" mode=station ssid="test" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5180 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps...
  • Page 63 • • • • • [admin@WDS_AP] > interface bridge [admin@WDS_AP] interface bridge> add [admin@WDS_AP] interface bridge> print Flags: X - disabled, R - running R name="bridge1" mtu=1500 arp=enabled mac-address=B0:62:0D:08:FF:FF stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@WDS_AP] interface bridge> port [admin@WDS_AP] interface bridge port>...
  • Page 64 [admin@WDS_Station] > interface bridge [admin@WDS_Station] interface bridge> add [admin@WDS_Station] interface bridge> print Flags: X - disabled, R - running R name="bridge1" mtu=1500 arp=enabled mac-address=11:05:00:00:02:00 stp=no priority=32768 ageing-time=5m forward-delay=15s garbage-collection-interval=4s hello-time=2s max-message-age=20s [admin@WDS_Station] interface bridge> port [admin@WDS_Station] interface bridge port> add interface=ether1 bridge=bridge1 [admin@WDS_Station] interface bridge port>...
  • Page 65 [admin@VAP] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:05:00:22 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C42050022" mode=ap-bridge ssid="test" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=2437 band=2.4ghz-b/g scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 ack-timeout=dynamic tx-power=default tx-power-mode=default noise-floor-threshold=default periodic-calibration=default burst-time=disabled fast-frames=no dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no update-stats-interval=disabled default-authentication=yes...
  • Page 66 [admin@Nstreme-AP] interface wireless> set 0 mode=bridge ssid=nstreme \ \... band=5ghz frequency=5805 disabled=no [admin@Nstreme-AP] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:05:00:22 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C42050022" mode=bridge ssid="nstreme" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5805 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps...
  • Page 67 [admin@Nstreme-Client] interface wireless> set wlan1 mode=station ssid=nstreme \ band=5ghz frequency=5805 disabled=no [admin@Nstreme-Client] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0B:6B:34:5A:91 arp=enabled disable-running-check=no interface-type=Atheros AR5213 radio-name="000B6B345A91" mode=station ssid="nstreme" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5805 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps...
  • Page 68 [admin@DualNS-1] interface wireless> set wlan1,wlan2 mode=nstreme-dual-slave [admin@DualNS-1] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:05:04:36 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C42050436" mode=nstreme-dual-slave ssid="AT-WR4500" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5180 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007...
  • Page 69 [admin@DualNS-2] interface wireless> set wlan1,wlan2 mode=nstreme-dual-slave [admin@DualNS-2] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:05:00:22 arp=enabled disable-running-check=no interface-type=Atheros AR5413 radio-name="000C42050022" mode=nstreme-dual-slave ssid="AT-WR4500" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5180 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007...
  • Page 70 104bit-wep Interface: WEP-STA1 MAC: 00:0C:42:05:00:22 Interface: WEP-STAX MAC: 00:0C:42:05:06:B2 Internet Interface: WEP-AP ssid=mt_wep 40bit-wep...
  • Page 71 [admin@WEP_AP] interface wireless security-profiles> add name=StationX \ \... mode=static-keys-required static-algo-1=40bit-wep static-key-1=1234567890 \ \... static-transmit-key=key-1 [admin@WEP_AP] interface wireless security-profiles> print 0 name="default" mode=none wpa-unicast-ciphers="" wpa-group-ciphers="" pre-shared-key="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no group-key-update=5m 1 name="StationX" mode=static-keys-required wpa-unicast-ciphers="" wpa-group-ciphers=""...
  • Page 72 [admin@WEP_Station1] interface wireless security-profiles> add name=Station1 \ \... mode=static-keys-required static-sta-private-algo=104bit-wep \ \... static-sta-private-key=65432109876543210987654321 [admin@WEP_Station1] interface wireless security-profiles> print 0 name="default" mode=none wpa-unicast-ciphers="" wpa-group-ciphers="" pre-shared-key="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no group-key-update=5m 1 name="Station1" mode=static-keys-required wpa-unicast-ciphers="" wpa-group-ciphers=""...
  • Page 73 54Mbps basic-rates-b=1Mbps basic-rates-a/g=6Mbps max-station-count=2007 ack-timeout=dynamic tx-power=default tx-power-mode=default noise-floor-threshold=default periodic-calibration=default burst-time=disabled fast-frames=no dfs-mode=none antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no update-stats-interval=disabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=StationX disconnect-timeout=3s on-fail-retry-time=100ms preamble-mode=both [admin@WEP_StationX] interface wireless> Interface: wlan1 Pre-shared-key=1234567890 Wpa-group-cipher=aes-ccm Wpa-unicast-cipher=tkip Interface: wlan1 ssid=AT-WR4500 Pre-shared-key=1234567890 Wpa-group-cipher=aes-ccm Wpa-unicast-cipher=tkip...
  • Page 74 [admin@WPA_Station] interface wireless security-profiles> [admin@WPA_Station] interface wireless > print Flags: X - disabled, R - running R name="wlan1" mtu=1500 mac-address=00:0B:6B:35:E5:5C arp=enabled disable-running-check=no interface-type=Atheros AR5213 radio-name="000B6B35E55C" mode=station ssid="AT-WR4500" area="" frequency-mode=superchannel country=no_country_set antenna-gain=0 frequency=5180 band=5ghz scan-list=default rate-set=default supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps, 54Mbps...
  • Page 75 •...
  • Page 76 [admin@AT-WR4562] interface vlan> add name=test vlan-id=1 interface=ether1 [admin@AT-WR4562] interface vlan> print Flags: X - disabled, R - running NAME test 1500 enabled [admin@AT-WR4562] interface vlan> enable 0 [admin@AT-WR4562] interface vlan> print Flags: X - disabled, R - running NAME R test 1500 enabled [admin@AT-WR4562] interface vlan>...
  • Page 77 [admin@AT-WR4562] ip address> add address=10.10.10.1/24 interface=test [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.0.0.204/24 10.0.0.0 10.20.0.1/24 10.20.0.0 10.10.10.1/24 10.10.10.0 [admin@AT-WR4562] ip address> [admin@AT-WR4562] ip address> add address=10.10.10.2/24 interface=test [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK...
  • Page 78 /interface bridge add name="MyBridge" disabled=no /interface bridge port add interface=ether1 bridge=MyBridge /interface bridge port add interface=ether2 bridge=MyBridge • •...
  • Page 79 [admin@AT-WR4562] interface bridge> add; print Flags: X - disabled, R - running name="bridge1" mtu=1500 arp=enabled mac-address=00:0D:B9:12:B3:F9 protocol-mode=none priority=0x8000 auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m...
  • Page 80 [admin@AT-WR4562] interface bridge port> add interface=ether1 bridge=bridge1 [admin@AT-WR4562] interface bridge port> add interface=ether2 bridge=bridge1 [admin@AT-WR4562] interface bridge port> print # INTERFACE BRIDGE PRIORITY PATH-COST 0 ether1 bridge1 1 ether2 bridge1 [admin@AT-WR4562] interface bridge port> [admin@AT-WR4562] interface bridge> monitor bridge1 state: enabled current-mac-address: 00:0D:B9:12:B3:F8 root-bridge: yes root-bridge-id: 0x8000.00:00:00:00:00:00...

  • Page 81: Mac Address

    [admin@AT-WR4562] interface bridge port> mo 0 status: in-bridge port-number: 1 role: designated-port edge-port: no edge-port-discovery: yes point-to-point-port: no external-fdb: no sending-rstp: no learning: yes forwarding: yes -- [Q quit|D dump|C-z pause] [admin@AT-WR4562] interface bridge host> print Flags: L - local BRIDGE MAC-ADDRESS bridge1...
  • Page 82 • • • • • • • •...
  • Page 86 • • • •...
  • Page 88 [admin@AT-WR4562] ip address> add address=10.10.10.1/24 interface=ether2 [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 2.2.2.1/24 2.2.2.0 10.5.7.244/24 10.5.7.0 10.10.10.1/24 10.10.10.0 [admin@AT-WR4562] ip address> BROADCAST INTERFACE 2.2.2.255 ether2 10.5.7.255 ether1 10.10.10.255 ether2...
  • Page 89 C:\> arp -s 10.5.8.254 00-aa-00-62-c6-09 [admin@AT-WR4562] ip arp> add address=10.10.10.10 interface=ether2 mac-address=06 \ \... :21:00:56:00:12 [admin@AT-WR4562] ip arp> print Flags: X - disabled, I - invalid, H - DHCP, D - dynamic ADDRESS MAC-ADDRESS 0 D 2.2.2.2 00:30:4F:1B:B3:D9 ether2 1 D 10.5.7.242 00:A0:24:9D:52:A4 ether1 10.10.10.10 06:21:00:56:00:12 ether2...
  • Page 91 admin@AT-WR4562] ip arp> /interface ethernet print Flags: X - disabled, R - running NAME R eth-LAN 1500 [admin@AT-WR4562] ip arp> /interface print Flags: X - disabled, D - dynamic, R - running NAME TYPE eth-LAN ether prism1 prism pppoe-in25 pppoe-in pppoe-in26 pppoe-in [admin@AT-WR4562] ip arp>...
  • Page 92 [admin@AT-WR4562] ip address> add address=10.0.0.214/32 network=192.168.0.1 \ \... interface=pppsync [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.0.0.214/32 192.168.0.1 [admin@AT-WR4562] ip address> [admin@AT-WR4562] ip address> .. route print detail Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, R - rip, O - ospf, B - bgp S dst-address=0.0.0.0/0 preferred-source=0.0.0.0 gateway=192.168.0.1 gateway-state=reachable distance=1 interface=pppsync...
  • Page 93 • • •...
  • Page 94 [admin@AT-WR4562] routing rip> set redistribute-connected=yes [admin@AT-WR4562] routing rip> print distribute-default: never redistribute-static: no redistribute-connected: no redistribute-ospf: no redistribute-bgp: no metric-default: 1 metric-static: 1 metric-connected: 1 metric-ospf: 1 metric-bgp: 1 update-timer: 30s timeout-timer: 3m garbage-timer: 2m [admin@AT-WR4562] routing rip> [admin@AT-WR4562] routing rip> interface add interface=ether1 \ \...
  • Page 95 [admin@AT-WR4562] routing rip network> add network=10.10.1.0/24 [admin@AT-WR4562] routing rip network> print # ADDRESS 0 10.10.1.0/24 [admin@AT-WR4562] routing rip> [admin@AT-WR4562] routing rip> neighbor add address=10.0.0.1 [admin@AT-WR4562] routing rip> neighbor print Flags: I - inactive ADDRESS 10.0.0.1 [admin@AT-WR4562] routing rip>...
  • Page 96 [admin@AT-WR4562] routing rip route> print Flags: S - static, R - rip, O - ospf, C - connect, B - bgp 0 O dst-address=0.0.0.0/32 gateway=10.7.1.254 metric=1 from=0.0.0.0 33 R dst-address=159.148.10.104/29 gateway=10.6.1.1 metric=2 from=10.6.1.1 34 R dst-address=159.148.10.112/28 gateway=10.6.1.1 metric=2 from=10.6.1.1 [admin@AT-WR4562] routing rip route> [admin@AT-WR4562] >...
  • Page 97 [admin@AT-WR4562] routing rip> set redistribute-connected=yes [admin@AT-WR4562] routing rip> print distribute-default: never redistribute-static: no redistribute-connected: yes redistribute-ospf: no redistribute-bgp: no metric-default: 1 metric-static: 1 metric-connected: 1 metric-ospf: 1 metric-bgp: 1 update-timer: 30s timeout-timer: 3m garbage-timer: 2m [admin@AT-WR4562] routing rip> [admin@AT-WR4562] routing rip network> add network=10.0.0.0/2 [admin@AT-WR4562] routing rip network>...
  • Page 98 interface Ethernet0 ip address 10.0.0.26 255.255.255.0 no ip directed-broadcast interface Serial1 ip address 192.168.1.1 255.255.255.252 ip directed-broadcast router rip version 2 redistribute connected redistribute static network 10.0.0.0 network 192.168.1.0 ip classless awplus#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP...
  • Page 99 • • •...
  • Page 100 • • [admin@AT-WR4562] routing ospf> set redistribute-connected=as-type-1 \ \... metric-connected=1 [admin@AT-WR4562] routing ospf> print router-id: 0.0.0.0 distribute-default: never redistribute-connected: no redistribute-static: no redistribute-rip: no redistribute-bgp: no metric-default: 1 metric-connected: 20 metric-static: 20 metric-rip: 20 metric-bgp: 20 mpls-te-area: unspecified mpls-te-router-id: unspecified [admin@AT-WR4562] routing ospf>...
  • Page 101 [admin@WiFi] routing ospf area> add area-id=0.0.10.5 name=local_10 [admin@WiFi] routing ospf area> print Flags: X - disabled, I - invalid NAME backbone local_10 [admin@WiFi] routing ospf area> [admin@AT-WR4562] routing ospf network> add area=backbone network=10.10.1.0/24 [admin@AT-WR4562] routing ospf network> print Flags: X - disabled NETWORK AREA 10.10.1.0/24...
  • Page 102 [admin@AT-WR4562] routing ospf> interface add interface=ether2 hello-interval=5s [admin@AT-WR4562] routing ospf> interface print 0 interface=ether2 cost=1 priority=1 authentication-key="" retransmit-interval=5s transmit-delay=1s hello-interval=5s dead-interval=40s [admin@AT-WR4562] routing ospf>...
  • Page 103 [admin@AT-WR4562] routing ospf virtual-link> add neighbor-id=10.0.0.201 \ \... transit-area=ex [admin@AT-WR4562] routing ospf virtual-link> print Flags: X - disabled, I - invalid NEIGHBOR-ID TRANSIT-AREA 10.0.0.201 [admin@AT-WR4562] routing ospf virtual-link>...
  • Page 104 admin@AT-WR4562] routing ospf> neighbor print router-id=10.0.0.204 address=10.0.0.204 priority=1 state="2-Way" state-changes=0 ls-retransmits=0 ls-requests=0 db-summaries=0 dr-id=0.0.0.0 backup-dr-id=0.0.0.0 [admin@AT-WR4562] routing ospf> main_gw 192.168.0.11 [OSPF_MAIN] to_peer1 10.1.0.2 to_main 10.1.0.1 [OSPF_peer_1] Internet to_peer2 10.2.0.2 to_main 10.2.0.1 [OSPF_peer_2] to_peer1 10.3.0.2 backup 10.3.0.1...
  • Page 105 [admin@OSPF_MAIN] interface> print Flags: X - disabled, D - dynamic, R - running NAME RATE R main_gw 1500 R to_peer_1 1500 R to_peer_2 1500 [admin@OSPF_MAIN] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS 192.168.0.11/24 10.1.0.2/24 10.2.0.2/24 [admin@OSPF_MAIN] routing ospf>...
  • Page 106 [admin@OSPF_peer_1] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS 10.1.0.1/24 10.3.0.1/24 [admin@OSPF_peer_1] routing ospf> print router-id: 0.0.0.0 distribute-default: never redistribute-connected: as-type-1 redistribute-static: no redistribute-rip: no redistribute-bgp: no metric-default: 1 metric-connected: 0 metric-static: 0 metric-rip: 0 metric-bgp: 0 [admin@OSPF_peer_1] routing ospf area>...
  • Page 107 [admin@OSPF_peer_2] routing ospf area> print Flags: X - disabled, I - invalid NAME AUTHENTICATION backbone none local_10 none [admin@OSPF_peer_2] routing ospf network> print Flags: X - disabled, I - invalid NETWORK 10.2.0.0/24 10.3.0.0/24 [admin@OSPF_MAIN] ip route> print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Io 192.168.0.0/24...
  • Page 108 main_gw 192.168.0.11 [OSPF_MAIN] to_peer1 10.1.0.2 to_main 10.1.0.1 [OSPF_peer_1] [admin@OSPF_peer_1] routing ospf interface> add interface=backup cost=50 [admin@OSPF_peer_1] routing ospf interface> print 0 interface=backup cost=50 priority=1 authentication-key="" retransmit-interval=5s transmit-delay=1s hello-interval=10s dead-interval=40s [admin@OSPF_peer_2] routing ospf interface> add interface=to_peer_1 cost=50 [admin@OSPF_peer_2] routing ospf interface> print 0 interface=to_peer_1 cost=50 priority=1 authentication-key=""...
  • Page 109 [admin@OSPF_peer_1] > ip route pr Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Do 192.168.0.0/24 1 Io 10.3.0.0/24 2 DC 10.3.0.0/24 3 Do 10.2.0.0/24 4 Io 10.1.0.0/24...
  • Page 110 [admin@OSPF_MAIN] ip route> print Flags: X - disabled, I - invalid, D - dynamic, J - rejected, C - connect, S - static, r - rip, o - ospf, b - bgp DST-ADDRESS 0 Io 192.168.0.0/24 1 DC 192.168.0.0/24 2 Do 10.3.0.0/24 3 Io 10.2.0.0/24 4 DC 10.2.0.0/24 5 Io 10.1.0.0/24...
  • Page 111 • •...
  • Page 112 [admin@AT-WR4562] ip route> add dst-address=10.1.12.0/24 gateway=192.168.0.253 [admin@AT-WR4562] ip route> add gateway=10.5.8.1 [admin@AT-WR4562] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY 0 A S 10.1.12.0/24...
  • Page 113 [admin@AT-WR4562] ip firewall mangle add action=mark-routing new-routing-mark=at \ \... chain=prerouting [admin@AT-WR4562] ip route> add gateway=10.0.0.254 routing-mark=mt [admin@AT-WR4562] ip route rule> add src-address=10.0.0.144/32 \ \... table=mt action=lookup [admin@AT-WR4562] ip route rule> print Flags: X - disabled, I - invalid src-address=192.168.0.144/32 action=lookup table=mt [admin@AT-WR4562] ip route rule>...
  • Page 114 [admin@ECMP-Router] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.254/24 192.168.0.0 10.1.0.2/28 10.1.0.0 10.1.1.2/28 10.1.1.0 [admin@ECMP-Router] ip address> [admin@ECMP-Router] ip route> add gateway=10.1.0.1,10.1.1.1,10.1.1.1 [admin@ECMP-Router] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY...
  • Page 115 [admin@PB-Router] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.1/24 192.168.0.0 192.168.1.1/24 192.168.1.0 10.0.0.7/24 10.0.0.0 [admin@PB-Router] ip address> [admin@PB-Router] ip firewall mangle> add src-address=192.168.0.0/24 \ \... action=mark-routing new-routing-mark=net1 chain=prerouting [admin@PB-Router] ip firewall mangle> add src-address=192.168.1.0/24 \ \...
  • Page 116 • • /ip pool add name=dhcp-pool ranges=172.16.0.10-172.16.0.20 /ip dhcp-server network add address=172.16.0.0/12 gateway=172.16.0.1 /ip dhcp-server add interface=wlan1 address-pool=dhcp-pool /ip dhcp-client add interface=wlan1 use-peer-dns=yes \ add-default-route=yes disabled=no [admin@Server] ip dhcp-client> print detail Flags: X - disabled, I - invalid interface=wlan1 add-default-route=yes use-peer-dns=yes status=bound address=172.16.0.20/12 gateway=172.16.0.1 dhcp-server=192.168.0.1 primary-dns=159.148.147.194 expires-after=2d23:58:52 [admin@Server] ip dhcp-client>...
  • Page 118 /ip dhcp-client add interface=ether1 disabled=no [admin@AT-WR4562] ip dhcp-client> print detail Flags: X - disabled, I - invalid interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes status=bound address=192.168.0.65/24 gateway=192.168.0.1 dhcp-server=192.168.0.1 primary-dns=192.168.0.1 primary-ntp=192.168.0.1 expires-after=9m44s [admin@AT-WR4562] ip dhcp-client> • • • • • • • • • •...
  • Page 119 • • • • • • •...
  • Page 120 /ip dhcp-server add name=dhcp-office disabled=no [admin@AT-WR4562] ip dhcp-server> print detail Flags: X - disabled, I – invalid interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes status=bound address=192.168.0.65/24 gateway=192.168.0.1 dhcp-server=192.168.0.1 primary-dns=192.168.0.1 primary-ntp=192.168.0.1 expires-after=9m44s dhcp-clients 02:00:00 [admin@AT-WR4562] ip dhcp-server> /ip dhcp-server add name=dhcp-office disabled=no address-pool=dhcp-clients \ interface=ether1 lease-time=2h [admin@AT-WR4562] ip dhcp-server>...
  • Page 123 [admin@AT-WR4562] ip dhcp-server lease> print Flags: X - disabled, R - radius, D - dynamic, B - blocked ADDRESS MAC-ADDRESS 0 D 10.5.2.90 00:04:EA:C6:0E:40 1 D 10.5.2.91 00:04:EA:99:63:C0 [admin@AT-WR4562] ip dhcp-server lease> add copy-from=0 address=10.5.2.100 [admin@AT-WR4562] ip dhcp-server lease> print Flags: X - disabled, R - radius, D - dynamic, B - blocked ADDRESS MAC-ADDRESS...
  • Page 124 [admin@AT-WR4562] ip dhcp-server option> add name=Hostname code=12 \ value="Host-A" [admin@AT-WR4562] ip dhcp-server option> print # NAME 0 Option-Hostname [admin@AT-WR4562] ip dhcp-server option> [admin@AT-WR4562] ip dhcp-server network> add address=10.1.0.0/24 \ \... gateway=10.1.0.1 dhcp-option=Option-Hostname dns-server=159.148.60.20 [admin@AT-WR4562] ip dhcp-server network> print detail 0 address=10.1.0.0/24 gateway=10.1.0.1 dns-server=159.148.60.20 dhcp-option=Option-Hostname [admin@AT-WR4562] ip dhcp-server network>...

  • Page 125: Local-Address

    [admin@AT-WR4562] ip dhcp-relay> add name=relay interface=ether1 \ \... dhcp-server=10.0.0.1 disabled=no [admin@AT-WR4562] ip dhcp-relay> print Flags: X - disabled, I - invalid NAME relay [admin@AT-WR4562] ip dhcp-relay> [admin@AT-WR4562] ip dhcp-server> setup Select interface to run DHCP server on dhcp server interface: ether1 Select network for DHCP addresses dhcp address space: 10.0.0.0/24 Select gateway for given network...
  • Page 126 [admin@AT-WR4562] ip dhcp-server> print Flags: X - disabled, I - invalid NAME INTERFACE RELAY dhcp1 ether1 [admin@AT-WR4562] ip dhcp-server> network print # ADDRESS GATEWAY 0 10.0.0.0/24 10.0.0.1 [admin@AT-WR4562] ip dhcp-server> /ip pool print # NAME 0 dhcp_pool1 [admin@AT-WR4562] ip dhcp-server> [admin@DHCP-Server] ip address>...
  • Page 127 [admin@DHCP-Relay] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 192.168.0.1/24 192.168.0.0 192.168.1.1/24 192.168.1.0 192.168.2.1/24 192.168.2.0 [admin@DHCP-Relay] ip address> /ip pool add name=Local1-Pool ranges=192.168.1.11-192.168.1.100 /ip pool add name=Local1-Pool ranges=192.168.2.11-192.168.2.100 [admin@DHCP-Server] ip pool> print # NAME 0 Local1-Pool 1 Local2-Pool [admin@DHCP-Server] ip pool>...
  • Page 128 • 00:0B:6B:31:02:4B Auth-Type := Local, Password == "" Framed-IP-Address = 192.168.0.55 • client 172.16.0.1 { secret = MySecret shortname = Server /radius add service=dhcp address=172.16.0.2 secret=MySecret [admin@DHCP-Server] radius> print detail Flags: X - disabled service=dhcp called-id="" domain="" address=172.16.0.2 secret="MySecret" authentication-port=1812 accounting-port=1813 timeout=00:00:00.300 accounting-backup=no realm=""...
  • Page 130 [admin@AT-WR4562] ip dns> set primary-dns=159.148.60.2 \ \... allow-remote-requests=yes [admin@AT-WR4562] ip dns> print primary-dns: 159.148.60.2 secondary-dns: 0.0.0.0 allow-remote-requests: yes cache-size: 2048KiB cache-max-ttl: 1w cache-used: 17KiB [admin@AT-WR4562] ip dns>...
  • Page 131 [admin@AT-WR4562] ip dns static> add name www.example.com address=10.0.0.1 [admin@AT-WR4562] ip dns static> print Flags: D - dynamic, X - disabled, R - regexp NAME ADDRESS www.example.com 10.0.0.1 [admin@AT-WR4562] ip dns static> [admin@AT-WR4562] ip dns> cache flush [admin@AT-WR4562] ip dns> print primary-dns: 159.148.60.2 secondary-dns: 0.0.0.0 allow-remote-requests: yes...
  • Page 133 [admin@AT-WR4562] radius> add service=hotspot,ppp address=10.0.0.3 secret=ex [admin@AT-WR4562] radius> print Flags: X - disabled SERVICE CALLED-ID ppp,hotspot [admin@AT-WR4562] radius> AAA for the respective services should be enabled too: [admin@AT-WR4562] radius> /ppp aaa set use-radius=yes [admin@AT-WR4562] radius> /ip hotspot profile set default use-radius=yes To view some statistics for a client: [admin@AT-WR4562] radius>...
  • Page 134 • • • • • • • • • • • • • •...
  • Page 135 • • • • • • • • • • • • • • • • • • • • • •...
  • Page 136 • • • • • • • • • • • • • • • • • • • •...
  • Page 137 • • • • • • • • • • • • • • • • • • • • • • •...
  • Page 138 • • • • • • • • • • • • •...
  • Page 143 [admin@rb13] ppp profile> print Flags: * - default 0 * name="default" use-compression=default use-vj-compression=default encryption=default only-one=default change-tcp-mss=yes name="default-encryption" compression=default use-encryption=yes only-one=default change-tcp-mss=yes [admin@rb13] ppp profile> [admin@rb13] ppp profile> add name=ex local-address=10.0.0.1 remote-address=ex incoming- filter=mypppclients [admin@rb13] ppp profile> print Flags: * - default 0 * name="default"...
  • Page 144 [admin@rb13] ppp secret> add name=ex password=lkjrht service=pptp profile=ex [admin@rb13] ppp secret> print Flags: X - disabled NAME SERVICE CALLER-ID pptp [admin@rb13] ppp secret> [admin@rb13] > /ppp active print Flags: R - radius NAME SERVICE CALLER-ID pptp 10.0.11.12 [admin@rb13] > /ppp active print detail Flags: R - radius name="ex"...
  • Page 145 [admin@AT-WR4562] ppp aaa> set use-radius=yes [admin@AT-WR4562] ppp aaa> print use-radius: yes accounting: yes interim-update: 0s [admin@AT-WR4562] ppp aaa>...
  • Page 146 0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web, sniff,!ftp,!write,!policy 1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password, web,sniff,!ftp,!policy 2name="full"policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw ord,web,sniff...

  • Page 147: Group Address

    [admin@rb13] user group> add name=reboot policy=telnet,reboot,read,local [admin@rb13] user group> print 0 name="read" policy=local,telnet,ssh,reboot,read,test,winbox,password,web, sniff,!ftp,!write,!policy 1 name="write" policy=local,telnet,ssh,reboot,read,write,test,winbox,password, web,sniff,!ftp,!policy 2 name="full" policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox, password,web,sniff 3 name="reboot" policy=local,telnet,reboot,read,!ssh,!ftp,!write,!policy,!test, !winbox,!password,!web,!sniff [admin@rb13] user group> [admin@AT-WR4562] user> print Flags: X - disabled NAME ;;; system default user admin [admin@AT-WR4562] user>...
  • Page 148 [admin@AT-WR4562] user> add name=joe password=j1o2e3 group=write [admin@AT-WR4562] user> print Flags: X - disabled ;;; system default user name="admin" group=full address=0.0.0.0/0 name="joe" group=write address=0.0.0.0/0 [admin@AT-WR4562] user> [admin@rb13] user> active print Flags: R - radius WHEN NAME feb/27/2004 00:41:41 admin feb/27/2004 01:22:34 admin winbox [admin@rb13] user>...
  • Page 149 [admin@AT-WR4562] user aaa> set use-radius=yes [admin@AT-WR4562] user aaa> print use-radius: yes accounting: yes interim-update: 0s default-group: read [admin@AT-WR4562] user aaa> sh-3.00$ ssh-keygen -t dsa -f ./id_dsa Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./id_dsa.
  • Page 150 • • • /interface eoip add remote-address=10.1.0.1 tunnel-id=1 mac-address=00-00-5E-80-00-01 \ \... disabled=no /interface eoip add remote-address=10.5.8.1 tunnel-id=1 mac-address=00-00-5E-80-00-02 \ \... disabled=no...
  • Page 151 [admin@AT-WR4562] interface eoip> add name=to_mt2 remote-address=10.5.8.1 \ \... tunnel-id 1 [admin@AT-WR4562] interface eoip> print Flags: X - disabled, R - running name="to_mt2" mtu=1500 arp=enabled remote-address=10.5.8.1 tunnel-id=1 [admin@AT-WR4562] interface eoip> enable 0 [admin@AT-WR4562] interface eoip> print Flags: X - disabled, R - running name="to_mt2"...
  • Page 152 [admin@Our_GW] interface pptp-server> /ppp secret add name=joe service=pptp \ \... password=top_s3 local-address=10.0.0.1 remote-address=10.0.0.2 [admin@Our_GW] interface pptp-server> add name=from_remote user=joe [admin@Our_GW] interface pptp-server> server set enable=yes [admin@Our_GW] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running NAME from_remote [admin@Our_GW] interface pptp-server>...
  • Page 153 [admin@Our_GW] interface eoip> add name="eoip-remote" tunnel-id=0 \ \... remote-address=10.0.0.2 [admin@Our_GW] interface eoip> enable eoip-remote [admin@Our_GW] interface eoip> print Flags: X - disabled, R - running name=eoip-remote mtu=1500 arp=enabled remote-address=10.0.0.2 tunnel-id=0 [admin@Our_GW] interface eoip> [admin@Remote] interface eoip> add name="eoip" tunnel-id=0 \ \...
  • Page 154 [admin@Router1] interface bonding> add slaves=ether1,ether2 [admin@Router2] interface bonding> add slaves=ether1,ether2 [admin@Router1] ip address> add address=172.16.0.1/24 interface=bonding1 [admin@Router2] ip address> add address=172.16.0.2/24 interface=bonding1 [admin@Router1] interface bonding> /pi 172.16.0.2 172.16.0.2 ping timeout 172.16.0.2 ping timeout 172.16.0.2 ping timeout 172.16.0.2 64 byte ping: ttl=64 time=2 ms 172.16.0.2 64 byte ping: ttl=64 time=2 ms...
  • Page 155 • •...
  • Page 156 [admin@office1] > /interface print Flags: X - disabled, D - dynamic, R - running NAME R isp1 R isp2 [admin@office1] > /ip address print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 1.1.1.1/24 1.1.1.0 10.1.0.111/24 10.1.0.0 TYPE RX-RATE TX-RATE...
  • Page 157 [admin@office2] interface> print Flags: X - disabled, D - dynamic, R - running NAME R isp2 R isp1 [admin@office2] interface> /ip add print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 2.2.2.1/24 2.2.2.0 10.1.0.112/24 10.1.0.0 [admin@office1] > interface eoip add remote-address=10.1.0.112 tunnel-id=2 \...
  • Page 158 [admin@office1] interface bonding> add slaves=eoip-tunnel1,eoip-tunnel2 [admin@office1] interface bonding> print Flags: X - disabled, R - running R name="bonding1" mtu=1500 mac-address=00:0C:42:03:20:E7 arp=enabled slaves=eoip-tunnel1,eoip-tunnel2 mode=balance-rr primary=none link-monitoring=none arp-interval=00:00:00.100 arp-ip-targets="" mii-interval=00:00:00.100 down-delay=00:00:00 up-delay=00:00:00 lacp-rate=30secs [admin@office1] ip address> add address=3.3.3.1/24 interface=bonding1 [admin@office1] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK...
  • Page 159 [admin@10.5.8.104] interface ipip> add local-address=10.5.8.104 \ remote-address=10.1.0.172 disabled=no [admin@10.5.8.104] ip address> add address=10.0.0.1/24 interface=ipip1 [admin@10.1.0.172] interface ipip> add local-address=10.1.0.172 \ remote-address=10.5.8.104 disabled=no [admin@10.1.0.172] ip address> add address=10.0.0.2/24 interface=ipip1...

  • Page 160: Remote-Address

    [admin@AT-WR4562] interface ipip> add local-address: 10.0.0.1 remote-address: 22.63.11.6 [admin@AT-WR4562] interface ipip> print Flags: X - disabled, R - running NAME ipip1 [admin@AT-WR4562] interface ipip> en 0 [admin@AT-WR4562] interface ipip> /ip address add address 1.1.1.1/24 interface=ipip1 [admin@AT-WR4562] interface ipip> add local-address=22.63.11.6 remote-address=10. 0.0.1 [admin@AT-WR4562] interface ipip>...
  • Page 161 [admin@AT-WR4562] interface ipip> /ping 1.1.1.2 1.1.1.2 64 byte ping: ttl=64 time=24 ms 1.1.1.2 64 byte ping: ttl=64 time=19 ms 1.1.1.2 64 byte ping: ttl=64 time=20 ms 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 19/21.0/24 ms [admin@AT-WR4562] interface ipip>...
  • Page 163 [admin@AT-WR4562] interface l2tp-client> add name=test2 connect-to=10.1.1.12 \ \... user=john add-default-route=yes password=john [admin@AT-WR4562] interface l2tp-client> print Flags: X - disabled, R - running name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john" password="john" profile=default add-default-route=yes allow=pap,chap,mschap1,mschap2 [admin@AT-WR4562] interface l2tp-client> enable 0 [admin@AT-WR4562] interface l2tp-client> monitor test2 status: "connected"...
  • Page 164 [admin@AT-WR4562] interface l2tp-server server> set enabled=yes [admin@AT-WR4562] interface l2tp-server server> print enabled: yes max-mtu: 1460 max-mru: 1460 mrru: disabled authentication: mschap2,mschap1 keepalive-timeout: 30 default-profile: default [admin@AT-WR4562] interface l2tp-server server>...
  • Page 165 [admin@AT-WR4562] interface l2tp-server> add user=ex1 [admin@AT-WR4562] interface l2tp-server> print Flags: X - disabled, D - dynamic, R - running NAME DR <l2tp-ex> l2tp-in1 [admin@AT-WR4562] interface l2tp-server> USER CLIENT-ADDRESS 1460 10.0.0.202 UPTIME ENC... 6m32s none...
  • Page 166 [admin@HomeOffice] ppp secret> add name=ex service=l2tp password=lkjrht local-address=10.0.103.1 remote-address=10.0.103.2 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex" service=l2tp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> [admin@HomeOffice] interface l2tp-server> add user=ex [admin@HomeOffice] interface l2tp-server> print Flags: X - disabled, D - dynamic, R - running NAME l2tp-in1 [admin@HomeOffice] interface l2tp-server>...
  • Page 167 [admin@HomeOffice] interface l2tp-server server> set enabled=yes [admin@HomeOffice] interface l2tp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@HomeOffice] interface l2tp-server server> [admin@RemoteOffice] interface l2tp-client> add connect-to=192.168.80.1 user=ex \ \... password=lkjrht disabled=no [admin@RemoteOffice] interface l2tp-client> print Flags: X - disabled, R - running R name="l2tp-out1"...
  • Page 168 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex" service=l2tp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex" service=l2tp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes="10.150.1.0/24 10.0.103.2 1"...
  • Page 169 [admin@RemoteOffice] ppp secret> add name=ex service=l2tp password=lkjrht local-address=10.150.1.254 remote-address=10.150.1.2 [admin@RemoteOffice] ppp secret> print detail Flags: X - disabled name="ex" service=l2tp caller-id="" password="lkjrht" profile=default local-address=10.150.1.254 remote-address=10.150.1.2 routes=="" [admin@RemoteOffice] ppp secret> [admin@RemoteOffice] interface l2tp-server> add name=FromLaptop user=ex [admin@RemoteOffice] interface l2tp-server> print Flags: X - disabled, D - dynamic, R - running NAME FromLaptop [admin@RemoteOffice] interface l2tp-server>...
  • Page 170 [admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp [admin@RemoteOffice] interface ethernet> print Flags: X - disabled, R - running NAME R ToInternet 1500 R Office 1500 [admin@RemoteOffice] interface ethernet> MAC-ADDRESS 00:30:4F:0B:7B:C1 enabled 00:30:4F:06:62:12 proxy-arp...
  • Page 171 • • /interface pppoe-client add name=pppoe-user-mike user=mike password=123 \ \... interface=wlan1 service-name=internet disabled=no /ip pool add name="pppoe-pool" ranges=10.1.1.62-10.1.1.72 /ppp profile add name="pppoe-profile" local-address=10.1.1.1 remote-address=pppoe-pool /ppp secret add name=mike password=123 service=pppoe profile=pppoe-profile /interface pppoe-server server add service-name=internet interface=wlan1 \ \... default-profile=pppoe-profile...
  • Page 173 [admin@RemoteOffice] interface pppoe-client> add interface=gig \ \... service-name=testSN user=john password=password disabled=no [admin@RemoteOffice] interface pppoe-client> print Flags: X - disabled, R - running R name="pppoe-out1" max-mtu=1480 max-mru=1480 mrru=disabled interface=ether1 user="user" password="passwd" profile=default service-name="testSN" ac-name="" add-default-route=no dial-on-demand=no use-peer-dns=no allow=pap,chap,mschap1,mschap2 [admin@RemoteOffice] interface pppoe-client> [admin@AT-WR4562] interface pppoe-client>...
  • Page 174 [admin@AT-WR4562] interface pppoe-server server> add interface=ether1 \ \... service-name=ex one-session-per-host=yes [admin@AT-WR4562] interface pppoe-server server> print Flags: X - disabled 0 X service-name="ex" interface=ether1 mtu=1480 mru=1480 authentication=mschap2,mschap,chap,pap keepalive-timeout=10 one-session-per-host=yes default-profile=default [admin@AT-WR4562] interface pppoe-server server>...
  • Page 175 • • [admin@AT-WR4562] interface pppoe-server> print Flags: X - disabled, D - dynamic, R - running NAME USER SERVICE DR <pppoe-ex> user [admin@AT-WR4562] interface pppoe-server> [admin@AT-WR4562] interface pppoe-server> remove [find user=ex] [admin@AT-WR4562] interface pppoe-server> print [admin@AT-WR4562] interface pppoe-server> REMOTE... ENCODING UPTIME 00:0C:...

  • Page 176: Wireless

    [admin@PPPoE-Server] interface wireless> set 0 mode=ap-bridge \ frequency=2442 band=2.4ghz-b/g ssid=mt disabled=no [admin@PPPoE-Server] interface wireless> print Flags: X - disabled, R - running name="wlan1" mtu=1500 mac-address=00:0C:42:18:5C:3D arp=enabled interface-type=Atheros AR5413 mode=ap-bridge ssid="mt" frequency=2442 band=2.4ghz-b/g scan-list=default antenna-mode=ant-a wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=default compression=no [admin@PPPoE-Server] interface wireless>...
  • Page 177 [admin@PPPoE-Server] ip address> add address=10.1.0.3/24 interface=Local [admin@PPPoE-Server] ip address> print Flags: X - disabled, I - invalid, D - dynamic ADDRESS NETWORK 10.1.0.3/24 10.1.0.0 [admin@PPPoE-Server] ip address> /ip route [admin@PPPoE-Server] ip route> add gateway=10.1.0.1 [admin@PPPoE-Server] ip route> print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf DST-ADDRESS G GATEWAY...
  • Page 178 [admin@MT] interface pppoe-server server> set 0 max-mtu=1440 max-mru=1440 [admin@MT] interface pppoe-server server> print Flags: X - disabled service-name="mt" interface=wlan1 max-mtu=1440 max-mru=1440 authentication=pap,chap,mschap1,mschap2 keepalive-timeout=10 one-session-per-host=yes max-sessions=0 default-profile=default [admin@MT] interface pppoe-server server>...
  • Page 179 [admin@PPTP-Server] ppp secret> add name=jack password=pass \ \... local-address=10.0.0.1 remote-address=10.0.0.2 [admin@PPTP-Server] interface pptp-server server> set enabled=yes [admin@PPTP-Client] interface pptp-client> add user=jack password=pass \ \... connect-to=10.5.8.104 disabled=no...
  • Page 180 [admin@AT-WR4562] interface pptp-client> add name=test2 connect-to=10.1.1.12 \ \... user=john add-default-route=yes password=john [admin@AT-WR4562] interface pptp-client> print Flags: X - disabled, R - running name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john" password="john" profile=default add-default-route=yes allow=pap,chap,mschap1,mschap2 [admin@AT-WR4562] interface pptp-client> enable 0...
  • Page 181 [admin@AT-WR4562] interface pptp-client> monitor test2 status: "connected" uptime: 6h44m9s idle-time: 6h44m9s encoding: "MPPE128 stateless" mtu: 1460 mru: 1460 [admin@AT-WR4562] interface pptp-client>...
  • Page 182 [admin@AT-WR4562] interface pptp-server server> set enabled=yes [admin@AT-WR4562] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2,mschap1 keepalive-timeout: 30 default-profile: default [admin@AT-WR4562] interface pptp-server server> • •...
  • Page 183 [admin@AT-WR4562] interface pptp-server> add user=ex1 [admin@AT-WR4562] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running NAME DR <pptp-ex> pptp-in1 [admin@AT-WR4562] interface pptp-server> [admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.0.103.1 remote-address=10.0.103.2 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex"...
  • Page 184 [admin@HomeOffice] interface pptp-server> add user=ex [admin@HomeOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running NAME pptp-in1 [admin@HomeOffice] interface pptp-server> [admin@HomeOffice] interface pptp-server server> set enabled=yes [admin@HomeOffice] interface pptp-server server> print enabled: yes max-mtu: 1460 max-mru: 1460 mrru: disabled authentication: mschap2 keepalive-timeout: 30...
  • Page 185 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> print detail Flags: X - disabled name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes="10.150.1.0/24 10.0.103.2 1"...
  • Page 186 [admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.150.1.254 remote-address=10.150.1.2 [admin@RemoteOffice] ppp secret> print detail Flags: X - disabled name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.150.1.254 remote-address=10.150.1.2 routes=="" [admin@RemoteOffice] ppp secret> [admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex [admin@RemoteOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running NAME FromLaptop [admin@RemoteOffice] interface pptp-server>...
  • Page 187 [admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp [admin@RemoteOffice] interface ethernet> print Flags: X - disabled, R - running NAME R ToInternet 1500 R Office 1500 [admin@RemoteOffice] interface ethernet> MAC-ADDRESS 00:30:4F:0B:7B:C1 enabled 00:30:4F:06:62:12 proxy-arp...
  • Page 188 • • •...
  • Page 189 •...
  • Page 191 [admin@WiFi] ip ipsec policy> add sa-src-address=10.0.0.147 \ \... sa-dst-address=10.0.0.148 action=encrypt [admin@WiFi] ip ipsec policy> print Flags: X - disabled, D - dynamic, I - inactive src-address=10.0.0.147/32:any dst-address=10.0.0.148/32:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=10.0.0.147 sa-dst-address=10.0.0.148 proposal=default manual-sa=none priority=0 [admin@WiFi] ip ipsec policy> [admin@WiFi] ip ipsec policy>...
  • Page 192 [admin@WiFi] ip ipsec peer>add address=10.0.0.147/32 \ \... secret=gwejimezyfopmekun [admin@WiFi] ip ipsec peer> print Flags: X - disabled address=10.0.0.147/32:500 secret="gwejimezyfopmekun" generate-policy=no exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 [admin@WiFi] ip ipsec peer>...
  • Page 193 [admin@WiFi] ip ipsec> remote-peers print 0 local-address=10.0.0.148 remote-address=10.0.0.147 state=established side=initiator [admin@WiFi] ip ipsec>...
  • Page 194 [admin@WiFi] ip ipsec> installed-sa print Flags: A - AH, E - ESP, P - pfs spi=E727605 src-address=10.0.0.148 dst-address=10.0.0.147 auth-algorithm=sha1 enc-algorithm=3des replay=4 state=mature auth-key="ecc5f4aee1b297739ec88e324d7cfb8594aa6c35" enc-key="d6943b8ea582582e449bde085c9471ab0b209783c9eb4bbd" addtime=jan/28/2003 20:55:12 add-lifetime=24m/30m usetime=jan/28/2003 20:55:23 use-lifetime=0s/0s current-bytes=128 lifebytes=0/0 spi=E15CEE06 src-address=10.0.0.147 dst-address=10.0.0.148 auth-algorithm=sha1 enc-algorithm=3des replay=4 state=mature auth-key="8ac9dc7ecebfed9cd1030ae3b07b32e8e5cb98af" enc-key="8a8073a7afd0f74518c10438a0023e64cc660ed69845ca3c"...
  • Page 195 [admin@AT-WR4562] ip ipsec installed-sa> flush [admin@AT-WR4562] ip ipsec installed-sa> print [admin@AT-WR4562] ip ipsec installed-sa> [admin@Router1] > ip ipsec policy add sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2 \ \... action=encrypt [admin@Router1] > ip ipsec peer add address=1.0.0.2 \ \... secret="gvejimezyfopmekun" [admin@Router2] > ip ipsec policy add sa-src-address=1.0.0.2 sa-dst-address=1.0.0.1 \ \...
  • Page 196 [admin@Router1] > ip ipsec manual-sa add name=ah-sa1 \ \... ah-spi=0x101/0x100 ah-key=abcfed [admin@Router1] > ip ipsec policy add src-address=10.1.0.0/24 \ \... dst-address=10.2.0.0/24 action=encrypt ipsec-protocols=ah \ \... tunnel=yes sa-src=1.0.0.1 sa-dst=1.0.0.2 manual-sa=ah-sa1 [admin@Router2] > ip ipsec manual-sa add name=ah-sa1 \ \... ah-spi=0x100/0x101 ah-key=abcfed [admin@Router2] >...
  • Page 197 [admin@Router1] > ip ipsec policy add src-address=10.1.0.0/24 \ \... dst-address=10.2.0.0/24 action=encrypt tunnel=yes \ \... sa-src-address=1.0.0.1 sa-dst-address=1.0.0.2 [admin@Router1] > ip ipsec peer add address=1.0.0.2 \ \... exchange-mode=aggressive secret="gvejimezyfopmekun" [admin@Router2] > ip ipsec policy add src-address=10.2.0.0/24 \ \... dst-address=10.1.0.0/24 action=encrypt tunnel=yes \ \...
  • Page 198 /ip firewall filter add chain=forward dst-port=135 protocol=tcp action=drop /ip firewall filter add chain=input protocol=tcp dst-port=23 action=drop /ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop...
  • Page 199 • • • • • • •...
  • Page 203 / ip firewall filter add chain=input connection-state=invalid action=drop \ comment="Drop Invalid connections" add chain=input connection-state=established action=accept \ comment="Allow Established connections" add chain=input protocol=udp action=accept \ comment="Allow UDP" add chain=input protocol=icmp action=accept \ comment="Allow ICMP" add chain=input src-address=192.168.0.0/24 action=accept \ comment="Allow access to router from known network" add chain=input action=drop comment="Drop anything else"...

  • Page 204: Dhcp"

    add chain=forward protocol=tcp action=jump jump-target=tcp add chain=forward protocol=udp action=jump jump-target=udp add chain=forward protocol=icmp action=jump jump-target=icmp add chain=tcp protocol=tcp dst-port=69 action=drop \ comment="deny TFTP" add chain=tcp protocol=tcp dst-port=111 action=drop \ comment="deny RPC portmapper" add chain=tcp protocol=tcp dst-port=135 action=drop \ comment="deny RPC portmapper" add chain=tcp protocol=tcp dst-port=137-139 action=drop \ comment="deny NBT"...
  • Page 205 • • • • •...
  • Page 209 [admin@AT-WR4562] > /ip firewall mangle add chain=forward \ \... p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn [admin@AT-WR4562] > /ip firewall mangle add chain=forward \ \... connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p [admin@AT-WR4562] > /ip firewall mangle add chain=forward \ \... connection-mark=!p2p_conn action=mark-packet new-packet-mark=other [admin@AT-WR4562] > /ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn chain=forward connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p...
  • Page 210 [admin@AT-WR4562] > /ip firewall mangle add out-interface=pppoe-out \ \... protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 chain=forward [admin@AT-WR4562] > /ip firewall mangle print Flags: X - disabled, I - invalid, D - dynamic chain=forward out-interface=pppoe-out protocol=tcp tcp-flags=syn action=change-mss new-mss=1300 [admin@AT-WR4562] > /ip firewall nat add action=masquerade out-interface=Public chain=srcnat...
  • Page 212 • • • •...
  • Page 214 • • • •...
  • Page 215 • • • • • • • • • • • •...
  • Page 216 • • • • • • • • • •...
  • Page 217 • •...
  • Page 221 /ip firewall nat add chain=srcnat action=masquerade out-interface=Public /ip address add address=10.5.8.200/32 interface=Public /ip firewall nat add chain=dstnat dst-address=10.5.8.200 action=dst-nat \ to-addresses=192.168.0.109 /ip firewall nat add chain=srcnat src-address=192.168.0.109 action=src-nat \ to-addresses=10.5.8.200 /ip firewall nat add chain=dstnat dst-address=11.11.11.1-11.11.11.254 \ action=netmap to-addresses=2.2.2.1-2.2.2.254 /ip firewall nat add chain=srcnat src-address=2.2.2.1-2.2.2.254 \ action=netmap to-addresses=11.11.11.1-11.11.11.254...
  • Page 222 • • • • •...
  • Page 225 • • • •...

  • Page 226: Hotspot

    • • • • • • • • • [admin@AT-WR4562] > ip hotspot setup hotspot interface: ether1 local address of network: 192.0.2.1/24 masquerade network: yes address pool of network: 192.0.2.2-192.0.2.126 select certificate: none ip address of smtp server: 0.0.0.0 dns servers: 192.0.2.254 dns name: hs.example.net name of local hotspot user: admin password for the user: rubbish...
  • Page 227 [admin@AT-WR4562] ip hotspot> add interface=local address-pool=HS-real [admin@AT-WR4562] ip hotspot> print Flags: X - disabled, I - invalid, S - HTTPS NAME hs-local [admin@AT-WR4562] ip hotspot> INTERFACE ADDRESS-POOL PROFILE IDLE-TIMEOUT local HS-real default 00:05:00...

  • Page 230: Mac Address

    /ip hotspot profile set default http-cookie-lifetime=1d [admin@AT-WR4562] ip hotspot cookie> print # USER DOMAIN 0 ex [admin@AT-WR4562] ip hotspot cookie> MAC-ADDRESS EXPIRES-IN 01:23:45:67:89:AB 23h54m16s...
  • Page 231 [admin@AT-WR4562] ip hotspot walled-garden> add path="/paynow.html" \ \... dst-host="www.example.com" [admin@AT-WR4562] ip hotspot walled-garden> print Flags: X - disabled, D - dynamic dst-host="www.example.com" path="/paynow.html" action=allow [admin@AT-WR4562] ip hotspot walled-garden>...
  • Page 233 [admin@AT-WR4562] ip hotspot service-port> print Flags: X - disabled NAME [admin@AT-WR4562] ip hotspot service-port> set ftp ports=20,21 [admin@AT-WR4562] ip hotspot service-port> print Flags: X - disabled NAME [admin@AT-WR4562] ip hotspot service-port> 0 D chain=dstnat action=jump jump-target=hotspot hotspot=from-client 1 I chain=hotspot action=jump jump-target=pre-hotspot 2 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=udp 3 D chain=hotspot action=redirect to-ports=64872 dst-port=53 protocol=tcp 4 D chain=hotspot action=redirect to-ports=64873 hotspot=local-dst dst-port=80...
  • Page 234 7 D chain=hotspot action=jump jump-target=hs-auth hotspot=auth protocol=tcp 8 D ;;; www.alliedtelesis.com chain=hs-unauth dst-address=159.148.147.196 protocol=tcp dst-port=80 action=return 9 D chain=hs-unauth action=redirect to-ports=64874 dst-port=80 protocol=tcp 10 D chain=hs-unauth action=redirect to-ports=64874 dst-port=3128 protocol=tcp 11 D chain=hs-unauth action=redirect to-ports=64874 dst-port=8080 protocol=tcp 11 D chain=hs-unauth protocol=tcp dst-port=443 action=redirect to-ports=64875 13 I chain=hs-unauth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 15 I chain=hs-auth action=jump jump-target=hs-smtp dst-port=25 protocol=tcp 14 D chain=hs-auth protocol=tcp dst-port=25 action=jump jump-target=hs-smtp...
  • Page 235 0 D chain=forward action=jump jump-target=hs-unauth hotspot=from-client,!auth 1 D chain=forward action=jump jump-target=hs-unauth-to hotspot=to-client,!auth 2 D chain=input action=jump jump-target=hs-input hotspot=from-client I chain=hs-input action=jump jump-target=pre-hs-input 4 D chain=hs-input action=accept dst-port=64872 protocol=udp 5 D chain=hs-input action=accept dst-port=64872-64875 protocol=tcp 6 D chain=hs-input action=jump jump-target=hs-unauth hotspot=!auth 7 D chain=hs-unauth protocol=icmp action=return 8 D ;;;...
  • Page 237 <a href="$(link-login)">login</a>...
  • Page 239 $(if <var_name>) $(elif <var_name>) $(else) some content, which will always be displayed $(if username == john) Hey, your username is john $(elif username == dizzy) Hello, Dizzy! How are you? Your administrator. $(elif ip == 10.1.2.3) You are sitting at that crappy computer, which is damn slow... $(elif mac == 00:01:02:03:04:05) This is an ethernet card, which was stolen few months ago...
  • Page 240 • <type="text" value="$(username)> <input type="hidden" name="user" value="hsuser"> • <input type="password"> <input type="hidden" name="password" value="hspass"> • https://www.server.serv/register.html?mac=XX:XX:XX:XX:XX:XX https://www.example.com/register.html?mac=$(mac) • $(if popup == 'true') open('http://your.web.server/your-banner-page.html', 'my-banner-name',''); • <input type="hidden" name="dst" value="$(link-orig)"> <input type="hidden" name="dst" value="http://www.example.com">...
  • Page 241 • open('$(link-logout)', 'hotspot_logout', ... open('$(link-logout)?erase-cookie=on', 'hotspot_logout', ... <input type="hidden" name="erase-cookie" value="on"> <input type="submit" value="log off"> • • <html> <title>...</title> <body> <form name="redirect" action="https://auth.example.com/login.php" method="post"> <input type="hidden" name="mac" value="$(mac)"> <input type="hidden" name="ip" value="$(ip)"> <input type="hidden" name="user" value="$(username)"> <input type="hidden" name="link-login" value="$(link-login)"> <input type="hidden"...
  • Page 242 • • • • • • • • • • • • • • • •...
  • Page 243 • • • [admin@AT-WR4562] > /certificate print Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa 0 KR name="hotspot.example.net" subject=C=LV,L=Riga,O=MT,OU=dev,CN=hotspot.example.net, emailAddress=admin@hotsot.example.net issuer=C=LV,L=Riga,O=MT,OU=dev,CN=hotsot.example.net, emailAddress=admin@hotsot.example.net serial-number="0" email=admin@hotsot.example.net invalid-before=oct/27/2004 11:43:22 invalid-after=oct/27/2005 11:43:22 ca=yes ip hotspot profile set default login-by=cookie,http-chap,https \ ssl-certificate=hotsot.example.net [admin@AT-WR4562] >...
  • Page 244 [admin@AT-WR4562] ip hotspot ip-binding> print Flags: X - disabled, P - bypassed, B - blocked MAC-ADDRESS ADDRESS 10.11.12.3 1 P 00:01:02:03:04:05 10.11.12.3 [admin@AT-WR4562] ip hotspot ip-binding> .. host print Flags: S - static, H - DHCP, D - dynamic, A - authorized, P - bypassed MAC-ADDRESS ADDRESS 0 SB 00:01:02:03:04:05 10.11.12.3...
  • Page 247 [admin@AT-WR4562] ip hotspot user> add name=ex password=ex \ \... mac-address=01:23:45:67:89:AB limit-uptime=1h [admin@AT-WR4562] ip hotspot user> print Flags: X - disabled SERVER NAME [admin@AT-WR4562] ip hotspot user> print detail Flags: X - disabled name="ex" password="ex" mac-address=01:23:45:67:89:AB profile=default limit-uptime=01:00:00 uptime=00:00:00 bytes-in=0 bytes-out=0 packets-in=0 packets-out=0 [admin@AT-WR4562] ip hotspot user>...
  • Page 248 [admin@AT-WR4562] ip hotspot active> print Flags: R - radius, B - blocked USER ADDRESS 10.0.0.144 [admin@AT-WR4562] ip hotspot active> UPTIME SESSION-TIMEOUT IDLE-TIMEOUT 4m17s 55m43s...
  • Page 249 • •...
  • Page 250 [admin@AT-WR4562] ip vrrp> add interface=ether1 vrid=1 priority=255 [admin@AT-WR4562] ip vrrp> print Flags: X - disabled, I - invalid, M - master, B - backup name="vr1" interface=ether1 vrid=1 priority=255 interval=1 preemption-mode=yes authentication=none password="" on-backup="" on-master="" [admin@AT-WR4562] ip vrrp>...
  • Page 251 [admin@AT-WR4562] ip vrrp> address add address=192.168.1.1/24 \ \... virtual-router=vr1 [admin@AT-WR4562] ip vrrp> address print Flags: X - disabled, A - active ADDRESS NETWORK 192.168.1.1/24 192.168.1.0 [admin@AT-WR4562] ip vrrp> BROADCAST INSTANCE INTERFACE 192.168.1.255 default...
  • Page 252 RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled interface=local vrid=1 priority=255 interval=1 preemption-mode=yes authentication=none password="" on-backup="" on-master="" [admin@AT-WR4562] ip vrrp> [admin@ AT-WR4500] ip address> add address=192.168.1.1/24 interface=vrrp1 [admin@M AT-WR4500] ip address> print [admin@AT-WR4562] ip address> print Flags: X - disabled, I - invalid, D - dynamic...
  • Page 253 [admin@AT-WR4562] ip vrrp> print Flags: X - disabled, I - invalid, R - running, M - master, B - backup RM name="vrrp1" mtu=1500 mac-address=00:00:5E:00:01:01 arp=enabled interface=local vrid=1 priority=100 interval=1 preemption-mode=yes authentication=none password="" on-backup="" on-master="" [admin@AT-WR4562] ip vrrp>...

  • Page 254: System

    [admin@AT-WR4562] system watchdog> set auto-send-supout=yes \ \... send-to-email=support@example.com send-smtp-server=192.0.2.1 [admin@AT-WR4562] system watchdog> print watch-address: none watchdog-timer: yes no-ping-delay: 5m automatic-supout: yes auto-send-supout: yes send-smtp-server: 192.0.2.1 send-email-to: support@example.com [admin@AT-WR4562] system watchdog>...

  • Page 255: Monitoring And Management

    12 Monitoring and Management [admin@AT-WR4562] system logging> add topics=firewall action=memory [admin@ AT-WR4500] system logging> print Flags: X - disabled, I - invalid TOPICS info error warning critical firewall [admin@ AT-WR4500] system logging> ACTION PREFIX memory memory memory echo memory...
  • Page 256 [admin@AT-WR4562] system logging action> add name=short \ \... target=memory memory-lines=50 memory-stop-on-full=yes [admin@AT-WR4562] system logging action> print # FACILITY LOCAL REMOTE PREFIX Flags: * - default NAME 0 * memory 1 * disk 2 * echo 3 * remote short [admin@AT-WR4562] system logging action> REMOTE-ADDRESS REMOTE-PORT ECHO TARGET REMOTE...
  • Page 257 [admin@AT-WR4562] > log print TIME MESSAGE dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin dec/24/2003 08:20:36 log configuration changed by admin -- [Q quit|D dump] [admin@AT-WR4562] >...
  • Page 258 • • • • • •...
  • Page 259 [admin@AT-WR4562] ip traffic-flow> set enabled=yes [admin@AT-WR4562] ip traffic-flow> print enabled: yes interfaces: all cache-entries: 1k active-flow-timeout: 30m inactive-flow-timeout: 15s [admin@AT-WR4562] ip traffic-flow> [admin@AT-WR4562] ip traffic-flow target> add address=192.168.0.2:2055 \ \... version=9 [admin@AT-WR4562] ip traffic-flow target> print Flags: X - disabled ADDRESS VERSION 192.168.0.2:2055...
  • Page 262 • • • • • • • • /tool graphing set store-every=hour [admin@AT-WR4562] tool graphing> print store-every: hour [admin@AT-WR4562] tool graphing>...
  • Page 263 [admin@AT-WR4562] tool graphing interface> add interface=ether1 \ \... allow-address=192.168.0.0/24 store-on-disk=yes [admin@AT-WR4562] tool graphing interface> print Flags: X - disabled INTERFACE ALLOW-ADDRESS ether1 192.168.0.0/24 [admin@AT-WR4562] tool graphing interface> STORE-ON-DISK...
  • Page 264 [admin@AT-WR4562] tool graphing queue> add simple-queue=queue1 allow-address=yes \ \... store-on-disk=yes • • • [admin@AT-WR4562] tool graphing resource> add allow-address=192.168.0.0/24 \ \... store-on-disk=yes [admin@AT-WR4562] tool graphing resource> print Flags: X - disabled ALLOW-ADDRESS STORE-ON-DISK 192.168.0.0/24 [admin@AT-WR4562] tool graphing resource>...

Table of Contents

Save Article as PDF