Hi guys
i am new to Mikrotik and i need help to Design my Network with Mikrotik i try lot but i fail to create completly my requirement is
My Lan ip add = 200.100.100.0/24
My Wan Ip is =202.61.47.113/28
i have 4 Labs in which 20 pcs are there for that i want to create a group of each lab like
Lab 1 =200.100.100.11-200.100.100.30
Lab 2 = 200.100.100.31-200.100.100.50
Lab 3 =200.100.100.51-200.100.100.70
Lab 4 = 200.100.100.71-200.100.100.90
and Main =200.100.100.200-200.100.100.250
in this senerio i want to build my network i have 3 main servers
Email Server =200.100.100.253
Labs Domain=200.100.100.2
Exam Server=200.100.100.231
i want to enable / disable my complete lab for internet conectivity and my faculty use there server during their teaching Period , i want to create transparent proxy.
Well to really get you going we are going to need more information on what exactly what you are looking at doing, but here are some places you could start.
Put each Lab on it’s own VLAN, and have another VLAN for the main (this requires managed switches that support VLANs). Since you control the Class C, break each of the labs up into a subnet size that will support the number of PCs you want on it and put the appropriate subnet on each of the VLANs. Set up your desired DHCP servers and so on on each VLAN as well. Then set any rules you need so they can get online.
After that is set up for each lab and they are able to get online you can make a filter rule with an in-interface of the VLAN and specify times in the firewall matcher for it to drop all packets that come into it on that interface (thus not allowing internet access during the times you specify). You could refine this further by making the rule more specific or putting in some accept rules before the drop rule so they can have access to other PCs that are on different subnets.
Since all of the LAN subnets are going to be local to the MikroTik it will handle the routing between the subnets unless you set up filter rules to explicitly deny them in the filter.
Ok, what board do you have then? You can do the same thing basically if you have enough Ethernet ports. Just substitute VLANs for ether1, ether2, ether3 etc.
It is doable with the same things all on one interface as well, just replace specifying the in-interface with the filter rule with the subnet, but it becomes easy to circumvent rules by changing IP addresses since there technically is no LAN separation. It’s just a more complicated setup and things get a little messy.
i have only two interface card on which i have connected My Lan and Wan
Can i read a backup file becase i got one backup file and i want to study it before applying it?
No, I believe backup files are binary. They are designed to only be uploaded to the same RB that they were taken off of, so trying to upload it to a different kind of box will often make a partialy broken configuration. Run /export from the top menu, this will put out the text configuration, put in /export file=backup to have it put it in a file you can open up in a text reader later.
Since you only have one physical interface for the LAN that you can use and cannot do VLANs because of existing network infrastructure, that basically leaves you with what I’m assuming is your current setup of everything being on the same /24.
You can set up filter rules still based off of a range of IP addresses or address lists you can can drop packets coming into the router from known IP addresses, but as mentioned before this would be relatively easy to get around by changing the IP address on the machine. You can also specify the source MAC address and try and restrict some access that way, but once again relatively easy to get around by changing the MAC on the machine.