Community discussions

 
overspin99
just joined
Topic Author
Posts: 4
Joined: Wed Aug 21, 2019 10:03 am

Network Making for (almost) Beginners

Wed Aug 21, 2019 10:38 am

Hello everyone,
i managed to get a job in networking, anyways i just finished high school and have almost no experience about network making, except for some Cisco Packet Tracer experiments...
My boss asked me to get used to making networks with Mikrotik Routers and gave me 2 RouterBoards and 2 old Laptops to "play" with... I kind of arrived at the point that i have a network where all devices can ping each other and i even set up a functioning DHCP server (it's a lot for a 0 experience student like me), but now playtime's over.
The guy that watches over me gave me a network to work on, lots of terms he used i don't even know what those mean, i did some research, tried to do it myself, but i get stuck on making more than 1 network, also i don't know how to do the following stuff:
  • Captive Portal: don't know how to set it up
  • Every connection to the site comune.breno.bs.it has to pass through another router, i simply don't have any idea on how to make that happen
  • Emp_Wired and Emp_Wireless are 2 networks which have to share the same IP address, when i try to do so devices can't reach each other and also most of the time DHCP doesn't work for one of the two
I'll attach a Visio project i made so you can better understand what I want to achieve with this errand,
If you'd be so kind to help me you'd be a life saver,
Thanks
The Part Time Student/Worker in crysis
Net1.pdf
You do not have the required permissions to view the files attached to this post.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1110
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Network Making for (almost) Beginners

Wed Aug 21, 2019 1:10 pm

A lot of what you have asked is something that will come with time/experience working with RouterOS and one or two of your points will require way more than a 1 post answer. Nearly a full tutorial for some.

If your employer is serious about training you up and you will be using RB's day in and out then maybe ask them to put you forward for some formal MTCNA training and certification. It will teach you the basics and importantly the how and why elements that you won't get from a copy & paste of a few lines of config.

Stick with it though, it's a steep learning curve at first but very versatile once you get to grips with it.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
anav
Forum Guru
Forum Guru
Posts: 3130
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Network Making for (almost) Beginners

Wed Aug 21, 2019 5:09 pm

Your explanation makes zero sense. Perhap in the UK (steve), nobody is qualified or trained and is thrown into highly technical jobs and thats why Europe want the UK to get the hell out of the Union LOL.

This sounds more like, a family member is being given an opportunity outside the normal hiring process, or an 'adult' or troubled youth hiring program.
In the end, Steve's advice is best. You really need some formal training, courses to be of any help/use to your employer. It is confounding to me that they are not offering, suggesting that path. In terms of self learning,,,,,,,,, you should try and get some basic networking books and for MT perhaps Steve Dischers book....... https://stevedischer.com/learn-routeros/
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
overspin99
just joined
Topic Author
Posts: 4
Joined: Wed Aug 21, 2019 10:03 am

Re: Network Making for (almost) Beginners

Thu Aug 22, 2019 10:23 am

Hi,
thanks for the consideration, i just bought the book you suggested me, since my company won't pay for any official course. Here in Italy small companies don't have much money, so they prefer underpaying unexperienced people rather than paying for courses or hiring experienced guys and paying full price for it. Other than that I really am into networking, i'm studying a CyberSecurity University Course, and this job is just what i'd like to do when graduated, maybe on a more professional level hehe. While i wait the 2nd year for the networking lessons i'd like to get a little more experience just to be sure and since i got some skills with Cisco i better get on learning MikroTik too, more stuff to put on my CV :D
Thank you, have a nice day
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Network Making for (almost) Beginners

Thu Aug 22, 2019 3:05 pm

I for one think that to play with something until you get it right is great method. But it works best when you have lot of time and don't play with something that will make people mad if you mess it up. ;)

About the things you're looking for:
  • Captive portal: https://wiki.mikrotik.com/wiki/Manual:IP/Hotspot
  • Routing website via different router: Easiest way would be to just add route to its IP address. But if you can't be sure that it's static, more reliable method would be to add another default route in separate routing table, add hostname in firewall's address list (it will resolve to correct IP adress and keep up with changes), and then mark routing for traffic with destination in your list.
  • Different wireless and wired DHCP addresses: If it should be one network 192.168.101.0/24 and addresses should be given out based on bridge interface, I'm not sure if it's even possible in RouterOS.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
ehbowen
newbie
Posts: 43
Joined: Tue Sep 05, 2017 6:13 am
Location: Houston, Texas
Contact:

Re: Network Making for (almost) Beginners

Fri Aug 23, 2019 10:53 am

Also, check YouTube. There are some very good video tutorials on setting up MikroTik routers for networking. A gentleman by the handle of 'TKSJa' has a very comprehensive set of tutorial videos, at no charge!
Image There are very few problems which cannot be solved by a suitable application of high explosives....
 
anav
Forum Guru
Forum Guru
Posts: 3130
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Network Making for (almost) Beginners

Fri Aug 23, 2019 11:56 pm

Some youtube information is out of date so be wary. If in doubt ask here.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
overspin99
just joined
Topic Author
Posts: 4
Joined: Wed Aug 21, 2019 10:03 am

Re: Network Making for (almost) Beginners

Wed Sep 04, 2019 12:09 pm

Hi everyone,
thanks again for your replies, they were very helpful. I succesfully set up most of the network and overcome most of the problems, so the list goes:
  • Captive Portal SOLVED
  • More connections on same IP SOLVED with @Sob method
Different wireless and wired DHCP addresses: If it should be one network 192.168.101.0/24 and addresses should be given out based on bridge interface, I'm not sure if it's even possible in RouterOS
  • Internet Connection is working for every network and every device can ping each other
Now the oofs:
  • I still can't understand how to route the connection to comune.breno.bs.it through the second router, can even find on youtube and can't figure out myself
  • As you saw in the project employee and user networks have to be distinct in 2 different VLANS or anyways they have to be segregated, no one from one network can access to the other, and i can't seem to find a way to do this since setting up a bridge renders all DHCP servers useless (redded out)
I just need a couple more suggestions and I think I'm good to go, thanks again guys fro your help :D
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Network Making for (almost) Beginners

Thu Sep 05, 2019 2:51 am

- I'm wondering about the Sob method, because this:
Different wireless and wired DHCP addresses: If it should be one network 192.168.101.0/24 and addresses should be given out based on bridge interface, I'm not sure if it's even possible in RouterOS
doesn't sound like solution to me. :)

- Routing specific website through another router can be anywhere between easy and impossible. If you could be sure that it uses static address, you could simply use:
/ip route
add dst-address=<IP address of website> gateway=<the other router>
But if it's not your website, you can't be sure of that. So safer method can be:
/ip route
add dst-address=0.0.0.0/0 gateway=<the other router> table=other_uplink
/ip firewall address-list
add address=comune.breno.bs.it list=use_other_route
/ip firewall mangle
add chain=prerouting connection-state=new dst-address-list=use_other_route action=mark-connection new-connection-mark=other_uplink_conn passthrough=yes
add chain=prerouting connection-mark=other_uplink_conn action=mark-routing new-routing-mark=other_uplink
It will work reliably with simple website. But if it's something bigger, all-dynamic, using some CDN with unpredictable addresses for resources, then you're moving closer to the impossible territory.

- For separating networks, you'll need to tell us more about what exactly you did. Showing config is good way.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
overspin99
just joined
Topic Author
Posts: 4
Joined: Wed Aug 21, 2019 10:03 am

Re: Network Making for (almost) Beginners

Thu Sep 05, 2019 12:16 pm

Ok, i finally got to something here:

To address the separate networks with single IPs problem i did this: created a bridge and put the 2 nwtworks in, created a DHCP server with the bridge as the interface and voilà, we have 2 networks working as a single LAN with the same IP range

To route the connection for the website to R2 i tried this: i know the server IP is static since it's my companys, but i thank you Sob for the dynamic IP method, i will take note for future needs, so i just created a route giving him the site address and for gateway the interface connected to the router R2, didn't run the logs yet but i'm pretty confident

And finally to segregate the Employee network form the Users i did this: i created 2 Address Lists one for the User Networks and one for the employee network, then i created a firewall rule that drops all connections with dst address list EmpLAN and src address list UserLAN, i run some pings and it seems allright

I presented the work to my Boss and he said that this network is OK but it is unsafe, and if somone would connect with a static IP he could have bypassed the captive portal or have admin privileges over the network, so i have to think about this for now. Also he said to wirte an accurate documentation of the work i've done and every config i've touched, but that's not a great probelm at all.

I'd like to thank everyone who helped me during this project, if i have any more probelm with MikroTik routers i'll be sure to come back and ask you guys, you've helped me a lot.
You guys are great :D
 
Sob
Forum Guru
Forum Guru
Posts: 4812
Joined: Mon Apr 20, 2009 9:11 pm

Re: Network Making for (almost) Beginners

Sat Sep 07, 2019 12:32 am

Based on your description, I'm not sure what exactly you did. These things are better expressed as config. RouterOS has very useful command:
/export hide-sensitive file=myconfig
And then you can take resulting myconfig.rsc and share it with someone. You can censor some additional stuff like public IP addresses if you want (and if you have any), but it's important to do it in a way that the result still makes sense, for example replacing 12.34.56.78 with 12.x.x.78 is a good way.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: No registered users and 35 guests