دوره متخصص میکروتیک MikroTik Pack: MTCNA – MTCRE- MTCWE- MTIPv6-MTCSE

MTCNA

Introduction:

• About MikroTik
  – What is RouterOS
  – What is RouterBOARD
  • First time accessing the router
  – WinBox and MAC-WinBox
  – WebFig and Quick Set
  – Default configuration
  • RouterOS command line interface (CLI)
  – Null Modem cable
  – SSH and Telnet
  – New terminal in WinBox/WebFig
  • RouterOS CLI principles
  – < tab>, double < tab>, “?”, navigation
  – Command history and its benefits
  • Initial configuration (Internet access)
  – WAN DHCP-client
  – LAN IP address and default gateway
  – Basic Firewall – NAT masquerade
  • Upgrading RouterOS
  – Package types
  – Saving and restoring the backup
  – Difference between a backup and an export (.rsc) file
  – Editing an export file
  – Ways of upgrading
  – RouterBOOT firmware upgrade
  • Router identity
  • Manage RouterOS logins
  • Manage RouterOS services
  • Managing configuration backups
  • Resetting a RouterOS device
  • Reinstalling a RouterOS device (Netinstall)
  • RouterOS license levels

DHCP:

• DHCP server and client
  – DHCP client
  – DHCP server setup
  – Leases management
  – DHCP server network configuration
  • Address Resolution Protocol (ARP)
  – ARP modes
  – RouterOS ARP table
  

Routing:

• Routing overview
  – Routing concepts
  – Route flags
  • Static routing
  – Creating routes
  – Setting default route
  – Managing dynamic routes
  – Implementing static routing in a simple network

Wireless:

• 802.11a/b/g/n/ac Concepts
  – Frequencies (bands, channels) data-rates / chains (tx power, rx sensitivity, country regulations)
  • Setup a simple wireless link
  – Access Point configuration
  – Station configuration
  • Wireless Security and Encryption
  – Access List
  – Connect List
  – Default Authenticate
  – Default Forward
  – WPA-PSK, WPA2-PSK
  – WPS accept, WPS client
  • Monitoring Tools
  – Snooper
  – Registration table

Firewall:
• Firewall principles
– Connection tracking and states
– Structure, chains and actions
• Firewall Filter in action
– Filter actions
– Protecting your router (input)
– Protection your customers (forward)
• Basic Address-List
• Source NAT
– Masquerade and src-nat action
•Destination NAT
– dst-nat and redirect actions
• FastTrack

QoS:

• Simple Queue
  – Target
  – Destinations
  – Max-limit and limit-at
  – Bursting
  • One Simple queue for the whole network (PCQ)
  – pcq-rate configuration
  – pcq-limit configuration

Tunnels:

• PPP settings
  – PPP profile
  – PPP secret
  – PPP status
  • IP pool
  – Creating pool
  – Managing ranges
  – Assigning to a service
  • Secure local network
  – PPPoE service-name
  – PPPoE client
  – PPPoE server
  • Point-to-point addresses
  • Secure remote networks communication
  – PPTP client and PPTP server (Quick Set)
  – SSTP client

Misc:
• RouterOS tools
– E-mail
– Netwatch
– Ping
– Traceroute
– Profiler (CPU load)
• Monitoring
– Interface traffic monitor
– Torch
– Graphs
– SNMP

Wireless Installations:
• Wireless routers
• RouterBoard Hardware 

Wireless cards
• Antenna types

Wireless Standard:

• 802.11 a/b/g/n
  • Bands and channel width
  • FrequenciesWireless Tools:
  • Wireless Tools + LAB
  • Scan
  • Frequency usage
  • Spectral Scan/History
  • Snooper
  •  Align
  • Sniffer 

Wireless Troubleshooting:

• Troubleshooting wireless clients + LAB
  • Registration table analysis
  • Ack-Timeout/Distance
  • CCQ
  • TX/RX Signal Strength
  • Frames and HW-frames
  • Data-rates 

Wireless Advanced Settings:
• Advanced Wireless Tab settings + LAB
• HW-retries
• HW-protection
• Adaptive-noise-immunity
• WMM
• Country regulation settings
• TX-power + LAB
•  Virtual-AP 

802.11n

• 802.11n wireless protocol + LAB
  • Features
  • Data Rates
  • Channel bonding
  • Frame Aggregation
  • TX-power for N cards
  • Chain settings
  • Wireless link debugging 

Wireless Security:
• Wireless Security Measures + LAB
• Access Management
• Access-List/Connect-List
• RADIUS
• Authentication
• Encryption
• EAP
• Management Frame Protection 

WDS and MESH:
• Wireless WDS protocol + LAB
• Dynamic/Static WDS
• RSTP Bridge
• Wireless MESH + LAB
• HWMP+ Mesh 

Wireless Bridging:
• Wireless Transparent Bridge + LAB
• WDS bridging
• AP/Station-WDS
• Pseudobridge
• MPLS/VPLS tunnel

Nstreme Protocol:
• MikroTik Wireless Nstreme Protocol + LAB
• Features
• Configuration options
• Nstreme Dual
• Troubleshooting

Nv2 Protocol:
• MikroTik Wireless Nv2 Protocol + LAB
• Features
• Configuration options
• Troubleshooting

Introduction to IPv6:

• IPv6 address

-Differences between IPv4 and IPv6

• Address distribution
• Address notation

– SLAAC IPv6 address creation (EUI-64)

• Subnetting
• Address types

-Link-local

-Global

-Multicast

-Anycast

-Unique local

-Special addresses

• Reserved IPv6 addresses

MTCIPv6E

IPV6 Protocol:
• Address configuration

Auto-configuration

Stateless – SLAAC, DHCPv6

Stateful – DHCPv6

• Neighbor discovery protocol
• IPv6 routing basics

IPv6 prefix

IPV6 Packet:

• IPv6 header

Header field description

Next header (daisy chaining)

Fragmentation

• Path MTU discovery

IPV6 Security:

• ICMPv6
• Neighbor discovery protocol

Router solicitation

Router advertisement

Neighbor solicitation

-Duplicate address detection

-Neighbor unreachability detection

Neighbor advertisement

-‘Managed address configuration’ flag

-‘Other configuration’ flag

Redirect

• MLD (Multicast Listener Discovery)
• Temporary addresses
• Firewall
• IPsec

Header only encryption (AH)

Data only encryption (ESP)

Header and data encryption (AH+ESP)

TransitionMechanism:
• Dual stack (RIPE recommended)

• 6 to 4
• 6 RD
• Teredo
• DS-lite (Dual stack lite)

Interoperability:
• IPv6 pool

• DHCP

DHCP PD server

DHCP PD client

DHCPv6 client

• IPv6 tunnels

IPIPv6

EoIPv6

GRE6

• IP version agnostic

DNS

Reverse DNS

NTP

PPP IPv6 support

• Routing

Using global addresses as in IPv4

Using link-local addresses as in IPv6

• RouterOS features not yet available for IPv6

NAT

HotSpot

RADIUS integration

Policy routing

DHCPv6 server

• Tools

Ping

Traceroute

Torch

Traffic generator

Email

Netwatch

Traffic flow

Module 6 laboratory

Wireless Installations:
• Wireless routers
• RouterBoard Hardware 

 Wireless cards
• Antenna types

Wireless Standard:

• 802.11 a/b/g/n
  • Bands and channel width
  • FrequenciesWireless Tools:
  • Wireless Tools + LAB
  • Scan
  • Frequency usage
  • Spectral Scan/History
  • Snooper
  •  Align
  • Sniffer 

Wireless Troubleshooting:

• Troubleshooting wireless clients + LAB
  • Registration table analysis
  • Ack-Timeout/Distance
  • CCQ
  • TX/RX Signal Strength
  • Frames and HW-frames
  • Data-rates 

Wireless Advanced Settings:
• Advanced Wireless Tab settings + LAB
• HW-retries
• HW-protection
• Adaptive-noise-immunity
• WMM
• Country regulation settings
• TX-power + LAB
•  Virtual-AP 

802.11n

• 802.11n wireless protocol + LAB
  • Features
  • Data Rates
  • Channel bonding
  • Frame Aggregation
  • TX-power for N cards
  • Chain settings
  • Wireless link debugging 

Wireless Security:
• Wireless Security Measures + LAB
• Access Management
• Access-List/Connect-List
• RADIUS
• Authentication
• Encryption
• EAP
• Management Frame Protection 

WDS and MESH:
• Wireless WDS protocol + LAB
• Dynamic/Static WDS
• RSTP Bridge
• Wireless MESH + LAB
• HWMP+ Mesh 

Wireless Bridging:
• Wireless Transparent Bridge + LAB
• WDS bridging
• AP/Station-WDS
• Pseudobridge
• MPLS/VPLS tunnel

Nstreme Protocol:
• MikroTik Wireless Nstreme Protocol + LAB
• Features
• Configuration options
• Nstreme Dual
• Troubleshooting 

Nv2 Protocol:
• MikroTik Wireless Nv2 Protocol + LAB
• Features
• Configuration options
• Troubleshooting

Introduction to IPv6:

• IPv6 address

-Differences between IPv4 and IPv6

• Address distribution
• Address notation

– SLAAC IPv6 address creation (EUI-64)

• Subnetting
• Address types

-Link-local

-Global

-Multicast

-Anycast

-Unique local

-Special addresses

• Reserved IPv6 addresses

IPV6 Protocol:
• Address configuration

Auto-configuration

Stateless – SLAAC, DHCPv6

Stateful – DHCPv6

• Neighbor discovery protocol
• IPv6 routing basics

IPv6 prefix

IPV6 Packet:

• IPv6 header

Header field description

Next header (daisy chaining)

Fragmentation

• Path MTU discovery

IPV6 Security:

• ICMPv6
• Neighbor discovery protocol

Router solicitation

Router advertisement

Neighbor solicitation

-Duplicate address detection

-Neighbor unreachability detection

Neighbor advertisement

-‘Managed address configuration’ flag

-‘Other configuration’ flag

Redirect

• MLD (Multicast Listener Discovery)
• Temporary addresses
• Firewall
• IPsec

Header only encryption (AH)

Data only encryption (ESP)

Header and data encryption (AH+ESP)

TransitionMechanism:
• Dual stack (RIPE recommended)

• 6 to 4
• 6 RD
• Teredo
• DS-lite (Dual stack lite)

Interoperability:
• IPv6 pool

• DHCP

DHCP PD server

DHCP PD client

DHCPv6 client

• IPv6 tunnels

IPIPv6

EoIPv6

GRE6

• IP version agnostic

DNS

Reverse DNS

NTP

PPP IPv6 support

• Routing

Using global addresses as in IPv4

Using link-local addresses as in IPv6

• RouterOS features not yet available for IPv6

NAT

HotSpot

RADIUS integration

Policy routing

DHCPv6 server

• Tools

Ping

Traceroute

Torch

Traffic generator

Email

Netwatch

Traffic flow

Module 6 laboratory

Introduction:

• Attacks, mechanisms and services
• The most common threats
• RouterOS security deployment

Firewall:

• Packet flow, firewall chains
• Stateful firewall
• RAW table
• SYN flood mitigation using RAW table
• RouterOS default configuration
• Best practices for management access
• Detecting an attack to critical infrastructure services
• Bridge filter
• Advanced options in firewall filter
• ICMP filtering

OSI Layer Attacks:

• MNDP attacks and prevention
• DHCP: rogue servers, starvation attacks and prevention
• TCP SYN attacks and prevention
• UDP attacks and prevention
• ICMP Smurf attacks and prevention
• FTP, telnet and SSH brute-force attacks and prevention
• Port scan detection and prevention

Crypography:

• Introduction to cryptography and terminology
• Encryption methods
• Algorithms – symmetric, asymmetric
• Public key infrastructure (PKI)
• Certificates

Self-signed certificates

Free of charge valid certificates

Using the certificates in RouterOS

Securing the Router:

Port knocking

Secure connections (HTTPS, SSH, WinBox)

Default ports for the services

Tunneling through SSH

Secure Tunnels:

Introduction to IPsec

L2TP + IPsec

SSTP with certificates