In the classroom now :-)

I did the previous class by Landasan....

Exam not that easy, specially for those with no Networking background.
Exams very tricky too.

How much they charge for the class? How many people in the class?

Try to save or get sample exams from them. So share with others.

Heheh day one so many input already . Anyway did u pass the test?

Total is RM 1500 from Monday to Thursday

http://www.trainingmikrotik.co.id/mikrotik...-mtcna--96.html

Passed on first try (lucky)
You no problem la: Eat, Sleep & Networking....

But in my class only 3 people pass on first try.

But most of them passed on 2nd try

Same price, but mine only 3 days.. I think yours more worth it

Ask you class members to join the FB MUG group

Well we see about it this Thursday hopefully i pass on first try 95% :-)

Kindly update your first post for the link on FB MUG Group i will ask them to join :-)

Wah, want 90% plus somemore, means u want to be trainer...

I cant la, I tried many times, everytime I put FB link, I cannot save the page... very strange.... (I try again)

Eric

Not so good lah bro failed the first time due to multiple box answer




[attachmentid=2472349]

This post has been edited by MX510: Oct 6 2011, 09:47 PM


Attached thumbnail(s)

Fail 1 time, but can still get 79% wor... congratulations!

Thanks bro :-)

Current project with Mikrotik is using centralized hotspot gateway system which is currently running now


Ok already running the system now :-)

This post has been edited by MX510: Oct 11 2011, 12:03 AM


Attached thumbnail(s)

anyone got any script to build a good home router? I found the Dmitry's firewall guide and the one article for home router. I'm still reading and checking the wiki page to understand more. It will be great if any sifu here can share your opinion and guidance

Hi,
There isn't any pre-written script. You start with a clean slate and you fill in with any settings you need.

To use as a home router, you'll need at least the following set
| PPPOE Client to connect to Streamyx
| NAT Translation to share the internet with all the PC on the network
| DHCP Server to provide IP address to all PC on the network


Optional stuff includes (not required for most people)
| Firewall setup (can be a few lines to hundreds of line)
| QOS/Bandwidth management (can be a few lines to hundreds of line)


Depending on what you need to do, you'll need to setup it up. There is no "fixed" template that will fit everybody's requirement.

As for the optional stuff, your router will fine without it. You may run it without a Firewall or QOS/Bandwidth management. However should you need to optimise it, you have the option to.

As you know NAT itself can also be considered a very basic firewall.

my 750GL router already up and running I use IP mangle for packet classification (short list though) but also decide not to use QoS yet. My port scan rule add my own PC into blocked list...maybe too strict I do not have time for it now.

This post has been edited by cyberic: Oct 18 2011, 12:26 AM

+++++++++++Good work, eric_tan for creating this user group. +++++++++++

ok back to firewall.


As eric_tan said
you start with a clean slate and no one complete rules fits all situation or user needs.

Maybe we can start with the must do, for start, and we add in as we specify our requirement together.

1. as a start, make sure you change router default password,

2. make sure you close all services you are not using, so that it cannot be access, and specify ip address where it is allowed to be access.

[admin@HSE.AP] /ip service> print
Flags: X - disabled, I - invalid
# NAME PORT ADDRESS CERTIFICATE
0 X telnet 23
1 X ftp 21
2 X www 80
3 X ssh 22
4 X www-ssl 443 none
5 X api 8728
6 winbox 8291

On firewall, I think Demitry example is a bit complicated. I think you don't need to mangle to do firewall, Just filter straight away.
first thing first, you should have at least this on your first entry of firewall rules. allow router to accept only clean packet. ie ; meant for you.

/ip firewall filter
add chain=forward connection-state=established comment="allow established connections"
add chain=forward connection-state=related comment="allow related connections"
add chain=forward connection-state=invalid action=drop comment="drop invalid connections"

Next what did we want to filter,objective?? Hey guys, maybe we can come out with the list together and move from here

TO BE CONTINUE ........

Honestly. I dont bother with Firewall setup.
Good ones are just too complicated and LONG to setup.....
Simple ones are just too restrictive....

Unless you have a Trojan Horse, a router with NAT should be good enough for most home users. [My opinion only]

But if you want to setup Firewall, because you worried that people want to come in, check out the option "Tarpit"....

Yes, disable all services not used, so you keep all the ports closed.

---

Added on October 19, 2011, 2:11 amGuys also join the Facebook page I had setup

https://www.facebook.com/pages/Mikrotik-Use...247061138651771

This post has been edited by eric_tan: Oct 19 2011, 02:13 AM

I agree that NAT enough for most. I bought microtik to learn new stuff and other benefit is able to use my old D-link 655 wireless as AP. I hope the supposely upcoming Asus RT-N66 or 57U will be a good replacement later.

spend some time RTFM before finalize my firewall setup. I actually like the idea of using packet classifier and filter from there . So, my firewall is based on the Dimitri's guide and modified it for my own requirement. I already secure the router and SSH and winbox only allowed from local. just that I never really test the firewall properly.

---

Added on October 20, 2011, 4:10 pmcurious question:

I notice that my router's cpu speed is 250 (not 400). I have no complain about the performance. Just want to clarify.

Is the rb750gl default cpu speed set to 250?


This post has been edited by cyberic: Oct 20 2011, 04:10 PM

Wa, you all sifu so advance, me just starting. need to RTFM more.

My RB750GL says CPU Frequency 400MHz, don't know where to set also.

Strange. I should have check 1st before upgrade to bootloader 3.7 and RouterOS 5.7. Now I don't know why it is set to 250 only. Going to try change the cpu speed tonight.

I'm not a sifu..just a beginner that do a lot of RTFM. I still new to this

this is the command to set the cpu speed. Need to reboot the router after that.

system routerboard settings set cpu-frequency=400

to check configurable speed?
system routerboard settings set cpu-frequency=

Wow, I was actually in the same class as you

anybody using or tried the new RB751U-2HnD ??
any comments on it ?

There has been a group here

https://www.facebook.com/groups/157243411036294/

Mikrotik Malaysia

---

Added on November 2, 2011, 7:29 pmVersion 5.8 is now out now

What's new in 5.8 (2011-Nov-01 10:14):

*) snmp - fixed problem where some rows were missed
in a few tables when walking them;
*) ipv6 - added support for router address assignment from ipv6 pools;
*) routerboard - fix RB400/RB700 bootloader upgrade problem
*) radius - respond to CoA & Disconnect requests with the same ip address
it was received to;
*) improved webfig look;
*) webfig - do not allow to show secret passwords if user does not have
sensitive permission;
*) webfig - allow to customize all item names in skins;
*) updated timezone information;
*) lcd - added support for new ax93304 model and nexcom LCDs;
*) ppp - added support for ipv6 pools;
*) ppp - added support for Framed-IPv6-Pool radius attribute;
*) dhcp client - fix high CPU usage when interface is disabled;
*) snmp - trap interface filter, multiple trap targets;
*) dhcp - added server support for IPv6 prefix delegation from /ipv6 pool,
client support is also added;
*) ipsec - support authorization with raw RSA keys;
*) added ipv6 prefix pools;
*) winbox - now copied item in ordered list is added right after it's original;
*) pcq - fixed possible crash;

This post has been edited by MX510: Nov 2 2011, 07:29 PM