角色

目录帖子。

角色

如果大家用过这款router，可以分享你的用后心得吗？

Qnewbie

I used two VPNs:
1. PPTP VPN
2. OpenVPN
The first one is quite easy to set up.
http://wordpress.wlevels.nl/configuring-routeros-as-pptp-server/

The second one is harder,
http://daffy.za.net/2010/02/open ... outeros-vpn-server/
As said, RouterOS doesn't support udp and useless for my Android phone

The power of RouterOS is the scripts. I copy&paste one white-list script for my IP01 and it works for a few months now.

Deeper understanding of how routing works with RouterOS required if you want to write your own scripts.

Cons: it(RB750G) restarts randomly as it runs out of RAM memory... So select routerBoard with larger RAM...

角色

How many MikroTik routers that you have? And what are they?

Qnewbie

I bought 3 routers: one RB450G is placed in HK, other two RB750Gs are with me...

Unfortunately, the RB450G hasn't been installed

角色

What kind of OS that you are using on RB750Gs? Still using RouterOS (ROS)?

Where did you buy them?

What are the applications for those two RB750Gs and the plan for RB450G?

Qnewbie

1. Mikrotik's own OS, i.e., RouterOS.
2. Taobao
3. Initial plan is RB450G as VPN server@HK, one site in Mainland China with RB750G and the other one overseas.

角色

You wanna stick to the ROS for those router, right?

Do you have any plan to change the embedded OS to other OS like OpenWRT?

Qnewbie

RB750G works with VPN, firewall, and partly QoS. DO NOT break it as far as it works!

I prefer other project like embedded phone or asterisk with tiny6410

dreamy2k

我都有一台RB450G，主要系PPTP比我系大陸時連回家上網，但計劃要用OPENVPN做兩地連接，同我都用到佢VLAN的功能........佢VLAN又系好麻煩但系真學到好多野

Qnewbie

回復 25# dreamy2k

Mikrotik prefers site-to-site SSTP(I never use it) in stead of openVPN(TCP causes openvpn meltdown problem).

VLAN? Could you show us some cases/tutorials?

dreamy2k

回復  dreamy2k

Mikrotik prefers site-to-site SSTP(I never use it) in stead of openVPN(TCP causes o ...
Qnewbie 發表於 2012-11-5 02:28

我大概講一下ROUTER VLAN 802.1Q的設置

用上周我幫朋友餐廳設置網絡時的實況
他們的餐廳需要三個不同的網絡，1. 點菜機系統 2. 人客的FREE WIFI 3. 管理和員工的網絡
器材我用RB450G + TP-LINK TL-SF1016L + 普通WIFI (但我建議是有MULIT-SSID + 802.1QVLAN功能 WIFI，OPENWRT AP是便宜的選擇)
點解用802.1Q是因為可以用一條UPLINK把所有VLAN的訊號帶去第二個VLAN SWTICH上，

首先我先定好了3個網絡VLAN ID分別為10, 20 ,30 (吾好用VLAN ID 1,因為之后VLAN ID 1系有特別的意思)
甘我就先把五個NETWORK PORT分成
PORT 1: WAN
PORT 2: LAN1
PORT 3: LAN2
PORT 4: LAN3
PORT 5: LAN4 (VLAN SERICE TAG，呢個就系VLAN UPLINK，我甘叫的，如果有乜吾啱指點下我呀)

甘系ROUTEROS上我先把呢幾個PORT設定好
記得在INTERFACE上ETHERNET把LAN2, LAN3, LAN4 設置里MASTER PORT改成"NONE"
ROUTEROS上要分別設置VLAN和BRIDGE
*溫馨提示: 一定要插系LAN1上設置直到80%之前都要
還有LAN1的所有SETTING最后先做，要確保其他LAN PORT都接上了VLAN先

INTERFACES->VLAN->新增一個
NAME: VLAN20 (自己定，鍾意改乜就乜啦)
VLAN ID: 10 (一定要分清楚吾好搞亂)
INTERFACE: LAN4
*VLAN30都系甘做

Brigde->新增一個
NAME: VLAN20-BRIDGE (自己定，鍾意改乜就乜啦)
ARP: enable
*VLAN30都系甘做

為ROUTEROS上每一個VLAN都加上一個IP (我要來做GATEWAY)
IP->ADDRESSES->新增一個
Address: 192.168.20.254/24
Network: 192.168.20.0
Interface: VLAN20
*VLAN30都系甘做

之后設置DHCP SERVER和POOL
IP->POOL
NAME: vlan20-pool (自己定，鍾意改乜就乜啦)
Address: 192.168.20.101-192.168.20.120 (自己定義啦但我習慣會跟VLAN 10定NETWORK)
*VLAN30都系甘做

IP->DHCP SERVER->DHCP->新增一個
NAME: vlan20-dhcp (自己定，鍾意改乜就乜啦)
InterFace: VLAN20-BRIDGE
Address Pool: vlan20-pool
*VLAN30都系甘做

IP->DHCP SERVER->Network->新增一個
Address: 192.168.20.0/24
Gateway: 192.168.20.254
DNS Server: 192.168.20.254
*VLAN30都系甘做

以上的就是前面要準備的事
之后就是最重要的事，就是把LAN PORT , VLAN 和BRIDGE 接通

Bridge->PORTS->新增一個
Interface: VLAN20
Bridge: VLAN20-BRIDGE
之后再新增一個
Interface: LAN2
Bridge: VLAN20-BRIDGE
**甘之后用LAN線插入去LAN2，看看是否可以用DHCP攞到192.168.20.XX的IP，PING下相同NETWORK的ROUTEROS IP，用WINBOX試下LOGIN入去ROUTEROS里，如果可以就用相同的方法做埋LAN3 , VLAN30 和VLAN30-BRIDGE 的接駁工作

當完成VLAN30設置后，請在LAN2或LAN3接上電腦，
用192.168.20.254或192.168.30.254連入去ROUTEROS
把LAN1設定好VLAN的事情，要點做看回上面我吾多講啦

呢個就系我研究出來的ROUTEROS VLAN的設置，甘只要找到一隻SUPPORT 802.1Q的SWITCH，
之后在SWTICH設好相同的VLAN ID同其中之一個SERICE TAG PORT，把ROUTEROS LAN4 和SWITCH TAG PORT接上就得

有乜吾明大家可以問我，我答到會盡力答

****后話，如果想LAN1,2,3轉不同的VLAN，只要在BRIDGE->PORT上的改呢組
Interface: LAN2 (呢個吾使改)
Bridge: VLAN20-BRIDGE (改呢個就得)

dreamy2k

之前我話WIFI AP最好有SUPPORT multi-ssid + 802.1Q，是因為可以設置不同SSID連上不同的VLAN，好處系比訪客同客人到公司或家里用一個專為他們而設的WIFI SUBNET，記得在ROUTEROS FIREWALL上設置給訪客VLAN SUBNET吾可以碰到其他SUBNET，因為ROUTEROS設了VLAN后VLAN和VLAN是互通的ROUTEROS自動做了ROUTING，呢個大家要注意

我又曾經試過同訪客的SUBNET在ROUTEROS加上了HOTSPOT，又可以訪客上做認証先可以出街

我自己在家就把電腦, VOIP, 影音和訪客都分割開，我好簡單系ROUTEROS QUEUES給每個VLAN SUBNET出街作出了限速

ROUTEROS系我做過甘多隻ROUTER中又平又好玩，功能真系好多，但如果佢有自己的RADIUS SERVER就完美啦

角色

因为我们都是半途出家，VOiP和VPN都是跟前任CHing学。你说的VLAN有听说过，但是具体怎样用也不知道（因为没有基本功）。

希望CHing多写这样的东西，那么我们可以从中学习。

（我都要慢慢看！）

雯雯

回復 29# 角色

Vlan我也會一點, 我現在也有在Draytek router上用Vlan.