Wiki » Poradniki Instrukcje How-To » Sieci komputerowe » Switche »
Mikrotic RouterOS¶
Domyślny login: admin bez hasła
Reset do ustawień domyślnych PokażUkryj
/system reset-configuration
Po uruchomieniu logujemy się na konto admin bez hasła i naciskamy r
Konfiguracja danych przełącznika PokażUkryj
/system identity set name="$_Adres_montażu"
/interface bridge add name=bridge1 vlan-filtering=yes /interface bridge vlan add bridge=bridge1 tagged=bridge1 vlan-ids=100
/interface vlan add interface=bridge1 name=mgmt vlan-id=100 /ip address add address=$_IP netmask=$_MASK interface=mgmt /ip route add gateway=$_GATEWAY
Konfiguracja Interfejsu PokażUkryj
Konfiguracja portu uplink typu trunk inaczej port taggowany który łączy switche
/interface bridge port add bridge=bridge1 interface=sfp-sfpplus1 ingress-filtering=yes frame-types=admit-only-vlan-tagged /interface bridge vlan set [find vlan-ids=100] bridge=bridge1 tagged=bridge1,sfp-sfpplus1gdzie:
- interface - port w switchu typu uplink sfp-sfpplus1 lub sfp-sfpplus2, Uwaga: na liście trzeba podać wszystkie porty jakie mają znajdować się w VLAN
- vlan-ids=100 - numer vlanu który ma być przesłany jako taggowany
Konfiguracja portu klienta typu untagged inaczej access PokażUkryj
/interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether1 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether2 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether4 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether5 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether6 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether7 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether8 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether9 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether10 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether11 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether12 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether13 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether14 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether15 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether16 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether17 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether18 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether19 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether20 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether21 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether22 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether23 /interface bridge port add bridge=bridge1 pvid=621 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether24Ustawiamy czy dla vlan które porty są tagged i untagged
- pierwsze dodanie vlan używamy komendy add
/interface bridge vlan add vlan-ids=621 bridge=bridge1 tagged=sfp-sfpplus1 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
- aktualizacja/zmian listy portów na vlan używany komendy set
/interface bridge vlan set [find vlan-ids=621] bridge=bridge1 vlan-ids=120 tagged=sfp-sfpplus1 untagged=ether1,ether2,ether3,ether4,ether5,ether6,ether7,ether8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17,ether18,ether19,ether20,ether21,ether22,ether23,ether24
gdzie: - interface - port w switchu od ether1 do ether24
- pvid=621 - numer vlanu, inaczej native vlan
/system clock set time-zone-name=Europe/Warsaw /system ntp client set enabled=yes primary-ntp=93.175.160.4
Konfiguracja Syslog PokażUkryj
/system logging add action=remote topics=info /system logging add action=remote topics=error /system logging add action=remote topics=warning /system logging add action=remote topics=critical /system logging action set 3 remote=$IP_serwera_sysloga
/snmp set contact="admin@$domain" /snmp set location="$_Adres_montażu" /snmp set enabled=yes /snmp community set 0 disabled=yes read-access=no write-access=no /snmp community add name=@#coca#@ read-access=yes write-access=yes addresses=$Serwer_Network /snmp community add name=@#cola#@ read-access=yes write-access=no addresses=$Serwer_Network
Port Isolation / Private Vlan PokażUkryj
/interface ethernet switch port-isolation set forwarding-override=sfp-sfpplus1 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
Jest domyślnie włączone na wszystkich portach, nie trzeba nic robić.
/interface ethernet set loop-protect=on 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
Włączamy DHCP Snooping z Option82(Agent Circuit ID + Agent Remote ID)
/interface bridge set bridge1 dhcp-snooping=yes add-dhcp-option82=yes
Dla portów typu uplink (link do switcha w studio) dajemy
/interface bridge port set trusted=yes [find interface=sfp-sfpplus1]
Uwaga: Domyślnie porty są traktowane jako unstrasted i nie musimy ich konfigurować.
/ip dhcp-relay add name=sza interface=bridge1 dhcp-server=$_IP_SERWER_DHCP disabled=no
802.1x(radius)
- Dodanie serwera Radius PokażUkryj
/radius add address=$_IP_SERWER_AAA secret=radius-acs service=dot1x
- Dodanie interfejsów PokażUkryj
/interface ethernet set [ find default-name=ether1 ] name=1 /interface ethernet set [ find default-name=ether2 ] name=2 /interface dot1x server add interface=ether1 auth-types=mac-auth mac-auth-mode=mac-as-username-and-password radius-mac-format=XXXXXXXXXXXX reauth-timeout=1d /interface dot1x server add interface=ether2 auth-types=mac-auth mac-auth-mode=mac-as-username-and-password radius-mac-format=XXXXXXXXXXXX reauth-timeout=1d ...
Obsługa SFLOW - dopisać
Obsługa IGMP - dopisać
SSH - dopisać
Wersja
/system resource print
Update:
/system package update check-for-updates /system package update install
Upgrade np. do v7:
/system package update set channel=upgrade /system package update check-for-updates /system package update download /system reboot