Month: November 2013

3 Wan Load Balancing PCC Method


3 Wan Load Balancing PCC Method

#Set Ethernet name as WAN1,WAN2,WAN3,Local and copy below script on terminal window.

#Reboot Mikrotik Router and test your setup.


/ip address
add address=192.168.1.2/24 interface=WAN1
add address=192.168.2.2/24 interface=WAN2
add address=192.168.3.2/24 interface=WAN3
add address=192.168.21.1/24 interface=Local

/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=2048 servers=192.168.1.1,192.168.2.1

/ip firewall mangle
add chain=input in-interface=WAN1 action=mark-connection new-connection-mark=WAN1_conn
add chain=input in-interface=WAN2 action=mark-connection new-connection-mark=WAN2_conn
add chain=input in-interface=WAN3 action=mark-connection new-connection-mark=WAN3_conn

add action=mark-routing chain=output connection-mark=WAN1_conn new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_conn new-routing-mark=to_WAN2
add action=mark-routing chain=output connection-mark=WAN3_conn new-routing-mark=to_WAN3

add chain=prerouting dst-address=192.168.1.0/24 in-interface=Local
add chain=prerouting dst-address=192.168.2.0/24 in-interface=Local
add chain=prerouting dst-address=192.168.3.0/24 in-interface=Local

add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=WAN1_conn per-connection-classifier=both-addresses-and-ports:3/0
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=WAN2_conn per-connection-classifier=both-addresses-and-ports:3/1
add action=mark-connection chain=prerouting dst-address-type=!local in-interface=Local new-connection-mark=WAN3_conn per-connection-classifier=both-addresses-and-ports:3/2

add action=mark-routing chain=prerouting connection-mark=WAN1_conn in-interface=Local new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_conn in-interface=Local new-routing-mark=to_WAN2
add action=mark-routing chain=prerouting connection-mark=WAN3_conn in-interface=Local new-routing-mark=to_WAN3

/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=masquerade chain=srcnat out-interface=WAN3

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1
add check-gateway=ping distance=3 gateway=192.168.3.1

Best Regard’s
Abubaker Siddiq Lasania

2 Wan Load Balancing PCC Method


2 Wan Load Balance


/ ip address
add address=192.168.5.254/24 network=192.168.5.0 broadcast=192.168.5.255 interface=lan
add address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=wlan1
add address=192.168.2.1/24 network=192.168.2.0 broadcast=192.168.2.255 interface=wlan2

/ ip firewall mangle
add chain=input in-interface=wlan1 action=mark-connection new-connection-mark=wlan1_conn
add chain=input in-interface=wlan2 action=mark-connection new-connection-mark=wlan2_conn

add chain=output connection-mark=wlan1_conn action=mark-routing new-routing-mark=to_wlan1
add chain=output connection-mark=wlan2_conn action=mark-routing new-routing-mark=to_wlan2

add chain=prerouting dst-address=192.168.1.0/24 action=accept in-interface=lan
add chain=prerouting dst-address=192.168.2.0/24 action=accept in-interface=lan

add chain=prerouting dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=wlan1_conn passthrough=yes
add chain=prerouting dst-address-type=!local in-interface=lan per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=wlan2_conn passthrough=yes

add chain=prerouting connection-mark=wlan1_conn in-interface=lan action=mark-routing new-routing-mark=to_wlan1
add chain=prerouting connection-mark=wlan2_conn in-interface=lan action=mark-routing new-routing-mark=to_wlan2

/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.1.254 routing-mark=to_wlan1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 routing-mark=to_wlan2 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.1.254 distance=1 check-gateway=ping
add dst-address=0.0.0.0/0 gateway=192.168.2.254 distance=2 check-gateway=ping


/ ip firewall nat
add chain=srcnat out-interface=wlan1 action=masquerade
add chain=srcnat out-interface=wlan2 action=masquerade

IPv4 to IPv6


IP addressing – a numbers game
The depletion of the IPv4 allocation pool has been a concern since the late 1980’s, when the internet really started to see enormous growth. Since then there have been many techniques developed to address the IPv4 scalability issues (limited to 4.3 billion addresses) such as CIDR, NAT and finally the introduction of IPv6 in 1998.

IPv6 is the only workable solution to IPv4 depletion as it can provide 340 undecillion (3.4×1038) addresses. This therefore eliminates the need for NAT in the future internet. To put the numbers in perspective, if the current pool of IPv4’s 4.3 billion addresses were the size of a golf ball, the new IPv6’s 340 undecillion address space would be about the size of the sun.

IPv4 to IPv6 – The network problem 
IPv4 and IPv6 are completely separate Network layer protocols that cannot interact directly. As the internet community rolls out IPv6, what is actually happening is the build out of a second, logical IPv6 internet, which runs in parallel and over the same physical Layer1 &2 infrastructure as the current IPv4 internet, with the eventual goal of phasing out the IPv4 Internet.

Since there is no set time limit when everything must be IPv6 network providers need to design and implement mechanisms that allow networks to work on IPv4 and IPv6 at the same time, and also, in preparation for the eventual date when IPv4 address space is completely exhausted, have a solution where they can deploy IPv6 only sites that can still communicate with the IPv4 Internet.

IPv4 to IPv6 – the solutions
Dual-Stack
Dual stack means that all devices are able to run both IPv4 and IPv6 in parallel. This is the solution that should be implemented now as it offers flexibility and coexistence, allowing users to reach both IPv4 and IPv6 simultaneously.

Dual stack does not require any tunnelling over networks as IPv4 and IPv6 work independently of each other. This allows for a granular migration of services from IPv4 to IPv6 over time.

Dual-Stack Lite

Dual Stack Lite is a solution which is primarily adopted for broadband solutions. Its design does not require any registered IPv4 address space to be assigned to a Customer site. In this design only IPv4 private addresses for the LAN clients are used and IPv4 in encapsulated in IPv6 over the WAN.

The network provider implements a Carrier Grade NAT (CGN) device within its network infrastructure and the Dual Stack Lite CPE uses its unique IPv6 connection to deliver packets to the CGN which has a pool of IPv4 addresses.

mdnx

Ethernet Cable – Color Coding Diagram


The information listed here is to assist Network Administrators in the color coding of Ethernet cables. Please be aware that modifying Ethernet cables improperly may cause loss of network connectivity. Use this information at your own risk, and insure all connectors and cables are modified in accordance with standards. The Internet Centre and its affiliates cannot be held liable for the use of this information in whole or in part.

T-568A Straight-Through Ethernet Cable

The TIA/EIA 568-A standard which was ratified in 1995, was replaced by the TIA/EIA 568-B standard in 2002 and has been updated since. Both standards define the T-568A and T-568B pin-outs for using Unshielded Twisted Pair cable and RJ-45 connectors for Ethernet connectivity. The standards and pin-out specification appear to be related and interchangeable, but are not the same and should not be used interchangeably.

T-568B Straight-Through Ethernet Cable

Both the T-568A and the T-568B standard Straight-Through cables are used most often as patch cords for your Ethernet connections. If you require a cable to connect two Ethernet devices directly together without a hub or when you connect two hubs together, you will need to use a Crossover cable instead.

RJ-45 Crossover Ethernet Cable

A good way of remembering how to wire a Crossover Ethernet cable is to wire one end using the T-568A standard and the other end using the T-568B standard. Another way of remembering the color coding is to simply switch the Green set of wires in place with the Orange set of wires. Specifically, switch the solid Green (G) with the solid Orange, and switch the green/white with the orange/white.

Ethernet Cable Instructions:

  • Pull the cable off the reel to the desired length and cut. If you are pulling cables through holes, its easier to attach the RJ-45 plugs after the cable is pulled. The total length of wire segments between a PC and a hub or between two PC’s cannot exceed 100 Meters (328 feet) for 100BASE-TX and 300 Meters for 10BASE-T.
  • Start on one end and strip the cable jacket off (about 1″) using a stripper or a knife. Be extra careful not to nick the wires, otherwise you will need to start over.
  • Spread, untwist the pairs, and arrange the wires in the order of the desired cable end. Flatten the end between your thumb and forefinger. Trim the ends of the wires so they are even with one another, leaving only 1/2″ in wire length. If it is longer than 1/2″ it will be out-of-spec and susceptible to crosstalk. Flatten and insure there are no spaces between wires.
  • Hold the RJ-45 plug with the clip facing down or away from you. Push the wires firmly into the plug. Inspect each wire is flat even at the front of the plug. Check the order of the wires. Double check again. Check that the jacket is fitted right against the stop of the plug. Carefully hold the wire and firmly crimp the RJ-45 with the crimper.
  • Check the color orientation, check that the crimped connection is not about to come apart, and check to see if the wires are flat against the front of the plug. If even one of these are incorrect, you will have to start over. Test the Ethernet cable.

Ethernet Cable Tips:

  • A straight-thru cable has identical ends.
  • A crossover cable has different ends.
  • A straight-thru is used as a patch cord in Ethernet connections.
  • A crossover is used to connect two Ethernet devices without a hub or for connecting two hubs.
  • A crossover has one end with the Orange set of wires switched with the Green set.
  • Odd numbered pins are always striped, even numbered pins are always solid colored.
  • Looking at the RJ-45 with the clip facing away from you, Brown is always on the right, and pin 1 is on the left.
  • No more than 1/2″ of the Ethernet cable should be untwisted otherwise it will be susceptible to crosstalk.
  • Do not deform, do not bend, do not stretch, do not staple, do not run parallel with power cables, and do not run Ethernet cables near noise inducing components.

Basic Theory:

By looking at a T-568A UTP Ethernet straight-thru cable and an Ethernet crossover cable with a T-568B end, we see that the TX (transmitter) pins are connected to the corresponding RX (receiver) pins, plus to plus and minus to minus. You can also see that both the blue and brown wire pairs on pins 4, 5, 7, and 8 are not used in either standard. What you may not realize is that, these same pins 4, 5, 7, and 8 are not used or required in 100BASE-TX as well. So why bother using these wires, well for one thing its simply easier to make a connection with all the wires grouped together. Otherwise you’ll be spending time trying to fit those tiny little wires into each of the corresponding holes in the RJ-45 connector.

incentre

 

Basic Differences Between CAT5, CAT5E, CAT6, CAT6e, CAT6a Cables


Basic Difference Between CAT6,CAT6e and CAT6a Cables

Basic Difference Between CAT5 and CAT5E Cables

Category 5
Category 5 cabling transmits at a frequency of 100MHz. This provides a rated line speed of up to 100Mbit/s and a cable segment length of 100 meters maximum. Most Category 5 cables, were designed for earlier networks replacing cat 3, only used two twisted pairs of wires. However, older Category 5 cabling continues to make up the majority of the world’s network cabling infrastructure.

Category 5e
Category 5e was later introduced as an improved specification to the very popular Category 5 that replaced Cat 3.  The improvement was in noise reduction. By reducing the noise and signal interference beyond Cat 5, Category 5e rated transfer speeds increased to 350 Mbit/s over 100 meters. The new 5e cabling standard however also required all the cabling to include four twisted pairs not just two like with Cat 5. All eight contacts has to be used. Cat 5e introduced and optimized encoding scheme that allows up to 50-meter lengths of Category 5e cable to provide at or near Gigabit Ethernet (1000BASE-T) speeds. This was during the era of the early stages of Gigabit

Category 6
Gigabit Ethernet (1000BASE-T) became mainstream and required new industry-standard cables capable of transmitting at a higher frequencies than Cat 5e to go beyond the 50 meter limitation. Cat 6e transmits at 250 MHz. The new Category 6 cable uses thicker-gauge wire to attain the higher frequencies, it has increased shielding, and more pair twists per inch to reduce signal noise and interference. The new tighter specifications introduced with Cat 6 cabling guarantee that 100-meter runs of Category 6 are capable of 1000 Mbit/s transfer speeds. As with 5e reducing the cable length can achieve higher speeds than the category types design goal so 10-Gigabit Ethernet speeds can be achieved  when reducing cable lengths to less than 50 meters.

Category 6e
The limitation of 50 meters of 10Gugabit was over come with Category 6 Enhanced (6e).  Cat 6e is an augmented specification designed to double transmission frequency of Cat 6 to 500 MHz. It has the more pair twists per inch as does Cat 6 but it’s also wrapping Category 6 in grounded foil shielding, a full 10-Gigabit Ethernet speeds can be achieved without sacrificing the max cable length of 100 meters.

Category 6a
Category 6a (or Augmented Category 6) is defined at frequencies up to 500 MHz—twice that of Cat. 6 but he same as 6e. Because it is shielded, Cat 6a performs at improved specifications over 6 and 6e, in particular in the area of alien cross-talk when compared to Cat 6 UTP   Cat 6 UTP exhibited high alien noise in high frequencies.6A. To reduce the noise, 6a EA specification (not EIA/TIA) require a new generation of connecting hardware that offers far superior performance. 6A connectors performs 3 dB better than a Cat 6a connector that conforms with the EIA/TIA specification. 3 dB equates to 100% increase of near-end cross-talk noise reduction. 

PC Tech Go

Mikrotik Userman Logs backup & removal


# Created by Abubaker Siddiq Lasania
# Virtual IT Support
# Tested on ver 5.x & 6.x
# November 24,2013

:log info "Mikrotik User Manager Data Base ........ by Abu Baker Siddiq Lasania"

:delay 5s
:log info "Saving  Logs Data Base... Please Wait......."
/tool user-manager database save-log name=( . "logs_save_". [/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]);

:delay 10s
:log info "Clearing Log Data Base... Please Wait......."
/tool user-manager database clear-log
:delay 20s
:log info "Data Base Clear ... Now Rebuilding Data Base......."
/tool user-manager database rebuild
:delay 20s
:log info "Data Base Rebuild Complete...."

How to clear log and rebuild database with scheduler


Many of people required to clear log’s on daily bases for those use this script.

You can edit frequency of clear database by set day.
In this script i have set 1 day.


/system script

add name=usermanager policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source="/tool user-manager database clear-log\r\
    \n/tool user-manager database rebuild\r\
    \n"


/sys scheduler
add disabled=yes interval=1d name=usermanager_sch on-event=usermanager \
    policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-date=nov/22/2013 start-time=09:23:50

How to Block VPN User in Mikrotik


Now a day’s Goverment Block Several sites such as porn , youtube … etc etc. Client / User use several type of VPN Server’s such as HOTSPOT SHIELD , ULTRA SURF, OPEN VPN… etc etc.

if you wish to block vpn(pptp)
So now create a simple rule in mikrotik firewall filter.

/ip firewall filter
add action=drop chain=forward comment="DROP VPN / PPTP" disabled=no \
    protocol=gre

Or

If you allow some user’s to use vpn(pptp) simple create user ip list at


/ip firewall address-list
add address=192.168.100.100 disable=no list=Allowed-pptp

/ip firewall filter
add action=drop chain=forward comment="DROP VPN / PPTP" disabled=no \
    protocol=gre src-address-list="Allowed-pptp"

Vpn Book Setup Guide


* 1st visit here to get ur VPN username and password
http://www.vpnbook.com/#pptpvpn
and replace ur username / password and server address bold and italic fields …

Server #1: euro195.vpnbook.com
Server #2: euro213.vpnbook.com
Server #3: uk180.vpnbook.com (UK VPN – optimized for fast web surfing; no p2p downloading)
Server #4: us1.vpnbook.com (US VPN – optimized for fast web surfing; no p2p downloading)

/interface pptp-client
add name="pptp-out1" max-mtu=1400 max-mru=1400 mrru=disabled connect-to=us1.vpnbook.com \
user="pptp" password="password" profile=default-encryption add-default-route=no \
dial-on-demand=no allow=pap,chap,mschap1,mschap2

/ip firewall nat
add chain=srcnat action=masquerade out-interface=pptp-out1


* Please Change SRC ADDRESS with your LOCAL SERVER


/ip firewall mangle
add chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=yes \
src-address=192.168.88.1-192.168.88.254

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pptp-out \
    routing-mark=vpn scope=30 target-scope=10

Mikrotik Backup version 1


In this below code create backup of your system every 1 day include User Manager Radius.

Please Join me at Facebook.
http://www.facebook.com/groups/virtualitsupportpk
http://www.facebook.com/virtualitsupportpk


# nov/20/2013 13:57:34 by RouterOS 5.20
# Virtual IT Support Demo-Machine

/system script
add name=backup policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="/system backup save name=([/system identity get nam\
    e] . \"-\" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]);\r\
    \n/tool user-manager database save name=([/system identity get name] . \"-\" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get\
    \_date] 0 3] . [:pick [/system clock get date] 4 6]);\r\
    \n"

/system scheduler
add disabled=no interval=1d name=backup_sched on-event=backup policy=read,write start-date=nov/20/2013 start-time=00:01:00