RouterOS中文手册2.docx
- 文档编号:3427156
- 上传时间:2022-11-23
- 格式:DOCX
- 页数:13
- 大小:21.30KB
RouterOS中文手册2.docx
《RouterOS中文手册2.docx》由会员分享,可在线阅读,更多相关《RouterOS中文手册2.docx(13页珍藏版)》请在冰豆网上搜索。
RouterOS中文手册2
ISP级软件路由器之王
RouerOS宽带接入服务器
用户手册(下部)
――配置指南
RouerOS系列宽带接入服务器配置指南内容摘要
一.概述.................................................................3
1.RouerOS宽带接入服务器的网络接口类型...............................3
2.RouerOS宽带接入服务器具有以下网络功能.............................3
二.基本的配置管理........................................................5
11.系统的缺省帐号...................................................5
12.登录方式.........................................................5
13.命令行配置的基本操作.............................................6
1远程管理-权限管理..........................................7
15.日志管理.........................................................8
19
17.系统时间设置.....................................................10
8.系统热启动.......................................................10
三.物理接口的配置管理....................................................10
四.查看当前配置..........................................................11
4.1查看全部配置....................................................11
4.2查看子项配置....................................................11
五.IP参数配置...........................................................11
11.路径:
...........................................................11
12.功能:
...........................................................11
13.配置IP地址及路由................................................12
14.配置Firewall....................................................14
15.配置IPService,限定远程管理RouerOS的地址和方式................16
16.配置Hotspot(WEB认证).........................................16
17.配置IPPool.....................................................16
18.启用NAT后的策略路由配置.........................................16
六.配置ppp参数.........................................................21
1.配置PPP模板....................................................22
2.配置Radius-client..............................................22
七.PPPoE配置...........................................................23
八.HOTSPOT配置.........................................................25
九.VLAN配置............................................................30
十.VPN配置.............................................................31
10.1PPTPVPN......................................................31
10.2EOIPVPN......................................................32
十一.DHCP配置..........................................................33
11.1DHCPServer...................................................33
MAC地址(及IP地址)与端口绑定.................................34
十二.防火墙配置.........................................................35
12.1防“冲击波”病毒..............................................35
十三.配置文件的备份与恢复...............................................36
11.显示文件系统....................................................36
12.备份配置文件....................................................36
13.恢复配置文件....................................................37
14.配置文件上载与下载..............................................37
15.配置复位........................................................37
16.查看系统资源状况................................................37
27.监视端口流量....................................................37
Reference:
.............................................................37
八.HOTSPOT配置
Hotspot的工作原理是:
用户打开浏览器,浏览器将地址解析请求发给DNS服务器,DNS完成地址解析后
反馈给客户端所以在保证BAS的Hotspot配置正确的情况下,要令客户端在打开浏览器时弹出认证窗口,
必须保证BAS与DNS的路由畅通。
方法一.使用setup向导:
[admin@RouerOS]iphotspot>
reset-htmlResetcurrenthotspotHTMLpage
activeHotSpotactiveuserlist
profileHotSpotuserprofilemanagement
userHotSpotlocaluserlist
serverHotSpotDHCPprofilemanagement
aaaAAA(Authentication,AuthorizationandAccounting)configuration
cookieHotSpotactiveHTTPcookielist
printPrintcurrentconfigurationandstatus
getGetvalueofconfigurationproperty
setChangehotspotconfiguration
exportExporthotspotsettings
setupSetupwizardforhotspotconfiguration
universalUniversalclientconfiguration
在配置第一个hotspot接口时建议使用向导,这样可以快速的完成配置。
注意,如果要通过AAA服
务器计费,则需配置/radius和/iphotspotaaa。
方法二.手工配置:
可以使用addcopy-from命令,下面蓝色部分为新增加的配置。
在完成第一个接口的配置后,后续的接口配置只能以手工的方式进行。
□1.配置/iphotprofile//认证账户属性要关联profile[admin@RouerOS]iphotspotprofile>
priFlags:
*-default0*name="default"session-timeout=0sidle-timeout=0sonly-one=yes
□tx-bit-rate=0rx-bit-rate=0incoming-filter=""outgoing-filter=""mark-flow="hs-auth"
login-method=smartkeepalive-timeout=2mhotspot认证使用动态ip还是静态ip在profile中由
login-method配置。
□2.配置/ippool[admin@RouerOS]ippool>pri#NAMERANGES0hs-pool-temp
192.168.0.2-192.168.3.2541hs-pool-real10.5.4.1-10.5.5.010.5.5.2-10.5.7.254
□新增加一个ippool:
[admin@RouerOS]ippool>addname=hs-pool-real1
ranges=10.25.25.2-10.25.25.254
□3.配置/ipadd在Hotspot接口上配置IP,作为客户端的静态网关或dhcp_serv的网关:
[admin@RouerOS]ipaddress>priFlags:
X-disabled,I-invalid,D-dynamic#ADDRESSNETWOR
BROADCASTINTERFACE010.255.255.200/2410.255.255.010.255.255.255eth01;;;hotspottemporary
network192.168.0.1/22192.168.0.0192.168.3.255v122;;;hotspotnetwork10.5.5.1/2210.5.4.0
10.5.7.255v12
□310.25.25.1/2410.25.25.010.25.25.255eth1
□4.配置/ipdhcp-server[admin@RouerOS]ipdhcp-server>priFlags:
X-disabled,I-invalid
0name="hs-dhcp-server"interface=v12lease-time=14saddress-pool=hs-pool-tempnetmask=22
gateway=192.168.0.1src-address=0.0.0.0dns-server=202.103.96.112domain=""wins-server=""
add-arp=yes
□#新增加一个dhcp-server,注意gateway参数1name="hs-dhcp-s1"interface=eth1
lease-time=14saddress-pool=hs-pool-real1netmask=24gateway=10.25.25.1src-address=0.0.0.0
dns-server=202.103.96.112domain=""wins-server=""add-arp=no
25.配置/iphotserver//可以不用增加配置[admin@RouerOS]iphotspotserver>pri0
name="hs-server"dhcp-server=hs-dhcp-serverlease-time=1mlogin-delay=10s
address-pool=hs-pool-realnetmask=22gateway=10.5.5.1
1name="hs-s1"dhcp-server=hs-dhcp-s1lease-time=1mlogin-delay=10s
address-pool=hs-pool-real1netmask=22gateway=10.25.25.1
6.配置防火墙规则//可以不用配置
①/ipfireruleforw:
[admin@RouerOS]ipfirewallruleforward>priFlags:
X-disabled,I-
invalid,D-dynamic0;;;limitaccessforunauthorizedhotspotclients
src-address=192.168.0.0/22:
0-65535in-interface=v12dst-address=0.0.0.0/0:
0-65535
out-interface=allprotocol=allicmp-options=any:
anytcp-options=anyconnection-state=any
flow=""connection=""content=""src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0
limit-time=0saction=jumpjump-target=hotspot-templog=no
#下面是新增加的接口eth11;;;limitaccessforunauthorizedhotspotclients
src-address=10.25.25.0/24:
0-65535in-interface=eth1dst-address=0.0.0.0/0:
0-65535
out-interface=allprotocol=allicmp-options=any:
anytcp-options=anyconnection-state=any
flow=""connection=""content=""src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0
limit-time=0saction=jumpjump-target=hotspot-templog=no
2;;;accounttrafficforauthorizedhotspotclientssrc-address=0.0.0.0/0:
0-65535
in-interface=alldst-address=0.0.0.0/0:
0-65535out-interface=allprotocol=all
icmp-options=any:
anytcp-options=anyconnection-state=anyflow=""connection=""
content=""src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0limit-time=0s
action=jumpjump-target=hotspotlog=no
②配置/ipfirerulehotspot-temp:
[admin@RouerOS]ipfirewallrulehotspot-temp>priFlags:
X
-disabled,I-invalid,D-dynamic0;;;return,ifconnectionisauthorized
src-address=0.0.0.0/0:
0-65535in-interface=alldst-address=0.0.0.0/0:
0-65535
out-interface=allprotocol=allicmp-options=any:
anytcp-options=anyconnection-state=any
flow=hs-authconnection=""content=""src-mac-address=00:
00:
00:
00:
00:
00limit-count=0
limit-burst=0limit-time=0saction=returnlog=no1;;;allowpingrequests
src-address=0.0.0.0/0:
0-65535in-interface=alldst-address=0.0.0.0/0:
0-65535
out-interface=allprotocol=icmpicmp-options=any:
anytcp-options=anyconnection-state=any
flow=""connection=""content=""src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0
limit-time=0saction=returnlog=no2;;;allowdnsrequestssrc-address=0.0.0.0/0:
0-65535
in-interface=alldst-address=0.0.0.0/0:
53out-interface=allprotocol=udpicmp-options=any:
any
tcp-options=anyconnection-state=anyflow=""connection=""content=""
src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0limit-time=0saction=return
log=no3;;;rejectaccessforunauthorizedhotspotclientssrc-address=0.0.0.0/0:
0-65535
in-interface=alldst-address=0.0.0.0/0:
0-65535out-interface=allprotocol=all
icmp-options=any:
anytcp-options=anyconnection-state=anyflow=""connection=""content=""
src-mac-address=00:
00:
00:
00:
00:
00limit-count=0limit-burst=0limit-time=0saction=reject
log=no
7.配置防火墙NAT
①src-nat:
[admin@RouerOS]ipfirewallsrc-nat>priFlags:
X-disabled,I-invalid,
D-dynamic0;;;masqueradehotspottemporarynetworksrc-address=192.168.0.0/22:
0-65535
dst-address=0.0.0.0/0:
0-65535out-interface=allprotocol=allicmp-options=any:
anyflow=""
connection=""content=""limit-count=0limit-burst=0limit-time=0saction=masquerade
to-src-address=0.0.0.0to-src-port=0-655351;;;masqueradehotspotnetwork
src-address=10.5.4.0/22:
0-65535dst-address=0.0.0.0/0:
0-65535out-interface=allprotocol=all
icmp-options=any:
anyflow=""connection=""content=""limit-count=0limit-burst=0
limit-time=0saction=masqueradeto-src-address=0.0.0.0to-src-port=0-65535
2;;;masqueradehotspotnetworksrc-address=10.25.25.0/24:
0-65535
dst-address=0.0.0.0/0:
0-65535out-interface=allprotocol=allicmp-options=any:
anyflow=""
connection=""content=""limit-count=0limit-burst=0limit-time=0saction=masquerade
to-src-address=0.0.0.0to-src-port=0-65535
□②dst-nat:
[a
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- RouterOS 中文 手册