[研究所] MikroTik RouterOS 學習 (持續更新)

再請問一下~~

中華電信舊的專線線路..通常都會需要接一台cisco的router
有一組wan的ip是給中華機房連線用的
lan的ip就是核發給用戶的對外連線ip..

請問如果沒有那台cisco,,在routeros上..該怎麼設定wan ip跟lan ip??

不知道有人看的懂我在問什麼嗎,怕表達不夠明白!?

happysong526 wrote:
我現在只會用simple queues對單台電腦每一台都設定5M/500K ,因為不會所有電腦都同時用滿5M/500K
但是當大家真的都同時用..就可能擠爆這兩條線.大家都一起變的很慢,尤其是100M/20M這條


應該考慮用 queue tree (mangle),效果絕對會好很多

happysong526 wrote:
請問如果沒有那台cisco,,在routeros上..該怎麼設定wan ip跟lan ip?? ...(恕刪)


這取決於你的專線型式, 除非你的專線是 Ethernet 接口, 例如有的專線是 V.35, 你就只能用 cisco 的設備去轉換.
FB:VoIP電話技術交流

pctine wrote:
這取決於你的專線型式...(恕刪)


型式@@?.....這就不懂了

目前是使用QNO裡面的一種 "路由NAT混合"
它有廣域網+局域網設定..剛好符合..我說的專線wan跟lan設定

我是想說把他換成routeROS..不知道這點怎麼設定??



chrisintaipei wrote:
應該考慮用 queu...(恕刪)


謝謝~~我試試看...
之前也有用前面的教學使用queue type+ simple queue 結果弄不出來.
整條線是限制住max了...但在interface那邊如果不選 all 的話...
單單選wan1或wan2會限速不起來= =.不知道問題在哪 ....
選all可以限但跟我要的兩條線分開限制max不符合...

這幾天再試試您說的queue tree看看 .還沒有用過
pctine wrote:
How to blo...(恕刪)


請教關於block websites,
以RB450G來說,多少個會影響到效能?(有建議數量?)
或是有比RB450G效能還要好的機種...($8000以下)

mdigital wrote:
請教關於block websites,
以RB450G來說,多少個會影響到效能?(有建議數量?) ...(恕刪)


沒有實測過, 但效能影響應該不是那麼明顯. 畢竟一般靠 DNS query 來 block web site 的做法大家都能接受了, 在 local database 查詢的速度應該也不會太慢, 你可以先上線試看看能否達到你的要求.
FB:VoIP電話技術交流
解決了!刪除! delete! delete!
RouterOS 6.2 發布.

What's new in 6.2 (2013-Aug-02 10:37):

*) console - added "on-error" argument to ':do' command that is executed
if command raises error;
*) hotspot - fixed chap error after failed http-chap login (broken in v6.1);
*) console - added new ':return' command that interrupts execution of script
and passes argument as return value if script was called as function;
*) routerboot - fixed upgrade from RouterOS (could fail on some units);
*) userman - fixed payment gateway response notify processing;
*) console - resolved issue with 'from-pool' propery in '/ipv6 address';
*) console - array value syntax in expressions '{1;2;3;4}' now can
specify values with word keys as '{a=1;b=2}';
*) console - added 'verbose' argument to '/import' command that enables
line-by-line script import. By default import whole script at once
and don't print it, as it was in version 6.0;
*) console - ':global', ':local' and ':set' commands have new parameter 'do'
that allows assigning block of commands to the variable;
*) console - global variables now are common to all users and are
available to all users with at least "read,write,test,policy" policy;
*) console - fixed parameter passing to scripts. Script parameters can
be accessed without declaring them with ':local' and ':global' commands.
For backwards compatibility global variables are first looked up in
script parametrs;
*) console - '$var 1 2 a="a" b="b"' syntax for passing parameters to commands
stored in a variable. Parameters are accessed as '$1' '$2' '$a' '$b';
*) ipsec - fixed peer address matching;
*) ups - query smart ups capabilities before issuing any commands;
*) improved CCR responsiveness on other interfaces when one interface is under attack;
*) sms tool - added sim-pin setting;
*) dhcp server - framed routes are now also added to the server routing table;
*) dhcpv6 server - added binding-script option;
*) proxy - allow multiple src-address for ipv4 and ipv6;
*) eoip,gre tunnels could occasionally crash multicore router;
*) fixed bug - sometimes some types of interfaces would stop working;
*) ipsec sometimes could crash kernel on CCR;
*) connection tracking sometimes could crash kernel on CCR;
*) ppp,pptp,l2tp,sstp - added default-route-distance parameter;
*) scep - "/cert scep ra" merged into "/cert scep client" without saving ra config;
*) ipsec - fix phase1 autonegotiation on little endian platforms;
*) pppoe server - allow service with empty service-name to accept all pppoe clients;
*) lcd - current-screen option is replaced with "/lcd show" command
*) lcd - current-interface option is replaced with "/lcd interface display" command
*) graphing - make graphs stable on ppp & ovpn interfaces;
*) www, hotspot - fixed problem when www service stopped responding on high load;
*) winbox, webfig: allow to enter space in the text fields;
*) webfig - fixed configuration of VPLS & routing filters;
*) lcd - added option for enabling or disabling the touch screen;
*) lcd - added options for screen switching;
*) lcd - up to 10 non-physical interfaces can now be added to the lcd;
*) lcd - all interface graph screen can now be customized from /lcd interface page;
*) backup - changed default backup file name to <id>-<YY><MM>
-<HHMM>.backup
for file browsers to sort them properly;
*) webfig - it did not work in Opera;
*) webfig - made terminal work again;
*) winbox - added ability to fully set up traffic generator in winbox;
*) trafficgen - allow ranges for ip addrs and udp ports;
*) trafficgen - add tcp header support;
*) queue simple - fixed bug - actual queue order sometimes was wrong;
*) queue simple - queue is not invalid when at least one of target interfaces is up;
*) fixed crash when setting master-port on AR8327 switch chips;
*) fixed addresslist - dynamic entries sometimes would still
show up even afther being timed out;
*) added /ip settings allow-hw-fast-path setting to control AR8327N hardware ipv4 fast path;
*) vrrp - allow more than one vrrp on interface;


不曉得這個 "*) added /ip settings allow-hw-fast-path setting to control AR8327N hardware ipv4 fast path;" 是做什麼用的? 另外原廠 wiki 也並未提到那款 RouterBoard 使用 AR8327N switch chip.
FB:VoIP電話技術交流
Fast Path

常常看到網友 vxr 提到所謂的 fast path, 但自己對於這項功能並不熟悉, 只曉得它可以讓 firewall 加速處理封包的技術, 剛好在 RouterOS 6.2 release note 中有提到針對 AR8327N switch chip 加了這個 command 進來, 所以稍為 google 了一下.

原廠 Manual:Fast Path

(節錄)
Fast path allows to forward packets without additional processing in the Linux kernel. It improves forwarding speeds significantly.

For fast path to work, interface support and specific configuration conditions are required.

看來只有特定的 RouterBoard 機型支援此功能, 而且要符合 Fast Path 加速的處理封包, 還有很多的限制.

先看看原廠文件所註冊的幾項:
IPv4 handler

IPv4 fast path is automatically used if following conditions are met:

*firewal rules are not configured,
*Traffic flow is disabled /ip traffic-flow enabled=no
*Simple and queue trees with parent=global are not configured.
*source interface is not bridge port or bonding slave
*destination interface queue is set to only-hw-queue and no queue tree entries with *parent="dst interface"

小弟的 2011UAS Router 在 LAN 部份就是把 wi-fi & local-lan 做 bridge, 看來如果要符合 fast path 條件, 此部份要把它各自切成兩個網段. 另外在 2011UAS gigabit Port & 10/100M Port 之間也是用 bridge 串起來, 此部份也要修正.
FB:VoIP電話技術交流
評分
複製連結
請輸入您要前往的頁數(1 ~ 736)