đź“—MikroTik MTCNA - PPP & PPPoE

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome back this is the network berg and in this lecture we'll be going over tunneling on marketing devices specifically stuff like vpn tunneling and triple poe um there's so many different types of services that marketing allows you to provide to customers and this is something that you might see in the isp space if you're an isp and you're delivering services you might have clients connecting over triple poe and this is a great uh tutorial just to kind of show you what what is happening how do isps do this and it's it's going to be a lot of fun so let's get into the video alrighty i've got a little even g topology here and the best place that i can think of us to begin is with triple poe it's one of the oldest services around customers have been using it for stuff like dial-up for stuff like adsl and even on their fiber to the home connections you'll you'll still see triple poe and it's such a powerful service and in essence what triple poe does is it is a means that allows a customer to connect a cable or something on the layer 2 so they'll connect the cable and a triple ple protocol will then allow them to connect to their isp and connect to a triple poe server and then from that server they'll be able to negotiate details like what their username and password is and then the server would look at those details and say okay cool you are who you say you are we'll provide you with a service so you're authenticated here is an ip address that you can use sir or madam and now enjoy your internet and that is kind of the gist how triple poe works um i'm not gonna go too deep into all of the the different mini things like the paddo packets and all of that stuff i'll put a link in the in one of the comments where you can read up about it but we'll just be looking at configuring a triple poe server as well as configuring the clients in this video so let's start doing that uh first things first i just want to get on this router one which will be our triple p server so i'm just going to connect to that now alrighty so let's head in winbox and then from here i'll connect onto my neighbor and let's just quickly discuss the package for triple p so if we look at our menus we've got a triple p menu and this is a system package so before you can enable any type of triple p services you need to make sure the package is running it does run by default so it's very rare that it might be disabled but just something to take note of um if we head into the triple p menu we can see there's a bunch of different things we can configure there's stuff like your interfaces triple poe servers and then there's these other buttons here at the bottom like a pptp server sstp server lttp server oh vpn server each having their specific needs and requirements and niches but um that is where you can go to configure these services with the triple p there's a few things you need to keep in mind you do have things called profiles and you do have things called secrets uh think of the secrets as the username and password that you configure for the service and your profile think of this is the thing that the users will be connecting against so think of this as having the settings that the users will be using which will enable them or allow them to effectively connect onto that service um i want to just go into something before we set up a profile in secret and that is namely point-to-point addressing or tunnel addressing so i might just open up something like notepad plus plus quickly i wonder if i can zoom in here because i'd like us to just quickly briefly talk about subnetting um let's see zoom there we go we can zoom in all right so what i want us to do is we need to configure ip addressing between our server and client and typically the smallest ip or subnet that you can use is a slash 30 network so let's just for example say i use 10.1.2.0 slash 30 for my first config and then i know 10.1.2.1 could be my server 10.1.2.2 could be my client and then 10.1.2.3 is your broadcast so this is not something you configure just like how 10.1.2.0 is going to be your network address now we have four ips here and the network and broadcast addresses are actually very wasteful because maybe we have a limited amount of ips that we want to assign or we don't want to assign slash 30s for every single triple p service that we deliver because that is actually very wasteful because we if we have a lot of customers that's going to consume your ip addressing up so much so since network engineers are so smart they developed a special subnet so we've got slash 32 which is a single host and then we've got slash 30 which is uh two hosts but it's uh got the network and broadcast address now this cool mechanism that we figured out is a slash 31 network so this is just a network and broadcast address but what is happening in this event is the hosts actually occupy the space of the network and broadcast address the network doesn't need to know that there's a network and it's not ever going to use that broadcast address because there's only two clients so whenever we use a slash 31 network we don't actually put in the ip addresses 10.1.2.1 31 that's not what you're going to do when you configure the ip addressing you actually just configure it as that's your address and then with micro tick you've got a network field and then in your network field you can actually put in um the remote size ip so i'll just quickly do that on a micro tick just to explain how you set up the addressing if you're statically doing that but we're going to be dynamically doing that with the profiles but let's add an address so you can see how slash 31 network actually works so what we can do is 10.1.2.1 or we can even make it zero if we want to so ten one two zero is the server and then one two um one is the remote side and that is a slash thirty one network it works just fine and it's just between two clients so there's nothing else in the network imagine this was just a direct cable in one client going to a different server or something two machines that's diff directly connected with each other all right so that is a slash 31 or point point-to-point addressing and then what we want to do is we want to create a profile for our triple poe i do recommend creating profiles per service because the profile allows you to specify certain settings like the ip addressing and if you want to add stuff like filters and lists and whatnot you can do that through the profile but the important bits in the profile i'd say just give it a name so you know what it is for so let's just call this the triple poe profile our local address so this is the ip address that my server will have and i do recommend statically putting that in so i'll use that 10.1.2 let's make it zero and see if this works so that is the local address and then our remote address if this was just to a single client i could fill this in like such and that would be fine but i'm if i'm using triple poe i'm probably going to be delivering the service to multiple customers not just the one so in this event i might actually just do the the good old sutureu and i'll go and create an ip pool so similar to dhcp that uses a pool to assign to the client triple poe can also use an ip pool to assign ips from that pool so here i've already got a pool created but let's just delete that create a new pool and we can call this our triple p oe pool we can set the addresses so we want to assign anything from 10 1 2 dot let's say dot 1 up to 10 1 2 2 5 5 let's let's do that and see how well this works let's just apply that so that's the ip addressing that it will use and then what we can do is in our remote address in the profile we can actually specify the pool so now it will use that pool and assign eyepiece from that pool whenever somebody connects i'm not going to tweak any of these other settings but as you see there are tabs that do have some extra uses that you can put in um there's stuff like you can put in a session timeout so how long the people can connect until it needs to reconnect you can use cues for some qa stuff and here's some scripts that you can also run let's apply this and now we've got a profile so this profile is what we will use for our secrets again the secrets is just a username and password that we're configuring that the remote side can use to connect with so in this case i'll set up something called client one it will be the user name their password will be one two three four five six and the service i can set it to a specific server so i can make it any so if there were multiple services that client would be able to connect with any of those services but it is pretty let's say insecure to do that so make sure that you set your service as well so let's say this is triple poe and caller id you can specify that as a specific mac or ip address but we'll just leave that blank in this instance and now we can select our profile so i can say this is triple poe profile i can also inject routes to the client or i can see various other things here let's just apply this secret so now we have a secret that is set to a specific profile and then what we can do now is we can actually enable the service so let's go to our triple poe servers and we can see there's no servers running currently and if i click on the plus we can actually set up multiple servers for the triple poe so if you want to use multiple different interfaces this is how you can use it but we're going to do a bit of a cheat and we're going to bridge some of our interfaces together and then use the bridge um to connect with but for for this let's just quickly set ether two so we can connect to our first client here the client one and we can also specify details like the mtu mru keep a live timeout and here we need to set our profile so i might set a profile like the triple poe profile here and you could set like one session per host so people can't use the same username password to log in multiple times from different locations um so that's something you can tick and i'll apply this we can leave the rest of the settings the same actually let's just give it the name triple p o e as well or triple p or e one all right great now we've got our interfaces here so if a client does authenticate with the triple poe it will create a dynamic interface on micro tick you can also see that in your interfaces tab here and if you wanted to make that interface static you could maybe just double click it copy it save it and then you could do multitudes of different things with those interfaces but let's just get the client to connect to the server now so we've got a triple poe server it's active it's running it's running on ether two at the moment so we need to configure router two so router two i'm just quickly going to enable ramon on this device and the server so i can configure through inbox so let's just do tool rom on set enabled yes and i'm just quickly doing this so that we can actually um get onto the device so ram on let's just enable that let me open up a new inbox session connect to rom on and then i should see that router there i do so let's connect to it so this is the router 2 and if we want to configure a triple p client we can go to triple p and we can click on the plus or you could do it from your interfaces as well it is there and there's a triple poe client so let's add a client and we could call this maybe to isp we can select which interface the triple p or e client is going to connect over so in my diagram it's ether one so i'm going to connect onto ether one then we get some dial out settings so the important settings here for me is your username which was client one and our password which is one two three four five six we don't need to set any profile here because we're not using any profile on the client side and just like the wan dhcp client we can specify stuff like use the pure dns add the default route uh all that good bits and then we get stuff like the status interface and i'm going to show you the status uh in a bit from the server side as well but let's just apply this maybe let's just see if we do a triple poe scan and we started on ether one does it pick anything up it does so it picks up there is a triple p or e1 service and what its mac address is so fantastic all right so let's apply this and then we can see there is a two dash isp it's actually connected already and it is the triple pe client we can see what mtu uh the interface is as well if i double click on this and i go to my status i can see it's connected what the uptime is and here are the important bits the local address is the ip address that's been assigned to me so 10.1.2.255 which is weird because that's that's usually a broadcast address right and the remote address is 10.1.2.0. so what i'm going to do is from my client let's just open up a terminal window and see can i ping 10.1.2.0 i can ping it so if i can ping it it obviously means that i could route to it i can see that it does have a default route that has been created um it might not have any breakout at the moment because i haven't uh set up any netting so let's just quickly do that as well just for interest site to see if um full internet is working so i'm not going to add any special type of matching it's just a masquerade rule for traffic that's leaving over the ether one to be masqueraded and this is now on our provider router let's go back to the client and now i can break out i can get to the internet this is amazing all right so we've effectively provided a triple poe service to a single customer let's just quickly provide it to multiple customers so what i'm going to do is um oh wait before we do that i also just wanted to show you the interface from the server side so that is to isp this is our server so on the server you can see there's the interface and it did create that dynamic interface and as i said you can copy this and just save it again and then it will create a server binding and from here you can typically see again what your addressing details is what the service is and which interface it was on all right perfecto so let's add multiple clients and in my topology i can see ether 3 and ether 4 is also connected to my router one but i only have the one service and i only want to keep the one service running i don't want to add multiple services because for me that's a bit messy to add a server for each interface uh so what i could potentially do is i'm just going to add a bridge i can call this bridge bridge one or let's just call it triple poe bridge and then in my ports i know that ether2 ether3 and ether 4 should belong to this bridge so these ports have been added to the bridge and if i go back to my services you can see it's saying service is not it's not allowed on a slave uh so let's just quickly set this interface to triple poe bridge apply that and now it works just fine so now with our topology all three of these interfaces are kind of in a bridge and we can use triple poe on any of the clients connecting so let's just configure the triple poe on router 3 and router 4 and this will be quick we'll just quickly do it from the command line so admin blank hey we forgot something we forgot something uh i need to navigate back to my server because i haven't created any user credentials for uh client two and three yet so let's just add them some services so i'll hit the plus i'll call this client two and that will be their username their password will be six five four three two one their service will be triple poe and i'll use the triple poe profile apply this and then let's just jump back to our client so i'm just going to do a interface triple p o e client add let's give it a name to isp let's give it the user is client 2 password was 654321 and anything else we want to set let's just make sure it's not disabled so let's just say disabled no and we need to specify our interface as well so the interface in this case is also just ether one because if i look at my topology it's ether one on all of the routers is connecting back to my server so let's hit enter and then if i do a interface print interface print we can see there's the two isp and i'm not seeing any connection yet let's just do an interface triple poe client export so that looks right to me let's just go to our server quickly and from our server let's see there's no interface i have selected the bridge for my poe the user credentials are correct so client two let's just make it six four four three two one again and let's just go back and try and connect all right it it connected it just took a while actually so let's just see that interface if i do a interface triple p oe client print detail we can actually see all of the details and i'd like to just do an ip address print so there's the ip addressing that's been assigned so my ip address is 10.1.2.254 now not 255 but my network is still 2.0 and if i do an ip route print i'm not getting a default route now because i didn't say that on the secret but let's just add a default route manually um so let's do ip route add destination zero zero zero zero zero and the gateway will be ten one two zero and let's see can i ping out ping eight eight eight eight yes i can awesome and just for that last bonus let's just quickly configure client three and remember we do need that username and password for them as well so let's just configure as a secret and let's call this super cool customer and their password is one two three four five six seven eight nine they are triple poe they're also on the triple poe profile i'll apply that actually let's just um yeah let's apply that and i'm going to jump back to my router 4 admin blank no so let's add the triple pa client interface triple p oe client add name super isp interface is ether1 user is a super cool client i think though that's what we made it super cool customer sorry super cool customer our password was one two three four five six seven eight nine and let's just make sure it's not disabled to disable no and let's hit okay and let's see if i do an ipaddress print i've actually received an ip and the ip address i've received this 1012.253 awesome let's just quickly add the route out as well ip route add destination zero zero zero zero gateway is uh ten one two zero and if i ping out it's it's failing uh let's just quickly see is my routing there iproud print oh i made an oopsy i only routed out dot zero so i didn't make it the slash zero so now we should actually have internet out all right so that wraps up the lesson this is how we can configure triple p services and specifically triple poe in the next lecture we'll be looking at stuff like pptp and sstp so thank you for watching the video i'll catch you in the next one bye you
Info
Channel: The Network Berg
Views: 1,473
Rating: undefined out of 5
Keywords: #Routers, #CCNA, #CCNP, #MTCNA, #MTCRE, #MTCINE, #Networking, #Computers, #Ethernet, #DHCP, #Configuration
Id: HU0szWPK8Xg
Channel Id: undefined
Length: 21min 32sec (1292 seconds)
Published: Mon Oct 25 2021
Related Videos
đź“—MikroTik MTCNA - Firewall Principles (Forward,Input,Output)
The Network Berg
1.7K
đź“—MikroTik MTCNA - L2TP
The Network Berg
948
đź“—MikroTik MTCNA - Bandwidth Testing
The Network Berg
1.1K
The beautiful PROMISE of this humorist to his deceased wife | Auditions 7 | Spain's Got Talent 2021
Got Talent España
2.8M
đź“—MikroTik MTCNA - Monitoring (Interface/Traffic Monitor, Graphing, SNMP, Profiler)
The Network Berg
1.2K
Getting Started: MikroTik Troubleshooting (Basics to Advanced)
The Network Berg
3.2K
The EMOTIONAL performance of this STREET SINGER | Auditions 1 | Spain's Got Talent 7 (2021)
Got Talent España
619K
Unms Mikrotik Integration
Ms.Fixit
10K
(4) True Guest WiFi with MikroTik Routers
Category5 Technology TV
14K
đź“—MikroTik MTCNA - DHCP Server, Client & Lease management
The Network Berg
905
đź“—MikroTik MTCNA - Backups, Resets and Re-imports
The Network Berg
446
New Firewall: Configuration of WAN, WAN2, LAN, LACP, VLAN, SDWAN and on a FortiGate 60E
KBTrainings
30K
Drone Programming With Python Course | 3 Hours | Including x4 Projects | Computer Vision
Murtaza's Workshop - Robotics and AI
1.7M
Revisiting the Supercapacitor - The Wait for Graphene is Over
Undecided with Matt Ferrell
553K
Getting Started: MikroTik Firewall
The Network Berg
24K
LEARN OPENCV C++ in 4 HOURS | Including 3x Projects | Computer Vision
Murtaza's Workshop - Robotics and AI
1.4M
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
367K
HomeLab Services Tour Late 2021 - What am I Self-Hosting in my HomeLab?
Techno Tim
59K
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
585K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.