Labels

Tuesday 7 August 2018

Ubiquiti Networks:-AirGrid M5 HP with AirGrid M5 HP (Access Point and Cpe Configuration )

AirGrid M5 HP(AP Configuration )

Models airGrid M2 HP
 Model: AG-HP-2G16 • 2412 - 2462 MHz
 • 16 dBi
• Antenna Size: 370 x 270 mm

The Device Specification.



The below picture of my Access point .


AirGrid M5 HP CPE Configuration.


Lets see the status of both AP and CPE.


AP Status.

CPE Status.


These are the basic configuration but There are some advance configuration to manage the frequency and noise in wireless network.


Lets see some of the important things .


How to change the IP address of the device.


Ubiquiti Networks:-LiteBeam 5AC 16 120 with LiteBeam M5 (Point To Multi-point )

LiteBeam 5AC 16 120(Access Point )



 Find the documentation of this device below.

https://dl.ubnt.com/guides/LiteBeam_ac/LiteBeam_LBE-5AC-16-120_QSG.pdf


How To access the Ubiquity.



Configuration:(AP)
-------------------



Wireless Mode:-I have selected as Access Point-Ptmp AiirMAX Mixed , Because my CPE's are not in AC categories of Ubiquity ,That's why  I have configured it as mixed .

SSID-Give the name of your AP name which will show you in your CPE's end to configure that CPE.And the WPA authentication should be same in both side.

NOTE:-The same SSID and password should be same  in the both side of Ap and CPE's end .

Output power selected as 20dBm.


CPE's Configuration :(LiteBeam M5)



The below picture is my CPE's configuration..
SSID,Password,WPA authintiocation should be same in AP and CPE as well.

The Device mode is configured as Station .


After Configuring the CPE devices you can see the status of CPE whether it is connected or not .
Lets check the status in main Page.




Lets check teh Status in AP and will see whether our cpe is connected or not .


Now its connected and as you can seen in my AP.

NOTE:--All the configuration are done in Latest Firmware .so if you cant see these options then you may have to upgraded the firmware .


Saturday 9 December 2017

Mikrotik:Bandwidth scheduling

The Limit of Different Bandwidth In Day and Night will be manged by Mikrotik according to your
requirement .As you have seen there are most of the person are configuring their bandwidth
scheduling on various types .

There are lot many ways to limit bandwidth for day and Night, but personally I found this is the easiest way, Here it is.

I have used Simple Queue, Script and Scheduler.

Suppose we have one network 192.168.20.0/24 and want to limit Bandwidth for day and Night Time.

My LAN Network 192.168.20.0/24

Bandwidth = 06:00am – 18:00pm – 1Mbps. <Max-Limit>
Bandwidth = 18:00pm – 06:00am – 2Mbps. <Max-Limit>

Create two simple queues for the same network with different Bandwidth Limit.

/queue simple
#name=”Day” target-addresses=192.168.20.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8
queue=default-small/default-small limit-at=512k/512k
max-limit=1M/1M total-queue=default-small

#name=”Night” target-addresses=192.168.20.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8
queue=default-small/default-small limit-at=1M/1M
max-limit=2M/2M total-queue=default-small
Now, write scripts

/system script
#name=”Day” source=/queue simple enable Day; /queue simple disable Night
#name=”Night” source=/queue simple enable Night; /queue simple disable Day
Finally, Schedule it

/system scheduler
#name=”Day” on-event=Day start-date=oct/13/2007 start-time=06:00:00 interval=1d
#name=”Night” on-event=Night start-date=oct/13/2007 start-time=18:00:00 interval=1d


The configuration is simple and based on your requirement you can make change the rule little bit .But here I am not making it different any way and the way of configuration will be same as above .

Monday 4 December 2017

Mikrotik:-EoIP in Mikrotik

Eoip is a layer 2 mechanism which is called as Ethernet over IP.

At this time I will share again about the material mikrotik, and still the same as before, this time we will still discuss about tunneling. The tunneling we will be using at this time, is the EoIP tunnel. EoIP itself, is a tunneling that works on layer2 that connects a network with other networks

For your own security, EoIP has very low security, because EoIP does not encrypt the packets sent via EoIP. But for its benefit, EoIP can connect the same network even in different areas.






Configuration

For configuration, of course, first configure ip address for the interface that will be used. For the ip address itself, make the local network R1 and R2 are in the same network because we will create an EoIP tunnel that works based on Layer 2. Next, configure EoIP on the router.


[admin @ R1]> / eoip interface
add local-address = 12.12.12.1 name = eoip1 remote-address = 12.12.12.2 tunnel-id = 10
[admin @ R2]> / interface eoip
add local-address = 12.12.12.2 name = eoip1 remote-address = 12.12.12.1 tunnel-id = 10

Based on the above configuration, we only need to define the local address and remote address of the router that wants to make tunneling. Then for the tunnel id, it will provide an identity for the tunneling made that the tunneling used is only for those using tunnel id 10. Next, configure the bridge.

[admin @ R1]> / interface bridge
add name = eoip
[admin @ R1]> / interface bridge port
add bridge = eoip interface = ether1
add bridge = eoip interface = eoip1

[admin @ R2]> / interface bridge
add name = eoip
[admin @ R2]> / interface bridge port
add bridge = eoip interface = ether1
add bridge = eoip interface = eoip1

Based on the above configuration, we create the eoip interface that has been dbuat earlier, "ter-bridge" with the interface to the local network that we have. This is because EoIP works on layer 2. So that the client router can connect with other routers, we only need to do the bridge configuration with the existing eoip interface on the router. If so, verify.

Thursday 9 November 2017

Mikroitk:MTU Issue in mikroitk for open up the specific websites !!

As I have experienced ,Most of the PPPoE users are facing the problem to open up some specific
websites when they are dialing the PPPoE from wireless modem/Wifi router. But when they are dialing from their PC directly then there is no problem with these kind of issues .


You may notice , The users will not be able to open up the certain banking websites and also some government websites as well .


Let me show you to find the problems easily and also you just have to play with the TCP Mss in your mikroitk NAS or Mikrotik Router .


lets start ...


TCP options string = 02040564010303020402080a0048792c00000000
MTU = 1420
MTU is not fully optimized for broadband. Consider increasing your MTU to 1500 for better throughput. If you are using a router, it could be limiting your MTU regardless of Registry settings.
MSS = 1380
MSS is not optimized for broadband. Consider increasing your MTU value.
Default TCP Receive Window (RWIN) = 16416
RWIN Scaling (RFC1323) = 2 bits (scale factor: 2^2=4)
Unscaled TCP Receive Window = 4104

In Windows 7, unless "TCP/IP Auto-Tuning" is disabled, only the Current TCP Window is displayed. Use the latest TCP Optimizer for tweaking.
You seem to be using Google Chrome. Note that Chrome can modify the TCP Window for sockets it creates under some OSes, and therefore servers may not get your OS-assigned RWIN value. FAQ
RWIN is not multiple of MSS. If your OS supports setting RWIN directly, consider changing it to a multiple of MSS for optimum performance.
Other RWIN values that might work well with your current MTU/MSS: 
63480  (up to 2 Mbit lines, depending on latency. MSS * 46)
126960 (1-5 Mbit lines, depending on latency. MSS * 46 * 2)
253920 (2-14 Mbit lines, depending on latency. MSS * 46 * 2^2)
507840 (8-30 Mbit lines, depending on latency. MSS * 46 * 2^3)
1015680 (25-60 Mbit lines depending on latency. MSS * 46 * 2^4) 
bandwidth * delay product (Note this is not a speed test):

Your current TCP Window limits you to: 657 kbps (82 KBytes/s) @ 200ms latency
Your current TCP Window limits you to: 263 kbps (33 KBytes/s) @ 500ms latency
Consider increasing your RWIN value to optimize TCP/IP for broadband.
MTU Discovery (RFC1191) = ON
Time to live left = 113 hops
TTL value is ok.
Timestamps (RFC1323) = ON
Note: Timestamps add 12 bytes to the TCP header of each packet, reducing the space available for useful data.





The above report I have captured from my TCP Analyzer to verify that what exactly the problem is being happening .


Lets create the TCP Mss rules for that and will try once .


Rule-1

 /ip firewall mangle
add action=change-mss chain=forward comment="Internet MSS Changing" disabled=\
    no new-mss=1452 out-interface=Internet protocol=tcp tcp-flags=syn \
    tcp-mss=1453-65535
add action=change-mss chain=forward disabled=no in-interface=\
    Internet new-mss=1452 protocol=tcp tcp-flags=syn tcp-mss=\
    1453-65535




Rule-2

/ ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn tcp-mss=1361-65535 action=change-mss new-mss=1360  disabled=no


Note-Don't run and Don't try to this both rules at a time .






Monday 4 September 2017

Tuesday 29 August 2017

Mikrotik:Conflicker virus port block in mikrotik

This is something  very important rules for mikrotik because sometimes you may see there are much traffic which is generated from your network using this port . So there are the ports which can be considered as Virus port .So you have to block these ports in your mikrotik .


this rules are tested and working successfully so you just have to make it copy and past in your
winbox terminal .


/ip firewall filter
add chain=forward action=drop protocol=tcp dst-port=135 comment="conficker virus block"


    add chain=forward action=drop protocol=tcp dst-port=139  comment="conficker virus block"


    add chain=forward action=drop protocol=tcp dst-port=5933 comment="conficker virus block"


    add chain=forward action=drop protocol=tcp dst-port=5933 comment="conficker virus block"


    add chain=forward action=drop protocol=udp dst-port=135 comment="conficker virus block"


    add chain=forward action=drop protocol=udp dst-port=137 comment="conficker virus block"


    add chain=forward action=drop protocol=udp dst-port=138 comment="conficker virus block"


    add chain=forward action=drop protocol=udp dst-port=445 comment="conficker virus block"


    add chain=forward action=drop protocol=tcp dst-port=445 comment="conficker virus block"