This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

quarta-feira, 30 de novembro de 2016

Wi-Fi - Dynamic Frequency Selection (DFS)

Dynamic Frequency Selection

DFS is a spectrum-sharing mechanism that allows wireless LANs (WLANs) to coexist with radar systems. It automatically selects a frequency that does not interfere with certain radar systems while operating in the 5 GHz band. DFS is a feature of ETSI BRAN HIPERLAN/2 and IEEE Standard 802.11h.

Overview

In some regions (predominantly Europe), it is important to ensure that WLAN equipment does not interfere with certain radar systems that are the primary users in the 5 GHz band. The DFS feature of the AP software searches for radar pulses in the frequency channel where it is operating, or during the autochannel scan. It constantly monitors errors in the received frames and analyzes the timing patterns for periodicity. If the pattern matches a radar signal, it instructs the WLAN equipment to discontinue operation on that channel as quickly as possible. The WLAN equipment reboots, then begins to operate on another frequency after checking that the new frequency is free of radar signals.

Operation

DFS detects radar interference and moves the wireless network to another frequency with no interference. It maintains a list of channels where radar has been detected in the NOL (non-occupancy list). The AP avoids using these channels for at least 30 minutes after detecting radar on them. When DFS is enabled, the AP:
  • Looks for radar detection before securing a frequency channel.
  • Scans continuously for radar signal patterns during normal operation.

Radar Signal

A conventional radar signal is a burst of pulses of a high frequency signal. When one burst is over, it is repeated after some duration, called sweep time. ITU has defined several different types of radar based on different frequencies, the number of pulses in a burst, and pulse repetition frequency within the burst. The sweep time is a result of radars that slowly rotate through 360 degrees, so that in a 30-second sweep period, the AP may be hit by the radar signal only for fraction of a second. During this hit, the AP sees a few pulses separated by a time interval (called the period), which is anywhere from 250 microseconds to 20 milliseconds. Each pulse can be 2 microseconds or smaller in width.

fonte: http://wifi-insider.com/wlan/dfs.htm

Hacker - Ataque a provedor de DNS revela tecnologia frágil e ultrapassada

Ameaças mostram que cibercriminosos estão deixando de atacar apenas sites ou aplicações para focar nos fornecedores de DNS e atingir vários alvos de uma só vez


shutterstock-vladikkk09-01
Recentemente, vários serviços online sofreram com um ataque à empresa de serviços DNS Dyn. Além de chamar a atenção para vulnerabilidades do DNS, o evento, considerado o maior ataque DDoS a usar o malware Mirai, também deu destaque às fraquezas da Internet das Coisas.

O malware Mirai, usado no ataque contra a Dyn, tira vantagens de uma série de falhas de dispositivos de IoT para comprometer aqueles que usam configurações de fábrica ou credenciais de acesso e senhas estáticas. Foi assim que cibercriminosos invadiram a rede da Dyn e prejudicaram serviços como Netflix, Twitter, Spotify, PayPal, Airbnb e vários outros.

Para o gerente regional da Varonis na América Latina, Carlos Rodrigues, infelizmente, o DNS nunca foi nunca foi construído tendo a segurança em mente e o mesmo acontece com várias outras tecnologias antigas. “O DNS é uma tecnologia antiga que a indústria ainda luta para atualizar, junto do fator único de autenticação e das conexões web sem criptografia”, explica.

Uma nova tendência em ataques
O ataque mostra o quanto o DNS é crítico para manter uma presença estável e segura na web. Como é responsável por converter nomes de domínio em endereços de IP numéricos, uma parte fundamental do acesso à internet, ameaças ao DNS mostram o quanto a internet é vulnerável e também que os cibercriminosos estão deixando de atacar apenas sites ou aplicações para focar nos fornecedores de DNS e atingir vários alvos de uma só vez.

Para Rodrigues, isso ressalta a importância dos processos de mitigação de DDoS nas empresas, mas também revela um grande problema, que é a responsabilidade dos fornecedores de serviços. “A mitigação de ataques de DDoS é tão importante para o DNS quanto para a proteção de servidores web e data centers, porém, mesmo que a empresa conte com seus próprios controles, continuará correndo riscos se seu fornecedor não aplicar os controles necessários em seus próprios servidores e data centers”, afirma.

Para isso, uma possível solução é contar com um serviço secundário de DNS de um diferente fornecedor. Assim, caso um sofra ataque, o outro poderá responder às solicitações de acesso e seu site ou serviço continuará funcionando normalmente.

Porém, o downtime não é o único perigo de ter fornecedores de serviços atacados por hackers. O cuidado de contratar empresas fornecedoras de serviços que sigam boas práticas de proteção e contem com controles essenciais de segurança também está relacionado à proteção dos dados a que o fornecedor terá acesso.

“Hoje as empresas precisam contar com um número cada vez maior de fornecedores para realizar uma série de funções. Muitas vezes, essas empresas precisam ter acesso a dados confidenciais. Se os fornecedores não protegerem esses dados adequadamente, um ataque pode ser devastador”, finaliza.


fonte: http://securityreport.com.br/destaques/ataque-provedor-de-dns-revela-tecnologia-fragil-e-ultrapassada/

terça-feira, 29 de novembro de 2016

Mikrotik - How to Save Mikrotik Logs to Remote ¨Syslog Server¨



syslog is a widely used standard for message logging. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.
Computer system designers may use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices, such as printers and routers, and message receivers across many platforms use the syslog standard. This permits the consolidation of logging data from different types of systems in a central repository. Implementations of syslog exist for many operating systems.
Each message is labeled with a facility code, and assigned a severity label. The facility code indicates the software type of the application that generated the message.
The destination of messages may be directed to various destinations, tuned by facility and severity, including console, files, remote syslog servers, or relays.
Most implementations provide a command line utility, often called logger, as well as a link library, to send messages to the log.
Some implementations include reporting programs for filtering and displaying of syslog messages. 
You Can Use Different Syslogs Servers

/system logging action
set 3 bsd-syslog=yes remote=192.168.88.253 syslog-facility=local0
/system logging
add action=remote topics=info


add action=remote topics=hotspot
add action=remote topics=interface
add action=remote topics=pppoe
add action=remote topics=warning
add action=remote topics=error

fonte: http://www.itlearnweb.com

Mikrotik - How to Secure Winbox and Limited Access



Mikrotik - Mikrotik Wireless Access Point and MAC Address Filtering


Mikrotik - Different Bandwidth for Day & Night



Maybe you have many users, institutions, and alike, that use the internet during the day. And maybe you have "power users" that have two jobs, come home at 19.00 and they want to make it all at once, read mail, chat, download with p2p programs, etc.

Let's say you have corporate users / institutions / government. People that arrive at 07.00 and leave the office 18.00 at most. You reserve them 1 mbit/s all the time. Most of your home users are using maximum bandwidth after 15.00 and just after midnight. You decide to allow them to use all the bandwidth you can afford, after the "big" clients get offline ( institutions, and alike, wich pay big money for quality services)

Download


/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=no \
interface=Lan limit-at=1M/1M max-limit=1M/1M name=Day packet-marks="" parent=none \
priority=8 queue=default-small/default-small target-addresses=192.168.5.0/24 total-queue=\
default-small
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=yes \
interface=Lan limit-at=2M/2M max-limit=2M/2M name=Night packet-marks="" parent=none \
priority=8 queue=default-small/default-small target-addresses=192.168.5.0/24 total-queue=\
default-small
/system script
add name=Day policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/queue simple enable Day; /queue simple disable Night"
add name=Night policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
source="/queue simple enable Night; /queue simple disable Day"
/system scheduler
add disabled=no interval=1d name=Day on-event=Day policy=\
ftp,read,write,winbox,api start-date=jun/06/2015 start-time=07:00:48
add disabled=no interval=1d name=Night on-event=Night policy=\
ftp,read,write,winbox,api start-date=jun/06/2015 start-time=12:00:00

 

fonte: http://www.itlearnweb.com

Mikrotik - Block Facebook with Layer7 Protocol

Layer7 Protocol 
^.+(facebook.com)*$
fonte: http://www.itlearnweb.com

Mikrotik - Block Facebook



/ip firewall filter
add action=drop chain=forward comment="BLOCK ''FACEBOOK'' HTTP" content=\
    facebook dst-port=80 protocol=tcp src-address=172.16.1.0/24
add action=drop chain=forward comment="BLOCK ''FACEBOOK'' HTTPS" content=\
    facebook dst-port=443 protocol=tcp src-address=172.16.1.0/24


fonte: http://www.itlearnweb.com

Mikrotik - MAC Address Filtering in Mikrotik Wireless Access Point


Mikrotik - How To Limit Facebook






SCRIPT
/ip firewall layer7-protocol
add comment="" name=facebook regexp="facebook|m.facebook.com|fbcdn.net"
/ip firewall mangle
add action=mark-packet chain=prerouting \
comment="Mark Packet Facebook" disabled=no \
layer7-protocol=facebook new-packet-mark=facebook \
passthrough=no
Queue Tree for 6,xx
/queue tree add name="Facebook" parent=global \
packet-mark=facebook limit-at=0 queue=default \
priority=8 max-limit=2M burst-limit=0 \
burst-threshold=0 burst-time=0s
                                      Queue Tree for 5,xx

/queue tree add name="Facebook" parent=global-out \
packet-mark=facebook limit-at=0 queue=default \
priority=8 max-limit=2M burst-limit=0 \
burst-threshold=0 burst-time=0s








fonte: http://www.itlearnweb.com

Mikrotik - Dual WAN Load Balancing pppoe-clients PCC

Result


########PPPoE-CLIENTS##########
/interface pppoe-client
add ac-name="" add-default-route=yes allow=pap,chap default-route-distance=1 dial-on-demand=no \
    disabled=no interface=ether1 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=\
    pppoe-out1 password=XXXX profile=default service-name="" use-peer-dns=yes user=\
    XXXXXX
add ac-name="" add-default-route=yes allow=pap,chap default-route-distance=1 dial-on-demand=no \
    disabled=no interface=ether2 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=\
    pppoe-out2 password=XXXXXXXXXX profile=default service-name="" use-peer-dns=yes user=\
    XXXXXXXXX


########FIREWALL MANGLE########
/ip firewall mangle
add chain=prerouting in-interface=pppoe-out1
add chain=prerouting in-interface=pppoe-out2
add action=mark-connection chain=prerouting dst-address-type=!local \
    new-connection-mark=wan1_conn per-connection-classifier=\
    both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local \
    new-connection-mark=wan2_conn per-connection-classifier=\
    both-addresses-and-ports:2/1
add action=mark-routing chain=prerouting connection-mark=wan1_conn \
    new-routing-mark=to_wan1
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
    new-routing-mark=to_wan2

########FIREWALL NAT#########
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1
add action=masquerade chain=srcnat out-interface=pppoe-out2

########IP ROUTE############
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 routing-mark=to_wan1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 routing-mark=to_wan2 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out1 scope=30 target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=pppoe-out2 scope=30 target-scope=10
fonte: http://www.itlearnweb.com

Mikrotik - Automatic Bandwidth Divide in Users (Bandwidth Management)



/ip firewall mangle
add action=mark-connection chain=forward comment="PCQ Eq" \
    new-connection-mark=equal-mark-con src-address=192.168.2.0/24
add action=mark-packet chain=forward comment="PCQ Eq" connection-mark=\
    equal-mark-con new-packet-mark=equal-mark-pack

/queue type
add kind=pcq name=pcq_down pcq-classifier=dst-address
add kind=pcq name=pcq_up pcq-classifier=src-address


/queue tree

add name=DOWLOAD packet-mark=equal-mark-pack parent=LAN queue=pcq_down
add name=UPLOAD packet-mark=equal-mark-pack parent=WAN queue=pcq_up



fonte: http://www.itlearnweb.com

Mikrotik - How to Block TeamViewer


How to Block TeamViewer

/ip firewall filter
add action=add-dst-to-address-list address-list="Team View address-list" \
    address-list-timeout=1d chain=forward comment="TeamViewer Block" \
    dst-port=5938 protocol=tcp
add action=drop chain=forward comment="TeamViewer Block" src-address-list=\
    "Team View address-list"
add action=drop chain=forward comment="TeamViewer Block" dst-address-list=\
    "Team View address-list"

Mikrotik - How to use PPTP Client in MikroTik


FREE PPTP SERVER












fonte: http://www.itlearnweb.com

Mikrotik - Block Yahoo Messenger






/ip firewall layer7-protocol add name=yahoo-messenger regexp=\
"^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80"
/ip firewall address-list add address=66.196.0.0/16 list=yahoo-messenger
/ip firewall filter add action=drop chain=forward comment="BLOCK YAHOO MESSENGER" \
src-address-list=yahoo-messenger
add action=drop chain=input comment="BLOCK YAHOO MESSENGER" src-address-list=\
yahoo-messenger
add action=drop chain=forward comment="BLOCK YAHOO MESSENGER" \
layer7-protocol=yahoo-messenger

fonte: http://www.itlearnweb.com

Mikrotik - PCQ-1MB Limit for all Users


Script Download

 

/ip firewall mangle
add action=mark-packet chain=prerouting in-interface=ether1-gateway \
    new-packet-mark=Users_Download
add action=mark-packet chain=prerouting in-interface=ether2-master-local \
    new-packet-mark=Users_Upload
/queue type
add kind=pcq name=PCQ-Download pcq-classifier=dst-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add kind=pcq name=PCQ-Upload pcq-classifier=src-address,dst-address \
    pcq-dst-address6-mask=64 pcq-rate=1M pcq-src-address6-mask=64
add name=PCQ-Down packet-mark=Users_Download parent=global queue=PCQ-Download
add name=PCQ-Up packet-mark=Users_Upload parent=global queue=PCQ-Upload

(tested on 6.xx)
fonte: http://www.itlearnweb.com 

 

Mikrotik - UNEQUAL 2 WAN LOAD BALANCING PCC




/ip address
add address=192.168.1.10/24 interface=ether1
add address=192.168.2.10/24 interface=ether2
add address=192.168.10.1/24 interface=ether5

/ip dns
set allow-remote-requests=yes cache-size=5000KiB max-udp-packet-size=2048 servers=192.168.1.1,192.168.2.1

/ip firewall mangle
add chain=input in-interface=ether1 action=mark-connection new-connection-mark=WAN1_con
add chain=input in-interface=ether2 action=mark-connection new-connection-mark=WAN2_con
add action=mark-routing chain=output connection-mark=WAN1_con new-routing-mark=to_WAN1
add action=mark-routing chain=output connection-mark=WAN2_con new-routing-mark=to_WAN2
add chain=prerouting dst-address=192.168.1.0/24 in-interface=ether5
add chain=prerouting dst-address=192.168.2.0/24 in-interface=ether5
add action=mark-connection chain=prerouting dst-address-type=!local hotspot=auth in-interface=ether5 new-connection-mark=WAN1_con per-connection-classifier=both-addresses-and-ports:2/0
add action=mark-connection chain=prerouting dst-address-type=!local hotspot=auth in-interface=ether5 new-connection-mark=WAN2_con per-connection-classifier=both-addresses-and-ports:2/1
add action=mark-connection chain=prerouting dst-address-type=!local hotspot=auth in-interface=ether5 new-connection-mark=WAN1_con per-connection-classifier=both-addresses-and-ports:2/2
add action=mark-routing chain=prerouting connection-mark=WAN1_con in-interface=ether5 new-routing-mark=to_WAN1
add action=mark-routing chain=prerouting connection-mark=WAN2_con in-interface=ether5 new-routing-mark=to_WAN2

/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
add action=masquerade chain=srcnat out-interface=ether2

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.1.1
add check-gateway=ping distance=2 gateway=192.168.2.1

fonte: http://www.itlearnweb.com

Mikrotik - FAIL OVER for 2 Wan Links



/ip address
add address=192.168.10.1/24 disabled=no interface=Lan network=192.168.10.0
add address=192.168.1.2/24 disabled=no interface=Wan_1 network=192.168.1.0
add address=192.168.2.2/24 disabled=no interface=Wan_2 network=192.168.2.0

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=5000KiB \
max-udp-packet-size=512 servers=192.168.1.1,192.168.2.1


/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=WAN_1
add action=masquerade chain=srcnat disabled=no out-interface=WAN_2

/ip route
add check-gateway=ping comment="Wan 1 Primary Link" distance=1 gateway=\
    8.8.8.8
add check-gateway=ping comment="Wan 2 Sesondary Link" distance=2 gateway=\
    216.58.218.174
add comment="Wan 1 Primary Link " distance=1 dst-address=8.8.8.8/32 gateway=\
    192.168.1.1 scope=10
add comment="Wan 2 Sesondary Link" distance=1 dst-address=216.58.218.174/32 \
    gateway=192.168.2.1 scope=10

fonte: http://www.itlearnweb.com

Mikrotik - Reboot Router Every Day Automatic



Reboot Router Every Day Automatic 12:00 o'clock

/system scheduler
add comment="Reboot Router Every Day ''12:00''" interval=1d name=Reboot-Router \
on-event="/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/07/2016 start-time=12:00:00


fonte: http://www.itlearnweb.com

Mikrotik - Disable and Enable Ethernet (Time Base)


Disable and Enable Ethernet By Time Scheduler
:log info "Ether2 Chaneged Name By HAMZA KHALIL"
interface ethernet
set [find default-name=ether2] name=ether2
:log info "Ether2 Added New Comment By HAMZA KHALIL"
set [ find default-name=ether2 ] comment="Time Base By HAMZA KHALIL"

/system script
add name=Disable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source=":log info \"Ether2 Disable By HAMZA KHALIL\"\r\
    \ninterface ethernet disable [find comment=\"Time Base By HAMZA KHALIL\"]"
add name=Enable policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    source=":log info \"Ether2 Enable By HAMZA KHALIL\"\r\
    \ninterface ethernet enable [find comment=\"Time Base By HAMZA KHALIL\"]"
/system scheduler
add interval=12h name="Ether2 Disable" on-event=Disable policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/01/2016 \
    start-time=21:00:00
add interval=12h name="Ether2 Enable" on-event=Enable policy=\
    ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=feb/01/2016 \
    start-time=08:00:00
Download%20Full%20Script

fonte: http://www.itlearnweb.com

quinta-feira, 24 de novembro de 2016

Mikrotik - Cache Hit Flow Control

Acho que não é cache hit e sim controle ftp

/ip firewall mangle
add action=mark-packet chain=prerouting comment="FTP 20M PER USER" dst-address=10.10.0.0/24 new-packet-mark=ftp_20M \
    passthrough=no
/queue type
add kind=pcq name=Download-FTP pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=20M \
    pcq-src-address6-mask=64
add kind=pcq name=Upload-FTP pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=20M \
    pcq-src-address6-mask=64
/queue simple
add comment="FTP 20M PER USER " name=FTP-Hit packet-marks=ftp_20M queue=Upload-FTP/Download-FTP target=""
Download%20Full%20Script


fonte: http://www.itlearnweb.com/2016/02/cache-hit-flow-control.html

Mikrotik - avaliar 4 WAN Load Balancing

avaliar, parece repetido

DSL IPS 
  • Ether 1 = DSL 1 =  192.168.220.1
  • Ether 2 = DSL 2 = 192.168.221.1
  • Ether 3 = DSL 3 = 192.168.224.0
  • Ether 4 = DSL 4 = 192.168.226.1
  • Ether 5 is your Local 
Download%20Full%20Script

fonte: http://www.itlearnweb.com/2016/02/4-wan-load-balancing.html

Mikrotik - Limit Different Bandwidth In Day and Night For PPPoE Users

Limit Different Bandwidth In Day and Night For PPPoE Users


There are lot many ways to limit bandwidth for day and Night.
If we need to configure bandwidth for DAY time users and NIGHT time users. Hope this article will be helpful for us.



Download%20Full%20Script

fonte: http://www.itlearnweb.com/2016/02/limit-different-bandwidth-in-day-and.html

webtools - site gerador de botões e outras coisas

http://www.webestools.com/button-maker-image-free-button-generator-online-web20.html

Mikrotik - Limit Different Bandwidth In Day and Night For Hotspot Users

avaliar


There are lot many ways to limit bandwidth for day and Night.
If we need to configure bandwidth for DAY time users and NIGHT time users. Hope this article will be helpful for us.

Download%20Full%20Script


fonte: http://www.itlearnweb.com/2016/02/limit-different-bandwidth-in-day-and_28.html

Mikrotik - BLOCK YOUTUBE

Há controvérsias pois agora quase tudo é SSL (https)


/ip firewall mangle
add action=add-dst-to-address-list address-list=youtube-block chain=\
    prerouting content=youtube.com
/ip firewall filter
add action=drop chain=forward comment="Youtube Block By HAMZA KHALIL" \
    src-address-list=youtube-block


fonte:http://www.itlearnweb.com/2016/03/block-youtube.html

Mikrotik - Limited Bandwidth ¨iso¨,¨zip¨,¨rar¨,¨pdf¨,¨mp3¨,¨exe¨,¨bin¨,¨7z¨


 

fonte: http://www.itlearnweb.com/2016/03/limited-bandwidth-isoziprarpdfmp3exebin.html

Mikrotik - PPPoE Server With FTP (20MB Per User)




fonte: http://www.itlearnweb.com/2016/03/pppoe-server-with-ftp-20mb-per-user.html

Mikrotik - High Priority For Videos 4Mb Per User




/ip firewall layer7-protocol
add name=youtube regexp="^.+(youtube|googlevideo.com).*\$"

/ip firewall mangle
add action=mark-packet chain=prerouting layer7-protocol=youtube new-packet-mark=youtube-pack passthrough=no

/queue simple
add max-limit=100M/100M name=all target=""
add max-limit=256k/256k name=pc parent=all target=192.168.50.252/32
/queue type
add kind=pcq name=Youtube-Dow-4Mb pcq-classifier=dst-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
add kind=pcq name=Youtube-Up-4Mb pcq-classifier=src-address pcq-dst-address6-mask=64 pcq-rate=4M pcq-src-address6-mask=64
/queue simple
add name=youtube packet-marks=youtube-pack parent=all queue=Youtube-Up-4Mb/Youtube-Dow-4Mb target=""


fonte: http://www.itlearnweb.com/2016/05/high-priority-for-videos-4mb-per-user.html

Mikrotik - Multiple Servers (DHCP, Hotspot & PPPoE) in one RB


/interface ethernet
set [ find default-name=ether1 ] comment="Wan Network"
set [ find default-name=ether2 ] comment="Dhcp Server"
set [ find default-name=ether3 ] comment="Hotspot Server"
set [ find default-name=ether4 ] comment="PPPoE Server"
/ip address
add address=192.168.1.10/24 comment="Wan Network" interface=ether1 network=\
    192.168.1.0
add address=10.10.0.1/24 comment="PPP Network" interface=ether4 network=\
    10.10.0.0
add address=192.168.2.1/24 comment="DHCP Network" interface=ether2 network=\
    192.168.2.0
add address=192.168.3.1/24 comment="Hotspot Network" interface=ether3 \
    network=192.168.3.0
/ip dns
set allow-remote-requests=yes cache-size=10000KiB servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=192.168.1.1
/ip pool
add name=hs-pool-3 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=ppp ranges=172.16.2.254-172.168.1.2
/ip dhcp-server
add address-pool=hs-pool-3 disabled=no interface=ether3 lease-time=1h name=\
    dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp2
/ip dhcp-server network
add address=192.168.2.0/24 gateway=192.168.2.1
add address=192.168.3.0/24 comment="hotspot network" gateway=192.168.3.1
/ip hotspot
add address-pool=hs-pool-3 disabled=no interface=ether3 name=hotspot1 \
    profile=hsprof1
/ip hotspot profile
add dns-name=login.net hotspot-address=192.168.3.1 login-by=\
    http-chap,https,http-pap name=hsprof1
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=1Mb \
    rate-limit=300K/1M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=2Mb \
    rate-limit=300K/2M transparent-proxy=yes
add idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d name=4Mb \
    rate-limit=1M/4M transparent-proxy=yes
/ip hotspot user
add name=admin password=admin
/interface pppoe-server server
add authentication=pap,chap disabled=no interface=ether4 \
    one-session-per-host=yes service-name=service1
/ppp profile
add local-address=10.10.0.1 name=1Mb only-one=yes rate-limit=300K/1M \
    remote-address=ppp
add local-address=10.10.0.1 name=2Mb only-one=yes rate-limit=300K/2M \
    remote-address=ppp
add local-address=10.10.0.1 name=4Mb only-one=yes rate-limit=1M/4M \
    remote-address=ppp
/ppp secret
add name=test password=test profile=4Mb service=p
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.3.0/24
add action=masquerade chain=srcnat comment="masqu
    src-address=192.168.2.2-192.168.2.254
add action=masquerade chain=srcnat comment="masqu
    src-address=172.16.1.2-172.16.2.254


fonte: http://www.itlearnweb.com/2016/05/multiple-servers-dhcp-hotspot-pppoe-in.html

Mikrotik - EoIP Tunnel Configuration (Transparent Bridge)



An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.
Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
  • The EoIP interface appears as an Ethernet interface under the interface list.
  • This interface supports all features of an Ethernet interface. IP addresses and other tunnels may be run over the interface.
  • The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
  • Maximal count of EoIP tunnels is 65536.
####Server Side####
/interface eoip add remote-address=10.10.0.4 tunnel-id=100 name=10.10.0.4-Branch2
/interface pppoe-server server add authentication=pap,chap disabled=no interface=10.10.0.30-Branch2 one-session-per-host=yes service-name=service2

####2nd Branch####
/interface eoip add remote-address=10.10.0.1 tunnel-id=100 name=Main-Branch
/interface bridge
add name=access
/interface bridge port
add bridge=access interface=ether2
add bridge=access interface=ether3
add bridge=access interface=ether4
add bridge=access interface=ether5
add bridge=access interface=Main-Branch
/ip address
add address=10.10.0.4/24 interface=ether1 network=10.10.0.0
add address=192.168.100.1/24 interface=access network=192.168.100.0
Result For Example Server_Side

Result For Example Other_Side



fonte:http://www.itlearnweb.com/2016/05/eoip-tunnel-configuration-transparent.html