Version 2 (modified by 14 years ago) ( diff ) | ,
---|
RouterOS shaper device bootstrap
Device bootstrap and network configuration is Portax independent. To allow Portax control of shaping do following steps:
- setup SNMP read community ( used later to add inventory record )
/snmp community add address=0.0.0.0/0 name=readcommunity read-access=yes
- create new system user portax whit at least write and telnet rights - default group write is sufficient
/user add address=0.0.0.0/0 comment="Portax" disabled=no group=write name=portax
- setup DHCP relay on customer interfaces pointed to Portax DHCP servers
/ip dhcp-relay add delay-threshold=none dhcp-server=172.25.8.4,172.25.8.250 disabled=no interface=ether2 local-address=0.0.0.0 name=Portax-e2
- add network subnets for registrations and authorized customers
- create firewall address list "registracni" containing all registration subnets
/ip firewall address-list add address=10.255.252.192/26 comment="" disabled=no list=registracni
- add following rules on top of firewall mangle table :
/ip firewall mangle add action=mark-packet chain=forward comment="default drop" disabled=no new-packet-mark=unknown-ip \ passthrough=yes add action=mark-packet chain=forward comment="allow registrations" disabled=no new-packet-mark=\ registracni passthrough=no src-address-list=registracni add action=mark-packet chain=forward comment="" disabled=no dst-address-list=registracni \ new-packet-mark=registracni passthrough=no
- add following rule on top of firewall filter table:
/ip firewall filter add action=drop chain=forward comment="" disabled=no packet-mark=unknown-ip
Login to Portax, go to Admin->Inventory section and create appropriate record:
After network subnets are obtained from device, set correct classes.
Attachments (1)
- PortaxCreateRouterOS.png (27.6 KB ) - added by 14 years ago.
Download all attachments as: .zip
Note:
See TracWiki
for help on using the wiki.