Last edited on March 12th, 2014

MikroTik Certified Network Associate (MTCNA)

Training outline
Suggested duration:
Objectives:

Target Audience:

4 days of 6.5 hours each.

By the end of this training session, the student will be
familiar with RouterOS software and RouterBoard
products. He will also be able to configure, manage, do
basic troubleshooting of a MikroTik router and provide
basic services to clients.
Network engineers and technicians wanting to deploy and
support:

Course prerequisites:

Corporate networks

Client CPEs (WISPs and ISPs)

The student must have a good understanding of TCP/IP and
subnetting.

The course material is separated in modules, each of which is ended with a laboratory whose
goal is to reinforce the material that has been demonstrated.

Last edited on March 12th, 2014

Title
Module 1
Introduction

Objective

About MikroTik
What is RouterOS
What is RouterBoard
First time accessing the router
Winbox and MAC-Winbox
Webfig and Quickset
RouterOS command line interface (CLI)
Null Modem cable
SSH and Telnet
New terminal in Winbox/Webfig
RouterOS CLI principles
<tab>, double <tab>, ?, navigation
command history and its benefits
Initial configuration (Internet access)
WAN DHCP-client
LAN IP address and default gateway
Basic Firewall - NAT masquerade
Upgrading RouterOS
Package types
Ways of upgrading
RouterBOOT firmware upgrade
Manage RouterOS logins
Manage RouterOS services
Managing configuration backups
Saving and reload backup
Editing export file
RouterOS license
Levels
Updating a license
Netinstall
Reinstall RouterOS
Reset RouterOS
Sources of additional information
http://wiki.mikrotik.com/wiki/Manual:TOC
http://www.tiktube.com/
http://forum.mikrotik.com/
Distributor and consultant support
support@mikrotik.com
Module 1 laboratory

Last edited on March 12th, 2014

Module 2
Routing

Module 3
Bridging

Module 4
Wireless

Routing overview
Routing concepts
Route flags
Static routing
Creating routes
Setting default route
Manage dynamic routes
Implementing static routing on simple network
Module 2 laboratory

Bridging overview
Bridge concepts
Creating bridges
Adding ports to bridges
Module 3 laboratory

802.11n Concepts
Frequencies (bands, channels, advanced channels) datarates /HT chains (Tx power, rx sensitivity, country regulations)
Legacy 802.11a/b/g stuff
Setup simple wireless link
Access Point configuration
Station configuration
MAC-address filtering
Default-authentication
Access-list
Connect-list
Default-forwarding
Wireless Security and Encryption
WPA-PSK
WPA2-PSK
MikroTik wireless protocols
NV2 (TDMA) configuration
Monitoring Tools
Wireless scan
Snooper
Registration table
Bridge wireless networks
Station-bridge
Module 4 laboratory

Last edited on March 12th, 2014

Module 5
Network
Management

Module 6
Firewall

ARP
ARP modes
RouterOS ARP table
DHCP server and client
DHCP client
Server setup
Leases management
DHCP-server network configuration
RouterOS tools
E-mail
Netwatch
Ping, Traceroute
Profiler (CPU load)
Contacting support@mikrotik.com
supout.rif, autosupout.rif and viewer
/system logging and debug logs
readable configuration (item comments and names)
network diagrams
Module 5 laboratory

Firewall principles
Connection tracking and states
Structure, chains and actions
Firewall Filter in action
Filter actions
Protecting your router (input)
Protection your customers (forward)
Basic Address-List
Source NAT
Masquerade and src-nat action
Destination NAT
dst-nat and redirect action
Module 6 laboratory

Last edited on March 12th, 2014

Module 7
QoS

Module 8
Tunnels

Simple Queue
Target
Destinations
Max-limit and limit-at
Bursting
One Simple queue for whole network (PCQ)
pcq-rate configuration
pcq-limit configuration
Monitoring
Interface traffic monitor
Torch
Graphs
SNMP
Module 7 laboratory

PPP settings
ppp profile
ppp secret
ppp status
IP pool
Creating pool
Managing ranges
Assigning to service
Secure local network
PPPoE service-name
Create PPPoE server
Point-to-point addresses
Creating PPPoE clients on RouterOS
Secure remote networks communication
PPTP client and PPTP server
SSTP client and SSTP server without certificates
Setup routes between networks
Module 8 laboratory

MTCRE training outline

last edited on July 10, 2015

Course prerequisites MTCNA certificate

Title
Static Routing

Objective

More specific routes

ECMP + LAB
How to force gateway over specific interface
Gateway reachability check and route distance + LAB
Routing mark and route policy + LAB
Recursive next-hop and scope/target-scope usage +
LAB

Point to point
addressing

PtP address configuration + LAB

VPN

What is VPN?
Different types of VPN
Site to site connectivity with tunnels (IPIP, EoIP, PPTP,
SSTP, L2TP, PPPoE) + LAB
Vlan and it's usage
QinQ implementation + LAB
Vlan and managed switch
Vlan and switch chip configuration on Rbs + LAB

OSPF

What is OSPF?
How OSPF protocol works (Hello protocol, Database
distribution and LSA types explained)
OSPF network structure (Areas, Router types)
OSPF neighbors and neighbor states (DR and BDR
election) + LAB
External Route Distribution methods (type1, type2) +
LAB
Interface cost and interface types (broadcast, NBMA,
etc.) + LAB
SPT calculation algorithm
OSPF and multicast (problems with NBMA)
Stub, NSSA and area ranges (route aggregation) + LAB
Virtual links, usage and limitations + LAB
OSPF routing filters and limitations + LAB

MTCWE training outline

last edited on March 16, 2011

Course prerequisites MTCNA certificate

Title
Wireless Installations

Wireless Standard

Objective
o Wireless routers
o RouterBoard Hardware
o Wireless cards
o Antenna types
o 802.11 a/b/g/n
o Bands and channel width
o Frequencies

Wireless Tools

o Wireless Tools + LAB

o Scan
o Frequency usage
o Spectral Scan/History
o Snooper
o Align
o Sniffer

Wireless Troubleshooting

o Troubleshooting wireless clients + LAB

o Registration table analysis
o Ack-Timeout/Distance
o CCQ
o TX/RX Signal Strength
o Frames and HW-frames
o Data-rates

Wireless Advanced Settings

o Advanced Wireless Tab settings + LAB

o HW-retries
o HW-protection
o Adaptive-noise-immunity
o WMM
o Country regulation settings
o TX-power + LAB
o Virtual-AP

802.11n

o 802.11n wireless protocol + LAB

o Features
o Data Rates
o Channel bonding
o Frame Aggregation
o TX-power for N cards
o Chain settings
o Wireless link debugging

Wireless Security

o Wireless Security Measures + LAB

o Access Management
o Access-List/Connect-List
o RADIUS
o Authentication

Title

Objective
o Encryption
o EAP
o Management Frame Protection

WDS and MESH

o Wireless WDS protocol + LAB

o Dynamic/Static WDS
o RSTP Bridge
o Wireless MESH + LAB
o HWMP+ Mesh

Wireless Bridging

o Wireless Transparent Bridge + LAB

o WDS bridging
o AP/Station-WDS
o Pseudobridge
o MPLS/VPLS tunnel

Nstreme Protocol

o MikroTik Wireless Nstreme Protocol + LAB

o Features
o Configuration options
o Nstreme Dual
o Troubleshooting

Nv2 Protocol

o MikroTik Wireless Nv2 Protocol + LAB

o Features
o Configuration options
o Troubleshooting

MTCTCE training outline

last edited on March 16, 2011

Course prerequisites MTCNA certificate

Title
Packet flow diagram

Objective

Firewall filter/nat/mangle

Quality of Service

DNS client/cache
DHCP client/relay/server

Why this diagram is necessary?

Full overview of all things covered by diagram
Simple examples how packet travels through
the diagram (routing, bridging, connection to
router etc.) + LAB
More complex examples of diagram usage +
LAB
Connection tracking
Filter + LAB
o chains (default/custom)
o all rule "actions" covered
o most common rule "conditions" covered
NAT + LAB
o chains (default/custom)
o all rule "actions" covered
o most common rule "conditions" covered
o NAT helpers
Mangle + LAB
o chains (default/custom)
o all rule "actions" covered
o most common rule "conditions" covered
Some complicated rule "conditions" covered
("advanced", "extra" tab) + LAB
uPNP
HTB
o HTB general information
o HTB implementation (queue tree)
o HTB structure + LAB
o HTB Dual Limitation + LAB
o HTB priority + LAB
Burst + LAB
Queue types
o FIFO + LAB
o SFQ + LAB
o RED + LAB
o PCQ + several LABs
o queue size + LAB
Simple queues + LAB
Simple queue and queue tree interaction
Basic configuration + LAB
Static DNS Entry + LAB
DHCP communication analysis
DHCP-client identification/ configuration + LAB
DHCP server configuration: + LAB
o DHCP networks
o DHCP options (build-in and custom)
o IP Pool

Title

Web Proxy

Objective

o advanced DHCP
DHCP relay configuration + LAB
Basic configuration
Proxy rule lists
o Access list + LAB
o Direct Access list + LAB
o Cache list + LAB
Regular expression + LAB

MTCUME training outline

last edited on March 16, 2011

Course prerequisites - MTCNA certificate

Title
Module 1
PPP

Objective

Module 2
PPTP/L2TP

PPP Profile + LAB;

Local and Remote addresses;
Incoming/Outgoing Filters;
Address List;
Change TCP-MSS;
Use Encryption;
Session Timeout;
Rate-Limit configuration;
Only-one setting;
PPP Secret + LAB;
Service and Profile;
Local and Remote address;
Routes configuration;
Limit Bytes In/Limit Bytes Out configuration;
IP Pool;
Set addresses ranges;
Next Pool options;
PPTP and L2TP;
Theory;
Comparison;
PPTP Client configuration + LAB;
Client Setup;
Set profile;
Dial-on-Demand;
Add Default Route and static routes;
PPTP Server configuration + LAB;
Enable server;
Setup profiles;
Add clients to /ppp secret;
Set static interfaces for clients;
L2TP Client configuration + LAB;
Client setup;
Configure profile;
Dial-on-Demand;
Add Default Route and static routes;
PPTP Server configuration + LAB;
Enable server;
Set profiles;
Add clients to /ppp secret;
Set Static interfaces for clients;

Title
Module 3
PPPoE

Objective

Module 4
PPP Bridging

PPPoE server and client;

Theory;
Usage environment;
Comparison to othe PPP protocols;
PPPoE client configuration + LAB;
Client setup;
Select interface;
Service name
Configure profile;
PPPoE Server configuration + LAB;
Enable PPPoE server;
Set profiles;
Add clients to /ppp secret;
Add Static interfaces for clients;
Secure server by removing any IP address from PPPoE server
interface;
Encryption + LAB;
Set profile without encryption;
Set profile with encryption;
Configure PPPoE client without encryption;
Interface ECMP;
set ECMP routes for ppp interfaces;
L2TP and EoIP + LAB;
Set L2TP tunnel;
Set EoIP tunnel;
Create bridge and add necessary interfaces to ports;
Confirm you have Ethernet connectivity between remote nodes;
L2TP and VPLS + LAB;
Set L2TP tunnel;
Set VPLS tunnel;
Create bridge and add necessary interfaces to ports;
L2TP and BCP + LAB;
Set L2TP tunnel;
Use BCP to bridge PPP interface;
Add to bridge necessary interface;
Multilink Protocol;
Enable Multilink by specifying correct MRRU settings;
Disable Mangle rules for MSS adjustment;
MLPPP [optional];
Setup client and specify multiple interfaces for one client;
Set PPPPoE server with MLPPP support;

Title
Module 5
IPSec

Objective

Introduction;
Theory and concepts;
Comparison to other VPN protocols;
IPSec Peer;
Use different authentication methods;
IPSec exchange modes;
Encryption and Hash algorithms;
NAT-Traversal;
Lifetime and Lifebytes;
DPD protocol;
Policy;
IPsec protocol and action;
Tunnels;
Generate dynamic Policy;
Proposal;
Encryption and Authentication algorithms;
Lifetime;
PFS;
Installed-SA;
Flush SA;
Create IPSec between two routers with NAT + LAB;
Set peer;
Set policy;
Set NAT rules;
Confirm the secure link is established;

Title
Module 6
HotSpot

Objective

Module 7
RADIUS

Introduction;
Concepts;
Usage environments;
Setup HotSpot with default settings + LAB;
HotSpot Login Methods + LAB;
HTTP CHAP/PAP;
MAC;
Cookie;
HTTPS;
Trial;
RADIUS
Users + LAB;
Add users;
Set MAC-address for user;
Set MAC-address for username;
Limit Uptime and Limit Bytes In/Out;
Reset limits for user;
Monitor Users;
Host Table;
Active Table;
SNMP for users;
Profile + LAB;
Keepalive timeout;
Shared users;
Rate-Limit;
Address-list;
Incoming/Outgoing filter;
Incoming/Outgoing Packet Mark;
Bypass HotSpot;
walled-garden;
walled-garden ip;
ip-binding;
Customize HotSpot + LAB;
Advertisement;
Customize pages;
RADIUS client + LAB;
add radius client;
set service;
use-radius for the specific service;
RADIUS server;
User Manager + LAB;
Install the latest user-manager;
Add routers;
Add users;
Set profile;
RADIUS incoming

MTCINE training outline

last edited on February 2, 2012

Course prerequisites MTCNA and MTCRE certificates

Title
BGP

Objective

What is Autonomous System

What is BGP?
Path Vector algorithm
BGP Transport and packet types
iBGP and eBGP + LAB
Stub network scenarios and private AS removal + LAB
Non-stub scenarios + LAB
iBGP and eBGP multihop and loopback usage + LAB
Route distribution and routing filters +LAB
BGP best path selection algorithm
BGP prefix attributes and their usage + LAB
BGP route reflectors and confederations + LAB

MPLS

What is MPLS (basics)

Static Label Mapping + LAB
Label Distribution (LDP) + LAB
What is Penultimate-hop-popping
MPLS traceroute differences
LDP based VPLS tunnels + LAB
What is Bridge Split Horizon + LAB
VPLS Control Word (CW) usage
L2MTU importance and MPLS fragmentation
BGP based VPLS + LAB
VRF and route leaking + LAB
L3VPN (BGP based Layer3 tunnels) + LAB
OSPF as CE-PE protocol

Traffic Engineering

What is traffic engineering and how it works

RSVP, Static path, dynamic path (CSPF) + LAB
Bandwidth allocation and bandwidth limitation differences
and settings + LAB