MikroTik Router Administration Course

1. Welcome: Hi everyone and welcome to the microchip router administration course. I'm really excited that I've launched matured course. I'll share gradient of two courses, about 148 and Sony board firewalls, the tips, thousand people. And you know, first, I want to thank you for investing your money. No time in my course. That means that you are serious about your career. So I go unto you that you will learn something from this course. Every lecture of this course is a lab that handles one of the usual tasks that you need, storage or engineer, we faced using the microchip router. That means that this is a practical course more than Georgia. That's why I want you to get your hands dirty and complete each lab for a better understanding. Because one of the best ways to learn is by doing. So, we will start our course by preparing our lab using Jane's through simulator. Receive you also how to set up the even g. But the most of our labs would be in GNS3 course content. You would see all the administration configuration that we can do. Mycotic. Of course, we cannot cover everything in our course. So please, if you have any suggestions or requests, let me know. So by the end of this course, you will be able to find your way using my horticulture. And without wasting your time, it will let you start your journey with microtia culture. Please, if you have any questions, don't hesitate to ask me. Good luck. 2. Lab Setup 1: Before we dive into the course, we need first to set up our lab. We will use genius three as a simulator. Of course, you can use whatever simulator you want if you are already using any, like even g or peanut lab. But all of these course loves. We'd be engineers three. So to sit up our lab, we will need some programs. So let me show you what those programs are. So I've already created a folder and name it mycotic prerequisite. I will share it with you. You will find it under the resources of this lecture. So to prepare our lab, of course, we will need the jane is three. So we will install GNS3 all in one program. And Jane is three v, n is three n need on hypervisor to be installed on. So I will use VMware workstation. The GNS3 VM can also be installed on VirtualBox Hyper-V or E6 E. So if we go to the GNS3 VM website, like we can see here, you can install it in VirtualBox or VMware Workstation, VMware ESX, or the Hyper-V for Microsoft. But I sure to mention here that you will need to make sure that virtualization support is inhibited on your machine bias. This tip to enable it is differ, depends on your machine manufacturer, but usually you can enable it from going through the virus. Then under the system configuration, you will find an option to enable it there. That's if it's not already inhibited. If you still can't find how to enable it, you can simply go to Google and search on how to enable virtualization, e.g. virtualization support in bios. And here you can type your machine type e.g. if you have a dead machine, you can do that and you can find steps to enable it. You can even find it from the website of your PC or check any of the videos that you can find on YouTube. Like I told you, it's usually, it'll be enabled in all machines. But sometimes in some laptops, you need to go to the bios and enable it. Go back to the fights that we need to install. So like I told you, we will need genius three. And also we will need to have a image of the Cisco switch and router. This is the switch and the router. And also we need to install, we've tear, it's a web browser and the Linux machine. So for the Linux machine, I will install the Obasanjo Dhaka cause it doesn't need so much resources. And finally, we will have to install, of course, the image of our microchip router. So this is an image with a micro logic. And we inbox, we need, we inbox to access to our algebra. Don't worry, we will see all of that. So first, let's start by installing our hypervisor, which is VMware workstation. Yes. Next, should accepted germs. Next. Next. Next. Next, and install. So here we can either press Finish or enter the license. I have a license, so I will enter it. I this is my license. I will copy it. And then sit here until Enter. And perfect. Now, the VMware workstation is installed. So I will extract the GNS3 VM. Let's open the VMware. This is the VMware. I've already have a genius feelings, thoughts, or even remove it. You remove even G. And they will go back. And this is my GNS3 VM. We need to import this OVA file to the VMware oxygen. So right-click on it and open with VMware Workstation. Here I will name it GNS3 VM and do import. Perfect. We can see that it's important now. Now we need to install GNS3 all in one program. Yes, we can do next. I agree. Next, next, next, Next again. And here we don't know a next. And Chickens Start genius three and it will do finish. So perfect. Now we have VMware Workstation installed. We have GNS3 VM OVA file imported to our VMware. Here it is. And also we have deejaying is three or in one program installed. Or what we have now to do is to import the wound to look here and to install or zone the Cisco switch image and the router and the wave chair. 3. Lab Setup 2: Let's start now. The drain is three program and see how to link it with GNS3 VM. So I will go and open genes three. Okay. Perfect. It's open now. You would press, Don't show again until next. Next, and next. Perfect. So here we need to make sure that we have selected the VMware. You can see that it's recommended join started in the VMware. And here we can increase the RAM size of our GNS3 VM machine and CPU. For me, I will give it two virtual CPUs. And it will increase their arm to 12, almost 20 gigabyte. Yes. And they will do next. Like we see here. It's added here under the server summaries. And we can see that it's automatically started. So I need to make a note here. Please. Don't open GNS3 VM manually. Now, we have linkage to the Janus three program. So we need to open the jane is three program. And let it start GNS3 VM for us. If GNS3 VM started before G is three program that will cause a problem and we cannot see the genius deliver a mere open-end. So please, if you open it, close, make sure to stop and shut down genius three. First, then open the program. Perfect. Now we'll finish. And they would all know here, and let's make the window bigger. This console here show us if there is an error in our program or something like that. I will close it in, not needed. Here we can see our nodes, starches, e.g. when we install our magnetic and we can start it, we can see here that it's started or not. And here we can see the servers summary. We have a local server, which is our desktop or our host machine. And this is the GNS3 VM, which is installed in the VMware workstation. Perfect. Now, if in somehow you've missed the first step of linking GNS3 VM with genius three program. You will need to go to Edit and Preferences. Here under GNS3 VM, you can enable GNS3 VM and choose VMware Workstation and make sure to check the allocate vCPUs underarm. And here you can enter how much CPU you want to give your, to your VM and how much RAM. So let's check if those values here are the two our GNS3 VM. It will go to V n and two sittings. And perfect, we can see here that we have already almost like I told you, 20 gigabyte RAM and we have two processors. Okay, Perfect. Let's go back to cancel. Now. Let's see how to import the Cisco switch and the router and the microbiotic open to Docker and the webcam. So first, you will go to file and to import appliance. We go to our file and we will start with the whip Jane. Jane is three. Okay, we do open and make sure that installed appliance on GNS3 VM is checked and do Next and Finish. And that's it. Now, let's go and install Docker images. And that's it. Now, to install Cisco switch, we need to go to my callback. We need to go to Edit Preferences. And here under q Mu, we need to select q Mu VMs and to new. And make sure to select around this QM, your VM on GNS3 VM. So check this option here. If you check the ritual, run it on your local computer, it will not work. So please make sure to check this option. And don't swear I will name it. Switch. Okay. Next, here in Durham, give it 656 megabyte. You need to increase the default run. You don't need to keep it to 156. Otherwise, the Cisco switch will not start for you. So increase a little bit around 65, 6 mb is good. So I will do next. Next. And here I need to check new image and to browse. And it'll go to our folder. And let's say that the V iOS layer to Cisco switch. Okay, we'll do open and finish. Then a will do Edit. And here engineered settings, it will go to dissemble and to browse. It would change some ball of my switch. Here. I will search for switch. You can search in the blue circles or gray or green. We have a lot of quadrants here, or square. Let's see what we have in the square. I would choose square. It's a multi-layer switch. So I will choose this because multi-layer mean that it's support layer two and layer three futures. So he will choose this icon here. And they will doggy chain that we need to do is to go to the network. And here in the adapters, we can see that we only have one adopter. That's mean that our switch have only one anterior face. I will increase it to e.g. eight. You can put whatever number of interfaces that you want. It is enough for me. So I chose only eight and they will do apply. Okay, so let's go back to our folder. So till now we have the genius trivia n installed. And genius three are in one also installed. Vmware workstation. We have imported the wave chair and to open your Docker. Now, we still have to import the z-score voucher. So ready to do it? Again too? He did, and preferences. And here we need to go to iOS routers under dynamics and do new. Again, check this option here, turn it into GNS3 VM and do next. And press Browse to import the image. This is image. It will do open. Yes. Let's wait for it. Toby imported. Now, next, you will keep the name as it is. And they will do. You can change the name if you want. You know that this reference is for a Cisco router. If you want, you can type here. Roger, if you want. But for me I will keep it as it is and they will do next. The default Ron is okay. So I would keep it and they will do next. Here in the slots. Will add another interface. So you will add gigabit interface. We have here Fast Ethernet interfaces, but I want to add gigabit interfaces. So I will choose this. Add another anterior face. Perfect. That is good. So I will do next. So this is the idle PC. This help us to optimize our CPU where we are using the router image. Perfect. This is the suitable value for these IOUs image. So it will do okay, and don't finish and Apply. And Okay. So the last thing we need to do is to install the microbiotic image. So this is all what we need to answer it. I will extract it first. Perfect, this is our image. I will go back and here I will go to file. And this time, instead of doing import appliance, because they don't have an appliance in my foot here. I will do your template. And here I will make sure that I am, I am choosing install an appliance from GNS3 server, okay? And they will do next. And here in the future, I would say for micro check. And here under router we can find that we have an appliance for omega rhotic c h bar q mu. So I would choose it and to install. Okay, Next, Next. And here we can find different versions pharmacologic image. So let's see what version we have. We have 7.4 is C2. So let's see if we have this version here. Yes, we have it. So I will say elected. They will do import. And it will sit next to my image and to open. Let's wait for it to be imported. Perfect. Now here in the status, we can see that it's ready to install. So I need to select it. And to next. Yes. And here we can find some recommendation of users. You can read it if you want. You do not finish. Now to find all the images that were imported to DJ n is three. We need to go here to the older wise. And from here we can find the webcam open to Docker, the switch and also the micro logic. Here I will right-click on democratic and pre-configured template. And it will change name to only my cortex. It will go also to network. And it will increase the adopters to six. And they will dorky, will go to the oven to Docker or zone and change the name to only are wonderful and perfect. Now, the next thing we have to do is to go to this icon here to create a new project. So let's press it and you're in the name, you will name it. Micro logic and two, okay. Now we can see that our workplace is unlocked. And now we can import our devices to the workplace like we want. So if we don't create an object and I'm project, we cannot drag and drop the, the nodes that we've created. Okay? One other thing that I should mention here is that all wonderful. And the web tier are based on Docker. So first, in the first time, we drag it and drop it in our project. You can see here that genius three is pulling the image of the, of the machine from the, from the servers. You can see here, if you see in somehow a red error here that says that there is a problem in the Internet or something like that. Please make sure that your computer or Internet access. If so, check that GNS3 VM is also have internet. So to do that, it's entered to it. And this will go to the shin. And pink e.g. 88 plus eight. Like we see here, we have internet. So this is the first problem. Is the problem of Internet. If you see here like I told you, an error message, Let's try with wheat germ, it will import it. So instead of seeing this green message of appointing the image, you will see a red message here that says there is an Internet problem. So the first issue, like I told you, is that there is no internet in your machine or in GNS3 VM. Or the other problem is that GNS3 VM reports are not updated. So to update them, you need to do sudo APT. And after the epidemic finished, then you can go back to your Jane is three and drag and drop the webcam and Obasanjo. Perfect. Now we have our Janie history lab setup ready. In the next lecture, we will see how to install and prepare also the even GL up. So I've noticed that even g is most used the tool now besides gene is three. So it's another powerful simulator as GNS3. And I think that we might need to have it installed to do a lab or tool that we can love to do and perform in GNS3. So that's what we will see next. 4. Eve lab1: Now it's time to set up our union zero. So first, we need to go to our browser and search for even g and press Download. Here we can notice that we have the first version, which is the professional edition, and we have a Community Edition. So this one needs to buy a license to work with. But the Edition version is enough for us. So I will download the Edition version, which is free and don't need any license. Here we have that. There are two files here. We have an ISO file and we have the OVA file. So for me, it will download a file that contain the avian g already pre-installed on there already. And if you want to download these all, you will need to install it and follow the steps to install the AVG for me, download the pre installed, even g. It will download this here from MIGA. We can see here that file size is 2.67 gigabyte. So please download it from here. For me. I've already downloaded it. Enriches. What I will do is it will go 2.5 here and right-click on it and they will go open with VMware workstation. You would name it even g. And here we'll do import. Perfect. We can see that even g is important. And from here, we can see that it's quite fond of age yoga white firearms and eight processors. So it depends on your machine. If you are machining, don't have much resources. You can modify those values here by going to Edit virtual machine settings. Here in the room, you can decrease or increase the amount of forearm. As you want. For me, I will leave it a gigabyte because I have much wrong in my host machine. For the processes will decrease it. We just set it to adhere in the number of cores per processor. We would choose to have a total processor cores or four. And they will do, okay. One other thing is the network adapter. We need to modify tool. So I will go back to the virtual machine's settings. In the network adapter. We can keep it a bridge. So bridged mean that it's a bridge there to our local network interface. So if we go here, all right, we check our interface. So if it is bridged, are even g machine will have an IP address as our local interface. And this is our local anti phase, which will be bridged to it. But it's recommended to choose the not instead of bridge. Because if you are the anterior face bridge, You are my go and connect to different networks. Especially if you have a laptop. The IP of the event G, We've changed, depend on the network that you are going to show. But if you choose not to be connected to all of your material, anti-fascist, me, go and go to the adopters. So if it is not, it will be connected to the VMware Network Adapter. This is the IP that it will be arranged, that it will have. So it's a fixed IP, it will not change. Okay? So for me I will choose not. I prefer to do what to V naught. There we go. Okay. I will start my machine. It started like we can see here, the IP that we got is 192, not 16870 to 129. So the default login is root and the password is Eve. The effects he told us to change the password. So I will type in your password. You can change the host name of the machine. I would keep it even g. The domain name. Although Wikipedia example.com, where I will choose static, you will need to press the space bar to set x to that static. So I will press the space bar, so the asterisk will be checked into static and they will not. Okay. Now, or you would type my IP, which is 190-216-8702. I will fix the same IP that I got from DHCP. We put 129 and they will do okay. Mask is 255.20, 0.55, 0.2 to 5.0. And the width of Pangea. The gateway is 192 dot 16872. Adult job. You will ask me from where I got this gateway. To know. You need to go to and from Edit. Go to Virtual Network Editor. If we go to the eminent eight, which is r naught, to change settings in the Nazi think. We can find that the gateway IP is point TO like we see here. So that's why I chose this network. It will do then is will be equal to eight plus eight plus eight. Second, Dennis will be eight plus eight. Which form before you can choose whatever you prefer. Okay? And here, and we press, Okay, now the machine would be rewarded so it can apply the settings that we just entered. Perfect. Now let's try to login and see if the password that we have created before is working or not. So I will do a root. Now I will not type IV, I will type the password that I've created in the wizard. Okay. Perfect. Possible is working. Now. Let's try to access the machine torque to the IP that we've selected before. So from here in the room where if you don't remember the IP that you set in the statically, it shows to us when we start the machine, but here in the virtual machine there is no option to scroll up again. So there is a common Linux that we can't type to find the branch or IP. So on. What you have to do is type host name, space, dash a. Here just IP. Okay, so let's go to our browser. And let's type effect, which is the username and password is Eve. I will choose HTML5 console and the window sign-in. Effect. Now I'm in, the first thing I will do is to create a lab. So I will go and add Europe. You would name it. Micro check. Okay. You can set a description if you want. And you can also put tasks that you will do in this lab. And I will keep it empty. And they will do save. Perfect, this is our workspace. So if we right-click the Workspace and go to node, we can see from here that all the nodes that we can add to our lab, those are all nodes that we can add to the EVG. But because they don't have any image of any of those nodes here, we cannot select them like we see here. Except for the virtual PC. It's come with even g. So if we selected and to save, here it is, we can have our VPC. So the next step that we need to do is to import the microcytic and all the needed the images to the evening g. So that's what we will see next. 5. Eve lab2: So now let's see how to import our images to the event G. So best way to do it is to go to the website of EVG and see how to import each node. So we can do it right from the first time. Because even Jay, It's not like a genius tree. You would see that. So first I will start with the micro tech. I would type if microbiotic router and enter the first website. So here, the first thing they told us is to download the Microsoft Cloud Roger, image. This is the first step to do. Now, they told us to SSH to the g machine and create this directory for the micro check node. So it will open Pucci. And they will type here, even g machine IP. It's 120 line eating. Yes. And they will do open, accept. I will login as root and they will type my password. Perfect, I'm in now. So I will copy this command here. Anterior division. So I will stop in division to put the vision that I have, which is 7.4. Okay. Now they told us to go to this folder that we just create using the command cd. So I will copy this link and it will do cd to the spot, and I am on it now. So if I did B, W, D, we can see that I am in the folder that I've just created. The next step to do is to upload the image of the mycotic to the directory. We have two options. Even do it with FileZilla or when SCP, I've already have WinSCP installed, so I will do it using it. So I will open when is Cp? Okay? Here in the protocol, you will choose ECP. And I will put IP address of my even g machine, one to nine, username and my password. And they will login. Yes. Okay. Now here we go directly to the directory that I've created. I will do add. And okay. Now we see here I'm in the directory. This direction here that I've created. Here, if this is, this is my may even g machine and this is my local machine. So here in my local machine, I'm already in my micro Arctic prerequisite folder. So if you don't see it here, you'll need to navigate to it and select the image of the microbial Groucho. Here it is. It will drag it and drop it here. Perfect. It's uploaded now to the event G. So if I go back here and type the command ls to list the contents of the folder. We can see that our image is uploaded. So the second thing that we need to do is to rename the image from the current name and from the current extinction, which is point EMG, true QC, or W2. Okay? So I will copy this name here. And it will do move CHR tool, the HDA, and they will take Enter. Then we need to run this command to fix the permissions. Copy and past its wait for it to finish. Perfect. Now let's go back to our even do topology. And now if we right-click on the topology and try to add unload, if we scroll down, we can find that our micro-technology noise is added. So if it is blue, then it's added. So it will be selected. Here we can find the version of our micro tick, it's 7.4. We can increase the number with the CPUs and RAM and even the internet interfaces. It will increase the Internet face anti-thesis. I will put a six for the ram. To five-sixths is enough. You can increases if you want. I will increase it. I have a much resources in my machine. If not, you can keep the query and volume, it's not a problem. And see how we can also win. You find the icon if you want to choose a different icon for your micro logic, we stick with the default, which is a router icon, and they will do save. Perfect. Now we have our macro tick added to the even g. Now the next step to do is to import the image of the Cisco switch. To do that, I will go on until even g. And Cisco is V, iOS. That's all what type? And they will go to the first link. I will go down. This is the steps to other VMD key file. I don't have a VM dk phi. You will scroll down, scroll down until I can see. Okay. Yes, here it is. This is the image that we have. So I will copy this. I have the same version, so I will keep it as it is and they will do copy. Okay. Now let's see D2, it perfect. Pwd. I am in the folder for my critique. Okay. We'll do C, D, all the YMCA there was a copied with the part of the file. So I will move it and it will do. Okay. Yes, I am now in the in the folder. Perfect. Let's go back and see what is the next step. The next step, of course, is to upload the image. So it will go back to the WinSCP and drag and drop the image here. Perfect. The next step is to move the image to they say, the name, to rename the image to this name here. So I will just copy it. And it will type moves. It's the way lets you save the image is uploaded. Oh no, it's not approved. It. Why? Because I improve it to the micro logic folder. Let me remove it from here. Let's press the two dots here, and let's enter the further off the switch. And it's uploaded again. Perfect. Me type. It is perfect. I have the image now. You will move it. Perfect. Now we need to run the command to fix the permission. Again. Let's go and run it. Perfect. Now, if we go to our topology, This is our topology. And let's add another again. And let's scroll down. And here we can see that our switch is added. Here it is. This is the icon of our switch. We can also modify it if you want to switch that I have is a layer 3.2 switch. So I will choose this icon. It's not really make a difference. It's just an icon. So you can choose whatever icon you want. Again, we can modify the run or Ethernet interfaces. Interfaces is good for me, so I would stick with it and it will just save. Perfect. So this is a, this is how to add the nodes. So like I told you, even Jay, It's not like a genius three. You'll need to follow documentations and the steps in the guide to do it right and do not miss any Jen. Okay. So if you want to add anything you want you just to type even g and type the name of the image that you want to add, the event G and you can follow the good like we just did. Okay, perfect. Now, one other thing that I want to show you here is let me start this. A VPC, e.g. And if I try to consult to it, we can see that it's open. A guacamole. Dub, the VNG ischaemia, 5-years, the guacamole, remote access software to access and console to the nodes. It's good. But I prefer to access to my nose, throat, e.g. Pucci and VNC, e.g. so to do that, we need to install, to install another piece of software that we can find in the SVG website. So let's go back to the website. It is, this is from where we unstyled the community image. So here in the top we can see that we have software name, the Windows client side. So let's go to it. Here it is. And I want you to install and download the software windows Integration Pack. I've already downloaded, so I would not download it. Now. I will go to the folder where I download it, enriches and let's run it. Yes. Let's follow the wizard. Next. Next, we'll ask you, will the unseen start for us at Wireshark and Ultra VNC. I think that I've already have worse. I can utero Vinci and another chain before installing this unit to make sure that you put G is already installed. So please make sure that it's already installed. Okay, So we will do next. Okay. You do accept next, next, next and install. Okay, Next. And Finish. Now, it will ask that at Wireshark, pointer for pointers zero is already installed. I will not install it, will keep it and install the version that come with even GI bug. So next, I agree. Next, Next, Next. I've already installed it before. What you asked me again to do it. So let's wait for it to be installed. Next. And finished. Finished, perfect. Now we have the Windows client pack installed in our machine, which will help us to integrate a Pucci and Wireshark and intervene see with our console. So to do that, we need to log out and log in. Again. The username is admin and the password is Eve. And here in the console, don't chose HTML5, choose the native console and to assign n. Perfect. And now if I try to access my VPC, he will ask me if you decide it's going to open this hg18 and your login client. It will open the asked me if I really want to open the application, I will do open. And unlike we see here, we have the VPC console or print in Pucci. I prefer it this way. I don't want to access to it via the guacamole console. You can do, you can keep still the access switch via COCOMO. If you chose the HTML5 console, would close it, and that's it. Now. Or even g also is ready. 6. MikroTik First Access: Now, after we have both genius three and even g ready, we can start working with mycotic. First-gen We need to know is how to access to our microchip router. So let me go first to GNS3. Will open my lab. This is my project. Okay? First thing we need to do is to go to devices and drag and drop the micro logic image. This is our appliance, okay? And they will order the drag and drop the cloud. Okay? And now here, when you drag it to Cloud, please show the genius three VM. Okay, don't choose your desktop. Choose GNS3 VM, and do, okay. Okay, perfect. Now we have them bolt. And before connecting the micro check with cloud, I'm using the declared here for the management. Allow us to connect our local machine with democratic. Okay, So let's connect them. I will go here, connect the first centered face, which is port one of the magnetic with cloud. And I will choose the anterior face, one orbital, each one. Okay? And before starting the macro tick, I need to give you some information about how to access the micro logic. So first thing is the, what is the default IP of the microsec? So by default, the IP is 1902168 dot 8.1. This is the default IP address of the macro tech. But here in our lab, because we are using a virtual mycotic image, which is a CHR image. The microtubule come without any default configuration. So we will not be able to access to the mycotic using this IP. Okay? Because like I told you, all the micro tick is empty. It comes without any default configuration. That's first. At now, the default login is a default login admin without any password. So it comes only with the username admin, and the password is empty. After the first login, it will prompt us to create a password to protect omega logic. Okay? So now we need to know what are the methods to access to our mycotic. First method, of course, is using a console cable or using the console port. So we can connect using the console port. That's the first axis that we can do. Second axis is, is this H. We can SSH to the micro, check using the default IP. So we need to fix on a static IP in our machine. In the same range here, e.g. 88.2, e.g. and we can SSH to it. And we can use with vague or zone. So basically we'd fig is a web-based utility that allows us to access and configure our microchip router. We don't need to install any additional software, or what we need is our browser. And we can access by typing the IP address of our microcytic. In this case, the default IP for the first axis. Okay, Now there is another tool that I personally prefer and I use a lot, which is in box. One box. Here it is. It's the most used method to access to the micro check. So when books is a lightweight tool that allow us to administrate the macro tech fast and efficiently. What's nice about when Box Also is, it allows us to connect either using the IP address of the micro tech or even with the MAC address of the router. We will see that what you have to do is to connect your mycotic with your computer without any need for any IP address. And you can connect to it using wind box. Throw to the MAC address. Which is really nice because we don't even need to have a load three communication to the router. Now, what I will do is I will start my micro check. Like I told you all, let me bring it here to show the ports. That is, I'm connecting my mycotic to the Cloud using the port one. So again, the Cloud is to allow us to connect to the micro logic, to our, to our local machine. Onto your face. Each one is the anterior face of our VMware machine of our genus three. Let's go to it to have a better understanding of what's going on. Okay? I will do IF config. And like we see here, each one is having the not IP, which is if we go to our adoption is in our local machine. It's the IP of the VM Nate Network Adapter eight. Here it is. It's in the same range. Searches. And the way that we can see our micro tick from our local machine. Okay? One thing that I want to add also here is if you have already a device like I told you, you will have, you will have it with the default configuration. That's me and really have this IP here, the default IP. And also you can not access to mycotic using the port one. Okay? If you have hardware, you can access to the mycotic using the port one. Why? Because like I told you, each come with a default configuration and the default configuration have a default firewall policy that blocks the access using that port. So there is a policy that prevent prevent us from accessing the microtubules in the first part. Why? Because by default, the Internet one or the port one is reserved for an internet connection. It so one interface. But because we're not using a real device and we are only using a virtual interface device. We can connect to that anterior face. The reason why I'm connecting to that interface is, is by default, Come on DHCP. So the mode of this interface is on DCP. That's a low M2. Take an IP address from the nut Cloud. Okay, So our micro tick will have an API or the restaurant, the Cloud. That's why I'm connected to that interface. Okay? So again, if you are using real hardware or you are using are real micro tech launch connect your computer to that interface, connected e.g. to the port two or three or any interface either than the bottom one. Okay, perfect. Now we have our Microsoft started and connected to our local machine. Now I will go and open my inbox. This is when books. So to find our mitotic and connect to it, we need to go to neighbors. And here it is. We can see that it appears here. This is our magnetic, it talks the IP one linkage order to one-sixth. See it? Not 72 dots, 12 or G. Here it is. This is the host name of our machine. This is the MAC address, and this is the version. And also we can see the board. It's hover search here, image, which is a virtual image. Okay? Now, if you'll notice, notice here to the Connect tool will just be this value here. It shows us the IP of the omega logic. Now, if I press the MAC address, it changed. And if I go and press IP address, it changed the IP address. And like I told you with my critique, we don't need to using when books and we don't need to have an IP address on our magnetic, we can easily connect to it using the MAC address. Here it is. And here for the login, we can type admin and to connect. And that's it. We are now connected to our necrotic. And like I told you, it will force us to create a new password. So the password is empty. We don't have any password by default. So I will go to the new password and type and create a password. Okay. Here I will change now. And that's it. I'm connecting to the mycotic using the wind box tool. Now, let's see how to access subito, like I told you using the whip, vague. So here I have to type the IP address of my microsec. This is the IP address of my micro logic. Perfect. This is the interface of the web. We'll type the password that I have created before, and they will do login. Defect and the urges. This is the frequency of phase. So we need to go to with fig here. And if you'll notice, it's pretty much the same as the wing box interface. It's the same menu like we see here. Pretty much every turn we can do in the web fig, we can do it in the wind box. To access the microtome throat console. In the junior three, you will just have to double-click on it. There it is, it's opened. We've typed me, put in my credentials. I'm connected to my necrotic. It is. You can see now I'm connected. And we can also connect throat, this is h. Let's see that although this is H, admin and open-air Pucci, okay, I would say IP address. It is admin urea. So we are successfully connected to omega logic, throat console, and throat is h and using we've fig and we inbox. This is where inbox and this is using, this is h, and this is the console. And this is the width vague. And your face. 7. Changing Password And Hostname: After we access to our micro logic, we prompted to change the password of the micro check. But what if we want to change it again? So first, let's go to the wind box. Here from the wooden box, we have two options to change the old password. The first option that we have is to go to a system. Then we know we need to find password. There it is. This is password. And here we need to type or old password. Then type the new password. Okay, retype it again and change it. Perfect. Now we've changed it the password from here. The second option is to go again to sin. And this time we need to go to users. Our users. And our username is of course, admin. Here it is. We need to make a note please here. So here it's the same password here which shows us only the password of the admin. Okay? So if we have another user which will not change this buzzword, system, password, change only the default user, which is admin. Okay? So like I told you, the other option is to go to a system, then users. And from here, we need to double click on our username, admin. And here in the right-hand menu, we need to choose buzzword. It is. And we can type the new password from here. And two, Okay? And Okay. And that's it. This is how we can change our password. Second thing that I would see we do is how to change the host name of our mycotic. So by default, the host name is Mike Arctic. Here it is. So to change it and we need again to go to System and find identity. It just enriches you don t t. Like we see here. It says mycotic. So e.g. I. Will change it to CHR dash one, and I will do. Okay. And like we see here, it's changed to CH R1. Okay? Now what I would say we do is how to do all that using CRI. So I will go back to my genius three, I will double-click on the macro check. Okay. So to change the password, we need to type to come and user sit. And after the city, we need to specify the username that we want to change his password. So it's admin and we need to type password. And here we can type our password. So every type admin password, e.g. social just said, We need to log out and try to login again. I will type my password now to see if I can steer connect. No, I cannot. I cannot connect. So I would type the new password, which is admin password. And perfect, I can connect now. And like we see here, it's an error message that says that there is a critical login failure for user admin because we've typed the wrong password it before. Okay, now let's see how to change the host name of the microelectrode CLI. So the command is easy. All we need to go to system and type it onto T and do. Set. The name will type. And we put it to broker enjoy my cortico will type. Mike Rowe check. This time, will be dash one. And look, we already see from here, it's changed to omega Arctic one. It is. If we go back to the wind box, it's changed also in the wing box, geomagnetic one. So this is it for this lecture. We now know how to change the password and the host name of omega Arctic. 8. WebFig HTTPS Access: When we did access to our macro Arctic route or the first time using, with fig, we did that using HTTP, but we all know that HTTP service is unsecured and should be disabled on our macro agriculture, what we have to do is to use HTTPS instead, but by default, HTTPS service is disabled. And also we need to have an SSL certificate to use HTTPS. So let's go and see how to do that. So the tasks of this lecture are creating an SSL certificate to use it so we can enable the ship is, so this will be one. The second task should be enabling. You should GPS service. And I'll sign. This is a certificate. And the third task would be, of course, disabling HTTP. Okay? So first, it's equal to Omega horticulture. Maybe login. And they will do IP. Others print to see the IP of the interface. So this is omega2 culture IP. I will copy it and use it to access using when fig, perfect. Let me login. And look. We can see we all have access using with vague but still using ECP. Okay. So let me log out. It's going to open when Box login to omega2 culture. First task we need to do is to create a certificate. So to do that, we need to go to a system, then certificates. And here under the certificates, we need to add the new certificate. We name it e.g. with SSL. Or you can name it whatever name you want, it just a name. The other setting that I will do is the contrary. Here, you need to type your country, isn't your fire, which is the two characters of your country name. Okay, So I will add my two characters. And you can change the key size if you want. For me, I will keep it the default. You don't want to make a bigger size. So the bigger size mean more time should take to exchange the information between you and the browser. So I will keep the default size. Here. We can choose also the expired days. So my certificate will be valid for one year. From here, we can change the dates that we want our certificate to be valid here for 40 K uses. So of course, our certificates should be a digital certificate. Okay? So we can check it if we want, but I will not touch anything here. So all what I need to type is the name and the contrary, I can change like I told you to the key size and the days that my certificate should be valid. And the second thing it will do is to do apply. And after doing apply, I will do sine. Then I will do start. And we can see here in progress that it says none. I will close this. So after that, if we did go back to K uses, we can see that after doing side, it's by default select all the key users that we want to use, okay? So it's selected digital signature, the K on Superman, Okay. And all the keys that we will need, jellies client and TLS server sign. Okay. Perfect. Now I will do okay. So the second thing we need to do is to enable the ship is silver. So I will go to IP then services. So from here we can see that our port 443 is delivered, which is the service www dash is this l. So I will select it and enable it. Perfect. Now, if we do use enum up and scan our router, we can see that poor 443, which is for each GPS, is open now. Now what do we need to do is to double-click on the www dot L and the air in the certificate, we need to assign the certificate that we just created to this service. Apply and Okay. So please don't forget to also in certificate to the service. Otherwise, you will not be able to access your microchip using HTTPS. Okay? So let me open a private window. And digital HTTPS and the IP of our router. Of course, it would show us this error message here, because this certificate that we just use is a self-signed certificate. So it's normal to see this error. So all what you have to do is to press Advanced and continue. And perfect. Now we are accessing our micro-technology using if she pays me log into it. And perfect. Like we can see, we are successfully accessing using a ship is, so this is how to enable a ship is in the router. Now, let's go and see how to do that from CLI. Okay. So let's open the CLI commands. Me go back to inbox and disable this. And remove certificate. Go back here and try to login logout first and try to login again using this GPS. Okay, It's gosh, let me close this and open a new one. Like we can see, we can not access now using this GPS. So it will go. And first thing we need to do is to create certificate. So it will do certificate add. And the name of my certificates will be even name it HTTPS example. And other settings that I will add is the country. Of course, like I told you, we can change also the key size and the days that my certificate can be enabled before expiring. So it will not do that. It will keep everything as default. And it will do. Then I need to do sine. So I need to sign my certificate. So it will use the common certificate sun sign and the name of my certificate, which is a ship, is perfect. We can see that it's done. So now if we did certificate print, here, we can see my certificate, which is a ship is and this is the fingerprint of the sign-in. Okay. So if I did the ties to see that the dye we can see the d dy of my certificate, which will be expires after 52 weeks and 23 h and 15 min. Okay. Perfect. We can see this is the key size. This is the day, the days that my certificate will be valid. Now it's second gene we need to do is to enable the service. So it will do sit These, able to know my service is this. So if I did IP services print, now, I can see that the surface now is inhibited and don't forget to assign the certificate to it. So we need again to the IP service set certificate, which is HTTPS. To the W, W dash is this service. So let's do branch again. And look, we can see its certificate is assigned now to the service. Now let's do a refresh here. And perfect, we can see the error message though advanced and continue and perfect. Now, we can access our microti culture using HTTPS. So that's it for this lecture, please. If you have any questions, don't hesitate to ask me, and good luck. 9. Internet Access: So now it's time to give our macro trick, Roger, Internet access. So let's see, we want to do that. Okay. I will go to gene is three. And we are connected the port one, which is the first interface to the Cloud. So they control your Internet. One is meant for internet connection. So it's a one interface. Okay. It's all one. I would fix a static IP on this anterior face, which is 192 dot 16872 to 40. Okay? It's slash 24. This is the mosque. And our gateway is one. Then 2216872. This is our gateway. You will ask me from where I gotta desegregate away here. Again. One of our genus three. The n is noted. So if we go here to the seating, the first interface, which is ETH, one is host only, and second interface is not. So for the Nazi interface, we need to go to Edit and virtual network and press Change Settings. Okay, this is our nice interface, which is the emanate eight. And here in the Nazi think we can see that the gateway IP is 0.2 marriages. So this is how I know that the IP is point to Oregon to a perfect. Now let's go back to our lab. So the first thing I need to do is, like I told you how to fix a static IP to the anti-fascist. And the second step that we need to do is to put our gateway. The gateway will be a static route. So we need to configure a static route and the destination and take it away of our StatCrunch will be this IP here, okay? And we don't need to forget DNS server. Okay? So those are the tasks that we have to do to give the microchip Internet access. So if we log into it via inbox, we need to go to your neighbors. And here I will choose the MAC address. I will not connect to the IP because it will change the IP. So if I login using the IP, I may disconnect and the neutral type the IP again. So that's why we chose the MAC address. Here in Logan. I would put my credentials and it will connect. Perfect. Before doing anything, I will open a terminal. And being eight.88, we can see that we have a response. Okay. So it's pink or the pink cogen.com. And pink to the domain or zone works mean that we have Internet access. Why? Because like I told you, the anterior face is on DHCP pool or just sitting there the pull them from the TCP server. But we don't want to defer the Internet interface or the one interface to be dynamic. We want it to be or mode static. So go and do that. We close that for now. The first scenario will do is to change the name of the first interface. So to do that, we need to go to interfaces. And this is our anterior face. Either one, it is double-click on it. They will change the name to one. So it's one and two-fifths. And they will do, okay. Now to put unlike P to this interface, first thing we need to do is to remove it from the DHCP. So right now, this interface is the SCP client. So we need to remove that. So let's go to IP and TCP client. And like we can see here, this is our anterior face and the knee is indeterminacy PICC lines. So I will remove it from here. So I can give it a static IP. Perfect. Now we'll go back again to IP and designed to addresses. And they will press the plus sign. And here I would put the IP, 0.72, 0.40, and the mask, which is slash 24. And it will do apply and the network will be filled automatically. So I will do apply. And edges network, it's fear it's automatically. Here we choose the interface. So by default, it's the one interface, It's the first interface. So make sure that it's one or the first Internet one interface is chosen here. And doggie, perfect. The next step we need to do is this logic or odd. So let's go to our origin. Again, to IP, to IP, and then two routes. And like we see here, we don't have any static route. What do we have is a directly connected network? Yeah, it is, It's a directly connected network because the interface is directly connected to this network here. Breasted a plus sign, I will go to General and our destination address will be all zeros. Why? Because we are going through the Internet. And of course in the internet we don't know the IP is of all the servers in the Internet. That's why the destination others always to the anterior be zeros. So we keep it zeros. And here we put our getaway. Perfect. Now I will press Apply. And Okay. Now you will go and open again the terminal. And they will open pink eight. Those eight. Perfect. I can ping it now. But let's try to ping garden.com. I cannot ping it. Why? Because you cannot be translated. Why? Because we're still not configuring the DNS. So if we don't configure the DNS, our micro check, we will not be able to resolve domain names. So let's go to IP, DNS. And from here in the servers, It's press the R0 here. And which eight dot eight. Touch it. If you want to add another server, you can press the arrow again and put another server. Apply. And Okay, now let's ping again. Perfect. Now I'll make rotate can resolve domain names. And we have our response now from Grogan. Perfect. So now let's see how to do all that from cell. First. It will have to raise it the configuration for the microchip. So we'll go to System and resist configuration. I will keep the user configuration. Okay? I would go to the console. Now, I will access my microelectrodes CLI using the console. We've typed my credentials. Perfect. Now the first thing I will do, like we see in the web when Box is to remove the anterior face from DCP client, we need to put on static mode, not on DHCP mode. We can set a static IP to the anterior face. So to do that, we need to go to IP DHCP client and we need to remove Internet. One. Perfect, That's it. Now, the next gen I will do is to rename the interface ethernet one-to-one. So you do that, I need to type the command interface. Ethernet. Set. One, name. One. Yes. And if we did into interface ethernet brand, we can see that the anterior face name is changed now to one. Okay, perfect. Now the next thing we'll do is to set a static IP to that anterior face. So we need to type the command IP address. Specified interface first, which is the one and two-fifths. The other is one line 2.168, 0.70, 21.40 slash 24. The effect. Now we have the IP. The next thing we need to do is to sit static route. So it will do IP route. Add. The destination address will be of course 0.0, 0.0 slash zero because we're all go into the anterior to the Internet and take it away will be 72.2. Yes, perfect. Now, let's try to ping each 0.8, 0.8. And perfect, we can ping each point. But let's try to ping google.com. So our alternate countries of it. Why? Because we are not configured in Dennis yet. So let's go and configure it. We need to go to IP DNS servers. Servers and put the IP address of it, Dennis. Okay. And to enter, now, let's ping google.com again. And that's it. We can now have a response from google.com. So that's it. This is how to give internet access with a microcytic. We need to, like I told you to set a static IP to the anterior face. Like we did here with this command. Ip address, here it is, This is the command. Then we need the static route to define our gateway. And we need also to set a DNS server so our macro tick can resolve domain names. So that said, I will see you in the next lecture. 10. Firmware Upgrade: As an administrator, you should always keep your microchip firmware up-to-date. In fact, that should be the first thing to do when you're on your device for the first time. But why should you upgrade your router? Well, the reasons are obvious. First of all, the new firmware, my fix bugs. If there was any previous version. And also there could be some performance improvement or security improvement, etc. So it's important to make sure to have the largest firmware on your router. So let's make our lab first. I will drag and drop on micro check. And it will drag. The Cloud. You choose. Gene is three, okay? You will connect port one with either one. And they will start mimic logic. Okay? Now I will go to inbox. And here in neighbors, you can see that magnetic is detected. Refresh again, and they take an IP from the Cloud. The username is admin. Password of course, is empty and they will do connect changed password. Now, we are logged in into our macro check. Now let's see how to do the hypocrite, the ******. And the recommended way to do that is by going to the system here, then to go to packages, ADR. And from here we can see the firmware that we are already running, which is a retrovirus, which is the firmware of the router. And the version is 7.4 is C2. The seeming that it's just in a version, that's a more reason to report it or firmware because we don't want to run in our production environment at the same version. Okay, So to upgrade, we need to press check for updates. From here. I will choose stable version. I will explain the other channels later. For now I will choose stable. And like we see here, the latest version is 7.6. Normally it should get us a change log. Here. The change log means that here, shortly bring us the what are the fixes in this new version and all the features that come with this new version. Normally it should be printed here. One other thing is you should make sure that you have Internet connection to check for updates and download and install the new firmware. I think that this is the case. Let's see if our monochromatic have Internet access. You can ping Internet. It see if you can ping domains. We got a response. But still the change log is not showing up. So this is a problem in flux and we're very happy to face this problem where we're all doing this lecture because you're my habit or zone. So if it is not an Internet problem, what are aged found that is a bug in the website of the micro check from where the image be downloaded and installed, the bug is being explained in this tree. Here it is, I found it in the internet. It's the mitotic forum where it says that it will not work. The MTU of your Internet connection is less than one five-hundred and you have not configured a club TCP MSS dream to you. Okay. So like I said, it's a bug in their update servers. And you might also need to configure MongoDB role to produce videos here, I would show you how to do that. First, to fix that in our lab. Of course, we are coming to the Cloud using the Internet. 1.1 is it's a go-to that adoptions. It's eight. It's a virtual interface. Of course. It is. It's a virtual interface. Ip fixed for that Enginius three is to go to the VMware and go to Edit and go to Settings. And here we need to add a new network adapter. The adapter will be bridged. So it will be bridged directly to our network adapter. So we will not go to the Internet using the virtual adapter. I work with chose rich and they will dorky, it's changed, it. Perfect. Now I will go back to GNS3. Little more of this cloud of democratic also. Okay. It's not a problem. I will drag and drop another one. Started. I will start to crowd out the cloud again. It's from June is three. Okay. Now let's connect them. The first phase. Now we can see that we have another additional anterior face realities. Perfect. You go back. Here. I will search for the mycotic enriches. We can see that you've got an IP address from our local network. Password is empty. Change the buzzword. Now it will go to season. Here in packages. If I did now check for updates. Hey, marriage is now we can see the new version. We've got it, and we can see that the message here is changed to a new version is available. And we can change, check the log. This is the change log. Those are all the fixes, like we can see. And also the new features that are added in this version like we see here. It's this menu here and all the options and features that have been added in this new version. We can see. So like I told you, you're my face, the problem or the first thing to check is the Internet connection. Like we did with its first troubleshooting step. So you need from your macro tick to pink and Janet and be able also to resolve domains. Perfect. The second thing is your internet interface. Should we not have a value less than 1500 MTO? Like we can see industry there. And it's also recommended to other Mongolia. Okay, if we scroll down, we can see that this is the role that need to be added. Don't worry, I will show you how to add it. Here in one box. We need to go to IP, firewall, mangled and press. Plus. Here in the Shane, we need to select poster origin in the protocol should be TCP. Perfect. Now we're in advance that we need to go and find TCP MC MSS normally disappear. Tcp flag, yes, TCP flag. And choose, think. It's fine. Then induction should be changed, MSS and new TCP message should be clumped to be MTU and bus throat should be enabled. Okay. You can keep the log. Lets me see what the pot here in the log. The log prefix should be empty. And the new MSS surely be clumped or impure. This is the rule that we have created. Apply and okay. And that's it. This is how to create a road. Like I told you, it's better to have the problem in this lecture. So you can know how to troubleshoot it if you'll face it in your real hardware, using the real hardware. Okay, perfect. Now, there are two options here. There is the option download and download and install. So if you don't want your microchip to report after you download the image. Just chose no node and the new firmware will be downloaded. And then you can do whatever task you want in your micro check. When you feel that you are done and you'll want to make Gore-Tex to be created. You can go to system, then perform a reward, okay? If you want to deplete it right away, you can press download and install. And here we can check the status of the download. So after the dominant would finish it, the, our microchip will be remote to Install firmware reporting. Now, the password is changed. I will type the new password to connect. Perfect. Now we can see that the installed version is 7.6 and it shows here or cell division is 7.6 K, which is the version. Like I told you, this is the easiest and the efficient way to epidemic or algebra. There is another option is by downloading the firmware from the microtubule webpage and install it manually. It's an offline way, will make rotate, don't have to be to have Internet access on it. So let me go back to the browser. And here we need to go to Mike rhotic.com. From here, I will go to a software. Here we can see the version seven. We can see also the firmware of the version six. In case we want to do a downgrade. Because we are using virtual router. I need to go and choose IT Cloud hosted rupture. So if we go here, we can see that our vision is CHR, which stands for Cloud hosted. Roger. Okay. And it will download this version even if it is a decision version, just to try it in this router because he's already in division 7.6. So it will download the main package from here edited. So to install it, you just go there, need to go to your inbox and go wherever you have the image downloaded. And you will need just drag it and drop it. Okay, this is the version. I will just drag it and drop it. So here we can see that it's uploaded into the router. Let's wait for it to be uploaded. Perfect. Now, our image is uploaded, enriches. If we close here, you can find it here in fights. You can see the, the router OS. Now, all what we have to do is to perform a reward. So go to a system and its reward. Perfect. I'll make rhotic is reported and now it's up. And like we can see here, the new firmware is 7.7 is C5. And also here in packages, we can see our image. So like I told you up here in the download, we need to be careful to download the exact version that we're on. Like I told you, it's easy for us because we are using a Cloud or structure. We can just go to here. If we want to upgrade, if we want to download the image to install, you can download the file or uno va or around disk. The disk is the one that we don't lose it to install in the genus three. This is the image, this is the image. It is for you all to be sure that the version that you download is the right for your router. First, you need to go to inbox. And then here in system, you need to go to resources. And you need to check the board name and the architecture name also. Okay? Then you need to go to hardware. E.g. let's pretend that you have this rupture here. You need to go to sea port and downloads. And from here, you can download this version here. You can download this image and you are good. Otherwise, you need to go to software or XML and search for the architecture that you have in your router. Like I told you, we have the x 86 architecture. Here it is. So we might download this image, but it's better to download the Cloud or structure and don't read it from here. Okay? In other cultures they may have a snips or MM EPS. It's depend on the architecture of your router. So again, you need to always go to a hardware and search for your router. E.g. if we were on disruption here, if you are using this router, scroll down, go to support and download and download. The query interrelates, which is the largest. You can download it from here. Okay? One other thing that I should mention here, if you are, like I told you earlier, board, if you are using aria in a microfluidic device. You may also need beside the potato into firmware. And we also need to update the router board. Unfortunately, we don't have this menu. Indecision, our version, but you can go to System. And here you will find a router board. Press the router board and to upgrade. So the router border or so vapor graded. It's so common that to a predator like I told you, because it's a IPPA grade the rotor boat. So HA populate the bootloader of the router. So now let's go on talk about channels. Go to check for updates. And here in channel, we can see that we have the long-term channel stable to sin and development. Let's start with the long term. So if you don't care about the largest futures, and you just want your device to have a supervision on the run for a long time without touching it, then you can leave it on log term, cause it's stable and bug-free. But there are common that is to use the save a version without changing any much. Always go with supervision. So we disable version. You can always keep up in the near future with also fixes. All the new feature that you will have in this version will be fixed it, which leads us to the Shannon. So to send channel is recommended on love, our environment, not on production, to adjust the new futures as soon as they released. So we will have the chance to test in a new feature released as soon as it's launched. And you can try it, they set. And if you can see in the bug or something wrong with the future, you can report that. And the fourth channel we have is development. So this standard is used before the release of version seven. As micro shocker said, this version, it should not be used in real networks. Mean that we should not installed this version in the production environment. They don't guarantee if it will even bought in your router. They don't guarantee even dead. Because like you said, it's only mentioned before the version 747. So that's hit. To summarize, always go with disabled. Don't take too much disabled channel and download and install it. So that's it. Now you know how to upgrade your microchip firmware. 11. Firmware Auto Upgrade: After we saw how to integrate our micro logic router firmware. Now it's time to see how to automate the operation. So like I told you, it for grading the mycotic firmware is unimportant chain. So try not to forget or targeted largest, stable firmware as soon as it's released, it's better to automated operation. So there is a script that we can use to automate the diaper grade. First, let's create our lab and each me go to GNS3. Here. I will drag and drop my critique. And they will grab the cloud or zone. It will bring it from gene is three. This one will be Internet. Okay? And we'll drag and drop. This is the management. This is declared. This is the management. Yeah, this is the management. And we'll use it to access to the microcytic. And here I will drag and drop. The nut will be from my GNS3 VM. I can not access microchip for my local machine using the nut. So that's why I drag and drop below the cloud and the not the internet speed in mind that is much better than my management cloud. That's why I drag it or zone. So when I did the precarity of the firmware that we will not take so much time. Now, I will connect you might either one interface with the nut and either three interface with the management. With port. Unit one, unit zero. Yes, you do need zero. It's my one. You go to the adopters settings. So here in my eliminate one, this is the IP. It's a host only adopter. It has no internet connection on it and this interface. So I'll make rhotic should have an IP in this range. Okay? It will start mimic Arctic. Now, I will open my inbox. Here. We'll go to neighbors. And let's refresh. Here is my check login to it. And password is empty, of course. So connect either three is not your own DHCP. That's why our microsecond didn't pull any p from the eliminate one. Okay, that's why I have connected to it via the MAC address. It will create your password. Me make this bigger. Okay, Perfect. Like I told you, to auto upgrade, we need to have a skeleton to do the auto upgrade. The script is, you can find it in the micro arctic oil Wiki website. So if we go here and do it for grading, or Alt R or S. Here in the Wiki, we need to go to the Minoan. And lists. Go down. Here it is. This is the script for the versions after the 6.1. And this is the script for the version that are older than the 6.31. Okay? What we have to do is to copy the script and go to our Inbox, then go to system, then scheduler, press the plus sign, rename the scheduled it for grading. Roger. Okay. You can name it whatever name you want. Here is the start date of the script. You can leave it as it is. And this is the start time, e.g. let's see what is our magnetic now? This is the term of our macro logic. It will start it at the sign in the interval. We can see it's, it's how much the script will run, e.g. if I do there, 24, which means 24 h, That's one day. So every day at this time scale up towards Iran. And here, in this area here, we can pass our script editor is like we can see it's skipped, is a commons. There are 23 simple comments. The first one, chicken for the update. If there is any new version. Here, it's a brick social. Wait for 3 s into the check for updates, bring some results. Then if the statues of the result says new version is available, then we'll install it. This is script. Okay? So I will go and change it time or let's see. This is the wrong account that says how many times the script runs. We can see it's one, no. Army cortex should run script. So let's go to a system, then packages. And if we go here, we can see that is known as the image and the Israel boating. Now, look, we can see that's done automatically. So omega Arctic is reporting the tomato cancel and type the password. Okay, perfect. Now we can see that our magnetic version is 7.6. This is IT. System is already up-to-date. Our system is up-to-date. Like I told you the script to download and install the latest stable version, which is good. So we need to go to the script again, just scheduler. And here we can see that the next run will be tomorrow at this exact time. So where are we can change it from one day to two days or whatever time you want. Okay. Perfect. Let's go back to the website. We're in the website you can see all the methods of the upgrade, like the one that we saw before and other methods rather than doing it per grade, e.g. the money or they played by dragging and dropping the image to win box, which is easy. Actually, you can do it using FTP or using a client like fight Zillow. Okay. There are more methods here. And here you can see their versions. The long-term vision and the disabled, and the petal, which is the testing version, LDR. This is the tree of the versions. So perfect that set for today. I will see you in the next lecture. 12. Firmware Downgrade: Now, what if you want to downgrade your outer voice? For our reason or another? You did it per grade your microchip router to our version. But you are not happy with the options and futures, or this is not the version that you want to install in your micro decoys. So in this case, what you need to do. So this is simple. You need first to download the version that you will want to downgrade. So let's go to the microchip webpage. Then software. This is like we did to download the, the firmware to iterate. We will do the same steps to downgrade. So I will go to the Cloud Router. And here in the main package. First, let me a predator. I don't want it to this version which is the simplest know, e.g. if we make a mistake and upgrade to this version, which is the testing version, Let's go first and the upgraded to that version. It's still in division 7.6. And you will go here and drag and drop 7.7. Perfect. Now, what do we have to do is Jodi vote. Perfect, It's up again. Now the version is 7.7. So like I told you, you need to go and download the ui-router image. You can choose from the version seven, or you can even go back to the version six if you want. If you don't find that the version that you want here, you can always go to the download archive. And toes are older release, like you can see here. You can download the version, the exact version that you will want. Okay? From here. This is the architecture. Like I told you. This is for arm, this is for snips. And you can like I told you, find the architecture of your Roger from go into System and resources and you can find it from here. I'm telling you that again, because it's important to download the exact file of a version, you will need to download the exact file of your router. So if you didn't do that, the grade or the downgrade will not work for you. Okay? Now I will go back to my router. And I'm using the version 7.7 and I'm not happy with it. It's a decent image. The futures I have, I have some problem with the future orders or there is a bug in this version or something like that. I don't want to wait for the fixed to come out. So what it will do is to come back to the previous version that I've used before and that I know it's stable and it's a grid. In my case, it's 7.6. So what we'll do is drag it and drop it. And after that, we need to tell the router that we need to do a downgrade so we can go to System and the report. But if we did the revolt, the router will think that we want to do on a per grade. And you will find that this version is less than this version and they will don't match. And so we need to tell the router that we need to do a downgrade the energy budget. We need to go to a system, then packages. And here, press downgrade. And two, yes. Normally we reward after the downgrade. Yes. It's up again. And these automatically logged in and we can see in the packages diversion is 7.6. So perfect. That's what we want. I will make Arctic is a perfectly did the downgrade. Like I told you, it's important to download the exact version file of your firmware itself, the sum architecture of your router. So that's it for this lecture. Now you are able to do a downgrade order. 13. Firmware Upgrade & Downgrade Using CLI: Of course, we will not forget to do the EPA grade and the downgrade from the CLI. It's important to note the commons layer or zone. So let me go to Genesis three and use a new micro logic. You will drag the mud or it will connect them. It will start Mei, Mei critique. Fixed. Now I will double-click on it. So you can access to the micro ticker sale I, either from the console cable, using the console cable and connect you to the concept port. Or is this a short? Okay. Username is admin, password is empty and they would create a new password. Okay? Now the first thing we need to do is to check what is the current version in our micro check. So let's do system out. Print the effect. This is the command. And from here we can see our roadways version is 7.4 is C2. Now let's go and see what is the common to run to check for updates. So we will do System, Package and design update, then check for updates. So like you see, the commands are easy to remember. Okay? They are easy. It's like we are navigating from the wind box. So in the wind box or we go to system, then package. Then we press the button that says check for updates. And we'll press Enter and click. We can see here it says that there is a lattice version which is 7.6, and it's a new version. So we can download it, install it in our Omega logic. So let's see how to do it. It says same package. If date. Now we have two options here. We have even to download or install. Like I told you, the difference between download and install is download will download firmware. And we're not started until we report our magnetic. But instead installed. We download it and install it. So I will do install antique. We can see it says show us the Download Progress. Perfect. Even before we look into our micro tick, we can see from here that the version is changed to 7.6. So each login to the system, the cage brand. Like we can see here. This is the new version. You can also upgrade using a custom image if you want, e.g. the testing images 7.7 is not available in disable version. So you can put it in the microtubules in an FTP server or you can use when box if you want. For me, I will just to access to when Box and push the image first. Each me bring the management Cloud so I can access my recording using the inbox from my local machine. I would connect it to either three. Okay? It is. Now I need to drag and drop the image. Here it is. Now it will report myalgia. Yes. It's reported now and we can see here, division is changed to 7.7. And that's good. Now, let's see from CLI how to do the auto EPA grade using the script. First, I need to remove this micro trickier and bring new macro stick with the old version. It will start it. It's connected or so and destroyed to access it. Now we can see from here that are macrocycle run the old version which is 7.4, and we need to separate it automatically. So to create the script, we need to do system scheduler and to add, then give a name to the script. So I will name it firmware. It be great, perfect. Image firmware upgrade. Now I will give it the time, start time. We'll give it Okay. This time. Now, what do we need to type is the interval, or I will keep it at one day. You can change that as you want. So every day the script will run at this time. And here on event, here where we put our script. So I wanted to meet copied script again from the website of microcytic micro logic or alter its search for the Wiki. Just go down. This is script copied. Then postscript after the bracket here. So make sure that the bucket is here. Then postscript. After that, you need to close the bracket and don't answer. And it says, start on is not valid because the time is more than this one that we've sit here. So let's do that again. System scheduler, add name. I will name it. Firmware. Upgrade. Interval would be one day. Now it start. Time will be what should this time, okay? And on event with our script and close, are we doing to put the bracket in? Like I told you, it will not work if the bracket is not exist yet. So let's do it again. Okay, system scheduler, odd, name, rename it, just integrate over one day. Start time. This time. Onevent. Make sure that the project is there. Just press the relation and it will put the bracket for you or your country pretty much already. Then. Close it. Angela. Now, if we did system scheduler brand here we can see our schedule and you're in the wrong code. We can see that it's a zero. So it will be one when script run. So let's see when its time. It should be, right. Like we can see here, it says one, meaning that the script is already know. Normally, the router will reward and installed the largest firmware. So let's wait for it. It is, it's reported automatically. Like we can see from here. The version is 7.6. Now what it will do is to show you how to do the downgrade or so. First, let me it populated through the version 7.7. I will open when books dragon throw up division 7.7. We rebuilt my ocher and perfect. We can see the version is 7.7. Now before doing the downgrade, we need to upload the image that we want to downgrade it to the micro check. Somebody's me do that. Okay. You can use when Box or phrase in there, like it's mentioned here in the Wiki. Okay, you can use FTP to put it the image into your micro check. For me, I will just use the inbox. Okay, The image is there. We can check it from the CLI. Let's login to our microchip first. We can type fine print. We can see our image. Here it is. So let's go until our microchip that we want to do a downgrade. So I will go to System packages, update, then I will tell them, don't read that, it's not a potato. I think it's just packages. Yes, it just package downgrade. We need just to go to System Package downgrade. And yes. It says that system will revolt and did serve voting now. Okay, let's fight for it to come up and perfect. And we can see from our division is 7.6. So that's it. I hope that you liked this video. I will see you in the next lecture. 14. MikroTik Packages: Our microchip router supports a lot of different futures. Default installation don't come with all the possible futures that we can have in our microchip router. As a result, the administrator can install or remove a future by installing and removing packages to control the size of the installation. E.g. our microchip router can serve as an NTP server, but to use it as an NTP server, we need first to install the package to use the NTP server future. So let's go to our genus three and see how to do that. Okay. This is my microchip router. This is the Cloud Connector interferes, interferes with the Cloud. What we would see is how to install packages to enable some futures that we don't have in our mycotic. So let's go to a clinic to our router. Okay, I'm connected now. So first thing to do is to go to system, then packages. From here we can see that we have only the router package, which is the firmware of the router. And the version is already 7.7 e.g. if we check here in the menu, we can see that we don't have the IoT menu here. There is no layout of IoT. So if we want e.g. to add the package to the future of IoT to our microbial culture, we need to go and install that package. Then we can use it. To install the package. We need to go to the website of micro check. So we need to go to a micro logic.com. Then we need to go to software. And we need to follow the same steps that we did to upgrade the microchip firmware. First, we need of course, to go to system resources and make sure that we know the exact architecture name of our micro Jack. And also the exact version, which is 7.7 for our case. Okay, for us, what we need to do is to go to Cloud hosted their culture, which is CSR architecture. Then we need to go to our version, which is 7.7, and to install the pig, all the other packages we need to download the extra picky, just the art. So this is the extra packages of our version. It will download it for the 7.7 version. And this is the architecture. E.g. if you have another version rather than the version seven, or rather than those versions here of the version six. Of course, you need to go to Download archive. Search for your version here. E.g. let's search for vision, e.g. 6.47, 0.10. Here, you need of course, to search for your architecture. E.g. I. Would search for this architecture tile. I need to search for all the packages. The packages mean the extra packages, okay. So this zip file here of all the packages that we can install in our tile architecture. Okay, so perfect. Lets me go to the download where I did download my file. Here it is. So from here we can see all the other packages that we can add to our mycotic and we can see the package of the IoT social audit. We need to go to the inbox and we need just to drag it and drop it. Perfect, It's uploaded now to our micro structure. The next thing that we have to do is to reward our micro check. So in order for the package to be installed in our micro check, we need to report the micro check. Okay. So go to system. Didn't reward. The effects are all my project now is reported. And if we go to assist in packages, okay, we can already see that the IoT package is added here. And from the layouts, we can see that the IoT menu is already added. You can see her. Okay. You know what those packages here do and what are the future is within each package, you need to go to micro logic wiki page. Okay. You go to the wiki page. And here I would search for packages. And if we scroll down, we can see our packages are and towards the future in the package, okay? So this is the futures of each package. You can read the futures of each package from here. Perfect. Now e.g. if you want to disable uppercase, you need to sit next to the package, then press Disable. And we can see here it says that it's scheduled for disabled. That means that it will be disabled when we reward our firewall. So let's go into it and go to system. Before doing the report, I will add another package here, e.g. the Laura package. Okay. Perfect, It's added. So this package will be installed and the IoT package will be disabled. Revolt. And we can see from here, the IoT package is disabled and we cannot see it anymore in the menus. Okay, to install it, we need of course to press Install. And again, we can see that it's scheduled for uninstall. It will be installed after we report our micro-technology again. So let me open the terminal. Form. The terminal, I would show you how to disable or in install package. Okay. Of course the installation is drag it and drop it here in our micro check, then reward the microchip router with the command system. Reward. Okay. Now to disable a package, we need to do the common system package disabled and give it the name of the package, e.g. Laura. If we did System Package brands, we can see that the IOT is scheduled for an install and Laura is scheduled for disabled. So if we rewrote our router, Let's do a system in package print. We can see that IoT package is now installed and Laura package is disabled. You can see the x mean that it's disabled. Okay? X plug mean that the package is disabled. And we can see it also from here. Okay, installed it and we need of course to type the command In installed and give it the name. And we can see that is scheduled for installed. So if we did the report, the router, which will be installed. Perfect. All micro-technology is reported. Now let's go to System Package prints. And like we can see, we don't have anymore laura package in our micro-technology. If you believe that your micro-technology have a future that you can use and that you will need to use, but you can not find it in the menu. From the wind box. If you search the menu and you can catch find that the future that we want to use. You can go to the micro logic website and search for your firmware and architecture version, then install the extra packages. And from there you can drag and drop the package that you want into your micro check, then revote your micro tech and the future will be added to your router. This is it for this lecture, please, if you have any questions, don't hesitate to ask me, and good luck. 15. Backup: It's time to see how to walk up our micro Jack. Roger. Know, having a backup file is very important. But what's more important is just our backup by restoring the bug, our router. Because having a backup without ensuring that it works is like having a wish. Okay. So first, let's go and create our lab. Would open Jane is three. We'll drag and drop my macro check. It will drag and drop the Cloud. Here I would choose GNS3, VM will start my micro check, and it will link it with my cloud. Okay, perfect. Now let's open one box and login to omega check to see how to do a backup. To go to enables perfect charities. Password is empty, of course. They will connect. Changed the password, change, make this bigger. Now, to make a backup file, we need to go to Files. And from here we can see an option to do a backup. So let's press it. So here we can name or backup. E.g. I. Rename it to make rhotic. Initial setup. We can protect our backup also with a password. So the contents of the backup file will be encrypted with this hash here. Sure that I mentioned here that envision 6.43 and order versions. If you don't set a password and if you didn't check this box here that says don't encrypt, the backup file will be encrypted with the current user password. So our user admin password will be the buzzword of our backup. That in the other version, like I told you, ordered than 6.4, 0.3. Much in our case here, if we didn't set a password and if we didn't check this box here and we did backup, the backup file will be not encrypted. Okay. So after that, it's recommended to not keep your backup in your microchip files. You can download it into your local machine. It's enjoy a safe place. Okay, so let's go and put it here. If I go here and go, this is my backup pair marriages. So it's recommended to put it in a safe place that no one can reach to it. And also set your password to your backup file to encrypted. So like I told you, you can even right-click on it and download it, or you can just drag and drop it. So let's open the file. You can just drag it and drop it like this. It's easy. Now our workup is created. So let's go and just set. First thing, let me go in and make a change. E.g. I. Will change the identity of my router and we name it CHR. Then I will go and press my backup file and press restore. And they will do restore it on to have a password. Don't restore. Now, omega Arctic, we reward me to cancel here and put a password to connect the fifth. And then we can see here the host name is changed. It's changed to a mycotic, like we can see. So now it will go and change those name again, CHR. And let's create a backup file. Rename it our backup. This sign, I would put a password and it will go back up. Now I will drag and drop this fight here. Save it in my local machine. Then I will close the inbox and it will even delete this macro check. And it will drag and drop a new micro-technology. So this is in case of your microtia Kaldor is corrupted or something like that and you'll need to replace it with a new or microcytic. So you should have a backup to predict Jordan, you're bored. Of course, the Dischord beads, same board version. So if it is, the backup is for our search, our router. The router should it be or the seats are. Okay. It should be the same version. Now, let's go and login. Okay, this is our new microcytic. Changed the password. Now if we go to Files, you can see that there is no backup right here and democratic is in hostname. Those name is Michael check. So now it's it blows our backup to our router. Just drag it and drop it. Perfect. Now it's uploaded. So let's select it and do a restore. Okay, here we need to put a password that we use to encrypt our backup file. And don't restore, put the password. And to connect, zoom in. We can see here those name is changed to CHR. Like we can see. This is our backup file thrown out. We did a backup and we just sit by the storage back to our microtia Groucho. There is another way to take a backup, which is a declarative markup. Unfortunately, like we can see here, the cloud services are not supported on our series, are free license, but we can still see how to do a backup to the Cloud. So when you go here, we need to upload the backup and induction. You need to select, create, and upload. So because we need to create the backup file first, then upload it. If you already have the backup file like we like we have here, you can just go to Windows. You can just type upload and choose your file like that. Okay? Otherwise, if you want to create the backup, you can say let's create and upload. Give the backup a name, e.g. Cloud backup. It's recommended to set a password because the backup file will be stored in the mitotic servers. So security it with a password. Then after that, what you have to do is start. But unfortunately, like I told you, we call them to do that because our router can support Cloud services. The second thing that you should make sure of is that your, your microchip router have Internet access on it. So we can upload the backup to the mitotic servers. Okay. So after that, after you press Start, you would see your backup name here appears here. If you want to restore a toy or micro check, you will right-click on the name of the file and select download. You will find download when you select the file and the file will be downloaded into the files. You will find it here. I'll show you press download, you will find it here. Daniel can select it and to restore. Now, let's go and see how to do a backup from CLI. So we will use the common lines to make a backup file. Okay, let me open the terminal. Now. To make a backup file, we need to type the command system. Backup, save and press Enter. We can see here the bicarb is created and saved in our system. So if we did fine print, we can see that there is a new backup file created. Here it is. Like we noticed, the backup is created based on the host name of the machine plus the date, which is the year, and the month, and the day, and also the hour. Okay? You can name your backup by type in this command. System. Backup. Save the name and name it, e.g. may backup. Here, just like we can see here. If you want, you can also protected by a password. So it's type here, password and tape. Our strong password until Andrea. So this is our backup encrypted with a password. So you need to keep this password. So when you want to restore your backup, you will be able to do that because if you don't have the password, the bicarb will not be important to your system. Now we have the backup. Let's see how to restore that backup. So let me go and change the name of my micro logic. Go ahead and change the host name. Mike rhotic. So we can see the change. Now, all we have to do is system backup, load. Then we give it the name of the backup that we want to load, e.g. my backup. Okay. Then I will go under there is no password. So I will do enter. And yes. Perfect loading configuration and revolted. And like we can see, the name is changed, the vector C H, R. I think we can see from it, It's that easy. So let's see how to do the Cloud backup. So to do the Cloud backup, we need to type system backup cloud. And we want to upload a file to the bucket. So we will type the command upload file. And the oxygen of course will be create and upload. If we don't have already a backup, we can just type upload the file and give it the name of the file, e.g. our backup. Backup, the backup that we created before. Okay. So it's still create and upload name and we named our backup file. I will name it cloud backup. And of course, we need to secure it with a password. So make sure that the password is strong, then answer. But unfortunately, like I told you, where all my critique don't support Cloud services. But this is common to create and upload a backup file to the Cloud. Now the question is, how to download the backup from the Cloud? So if we did create a backup, then we need it. After that, we need to download it first from the Cloud to our micro check. So to do that, we need to do system backup, cloud and design. Instead of doing a profile, we need to do download file. And oxygen should be of course download. And here we need to type number and the number should be the backup for that we've created. So to find the number of the backup, you need to do system backup. Cloud Print Area would find that the number of the bucket. Okay. So the command is system backup, cloud, download file, and action should be no load and the number of your backup and then Enter. And after that, you will find your Don't look at the backup files. If you do five branch, you will find the backup that you will download it from the Cloud. 16. Auto Backup: In this lecture, we will see how to do auto backups. So the creation of the backup file will be automatically. And also we will see how to send this backup file to an FTP server automatically using a script. So first, let's go to GNS3 and create. Our lab. Will drag and drop micro article voucher will drag, of course, cloud. Okay. We'll link my micro logic with Cloud. I will start it. So now we have our micro check and we need to create a script that do the auto backup and send it to an FTP server. So what do we need also is an FTP server. You can use whatever FTP server you want. For me, I will use open to Docker and install Pro FTPD to use it as an FTP server. It's just for the sake of this lab. First, before connecting my old want to show the mycotic. I will drag and drop and not have internet access. So I can install the FTP disservice in the OpenGL because I need internet. Okay, I'm going to right-click on it and I will edit, config and go under DHCP configuration and uncomment the settings here. So machine can pull an IP address using the GCP. I will start it. Now, I will log into it. Perfect. We can see that we already pulled an IP. It's being engineered. Perfect. Now first thing we need to do is APT update to update the reports of our local machine. After that, we will install FTP package. Ask us to choose between needed and standalone mode. I will choose standalone, okay? Perfect. If GDP is installed now. So let's start. It will start at using this command here. Pro FTPD. Start. Now let's do start just to see if it is running or not. Like you can see, he's running a standalone mode and he is currently running. So the next thing we need to do is to create a user that can use FTP. So I will do add user. We will name it CHR type password. Okay. Let's save audios are created on Lake. We can see here, this is our user. Let's test if this user can use FTP. There is no FTP client, so let's install FTP client also just to adjust local connection. So it be to install FTP, FTP local host. And the username, or the password is 123456. This is my password. And take we can see here user is logged in. Perfect. I will exit. Now. One thing that I will do is to go to the Pro FTPD configuration. And here it will go down here to default route. Here I will J, or our user, that if Jupiter there to their home folders, to the home folder. To change, we need, of course, to restart my server. Restart. Perfect. Nobody that are the five short go to slash home slash r, which is my username, home folder. Okay, Perfect. Now I will close this. Need to connect it now, my micro check. So I would connect it to port three. And here I will go and edit to the machine again and comment Burke, those lines. Okay? And they would sit a static IP. The IP, this is IP that I will use a need to use the same subnet in my micro check. So I will save and lead to go and connect to our micro logic. There is no password. So I will go and sit on IP address and port three of my micro check. So I will go to IP addresses and the, press the plus sign and type the IP. Here, I will choose it there three. And they will do Apply. And Okay. Now I will go and start my own wonderful machine. It's still ifconfig. This is the IP, it's pink or magnetic. Perfect. Being is working fine. It's being from the other side or being too perfect, being working fine. Now, let's see script. So I've already created a script and put it here. I would share this script with your inner resources of this lecture. So the first thing in script is to create variables. So those are the variables that we will need. The first one is FTP server IP address would change this to ten. And our FTP user and our FTP password. This is the first variables that we will need. The second variables that we really need is to make a name for our backup files. So the name should be based on the date. So the first one Is variable is for hostname. The first part of our backup name will be the host name of our microcytic. And second part of the name of our backup should be the clock entity, I think we can see here. Then we have a local file name and a local remote fine line. The local file name will be hosted in our micro check. You can change the name as you want, e.g. you can keep it as the same as the remote file by removing the daily backup here, the backup data from here and put the date variable here. Or you can keep it as it is or change the name as you want. So this is the variable of the hostname, this one here. So the result of this command here will be saved as a value for this variable here. Okay? And the results of these commands here, or those commands here will be stored as a value of this variable here. Okay? After that, those are just information that we present to us that says this is the name of the local fire. This is the name of the remote file. This is the hostname, this is the date. Okay? Then the script which saves that is starting to backup. We will use the variables here. So this is the command to create a backup. We saw that in the previous lecture. In the name, we would put our local file name. And this is the command to send our backup to the FTP server. So the comment is slush tool Fitch or the rest. From there, we need to put others of our FTP server. Then source port should be the name of the file that is in our files here. So the pocketbook created and stored here. So here will be the name of the backup for that is here, okay, it's the same name. Okay. Then we put the user. And when you need to choose the mode, which is FTP, and we need to do that. You need to send it via FTP and the user and password also needed. The near the destination part is the name of the file that will be stored in our FTP server. It will be this name. And of course we want to upload it. So we will do upload, yes. Okay. So this is our script. It's pretty much easy. You can use it as it is like that. Or what you will need to change is the FTP server, IP, your username and password. You can keep all of these negatives, or you can play with the local file name and the remote file name. You can put whatever name you want. Okay, it's better to do it like that. So you can every backup on your FTP server of a particular date, so you can know the date of the backup. Okay. So let's copy the script and go to our Inbox and hear from him box we need to go to a system. Then we need to go to scripts and its creators characters. So I will do plus every named script backup fixed. And here I need to put my script. So this is my scripture, it is. Now it will do Apply. And Okay, so now we need to create a scheduler to run our script. So it will go back to the same scheduler, rename it also auto backup. So here we need to put a start time of our script and interval. So for the sake of this video, Start the time I would put startup. And they will learn script every minute. Okay, it's just for the sake of this video. So to run the script, we need to use the command system script run. And we need to put the name of our backup for script, which is auto backup. Since same script run auto backup. Now I will do Apply. And Okay. And it's white for the script to run. Perfect. We can see it in the wrong code. The auto scheduler is ryan, and let's see if our script is running. Let's go to the log. It seems that script it didn't run. Why? Because I make a mistake. They could reconsider the name is auto backup. What I put here is the backup is not same as the name phi, so it's case sensitive. So let me do big V and two Apply and Okay, and let's see, no script should run. Now. Let me go to time. And the next one would be at this time. Okay. Let's wait for it. So make sure that you put the exact name of your script in your scheduler. And of course, you need to test your scheduler and script before put it in production. Scripture, there are no perfect, it does rhyme. And we can see, we have around count somebody to me, close this and close this. And if we go here to file, we can see that our backup is created. This is the name of our backup. Micro. Take a backup daily. Now we need to go to our own tool. And if we go to Home CHR and it is here, we can find our backup. 17. Time & NTP: It's important to make sure that the time in our microchip router is correct. Why? The list of the reasons is logs. So when we want to check logs, we need to know the exact time of each task that will help us during troubleshooting or monitoring. Or so time is important when we want to schedule an event, e.g. an auto upgrade at midnight. So if the time is incorrect, the EPA grade might happen. A production time, even though the micro checkerboard really quick, but still can cause a downtime. So let's go and CO2 or configure time. First, go to Genesis three. It will drag my micro tick. Every drug Cloud Connect either one ETH. And they will start, may make rhotic. It would open the inbox and it will login to my democratic, change the password. So tocopherol time, we have two options. Even do it manually by going and the message in the exact time. Manually, or which automatically using an NTP server. When using entropy, we need to make sure that our microchip router have internet access. So you can put the time and the date information from the NTP server. So first, let's go and do it manually. If we go here and we showed the time and date, we can see our current time and date. The date is correct, like we can see here, but the time is 1 h back. So let's go and fix it the time. So we will go here to sustain then clock. And this is the time. So we can set the time manually. Like that do apply. And we can see here the time is changed. State also can be changed manually form here. Otherwise, what we can do is to uncheck the auto detector of times on here in the time zone name. We go and search for our teams on e.g. in my case, I will choose Africa, Casa Blanca, and they will do Apply. And Okay. So let me go back to system clock, which may check this again and put this back to manual. And it may change the time. It's put out a long time. Okay. Now, let's go and select our times on. Again. Notice the Apply. And Okay. And then we can see it's still didn't change the time or date. After you did say lecture or time zone. You need to report your router so we can set the correct time and date. So let's go to the same. Reward. Me. Put the password. Perfect. Now we can see that the time and the date are correct. Now let's go and see how to do that using the NTP server. So if you want to use any ATP, you need to go again to CSM, then go to into PICC lines. Here you need to enable it. And here we need to put an NTP server. So if you have a local NTP server, you can put it here. And in this case, you will not need the internet access in your router. Otherwise, I will go to the people from the Internet and search for NTP, board of Morocco. Perfect. I can see three servers will choose this one. Copy it. Before doing that, let me go and put that to ammonia again. Like we can see here, the time is 1 h behind. Let's put our own IP again and year or so. Okay, Let's go again to assist in into PICC line. It will enable the entropy would put me server. And they will do apply. Here in starches, we can see that it's waiting. So he's trying to resolve this domain and communicate with the NTP server. If we go here to servers, we can see that the domain is resolved. And we can already see that the timer and that is changing. So if we go back, we can see that status, change it to synchronized. But we can still see that the time is 1 h behind. Why? Because here in Morocco the added 1 h plus the current time. So that's why entropy is 1 h back to fix this, or what you have to do is to go to the same clock. And you can go to manual time zone and add here plus one. You can see this money already. We can see it's changed now. We are doing this only because like I told you, here in Morocco d have the other one other hour to the current hour. Okay. So normally it should be five, but the other day another hour. So it's 06:00 P.M. now in Morocco. Here you can add other NTP servers for backup, e.g. we can add the server also apply. And we can see that it's a result of that. Also. If we go to a log, we can see that NTP server is added. It is, and we can see that the entropy is changed the time Hs. And if we can see here, this is the time and date of each task. So here, when we was having the wrong time, when we set the correct time. So again, time is important. We can either do it using money already, like this, or un-check auto detect times on and set our teams on manually. This also will automatically set at the time Oreos in an NTP server. The recommended method, of course, is using HTTP server like this. Okay? So now we need to go and see how to do that. From CLI. It will open the terminal. So first-gen is to check the query and time. To do that, we need to do system clock. Brands. Like we can see. This is the current time, date and the time zone, although detects is check it. Okay. First let me go to system. Let me go to the client and disable it. Will move this apply to bingo chips servers. Okay? Okay. Perfect. Now, to change time, we need to type this command system. Clock, set time. And we need to push the hour. I would put our hunger, our, so we can fix it using entropy. And the minute and second, Okay, then date. So in the data, we put the mount, the day and deer. And the mode will be at first three characters of the month, e.g. if we are in January, we should put the three character of the month, e.g. in February, we should put just the first three characters. Okay? So he put John and ******. The day is 26. Dear. I would put also our own year. And the time zone auto detect. I will put no, I will disable it. So it's the same clock brand. Like we can see. This is the train end date. So this is how to set the time manually. Now let's go and see how to do that using the NTP. So we'll do system NTP client, then set enable it. Yes. We would innovate. And mode is by default in your cost, then servers. I would post Server Manager. So if a will and did rent, I can see that stages is waiting. If I go under, you can see here the time is changed using the entropy, like we can see here. It's already changed it. If you go and get into P client servers brand, we can see that our entropy port other this is resorted to the IP. Okay? So let's go and ptosis same clock branch again. And we can see that the time and date are correct now. So this is it for this lecture. I will see you in the next lecture. 18. NTP Server: We can use our microtia curvature as an NTP server to provide time and date information to our network devices. So e.g. if there is otherwise in over network that can not be connected to the Internet configured an NTP server in our mycotic will be a handy way to provide local NTP server to our network devices. So let's go and see how to do that. First, we will go to gene is three. It will drag my micro check. Every drug chylomicron picks. One of them will be the NTP server and the other one will be the entropic lines. Okay? It will drag the Cloud for the management. Also drag the gene is three. Ethernet switch. Didn't drag it. Okay, perfect. Now let's connect them. The first anterior face will be connected to the switch. So we will use this interface just for management. And I will connect the chylomicron, check between them directly. Okay, we'll start told me cortex. So here I will set this network here. So my tool, my Gore-Tex, can be communicated. So 0.1 will be for my NTP server, and 0.2 will be for my entry PICC line. Okay. Maybe we'll go and open the inbox. And let's connect to our first democratic. Change the password. First thing I will do is it will change those name of this micro check so I can identify it. So I renamed it into P server. Second tenor will do, is it will go and sit this IP in the other three and two-fifths. Okay? Apply and Okay, Perfect. Make this bigger. Now the first thing we need to do is to make sure that our entropy server out the correct date and time information. We can provide our network devices the correct information. So it will go to system, then into PICC lines, will enable it. And the air will go and search for the entropy pool. We did see that in the previous lecture. So I will copy this report. Another server. As a spare. You would apply to go to see if the servers resorbable. Yes, the IP is already sorted. And look, we can see here it's synchronized. Okay, Perfect. So this is the first step. Second step to do is to enable NTP server. So all what do we have to do is to go to System NTP server. And, or what we have to do is to enable it. And that's it. We just need to enable it. The Apply. And Okay, and that's it. We are done with our entropy server. So you will open new inbox and connect into PICC lines. Change the password. We'll go unchanged the host name also. Gp client. Second January will do is it will go to IP. Addresses are fixed. Ip also here Apply. And Okay. Now let's open the terminal and try to ping our NTP server. Ping 192.168, 0.3, 0.1. And we can see that we are able to ping it so our trauma cortex can communicate between them. Perfect. To me, go here and show the time and date. Will go and sit out wrong time. We'll go to system clock. It will disable the auto detect for the time zone. Change the date also. You will do Apply and Okay, you can see here it's changing. Now. I will need to go to system, then into big client will enable it. And they are in the NTP servers. I will put my entropy server IP. And they will do apply. Now we need to wait for it to communicate with our entropy server, which is our microcytic and synchronize the time. Perfectly like we can see here. It's synchronize it. And if we notice here, the time entities are correct. Now, that's it for this lecture. I will see you in the next lecture. 19. DHCP Server: Our microbiota can also serve as a DHCP server and provide our end-users with IP addresses and gateway, DNS and all the network information. So let's go and see how to configure DHCP server and our micro logic. First, go to Jane is three. From here. I will draw. My micro logic. And Cloud. Also need an Ethernet switch. This is the genius three Ethernet switch. So the Ethernet switch, and I will drag and drop two VPCs. Okay? Now it's connected. Then. The first interface, omega logic, will be connected to the cloud. And the cheered on your face will be connected to the switch and the real conics mutual VPCs to switch. Okay, let me start my necrotic. Now, I will right-click on the VPC and go to edit config. And here I will comment this line here. So may VPC can automatically, they asked for DCP when you start. And you will do the same thing in second one. And save. Perfect. Now I will go to inbox and login to my micro logic, changed the password. Now, first thing we need to do is to have an IP address in the anterior face that we want to use to give the CP. So our interface is either three. This is the entrepreneurs that we want to use to provide DCP. So the IP address will be 192.168, 0.3, 0.0. This is the network IP that I will use. You can of course use any IP you want in the subnet. So 0.1 will be the IP of the anterior face. So let's go to inbox and set the IP of the anterior face. So we need to go to IP, then other races. And plus sign. And here I will type my IP slash 24. And here in the interface, you need to choose either three. Apply. And Okay, so perfect. This is the first step we need to do. Now. Second step we need to do is to create the poll. So we need to create a range of IPs that we want to provide to our clients. So let's go to IP, then. Let's search for pole. And the pole. So we're in the pool name. You can keep it pulled one or put whatever name you want for me, rename it. Here in the other courses. I would put my range will start with this IP here. And it would end the poll with 0.20. It's a smaller range. Okay? So here in the next poll, that's mean that if this range here is completed, so if this range here is fully used, what is the next poll that we can use? So you need to create another poll and put it here if you want. Or you can put your whole range at once here. So let me show you how to do that. And we do a play and okay. E.g. I. Will name it lawn tool. And here I need to put a different range. E.g. I. Will start with 21.3, 0.1300 Apply. And Okay, and if I go back to my first poll here, I can choose my lunch. So if this syringe is used completely, then we can use for the IP addresses in this other range. And this range, of course, should be different from this one. Or we can simply put all our IPs that we want to use in wondering, Okay, Perfect, This is the first. Step we need to do is to create the poll. Next step is to go to TCP server and put our DCP server. So you rename it. Here we need to choose the entry phase, which is either three. And here in the other sport, here we need to choose our marriages and do Apply. And Okay, so after that, we need to go to on networks. And here we need to put our network slash 24. And of course, our gateway IP, which is the IP of either three interface. Here in the net mask, we can leave it empty because we've already put a slash 24 years in the others were in DNS server. We can put our DNS servers, so 88 and they will add second server. Then I will do Apply. And Okay, and that's it. So let's go back to GNS3, which may start my two VPCs. This one, antoine to start it, I don't know why. So every little move it. They will bring another one. Okay. Indeed config command, DCP, save, start defects. Now like we can see here, our VPC talk on IP from our server. So if we did show IP, we can see the IP of our VPC, the gateway and Dennis. And we can also see the DHCP server IP. So let's pink or micro logic. Perfect, I can ping it. Let's check our second VPC. Show IP. These also taken LIP. So I would think my microbiotic. Perfect. Now let's go to a wind box. Let's go to this link. We can see those are the leads. Me go back here to the second VPC. What I've noticed is that the two VPCs are same MAC address. We can see here the Port of them having same IP. That's why our mycotic give them the same IP. Okay, let me remove this. Let me see if we can change the MAC address of this machine. Cannot remove it. Okay, we'll do TCP dash t. Now we've got a different IP because the market, this is different than the VPC alone. So if we go here to the inbox, we can see two CPDs. So from here, we can see this D flag mean that IP is dynamic. So it's, We'd be changed. E.g. if we want to sit this IP strategically to this machine, we can right-click and press make it static. We can see the D flag is no more a showing here. That means that the IP now is tragic. Okay? There is another way to set a static IP is we're going to reduce this and press the plus sign and sit the IP header and the MAC address money already. Then. The door, okay, and the IP will be assigned automatically. So let's try that. Let me go and drag and drop VPC. Started and connected. Which switch? You will do. Show Ip and copy the mac address. Okay? Then I will go here and sit IP. E.g. you will do 14, okay? Past the MAC address. It will do Apply. And Okay, we'll go back and do a DCP request. And like we can see the VPC talk, the IP that we've seated statically. We can see its octave. Okay, let's try to ping our micro check. And we can perfectly binging or micro check. Okay, perfect. One other thing that I would see video is the options. So e.g. if we want to configure an option for our DCP, we can do it from here. So e.g. if we want to configure the TFTP option. So let me name it TFTP. And of course the code of the TFTP option is 66. Here in the volume. If we want to put the IP address of our TFTP server, e.g. our TFTP server is a 0.5. So here in the volume we need to put before and after the IP or single quote. Okay? We need to put a single quote here and another single culture. If we didn't do that and we did apply, we will get an error message that says, according to add new DHCP options because of unknown datatype. Okay? So we need to do that and to apply. And this time it target, okay? And they will doggie. So perfect option is here. So after we selected, after we created the option, we need to go to our network. And we need to go to TCP option and select the down arrow and choose the FTP and to apply it to go back to option, to do plus sign. So this time, if the value is a hex value, we need to put it in a different way. So e.g. for option 43, okay, coat is 43, of course. The hex value should be generated from the IP of the controller. So the access point can know where the controller, okay? So we need to go and see auto-generate the x value of first. It will go to this first website. Here we can choose from Cisco or Rockies. If we have our orcas or Cisco controller. Here, we put the IP of our controller and we do give me my option 43. And this is the x value. Okay? We'll copy it. So if I go here and put it, and to apply, again, we can see the message that says unknown data type. So before the x value, we need to put zero, x. Okay? So we need to put the zero and x then our x value. And to apply. And we can see this time, you take it. Again, we need to go to on networks and press the down arrow and choose our option to Apply. And Okay. And you're all good to go. Okay, perfect. So one other thing is that we can do the DCP setup automatically using this Juliet using TCP setup. So e.g. I. Will choose the interchange fees. And thick we can see there is no IP yet in this anti-freeze, so it will do cancel. Maybe we'll go first to IP addresses, the plus and sit on IP for this interface. Okay. Apply. Then go here to GCP setup. Select the anterior face, do next. Next. We can see this is our gateway. We will keep it every day next. Here we can modify the range if we want it, we'll leave it as it is. So this is the port. You will do next. We can, of course modify DNS as we want, okay? Until next. Time also can be modified. I will put 24 h, which is one day next. And then we can see here it's setup has completed successfully and they will do okay. So if we go here to network, we can see our network are there. And if we go to IP, Let's find Paul. We can see our DCP polarities of orangey phase. So it's red because our either to antifreeze is not connected to any of the voice yet. So if we go to our genius three and connected to this VPC here, do you see p, d here? We can see that we've talked on IP from the Odyssey per server. Like we can see, it's no more red. Okay, It's octave. Octave now, so perfect. Now we know how to configure DHCP. You are free to configure it manually or using TCP setup, the DCP setup safe assign. So it's a and they store. Okay, so now let's go and see how to configure this CP from CLI. We'll open the terminal window again. And first-gen We will see is how to use the CPE setup from CLI. But first thing we need to do is to sit and they progress to one of the interfaces. So I will go to IP address, others. And I would sit like before, either four and two-fifths. Perfect. Then I will do IP DHCP server setup and show your face should be either for DHCP network. Is this so yes, until the gateway is 4.1, which is the IP of the anterior face. Yes. You don't want to change it. So if we don't injure, this is the poll that I want to give to all my clients. So you will do here, I can modify the DNS. We need to put comma to separate between servers. This time is 10 min. We can modify it if we want or leave it as it is. And that's it. So if we did IP, the CP serve brand, we can see our DCP is created. So let's go and test it. So here I will delete this link. And link may VPC with internet for renewal. Our DCP, DCP dash d. Unlike we can see, we've talked on IP from ODC passive. So perfect. Now let's go and see how to create the port and the network and this CPC ever manually. First-gen I will go and assign an IP address either five interface. Okay? Interface is either five. Perfect. Now first thing we need to do is to create the poll. So the command is IP for add and give it a name. So he would name it my port. Then the ranges. Here, my range. Start on this IP and the end will be this IP. And they will do. So if I go to IP port. And I did print. I can see my poll out here it is. Now it will type IP, others. I mean IP, TCP, server, odd and others. For a name, rename it my DHCP. This is just the name and these are, you know, somebody may DHCP server will be inhibited. So this is the common to enable it until phase is either for the name. He's my DHCP, sorry, here in the other sport. Here we need to put the name of output. So I would put my pole, and this is the name of DCP. So now able to answer if their brand. So this is my DCP. Now, we need to set the network. So we need to do API, TCP server, network ad. And we need to put our network address, our gateway. And DNS servers. Again, we were separated between them using a comma and enter. So that's it. Now, all what do we have to do is to just RTCP server, which may bring new VPC. We started. And we can see that it's already talking IP. Here it is. So perfect. It's the way to ping or micro check. We can successfully ping it. Let's go back to the wing box. And let's type IP, DCP server, this print. And those are all the leases that we have, e.g. if we want to set one of those leases to be static, like we said before, we need to type IP, TCP server needs and to make static and choose the id of delays. E.g. if we want this IPR to be strategic, we will choose the A15 and digital print again. And like we can see, there is no more D flag like we can see here. So it's no more dynamic. It's not static. Okay? Of course we can do it manually by typing this command, cp server, these and to add. And here we need to put the address, the MAC address, like that. Let's see, we'll do 04 and let's try jewel the rag and throw up another VPC and see if it's MAC address will be 0.4 in the end. Let's see. We're going to move this link here. You will started to oxygen, so it will show IP. And we can see it's 04. So let's see if it will take the IP that we did sit statically. Like we can see here. You took the IP that we did a sit statically, which is this IPA 0.11. So perfect. One last thing that I would see video is how to create options are from CLI. So to do that, we need to type it PDCP server option. And the odd, then we must sit to code e.g. 66, which is the TFTP option. So we can name it TFTP. I believe that we already have TFTP options, so I will name it TFT P2. And you're, like I told you, we need to put a single quote in the first and the end of the IP address. Says it's a syntax error. Removed code says unknown data, middle coat. Okay. It's against is from CLI. We should put code then single caught. Like we can see how it's different from the wind box. So we should put a coat and the single quote, which will go and do print here to see the value that we've added before, the format of the IP address. So we need, so that we can see here it's only single quote. But when we sit it, we must do code and single quote. Okay? Now what do we need to do is to go to the network. And here, let me see. You will do first print. This is my network ID, it's three. So it will not sit option to FTP tool. And they will type three. The effect. Like if I did DHCP network ID number three. Okay, so it can print as the deadline of the options. So like we can see here, the option of DFT P2 is added. So that's it. Now we know how to configure the CPC ever in our micro check from the wind box. And also using the command lines. 20. Users & Groups: Changing our password is not only first-gen we need to do after installing our micro logic, but removing the admin user, which is the default user and create a new user, will be also a smart action. Because using a default user as an admin will make it easy for attackers to try to brute-force or micro logic. Roger. So this lecture will be about users and groups. What each me go to g, n is three. I will drag and drop my microcytic and Cloud. It will connect my magnetic field centered face to the Cloud. It will start my macro check. So the tusks of this lecture will be, of course, removing the admin user. Then we will create a new user. So after creating new user, we will see also they control your groups. And groups allow us to give and assign different permissions and access rights to our users. So e.g. we will create or read only user. We will create a user with read only privileges. Then we will create a custom group and assign a user to that group. Okay, now let's go and connect to our macro. Check the password is empty and they will do connect. Change my password. Coaches teaching so n, Okay, so now to configure users, we need to go to a system, then users. And from here we can see that we have only one user, which is the admin. And it's also the user that we are connected with. Okay? So if we try to remove it, like we can notice here, we cannot. Why? Because admin is the only user we have right now in our mycotic. So if we remove it, we will not be able to manage our mycotic with end-user. So it makes sense. We can let you delete it until we create a new user. So let's go and create a new user. E.g. I. Rename IT Manager. And here in the group, I would give it full access. And I will give it a password. Do Apply and Okay, now if I want to remove the admin user, I can do it. Okay? So it's logout and login using the Manager user. Perfect. We can login now with the manager user, like we can see from here. Now, we did remove the admin user and we did create our new user. One other thing that I want to see we do here is we can see here there is a parameter that says load address. So here we can set a subnet or an API that we want to allow the access from our micro logic. So e.g. if I set the IP 72.1, which is my machine IP, Let's see. It's the IPO for the adapter eight. Here it is. So by that, the only machine that have access to login using the user manager to the micro logic is my machine. It may disconnect and try to connect again. Perfect, I can. So let me change this IP here to something like a This e.g. an API that I don't have in my machine. And they will do Apply and Okay. And it's disconnected. And it's try to connect again. Like we can see it to give us an error that says wrong username or password. Why? Because we don't have right to connect to our macro check with our IP because our machine need to have the same IP that we sit in the allowed others, which is 72 point Jen. But if we did select the other is MC instead of the IP address. And we did connect. Like we can see. Now, we can connect. If we did sit here in system users, if we did sit on IP here, we will need also to disabled access from the MAC address. You need to disable this. So we can make sure that only a machine with this IP here can access our mycotic with this username here. We will see that in another lecture, we will see how to disabled access in to our mitotic via the MAC address. For now. I will just remove this. We'll do Apply. And Okay. Now let's go back to our tasks. We did remove the admin user and we did create a new user. Now let's go and create a user with read-only privileges. So first let's go to our groups. And like we can see, by default, we have 3D for two groups that we can remove. Like we can say cannot remove any of those groups. It's not removable, like we can see. We can not remove them, but we can create new groups. And like we can see, we have a full group and a red group and a right group. The group is obvious, we can only read, but what is the difference between four? And right? Here in 4D, we can see that it's all the privileges. So we're in the policies, we can see that it has all the privileges. But for the right, we can see that don't have the FTP policy and don't have the FTP privilege. Okay. So first, let me explain to you those privileges here that we have in our policies. Those are the policies. So it will start explaining the access policies like e.g. the local policy. So lockout policy give us the right to login locally via the console cable. And the telnet is give us the Access to login remotely via gene. Yet of course, the SSH or is likely to give us the access to remotely access to our mycotic using SSH. By the way, it will be better to disabled Telnet because it's not secure like SSH. The other accessor policy that we have is the web. So web give us access to remotely access to our micro logic using with fig. And the wind box policy of course gives us access to access using the web doing bookstore. So if we don't have this policy inhibited, the users assigned to that group cannot access using the inbox. And Ramone also give us the right jaw, connect to a remote server. Apa and recipe give us the right to access the router via APA. And if GP is a policy that to grant full alright, login remotely using an FTP client like FileZilla to read, write, and erase files and to transfer from and to the router. We can, if this policy enable it, we can put files using FTP in our mitotic or read files from our micro logic to our FTP client, or even delete slides. If we enable the FTP policy, we should enable we did the right policy also. Okay. To report for policy and give us access to report to the router. The red policy give us access to read the router configuration. So we can only read the configuration in our router and we can lodge, modify, or change anything in our micro logic. Moving to the right policy, the right policy give users right access to the router configuration, except the right of users management. So our user with the right access can change or the router configuration, except audience or modifying a user. If we did enable the writer policy, we showed enabled with it the red policy. Okay. Moving to the policy. Alright, so this policy gives us the privilege to manage users. So if we did enable the right policy and we want to manage users also, we need to enable the policy also, okay? Now for the test policy, it allows us to run all the diagnostic tools like ping, trace route. Then do we test and all the other diagnostic commands. Okay. And for sensitive policy, interbranch has the right to change the height password option. So we're instituting, we have this height passwords here. So if we have the sensitive right, we can hide or show our passwords. So e.g. if we did it, go here to the TPP and go to secrets, e.g. it's just create a password here. We're quickly. Okay. So like we can see the password is Haydn. We can not see it. But if we did it, go where to the sittings and disable it. Now we can see the password. Okay? This is what this policy here give us. And for sniff, it allows us to use packet sniffer tool to capture and analysis buckets. Okay, so let me go and create a new user with it. So you would create user one and we'll assign it to the red group. Would give it a password here. Now let's go and connect with that user. Here I need to type the user, User one. And connect. Perfect, where our n, we are connected with DU is on one. So e.g. if we want to check our router configuration, e.g. the interfaces addresses. So we need to go to IP addresses. And we can see here this is the IP of the ether one interface. And then we can notice we cannot add or remove or do any change in the configuration like we can see. Okay? So nothing we can do from here. So if we did it go Here, e.g. to interface. And we cannot add any interface or do anything. Okay? What we can do with the read-only user is to read the configuration. But if we did it, go here to their crops and check the red group policies. I have noticed that we have another policy which is the reward policy, like we can see. So this is give, give, this policy, give our users the right to reward our router. So I don't know about you, but for me, I don't want a user with access to storyboards, my firewall. Okay, so let me go to the groups and create a default group. And this group BY rename it red already. So this will be my custom group. This will be our final task. Okay? So the users that are assigned to that group, I want them e.g. to connect using only when books. And also with the access to local. So they can access from the console and to read only. So d have only the red option. Okay? It will create that group and first, go to our user one and try to reward our firewall. Like we can notice, our firewall is rebooted. So if we did go here and see the uptime, we can see that it just voted. So it was reported. Like we can see what it will do is able to go to users and assign my user1 to the rate only group. And they will do okay. Now let's go and try to login with our user one again, where I will disconnect. Let me login again with the user one. Perfect, I'm able to login from my inbox. Now, let's go check our configuration again. If we can change any gene or just to check our configuration and see it. It's like we can see we can not change anything from here. If we go to IP DHCP client. We can also remove our Ethan one interface from the DHCP client. Okay? We cannot even renew or release, like we can see, we are not permitted. Okay. So what I will do now is I will try to reward my router and design. We cannot report it. Okay. So like I told you, for me, you don't want a user with read-only access to re-watch the firewall, maybe we can give it that access if we want. But for me, I don't like we can see we can create a custom group and give our users custom policies and rights. Okay, Let's go and try to login from the console with that user again to see if it has access or not. Okay. We'll go ahead and login with user one. Okay, did the mistake in the user to login now and we can see, I can login. So that was our last dusk. It's creating a custom group and assign users to it. Okay. I think that I didn't tell you about the password policy. So password policy give a user the right to change his own password. So it's inhibited. And let's Apply. And Okay, and let's go back to our user. And it's disconnected. And it's connected back. Okay? Okay. So now I'm connected. Now, if I did go to system, then password. Here, you can see that I can change my own password. User1 can change his own password. So we need to type our password and then type the new password. And perfect or password is changed. Like we saw before, there are two options to change the password. The first one is liquidated or eight naught from go into system, then password. And second one to go to system users and go to our user and the password and put it from here. So let's try to do it from here. E.g. like we can notice, it says that changing password is not permitted, but we just did it from here. Why? If you remember, I told you that in order to have access to manage users, we need to have the policy axis. So we need to have this policy here enabled in order to change our password from the user manager here. Okay? Otherwise, we can just do it for, I'm going to say cin and password. Okay. So perfect. I want it to go and see how to do those tasks here from the command line login to my switch effect. First command is to check the already created users. We need to do user print. Like we can see we have the user manager and the user, user one. So to remove a user, we need to type user, remove and type the name of the user that we want to remove, e.g. user1. So if we did print again, we can see that user one is removed. Now let's add a user. So to do that, we need to use or add name and the name of the user, e.g. user one and give it a password. E.g. 123456. Don't want to do a password like me. And the other thing that we need to give to our user is to assign it to a group. You will assign it to the read only group. Okay? Look, we can see we can also do a comment to our user if we want. E.g. the comments will be read only With only user print. And like we can see, this is our comment, read-only user, and this is our user, user one. And the crop is read-only, e.g. if we want to specify what IP addresses are allowed to connect using that user to our micro logic. We can do it also, e.g. let's see how to audit after we add the user. So to do that, we need to do user. And this time we need to typeset and Others, e.g. this IP here is allowed. Now, what do we need to do is to put numbers. And the number that we need to put here is the number one. Okay? Now to check that we need to do user print, where name is user one. And like we can see, we can see here the data is, we can see the name of our user, the group, and also the address, like we can see here. Another thing that we can see is all the active users. So we need to do you as a Octave brand. Like we can notice here. We have the user manager connected using the wing box and also from the console. And we can see here when this user connected. So we can see here the date and the time also, and also the MAC address of the user. Why? Because we did connect from one box using the MAC address, the IP address. If we go back and connect using the MAC IP address, it to do that. Let's go back to the console. We can see here that we can see the user IP address. Okay, perfect. Now let's go and see grown-ups. So to check the groups, we need to do user group, print. And those are the groups that we have. Like we can notice see the customer group which is the read only. We can see the name. And here in policy we can see all the policies that we have. E.g. I. Did enable local indeed inhibit, read policy and we inbox and password. But we can see all the other policies here. And with this policy we can see before it the exclamation mark. So this exclamation mark here mean that this policy is not applied in our group. Okay? So whenever you see an exclamation mark, that means that the policy is not applied in our group. Okay? So those are the only policies that are applied in our group and those are not perfect. We can see here, there is another parameter which mean she has skin, like we can see here. We will see that after this lecture. We will talk about it. Okay, now, let's see how to remove a group. So to do that, we need to type user group, remove and type the name of the group, e.g. the read only group. Like we can see here, we cannot remove it because we already have users assigned to that group. So let's assign our user to a different group. I'll say I need to do grew up breed. And if I remember the ID is one of my group, of my user one. I mean, so I would put here number one. So now it will remove the read only group, like we can see. It did remove it without any problem. So let's do print here and no more read only group. Okay, now let's go and add our group user grew up ad. We need to give it a name, e.g. let's create over it only grew up again. And here in policy, here we give it or the policies that we want, e.g. the lockout policy. I need to type pair a comma then when Box. And he can change his own password and the red axis. Okay? And they will do under. So let's do print again. And like we can see, this is our group. Again. Those are the policies that are applied in our group. And toes are the policies that are not applied. Whenever you see like I told you again, the exclamation mark, that means that this policy is not applied in our group. Okay, So that's it for this lecture, please. If you have any questions, don't hesitate to ask me. And good luck. 21. Mac Server (Telnet - Winbox - IP Neighbor): In the users and groups lecture, when we did specify the list of IPs that can access to our micro logic using our user. You've noticed that even if our machine is not within that less of IPs, we still have access from when Box using MAC address. But today we will see how to disable it. The MAC access future using wind box is unless future that they found helpful. It's a handy tool to access our router. If e.g. the router don't have an API, or if we did accidentally kick ourselves out from the router, but we must know how to disable the access using the MAC address. Okay, so let's go and open our inbox and we can see we have omega rhotic connected to the Cloud. So we can manage it from our local machine. So let's access. Now we're in the neighbors. We can see here that we can simply connect using the MAC address. Let me remove the password and to connect. And perfect, I'm in. Okay. So perfect. Like we can see from decision, we are connected using the MAC address. So to disable when Box MAC address, we need to go to Tools. And from here we need to go to a Mac server. Like we can notice we have Mark Jin net server, MAC when Box server and the pink server. We will walk through this after. But first, let's see Mark when Box server first. So here we can see the alloy with interface list. So if we pull down the drop down menu, we can find that we have a list of all interfaces and the list of dynamic interfaces and the non nest that include no interface and static interface list. So those lists here, we can find them by going to interfaces. And here in the interface list, we go to Lists. Okay? And like we can see, there is no interface yet in the, in the list. Okay. Me go back. Okay, perfect. So to disable MAC address on all interfaces, we must select the non OK here in the interface list. And don't. Like we can see, we didn't disconnect from our current session. Okay, we still connected to the micro logic using the MAC address. So that will be applied after we did disconnect and connect again. So let's disconnect. And let's try to connect again. I will say they get the MAC address. I would type in your password. And they will connect. Like we can notice, we are not able to connect. Okay. We call notch connect to the MAC address. Is throwing again, but it will not be able to connect. Okay? It will do cancel. And they will try now to login using the IP. And perfect in now. Okay. So go back again. Then. Mac server, besides the mug when Bach server, we have also the MAC telnet server. And also we are aware that although the interface list, so the marketing that server is, that from the wind box, we can turn it to another micro logic using the MAC address only. Okay, So we need to go and throw a new micro logic. We will start it and they will access it and change the host name. I need to type a new password. So it will change its host name, okay. Sit name and they rename it Router two. Now, I will connect it to my first semi-aquatic. And if we login back again to that microchip, and we did IP. Others, nist, print. We can notice that we don't have any IP in our micro logic. So let's go back here. And to turn it by MAC address. So another micro logic, we must go to IP neighbors and their neighbors. We can see that in the interface ether three, we did discover another micro check. Here it is. And in the identity we can see that it's a router tool. So if I right-click on it, I can do Mark Twain it like we can see here. And we can see there is the login prompt. So let me try to access to it. And perfect. I'm N. It's amazing, right? For me personally, I found it a nicer future. So now let's go and disable the magnitude net from our router module. First, let me disconnect here. Okay, perfect. We are disconnected. Now I will show you how to do that from CLI command. Because here, right. Find tools like server. The MAC telnet is like the macro and book server. We need also here to choose static. Okay? So from CLI, which we have to type is tool mark, server set, unordered list, is none. The printer. Unlike we can see that although the interface list is non, need to go back. And let's try to marketing it again. Like we can see, we are not able to marketing it to the router tool anymore. Okay. Even if my credentials are correct, you cannot. Let's try for another time. And still I'm not able to connect. Okay. I think we can see disconnected. Okay. The other thing that we have here in the Mac server is the mic being Server. And here we have only enable or disable, okay, we don't have option to enable e.g. certain interfaces to be able to ping the MAC address or not. The maximum net server or the Mach when Box server. In here. We don't have this ability to choose that the interface is that we want to enable pink on it, on them using the MAC address or not. Or what we have is to enable it or to disable it. Okay. So let's keep it in a blood for both of them. And let's go back here. And let's try to ping the Mac. And look, we can see we have a response. Okay, we are now pinging the MAC address of router R2, and we have our response. Let me stop this and close. Now. Let me go and show you how to disable the pink from CLI. So from the graphical interface, it's easy like you can see, you need to go to Tools. Then Denmark server here in the Mac ping server. And all what you have to do is to disable it and press Apply. Okay? Okay, here let's try to ping again or out your toe. Like we can see we have a timeout. So let me go back here and inhibit tool max server market being enabled. And let's start it again. And now we have our response. So I will stop it and go to our router tool. So just to explain, here in wind box, I'm opening this artery here. And here in cell I am opening this rupture here, which is around Georgia. Okay, this is router tool. So let's go and disable mark pink. So again, we need to go to tool mark server and we need to go to pink. And we need to set enable it. No. The print. Now it's disabled like we can see. Its try to ping it another time. That we can notice here. We have a timeout, So we are not able to ping it. I will go back and enable the pink. Okay. It's check and pink is gone back. It will also enable back the magnitude. So he will choose all. And they would try to mocked him into it again. Perfect, I can perfectly axis so it okay. We'll do another adjustment in the lab. So I will remove this link here. And it will bring an Ethernet switch. Okay, it's the default switch of genius three. We've connected with my management Cloud. And they would connect also the ether, one of these micro logic with switch. Okay, So why I did this? I did it just to show you here in the IP neighbors list that we can also hear, specify the interfaces that we want to enable discovery on them or we want to disable it. Okay? So lucky we can see here in Ether three, we did discover our micro check, this one using the interface user three. And also using the interface user one. We did discover it also, okay. But here if we go to discovery settings or so here we have the interface list. And we can specify the list of interfaces that we want to enable IP discovery on them. Okay? So to do that, we need to go to interfaces. And here from interfaces, we need to go to interface list, the list. Here. We need to add a list so we can name it whatever name we want. For me, I will name it e.g. Mac. This is just a name. You can name it whatever name you want. Then here in the interfaces e.g. I. Will keep only interface one. Okay? Then he will go to IP neighbors and their discovery. I would choose my list. Like we can see the ether tree. Discovery is no motion when air. Like we can see the same trend when we can do here from chores. If we go to Mark server. So we're in the maximum that we can choose, our less smog. And also for Mac when, when Box we can choose our less smug. So by that, we can only turn it to all our interface if there are three and we can not use mocked in it in the other interfaces. Okay? And same thing for the Mach one box. We can only access using MAC address from my inbox. If we did select the MAC address of the ether one interface. So perfect. Now let me go back to tools, mark server and keep it all to discover it. Also able to keep it all. We hear from discovery. Like we can see, those are the protocols that we can enable. So CDP is the protocol of Cisco and it LDP is the standard protocol that we can find in all the devices, okay? And we have also MDP. So here we have the choice to disable or enable the protocol that we want to use. Do this for discovering as we want. He read okay, and should see the interface either three, okay, like we can see here, it appears again, I will go back to my router tool. And from here, which show you some commands about jewel of MCC. Okay, so first to turn led to another macro check using MAC. We have two options, either to go to IP, neighbor, then do brand, and have its MAC address from here. Okay? Or we have a tool that we can run so we can do to Mac. Scan will run it in the interface user. Three. Like we can see. We can see all the MAC addresses that we can use to generate. Okay. You look, you just stop it. So perfect. I will copy this market that is here. To tended to that MAC address from the CLI. We can type the command tool mark J net. Then we need to pass the MAC address. Like this. Perfect, We are n. From Groucho tool, We are able. Connect to our first microbiotic. Like we can see what it's me disconnect. To ping a MAC address, we simply need to type the command ping and type the MAC address. Like we can see, we are able to ping it. Now from here I to add an interface list and specify that list in the MCQ server or in the IP neighbor discovery. We need to go to Interface, then list, and add our list. So I rename it to me, give it a name, name it, although with interfaces. Now, you will need to go to a tool mark server and set. Before the wind that we need to assign an interface ID list. I almost forget this. So we need to go to interface. List, then number, then add interface. So e.g. I. Will choose the interface, either three, it will add it to the list underwood interfaces. So we need to go and do print to see. So this is our list. Now let's go and set. This list. Will choose the other would interfaces. So this is for Mac Jeanette. Now for the MacQueen box, we need to do, we need to choose when box, of course macro inbox then set the interfaces like this. So it's still print, like we can see here. And for the neighbor discovery, we need to go to IP. Neighbor need to do first print. Like we can see, we are able to discover using the ether one interface and also the ether to the interface. So let's go and specify only discovered it will be on either three interface. So we'd go to a discovery settings, then set discover interface list and choose the other would interfaces and digital print again. And like we can see, if they're one, There's no more showing here. Okay. Only if there are three. And if we did go to inbox and its try to open a new window box. We can see from here that we are not able to see our macro tech tool. Okay, Our charter here, because we're only enabled the discovery on the either three interface. So if we did go first ich mir of fresh air to see that we are not able to see it like we can see. And if I did go back here in discovery and it shows all the interfaces, and they did a refresh here, like we can see. Now we can see our auto. Okay, So if, if we know our microchip router IP and we showed for management to fix a static IP on the router, we should disable the discovery on all interfaces. So not showing in our wind Box2D. So this is another important thing that we can do to secure our router. And we will not be even able to see its MAC address to use it to connect. Okay, so that's it for this lecture. I hope that you will learn something from it, please. If you have any questions, don't hesitate to ask me and good luck. 22. Web-Skins: In the previous lecture, when we did create groups, we've noticed that there is a skin parameter that we can configure. I told you that we will see that in the next lecture, where we are basically skins allow us to limit our micro logic futures by customizing the wind box layouts. What I mean by that is e.g. when we did create a user with read only access, that user will be able to see all of our router configuration, of course, without the privilege to change in the configuration. But what if we want to specify what exactly that user can see and what he cannot hear where the skins come to create custom menus. Now, I should mention that this is not a security tool, but it's handy to change the interface from my user to another. Now let's go and see how to create skins. It will open. Gene is three. I have my and my project connected to the Cloud. So it's first interface is connected to the Cloud. To create skins, we need to do it from the fig. We can use wind box to do that. So first, let's go and see what is the IP pharmacologic. We've connected to my magnetic null IP. Others brand. Like we can see this is IP. D flag mean that it's dynamic. We got it from the DCP. You would open my browser. They will access. We pick from here. The effect. This is the way the interface of our macro check. You would enter my credentials and they will login. Now, it will go to when fig. And from the interface here, we can see a menu here that says design scan. This menu here is not available from when Box. That's why we use with fig. So let's press it. So from here we can see that we have, besides every menial, a checkmark, like we can see. We can see that there is a box that we can check. So e.g. with the user, user one, which is the Read Only user. If we want you to only see e.g. interfaces. And we don't want it e.g. to see three pp e.g. what you can do is I can uncheck it. And in the wind box, this box here we're not be shown in my user. Okay? So this is first-gen. Second thing is I can rename the menu e.g. let's rename a e.g. the wireless menial e.g. I. Don't want it to be to be named the wireless. I want it to be named Wi-Fi, e.g. okay, you can just double click under name it. Perfect. And if we press here, so this is the Wi-Fi menu. And inside the Wi-Fi menu we can see that we have Wi-Fi interfaces. We have all those tabs here. The access list, the registration, the Connect list, e.g. if I don't want my user to sit connect list, you can uncheck it also. So my user can access the Wi-Fi menu, but you will not be able to see the Connect list menu, okay? That's one. E.g. here in sub menus. If I don't want to uncheck all IP menu, I can press this arrow here to see all the other sub menus. And e.g. I. Can uncheck e.g. the menu of other races, DNS, firewall or spot. So my user can see the IP mean, you can see the ARP, the Cloud, but he cannot see the other races. Or the DNA's firewall or the hotspot. Okay. This is how we configure skin from the design scan using with fig. Again, in IP, e.g. if we go to, I don't know, four routes, e.g. or IPSec. Also here we can see inside IPSec we have some dogs, e.g. if I don't want it to see the mode configs, I can integrate also hear the effect. E.g. if I did go to the radio, same menu from here. And even if I don't see anything here, e.g. if my user want to create or add a new radius server. And you did click the button, Add New. I can control what you can see in the pop-up box and what he cannot see. E.g. if I don't want him to see the services, I can check. That and you will not be able to see the services. Okay? Or I can even go further and keep the service is shown for my user, but limited to certain services. How e.g. I. Need to go to this arrow here and press Add limit. E.g. I. Will limit my user to only PPP. So we will only see Triple P. If I want to add another service, I can just type comma and e.g. if I wanted to see DCP, you will be able to see it. And hot-spot Also, I can just adored spot like that. Let me copy this. So instead of seeing all those services, I can limit my user to see only those services. Okay? Another thing is that I can add a not in this tab here, e.g. I. Can name it customer service, but we can not see nods from one box. We can only see notes if we did connected using a Fig. Okay, Perfect. Let's go back to e.g. interfaces. Let's go to the first entry interface, e.g. we can see here the graphs of the traffic. E.g. if I did press this arrow here, I can see here that I can add this graph here to the search page. We can see that it still just pitch is added. Now, this menu here was not available in the layouts of the wave Fig. Okay, let me see status. They have, okay, Perfect. This is the graph. I can see it now from the start you send menu. I can add anything I want to this menu. E.g. let's see. Ip. E.g. these SCP client. You can add e.g. the IP address. You can add it to the stages. Of course they can name these structures. Also. E.g. I. Can name it. Dashboard. Okay, can see the graph and you can see also the IP address. The saltiest tab also can largely be seen from the wind box. We can see it only if we did connect from the weird with fig. So perfect. I think that we saw every day now we can see in customizing our skin. So after we finished our customization and we did keep only what we wanted to use them to see. We need to go here to the name and e.g. change it. I will name it read e.g. the skin I will name it read to sway can assign it to the red group. Okay. And after that, I need to press Save. To exit from the design scan mode. I need to go back to Design skin and preset, perfect, I'm out now. What we need to do now is to configure skin in our group and assign our user to that group. So which may go to a system. Users, it will go to grow up red. And here in skin, it will choose the red skin and it will do okay. Now I will go to users, user one, and I will assign it to the red group. Now, skin that we did create will be assigned to our user one. It will be applied on that user. So let's go and open When box and it's lighter, connect with our user one. Perfect, We are connected now. We can see, we cannot see the menu Triple P and the wireless is changed to Wi-Fi. We rename it here in the menu IP. We can not see other races. Okay, We can not see the menu addresses because we remove it. So this is what skins can do. So we can use it to modify the layouts of the wing box. Okay. Now one other thing that I want to tell you is if you have a new or another micro check and you'll want to apply the same scan that you just create on it, or it will retain, moisten to recreate skin again. So to apply the same skin that we just create two, e.g. in other macro effects, if you have unit just to go to files. Here in files. And we can see skins here. And this is our skin that we just created. It's the red skin. And like we can see its adjacent fight. So all what we have to do is to download this file into our computer. Okay. Let me do that. Okay, Can not done with it because I'm connected with user one, which is really the user. You have only read access. Let me disconnect and connect with user manager. Okay? Now it will download it again. Perfect. Now, in the other, or after all, what we have to do is to adjust it prudish VCG, we can use it. So e.g. let's remove it from here. And literary board, my router. And where the router is reported. That should go and check our JSON file. Let's open it. Like we can see its adjacent file, like I told you it is. So here, zero means that we will not see the menu. So Jason file, it says that the wireless sub menu, which is connect list, is zero, so we can not see it. And instead of wireless, we will name it wifi. So this is the name. So we can also change it from here if we want, which we put here, e.g. dash. Here, it will save it. Okay? And in the menu IP, in sub menu addresses also have the value zero. That means that we cannot see it also. Lets me go back and connect to my router. It is. Let's go to System users. In groups. We can see that skin here is unknown because we don't have the red skin anymore. Okay. So let's upload it. So we need to drag it to the skins, the folder. It's important to drag it to the skins further. It will go back to system. Then users here in red will choose skin, read it. We'll do Apply and Okay, I will disconnect the Koenigsberg with user1. And they will connect. The effect. Like we can see, the name is changed of Wi-Fi. Now we have Dutch here too. We can also liquor told your customer is the Jason flight as we want. So perfect. That's it for this lecture. Please. If you have any questions, don't hesitate to ask me, and good luck. 23. MikroTik Services: Hi everyone. In this lecture, we will see IP services. So IP services are the services that are running on our microchip router. And one of those services are jeanette is this H if JP and other services. So one of the first change that we need to think of when we want to secure our micro logic is to disable the unsecured and in necessary services like Gillette, as we all know, Jin net is transferring data as plain text, so it should be disabled. And beside disabling the unsecured and the unnecessary services, we need also to change the default port of the running services. And we can even go further and specify a list of IPs that can access our services. So let's go to our Z. N is three. And first, let's list all of the tasks that we will do in this lecture. So first task will be scanning our micro logic for open ports. We would use in him up for that. So we should download it and install it. The second task would be disabling the unsecured and see, sorry, services that we don't use. So by disabling the unsecured and unnecessary services, that will immediately shrinks the attack surface available to port scanners. Okay? And the third task will be changing. This is h. And when books ports, this will help with botnets that scan for default ports if your micro logic is published publicly, there is a higher risk of botnets that are scanning and searching for default ports. This can use to try to brute-force and explored our devices. Okay, so by changing the default ports, at least, that will mitigate the danger of botnets. And our last task with V, specify the list of IPs. The vertical axis using services. Okay, perfect. Now needs me drag-and-drop on my critique and Cloud. So first thing we will do is to scan our macro tick to search for open ports, okay? And to do that, we need of course to have in map installed. So let's go to our browser. And two in him up download. Go to the first URL. Here. Choose your operating system. For me, I will choose Windows. And from here, you will need to download the largest silver list. Okay? I already downloaded and installed it. So let me go and open. In map. Here it is. Here we need to put our target, which is the IP of our micro logic. So let me go and login to my micro logic will do IP address range. And we can see this is the IP of our macro check the effects. Now I will go to add them up. Hey, we'd post it here in the profile. It will choose the regular scan. And you will start. Like we can see, we have open ports. So all those green ports are open. So we have FTP, is this H, J net, HTTP, and we have the port 2000. It says here that it's a Cisco is CCP. Why? Because normally this port is used by Cisco core manager to communicate with the IP phones. But in micro logic, choose the wide the bandwidth just server, okay? And here, for this part here it says that is unknown. But we all know that this part is for when Box. Okay? So after scanning our micro tech and finding that we have those open ports. So let's go and login to omega logic and disabled all the unnecessary and unsecure ports like e.g. Telnet. Okay, so let's disable all the unnecessary services. You will open up in Box login. I need to put password. Let me make this bigger. Okay? So to check services, we need to go to IP. Then services from here. And toes are our services like we can see. Okay? So to deceive or a service like e.g. Jane it, we need to press it and press the X button here. And like we can see, now, it's disabled. So all the services that are on green are inhibited and the services that are gray are disabled. Okay, Here we'll also disable the APA services and also the HTTP service disabled it. Also, I don't want to access my microchips from the web. And I will also disabled if d p, of course. Because I don't want to use FTP to access to my omega Arctic. If I want to use it, then I will enable it. But right now I don't use it. And even if I use it, I would use it from time to time. Okay. Maybe not use FTP always. But for SSH and the inbox, you will use them to access and manage my micron check. You will get porch of them open. Now, let's go back again to the end map. And let's try to run scan again. And perfect. Like we can see now, we can only see the SSH and doing boxplot, but we still see the thousand port. We can see it here. So like I told you, it's for the bandwidth test server. So to disable it, we need to go to Tools, then the pitches server. And here we need to uncheck the enabled box. And then we can see here, this is the pot. It's allocated UDP ports form. Like we can see this is the port. Okay. So we'll do Apply and Okay, and this go back and scan again. Not perfect. Now we can only see is this H and when Box. Now let me go on to open body. Here, I will try to access my micro logic using SSH. And like we can see, I have the prompt and they can perfect CLOCSAS saw it. So Let me go back here. So we are done with scanning and we are done with the unsecured and unnecessary services. Now, we will change this is h and when boxplot, okay? So from SSH, we will double click here in the port. They will choose the port, total 0, G2. Okay? And they will do Apply and Okay. And here in the wing box port, it will just change the lowest number. So instead of one, I would choose to. And they will do Apply. And Okay, now let's go and try to access using SSH. Again. I will try to access now without changing the posterior leg, we can see we cannot access. Now let's open it again. And this time we will change the port. Port is G2, 0 to two. And it would open. Now, we can see that we can access, okay. Now let's go and just with the inbox, me logos first form here. Now like we can see, we did change the port to eight to nine. So it will disconnect. And I will try to clinics again without doing any change in the port. And like we can see, you can not connect, okay, here's the way it again, but you will not be able to connect. So I will do cancel here. And to change the port that we use to connect to our macro check, we need just to go through the IP address here and put two points. Then for to the port. Okay, this is our port which is eight to 92. And to connect and perfect, like we can see, now, we are able to access and this is the part that we did change. Make this bigger. Now let's go back to our genus three. Now, last thing we have is to specify the less of IPs that can access using our services. Let's go back to when Box IP and services. And from here, e.g. it's true. This is h. Okay? So here, available from here when we can choose what IP is all, what subnet that can access to our Omega logic using SSH, okay? I would click it. And yeah, I will e.g. choose the IP of my computer. So if I did go here and they check the emanate eight. So this is the IP. If my computer is, it seemed that it is put here. So I will only allow SSH show micro, micro check from this IP. Okay? We can do the whole network like this if we want. But for now, you will only allow my computer. It will open. Party will try to access to it. Of course I can. You can see the user prompt. So I will close this and they will go back and change the IP to two and see if I still can be accessed using SSH, okay? It would change the port. This is the port open. And like we can see, we can not access because the IP that it's allowed to access using is this. H is 0.2. Okay, perfect. This is all for the services. Now let's go and open a terminal and see how to do that from the gentleman that. So first thing, we need to do IP IP services, then print to see all of our services. And all the services that have the X flag beside them are disabled. So to enable or disable service, we need to type the command. Ip services, set numbers, and they are in the numbers. We need to put the ID of the service, e.g. ten net is zero. Then we need to put comma and other service is FTP. So I will choose one, gamma and she p, which is two. Then here it will put disabled. And we can choose from yes or no for now and we'll enable them back. And digital IP services, Brent. Okay, now there is no more x plug it to go and check the services. Like we can see there are inhibited back again. So let's go and disable them back. So this is the common, Again IP service. And then set the numbers. And we need to push the idea of each service then disabled and do so in a will do Angela, we can let yourself that all the services we've turned gray so you will be disabled. So I will press enter. And like we can see, you are disabled now. Now to change the port of a service means again to do IP service and to sit. And again numbers. E.g. is this H here? We'll choose three. Then we need to put port. Now a report that there is this H port to the default port, which is 22. And they will do Enter. And there we go. We can see that it's changed. Now the last thing I will say we do is to specify the list of IPs that can access using that service. So here we need to type others and choose the IP addresses that can access using the service. So I would sit the whole subnet like this. And we can see that it's changed. Now let's go and try to. This is H to it. The port is the default port, so I will keep it like it is and they will do open. And like we can see now, I can. So please enable the old others with caution. Okay. The available from we need to enable it with caution because you might kick yourself out of your micro check. So please be sure of the IP address that you did pause here before applying the change. Okay. So that's it for the services. This was just a little demonstration of how to hardening or microtia culture. So if you follow the steps that I did by disabling all the unnecessary and the unsecured services and change the default port of the service that are active and even do chores, delays of IPs that can access using your service. By doing that, at least you will mitigate the attacks to your micro logic and the way that you will do some hardening to omega logic. Okay? So this is it, please, if you have any questions, don't hesitate to ask me and good luck. 24. MikroTik License: Our microchip router come with a pre-installed router always license, and this license last forever. However, there are other licenses for our router always. First, let's login to our macro, check and check our current license, which is the default one that come with our router to go to inbox. And let's login to our router. Now to check the license, we need to go to System and license. And from here, we can see that the level of our license is free. So this menu here differ between router and between the router board. Okay? So in router board, this is how the mineral looks like. We can see here that we have a software id and the serial number, then we have 11. And like we can see, this router here is in level six, which is largest level. Like we can see, all the menus here are different, okay. So the levels of our router differ also from the router Board license levels. So e.g. in switch or router, we have three levels. Of course, the free one doesn't count because it come pre-installed by default. The three lovers are the P in limited and the P0 and P1. For outer world, it's six levels. We have the trial mode, the free demo, the ways for level three to five, and controller and level six. And other difference between stage our lessons and the router Board license is that search our lessons, control the speed limits of our router interfaces. While in the router board licensed control and limit our outer futures. So to know more about a license, we need to go to the microbiotic Wiki. So let's open up a browser and type router OS license. It will go to the manual one of micro check. So let's go to the first URL. And from here we can see we have router war and CSR license. So let's scroll down. So to check decision, our lessons, we need to go to this menu here. So let's go to it. And it's a compare between the router board licenses and the sewage or licenses. So it's scroll down. We can see here we have three levels. The first one is gone, pre-installed in our router, and speed limit of our interfaces will be 1 mb. And the price is free. It's free to have one gigabytes. We need to install the P1 license and it cost $45. Okay? Then we have the piton, which stands for change gigabytes. And of course we have the P in limited, which would give us a limited traffic that can pass through it, our interfaces. This license cost 250 is not allowed. Once we install the license, it lasts forever. So it's onetime installation. We don't have to purchase it every time. One other thing is before it progresses into the license, we can have 60 day free trial. It's available for all the paid licensed levels. We can see. This is for our lessons. Like I told you, it's control and speed limit of the traffic in our micro logic. Now for the micro take that and run router always in the router board. We have, like I told you, six levels. The first one is the trial mode. It's free, like we can see that mode give us only one day to try those future their neck. We can see the free demo require only a registration. So we need to register in microsoft.com. We need to register here. So only by registering here and assign in our account to the router, we can have the free demo, okay, with freedom or we will not be able to use our algebra as a wireless access point, okay? And we can not use it also. For those routing protocols, okay? And we are limited for only one iterate over IP and one Triple P over Ethernet to hundreds or so. We cannot use in your largest clients. And only one user can connect using the hot spot. Okay? So this is the limitation of the free demo. Then we have the west. Okay? This is lesson study I told you we have from the level three to five, this license also come pre-installed in our routers. And last lessons we have is the controller. And like we can see, the maximum cost of all the licenses is $250. Same 3.4 are this is the max of the cost of the license. And this license, we can see that we have unlimited users of all those features. Now, if you want to know what is the pre-installed license that your router half before you purchase it, you can go to microsoft.com and go to a hardware. And let's say e.g. that you'll want to buy e.g. the x, right? Scroll down. So here in the specifications, if we scroll down, we can find here a router always license. And it says that it's four. Okay. So by that, you know, what's the license you have? So e.g. if you find that your router or S will be licensed for, you can go to the manual and check the license for and you will not have to pay for it because it's come pre-installed in your router so that you will know that your router have wireless and can do bridge. I've limited number of eternity over IP, generous. And can have 200 users connected to the old spot at the same time. And can also have maximum of 20 admin users connected at same time or so. So perfect. No. You need to know when you have to e.g. a. Parade, you're licensed from the current default lessons that you have. Another license. Okay? Because like we can see on the next slide, come only with the four license. And there are some rogers.com with delivered six pre-installed on them without the need to purchase it. Okay. So e.g. if we did go back to the microchip router here in hardware, e.g. let's search for Sx Gy, e.g. this router here. In specifications, we can see that the router always license is three. And if we go back to the Minoan, we can see that the lessons three, support only e.g. one client that can be connected to Wi-Fi. So only one client can use wireless to connect to our router. But you'll find yourself need more clients to connect to your router. In this case, you will need to upgrade e.g. at least to deliver for you. We'll go and see an example on how to integrate our license. We will use e.g. are licensed. Like I told you, the free license in CSR support only 1 mb. Okay? It's just that I will bring up a browser. Okay? I will eat digit and it will enable DHCP so my browser can get the Cp. Others. They were connected in the interface, either three. Okay. I will go back to my wind box and go to IP address and give that interface and IP. So what I'm trying to do is to give the interface an API and to create a DHCP server to give my browser on a per address. Then I will navigate to chested speed of the Internet in this browser. And you will see what is the outcome of the spit test. Okay? Perfect. I will choose here the ether three Apply and OK, it will go to IP, DHCP server, and they will go to the CPE setup. And they will choose ether three, and they will go next, next, next, next next. Next and perfect. Now I will go and start my browser. Let's open it. Perfect. Now we need to go here and open a terminal. And take we can see it, see if we have an IP. Perfect, we have an API. And this try to ping our gateway. And perfect we can ping our micro-technology. But let's try to ping Internet. So we can not bring Internet. What do we need to do is to add a policy to allow Internet access to our browser. By default, our micro-technology come without any rules. So if we did it go to IP firewall, we can see here that we don't have any further roads here or any nut role. We will talk and go deep in the filter roads and not roars in a wall section in the coming lectures. But for now, like we can see, there is no role. So by default, our router or low, or the traffic from anywhere to anywhere we can see. So it will keep it like that. I will not touch to filter roles. What they need to do is draw a donut. So every door plus and the type of nut that will allow me to have Internet access is the source node and it will keep all this. By default, I will not touch anything. I will go to action. And your induction. They will choose muscular read. Okay, again, I will explain all that and go deep in a wall section that talks about firewalls and not roads. For now, we will do just this. And go back to our browser. And pink again. And perfect, like we can see now we have internet access. So let me close this and go to speed just those pages. And look, we can see we can lodge, even nourish 1 mb. We close this and it will go on deeper grade my license. So we're in our lessons. I will integrate to the P1. That's really gives me one gigabit. I will it be great just for the 60 day free trial. Now, like I told you, of course, we need to have an account in microsoft.com, which I already have. This is my account. Now if you do the upgrade, we need to go to your inbox and we need to go to cis and then license. And here we need to press renewal license. Okay. So the same chain in the router reward. If we don't, if we want to upgrade our license, we need to press this button here that says if a grade. But like we can see this router already largest level, which is level six. So if you have a lower level and you want to upgrade, you will need to go here. Okay. So let me go back to my wind box. So here I will press renewal license. And here we need to type our account, email, and password. After that, we need to select the level that we want to immigrate to. I will choose, like I told you, just P1. And they will start. Perfect. Like we can see, it's done. It will close. Now remember, this is same ID. Okay, let's go back to our account. And they are in our account. It will scroll down to our licenses. And here I would press or CSR keys. Here, like we can see, this is my system ID and this is the license level that AD trues. And like we can see, I have 60 day of trial. After that. I have to upgrade. So we're in the auction. We chose it per grade. We can see the lessons that we want to immigrate to. The cost of the license. Okay. Let's go back to go to system. System then. License. Like we can see, our license level is changed now to P1. So perfect. And the router board, you might have to report the router to see the level, change it and applied. So now let's go back to our browser and let's run another test, which may refresh here. And now it's run the test. And like we can see, we've almost get 64 mb. It's up to 66.7 mb, like we can see. And upload is up to 4.5 megabyte. We can see, okay, now in speeches, we can get more than 1 mb. Just buy it for grading our license. So that's it for the license levers of the router OS. Please. If you have any questions, don't hesitate to ask me and good luck. 25. Bridge Interface: Like we all know in routers, each port, one broadcast domain. By default, router don't pass broadcast traffic between interfaces by the devices connected to different ports are separated from each other. However, with Virgin, we can grow up e.g. two interfaces by putting them into our virtual and G2 phase called Bridge. So our interfaces will be able to switch traffic effectively. So they will operate in same broadcast domain. We can think of a bridge interface as a switch, because at this point, the microcytic interfaces will behave like a switch ports. So let's see a picture for a better understanding. This is our picture. So here we have our macro tech tools are our macro tick ports. So the bridge is grouping tool or more interfaces into a virtual interface called Bridge. So e.g. we have drawbridges here. We have bridge one containing two interfaces into phase 2.3 and we have interface 4.5 in bridge Joel. And we can see each bridge has its own subnet. We can see e.g. if we did block computer in part two, which will be in subnet, this one of the bridge one in this subnet. And also if we did put another device in port three or so, it will be in same subnet as the first computer. Devices connected to port two and port three will be able to communicate with each other. And you will be in same subnet, meaning that they will be in same broadcast domain. In other hand, devices in bridge tool, which they will be connected to port four and port five. We'd be in a different subnet. And tools devices. Air will be able to communicate with each other, and D will be also in same broadcast domain. Okay, perfect. Now let's go to our gene is three. And let's see how to create a region to FaZe first, which may drag and drop my micro check. I will drag also two VPCs. And of course, cloud for the management. Mean. Plug my first PC to the interface, e.g. five, and the other PC to the interface six. First interface on my democratic will be connected to Ethernet, one of the Cloud. I will start my mic Arctic. They will start with two VPCs or zone. Okay? So what we will do is to put our ether 5.6 interfaces into one bridge. So those two ports here will be assigned to a virtual interface that we will call it a land bridge. Okay? And solving it, the bridge would be e.g. 10.0 slash 24. So this is our LAN network. Now I will go to my inbox and connect to my micro logic. I will change my password. They affect me, make this bigger. Now to create a bridge, we need to go here to bridge. And here in Bridge we need to press the plus sign and then our bridge interface. So I will name it LAN bridge. Okay? And that's all that we will do. We will do apply. Like we can notice, our bridge is created. And from here we can watch a parameter is called fast-forward. It's inhibited by default. So fast-forward means that packets passing through our land bridge will be forwarded faster, but that will be under some special conditions that we can check on the micro check wiki page. So it's open a browser. Me go global. And its type. Micro logic. Wiki bridge. Okay, Let's scroll down to fast-forward. And from here we can see the conditions that must be limited in order for fast-forward to forward packets fast. Like we can see. So the first one is, of course, just sit fast-forward two years, which is by default, enable it. Then bridge must have only chore on imports and bolts. Bridgeport most support first part. Okay. So you can read the required of a fast-forward to be able to forward packets faster. Let me go back to when books, like I've told you, we did press the plus sign. We named our bridge and we will do. Okay. That's all what we need to do here. In the second chain that we have to do is to assign ports to the land bridge. So let me go to ports. Here. I will press the plus sign. And here in Bridge we can see that our line bridge is already selected. Here in the interface. I would put my ether five interface and they will do apply. Then I will do a copy and choose six interface, and it will do, okay. And we can see that the two interfaces, these are 5.6, are both assigned to the land bridge. And here also I need to explain another useful parameter, which is hardware of load. And it is also enabled by default this future here we have it since the version 6.41, which allow us to use the voyage n switch ship to forward packets Dutch port. Let's stress on CPU. So forwarding traffic will not be decided by the CPU. It will be handled by a switch ship directly, which is a good ten. Okay, we'll do now. And like we can see, we did create a bridge. We did assign the ports to the bridge. Now what I will do is it will do create a DHCP server. So my two pieces here can talk on IP address from my mycotic. So there is a short V that PC1 and PC2 tokens IP from same subnet, even if each of them connected to a different port. Okay, so let's go to the inbox. And of course, first thing we need to do is to assign an IP address to the interface that we want it to serve as a DHCP server. Let's me go to IP addresses. And we'll press the plus sign. And others of course, is one slash 24. So we are in interface. Sure they select either five or eight or six more land bridge. So I should select none bridge. Why? Because ether five and intersects our group ID in Milan bridge. Okay? So my land bridge is a virtual interface that's containing the two interfaces with or five and intersects the Apply. And Okay, then it will go to eight DCP server. And they will do it quickly using the TCP setup. We will choose here non bridge. Also enable do next, next, next, next, next, next, and okay, perfect. Now let's go to PC1. Ask for life be from DCP. Perfect, our computer token API. And it is. So let's go to the second PC. Let's ask for an API. Like we can see. Both of them talk and IP from same subnet. So you can communicate between them. So let's try to ping from PC2, PC1. Pointer to 154. I forgot the pink. Okay. Unlike we can see, we can ping. And let's try to do that from the other side. Perfect. We can also think from the other slide. So my tool, VCs are insane. The subnet because they are connected to same virgin and G2 phase, which is bridge, land bridge, which is lumbar image. Even if they are connected to different interfaces. If they're 5.6. But eventually they are going to the land bridge. Okay, let's see how to do that from the common lines. So let's see how to create a bridge. Maybe login. Now to create a bridge, we need to go interface bridge, then add and give it a name. Name it, lung, tool and type enter. The second thing is assigned until faces to Dutch bridge. Interface, bridge ports. Then add. And what we do interface, e.g. ether, e.g. is 3.4. And here the bridge that we want to assign those to watch your faces is one tool. We can not type joint surfaces at once. We can do it using an interface list. It's not a problem. We will do it one by one. Okay, perfect. So now let's do for interior. Like we can see, 5.4 are assigned to launch or bridge. If we did interface bridge branch, we can see our village would see is lawn tool. And like we can see, a flag here means that anterior phases are not active because they are not connected to anything yet. Like we can see. Okay, perfect. This is how to create a bridge and assign ports to the bridge from CLI. And we did see that from the wind box also. So here we did create from the bridge, and here we didn't assign the bird interfaces to the bridge. We can see here. So you can, nick, I told you use the bridge interface to connect two devices in different ports, but still be in same subnet. Or you can even use the bridge as a redundant interface. So you can e.g. connect the F35 interface to a switch and connected ether six interface to another switch. And the port switches can be connected to another switch to guarantee redundancy. So let's see how to do that. Let me delete. This really removed second PC or xl. Now I will drag to ethernet switches. The switches are a genius three switches. So I will not do the ragged, the Cisco switch that we did create in the lab setup. I will just drag the simple switches off genes three. Okay? It will draw three switches. So e.g. this one, I will name it core switch. There are also three VPCs. Now, I can connect. Which one would you survive? And Ms, which tool with this or six mice, which one will be connected to my core switch. And switch to can be also connected to my switch. Let's throw up this like that. And let's connect VPCs. Start my VPCs. Now, I will connect to me VPCs. And they will ask for the CP. We can notice we have only be in my, in our first VPC. And we've got an API also in our second VPC and also in our third VPC. So I will try to bring our gateway, which is 0.1. I will do that. All our three VPCs will do a long pink. So it's a continuous ping. I will do it in all the VPCs. Like we can see, all of them are being in. Now what we will do is to delete one of the switches. Okay, Let's go back to our VPCs. Like we can notice, there are still able to ping. Okay? So this is another use of bridge interface is to use it as our redundant interface. So in case one of the switches are one of the links or one of the router interfaces, damage it or have a problem on, then we can guarantee that we can still connect to our network. Okay? So that's it for this lecture. Please. If you have any questions, don't hesitate to ask me, and good luck. 26. Vlans Part1: In this lecture, we will see how to configure villains. But first, we need to know what our villain, villain stand for. Virtually alone. It's known as h 02.1 Q standard. It allows us to divide our network into many subnetworks. Each VLAN is a separated broadcast domain, meaning that the voices on each VLAN or insulated from each other. Now I will go to genius three, and let's draw our topology that we will work on. So from here, I will drag a Cisco switch that we did import when we set up our labs. Will drive. Micro logic, will derive not. They were drug to VPCs fixed. So this will be the first scenario of creating valence. There are many different ways to create villains in a numerical Arctic coral job. We will see one of them right now, which is the traditional way, is why creating villains in the micro logic and put link between switch and the micro logic and make it a trunk port. So the interface between the micro-technology and the switch will be track. Then from our switch we will do the access port. So the valence from our micro textured switch will be at Target and the valence from it switch to the PCs will be intact. Okay? So this is what we will see in this lecture and in the next lectures, we will see the other methods that we can do to create villains in micro logic. Okay, so now let's go and connect. Devices. Normally would not want to link it to fit us into phase. We didn't get to ether tool. And the first interface should be connected to the not. I should not deriving, not need to drag the Cloud. So you can access my micro logic from my local machine. Okay? It's for management. Will connect first interface, user one, the Cloud. It will start my maker rhotic and a restart or the switch. So here, like I told you, this link will be drank and drank mean. That will be again. So all villains will be targeted. And here would be intact, which is axis. Okay? We will create two valence. We will create a veil on ten. Subnet or volunteering will be ten log 1,010.10, 0.0 slash 24. So this is subnet. Other villain is 20, and this subnet will be ten, not ten, not 20.0 slash 24. Those are two valence. So the task is that we will do in this lecture are creating lines on my Karadzic, then creating the valence on switch. So after we created the valence on the micro check, we will assign IP addresses to the valence. Then we will create the CP servers on valence. Then we will create the valence on switch and we will assign switch interface is the valence. This interface here will be unfilled on ten. This interface will be accessed on villain. So this is our topology. And toes are the tasks that we would see in this lecture. Okay? Again, the link between the micro tech and switch will be drank. And the venules that we will create will be assigned to the interface if they're too. And the way that it will be a trunk interface, then we would put this anterior face on Lexis mode. Vlan ten and other antigen phase will be accessed of will on Tuesday. Then we will create DHCP server. And we will see if our VPC one with token API in villain ten, and if procedural will have an IP in VLAN 20, okay? So first I will start with the micro low-tech me login to the it changed the password. Now, to create a VLAN, we need to go to interfaces. And from here we can press the plus sign and other villain from here. Or we can go to villain Bob here and press the plus sign and create our villain. I will start by creating the first villain. Villain tin. Rename it to VLAN ten. You can name it any name you want. The name is just to know what this villain is for. The important chain is the VLAN ID, where we should put ten. So this is the target that we will be in our pockets. Okay? You will be targeted by the ID. So here in the interface, we need to choose two. And we will do apply. And just waited. Our ether to interface. Now is a drink and your face. Okay? So I will do a copy and they will create a villain tweening. Now, the id is interface is if they're sure, of course it will do Apply. And Okay, then AKI and perfect, our villains are created. Let's go to the interface. Here we can see that they all belong to the ether to interface, which is not a direct port perfect node. Second task we have is to assign IP addresses to the valence. So let's go to IP addresses. Then. Let's add another is to the valence ten. Okay, Here we should select VLAN ten. Maybe we'll do apply and copy. Here I will choose villain tuning and they will change the IP. Apply, okay? Okay, Perfect. We did assign IP addresses to the true villains. Now let's go and create a DHCP server. I will use the TCP setup. Here. I will choose virulent n. Next. Next, it will keep everything as default. I need to choose these CPE setup. Here, villain to10, next, next, next, next, next, next. And okay, so perfect. We are done with configuration in the micro check. So now let's go to the switch. Here we need to type the command enable, then configure terminal. And to create a villain in a Cisco switch, we need to type the command villain ten. We can name it a name if we want. So I recreated the other villain. Now I will type the command N to go back. Okay? So here I will type the command show IP interface brief to see my interfaces. So from here we can see that our gigabyte, ethernet zero is up and our gigabytes zero slash one and slush jaw are also up. So if we go here, I connect my first interface to the micro check. This first interface is this one here. And second interface, which is Ethernet one, is Gigabit Ethernet zero slash one. And this interface is this one. So this interface should be a trunk interface because it's connected directly to the micro logic. And those two interfaces should be Alexis interfaces. Okay, so let's go and do that. We'll type interface zero slash zero. Okay, I will go switch port, trunk encapsulation. D21 queue. And they will go switch port mode. Drag. Perfect. Now my interface is a trunk interface. Now I will go to the interface giga, zero slash one will put it as Alexis interface. So I will do switch port mode access. This interface is access VLAN ten. Now I will go to the second interface. It's also Alexis interface. And it's accessed on villain to one. Okay. Now I will do and, and let's check our configuration. I will do show VLAN brief. And from here I can see that volunteering is assigned to Jacob. And Jacob is accessed on villain 20. And if I did show interface zero slash zero drag, I can see that the mode is on. Status, is drunken. So my interface is a trunk interface. And those are the villains that are allowed in this drug. So this interface will pass villain 1020 and villain one by default in Cisco switch, VLAN one is the native VLAN on. Okay, perfect. Now we need to test. So let's start our PCs. Okay? You will access both of them. So this one here, short token API from this subnet here, and second position token API from the villain to10. Okay? Now I will do DHCP dash d. Like we can see our PC token API from the villain ten. Now let's go to the second B, C, and D, CP dash d. And perfect, we talk on IP from the village weenie. So let's try to ping our gateway. And we can linkage perfectly. Let's just from other PC. And we can also pink. That's good. So this is how to create villains in the micro tick. So to summarize, we need to link our microbiotic router switch, switch, switch interface that is connected to the microtome should be a drunk maturity phase. We need to create our valence in switch and put the interfaces on Lexis mode and assign the valence in the appropriate interfaces. So e.g. valence band should be access in this entry interface and villain to any shortly be accessed in the villain, in this interface. And distinct here because it's trying. It allows all the villains. And each bucket will have a tag that says from which villain is sent from. Switch. Can know how to switch packets. The packets that is sent with the tag ten, should it be switched to this interface? And the packet that is centered from the micro check with the tie between each, should we switch it to this interface? Okay, So this is it for this lecture. I will see you in the next lectures, please. If you have any questions, don't hesitate to ask me, and good luck. 27. Vlans Part2: Like I told you, there are many ways and there are many configurations that we can do with violence in our macro check. So let me go back to GNS3 to see our topology that we did work on in the previous lecture. So in this scenario, we have our micro logic interface or more drank. And then we use a switch to put our PCs or access mode for valence. E.g. villain tin is axis on this interface and if you're launching is axis in this interface. So let's go and check a picture here. So this is the topology that we did work on. This is the exact topology that we have here in our genius three projects where we have our micro-technology and we have to V lands that are tagged in this link between the router and switch. Then we have HV line of those inside on the switch ports, e.g. villa annuity is intact in this port, and Ville on 20 is intact in this scenario that we will work on in this lecture is that we will use our microchip router to intake Valence. Okay? So the first thing I will do is to remove and switch. It will stop it, and I will remove it. Then it will drag another switch, I mean another macro check. Okay? So I will stop this with a micro logic also to rename it. So we named this micro check R1, which will be our outer one. This will be the router to the way that we will not to be confused between our arches. Okay. I will remove this link here. Any two connected mature micro optics to the Cloud Management Suite can access to them from wind box, from my local machine. We need also an Ethernet switch to do that. It's the genius three Ethernet switch. Perfect. So first interface connected to the switch. And other first interface will be connected to the switch. And switch will be connected to the management globe. It's connected to the Cloud. No. Perfect. Now, I will connect my first B, c, through the ether. Five of the second macro tick and the other PC to the ether six. The PC. It will start my trauma cortex. I will connect also, may draw my cortex directly. So ether tool of this micro logic will be connected to the ether. Two of these, Roger, I believe that I did created villains and assign them to the ether tool interface in the previous lecture, I will check again. So we will connect to the microtubule, will do abdomen, and I will connect. The first thing I will do is to change the name of the router, like I told you, so I can quantify it. And a will not be confused between the chore I'll choose. So system identity, set name, and rename it R1. Then we'll will go and check the finance. So I will do interface finance, print. And yes, I did create the ether interface. So this interface between the chore objects will be drank. And here in this option here, this part here will be mode drag, so the villains will be a target. Then I will do in tag them in those interfaces here. So I will use my mycotic this time to interact villain, and they will not use a switch. Okay. So lets me connect to the other router and give it the name and change his password. We changed the password first. Then it will do system. I don't hitting set name. And they renamed meter are too perfect. Now I will connect to the. When box, like we can see, this is our outer one, so it will connect to it. So from here we will do in our first semi-aquatic, because it's a perfectly configured. So we have the villains in the ether jaw interface. We have IP addresses. In the two villains interfaces. We have DCP server in the two valence. Okay? So this is the configuration that we did in the first lecture. We will touch notching in our first micro check. The configuration will be in second or micro check. Okay. So let me go and connect to the second Roger. Okay. Now here in this mycotic, I need to create also the valence here. So it will go to the interface. Then you will add them from here. Will create villain tin. The ID is ten. Interface is, if they're true, we'll do apply and copy will create a second interface, which is the fill onto tweening. And also in the interface ether tool, you will do Apply and Okay. And Okay, yeah. So perfect. This is what I need to do. So by that, the first sip of configuration, which is tagging the port, is done by creating the two violas. This portrait is virtual now, become a trunk port. Now, integ villains. In the microchip interfaces, we need to create a bridge interface and add the interface and the villain that we want to be intact in this anterior face in same bridge interface. So e.g. if we want to integrate volunteering in this interface, we need e.g. to create bridge. And this bridge Jane will have the villain ten assigned to it and also the ether five interface or assigned to that bridge. So by that villain tin would be intact in ether five interface. Okay? And we need to do the same thing for the villain twinning in the ether six interface. So let's go to our necrotic and go to a bridge. And let's create our first bridge. And we name it a bridge ten. Okay? And it will do apply, will copy and create second bridge. So now I have my tool bridges. So each villains should have a bridge, okay? If we have three villains, we short create three bridges and so on. So now let's go to the ports and assign our ports, so our bridges. So here in Bridge ten, hey, we'll assign, these are five. It will do apply, then copy. And they will also an orthotic Vaillant in. And they will do Apply. And OK. Then OK. And like we can see here, we have the bridge chain and we have the villain tin and youth are five assigned to that bridge. Now let's do the same thing for the villain 20 and the interface. If there are six, this is V launch. We need, I will choose bridge to rename. It, would copy it. And they will choose interface either six, it will do. Okay, and Okay, and that's it. Now let's go back to our PCs. You would connect to the other PC or so. I will do show Ip. Like we can see our VPC already have an API. So let's try to renew it. Like we can see, we did have an API. Again. We did renew the IP address of our PC. So let's try to do the same thing. In the other PC. This is IP that you have. I will do DHCP dash d. And let's try to ping from our PC. So we will try to ping from this PC here, the villain in this router here, okay, we will pass throughout this region here. So the villain from here to here will be intact. Then we will reach our channel here. The villain will be a target. So the packets will be attached to this lecture. Okay, so let's try to pink. Then dot, dot. Not one. Perfect. We can ping it. Now, you will do a show IP and the other PC will show IP and design. What I will do is I will drag this one here to veal Antonioni. And this interface here will be in target in volunteering. So let's go and do that. And we'll go here. And you will choose this sign intersex. He will do okay. Okay, It's already saving need to remove it from here. First. Remove the two of them. Then let's create again the port. So if there are six will be now in targeted, in the villain, ten. We'll copy this. And they will choose now belong to many, and it will add to it if they're five. Let's check our configuration. So either six is now intact in VLAN ten and ether five is now intact in phalange when that's what we have here. So let's try to renew our DCP. And now we should talk on API from the field on twinning in this PC. And that's it. This is the case. Like we can notice the IP of our PC is changed to ten, or ten, or ten or 20, which is from philanthropy. And before it was from villain Jen. It's the same thing here. Perfect. Now let's bring another VPC and let's connect it to the micro-technology. We'll connect it to the ether for interface. We see here also can be intact. So this is just another test to confirm the configuration. So we can integrate more than one interface into Vaillant. E.g. bridge ten, I will assign also the ether for interface. You will do Apply and Okay. Like we can see, our ears are foreign to phase is now the Volante and intact on it. So let's go to the VPC and access to it. Though, the CP dash d. Perfect, We've got an IP. So let's try to ping the other VPC. Believe that this is the IP or not. It's a 252. Okay. Perfect, I can ping it. This is it for this lecture. Now we know how to use our microtechnology to tag and integ villain. Okay, so that was the aim of this lecture. See you in the next lecture, please. If you have any questions, don't hesitate to ask me, and good luck.