10 Advanced Topics in MikroTik Certified Routing Engineer (MTCRE)

1. Advanced Firewall Configuration

Advanced Firewall Configuration involves setting up complex rules and policies to manage network traffic efficiently. Key concepts include:

• NAT Rules: Network Address Translation rules to modify IP addresses in packets.
• Filter Rules: Rules to allow or deny traffic based on various criteria.
• Mangle Rules: Rules to modify packet headers for specific purposes.

For example, you can create a NAT rule to forward traffic from a specific IP address to a different IP address. Filter rules can be used to block traffic from certain IP ranges, while mangle rules can modify DSCP values to prioritize traffic.

Think of firewall rules as bouncers at a club who check IDs and allow or deny entry based on specific criteria.

2. Advanced Routing Protocols

Advanced Routing Protocols involve configuring complex routing algorithms to manage network traffic. Key concepts include:

• OSPF: Open Shortest Path First, a link-state routing protocol.
• BGP: Border Gateway Protocol, used for routing between different autonomous systems.
• EIGRP: Enhanced Interior Gateway Routing Protocol, a Cisco-proprietary protocol.

For example, OSPF can be configured to dynamically update routing tables based on network changes. BGP is used to manage traffic between different networks, while EIGRP provides fast convergence and efficient routing.

Think of routing protocols as traffic managers who decide the best routes for cars (data packets) to reach their destinations.

3. Advanced QoS Configuration

Advanced QoS Configuration involves setting up complex Quality of Service rules to prioritize network traffic. Key concepts include:

• Class-Based Queuing: Creating different classes of traffic and applying specific rules to each class.
• Policing and Shaping: Controlling the rate of traffic to ensure bandwidth is used efficiently.
• Marking: Tagging packets with DSCP values to prioritize traffic.

For example, you can create a class for VoIP traffic and prioritize it over other types of traffic. Policing can be used to limit the rate of traffic from certain sources, while marking ensures that critical traffic is given priority.

Think of QoS as a VIP lane at an airport where important passengers (critical traffic) are given priority.

4. Advanced VLAN Configuration

Advanced VLAN Configuration involves setting up complex Virtual LANs to segment network traffic. Key concepts include:

• Trunking: Allowing multiple VLANs to pass through a single link.
• VLAN Routing: Routing traffic between different VLANs.
• VLAN Tagging: Tagging packets to identify which VLAN they belong to.

For example, you can create a VLAN for each department in a corporate network and route traffic between them. Trunking allows multiple VLANs to share a single link, while tagging ensures that packets are routed correctly.

Think of VLANs as separate floors in a building where each floor (VLAN) has its own network.

5. Advanced VPN Configuration

Advanced VPN Configuration involves setting up complex Virtual Private Networks to secure remote access. Key concepts include:

• IPsec: A protocol suite for securing IP communications by authenticating and encrypting each IP packet.
• SSL VPN: A VPN that uses the Secure Sockets Layer protocol to provide secure access.
• L2TP: Layer 2 Tunneling Protocol, a protocol used to support VPNs.

For example, you can configure an IPsec VPN to secure traffic between two offices. SSL VPNs can be used to provide secure access for remote users, while L2TP can be used to create VPNs that support legacy devices.

Think of VPNs as secure tunnels that protect data as it travels between different locations.

6. Advanced Wireless Configuration

Advanced Wireless Configuration involves setting up complex wireless networks to manage network traffic. Key concepts include:

• WDS: Wireless Distribution System, used to connect multiple wireless access points.
• Mesh Networks: A network where each node relays data for the network.
• Band Steering: Steering clients to the best available wireless band.

For example, you can configure a WDS to connect multiple access points in a large building. Mesh networks can be used to create flexible wireless networks, while band steering ensures that clients use the best available wireless band.

Think of wireless networks as a spider web where each node (access point) connects to the others to create a large network.

7. Advanced DHCP Configuration

Advanced DHCP Configuration involves setting up complex Dynamic Host Configuration Protocol servers to manage IP address allocation. Key concepts include:

• Lease Time: The duration for which an IP address is assigned to a device.
• Reservations: Assigning specific IP addresses to specific devices.
• Relay Agents: Forwarding DHCP requests between subnets.

For example, you can configure a DHCP server to assign IP addresses with a specific lease time. Reservations can be used to ensure that specific devices always receive the same IP address, while relay agents can forward DHCP requests between different subnets.

Think of DHCP as a traffic cop who assigns parking spots (IP addresses) to cars (devices) as they enter a parking lot.

8. Advanced SNMP Configuration

Advanced SNMP Configuration involves setting up complex Simple Network Management Protocol servers to monitor network devices. Key concepts include:

• Traps: Notifications sent by devices to inform the SNMP manager of specific events.
• MIBs: Management Information Bases, which define the objects that can be managed using SNMP.
• Polling: Regularly querying devices for status information.

For example, you can configure an SNMP server to receive traps when a device goes offline. MIBs define the objects that can be monitored, while polling ensures that the SNMP manager regularly checks the status of devices.

Think of SNMP as a security guard who regularly checks the status of doors (devices) and reports any issues.

9. Advanced Traffic Shaping

Advanced Traffic Shaping involves setting up complex rules to control the rate of traffic sent or received on a network interface. Key concepts include:

• Rate Limits: Limiting the amount of traffic that can be sent or received.
• Queues: Organizing traffic into different queues based on priority.
• Scheduling: Determining the order in which traffic is sent.

For example, you can configure rate limits to prevent a single user from consuming all the bandwidth. Queues can be used to prioritize critical traffic, while scheduling ensures that traffic is sent in the correct order.

Think of traffic shaping as a traffic cop who directs cars (data packets) to different lanes based on their priority.

10. Advanced Security Configuration

Advanced Security Configuration involves setting up complex security measures to protect network devices. Key concepts include:

• Access Lists: Rules to control access to network resources.
• Intrusion Detection: Monitoring network traffic for suspicious activity.
• Encryption: Encrypting data to protect it from unauthorized access.

For example, you can configure access lists to restrict access to certain network resources. Intrusion detection can be used to monitor for suspicious activity, while encryption ensures that data is protected in transit.

Think of security configuration as a fortress with guards (access lists), alarms (intrusion detection), and vaults (encryption) to protect valuable assets (data).