MikroTik Training Centers (MTC) are separate entities (companies or individuals) conducting intensive public or private training sessions and certification tests according to the official MikroTik Training Outline. MTC's are not affiliated with each other and with MikroTik in any form. They use their own training materials and bear sole responsibility for the training sessions offered. Please contact the MikroTik Training Centers directly regarding their offers.

MikroTik training sessions are organized and provided by MikroTik Training Centers at various locations around the World. They are attended by network engineers, integrators and managers, who would like to learn about routing and managing wired and wireless networks using MikroTik RouterOS.


MikroTik certified training programs

  • MTCNA
  • MTCRE
  • MTCWE
  • MTCTCE
  • MTCUME
  • MTCINE
  • MTCIPv6E
  • MTCSE
  • MTCSWE
  • MTCEWE

Certified Network Associate (MTCNA) Training outline

Duration: 3 days
Outcomes: By the end of this training session, the student will be familiar with RouterOS software and RouterBOARD products and be able to connect the client to the Internet. He will also be able to configure, manage, do basic troubleshooting of a MikroTik router and provide basic services to clients.
Target audience: Network engineers and technicians wanting to deploy and support:
  • Corporate networks
  • Client CPEs (WISPs and ISPs)
Course prerequisites: The student must have a good understanding of TCP/IP and subnetting.
Suggested reading: Search for “ipv4 tutorial”

Test yourself with the 'example test' on https://www.mikrotik.com/client/trainingSessions

Title Objective
Module 1
Introduction
  • About MikroTik
    • What is RouterOS
    • What is RouterBOARD
  • First time accessing the router
    • WinBox and MAC-WinBox
    • WebFig and Quick Set
    • Default configuration
  • RouterOS command line interface (CLI)
    • Null Modem cable
    • SSH and Telnet
    • New terminal in WinBox/WebFig
  • RouterOS CLI principles
    • <tab>, double <tab>, “?”, navigation
    • Command history and its benefits
  • Initial configuration (Internet access)
    • WAN DHCP-client
    • LAN IP address and default gateway
    • Basic Firewall - NAT masquerade
  • Upgrading RouterOS
    • Package types
    • Ways of upgrading
    • RouterBOOT firmware upgrade
  • Router identity
  • Manage RouterOS logins
  • Manage RouterOS services
  • Managing configuration backups
    • Saving and restoring the backup
    • Difference between a backup and an export (.rsc) file
    • Editing an export file
  • Resetting a RouterOS device
  • Reinstalling a RouterOS device (Netinstall)
  • RouterOS license levels
  • Sources of additional information
  • Module 1 laboratory
Module 2
DHCP
  • DHCP server and client
    • DHCP client
    • DHCP server setup
    • Leases management
    • DHCP server network configuration
  • Address Resolution Protocol (ARP)
    • ARP modes
    • RouterOS ARP table
  • Module 2 laboratory
Module 3
Bridging
  • Bridging overview
    • Bridge concepts and settings
    • Creating bridges
    • Adding ports to bridges
  • Bridge wireless networks
    • Station bridge
  • Module 3 laboratory
Module 4
Routing
  • Routing overview
    • Routing concepts
    • Route flags
  • Static routing
    • Creating routes
    • Setting default route
    • Managing dynamic routes
    • Implementing static routing in a simple network
  • Module 4 laboratory
Module 5
Wireless
  • 802.11a/b/g/n/ac Concepts
    • Frequencies (bands, channels) data-rates / chains (tx power, rx sensitivity, country regulations)
  • Setup a simple wireless link
    • Access Point configuration
    • Station configuration
  • Wireless Security and Encryption
    • Access List
    • Connect List
    • Default Authenticate
    • Default Forward
    • WPA-PSK, WPA2-PSK
    • WPS accept, WPS client
  • Monitoring Tools
    • Snooper
    • Registration table
  • Module 5 laboratory
Module 6
Firewall
  • Firewall principles
    • Connection tracking and states
    • Structure, chains and actions
  • Firewall Filter in action
    • Filter actions
    • Protecting your router (input)
    • Protection your customers (forward)
  • Basic Address-List
  • Source NAT
    • Masquerade and src-nat action
  • Destination NAT
    • dst-nat and redirect actions
  • FastTrack
  • Module 6 laboratory
Module 7
QoS
  • Simple Queue
    • Target
    • Destinations
    • Max-limit and limit-at
    • Bursting
  • One Simple queue for the whole network (PCQ)
    • pcq-rate configuration
    • pcq-limit configuration
  • Module 7 laboratory
Module 8
Tunnels
  • PPP settings
    • PPP profile
    • PPP secret
    • PPP status
  • IP pool
    • Creating pool
    • Managing ranges
    • Assigning to a service
  • Secure local network
    • PPPoE service-name
    • PPPoE client
    • PPPoE server
  • Point-to-point addresses Secure remote networks communication
    • PPTP client and PPTP server (Quick Set)
    • SSTP client
  • Module 8 laboratory
Module 9
misc
  • RouterOS tools
    • E-mail
    • Netwatch
    • Ping
    • Traceroute
    • Profiler (CPU load)
  • Monitoring
    • Interface traffic monitor
    • Torch
    • Graphs
    • SNMP
    • The Dude
  • Contacting support@mikrotik.com
    • supout.rif, autosupout.rif and viewer
    • System logs, enabling debug logs
    • Readable configuration (item comments and names)
    • Network diagrams
  • Module 9 laboratory

Certified Routing Engineer (MTCRE) Training outline

Duration: 2 days
Outcomes: By the end of this training session, the student will be able to plan, implement and debug routed MikroTik RouterOS network configurations.
Target audience: Network engineers and technicians wanting to deploy and support static and/or dynamic routed networks.
Course prerequisites: MTCNA certificate

Title Objective
Module 1
Static Routing
  • More specific routes
  • ECMP
  • How to force gateway over specific interface
  • Gateway reachability check and route distance
  • Routing mark and route policy
  • Recursive next-hop and scope/target-scope usage
  • Module 1 laboratory
Module 2
Point to Point Addressing
  • Point to Point address configuration
  • Module 2 laboratory
Module 3
VPN
  • What is VPN?
  • Different types of VPN
  • Site to site connectivity with tunnels
    • IPIP, EoIP, PPTP, SSTP, L2TP, PPPoE
  • VLAN and it's usage
  • QinQ implementation
  • VLAN and managed switch
  • VLAN and switch chip configuration on RouterBOARDs
  • Module 3 laboratory
Module 4
OSPF
  • What is OSPF?
  • How OSPF protocol works
    • Hello protocol
    • Database distribution and LSA types explained
  • OSPF network structure
    • Areas
    • Router types
  • OSPF neighbors and neighbor states (DR and BDR election)
  • External Route Distribution methods (type1, type2)
  • Interface cost and interface types (broadcast, NBMA, etc.)
  • SPT calculation algorithm
  • OSPF and multicast (problems with NBMA)
  • Stub, NSSA and area ranges (route aggregation)
  • Virtual links, usage and limitations
  • OSPF routing filters and limitations
  • Module 4 laboratory

MTCWE training outline

Course prerequisites – MTCNA certificate

Title Objective
Wireless Installations
  • Wireless routers
    • RouterBoard Hardware
  • Wireless cards
  • Antenna types
Wireless Standard
  • 802.11 a/b/g/n
  • Bands and channel width
  • Frequencies
Wireless Tools
  • Wireless Tools + LAB
    • Scan
    • Frequency usage
    • Spectral Scan/History
    • Snooper
    • Align
    • Sniffer
Wireless Troubleshooting
  • Troubleshooting wireless clients + LAB
    • Registration table analysis
    • Ack-Timeout/Distance
    • CCQ
    • TX/RX Signal Strength
    • Frames and HW-frames
    • Data-rates
Wireless Advanced Settings
  • Advanced Wireless Tab settings + LAB
    • HW-retries
    • HW-protection
    • Adaptive-noise-immunity
  • WMM
  • Country regulation settings
  • TX-power + LAB
  • Virtual-AP
802.11n
  • 802.11n wireless protocol + LAB
    • Features
    • Data Rates
    • Channel bonding
    • Frame Aggregation
    • TX-power for N cards
    • Chain settings
    • Wireless link debugging
Wireless Security
  • Wireless Security Measures + LAB
    • Access Management
    • Access-List/Connect-List
    • RADIUS
    • Authentication
    • Encryption
    • EAP
    • Management Frame Protection
WDS and MESH
  • Wireless WDS protocol + LAB
    • Dynamic/Static WDS
    • RSTP Bridge
  • Wireless MESH + LAB
    • HWMP+ Mesh
Wireless Bridging
  • Wireless Transparent Bridge + LAB
    • WDS bridging
    • AP/Station-WDS
    • Pseudobridge
    • MPLS/VPLS tunnel
Nstreme Protocol
  • MikroTik Wireless Nstreme Protocol + LAB
    • Features
    • Configuration options
    • Nstreme Dual
    • Troubleshooting
Nv2 Protocol
  • MikroTik Wireless Nv2 Protocol + LAB
    • Features
    • Configuration options
    • Troubleshooting

MTCTCE training outline

Course prerequisites – MTCNA certificate

Title Objective
Packet flow diagram
  • Why this diagram is necessary?
  • Full overview of all things covered by diagram
  • Simple examples how packet travels through the diagram (routing, bridging, connection to router etc.) + LAB
  • More complex examples of diagram usage + LAB
Firewall filter/nat/mangle
  • Connection tracking
  • Filter + LAB
    • chains (default/custom)
    • all rule "actions" covered
    • most common rule "conditions" covered
  • NAT + LAB
    • chains (default/custom)
    • all rule "actions" covered
    • most common rule "conditions" covered
    • NAT helpers
  • Mangle + LAB
    • chains (default/custom)
    • all rule "actions" covered
    • most common rule "conditions" covered
  • Some complicated rule "conditions" covered ("advanced", "extra" tab) + LAB
  • uPNP
Quality of Service
  • HTB
    • HTB general information
    • HTB implementation (queue tree)
    • HTB structure + LAB
    • HTB Dual Limitation + LAB
    • HTB priority + LAB
  • Burst + LAB
  • Queue types
    • FIFO + LAB
    • SFQ + LAB
    • RED + LAB
    • PCQ + several LABs
    • queue size + LAB
  • Simple queues + LAB
  • Simple queue and queue tree interaction
DNS client/cache
  • Basic configuration + LAB
  • Static DNS Entry + LAB
DHCP client/relay/server
  • DHCP communication analysis
  • DHCP-client identification/ configuration + LAB
  • DHCP server configuration: + LAB
    • DHCP networks
    • DHCP options (build-in and custom)
    • IP Pool
    • advanced DHCP
  • DHCP relay configuration + LAB
Web Proxy
  • Basic configuration
  • Proxy rule lists
    • Access list + LAB
    • Direct Access list + LAB
    • Cache list + LAB
  • Regular expression + LAB

Certified User Management Engineer (MTCUME) Training outline

Duration: 2 days
Outcomes: By the end of this training session, the student will be able to securely manage large scale RouterOS based network with centralized user management.
Target Audience: Network engineers and technicians wanting to deploy and support large scale corporate networks.
Course prerequisites: MTCNA certificate

Title Objective
Module 1
PPP
  • PPP Profile
    • Local and remote addresses
    • Incoming and outgoing filters
    • Address list
    • Change TCP-MSS
    • Use encryption
    • Session timeout
    • Rate-limit configuration
    • Only-one setting
  • PPP Secret
    • Service and Profile
    • Local and Remote address
    • Routes configuration
    • Limit Bytes In/Limit Bytes Out configuration
  • IP Pool
    • Set addresses ranges
    • Next pool options
  • Module 1 laboratory
Module 2
PPTP, L2TP
  • PPTP and L2TP
    • Theory
    • Comparison
  • PPTP Client configuration
    • Client setup
    • Set profile
    • Dial on demand
    • Add default route and static routes
  • PPTP Server configuration
    • Enable server
    • Setup profiles
    • Add clients to PPP secret
    • Set static interfaces for clients
  • L2TP Client configuration
    • Client setup
    • Configure profile
    • Dial on demand
    • Add default route and static routes
  • L2TP Server configuration
    • Enable server
    • Set profiles
    • Add clients to PPP secret
    • Set Static interfaces for clients
  • Module 2 laboratory
Module 3
PPPoE
  • PPPoE server and client
    • Theory
    • Usage environment
    • Comparison to other PPP protocols
  • PPPoE client configuration
    • Client setup
    • Select interface
    • Service name
    • Configure profile
  • PPPoE Server configuration
    • Enable PPPoE server
    • Set profiles
    • Add clients to PPP secret
    • Add Static interfaces for clients
    • Secure server by removing any IP address from PPPoE server interface
  • Encryption
    • Set profile without encryption
    • Set profile with encryption
    • Configure PPPoE client without encryption
  • Interface ECMP
    • Set ECMP routes for PPP interfaces
  • Module 3 laboratory
Module 4
Bridging
  • L2TP and EoIP
    • Set L2TP tunnel
    • Set EoIP tunnel
    • Create bridge and add necessary interfaces to ports
    • Confirm you have Ethernet connectivity between remote nodes
  • L2TP and VPLS
    • Set L2TP tunnel
    • Set VPLS tunnel
    • Create bridge and add necessary interfaces to ports
  • L2TP and BCP
    • Set L2TP tunnel
    • Use BCP to bridge PPP interface
    • Add to bridge necessary interface
  • Multilink Protocol
    • Enable multilink by specifying correct MRRU settings
    • Disable mangle rules for MSS adjustment
  • MLPPP (optional)
    • Setup client and specify multiple interfaces for one client
    • Set PPPoE server with MLPPP support
  • Module 4 laboratory
Module 5
IPsec
  • Introduction
    • Theory and concepts
    • Comparison to other VPN protocols
  • IPsec Peer
    • Use different authentication methods
    • IPsec exchange modes
    • Encryption and hash algorithms
    • NAT-Traversal
    • Lifetime and lifebytes
    • DPD protocol
  • Policy
    • IPsec protocol and action
    • Tunnels
    • Generate dynamic Policy
  • Proposal
    • Encryption and authentication algorithms
    • Lifetime
    • PFS
  • Installed-SA
    • Flush SA
  • Create IPsec between two routers with NAT
    • Set peer
    • Set policy
    • Set NAT rules
    • Confirm the secure link is established
  • Module 5 laboratory
Module 6
HotSpot
  • Introduction
    • Concepts
    • Usage environments
    • Setup HotSpot with default settings
  • HotSpot Login Methods
    • HTTP CHAP/PAP
    • MAC
    • Cookie
    • HTTPS
    • Trial
    • RADIUS
  • Users
    • Add users
    • Set MAC-address for user
    • Set MAC-address for username
    • Limit Uptime and Limit Bytes In/Out
    • Reset limits for user
  • Monitor Users
    • Host Table
    • Active Table
    • SNMP for users
  • Profile
    • Keepalive timeout
    • Shared users
    • Rate-Limit
    • Address-list
    • Incoming/Outgoing filter
    • Incoming/Outgoing Packet Mark
  • Bypass HotSpot
    • Walled garden
    • Walled garden IP
    • IP binding
  • Customize HotSpot
    • Advertisement
    • Customize pages
  • Module 6 laboratory
Module 7
RADIUS
  • RADIUS client
    • Add radius client
    • Set service
    • Use RADIUS for the specific service
  • RADIUS server
    • User manager
    • Install the latest user-manager
    • Add routers
    • Add users
    • Set profile
  • RADIUS incoming
  • Module 7 laboratory

MTCINE training outline

Course prerequisites – MTCNA and MTCRE certificates

Title Objective
BGP
  • What is Autonomous System
  • What is BGP?
  • Path Vector algorithm
  • BGP Transport and packet types
  • iBGP and eBGP + LAB
  • Stub network scenarios and private AS removal + LAB
  • Non-stub scenarios + LAB
  • iBGP and eBGP multihop and loopback usage + LAB
  • Route distribution and routing filters +LAB
  • BGP best path selection algorithm
  • BGP prefix attributes and their usage + LAB
  • BGP route reflectors and confederations + LAB
MPLS
  • What is MPLS (basics)
  • Static Label Mapping + LAB
  • Label Distribution (LDP) + LAB
  • What is Penultimate-hop-popping
  • MPLS traceroute differences
  • LDP based VPLS tunnels + LAB
  • What is Bridge Split Horizon + LAB
  • VPLS Control Word (CW) usage
  • L2MTU importance and MPLS fragmentation
  • BGP based VPLS + LAB
  • VRF and route leaking + LAB
  • L3VPN (BGP based Layer3 tunnels) + LAB
  • OSPF as CE-PE protocol
Traffic Engineering
  • What is traffic engineering and how it works
  • RSVP, Static path, dynamic path (CSPF) + LAB
  • Bandwidth allocation and bandwidth limitation differences
  • and settings + LAB

Certified IPv6 Engineer (MTCIPv6E) Training outline

Duration: 2 days
Outcomes: By the end of this training session, the student will be familiar with IPv6 protocol and be capable to implement IPv6 network.
Target audience: Network engineers and technicians wanting to deploy and support IPv6 based:
  • Corporate networks
  • Client CPEs (WISPs and ISPs)
Course prerequisites: MTCNA certificate

Title Objective
Module 1
Introduction to IPv6
  • IPv6 address
    • Differences between IPv4 and IPv6
  • Address distribution
  • Address notation
    • SLAAC IPv6 address creation (EUI-64)
  • Subnetting
  • Address types
    • Link-local
    • Global
    • Multicast
    • Anycast
    • Unique local
    • Special addresses
  • Reserved IPv6 addresses
  • Module 1 laboratory
Module 2
IPv6 Protocol
  • Address configuration
    • Auto-configuration
    • Stateless – SLAAC, DHCPv6
    • Stateful – DHCPv6
  • Neighbor discovery protocol
  • IPv6 routing basics
    • IPv6 prefix
  • Module 2 laboratory
Module 3
IPv6 Packet
  • IPv6 header
    • Header field description
    • Next header (daisy chaining)
    • Fragmentation
  • Path MTU discovery
  • Module 3 laboratory
Module 4
IPv6 Security
  • ICMPv6
  • Neighbor discovery protocol
    • Router solicitation
    • Router advertisement
    • Neighbor solicitation
      • Duplicate address detection
      • Neighbor unreachability detection
    • Neighbor advertisement
      • ‘Managed address configuration’ flag
      • ‘Other configuration’ flag
    • Redirect
  • MLD (Multicast Listener Discovery)
  • Temporary addresses
  • Firewall
  • IPsec
    • Header only encryption (AH)
    • Data only encryption (ESP)
    • Header and data encryption (AH+ESP)
  • Module 4 laboratory
Module 5
Transition Mechanisms
  • Dual stack (RIPE recommended)
  • 6to4
  • 6RD
  • Teredo
  • DS-lite (Dual stack lite)
  • Module 5 laboratory
Module 6
Interoperability
  • IPv6 pool
  • DHCP
    • DHCP PD server
    • DHCP PD client
    • DHCPv6 client
  • IPv6 tunnels
    • IPIPv6
    • EoIPv6
    • GRE6
  • IP version agnostic
    • DNS
    • Reverse DNS
    • NTP
    • PPP IPv6 support
  • Routing
    • Using global addresses as in IPv4
    • Using link-local addresses as in IPv6
  • RouterOS features not yet available for IPv6
    • NAT
    • HotSpot
    • RADIUS integration
    • Policy routing
    • DHCPv6 server
  • Tools
    • Ping
    • Traceroute
    • Torch
    • Traffic generator
    • Email
    • Netwatch
    • Traffic flow
  • Module 6 laboratory

Certified Security Engineer (MTCSE) Training outline

Duration: 2 days
Outcomes: By the end of this training session, the participant will be able to plan and implement appropriate security measures suitable for the network at hand.
Target audience: Network engineers and technicians wanting to deploy and maintain secure MikroTik device based networks.
Course prerequisites: MTCNA certificate

Title Objective
Module 1
Introduction
  • Attacks, mechanisms and services
  • The most common threats
  • RouterOS security deployment
  • Module 1 laboratory
Module 2
Firewall
  • Packet flow, firewall chains
  • Stateful firewall
  • RAW table
  • SYN flood mitigation using RAW table
  • RouterOS default configuration
  • Best practices for management access
  • Detecting an attack to critical infrastructure services
  • Bridge filter
  • Advanced options in firewall filter
  • ICMP filtering
  • Module 2 laboratory
Module 3
OSI Layer Attacks
  • MNDP attacks and prevention
  • DHCP: rogue servers, starvation attacks and prevention
  • TCP SYN attacks and prevention
  • UDP attacks and prevention
  • ICMP Smurf attacks and prevention
  • FTP, telnet and SSH brute-force attacks and prevention
  • Port scan detection and prevention
  • Module 3 laboratory
Module 4
Cryptography
  • Introduction to cryptography and terminology
  • Encryption methods
  • Algorithms - symmetric, asymmetric
  • Public key infrastructure (PKI)
  • Certificates
    • Self-signed certificates
    • Free of charge valid certificates
    • Using the certificates in RouterOS
  • Module 4 laboratory
Module 5
Securing the Router
  • Port knocking
  • Secure connections (HTTPS, SSH, WinBox)
  • Default ports for the services
  • Tunneling through SSH
  • Module 5 laboratory
Module 6
Secure Tunnels
  • Introduction to IPsec
  • L2TP + IPsec
  • SSTP with certificates
  • Module 6 laboratory

ertified Switching Engineer (MTCSWE) Training outline

Duration: 3 days
Outcomes: By the end of this training session, the student will be familiar with RouterOS Layer 2 forwarding software and RouterBOARD hardware switch chip features and bridge features. The student will be able to configure and control Layer 2 forwarding using MikroTik networking solutions.
Target audience: Network engineers and technicians wanting to deploy and support Layer 2 based networks.
Course prerequisites: MTCNA certificate
Suggested reading: Search for ‘Layer 2 networking’, ‘Bridging’, ‘Switching’, ‘VLAN’

Title Objective
Module 1
Introduction
  • Layer 2 forwarding concepts
    • Unicast, multicast and broadcast traffic
    • MAC learning in bridges and switches
    • Interface settings
  • RouterOS bridge overview
  • RouterBOARD switch chip overview
    • RouterBOARDs with basic switch chips
    • Cloud Router Switch (CRS) series devices with advanced switch chips
  • SwitchOS (SwOS) brief overview
  • Module 1 laboratory
Module 2
MTU
  • MTU
  • RouterOS bridge overview
  • L2MTU
  • Jumbo frames
  • Potential MTU issues
  • Module 2 laboratory
Module 3
VLAN
  • 802.1Q and 802.1ad VLAN overview and tagging concepts
  • RouterOS VLAN interfaces
    • Port based VLAN (VLAN bridging)
    • Inter-VLAN routing ('router on a stick')
  • VLANs in basic switch chips
    • Port based VLAN
  • VLANs in bridge interfaces
    • Port based VLAN
    • MAC based VLAN
    • Protocol based VLAN
  • QinQ (802.1ad)
    • QinQ implementation with bridge VLAN filtering
    • QinQ implementation with VLAN interfaces
  • Module 3 laboratory
Module 4
Spanning Tree Protocol
  • Spanning tree protocol (STP) concepts
    • STP bridge priority
    • STP port path cost
    • STP and RSTP comparison
  • Multiple Spanning tree (MSTP) concepts
    • MSTP definition
    • MSTP regions
    • CST/CIST
  • Bridge protocol data unit (BPDU)
  • Spanning tree security
  • Module 4 laboratory
Module 5
Link Aggregation
  • RouterOS bonding
    • Bonding modes
    • Compatibility with other static link aggregation
  • Module 5 laboratory
Module 6
Port Isolation
  • RouterOS bridge horizon
  • Switch port isolation
  • Module 6 laboratory
Module 7
QoS
  • er 2 QoS (802.1p)
    • RouterOS bridge filter priority
    • CRS priority configuration
  • Traffic shaping
    • Bandwidth limiting in bridge with queues
    • Bandwidth limiting in switch chip
  • Module 7 laboratory
Module 8
Layer 2 Security
  • IGMP snooping
  • DHCP snooping
  • Loop protect
  • Traffic storm control
  • Layer 2 firewall
  • RouterOS bridge filter features
  • Switch access control list
  • BPDU guard
  • ARP modes
  • Port security
  • 802.1X
  • Switch security
  • Module 8 laboratory
Module 9
PoE
  • RouterOS PoE modes and compatibility
  • RouterOS PoE priority settings
  • RouterOS PoE monitoring
  • Module 9 laboratory
Module 10
Tools
  • Layer2 diagnostic tools
  • Port mirroring
  • Module 10 laboratory
Module 11
SwOS
  • Introduction to SwOS
  • RouterBOARD dual-boot compatibility
  • Installing SwOS
  • Managing SwOS
  • Configuration of Layer 2 Features with SwOS
    • VLANS
    • (R)STP
    • Port trunking
    • QoS
    • Layer 2 security
  • Module 11 laboratory

Certified Enterprise Wireless Engineer (MTCEWE) Training Outline

Duration: 3 days
Objectives: By the end of this training session, the student will be able to understand major RouterOS Enterprise WiFi features, how WiFi works and implement CAPsMAN into real life WiFi setups.
Target Audience: Network engineers and technicians wanting to deploy and support:
  • Corporate WiFi networks based on MikroTik Controlled Access Point system Manager (CAPsMAN)
  • Simple Layer 2 wireless bridges using MikroTik 60GHz Wireless Wire Technology
Course prerequisites: MTCNA certificate

Title Objective
Module 1
Wireless Introduction
  • Wireless routers
  • RouterBOARD hardware with integrated wireless
  • MikroTik wireless cards
  • Module 1 laboratory
Module2
RF Wireless
Characteristics
  • The RF Radio Spectrum and Electromagnetic Energy
  • Decibels
  • Antenna theory and examples of use
  • Isotropic
  • Directional
  • Omnidirectional
  • Antenna polarization
  • Initial class setup
  • Attenuation/absorption and reflective properties of building materials and how they affect radio signals
  • 2.4/5GHz indoor/outdoor cell sizes and transmitter powers
  • Client roaming
  • RouterOS station roaming setting
  • Co-channel and Adjacent-channel interference
  • Choosing correct access point placement
  • Physical network infrastructure
  • Understanding 'Airtime'
  • Module 2 laboratory
Module 3
Wireless Standards
  • 802.11a/b/g/n/ac wireless protocol
  • 802.11 standards features overview
  • Bands, channels (frequencies) and channel widths
  • Scan list
  • Modulation schemes and MCS data rates
  • Channel bonding
  • Frame aggregation overview
  • Chains (SISO, MIMO and MU-MIMO)
  • CSMA/CA overview
  • HW protection (RTS/CTS)
  • QoS priorities / WMM®
  • Future standards (802.11ax)
  • Module 3 laboratory
Module 4
Country / Regulatory
Domain Settings in CAPsMAN
  • Antenna gain and control of maximum EIRP
  • Setting antenna gain on CAP
  • Selecting the country code and purpose of 'installation' setting
  • Dynamic frequency selection (DFS radar detect)
  • Module 4 laboratory
Module 5
Non CAPsMAN
Wireless Modes
  • Extending coverage with repeaters and extenders
  • Bridging with MikroTik 60GHz Wireless Wire products
  • Module 5 laboratory
Module 6
Wireless Security
  • Authentication (Open / Shared)
  • Encryption (WEP, WPA TKIP, WPA2 AES)
  • Weaknesses of older encryption (WEP / WPA TKIP)
  • Overview of 802.11X (RADIUS and EAP)
  • Performance difference of TKIP vs. AES
  • Basic access list (ACL) management
  • Mitigating against most common known vulnerabilities of 802.11
  • Module 6 laboratory
Module 7
Wireless Troubleshooting
  • Troubleshooting wireless clients
  • Registration table analysis
  • TX/RX signal strength
  • Signal to noise ratio
  • CCQ, frames and HW frames, hardware retries
  • Data rates
  • Analysing the System log for wireless problems
  • Scan, background scan
  • Frequency usage
  • Wireless snooper
  • Wireless sniffer
  • Module 7 laboratory
Module 8
Wireless Surveys
  • Pre-install site surveys
  • Spectrum analysis overview
  • Prediction software overview
  • Post-install validation surveys
  • Module 8 laboratory
Module 9
CAPsMAN v2
  • MikroTik CAPsMAN version 2 features
  • CAP hardware/software requirements
  • L2 (broadcast/multicast) vs L3 (via UDP) CAPs communication methods
  • Using DHCP option 138
  • Configuration of a CAP
    • CAPsMAN discovery and selection by CAP
    • Authentication and locking by SSL certificates
    • Auto certificate & locking
    • Auto upgrading feature
    • Securing the CAP configuration
  • CAPsMAN configuration settings (channels, datapaths, security configurations, data rates)
  • Provisioning CAP Interfaces (single and dual band APs)
  • Datapath / local forwarding
  • Dynamic vs static CAP interfaces on CAPsMAN
  • Virtual AP (additional SSIDs)
  • Static interfaces on CAPs (slave virtual interfaces with VLANs)
  • Access list features
  • Module 9 laboratory