Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » router » mikrotik
Trace:
networking:router:mikrotik

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:router:mikrotik [2012/12/07 10:27]
gcooper 		networking:router:mikrotik [2022/02/24 14:23] (current)
gcooper
Line 1: Line 1:
 ====== MikroTik ====== ====== MikroTik ======
  
-See also **[[networking:router:mikrotik_sonora|Sonora Comm Default MikroTik Configuration Script]]**.+See also **[[https://www.sonoracomm.com/wiki/doku.php?do=search&id=mikrotik|other Mikrotik pages in this wiki]]** 
 + 
 +See also **[[sonora:sc_mikrotik_script|Sonora Comm Default MikroTik Configuration Script]]** 
 + 
 +See also **[[networking:router:mikrotik_failover|Mikrotik Failover to a Second Internet Connection]]**
  
 http://www.mikrotik.com/index.html http://www.mikrotik.com/index.html
Line 9: Line 13:
 http://routerboard.com/ http://routerboard.com/
  
-Mikrotik offers:+**Mikrotik offers a lot of value**:
  
   * Inexpensive router hardware   * Inexpensive router hardware
Line 20: Line 24:
     * Winbox for Windows (don't need to know IP address)     * Winbox for Windows (don't need to know IP address)
     * Webfig web interface     * Webfig web interface
 +
 +===== Configurators =====
 +
 +**Firewall Configurator**: QoS Configurator: http://mikrotikconfig.com/firewall/
 +
 +**QoS Configurator**: http://mikrotikconfig.com/qos/
 +
 +**Load Balance Configurator**: http://mikrotikconfig.com/loadBalance2WANs/
 +
 +**Load Balance Configurator**: http://mikrotikconfig.com/loadBalance3WANs/
 +
  
 ===== Third Party Products ===== ===== Third Party Products =====
Line 30: Line 45:
  
 ===== Upgrading ===== ===== Upgrading =====
 +
 +http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS
  
 http://wiki.mikrotik.com/wiki/Bootloader_upgrade http://wiki.mikrotik.com/wiki/Bootloader_upgrade
Line 38: Line 55:
  
 http://www.mikrotik.com/download http://www.mikrotik.com/download
 +
 +===== Safe Mode =====
 +
 +http://wiki.mikrotik.com/wiki/Console#Safe_Mode
 +
 +**Enter Safe Mode:** ''[CTRL]+[X]''
 +
 +**Save Changes and Exit:** ''[CTRL]+[X]'' again
 +
 +**Exit Without Saving:** ''[CTRL]+[D]''
 +
 +Safe mode can be used to minimize the risk of losing contact with the router while performing configuration changes.
 +
 +  * Safe mode is entered by pressing [CTRL]+[X]
 +  * To save changes and quit safe mode, press [CTRL]+[X] again
 +  * To exit without saving the made changes, hit [CTRL]+[D]
 +  * All configuration changes that are made in safe mode are automatically undone if safe mode session terminates abnormally
  
 ===== Backup and Restore ===== ===== Backup and Restore =====
Line 64: Line 98:
  
 ===== Configuration ===== ===== Configuration =====
 +
 +:!: Winbox runs well under Wine on Linux.
  
 http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration http://wiki.mikrotik.com/wiki/Manual:Initial_Configuration
Line 75: Line 111:
 http://wiki.mikrotik.com/wiki/Manual:Default_Configurations http://wiki.mikrotik.com/wiki/Manual:Default_Configurations
  
-==== Safe Mode ====+==== Reset to Defaults ====
  
-Safe mode can be used to minimize the risk of losing contact with the router while performing configuration changes.+=== CLI ===
  
-  * Safe mode is entered by pressing [CTRL]+[X] +<file> 
-  * To save changes and quit safe mode, press [CTRL]+[X] again +/system reset-configuration 
-  * To exit without saving the made changes, hit [CTRL]+[D] +</file>
-  * All configuration changes that are made in safe mode are automatically undone if safe mode session terminates abnormally+
  
-==== Reset to Defaults ====+or
  
 <file> <file>
-/system reset+/system reset-configuration no-defaults=yes 
 </file> </file>
 +
 +=== Reset Button ===
 +
 +The reset button has three functions.
 +
 +Hold the button, then apply power.
 +
 +Depending on when you release the button, it will do these things:
 +
 +  * release immediately (0-5 seconds) after starting the device to load backup bootloader
 +  * release when user LED starts to flash to reset RouterOS (5-10 seconds)
 +  * release after user LED stops flashing to start Etherboot (Netinstall) mode (10+ seconds)
 +
 +Link how to use Netinstall: http://wiki.mikrotik.com/wiki/Netinstall
  
 ==== First Login ==== ==== First Login ====
Line 101: Line 150:
 ==== Set Password ==== ==== Set Password ====
  
-//System -> Users -> Double-Click 'admin' -> Password//+**System -> Users -> Double-Click 'admin' -> Password**
  
 ==== WAN Interface ==== ==== WAN Interface ====
Line 107: Line 156:
 === Dynamic Address === === Dynamic Address ===
  
-//IP -> DHCP Client -> Add New -> ether1//+**IP -> DHCP Client -> Add New -> ether1**
  
 === Static Address === === Static Address ===
  
-//IP -> DHCP Client -> Delete if exists +**IP -> DHCP Client -> Delete if exists 
-IP -> Addresses -> Add New//+IP -> Addresses -> Add New**
  
 ==== NAT ==== ==== NAT ====
  
-//IP -> Firewall -> NAT -> Add New//+**IP -> Firewall -> NAT -> Add New**
  
   * Enabled   * Enabled
Line 122: Line 171:
   * Out. Interface should be set to WAN interface (ether1)   * Out. Interface should be set to WAN interface (ether1)
   * Action should be set to ''masquerade''   * Action should be set to ''masquerade''
 +
 +=== DMZ ===
 +
 +This is like the DMZ feature of other router/firewall devices:
 +
 +<file>
 +/ip firewall nat add chain=dstnat dst-address=<external-IP> action=dst-nat to-addresses=<internal-IP>
 +</file>
  
 ==== Default Gateway ==== ==== Default Gateway ====
  
-//IP -> Routes -> Add New//+**IP -> Routes -> Add New**
  
   * Enabled   * Enabled
Line 134: Line 191:
 ==== Name Resolution ==== ==== Name Resolution ====
  
-//IP -> DNS -> Add New//+**IP -> DNS -> Add New**
  
 ==== Time ==== ==== Time ====
  
-//SNTP Client -> Primary -> 199.102.46.73 +**SNTP Client -> Primary -> 199.102.46.73 
-SNTP Client -> Secondary -> 64.16.214.60//+SNTP Client -> Secondary -> 64.16.214.60**
  
-//Clock -> Time Zone Name -> America/Phoenix//+**Clock -> Time Zone Name -> America/Phoenix**
  
 ==== Interfaces ==== ==== Interfaces ====
Line 153: Line 210:
 === WAN Interfaces === === WAN Interfaces ===
  
-//IP -> Addresses -> Add New -> Use Ether1 as WAN +**IP -> Addresses -> Add New -> Use Ether1 as WAN 
-IP -> Addresses -> Add New -> Use Ether2 if WAN2 is needed//+IP -> Addresses -> Add New -> Use Ether2 if WAN2 is needed**
  
 === LAN Interfaces === === LAN Interfaces ===
Line 163: Line 220:
   * Only single or master (switch) ports can be added to a bridge; slaved ports cannot   * Only single or master (switch) ports can be added to a bridge; slaved ports cannot
  
-//IP -> Addresses -> Add New -> Use others as LAN//+**IP -> Addresses -> Add New -> Use others as LAN**
  
 ==== Wireless ==== ==== Wireless ====
Line 192: Line 249:
 === Wireless Security === === Wireless Security ===
  
-//Wireless -> Security Profiles -> Add New//+**Wireless -> Security Profiles -> Add New**
  
   * Mode   * Mode
Line 207: Line 264:
 :!: If you have any problems with the DHCP server (maybe it didn't hand out a gateway address?), try deleting all existing pools and all existing DHCP servers, then run the **DHCP Setup Wizard**.  In fact, this is probably the fastest, easiest way to configure the DHCP server in most all cases. :!: If you have any problems with the DHCP server (maybe it didn't hand out a gateway address?), try deleting all existing pools and all existing DHCP servers, then run the **DHCP Setup Wizard**.  In fact, this is probably the fastest, easiest way to configure the DHCP server in most all cases.
  
-//IP -> DHCP Server -> DHCP -> DHCP Setup//+**IP -> DHCP Server -> DHCP -> DHCP Setup**
  
 <file> <file>
Line 219: Line 276:
 Create the address pool first: Create the address pool first:
  
-//IP -> Pool -> Add New//+**IP -> Pool -> Add New**
  
   * Addresses: ''192.168.1.65-192.168.1.199''   * Addresses: ''192.168.1.65-192.168.1.199''
Line 225: Line 282:
 Add the DHCP server: Add the DHCP server:
  
-//IP -> DHCP Server -> Add New//+**IP -> DHCP Server -> Add New**
  
   * Use mostly defaults   * Use mostly defaults
Line 234: Line 291:
 This will also create a caching DNS server for use by DHCP clients: This will also create a caching DNS server for use by DHCP clients:
  
-//IP -> DNS -> Settings -> Click (+) twice then enter two DNS servers +**IP -> DNS -> Settings -> Click (+) twice then enter two DNS server 
-IP -> DNS -> Settings -> Allow Remote Requests//+IPs -> DNS -> Settings -> Allow Remote Requests**
  
 ==== Port Forwarding (Destination NAT) ==== ==== Port Forwarding (Destination NAT) ====
Line 244: Line 301:
   * UPnP is available if dynamic port forwarding is desired   * UPnP is available if dynamic port forwarding is desired
  
-//IP -> Firewall -> NAT -> Add New//+**IP -> Firewall -> NAT -> Add New**
  
 <file> <file>
Line 255: Line 312:
 http://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-attempts-from-lanwan-users/ http://aacable.wordpress.com/2011/08/15/mikrotik-howto-prevent-mt-host-from-invalid-login-attempts-from-lanwan-users/
  
-//IP -> Services -> www//+**IP -> Services -> www**
  
   * Port: 81   * Port: 81
Line 274: Line 331:
 add chain=input connection-state=invalid action=drop comment="Drop invalid connections"  add chain=input connection-state=invalid action=drop comment="Drop invalid connections" 
 add chain=input protocol=udp action=accept comment="Allow all UDP" disabled=no  add chain=input protocol=udp action=accept comment="Allow all UDP" disabled=no 
-add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"  +add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited ICMP"  
-add chain=input protocol=icmp action=drop comment="Drop excess pings+add chain=input protocol=icmp action=drop comment="Drop excess ICMP
 add chain=input in-interface=ether2 src-address=192.168.1.0/24 comment="From our LAN" action=accept add chain=input in-interface=ether2 src-address=192.168.1.0/24 comment="From our LAN" action=accept
 add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
 add chain=input action=drop comment="Drop everything else" add chain=input action=drop comment="Drop everything else"
 </file> </file>
 +
 +===== Dynamic DNS =====
 +
 +http://networkingforintegrators.com/2012/08/dyndns-updater-for-mikrotik/
 +
 +http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS
 +
 +http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_dynDNS_behind_NAT
 +
 +===== Scripts =====
 +
 +http://networkingforintegrators.com/2013/02/mikrotik-how-to-import-a-script-in-an-rsc-file/
  
 ===== Serial Port ===== ===== Serial Port =====
Line 302: Line 371:
 http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
  
-//System -> Console +**System -> Console 
-System -> Ports//+System -> Ports**
  
 <file> <file>
Line 312: Line 381:
  
 ==== Serial Terminal ==== ==== Serial Terminal ====
 +
 +http://wiki.mikrotik.com/wiki/Serial_Port_Usage
  
   * The Serial Terminal feature is for connecting to other devices   * The Serial Terminal feature is for connecting to other devices
networking/router/mikrotik.1354901253.txt.gz · Last modified: 2012/12/07 10:27 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki