Mikrotik Configuration Guide

[Alfie Overacre]

Initialconfiguration has DHCP client on WAN interface (ether1), rest of the ports are considered your local network with DHCP server configured for automatic address configuration on client devices. To connect to the router you have to set your computer to accept DHCP settings and plug in the ethernet cable in one of the LAN ports (please check routerboard.com for port numbering of the product you own, or check front panel of the router).

Both screens are similar as illustrated in screenshot below. After editing user's data click OK (to accept changes) or Cancel. It will bring you back to initial screen of user management.

If initial configuration did not work (your ISP is not providing DHCP server for automatic configuration) then you will have to have details from your ISP for static configuration of the router. These settings should include

Default configuration is set up using DHCP-Client on interface facing your ISP or wide area network (WAN). It has to be disabled if your ISP is not providing this service in the network. Open 'IP -> DHCP Client' and inspect field 1. to see status of DHCP Client, if it is in state as displayed in screenshot, means your ISP is not providing you with automatic configuration and you can use button in selection 2. to remove DHCP-Client configured on the interface.

Other field of interest is interface this address is going to be assigned. This should be interface your ISP is connected to, if you followed this guide - interface contains name - ether1

Since you are using local and global networks, you have to set up network masquerade, so that your LAN is hidden behind IP address provided by your ISP. That should be so, since your ISP does not know what LAN addresses you are going to use and your LAN will not be routed from global network.

To be able to open web pages or access Internet hosts by domain name DNS should be configured, either on your router or your computer. In scope of this guide, i will present only option of router configuration, so that DNS addresses are given out by DHCP-Server that you are already using.

To do that, go to 'System -> SNTP' where you have to enable it, first mark, change mode from broadcast to unicast, so you can use global or ISP provided NTP servers, that will allow to enter NTP server IP addresses in third area.

To check if ethernet port is switched, in other words, if ethernet port is set as slave to another port go to 'Interface' menu and open Ethernet interface details. They can be distinguished by Type column displaying Ethernet.

Available settings for the attribute are none, or one of Ethernet interface names. If name is set, that mean, that interface is set as slave port. Usually RouterBOARD routers will come with ether1 as intended WAN port and rest of ports will be set as slave ports of ether2 for LAN use.

In case this operation fails - means that Ethernet interface is used as port in bridge, you have to remove them from bridge to enable hardware packet switching between Ethernet ports. To do this, go to Bridge -> Ports and remove slave ports (in example, ether3 to ether5) from the tab.

In This example i will create new security profile, editing it is quite similar. Options that has to be set are highlighted with read and recommended options are outlined by red boxes and pre-set to recommended values. WPA and WPA2 is used since there are still legacy equipment around (Laptops with Windows XP, that do not support WPA2 etc.)

WPA Pre- shared key and WPA2 Pre- shared key should be entered with sufficient length. If key length is too short field label will indicate that by turning red, when sufficient length is reached it will turn blue.

Open Bridge menu and check if there are any bridge interface available first mark. If there is not, select Add New marked with second mark and in the screen that opens just accept the default settings and create interface. When bridge interface is availbe continue to Ports tab where master LAN interface and WiFI interface have to be added.

When new bridge port is added, select that it is enabled (part of active configuration), select correct bridge interface, following this guide - there should be only 1 interface. And select correct port - LAN interface master port and WiFi port

Adding IP address with wrong network mask will result in wrong network setting. To correct that problem it is required to change address field, first section, with correct address and network mask and network field with correct network, or unset it, so it is going to be recalculated again

Respectively, there are several ways how to solve the issue, one - check configuration if you are not missing any part of configuration, second - set MAC address. Change of mac address is available only from CLI - New Terminal from the left side menu. If new window is not opening check your browser if it is allowing to open popup windows for this place. There you will have to write following command by replacing MAC address to correct one:

If wireless is not performing very well even when data rates are reported as being good, there might be that your neighbours are using same wireless channel as you are. To make sure follow these steps:

To make services on local servers/hosts available to general public it is possible to forward ports from outside to inside your NATed network, that is done from /ip firewall nat menu. For example, to make possible for remote helpdesk to connect to your desktop and guide you, make your local file cache available for you when not at location etc.

A lot of users prefer to configure these rules statically, to have more control over what service is reachable from outside and what is not. This also has to be used when service you are using does not support dynamic configuration.

if you require other services to be accessible you can change protocol as required, but usually services are running TCP and dst-port. If change of port is not required, eg. remote service is 22 and local is also 22, then to-ports can be left unset.

I started off with a configuration guide for the Mikrotik RB750Gr3 however as others rightfully pointed out the configuration I posted had hardcoded MAC addresses (fail) and thus I pulled it to write a better guide. I thought instead of focusing on one Mikrotik router I'd focus on a general configuration for most Mikrotik routers out there.

Configuration:

Whilst I do know it is tempting to create a configuration with all the things this guide is more focusing on getting an internet connection via a secured router. This guide will touch on the basics of:

Also, I have found a guide on configuring Apple Airport to use its Guest WiFi on VLAN 1003, and successfully set that up. Perhaps I can do a guide to expand on this at some stage if anyone interested.

i) Turn off all gear - Mikrotik, your wifi points, switchs etc. Reason for this is everything needs to reacquire a fresh IP address, and not all equipment is consistent in its approach except when starting from cold.

Note: While we do provide technical support and step by step guidance, Beambox self-install guides are generally written for IT consultants and those who are familiar with managing their own networks.

Certain models of Mikrotik have no flash directory. If in your file directory there is no "flash" replace the login file in "hotspot" and copy and remove the original file in this directory". The final path will be hotspot/login.html

We aren't currently aware of any other configuration incompatibilities with Beambox and MikroTik. If you face any issues, we recommend replicating the exact set up described above and then observe any changes.

Have you ever wondered how exactly hostnames are linked to IP addresses? Like, how is this process happening? Or, even more specifically, how do we avoid memorizing long IP addresses and complex alphanumerics in the IPV6 system? In a nutshell, DNS Server is the answer to these questions. This article will introduce essential concepts and discuss the MikroTik DNS server and its setup. So, You can use this step-by-step tutorial to understand how to do DNS configuration on MikroTik.

However, if you use the DNS feature of MikroTik Router, it will cache the DNS information from the root DNS Server and reply to DNS queries to the connected clients. This technique provides you with faster solutions and saves paid bandwidth.

You have to put your ISP-provided DNS Server IP in that input box at this point of the Mikrotik DNS Server configuration. Notice that you can also use Google public DNS server IPs like 8.8.8.8 and 8.8.4.4.

If you click on the Allow Remote Requests checkbox, as shown below, you can use the caching DNS feature of MikroTik Router. Additionally, it enables you to put a custom measure for the cache size if you want. (The default cache size is 2048 KB or 2 MB.)

After going through the previous steps of configuring the Mikrotik DNS Server, MikroTik Caching DNS is now enabled to use your MikroTik IPs as DNS IPs for your network client. If everything is done correctly, your client will receive a response from the MikroTik cache DNS Server. You can check your DNS cache by going to IP > DNS menu item and clicking on the Cache button. Your cached domain name will be in the DNS Cache window. To flush cached objects, you should click on the Flush Cache button.

Whenever MikroTik cache DNS gets a new domain, it dynamically stores DNS entry. But occasionally, you may want to put static host entries like your local servers or even printers. To address this, MikroTik cache DNS enables you to enter static hosts. The following steps will describe putting static host entry in MikroTik DNS Server.

If you turn your MikroTik router into a DNS server, all of your MikroTik IP addresses can be used as DNS servers. You can even use WAN IP (a public IP), which is a problem. Because if people outside of your LAN use your WAN IP as a DNS IP, your MikroTik will provide them DNS solutions, and it would be consuming your paid bandwidth.

3a8082e126