50px!important}}if(typeof ez_ad_units!=’undefined’){ez_ad_units.push([[320,50],’router_reset_com-medrectangle-3′,’ezslot_7′,147,’0′,’1′])};__ez_fad_position(‘div-gpt-ad-router_reset_com-medrectangle-3-0_1’);.medrectangle-3-multi-147{border

Mikrotik routers are somewhat different from models from other manufacturers, especially in the way they are configured. What is the web-interface worth, how to enter it and how to work with it. Today I will talk about how you can configure the connection in Mikrotik routers.

This manual is intended for self-configuring the MikroTik router. As an example, a MikroTik hAP ac lite (RB952Ui-5ac2nD) router will be used, which will be configured for the Internet and the use of Ethernet and WiFi local networks (including Apple Iphone).

The tutorial consists of two large examples: “Quick Setup” and “Manual Setup”, the purpose of which is to demonstrate two setup methods: using the internal Quick Set setup wizard and distributed setup via Winbox or Webfig.

Quick Setup

Configuring services on MikroTik routers: Internet connection, DHCP, brige, VLAN, WiFi, Capsman, VPN, IpSec, PPTP, L2TP, Mangle, NAT, port forwarding, routing (routing), remote connection and office consolidation.

The web interface of the MikroTik router is a control panel for your router, in which all settings are saved and changed. To make changes to your network, you need to log in to your MikroTik router.

Prerequisites for accessing the MikroTik web interface

Accessing the MikroTik web interface is quite easy and all you need is:

Below are the instructions for connecting to the interface of the MikroTik router for the purpose of configuring and diagnosing it.

Make sure you are connected to MikroTik router

To access the setup pages of your MikroTik router, you need to connect to its network. Therefore, start by connecting to a network either via WiFi or an Ethernet cable.

Tip: If you don’t know the WiFi password of your MikroTik router, you can always connect to it using an Ethernet cable that doesn’t require a password.

Open a web browser and go to 192. 168

Enter IP in the address field and click «Go»

Enter username and password for your MikroTik router

In the username and password field, enter the current username and password, and then press the enter / login key.

Standard MikroTik login credentials

If you are not sure about the username/password, you can look at the default credentials for MikroTik to learn about the defaults used and how to reset them.- The credentials can also be found on a sticker on the back of the router.

Done! You will now be able to complete all required device settings.

How to set up a MikroTik router

After logging into the MikroTik admin interface, you will be able to change all available settings. Care must be taken when configuring the router to avoid disrupting the network.

Tip: Before you change anything, make a note of your current settings so that you can restore them in case of problems.

What to do if my MikroTik router or network stops working after changing the configuration

If you make any changes by mistake that damage your MikroTik home network, you can always roll back using the universal hard reset method 30 30 30.

This is usually a last resort, and if you still have access to the MikroTik interface, you can always log in and try to restore the settings first (of course, this assumes that you wrote down the original values ​​​​before changing them).

Firmware update in MikroTik RouterOS

One of the important tasks when commissioning a new MikroTik device: router (router), switch (switch) or WiFi access point is updating the firmware. Most often this was recommended, but the recent incident with the “back door” in the long-term category indicated that the relevance of the firmware in MikroTik devices is critical.

Actions in the Download&Install button will download the selected firmware version and automatically reboot the MikroTik router. The installation will be done at the time of download. Do not turn off the MikroTik router until a full reboot and ensure stable power supply when updating the firmware.

MikroTik Firmware Editions

Other editions are not recommended to be installed in MikroTik working devices, because. this may lead to undesirable consequences.

An important addition to the firmware update is the Current Firmware update — this is a hardware firmware, analogous to the BIOS in a computer.

Connecting a MikroTik router to a computer

Beforehand, it should be noted that any port can act as a WAN port on a MikroTik router. However, in the factory firmware, ether1 acts as the WAN port, on which the dhcp client is active. This feature of the factory firmware should be taken into account when connecting to a MikroTik router, because. the configuration is defined so that all incoming connections on ether1 will be unavailable.

Setting up a static IP in MikroTik

Setting up a static IP address in a MikroTik router is no different from a similar setting for any network device and consists of three sections:

Set the IP address to the selected interface

Popular subnet masks:

/ip address add address=81.21.12.15/27 interface=ether1 network=81.21.12.0

Add Static Route(Default Gateway)

/ip route
distance=1 gateway=81.21.12.1

MikroTik DNS setup

As part of this instruction for configuring the MikroTik router, the configuration will be considered when the router itself acts as a DNS server. This has several advantages:

For this DNS server configuration you need:

Google DNS server

/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4

/ip dns set allow-remote-requests=yes servers=1.1.1.1,1.0.0.1

WiFi setup on MikroTik router

Consider the situation when the MikroTik router has two WiFi modules 2.4GHz and 5GHz. This configuration will allow you to simultaneously work in two different ranges. To enable them, you need to sequentially configure each of them.

The first step is to set up the security configuration. If the local network does not contain a guest network, you can edit the default configuration.

MikroTik WiFi Password Setting

2.4GHz WiFi Setting

MikroTik router will not block WiFi configuration setting if set one SSID name. WiFi signals will propagate on completely different antennas and in different frequency ranges.

5GHz WiFi Setup

It is important to accept the fact that the WiFi interface is part of the bridge, without this WiFi setting, clients will not be able to get an IP address (the dhcp server is set to bridge), interact with the local network and will be limited to Internet access.

Internet setup on MikroTik router

To set up the Internet on a MikroTik router, you need to perform two steps:

Port forwarding in MikroTik router

Port forwarding is a popular feature of any MikroTik router, which provides remote access to a local resource: VPN server, DVR, website, etc. To configure port forwarding in the MikroTik router, add a rule:

In this example, port forwarding http and https for a web server located in the local network is considered.

/ip firewall nat add action=dst-nat chain=dstnat dst-address=10.10.10.52 dst-port=80,443 in-interface=ether1 protocol=tcp to-addresses=192.168.0.2

Entering MikroTik router settings

You can use any web browser to enter the MikroTik settings.

Configuring DHCP client in MikroTik

This is the most common type of Internet connection on MikroTik routers. The specified port (ether1) will receive settings from the Internet provider. D HCP client not only makes it easier to set up the Internet, but also serves as an indicator when the service is not on the line (the Internet is not working), but it also allows you to add a script that will be executed when the Status value changes.

/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no interface=ether1

The Add Default Route option can be manipulated, but the disabled state will require manually adding a route. This can be useful when balancing between multiple internet lines.

Set password for MikroTik router

The first important thing to set up a new MikroTik router is to update the administrator password. The cases were different, this item just needs to be done.

adding a new user with full rights:

old user deactivation:

Recommendation: To increase the security level of the MikroTik router, you should:

Connecting a MikroTik router via cable

router does not support secure connection, please enable legacy mode if you want to connect anyway

Solution: You need to activate Legacy Mode.

Solution-2: Update Winbox version.

ERROR: could not connect to MikroTik-Ip-Address

Solution: Problem with access, common causes:

Connecting a MikroTik router via WiFi

Connecting to a MikroTik router via WiFi may become relevant if the laptop does not have an Ethernet port or the router is configured via a smartphone. The list of available WiFi connections should display the MikroTik router, similar to the example below.

Reset MikroTik to factory settings, hard reset

If for some reason it is necessary to reset the MikroTik router to factory settings, this can be done in two ways:

Reset via Winbox

/system -configuration -=yes -=yes

Reset via the RESET button

There is a RESET button on the rear panel

It is necessary to perform actions in sequence:

Reset MikroTik router

manual configuration involves the complete configuration of the MikroTik router from scratch, the first time you connect, you must completely delete the factory settings.

If for some reason the MikroTik router did not display the reset form, this can be done manually.

Resetting the MikroTik router will be accompanied by a reboot of the device, after which you can reconnect to the router via the MAC address.

Setting up PPPoE in MikroTik

PPPoE remains popular when setting up the Internet on a MikroTik router.

If the connection is successful, the PPPoE interface will be set to RUN status.

MikroTik NAT setup

NAT is a mechanism that allows you to translate IP addresses for transit packets. It is NAT that is the main setting that a regular MikroTik device converts into a router.

Masquerade is the main NAT rule for the Internet on the MikroTik router.

rule for the operation of the Internet

/ip firewall nat add action=masquerade chain=srcnat out-interface=ether1

Addition: srcnat can also be used in a situation where there are several ip addresses on the outgoing port: the provider has allocated a range of addresses on one wired connection.

Setting up MikroTik with Quick Set

Quick Set is a quick settings wizard that contains optimized templates of ready-made configurations, you just need to fill them with user data. As part of this setup, the Home AP Dual template will be selected.

The MikroTik router will be rebooted and after that it will be available at the same address “192.168.88.1“.

MikroTik WiFi setup

Internet settings, automatic settings

Internet setup, static IP address

Internet setup, PPPoE

LAN setting

Working with the web interface

I enter 192.168.88.1 in the address bar to open the web interface

Then, if necessary, I reset all parameters. After authorization, a window for resetting the settings will appear on the screen, it will contain the “Remove Configuration” button. I click on it, then I reboot the modem and re-enter the graphical interface. You will be asked to reset the settings again, this time I click on the «OK» button and move on.

At this stage, you can reset the settings or simply press the OK button to proceed to the next step

Time to set up user login details by setting a password

To add a password, open the configuration, in a new window, click on the “Password” button. I enter a new combination twice and click on the OK button to accept the changes.

Set a password, confirm it and apply the changes by pressing the OK button

First, I create a connection of the VLAN type, the ID of which is indicated on the subscriber port.

I’m starting to create new connections, and I’ll start with VLANs

Now it’s time to start setting up the connection — click on the «Interfaces» element, and then select «PPoE Client».

In the “Interfaces” tab, I start changing the PPoE Client parameters

I indicate the interface through which the connection to the Internet will be made in the future, then I go to the “Dial Out” tab.

I specify the type of connection and go to the next tab

In this case, I also connect IPTV, so I configure the fourth port by setting the “Master Port” item to “none”.

This is how I set up the fourth port

Next, by clicking on the «Bridge» parameter, I will create a virtual bridge.

This is how you can create a virtual bridge

In the newly created virtual bridge in the “Ports” tab, I add a port that looks towards the switch.

I attach the desired port to the virtual bridge

Here I set the port to which the IPTV set-top box will be connected.

I act in the same way with an IPTV set-top box

To access the Internet for devices connected to the local network, I create a NAT rule in the sequence specified in the screenshot below.

This is how I will create a NAT rule

I go to the «Action» tab and select the «Masquerade» value.

I continue to configure the NAT rule

The next step is to check the «DHCP Server» parameters, and to enter this menu, follow the sequence below.

Proceed to checking DHCP Server configurations

DHCP must be configured here. If it is, then I skip this step, otherwise I just click on the «DHCP Setup» button.

If this item is not in the list, follow the instructions to create it

Now I follow the sequence below.

The name of the server is indicated here

In this field I set the address space, and proceed further

I choose the desired gateway and move on by clicking on the Next button

This window will set the address pool

Now setting DNS addresses

Set IP lease time and move on again

Finally, I turn to the Firewall settings — I open the menu item I need in accordance with the specified sequence.

In this menu item, you can change the firewall settings

As you can see, the deny rules have already been created, it remains only to change the interface from eth1 to PPPoE.

All rules have been created, it remains only to change the interface type

At the end, following the indicated sequence, I move the prohibition rules down.

Making the last changes in the parameters, after which the setting will be completed

In the Wireless menu, you can set up a Wi-Fi hotspot, set WPA2 PSK security, and set a password. Now you can get to work!

Setting up a DCHP server in MikroTik

The DHCP server is responsible for issuing IP addresses to all devices that send a corresponding request. This is an indispensable option when setting up WiFi on a MikroTik router, but it also makes it easier to maintain a local network in this matter.

Will consist of 3 items:

Determining the range of assigned IP addresses

The Addresses range contains the IP addresses for all clients of the MikroTik router and often takes the value either as shown in the image or 192.168.0.100-192.168.0.254. This will make it possible to specify static IP addresses for: server, printer, DVR, IP camera, etc.

/ip pool add name=pool-1 ranges=192.168.0.2-192.168.0.254

Specifying network settings for the client

/ip dhcp-server network add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 netmask=24

MikroTik DCHP server general settings

/ip dhcp-server add address-pool=pool-1 disabled=no interface=ether-1 lease-time=1w name=server-1

Addition: if DHCP needs to be applied to one of the bridge ports, then this bridge must be specified as the interface.

Add ARP For Leases — Adds the MAC address of the device to the ARP table to which the IP address has been issued. Can be used as a static IP blocker. Without the presence of the corresponding MAC in the ARP table, packets from this device will not be processed.

Enter MikroTik RouterOS settings

To configure the MikroTik router, it is best to use the utility, which is specially designed to manage MikroTik equipment.

will detect the device regardless of the address assigned to it. Most often it is 192.168.88.1, but there are also options when ip address = «0.0.0.0». In this case, the connection is made by the MAC address of the device. In addition, Winbox displays all found MikroTik devices on the network, as well as additional information (firmware version, UpTime):

Default account(password):

Example #1. MikroTik Quick Setup

This example of setting up a MikroTik router is the simplest and does not require a detailed study of the principles of MikroTik operation. It can be used using a PC or laptop, as well as a mobile phone.

The initial settings of the MikroTik router must correspond to the factory ones, if for some reason this is not the case, they should be reset using the Reset button.

When using the RESET button, the MikroTik equipment can assume 3 different states. The transition between states depends on the time the RESET button is pressed. Carefully study the reset sequence to return to the factory settings.

Reset via RESET button

At the heart of the local area network (LAN) on the MikroTik router is Bridge — a software association of ports into a switch. Bridge can include any sequence of MikroTik router ports, and if you add all the ports there, the router will become a WiFi access point or switch.

It should be taken into account that such a combination is controlled by the CPU. This fact is important for significant loads on the CPU.

Setting up a LAN on a MikroTik router consists of the following key steps:

Setting up MikroTik Bridge

ether3:bridge port received packet with own address as source address (MAC ether3), probably loop”

/interface bridge add name=bridge-1

Adding MikroTik Ports to Bridge

adding ports(LAN, VLAN, WLAN, etc.)

/interface bridge port add bridge=bridge-1 hw=yes interface=ether2
/interface bridge port add bridge=bridge-1 hw=yes interface=ether3
/interface bridge port add bridge=bridge-1 hw=yes interface=ether4
/interface bridge port add bridge=bridge-1 hw=yes interface=ether5

/interface bridge port add bridge=bridge-1 interface=wlan1
/interface bridge port add bridge=bridge-1 interface=wlan2

Hardware Offload — hardware support for the bridge by a separate chip. List of supported devices.

Local IP address assignment

After adding ports to the Bridge, you need to assign a static IP address and it is most correct to specify the created bridge-1 as an interface. From now on, any addressing or routing settings in the MikroTik router will be carried out through bridge-1.

When filling in the IP address, it is important to specify the subnet mask. This common typo can result in no response from the MikroTik router. In this case, the Network value will be filled in automatically.

setting ip address to selected interface

/ip address add address=192.168.0.1/24 interface=bridge-1 network=192.168.0.0

Setting up Mikrotik FireWall

Firewall in the MikroTik router is one of the most important components at the moment. An incorrectly configured Firewall can lead to limited access to the MikroTik router, and its absence will jeopardize the entire network infrastructure.

Experts strongly recommend not to neglect the MikroTik router when setting up your IT infrastructure

Permission for already established connections

/ip firewall filter add action=accept chain=forward connection-state=established,related

/ip firewall filter add action=accept chain=in connection-state=established,related

LAN trust rules

/ip firewall filter
add action=accept chain=input in-interface=bridge1
add action=accept chain=forward in-interface=bridge1

Allow ICMP requests from WAN interfaces

/ip firewall filter add action=accept chain=in protocol=icmp in-interface=pppoe-out1

Remove all incoming packets from WAN interfaces

/ip firewall filter add action=drop chain=input in-interface=pppoe-out1

Delete all packets in the invalid state

/ip firewall filter add action=drop chain=forward connection-state=invalid

/ip firewall filter add action=drop chain=input connection-state=invalid

An extended version of how to configure the Firewall in the MikroTik router can be found in the article Configuring the Firewall in MikroTik, protection against DDOS attacks.

Conclusion

The principle of setting parameters in Mikrotik routers is similar to the standard one, only the approach and appearance of the graphical interface differ. In this case, almost all parameters have to be set manually during the connection setup process.