Mikrotik basic router configuration

Posted by Md. Mahidul Hasan on 6:42 AM with No comments
Mikrotik Basic Router Configuration

Tips: when you connect with the router disable Wifi. Details info regarding installation at http://wiki.mikrotik.com/wiki/Manual:RouterOS_FAQ


### Install Mikrotik router:

Insert your Mikrotik OS and start the server. It will show the bellow message-

Welcome to MikroTik Router Software installation Move around menu using 'p' and 'n' or arrow keys, select with 'spacebar'. Select all with 'a', minimum with 'm'. Press 'i' to install locally or 'r' to install remote router or 'q' to cancel and reboot.


Chose your require software from here and press "i". Then you will get the bellow message and press "n". 


Do you want to keep old configuration? [y/n]:
You should choose whether you want to keep old configuration (press [Y]) or to erase the configuration permanently (press [N]) and continue without saving it.

### How to use window to configure router
Download winbox software to configure the Mikrotik router

### Licence the router
After installation you will get message to licence your os. you can upload the key file from there. Or you can also so it from system option. 

### Check System Resource
[admin@MikroTik] > /system resource

### IO Port Usage Monitor  
[admin@MikroTik] > /system resource io print

### Reboot
[admin@MikroTik] > /system reboot

### Shutdown
[admin@MikroTik] > /system shutdown

### Date and Time
[admin@MikroTik] > /system clock

date (text)     - date in format "mm/DD/YYY"
dst-active (read-only: yes | no; default: no) - whether the Daylight Saving Time is currently acitve
gmt-offset (read-only: text)     - the current effective GMT timezone in format "+HH:MM" or "-HH:MM"
time (time)     - time in format "HH:MM:SS"
time-zone-name (name; default: manual)     - timezone code (for example, Europe/Riga or America/Chicago). Used for configuring time zone and DST adjustments

### Command Description
[admin@MikroTik] > /redo    
[admin@MikroTik] > /system history print
[admin@MikroTik] > /undo     

### username and password when logging
Username is 'admin', and there is no password (hit the 'Enter' key).
You can change the password using the '/password' command.

[admin@MikroTik] > /password
old password:
new password: ******
retype new password: ******

### Set ip address
[admin@MikroTik] > ip address
[admin@MikroTik] ip address> add address=10.0.0.1/24 interface=ether2
[admin@MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
#   ADDRESS         NETWORK      BROADCAST    INTERFACE
0   192.168.6.73/20 192.168.0.0 192.168.15.255  ether1   
1   10.0.0.1/24     10.0.0.0     10.0.0.255   ether2   
[admin@MikroTik] ip address> /
[admin@MikroTik] ip> route add gateway=192.168.1.1

### Add a default route (connect with internet)
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> add gateway=192.168.1.1
[admin@MikroTik] ip route> print
[admin@MikroTik] ip route> /ping 202.84.32.22

If you want to remove a route:
[admin@MikroTik] > ip route remove 2   <<<<<< 2 is the deleted route number

### Upgrade firmware
[admin@MikroTik] > /system routerboard print
[admin@MikroTik] > /system routerboard upgrade

### Upgrade os version
[admin@MikroTik] > /system auto upgrade

### Enable NAT / Masquerading 
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interfa
ce=ether1
[admin@MikroTik] ip firewall nat> print

### DNS
[admin@MikroTik] > /ip dns set primary-dns=192.168.1.1
[admin@MikroTik] > /ping www.yahoo.com
106.10.170.118 64 byte ping: ttl=54 time=88 ms

[admin@MikroTik] > ip dns
[admin@MikroTik] ip dns> set primary-dns=192.168.6.73 \
\... allow-remote-requests=yes
[admin@MikroTik] ip dns> print
        primary-dns: 192.168.6.73
      secondary-dns: 0.0.0.0
 allow-remote-requests: yes
         cache-size: 2048KiB
      cache-max-ttl: 1w
         cache-used: 16KiB

[admin@MikroTik] ip dns static> add name=www.mahidul.com address=10.0.0.1
[admin@MikroTik] ip dns static> print
[admin@MikroTik] ip dns static> /ping www.mahidul.com
[admin@MikroTik] ip dns> cache flush

### Proxy
Enable proxy:
   [admin@MikroTik] > system package print  
   [admin@MikroTik] > ip web-proxy ?
  [admin@MikroTik] > ip dns set primary-dns=192.168.1.1
   [admin@MikroTik] > ip web-proxy set port=8080
   [admin@MikroTik] > ip web-proxy set enabled=yes
   [admin@MikroTik] > ip web-proxy print

Transparent Mode:
   [admin@MikroTik] > ip web-proxy set transparent-proxy=yes

   [MikroTik] ip firewall dst-nat> add in-interface=ether1 protocol=tcp \
dst-address=!10.0.0.1/32:80 action=redirect to-dst-port=8080
   [MikroTik] ip firewall dst-nat> print                                      
   [MikroTik] ip web-proxy> print   

Specify cache administrator's e-mail address:
   [admin@MikroTik] > ip web-proxy set cache-administrator=mahidul24@gmail.com

Specify hostname (DNS or IP address) of the web proxy:
   [admin@MikroTik] > ip web-proxy set hostname=proxy.mt.lv

If this proxy has to use another proxy, specify it:
  [admin@MikroTik] > ip web-proxy set parent-proxy=192.168.1.1:8080

otherwise disable it:
  [admin@MikroTik] > ip web-proxy set parent-proxy=0.0.0.0:0

Monitoring the Web Proxy:
   [MikroTik] ip web-proxy> print  

Managing the Cache:
   [MikroTik] ip web-proxy cache> print

### DMZ Configuration
The router should have 3 NIC cards:
[admin@gateway] interface> print

Add all needed ip addresses to interfaces as is shown here:
[admin@gateway] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
#   ADDRESS         NETWORK      BROADCAST    INTERFACE
0   192.168.0.2/24 192.168.0.0 192.168.0.255   Public
1   10.0.0.254/24   10.0.0.0     10.0.0.255   Local
2   10.1.0.1/32     10.1.0.2     10.1.0.2     DMZ-zone
3   192.168.0.3/24 192.168.0.0 192.168.0.255   Public
[admin@gateway] ip address>

Add a static default route to the local router:
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp
# DST-ADDRESS     G GATEWAY      DISTANCE INTERFACE
0  S 0.0.0.0/0       r 10.0.0.254   1     ether1
1 DC 10.0.0.0/24     r 0.0.0.0      0     ether1
[admin@MikroTik] ip route>

Configure DMZ server with the ip address of 10.1.0.2, network 10.1.0.1 and gateway address of 10.1.0.1. To make DMZ server accessible from the Internet at address 192.168.0.3 configure dst-nat rule like this:

[admin@gateway] ip firewall dst-nat> add action=nat \
\... dst-address=192.168.0.3/32 to-dst-address=10.1.0.2

[admin@gateway] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0   dst-address=192.168.0.3/32 action=nat to-dst-address=10.1.0.2

### FIREWALL
http://wiki.mikrotik.com/wiki/Firewall

### OPENVPN with SSL
http://unblockvpn.com/support/how-to-set-up-openvpn-on-router-mikrotik.html
http://strongvpn.com/setup_mikrotik_pptp.shtml

### VLAN
http://wiki.mikrotik.com/wiki/Manual:Interface/VLAN