INTERNETTEN Teknoloji San.Tic.Ltd.Şti. Mikrotik роутер настройка


Use a Mikrotik as Your Home Router

For extra geek status, and a superior router.

Background

I’ve been using a Mikrotik router (RB2011UiAS-2HnD-IN) for several years.

Mostly, it was a reaction to my negative experience with home grade routers.

There were three main criteria in my purchase:

  • Must have regular security updates
  • Must have wired and WiFi connectivity
  • Must be reliable

I have not been disappointed!

But it was definitely not a simple process to get the Mikrotik up and going. Hence, I want to share how to convert to Mikrotik.

Goal

To configure, from scratch, a Mikrotik router (such as the RB2011UiAS or hAP) as a home router. The following core functionality will be shown in detail:

  • Configure your old ADSL router to bridge mode
  • RouterOS and Firmware updates
  • Local IP address
  • DHCP
  • Internet access
  • Firewall
  • IPv6
  • DNS
  • WiFi

I’ll list some other features at the end, but the above is enough to get you off the ground.

Mikrotik have a rather limited selection of routers with integrated WiFi. It is actually very common in commercial grade gear to have a separate router and access point. Going down this road with Mikrotik is possible (eg: hEX plus BaseBox or wAP), but a bit too complex for this article.

Important Note

I am writing this article referencing my router (connected to the Internet) and a spare (courtesy of my work, Far Edge Technology). So, screenshots might not be 100% consistent and I may have missed some things.

Please let me know if I get anything wrong.

Core Configuration

The main thing to remember with a Mikrotik is that all your configuration is more verbose. For example, a regular home router may configure LAN settings as IP Address, Netmask, DHCP ON / OFF and DHCP Range. Mikrotik splits these across Addresses (3 fields per address (no limit to addresses)), Pools (3 fields per pool), and DHCP Server (3 tabs, ~10 fields in total).

(As a side effect of using a Mikrotik router, your networking skills and knowledge are likely to increase)!

IMPORTANT WARNING

You will not have Internet connectivity in steps 1 to 3.

Please make a note of any passwords you need to connect to the Internet, ensure you have new connection details from your ISP handy, and have a mobile phone ready in case you to ask the Internet for help. It’s probably worth having your ISP’s support number handy. Indeed, if you’re really paranoid, give them a call before hand and ask if there’s anything special you should know (and to double check you have the right phone number).

END IMPORTANT WARNING

Lets get started.

0. Grab a Backup of Your Old Router

Seriously. Do it now.

Save it on your laptop. And make a second copy on a USB or desktop or phone.

If things go really bad, you can always restore your backup and be no worse off.

1. Make You Old Router Into a Modem

This article assumes you have an ADSL connection. Essentially, we will change your old router to just be an ADSL modem using what is called bridge mode.

Connect to your old router and search through the configuration. Turn off WiFi. Turn off DHCP. Set your LAN IP address to 192.168.88.2 (such that your modem remains accessible; your Mikrotik will be 192.168.88.1). Once you change your LAN IP address, your router will likely reboot.

If you have added any port forwarding, now is a good time to make a note of it.

In your Internet connection settings, look for an option called bridge mode and enable it. It should clear all your connection settings (usernames, passwords, IP addresses, etc). It will tell your old router to act like a modem and simply pipe raw network traffic through to your new Mikrotik router. All your old router will do is establish ADSL line sync, but it won’t be able to access the Internet directly.

Cable, fibre, wireless, ethernet, satellite or more exotic connections will have some differences at this point. Eg: Cable users may already have a separate cable modem, they just need to disconnect their old router.

Things to watch out for:

  • VPI / VCI settings: I have needed to make slight changes to these in some ADSL modems in bridge mode. Your ISP’s configuration page should tell you what they need to be set to.
  • MAC Address: some ISPs (particularly cable providers) require a certain MAC address on your router. If you called support they should have told you this, otherwise, the Mikrotik has an option for you to enter a MAC address.

(I’ve never used a fibre, ethernet or wireless ISP in the past, so I don’t know what their particular gotchas are).

2. Unboxing a Mikrotik

Mikrotik hardware comes with the bare minimum. The device, a power pack, and a piece of paper with very basic getting started instructions.

2a - Power it up and login

Plug it into power, and you should hear some beeps as it boots up.

Connect port 1 of the Mikrotik to a LAN port on your old router. This will be your Internet connection.

Connect your computer to another port on the Mikrotik (port 2 sounds good).

Your computer should be assigned an IP address in the 192.168.88.x range. And you can browse to the admin login of your new Mikrotik router.

2b - Download Winbox

If you have a Windows computer, there is a link at the bottom of the admin login page to download Winbox. You should download it and use Winbox instead of the web interface.

Why use Winbox over a browser?

  • Winbox can auto discover Mikrotik devices on your LAN
  • Winbox can connect via IPv6 or MAC address (making it easier to change IPv4 addresses)
  • Winbox shows statistics, packet flow and graphs in real time (in fairness, the web interface does this too)
  • Winbox lets you have multiple windows for different parts of your configuration (yes, I know that web browsers have tabs too)
  • Winbox lets you do drag & drop file transfers (good for manual updates)
  • Winbox remembers a list of connections and passwords

If you don’t have a Windows device handy, the web interface is more than enough to get going, if slightly less polished.

2c - Login

Either use Winbox or your browser to login to 192.168.88.1. The default username is admin, without any password.

3. Quick Set

When you first connect with Winbox to your router, you will receive a new setting notification. If you understand what it says, that’s great. If not, don’t worry.

There are a list of menu items down the left side of the screen. The very top one should be Quick Set. Click it, and you’ll get Mikrotik’s simplified setup. Which, for a home router / access point, is 80% of what you need.

We’ll tour through all the parts of this screen so you’re all setup and on the Internet. After each section, you should click Apply to save your changes.

3a - Local Network

Although our priority is to get on the Internet, we need to check our LAN settings first. If you change these later it causes much pain, so best do it up front.

If you want to change your LAN subnet, IP Address is the place to do it (perhaps if you have some existing devices with static addresses). Most home users can just use the 192.168.88.x range without a problem. (If you change the IP address of the router, you’ll need to re-connect using your new IP address).

If you need extra static addresses, you can change the DHCP Server Range. The default of 10 non-DHCP addresses is fine (minus one for your Mikrotik router and one for your old router), unless you have lots of servers.

Keep NAT ticked. It’s the thing that lets your devices access the Internet!

Tick UPnP (more info about universal plug and play). This allows network services to automatically open ports such that external users can connect. There is a security risk for this, but it’s usually enabled on home routers, and it makes things like bittorrent and skype much happier.

If there’s an option to Bridge all LAN Ports, it should be unticked. All bar one of your LAN ports will be bridged. Port 1, your Internet port, is the exception. And it’s a very, very important exception!

3b - System Password

Before you go trying to connect your brand new router to the Internet, make sure it has a password! Enter it twice.

Then disconnect and check your new password is required.

We’ll get to checking for updates once the Internet works.

3c - Wireless

Your WiFi is currently configured as open access, no password required. Again, before we hop on the Internet, we need to add a password, and set a few other options.

Network Name is the… err… name of the network you see on your phone / laptop when connecting. You can change it to reflect your old router, or think up something new, or just keep the default. Go crazy.

Frequency is what most home routers call channels. Mikrotik shows the actual radio frequency of each WiFi channel. You’ll need to count from one to work out which MHz corresponds to which channel.

Band lets you enable / disable 2 GHz or 5 GHz, and the various WiFi protocols. The default is fine.

Country should be set correctly so your router follows any local laws regarding use of channels. Mikrotik routers sold in America have this set in hardware, apparently.

WiFi Password is where you enter your WiFi password. 8 to 63 characters (and yes, my WiFi password really is 63 characters long).

3d - Internet

OK, with our LAN configured and passwords enabled, time to connect to the Internet! This is where you should refer to your ISP’s initial setup details, or call tech support if you get stuck.

Before we start with this, make sure the Firewall Router option is ticked. That stops nasty people connecting to your router from the big bad Internet.

Configuration

Most ADSL services use PPPoE to establish an Internet connection.

Enter your PPPoE User (which may be just a username, or your ISP email address) and Password. The Service Name is optional, my ISP does not require it; check with your ISP.

Click Apply and you should see PPPoE Status change to connected.

And you’re on the Internet again!

Other Configurations

Depending on your ISP, you may need to use an Automatic connection (which just gets an Internet address via DHCP, no username or password required). Or you may have a Static address (pretty unlikely for a residential connection), in which case you’ll enter details as provided by your ISP.

Access Your Modem

To access your modem via your browser, you’ll need to connect it with another ethernet cable. Simply connect an extra ethernet port from your Mikrotik to your old router. Then you can browse to 192.168.88.2, as you configured it in step 1.

(I’m sure there is a way to do this without the extra cable, but I’ve tried several times and never managed to get it working).

3e - Updates

Now you’re back on the Internet, resist the urge to check Facebook, Twitter or download cat videos!

Instead, click the Check for Updates button. There almost certainly will be updates. Go install them and reboot your router.

(The reboot command is System -> Reboot, on the left menu.)

Regular updates is a major feature of Mikrotik over any home router. They actually fix bugs, problems and security holes. And deliver new features!

Crazy talk, I know.

3f - Guest Wireless (optional)

If you want to configure a guest WiFi access point, you can do that.

However, all this does is create a second virtual access point with a different password. Guests are still part of your main LAN network and can access other computers and devices on it.

It would be nice if this created a second isolated subnet to keep guests away from your main network, but alas it does not.

3g - VPN (optional)

If you want to be able to connect to your home network from the road (via mobile data, work, someone else’s house, when travelling, etc), you can enable a Virtual Private Network.

All you need to do is add a VPN Password (please make it better than this example).

This supports PPTP, L2TP and SSTP based VPNs. At least one of which should work with most devices and computers out there.

And you connect using the address shown above (free dynamic DNS).

But be aware that PPTP is fundamentally flawed and not supported on modern devices (from 2016, iOS and Android refuse to connect to them).

(Note, I don’t have this kind of VPN configured on my router, so my experience is rather limited).

4. Other Features

Lets venture out of the Quick Set menu to see other features. Generally, clicking through the menus on the left is pretty harmless, as long as you don’t change things. And the defaults from Quick Set are a good template to start from (so you can see how all the pieces fit together).

Interfaces

This is a very good default screen to look at to get an overall picture of what’s going on. It shows network usage in real time (updating every second or so) for each physical or logical interface in your router.

There isn’t much to see on a router with no devices, so the screenshot is from my router. Two highlights from this moment in time: something is downloading at 2.1Mbps over my ISP’s PPPoE connection, and something on WiFi is receiving at 17Mbps from my home server.

Drilling into an interface gives more configuration details, statistics and the very powerful torch function. You can use torch to work out exactly what device is consuming bandwidth (and when you have a rather poor ADSL connection like me, that is very useful to know).

Wireless

Drilling into Wireless will show you any number of options and settings for your Router’s WiFi interface(s). I won’t go into details here; reading the Mikrotik documentation and Wikipedia is a good way to work out what it all means.

One highlight is that you can see the signal strength of connected devices in real time (also visible on Quick Set). This shows the signal strength of the device as seen by your router, also known as the return signal. The signal strength bars on your phone, laptop or device only shows the strength of the router’s signal, but phones are much lower powered and have poorer antennas than your router does, so the signal the router sees is often the weakest link.

IP -> Addresses

This is where you add IP addresses for your router. Typically, this is where you change your LAN address, but you should see your public IP address in here as well.

IP -> Pools

Pools are where ranges of IP addresses are defined, which are most commonly used in DHCP configuration.

IP -> DHCP

As I alluded to near the beginning, DHCP configuration is more complex in a Mikrotik, as compared to home routers. Looking at the default configuration will help you make sense of it.

Leases shows the devices currently assigned IP addresses from your router.

If you want to assign your devices a fixed IP address via DHCP, you can do that on the Leases tab. Either wait until a device connects, drill into it and click Make Static. Or you can create a new lease and manually enter the MAC address.

If you want to create a separate subnet and a whole new DHCP scope, you need to make changes in the DHCP and Networks tabs. Following the default config helped me greatly when starting out here.

IP -> DNS

Mikrotik routers run a small DNS server. Mostly this just caches DNS queries so they are a bit faster for your local devices.

Two highlights: you can clear the DNS cache if you need to start fresh (note that this does not clear your ISP’s DNS cache), and you can add static DNS names for local devices (eg: my-server.ligos.local).

IP -> Services

Mikrotik routers run various network services. If you aren’t using them, its best to turn them off so nasty hackers have less options to break into your device.

You can safely turn off:

System -> Packages

A Mikrotik router is made up of a large core package with most functionality, and several smaller packages which add extra features. The packages screen shows what is currently installed.

This is also where you can Check for Updates from the Internet and view release notes of newer packages.

Note: other manufacturers allow 3rd parties to develop and distribute packages or add-ons for their routers or NAS devices. This is not the case with Mikrotik. All packages are exclusively developed and distributed by Mikrotik, and are available through their download page.

Bridge

Your WiFi and ethernet ports are not, by default, part of the same local network. But usually you want them to be. A network bridge is how that happens.

Bridging networks means devices can discover each other automatically, and your Mikrotik will optimise for fastest possible performance.

In a default config bridge tab has a single bridge, and the ports tab will list each interface that is bridged. This will be all your ethernet ports, except #1 (your internet link).

If you remove a port from the bridge, you can begin to isolate it from your LAN.

(Other ways of linking ports together on a local network include a hardware ethernet switch (ethernet ports only), and routing).

Console

Many articles on the Internet about Mikrotik routers will give their configuration as text commands for a console. This is a very concise way to record configuration unambiguously.

You can generate or replay these commands in a New Terminal in winbox. Most console areas have a print command, which lists information / configuration:

[[email protected]] > interface

[[email protected]] /interface> print

Flags: D - dynamic, X - disabled, R - running, S - slave

# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU

0 ether1 ether 1500 1600 4076

1 RS ether2-master ether 1500 1598 2028

2 S ether3 ether 1500 1598 2028

3 RS ether4 ether 1500 1598 2028

4 S ether5 ether 1500 1598 2028

5 S wlan1 wlan 1500 1600 2290

6 S wlan2 wlan 1500 1600 2290

7 R ;;; defconf

bridge bridge 1500 1598

8 X pppoe-out1 pppoe-out

[[email protected]] /interface>

5. Firewall

The firewall is the core business of any router. And it’s well worth reading the documentation, as well as experimenting with various firewall rules (always being careful you don’t end up locking yourself out of your own router, of course)!

But for now, let just make sure we have a safe default for home use.

The firewall is accessed in IP -> Firewall -> Filter.

There are a list of default rules, created with Quick Set. Which are a very good place to start.

(Something else worth doing is adding a comment after each rule, so make it easier to understand what’s going on).

5a - Drop All Rule

The last rule is the most important, it says we will deny access, by default. So, unless another rule matches, the default is to block incoming connections.

5b - ICMP “ping” Rule

Near the top is a rule to allow ICMP.

It is good practice to rate limit the number of ICMP packets, so nasty people don’t overload your network. You need to edit that rule and pop over to the Extra tab, and add a limit and a dst. limit. 30 packets each second is a reasonable place to start (not too big, not too small).

5c - Allow Rule for Local Network

Its good to explicitly allow connections to your router from your local network, to make sure you don’t accidentally lock yourself out of your own router.

Add a rule for chain input, with src-address=192.168.88.0/24, and set the action to accept. Then drag it up to near the top (after the ICMP rule is a good place).

5d - Other Allow Rules

If you enabled VPN access, you may notice some other rules to allow your VPN to connect.

These are a good template if you want to allow other traffic. But you more commonly will be port forwarding traffic to an internal device. And you do not need an allow rule for port forwarded traffic (the very top rule allows port forwards).

5e - Our Final Rules

Here’s a dump of all our firewall rules. Other than a few tweaks, the LAN access rule and some additional comments, they are the same as the default config.

[[email protected]] /ip firewall filter> print

Flags: X - disabled, I - invalid, D - dynamic

0 D ;;; special dummy rule to show fasttrack counters

chain=forward action=passthrough

1 ;;; defconf: fasttrack

chain=forward action=fasttrack-connection

connection-state=established,related

2 ;;; defconf: accept established,related

chain=forward action=accept connection-state=established,related

3 ;;; defconf: drop invalid

chain=forward action=drop connection-state=invalid

4 ;;; defconf: drop all from WAN not DSTNATed

chain=forward action=drop connection-state=new

connection-nat-state=!dstnat in-interface=ether1

5 ;;; Allow ICMP (rate limited)

chain=input action=accept protocol=icmp log=no log-prefix=""

6 ;;; Allow router access from LAN

chain=input action=accept src-address=192.168.88.0/24 log=no

log-prefix=""

7 ;;; Allow established

chain=input action=accept connection-state=established log=no

log-prefix=""

8 ;;; Allow related

chain=input action=accept connection-state=related log=no log-prefix=""

9 ;;; allow l2tp

chain=input action=accept protocol=udp dst-port=1701

10 ;;; allow pptp

chain=input action=accept protocol=tcp dst-port=1723

11 ;;; allow sstp

chain=input action=accept protocol=tcp dst-port=443

12 ;;; Drop all external access

chain=input action=drop in-interface=ether1 log=no log-prefix=""

[[email protected]] /ip firewall filter>

5f - Basic Firewall Concepts

This is a bit of conceptual information about the firewall. You don’t need to read or follow this unless you have a more complex network, or want to experiment further.

A firewall is a list of rules, each with a set of criteria (eg: port numbers, source or destination IP addresses, etc) and an action (eg: accept, drop, etc). The rules are divided in chains, which are group of rules. There are some core chains which have special meaning, but you can make your own if you you have sufficiently complex rules.

Every network packet passes from the top of the rules down to the bottom. As soon as it matches any rule, it stops, applies the action for that rule, and exits the list. So you tend to have more specific rules at the top, and then more general “catch-all” rules at the bottom.

I struggled to understand what a chain was, so I’ll add a little more information. There are three core chains (of which we’re usually only interested in the first two):

  1. input - traffic destined for the router itself
  2. forward - traffic which crosses the router to other devices (usually to / from the Internet / your computer, depending on the src / dest addresses)
  3. output - traffic from the router itself

There are many other rules you can add, which become more important if you want to block access to particular devices or networks (eg: guest WiFi). And I’ve included a few links for additional rules by other Mikrotik users below. Just remember that the defaults, while not perfect, are good enough (that is, these are for extra reading).

6. IPv6

In 2017, IPv6 support is an essential requirement, in my mind. The Internet has run out of addresses and IPv6 is “Internet version 2”, which supports more addresses than atoms in the Earth. Many major website and companies are accessible via IPv6, and traffic is steadily rising.

As long as your ISP supports IPv6, its actually easier to get running than IPv4, because IPv6 auto-configures itself much better.

(An alternative guide to getting going with IPv6 can be found here: http://into6.com.au/?p=214)

6a - Enable IPv6 on Mikrotik

Mikrotik routers support IPv6, but it is disabled by default: you need to enable it in Packages first. Once enabled, you’ll need to reboot your router.

You’ll then have a new top level menu item IPv6.

6b - Obtain an IPv6 Address Range

You never get a single IPv6 address. All ISPs will issue you, at minimum, a /64 subnet (which is the standard size of IPv6 subnets; that is, one local network). (To give you some perspective of how be a /64 is, it has enough addresses to fit the entire IPv4 Internet in it, millions of times over). Most will issue a /56 (which lets you create 256 sub-networks) or even a /48 (65536 sub-networks).

Obtaining IPv6 addresses can be done via DHCP or router advertisements. ISPs tend to use the former, and we will use the later to let our devices get addresses.

In IPv6 -> DHCP Client, create a new client. Chose your ISP’s network interface, set Request to prefix and enter a Pool Name.

If all goes well, you should see an address range assigned to you in the Status tab. And you should see a pool with this address range under IPv6 -> Pools.

6c - IPv6 Router Addresses

Next step is to assign a public IPv6 address to your router. (Note that your router will already have link local IPv6 addresses starting with fe80, that is normal).

In IPv6 -> Addresses, add a new address. You can set the right-hand part of the address to be whatever you want, but I use the same address as the network mask (making my router device 0 on my network). Select your LAN bridge as the interface to assign to. And the pool you just created from DHCP. Finally, make sure you enable Advertise, as that is the way your devices will get IPv6 addresses (via router advertisements).

6d - IPv6 Firewall

Something very important to remember about IPv6 is that every device can be directly contacted by anyone out there on the Internet. That’s by design.

Your devices and computers will have firewalls which stop traffic, but you can also block or allow traffic on your router’s firewall. That is, you could check each device is configured correctly, or you could make blanket rules on your router.

(It is worth doing an IPv6 port scan of different devices on your network to see what is enabled by default. I got a shock when I found that remote desktop was available on my computers; anyone on the IPv6 Internet with my address could connect - fortunately, I have a strong password).

I’ll leave it as an exercise for the reader to configure your IPv6 firewall, based on the IPv4 one. Here is another guide if you get stuck.

I make a point to block incoming VNC connections and incoming and outgoing SMB connections. But everything else is allowed, at least for now.

6e - IPv6 Addresses on devices

By the time you’ve finished mucking about with your firewall, it possible some of your devices may have obtained an IPv6 address already. If not, disconnect and reconnect them, and they should pick up an address.

On a Windows command prompt, you can run the ipconfig command to show your current address. Here’s an example of mine:

Wireless LAN adapter Wi-Fi 2:

Connection-specific DNS Suffix . : ligos.local

IPv6 Address. . . . . . . . . . . : 2001:44b8:3168:9b00:abcd:1234:5678:0001

Temporary IPv6 Address. . . . . . : 2001:44b8:3168:9b00:5587:f3d3:3f92:36c5

Link-local IPv6 Address . . . . . : fe80::abcd:1234:5678:0001%7

IPv4 Address. . . . . . . . . . . : 10.46.1.31

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : fe80::4e5e:4d5d:4c5c:4b5b%7

10.46.1.1

There are websites which test if your computer is using IPv6.

And from here, you can enjoy IPv6 connections to Facebook, Google, Netflix and this blog. Probably without noticing any difference at all.

6f - Another Pool for Another Network

Finally, if you have a guest network configured with a separate IPv4 subnet, you can assign a second IPv6 subnet to it as well.

All you need to do is add a new pool, with the next IPv6 subnet (for me, that would be 2001:44b8:3168:9b01::/64). Then, just like you did before, add a new IPv6 address to your guest interface, and enable router advertisements from it.

Mikrotik routers are full of functionality at a low cost. If I go into all these in detail, I’ll be here forever (and this article is already long enough). So just a few basic pointers and reference Mikrotik documentation.

Port Forwarding

Although port forwarding isn’t on my list of “core router functions”, the kind of people who might take the plunge with Mikrotik (nerds) are pretty likely to use it.

Mikrotik doesn’t call it port forwarding but you can make special rules in Firewall -> NAT. In here you add a dst-nat rule to the dstnat chain, which redirects traffic to an internal network address and port.

Here’s someone else’s port forwarding guide

A Mikrotik router can also do the opposite of port forwarding. That is, making an internal connection to a public IP redirect to an internal server. In my network, home.ligos.net resolves to my public IP address, but connections from my internal network get redirected to my server (instead of not working at all). This is a very important feature if you are hosting HTTPS websites (like me), because the site DNS address must match the certificate.

This is not a normal feature of home routers. I’ve heard it called reflection and hair pin NAT. It’s implemented as a special srcnat rule.

Isolated Networks

I said above that Mikrotik’s guest WiFi password is just a second password for your main network. In my mind, guests are to be viewed with extreme suspicion (who knows what kind of crypto ransomware may be on their devices). So they need to live on their own isolated network, without easy access to your main LAN.

You can make your own virtual WiFi interface, or use the Quick Set template. Next steps are:

  1. Make sure the guest WiFi interface is not part of your main LAN bridge.
  2. Assign a new address to this interface for your router (eg: 192.168.89.1).
  3. Create a new DCHP server for the guest WiFi interface.
  4. Create a new pool for your new subnet.
  5. Create and configure a new DCHP scope for the new subnet.

Or for more serious isolation, see my previous post.

IPSec VPN access

IPSec is a much stronger VPN than the ones created on the Quick Set page. It’s also mostly used for permanent VPN links between sites, rather than occasional “dial-in” style access.

And it’s a real pain to configure correctly. (I’ve struggled to get it working in the past, and simply don’t touch the config any more - I fear I will break it).

If you feel brave, the link above will get you started.

File Sharing

Some home routers let you connect a USB hard disk and share files. A Mikrotik router can enable SMB network connections (also known as Windows networking), FTP and SSH for basic file sharing.

(Note that Mikrotik routers don’t do this very well. Heck, most home routers do this pretty poorly too. It’s really the domain of NAS devices, so if you want to do it properly, go buy a NAS.)

Once you connect your USB you need to format it in System -> Disks. It will then appear as a folder under the Files menu. And you can enable network sharing under IP -> SMB.

Dynamic DNS

Mikrotik routers come with a free dynamic DNS service, which updates whenever your dynamic IP address changes. If you enabled VPN in Quick Set, dynamic DNS is already enabled.

Otherwise it lives in IP -> Cloud -> DDNS Enabled.

Fun fact: if you own your own domain (eg: ligos.net), you can create a DNS CNAME record (say home.ligos.net) which points to the long dynamic DNS address for an easier to remember name.

Queues / Shaping

Queues are how Mikrotik routers provide quality of service. That is, they can shape, prioritise and limit bandwidth to different networks or devices. For example, you could restrict the bandwidth allowed by particular devices.

Configuring queues and QoS is really hard, and I’ve never managed to understand it properly. In the end, I’ve just created a few simple queues which make sure no single network can use all my (terribly limited) Internet bandwidth. I’m sure there are better solutions, but this is good enough for me.

One helpful tip though: create a new queue type with a larger queue size (I’m using 200, instead of the default of 10), this will not drop as many packets while still restricting bandwidth.

Update (1/Apr/2017): A more helpful tip is not to use fifo queues when you have limited bandwidth; that causes buffer bloat and dramatically increases latency. Instead, use the sfq or pcq kinds. You’ll need to create new queue types for these as they aren’t configured out of the box. The sfq and pcq algorithms still restrict bandwidth, but do it in a fairer way, so the latency of individual connections isn’t completely terrible.

Conclusion

Well, that is a lot of information! But Mikrotik routers provide a lot of functionality!

You should be able to get on the Internet with a Mikrotik using the Quick Set screen. Then navigate your way around the Winbox interface, to see current status and update basic configuration. And you have plenty of options in terms of other functionality.

Enjoy your new Mikrotik router! Watch it run faster, do more and and be more reliable than your old home router.

blog.ligos.net

How to setup Mikrotik 751 Router for home or office

Mikrotik makes great quality products that can do just about anything you would like them to do.  The RB751 routerboard can be bought for cheap on the net and we can assure you that this little router can do WAY more than you average SOHO router you can buy at Wal-mart from the major vendors we all know/love/hate.  In fact, you basically get Enterprise capabilities for your home in these little units.  Most of the features are indeed overkill for the home environment, but maybe not for the small office.  However, with network security on the minds of everyone these days, even home users with sensitive data on their computers and laptops, the more feature rich the device is and the more we can get it to do for us in the way of securing our network, the better.

Most geeks will be in heaven with this unit as it simply screams “geek” as it is highly configurable, able to do just about anything that can be thought of or most will want to do on their SOHO wireless network or LAN.

With the RB751, you get all of the standard encryption techniques that most may be familiar with and even some you may not be including the ability to spin your own Hotspot up at your house!  So, not only can you secure your wireless network via the regular means of WPA, MAC filtering, etc, you can also require the additional level of security of a user having to authenticate to your hotspot with your own customized landing page!  We will show you how to do this in a later post.

Cabling

Out of the box, the RB751 is setup so that you need to use specific ports to plug things in to make sure everything works properly.

  • This is a 5 port unit, with the WAN connection or the connection that you would plugin from your cable modem/DSL modem setup on Port 1.  The DHCP client is also setup on this port so that it requests an IP address from an upstream DHCP server allowing you to connect to your ISP network.
  • Ports 2 and 5 are setup to be bridged to the wireless network.

Software Configuration for your home network

Out of the box, the Mikrotik RB751 is configured to work with a home ISP with a firewall already configured on Ether1 and a wireless network already setup to broadcast the SSID of “Mikrotik” with no security.  To configure your RB751, you can either connect a PC to the routerboard ethernet port or connect via the default wireless network and browse to the address of https://192.168.88.1 to configure the board.

Alternatively, you can use the Winbox utility to configure your Mikrotik product(s).

If you use a browser to navigate to your router IP address, you will be presented with the WebFig Login screen shown below:

The default account is admin with a blank password.

Once you login, you are taken to the new Quick Set configuration screen that was recently released with version 5.16.  The Quick Set screen is basically an overall view of all the major configuration points that you are able to configure from that screen if you choose without going to the individual configuration sections to update the config.

IP Address Configuration

If you choose not to use the Quick Set screen for your configuration and want to delve deeper into the other options, you can set the individual settings under the appropriate menu on the left of the routerboard WebFig screen.

To set the IP address using the menu, you can browse to IP > Addresses > “default configuration”

You will then be able to set the LAN IP address to anything you want it to be for your network.  Keep in mind that once you confirm this setting you will be disconnected from the router since the connection information will have changed and you will most likely be on an entirely different network if you reconfigured the subnet mask, etc.

Handing out IP addresses for clients on your office or home network

To configure DHCP for your network so that other clients will automatically grab an IP address and you won’t have to manually configure each one, navigate to IP > DHCP Server

Below you can enable or disable the DHCP server service, assign it to specific interfaces, set the lease time, address pool, etc.

To actually setup and configure the DHCP pool, which is the range of IP addresses that you want the router to use in the DHCP server, you go to IP > Pool

By default however, the DHCP server service as well as the default address pool are already setup.  Keep in mind though that if you change the LAN IP Address of the router from the default, you will need to reconfigure your DHCP server Pool to hand out addresses that are in your network address.

Setting/Changing the Admin Password, Configuring Users

 

Wireless

Wireless setup will be important to most as they will probably use this unit as a wireless AP on their home network.  To configure the wireless settings, simply navigate to Wireless on the lefthand menu in WebFig.

There are so many options that can be tweaked and setup here.  Also, you have a builtin frequency scanner, Wireless Sniffer, and Wireless Snooper for detecting threats or potential problems on your network.

To configure your Wireless Security, navigate to the Security Profiles section of the Wireless config screen.  To configure a classic WPA2/TKIP config simply select:

  • dynamic keys
  • Authentication types: WPA2 PSK
  • Unicast Ciphers – tkip
  • Group Ciphers – tkip
  • Enter the WPA2 Pre-Shared Key

 

Setting up the Firewall:

Navigate to IP > Firewall to find the default configuration rules.  By default, there are already rules setup configured for your WAN connection to drop certain types of traffic.  The firewall capability on the RB751 is phenomenal.  This little unit is a geek’s dream, because if you can think about configuring or tweaking something, you can most likely do it with this unit.  That is what we like about it.

Final Thoughts

Mikrotik is making some killer products that in our opinion, blows most of the consumer grade products out of the water on sheer enterprise level configuration, the wide range of options that you have to configure this device and simply what it can do.  The wireless signal of this device is really amazing and will leave end users in most situations very happy with overall signal strength and throughput.  Check this device out if you are looking for a new SOHO router for your environment.

 

 

 

www.virtualizationhowto.com

Mikrotik CCR1016-12G Cloud Core Profesyonel Router Hotspot Firewall

Mikrotik CCR1016-12G  Cloud Core  Profesyonel Router  Hotspot Firewall 

Endüstri standartlarının üzerinde 16 çekirdekli işlemcisi sayesinde Hotspot yada Operatörlerin 5000 'den fazla kullanıcıya rahatlıkla cevap verebilecek kapasitede bir ürün

ISP platformunda güçlü bir firewall +router olarak da kullanılan bu ürün bircok Hosting yada Sunucu Hizmeti veren ISP 'ler için 'de başarılı bir üründür.

Aynı zamanda şirketlerin Core router olarak da kullanabileceği Mikrotik CloudCore serisi ürünler CCR1016-12G ( 16 core) ve CCR1036-12-4S ( 36 core ) olarak sunulmaktadır.

1. Mikrotik'i yönlendirici (Router) olarak kullanabilirsiniz.Basit ara yüzü ile static router kurallarınızı kolaylıkla yönetebilirsiniz.Web sitelerini ziyaret ederken birinci modemi, e-posta hesabınıza bakarken ise ikinci modemi kullanabilirsiniz.

2. Mikrotik'i Bandwidth Manager (Bant Genişliği Yönetimi) olarak kullanabilir.Ağınızdaki belli bir makineyi veya belli bir ip bloğunda bulunan makinelerin trafiğini kısabilir,bloklayabilir ağınızı daha düzenli hale getirebilirisiniz.

3. Mikrotik'i Güvenlik Duvarı (Firewall) olarak kullanabilirsiniz.Belli portları ve belli protokolleri kısıtlayabilir.Ağınızı ayrıntılı analiz edebilir gelen giden bağlantıları görüp, yönlendirip, bloklayabilirsiniz.

4. HotSpot Gateway olarak kullanılabilir. Bulunduğunuz Local Network içersinde kullanıcı tanımlamaları yaparak user namebazında kısıtlamalar yada yetkiler atanabilir.

5. VPN (Virtual Private Network) uygulamaların da VPN Server olarak kullanabilirsiniz.

6. Mikrotik ile BGP yapabilir ağınızda en alt seviye yönetime sahip olabilirsiniz.

7. Traffic Monitor ve Kullanıcı LoglamaAğınızdaki tüm trafiği tüm protokollerle birlikte izleyip 5651 yasasına uygun şekilde loglayabilirsiniz.

8. Dial-in ve Dial-out server olarak kullanabilir. Dial-Up hizmeti verebilirsiniz.

9. PPP, PPoE, PPPoA server ve client ile adsl ağlarına bağlanabilir. Mikrotiğinize adsl ipsi aldırtabilirsiniz.

10. Load Balancing ile Biden fazla adsl hattınızı aynı anda yönetip kullanabilirsiniz.

11. Proxy server olarak kullanabilirsiniz. Mikrotiğin Web-Proxy, Proxy Cache özellikleri ile içeriği yönetebilirsiniz. Ayrıca Transparent Proxy destekler.Reverse Proxy olarak kullanılabilir olması, firewall üzerinden Transparan olarak çalışarakkullanıcılara herhangi bir işlem gerektirmeden trafikleri yönetmesi ve oldukça rahat yönetilebilen içerik filtreleme özellikleri sayesinde ofis ve internet cafelerin kullanımında ciddi rahatlıklar sağlayabilir. Hatta bu konuda Web Server Load Balancing gibi işlemleride aynı uygulamadanyapabilmektesiniz.

12. DHCP ile ağınızdaki IP yönetimini tamamen mikrotiğe verebilirsiniz. MAC adresi tabanlı filitreleme ve erişim denetlemeleri yapabilirsiniz.

13. DNS server olarak kullanabilirsiniz.

14. SDSL Single Line DSL hizmetlerini destekler.

15. Voice Over IP (VoIP) desteği sayesinde bilgisayardan bilgisayar veya bilgisayardan telefona bağlantı sağlayabilirsiniz.

16. VLAN Trunking Protocol (VTP) Vlan Networks oluşturarak ağınızı genişletmenize olanak sağlarBu saydığımız işlemler en çok kullanılan işlemlerden bazıları bunların dışında sayamadığımız bir çok işlemi yapmak ve çoklu kullanıcı desteği yönetimi ile erişim denetleyicisi kullanmanız için sizi bekliyor.

Benzer Ürünlerin Karşılaştırması

CCR1036-12G-4s CCR1016-12G CCR1016-12S-1S-PLUS
36 Core CPU 16 Core CPU 16 Core CPU
12 Gigabit Port + 4 SFP Port 12 Gigabit Port 12 SFP Port + 1SFP+ port
4 GB Ram 2 GB Ram 2 GB Ram
RouterOS v6 (64bit) RouterOS v6 (64bit) RouterOS v6 (64bit)
Tilera Tile-Gx36 Tilera Tile-Gx16 Tilera Tile-Gx16
Maks. Güç Tüketimi 92W Maks. Güç Tüketimi 38W Maks. Güç Tüketimi 44W

Ürün Özellikleri

Ürün Kodu CCR1016-12G
CPU nominal frekansı 1.2 GHz
CPU Çekirdek Sayısı 16
RAM 2 GB
Mimarisi Tile GX
10/100 Ethernet portu 0
10/100/1000 Ethernet portu 12
MiniPCI slotu 0
MiniPCI-e slotu 0
USB port Sayısı 1
Güç Prizi 1
Desteklenen Giriş Gerilimi 12 V - 28 V
PoE out Hayır
PoE in Hayır
Voltaj Monitöru Evet
PCB sıcaklık monitörü Hayır
CPU sıcaklık monitörü Evet
Ebatları 355x145x55mm
İşletim Sistemi RouterOS v6 (64bit)
Çalışma Sıcaklığı Aralığı Min ambient -10C; Max ambient temperature 50C @1.2Ghz; 70C @1Ghz CPU core frequency
Lisans Seviyesi 6
Anten Kazancı DBI Hayır
Akım Monitörü Evet
CPU TLR4-01680CG-12CE-A3a
Maksimum Güç tüketimi 38W
SFP portu 0
SFP+ portu 0
USB slot tipi microUSB type AB
Zincir Sayısı 0
Serial port RS232
Genel Özellikler
Çekirdek Sayısı 16
Gigabit Ethernet 12 Adet
İşlemci Frekansı 1.2Ghz
İşletim Sistemi RouterOS
Lisans Level LEVEL-6
Mekan İç Mekan
RAM Kapasitesi 2GB
Voltaj Beslemesi 110/220V

Telefonla  Ürün / Yazılım desteği kapsamı 

  • Kablosuz ürünler ile ilgili uzaktan destek hizmeti  2 adet cihaza kadar ücretsiz olarak sağlanmaktadır.
  • 2 adetten  daha fazla sayıda ürün için satış temsilcilerimiz ile görüşerek projeye özel fiyat talep edebilirsiniz. 
  • Kampanya Fiyatı  yada Bayi , Proje Özel fiyatı olan ürünler için ücretsiz uzaktan destek kapsamına dahil değildir. 
  • Teknik destek temsilcilerimizle 10dk  geçecek işlemler için öncesinde randevu alınız .
  • Randevularınızı : [email protected] adresine mail olarak gönderebilir yada telefon ile yine  temsilcilerimiz ile görüşerek yardım alabilirsiniz. 
  • Teknik Destek Saatleri  : 
  • Hafta içi  : 09:30 -- 16:30 
  • Hafta Sonu : 09:30 -- 14:30 arasındadır. 
  • Konfigurasyon genel ücretlendirilmesi : (Router Konfigurasyonu fiyatları ayrıdır )
  • Telefon ile destek 30dk 'ya kadar  10$ + KDV 
  • Uzak Bağlantı ile destek 30dk 'ya kadar  25$ + KDV  
  • Router Yapılandırması : 
  • - Load Balance , Hotspot , Loglama , Temel Firewall  yapılandırması ve  6 aylık yapılandırma garantisi / 1 Adet Router için    : 100$ + KDV 
  • - DSL/WAN/LOCAL Kablolu/Kablosuz  Network yapılandırması ve standart Firewall yapılandırması  ( 1 LAN / 1 Wan Konfigurasyonu )  (1 seferlik  ) / 1 Adet Router için   : 50$ + KDV 
  • - VPN Yapılandırma hizmeti 2 Adet Router için : 150$ + KDV  (  3 veya daha fazla Router için  yapılandırma taleplerinde satış temsilciniz ile görüşünüz. )
  • - Loglama Yapılandırması 1 Adet Router için  :80$  + KDV  
  • - Geniş Network Konfigurasyonu ,Çoklu bağlantı , VPLS / MPLS , OSPF , BGP yapılandırması için taleplerinde satış temsilciniz ile görüşünüz.  
  • Fiyatlara Router / Wifi Cihazları dahil değildir. 

 

Elektronik Ürün onarım destek için ön bilgi

  • Ürünlerin montaj şemalarına bakarak montajını gerçekleştiriniz. 
  • Ürünleri teknik servis'e gönderirken  yaşadığınız sorunu , problemi mutlaka yazınız , arıza belirtilmemiş ürünler kısa test sonrasında problem görülmemesi halinde iade gönderilir. 
  • Arıza bildirim formu üzerinde fatura numarası , ürün servis sonrası iade yapılacak adres ve iletişim bilgileri yer alması gerekmektedir. 

 

Ürün iade & değişim için ön bilgi

Tüm iade , cayma talepleri için mesafeli satış sözleşmesi maddeleri öncelik taşımaktadır.  Mesafeli Satış Sözleşmesi , Cayma Hakkı Detayları sayfasından ulaşabilirsiniz. Hizmet iadesi gerçekleşebilmesi için hizmetin hiçbir şekilde başlatılmamış olması gerekmektedir, Teknik destek,Kargo ,Teknik servis,Uzaktan yapılandırma, Yerinde Kurulum vb. işlemlerde hizmet ifası başlatılmış olması durumunda hizmet iptali/iadesi  gerçekleştirilemez.  Hizmet  ürün ile birlikte alınıyor olması Cayma hakkını hizmet üzerinde kullanma hakkı oluşturmaz . Ürün iade olarak kabul edilebilmesi için ürünün tekrar satışa uygun şekilde kutu içerisindeki tüm ekipmanları eksiksiz , deforme olmamış , ürün kutusu yada üzerinde herhangi bir şekilde işaretleme ,etiket,boya,yazı , ezilme , deforme olmaması gerekmektedir. Ürünü iade göndereceğiniz cihaz ile cihaz kutusu üzerindeki seri numaraları birbirinden farklı olması durumunda , yada bu alanlarda tahribat yapılması durumunda iade kabul edilmez. İade yada değişim için göndereceğiniz tüm ürünler önce servis muayenesinden geçmekte ve kabulü durumunda iade faturanız işleme alınır. aksi durumda iade kabul gerçekleşmez. İade ,Değişim , Servis işlemlerinde lojistik bedeli alıcı sorumluluğundadır. alıcı ürün ile ilgili dilerse anlaşmalı kargo firmalarımızı kullanarak indirimli gönderim gerçekleştirebilir. İade için fatura tarihi itibari ile 15 gün iade hakkınız yukarıdaki şartlar doğrultusunda geçerlidir.. 

Teknik destek ve onarım hizmeti yanlızca  İNTERNETTEN Teknoloji San.Tic.Ltd.Şti. firmasından yada firma bayi/kanal satış noktalarından alınmış olan ürünler için geçerlidir. 

Ürün iade & değişim için ön bilgi

Tüm iade , cayma talepleri için mesafeli satış sözleşmesi maddeleri öncelik taşımaktadır.  Mesafeli Satış Sözleşmesi , Cayma Hakkı Detayları sayfasından ulaşabilirsiniz. Hizmet iadesi gerçekleşebilmesi için hizmetin hiçbir şekilde başlatılmamış olması gerekmektedir, Teknik destek,Kargo ,Teknik servis,Uzaktan yapılandırma, Yerinde Kurulum vb. işlemlerde hizmet ifası başlatılmış olması durumunda hizmet iptali/iadesi  gerçekleştirilemez.  Hizmet  ürün ile birlikte alınıyor olması Cayma hakkını hizmet üzerinde kullanma hakkı oluşturmaz . Ürün iade olarak kabul edilebilmesi için ürünün tekrar satışa uygun şekilde kutu içerisindeki tüm ekipmanları eksiksiz , deforme olmamış , ürün kutusu yada üzerinde herhangi bir şekilde işaretleme ,etiket,boya,yazı , ezilme , deforme olmaması gerekmektedir. Ürünü iade göndereceğiniz cihaz ile cihaz kutusu üzerindeki seri numaraları birbirinden farklı olması durumunda , yada bu alanlarda tahribat yapılması durumunda iade kabul edilmez. İade yada değişim için göndereceğiniz tüm ürünler önce servis muayenesinden geçmekte ve kabulü durumunda iade faturanız işleme alınır. aksi durumda iade kabul gerçekleşmez. İade ,Değişim , Servis işlemlerinde lojistik bedeli alıcı sorumluluğundadır. alıcı ürün ile ilgili dilerse anlaşmalı kargo firmalarımızı kullanarak indirimli gönderim gerçekleştirebilir. İade için fatura tarihi itibari ile 15 gün iade hakkınız yukarıdaki şartlar doğrultusunda geçerlidir.. 

Soru sorabilmek için lütfen üye girişi yapınız..

CCR1016-12G Sorulan Sorular;

Soru : KURULUM DESTEĞI VERIYOR M... Soru : KURULUM DESTEĞI VERIYOR MUSUNUZ ACABA VE HOTSPOT YÖNETIM VE LOGLAMA YAZILIMI MYS GIBI SATIYOR MUSUNUZ. Merhaba ; Mikrotik Ürünlerinde kurulum desteği olan hazır setler ile sağlanmaktadır .hazırset içerisinde yer almayan bir ürün için kurulum desteği taleplerinizde satış temsilciniz ile görüşerek uygun konfigurasyon / yapılandırma servisi teklifi paylaşacaklardır.

2017-03-02 11:12:36

Taksit Kart Tipi Taksit Oranı Çekilecek Tutar

Yükleniyor..

wi.com.tr

Manual:First time startup - MikroTik Wiki

Applies to RouterOS: All

Overview

After you have installed the RouterOS software, or turned on the Router for the first time, there are various ways how to connect to it:

  • Accessing Command Line Interface (CLI) via Telnet, SSH, serial cable or even keyboard and monitor if your router has a VGA card.
  • Accessing Web based GUI (WebFig)
  • Using the WinBox configuration utility (Windows app, compatible with Wine)

Every router is factory pre-configured with the IP address 192.168.88.1/24 on the ether1 port. The default username is admin with no password. After you log in for the first time, please create a new user with a password in the "full" group, re-login and delete the default admin user. We highly recommend you to follow the general guidelines of the article Securing your router to protect the device from any unauthorised access.

Additional configuration may be set depending on RouterBOARD model. Most models have the ether1 configured as a WAN port and any communication with the router through that port is not possible, since it is firewalled to protect from any outside access. List of RouterBOARD models and their default configurations can be found in this article.

Winbox

Winbox is a configuration utility that can connect to the router via MAC or IP protocol. Latest winbox version can be downloaded from our download page.

Run the Winbox utility, then click the [...] button and see if Winbox finds your Router and it's MAC address. Winbox neighbor discovery will discover all routers on the broadcast network. If you see routers on the list, connect to it by clicking on MAC address and pressing Connect button.

Winbox will try download plugins from the router, if it is connecting for the first time to the router with current version. Note that it may take up to one minute to download all plugins if winbox is connected with MAC protocol. After winbox have successfully downloaded plugins and authenticated, main window will be displayed:

If winbox cannot find any routers, make sure that your Windows computer is directly connected to the router with an Ethernet cable, or at least they both are connected to the same switch. As MAC connection works on Layer2, it is possible to connect to the router even without IP address configuration. Due to the use of broadcasting MAC connection is not stable enough to use continuously, therefore it is not wise to use it on a real production / live network!. MAC connection should be used only for initial configuration.

Follow winbox manual for more information.

QuickSet and WebFig

If you have a router with default configuration, the IP address of the router can be used to connect to the Web interface. The first screen to come up will be QuickSet, where you can set the password and basic settings to secure your device. For more advanced settings, click the WebFig button to open the Advanced mode, which has almost the same configuration functionality as Winbox.

Please see following articles to learn more about web interface configuration:

CLI

Command Line Interface (CLI) allows configuration of the router's settings using text commands. Since there is a lot of available commands, they are split into groups organized in a way of hierarchical menu levels. Follow console manual for CLI syntax and commands.

There are several ways how to access CLI:

  • Winbox terminal menu
  • Telnet
  • SSH
  • serial cable etc.

Serial Cable

If your device has a Serial port, you can use a console cable (or Null modem cable)

Plug one end of the serial cable into the console port (also known as a serial port or DB9 RS232C asynchronous serial port) of the RouterBOARD and the other end in your PC (which hopefully runs Windows or Linux). You can also use a USB-Serial adapter. Run a terminal program (HyperTerminal, or Putty on Windows) with the following parameters for All RouterBOARD models except 230:

115200bit/s, 8 data bits, 1 stop bit, no parity, flow control=none by default.

RouterBOARD 230 parameters are:

9600bit/s, 8 data bits, 1 stop bit, no parity, hardware (RTS/CTS) flow control by default.

If parameters are set correctly you should be able to see login prompt. Now you can access router by entering username and password:

MikroTik 4.15 MikroTik Login: MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 4.15 (c) 1999-2010 http://www.mikrotik.com/ [[email protected]] >

Detailed description of CLI login is in login process section.

Monitor and Keyboard

If your device has a graphics card (ie. regular PC) simply attach a monitor to the video card connector of the computer (note: RouterBOARD products don't have this, so use Method 1 or 2) and see what happens on the screen. You should see a login promt like this:

MikroTik v3.16 Login:

Enter admin as the login name, and hit enter twice (because there is no password yet), you will see this screen:

MMM MMM KKK TTTTTTTTTTT KKK MMMM MMMM KKK TTTTTTTTTTT KKK MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK MikroTik RouterOS 3.16 (c) 2008 http://www.mikrotik.com/ Terminal ansi detected, using single line input mode [[email protected]] >

Now you can start configuring the router, by issuing the setup command.

This method works with any device that has a video card and keyboard connector

[ Top | Back to Content ]

wiki.mikrotik.com

MikroTik Routers and Wireless - Products: wAP LTE kit

The wAP LTE is a small weatherproof wireless access point with a built in cellular modem that supports 2G, 3G and 4G (LTE) connectivity. Connect to the wAP’s built-in 802.11b/g/n wireless and access the LTE network from your phone or any other wireless device. The wAP LTE also has one 10/100 Ethernet LAN port for your wired devices.

LTE cards are connected to two internal antennas with u.FL connectors, so if you want, you can unplug the connectors and add your own external LTE antenna for larger coverage. Unit has the several powering options - 9-30v PoE-in by Ethernet port, DC jack and Automotive connector, very handy in mobile devices like car, bus or train.

RBwAPR-2nD&R11e-LTE includes LTE modem that supports International LTE bands 1,2,3,7,8,20,38 and 40.

 Send purchase questions

Specifications

Details
Product code RBwAPR-2nD&R11e-LTE
Architecture MIPSBE
CPU QCA9531
CPU core count 1
CPU nominal frequency 650 MHz
Dimensions 185 x 85 x 30 mm
License level 4
Operating System RouterOS
Size of RAM 64 MB
Storage size 16 MB
Storage type FLASH
Tested ambient temperature -40°C .. +60°C tested
Suggested price $119.00

Powering

Details
Max Power consumption 8W
PoE in Passive PoE
PoE in input Voltage 9-30 V
Number of DC inputs 3 (Automotive, DC jack, PoE-IN)
DC jack input Voltage 9-30 V
Automotive input Voltage 9-30 V

Mobile

Details
2G Category Class12
3G Category R7 (21Mbps Downlinks, 5.76Mbps Uplink)
LTE Category 4 (150Mbps Downlink, 50Mbps Uplink)
LTE FDD bands 1 (2100MHz) / 2 (1900MHz) / 3 (1800MHz) / 7 (2600MHz) / 8 (900 MHz) / 20 (800MHz)
LTE TDD bands 38 (2600MHz) / 40 (2300MHz)

Wireless

Details
Wireless 2.4 GHz number of chains 2
Wireless 2.4 GHz standards 802.11b/g/n
Antenna gain dBi for 2.4 GHz 2
Wireless 2.4 GHz chip model QCA9531

Ethernet

Details
10/100 Ethernet ports 1

Peripherals

Details
Number of SIM slots 1 Modem (Mini SIM)
MiniPCI-e slots 1

Other

Details
PCB temperature monitor Yes
Voltage Monitor Yes

Wireless specifications

2.4 GHzTransmit (dBm)Receive Sensitivity
1MBit/s22-96
11MBit/s22-89
6MBit/s20-93
54MBit/s18-74
MCS020-93
MCS716-71

Included parts

Declaration of conformity (R11e-LTE)Open RouterOS software manualOpen

High resolution images

Ethernet test results

RBwAPR-2nD&R11e-LTEQCA9531 100M one port test
ModeConfiguration1518 byte512 byte64 byte
kppsMbpskppsMbpskppsMbps
Bridgingnone (fast path)8.198.423.596.3173.688.9
Bridging25 bridge filter rules8.198.423.596.370.936.3
Routingnone (fast path)8.198.423.596.3160.882.3
Routing25 simple queues8.198.423.596.390.846.5
Routing25 ip filter rules8.198.423.596.343.222.1
  1. All tests are done with Xena Networks specialized test equipment (XenaBay),and done according to RFC2544 (Xena2544)
  2. Max throughput is determined with 30+ second attempts with 0,1% packet loss tolerance in 64, 512, 1518 byte packet sizes
  3. Values in Italic indicate that max throughput was reached without maxing out CPU, but because board interface configuration was maxed out
  4. Test results show device maximum performance, and are reached using mentioned hardware and software configuration, different configurations most likely will result in lower results

www.mikrotik.com


Смотрите также