Agus Priyadi and Mafia.Or.ID

blog all about (brains colocations)

Setting UP MikroTik Router HOWTO

Posted by mafiaid on 5 September 2007

Login: (admin is the default)
Password: (none by default)

From any menu you can type:
“?” to show a list of possible commands
“print” will display any configuration from that menu if there is any.
“..” will navigate to a previous menu
“/” will navigate to the root menu
to change from “ip address>” to “ip route>” type “..” then “route”


Set the IP addresses.

ip address> add address=x.x.x.x netmask=x.x.x.x interface=ether1
(to set up the second interface use ether2 for the interface)


Add the default route or gateway.

ip route> add gateway=x.x.x.x

For additional routes:

ip route> add dst-address=x.x.x.x netmask=x.x.x.x gateway=x.x.x.x
(dst-address=”this is the subnet address”)
(netmask=”this is the mask of the dst-address”)
(gateway=”this is the next router to the dst-address”)

Enable the interfaces.

interface> print (this will display the interfaces you have an X will show if it is diasbled or not)
interface> set 0 disable=no (this will enable interface 0, repeet for any interface needed)

Change port speed and duplex of the ethernet ports if needed.

interface ethernet> set ether1 “press TAB for options for ether1”

Configure the DHCP POOL.

ip dhcp-server>setup
dhcp server interface:ether2
dhcp server address space:x.x.x.x/x (this is the subnet for dhcp)
Gateway for DHCP network:x.x.x.x (this is normaly the ip of the mikrotik dhcp server interface)
addresses to give out:x.x.x.x-x.x.x.x (these are the ip’s of handed out with DHCP)
DNS Servers:69.5.139.3,69.5.136.253 (our DNS servers)
Lease time:3d (default of 3 days)

Configure the Hotspot service.

ip hotspot>setup (DO NOT run setup on a router more than once it WILL screw things up)
hotspot interface:ether2
interface already configured:yes
use ssl:no
use transparent web proxy:no
use local DNS cache:no
dns Name:x.x.x.x (please enter the ip of ether2)
another port for service:8081 (this is the port winbox connects on)
name of local hotspot user:admin (admin is the default)
password for the user: (please enter one or provide anyone with a clue free access)

ip hotspot> set auth-http-cookie=yes (tell to hotspot to use cookies)
ip hotspot> set http-cookie-lifetime=3d (how long before the login cookie expires)
ip hotspot> set auth-mac=yes (alows mac address authentication)
ip hotspot> set auth-mac-password=yes (uses mac address for password with the mac login)
ip hotspot> set login-mac-universal=yes
(this allows computers to be logged in without a web browser you must set up universal for this to work)

Configure Walled-garden to allow non-authenticated users access to some of our servers.

ip hotspot walled-garden> add dst-host=faye.ics-llc.net
ip hotspot walled-garden> add dst-host=www.ics-llc.net
ip hotspot walled-garden> add dst-host=secure.ics-llc.net

Setting up universal.

ip hotspot universal> add address-pool=dhcp_pool1 addresses-per-mac=1 arp=no-arp interface=ether2 use-dhcp=yes
(address-pool=’the name of the DHCP pool’)(addesses-per-mac=’number of ips allowed per mac address’)
(arp=’weather or not to respond to ALL arp requests’)(interface=’should be the same as hotspot interface)

Configure the Hotspot service to use radius.

ip hotspot aaa> set use-radius=yes

Configure the firewall to allow an ssl login on our server.

ip firewall mangle> add dst-address=69.5.139.13/32 action=accept mark-flow=hs-auth

Configure DNS Servers.

ip dns> set primary-dns=69.5.139.3 secondary-dns=69.5.136.253

Adding the Radius Server

Radius> add service=login,hotspot, address=x.x.x.x secret=xxxxxxxxx
(service=’login-if you want to use the database for authentication to the console, hotspot for internet users’)
(address=’the ip of your radius server’)
(secret=’this is the radius server passphase’)

!!!!!Remember to allow the Mikrotik access to the Radius Server!!!!!

Changeing the Admin Login password

User> set admin password=xxxxxxxxx

Setting up WatchDog reboot

system watchdog> set reboot-on-failure=yes watch-address=x.x.x.x watchdog-timer=yes ping-start-after-boot=5m

Source : http://www.timmclaughlin.com/mikrotik.html

Blogged with Flock

Tags: ,

12 Responses to “Setting UP MikroTik Router HOWTO”

  1. Steve said

    Tim,

    I found your examples great. However, I have a particular problem wtih my Mikrotik router. My business is setup with an unsecure office downstairs but sharing on our network and I want to setup a separate network for my company upstairs. As a result I need to double NAT the router with the downstairs and upstairs.

    I want to set them up on 2 separate networks. The first network is downstairs, 192.168.2.0/24 with a gateway of 192.168.2.1. The network I want to setup upstairs is 10.10.10.0/24 with a gateway of 10.10.10.1/24 with firewall protection, DHCP on ether2 interface enabled and NAT to 10.10.10.0/24. I do not know how to setup default routes necessary to begin internet access. I also need to setup static routes with a PPPoe connection. I have been having trouble. Do you have any suggestions on how to setup this issue.

    I look forward to hearing from you shortly.

    Thank you.

    Regards,

    Steve
    stevehk@snet.net

  2. Amazing, I did not heard about that till now. Thankz!

  3. […] https://mafiaid.wordpress.com/2007/09/05/setting-up-mikrotik-router-howto/ No tags […]

  4. list proxy free update,list socks 4, list socks5, traffic exchange…

    […]Setting UP MikroTik Router HOWTO « Agus Priyadi and Mafia.Or.ID[…]…

  5. Mitra Prima Infracom…

    […]Setting UP MikroTik Router HOWTO « Agus Priyadi and Mafia.Or.ID[…]…

  6. Proxy Blog said

    Proxy Blog…

    […]Setting UP MikroTik Router HOWTO « Agus Priyadi and Mafia.Or.ID[…]…

  7. emmy smith said

    pls sir, am new to mikrotik configuration. am running a hotspot internet access, and i need an alert to tell users there time out left time. how can i do that. thank u sir emmy

  8. It seems you understand a lot related to this topic and this exhibits
    as a result of this particular blog, named “Setting UP MikroTik Router
    HOWTO Agus Priyadi and Mafia.Or.ID”. Thx -Dane

  9. He also made many wonder whether or not they think Butler is a good enough secondary
    star to pair with Yao. Oftentimes referred to as
    a selfish player, Westbrook led Team USA with nine
    assists from the bench. Durant had played a pro game without Westbrook, who hit a thunderous dunk to
    put the Nets right back ahead and start the clinching run.
    The Oklahoma City Thunder star michael kors handbags outlet but also Oklahoma City
    itself.

  10. I’ve been exploring for a little for any high-quality articles or weblog posts in this sort of space . Exploring in Yahoo I at last stumbled upon this website. Reading this information So i’m
    glad to express that I have an incredibly good uncanny feeling I came upon just what
    I needed. I so much surely will make certain to don?t omit this website and give it a
    glance on a relentless basis.

  11. kopi luwak said

    Greate article. Keep posting such kind of
    information on your page. Im really impressed by your site.

    Hey there, You’ve performed an incredible job. I will definitely
    digg it and for my part recommend to my friends. I’m confident they will be
    benefited from this website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: