Mikrotik - Complete Setup Guide
Posted by , Last modified by Albert Diaz on 13 September 2018 12:12 AM

**Disclaimer: This guide is provided by 3NG as a courtesy to its partners. You are using this guide at your own risk and 3NG is NOT responsible or liable for any issues that may occur from the use of this guide or a Mikrotik device.

While we recommend Mikrotik products because of their reliability and VoIP friendliness, we are NOT Mikrotik distributors or authorized support vendors, nor do we manage or support any Mikrotik devices on anyone’s behalf.

We recommend that you are always up to date with any information related to the products that you sell, install and or support, and signup for any news or product notices that your hardware distributor or manufacture may offer.**


Getting Started

This guide will help you perform a simple but complete configuration on a Mikrotik router.

If using a pre-configured router you should perform a factory reset and upgrade the firmware before starting.

How to Factory Reset a Mikrotik: https://wiki.mikrotik.com/wiki/Manual:Reset 
Download and Upgrade Mikrotik Firmware: https://mikrotik.com/download 


Steps Outlined

The following steps are covered in this guide. If a step or feature is not needed you can skip it. Steps with a (*) are highly recommended.

*Note: After you have setup your Mikrotik router see this guide for instructions on how to configure QoS (Quality of Service)


Instructions

To access the mikrotik, please change your network settings to be able to access 192.168.88.1 which is the default IP address of the Mikrotik.

Once the network settings have been updated, please connect to ETH2 or port 2 to access the LAN connection. Please note that ETH1 or port 1 is for the WAN connection.

With the network settings able to access 192.168.88.1 and your computer or laptop is connected to eth2, please open a web browser and enter in 192.168.88.1 in the address bar.

You will now have the web login screen available. Here will want to download Winbox, which is the tool we will be using to manage the Mikrotik.

  1. From the Mikrotik login webpage, click on Winbox to download the Winbox application.
  2. Once Winbox has been downloaded, open the application and it will find the Mikrotik, if not press Refresh to find the Mikrotik.
  3. The Mikrotik will display the Mikrotik with the MAC Address, IP Address, Identity, Version, and the Board
  4. By default the Login is admin and there is no password. Press Connect to connect to the Mikrotik.

 


 Set Password for Admin Account

  1. Go to System
  2. Go to Users
  3. From the User List, select the admin account by double clicking the account
  4. From the User <admin> window, click on Password
  5. From the Change Password window, enter in the desired password and re-enter to confirm
  6. Click OK from the Change Password window
  7. Click OK from the User <admin> window


Set Identity 

  1. Go to System
  2. Go to Identity
  3. In the Identity window, enter in an identity to identifty the given Mikrotik (i.e.: Cust Name)
  4. Click OK


Set an SSID

  1. Go to Wireless
  2. From the Wireless Tables select wlan1 by double clicking the wlan1 interface
  3. From the Interface <wlan1> window, find SSID and enter in the desired SSID
  4. Click OK


Set a Wireless Key

  1. From the Wireless Tables window, go to the Security Profiles tab
  2. From the list, find the default Security Profile and double clicking the default profile
  3. From the Security Profile <default> window, Change the Mode to "dynamic keys"
  4. From the Authentication Type, select WPA2 PSK by checking the box
  5. In the WPA2 Pre-Shared Key, enter in the desired wireless key (if the key is too short, the WPA2 Pre-Shared Key text will be red. If acceptable, it will be blue)
  6. Click OK

 
Add a static WAN IP

  1. Go to IP
  2. Go to Addresses
  3. From the Address List window, click the blue Plus Sign
  4. From the New Address window, enter in the WAN IP that will be used which is provided by the ISP (i.e.: 12.34.56.78/29)
  5. Select the Interface and set to ether1-gateway
  6. Click Apply
  7. The Network feild will auto populate with the network address
  8. Click OK
  9. Note that the WAN IP now appears on the Address List window



Add a Gateway for WAN IP

  1. Go to IP
  2. Go to Routes
  3. From the Route List window click the blue Plus Sign
  4. From the New Route window, enter in the Gateway that was provided by the ISP (i.e.: 12.34.56.73)
  5. Click OK
  6. Note that the Gateway is now appears on the Route List window (when ETH1 is connected to the WAN connection, the ISP's bridged modem, the status should be reachable)



Add DNS servers

  1. Go to IP
  2. Go to DNS
  3. From the DNS Settings window, enter in the DNS server addresses provided by the ISP; click on the arrows to add a second server address (i.e.: 1.1.1.1, 4.2.2.2)
  4. Press OK


Add Firewall Rule for Winbox

  1. Go to IP
  2. Go to Firewall
  3. From the Firewall window, click the blue Plus Sign
  4. From the New Firewall Rule, do the following:
    1. Select Chain, and set to input
    2. Select Protocol, and set to tcp
    3. Enter in the Dst. Port to 8291
    4. Select the In. Interface, and set to ether1-gateway
  5. Go to the Action tab
  6. Select Action, and set to accept
  7. Click OK
  8. Select the new rule which is now seen on the Filter Rules list
  9. Drap the new rule to the top



Add Firewall Rule for DNS DoS Attack

  1. From the Firewall window, click the blue Plus Sign
  2. From the New Firewall Rule, do the following:
    1. Select Chain, and set to input
    2. Select Protocol, and set to udp
    3. Enter in the Dst. Port to 53
    4. Select the In. Interface, and set to ether1-gateway
  3. Go to the Action tab
  4. Select Action, and set to drop
  5. Click OK
  6. The new rule is now seen on the Filters Rule list



Disable SIP (SIP ALG)

  1. From the Firewall window, click on the Service Ports tab
  2. Select h323 and SIP (use Ctrl to select both)
  3. Hit "d" on your keyboard or click the red "x" to disable, both h323 and sip now appear grayed out which means they are now disabled


Disable IP Services

  1. Go to IP
  2. Go to Services
  3. Select the following Services from the Service List; ftp, ssh, and telnet
  4. Hit "d" on your keyboard or click the red "x" to disable the services selected, they will now appear grayed out which means they have been disabled


Add an Available from Address

  1. From the IP Services List, double click on "www" to edit the service
  2. In the IP Service <www> window, type in the local LAN subnet (i.e.: 192.168.88.0/24)
  3. Click OK
  4. The available from address now appears with the LAN subnet.


Set Clock

  1. Go to System
  2. Go to Clock
  3. From the Time Zone Name drop down menu, select the Time Zone for the device
  4. Click OK


Set SNTP

  1. Go to System
  2. Go to SNTP Client
  3. Check the box for Enable
  4. In the Primary NTP server field enter in: time.nist.gov In the Secondary NTP server field enter in: us.pool.ntp.org
  5. Click Apply.
  6. If DNS was set, the server addresses will be changed to IPs (NTP Server text will be blue, if DNS is not set NTP Server address will be red)
  7. Click OK


Enable Cloud Feature

  1. Go to IP
  2. Go to Cloud
  3. Check the box for Enable
  4. If the Mikrotik is connected to the internet, the Public Address and DNS Name will become populated (use the DNS Name to log in remotely regardless of the IP address)
  5. Click OK

(19 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).