488 private links
band (2ghz-b | 2ghz-b/g | 2ghz-b/g/n | 2ghz-onlyg | 2ghz-onlyn | 5ghz-a | 5ghz-a/n | 5ghz-onlyn | 5ghz-a/n/ac | 5ghz-onlyac | 5ghz-n/ac; Default: ) Defines set of used data rates, channel frequencies and widths.
channel-width (20/40/80/160mhz-Ceeeeeee | 20/40/80/160mhz-XXXXXXXX | 20/40/80/160mhz-eCeeeeee | 20/40/80/160mhz-eeCeeeee | 20/40/80/160mhz-eeeCeeee | 20/40/80/160mhz-eeeeCeee | 20/40/80/160mhz-eeeeeCee | 20/40/80/160mhz-eeeeeeCe | 20/40/80/160mhz-eeeeeeeC | 20/40/80mhz-Ceee | 20/40/80mhz-eCee | 20/40/80mhz-eeCe | 20/40/80mhz-eeeC | 20/40/80mhz-XXXX | 20/40mhz-Ce | 20/40mhz-eC | 20/40mhz-XX | 40mhz-turbo | 20mhz | 10mhz | 5mhz; Default: 20mhz) Use of extension channels (e.g. Ce, eC etc) allows additional 20MHz extension channels and if it should be located below or above the control (main) channel. Extension channel allows 802.11n devices to use up to 40MHz (802.11ac up to 160MHz) of spectrum in total thus increasing max throughput. Channel widths with XX and XXXX extensions automatically scan for a less crowded control channel frequency based on the number of concurrent devices running in every frequency and chooses the “C” - Control channel frequency automatically.
First create an interface list for all user/customer interfaces: //
Last, apply the bridge filter to the forward train to catch traffic moving through the bridge.
#this filter rule will block DHCP servers
/interface bridge filter
add action=drop chain=forward in-interface-list=customers ip-protocol=udp mac-protocol=ip src-port=67If the device has a default or existing configuration that requires replacement, it is necessary to initiate a configuration reset.
This involves applying a clean, empty configuration using the command /system/reset-configuration no-defaults=yes, followed by a device reboot. //
For example, load saved configuration file
[admin@MikroTik] > import address.rsc
Opening script file address.rsc
Script file loaded and executed successfully
[admin@MikroTik] >- verbose Reads each line from the file and executes individually, allowing to debug syntax or other errors more easily.
- dry-run Simulates the import without making any configuration changes. This helps in catching syntax errors. This option is only available in verbose mode.
RouterOS allows resetting configuration with /system reset-configuration command //
The backup file of the existing configuration is stored before reset. That way you can easily restore any previous configuration if the reset is done by mistake.
If the router was installed using Netinstall and had a script specified as the initial configuration, the reset command executes this script after purging the configuration. To stop it from doing so, you will have to reinstall the router.
It is possible to override the default reset behavior with the parameters below:
- keep-users Do not remove existing users from the configuration
- no-defaults Do not load the default configuration, just clear the configuration
Depending on the router model, different Quickset modes might be available from the Quickset dropdown menu:
- CAP: Controlled Access Point, an AP device, that will be managed by a centralized CAPsMAN server. Only use if you have already set up a CAPsMAN server.
- CPE: Client device, which will connect to an Access Point (AP) device. Provides option to scan for AP devices in your area.
- HomeAP: The default Access Point config page for most home users. Provides fewer options and simplified terminology.
- HomeAP dual: Dual band devices (2GHz/5GHz). The default Access Point config page for most home users. Provides fewer options and simplified terminology.
- Home Mesh: Made for making bigger WiFi networks. Enables the CAPsMAN server in the router, and places the local WiFi interfaces under CAPsMAN control. Just boot other MikroTik WiFi APs with the reset button pressed, and they will join this HomeMesh network (see their Quick guide for details)
- PTP Bridge AP: When you need to transparently interconnect two remote locations together in the same network, set one device to this mode, and the other device to the next (PTP Bridge CPE) mode.
- PTP Bridge CPE: When you need to transparently interconnect two remote locations together in the same network, set one device to this mode, and the other device to the previous (PTP Bridge AP) mode.
- WISP AP: Similar to the HomeAP mode, but provides more advanced options and uses industry standard terminology, like SSID and WPA.
This week there was an unfortunate outage on the mynetname.net Dynamic Domain Name Service (DDNS) that MikroTik hosts for free to their customers. Many MikroTik users all over the world rely on this service for remote access to their MikroTik infrastructure. Official documentation is here: https://wiki.mikrotik.com/wiki/Manual:IP/Cloud#DDNS
I thought it would be useful to share what I learned about how RemoteWinBox solves this problem for its customers, so that you too can can roll your own remote access to your MikroTiks!
All MikroTik devices come with some kind of default configuration. There are several different configurations depending on board type:
CPE Router;
LTE CPE AP router;
AP Router (single or dual-band);
PTP Bridge, W60G Bridge (AP or CPE);
WISP Bridge (AP in ap_bridge mode);
Switch;
IP Only;
CAP.
You can run the command /system default-configuration print to see the exact applied default configuration commands.
RouterBOOT can be upgraded from RouterOS by:
Run command
system/routerboard/upgrade
Do you really want to upgrade firmware? [y/n]
system rebootEvery ROS version has a new RouterBoot version included in it, once you perform a ROS upgrade we always recommend upgrading RouterBoot also.
RouterOS allows exporting and importing parts of the configuration in plain text format. This method can be used to copy bits of configuration between different devices, for example, clone the whole firewall from one router to another.
An export command can be executed from each menu (resulting in configuration export only from this specific menu and all its sub-menus) or from the root menu for complete config export and is available for CLI only. //
compact Output only modified configuration, the default behavior
file Export configuration to a specified file. When the file is not specified export output will be printed to the terminal
show-sensitive (yes|no; Default: no). RouterOS version 7 only Show sensitive information, like passwords, keys, etc.
terse With this parameter, the export command will output only configuration parameters, without defaults.
verbose With this parameter, the export command will output whole configuration parameters and items including defaults. //
If the device has a default or existing configuration that requires replacement, it is necessary to initiate a configuration reset.
This involves applying a clean, empty configuration using the command /system/reset-configuration no-defaults=yes, followed by a device reboot.
I have had the same problem with couple of Disc lite5.
After setting device as ap-bridge, it becomes invisible to winbox and ping.
Station side, I could connect to bridge-ap only by MAC.
AP side wise, ap-bridge was completely invisible.
Comparing setups I have found that interface list of station-bridge is fine but interface list of bridge-ap misses "bridge".
Add mannualy "bridge" and set as LAN.
After that, ap-bridge is fully available from both sides by IP or MAC.
o redirect specific requests to a specific address on the internal network, use dst-nat, follow the steps below:
how easy it is to set up an IP tunnel between two locations. This will allow you to access files on a server and share printers between two locations, no matter how far apart. In addition, it enhances data security by encrypting packets as they travel through the tunnel. To accomplish this task, you will need two Mikrotik routers, one at each location, and two public IP addresses.
While having a rugged router at the core of your network is highly recommended, the security settings required to keep the network behind it fully secured can never be over emphasized. In this post, we will look at 9 settings required on a Mikrotik router to keep the network secured.
We can redirect dns requests on Mikrotik to the IP address on the LAN interface of the Mikrotik router, assuming we want the Mikrotik router to serve as the dns server for all connected LAN users, or to the IP address of a locally hosted dns server. There are many reasons for doing this; top most on the list is security.
A. Force Redirect to OPENDNS (without PI hole)
/ip dns
set allow-remote-requests=yes servers=208.67.222.222,208.67.220.220
/ip nat
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=tcp
add action=redirect chain=dstnat dst-port=53 in-interface-list=LAN protocol=udp
B. Force OPEN DNS (via PI hole)
/ip firewall nat
add chain=dstnat in-interface-list=LAN protocol=tcp dst-port=53 action=dst-nat to-addresses=10.0.0.31 to-ports=53
add chain=dstnat in-interface-list=LAN protocol=udp dst-port=53 action=dst-nat to-addresses=10.0.0.31 to-ports=53
add chain=srcnat src-address=10.0.0.0/24 dst-address=10.0.0.0/24 action=masquerade