You are on page 1of 63

Mikrotik Manual

Basic

PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information. PDF generated at: Mon, 25 Nov 2013 11:56:30 UTC

Contents
Articles
Manual:First time startup Manual:Initial Configuration Manual:Console login process Manual:Troubleshooting tools Manual:Support Output File Manual:RouterOS features Manual:RouterOS FAQ Manual:Connection oriented communication (TCP/IP) 1 5 28 33 43 45 48 54

References
Article Sources and Contributors Image Sources, Licenses and Contributors 60 61

Manual:First time startup

1

Manual:First time startup
Applies to RouterOS: 2.9, v3, v4

Overview
After you have installed the RouterOS software, or turned on the Router for the first time, there are various ways how to connect to it: € Accessing Command Line Interface (CLI) via Telnet, ssh, serial cable or even keyboard and monitor if router has VGA card. € Accessing Web based GUI (WebFig) € Using WinBox configuration utility Every router is factory pre-configured with IP address 192.168.88.1/24 on ether1 port. Default username is admin with empty password. Additional configuration may be set depending on RouterBoard model. For example, RB750 ether1 is configured as WAN port and any communication with the router through that port is not possible. List of RouterBOARD models and their default configurations can be found in this article.

Winbox
Winbox is configuration utility that can connect to the router via MAC or IP protocol. Latest winbox version can be downloaded from our demo router [1]. Run Winbox utility, then click the [...] button and see if Winbox finds your Router and it's MAC address. Winbox neighbor discovery will discover all routers on the broadcast network. If you see routers on the list, connect to it by clicking on MAC address and pressing Connect button.

Winbox will try download plugins from the router, if it is connecting for the first time to the router with current version. Note that it may take about one minute to download all plugins if winbox is connected with MAC protocol. This method works with any device that runs RouterOS. Your PC needs to have MTU 1500

it is possible to connect to the router even without IP address configuration. Due to the use of broadcasting MAC connection is not stable enough to use continuously. therefore it is not wise to use it on a real production / live network!. As MAC connection works on Layer2. main window will be displayed: 2 If winbox cannot find any routers.Manual:First time startup After winbox have successfully downloaded plugins and authenticated. . or at least they both are connected to the same switch. make sure that your Windows computer is directly connected to the router with an Ethernet cable. MAC connection should be used only for initial configuration. Follow winbox manual for more information.

then IP address of the router can be used to connect to the Web interface. There are several ways how to access CLI: € € € € winbox terminal telnet ssh serial cable etc. Please see following articles to learn more about web interface configuration: € Initial Configuration with WebFig € General WebFig Manual CLI Command Line Interface (CLI) allows configuration of the router's settings using text commands. they are split into groups organized in a way of hierarchical menu levels. Follow console manual for CLI syntax and commands. WebFig has almost the same configuration functionality as Winbox. . Since there is a lot of available commands.Manual:First time startup 3 WebFig If you have router with default configuration.

1 stop bit.mikrotik. so use Method 1 or 2) and see what happens on the screen.15 MikroTik Login: MMM MMM MMMM MMMM MMM MMMM MMM MMM MM MMM MMM MMM MMM MMM KKK KKK KKK KKK KKKKK KKK KKK KKK KKK TTTTTTTTTTT TTTTTTTTTTT OOOOOO TTT OOO OOO TTT OOO OOO TTT OOOOOO TTT KKK KKK KKK KKK KKKKK KKK KKK KKK KKK III III III III RRRRRR RRR RRR RRRRRR RRR RRR III III III III MikroTik RouterOS 4. 1 stop bit. you can use a console cable (or Null modem cable) Plug one end of the serial cable into the console port (also known as a serial port or DB9 RS232C asynchronous serial port) of the RouterBOARD and the other end in your PC (which hopefully runs Windows or Linux). You should see a login promt like this: MikroTik v3. or Putty on Windows) with the following parameters for All RouterBOARD models except 230: 115200bit/s. Now you can access router by entering username and password: MikroTik 4. hardware (RTS/CTS) flow control by default.16 Login: Enter admin as the login name. no parity. Monitor and Keyboard If your device has a graphics card (ie. flow control=none by default. 8 data bits.Manual:First time startup 4 Serial Cable If your device has a Serial port. you will see this screen: MMM MMM MMMM MMMM MMM MMMM MMM MMM MM MMM MMM MMM MMM MMM KKK KKK KKK KKK KKKKK KKK KKK KKK KKK TTTTTTTTTTT TTTTTTTTTTT OOOOOO TTT OOO OOO TTT OOO OOO TTT OOOOOO TTT KKK KKK KKK KKK KKKKK KKK KKK KKK KKK III III III III RRRRRR RRR RRR RRRRRR RRR RRR III III III III MikroTik RouterOS 3. 8 data bits. mikrotik. regular PC) simply attach a monitor to the video card connector of the computer (note: RouterBOARD products don't have this. Run a terminal program (HyperTerminal. RouterBOARD 230 parameters are: 9600bit/s. If parameters are set correctly you should be able to see login prompt.16 (c) 2008 http:/ / www.com/ [admin@MikroTik] > Detailed description of CLI login is in login process section.15 (c) 1999-2010 http://www. no parity. You can also use a USB-Serial adapter. com/ . and hit enter twice (because there is no password yet).

lv/ winbox/ winbox. To connect to the router you have to set your computer to accept DHCP settings and plug in the ethernet cable in one of the LAN ports (please check routerboard.Manual:First time startup 5 Terminal ansi detected.com for port numbering of the product you own.88. Click on WebFig from the list. . This method works with any device that has a video card and keyboard connector [ Top | Back to Content ] References [1] http:/ / demo2.1 in your browser. The best way to connect wires as described on the box: € Connect ethernet wire from your internet service provider (ISP) to port ether1. mt. Logging into the router To access the router enter address 192. exe Manual:Initial Configuration Summary Congratulations. This guide will help you to do initial configuration of the router to make your home network a safe place to be. Configuring router Initial configuration has DHCP client on WAN interface (ether1). Main RouterOS page will be shown as in the screen shot below. € Connect LAN wires to the rest of the ports. you have got hold of MikroTik router for your home network. rest of the ports are considered your local network with DHCP server configured for automatic address configuration on client devices. At this moment. your router is protected by default firewall configuration so you should not worry about that. Connecting wires Router's initial configuration should be suitable for most of the cases. using single line input mode [admin@router] > Now you can start configuring the router. Description of the configuration is on the back of the box and also described in the online manual. The guide is mostly intended in case if default configuration did not get you to the internet right away. however some parts of the guide is still useful. by issuing the setup command. rest of the ports on the router are for local area network (LAN). or check front panel of the router).168.

Default login name is admin and blank password (leave empty field as it is already). edit screen for the user will be displayed. In this screen you can edit or add new users: € When you click on account name (in this case admin). User configuration is done form System -> Users menu. Router user accounts It is good idea to start with password setup or add new user so that router is not accessible by anyone on your network. To access this menu. where you can manage users of the router. click on System on the left panel and from the dropdown menu choose Users (as shown in screenshot on the left) You will see this screen. . € If you click on Add new button. new user creation screen will be displayed.Manual:Initial Configuration 6 You will be prompted for login and password to access configuration interface.

. will open password screen. where old password for the user can be changed or added new one (see screenshot below). is the user name. It will bring you back to initial screen of user management. field 1. Field marked with 2. After editing user's data click OK (to accept changes) or Cancel. In user edit/Add new screen you can alter existing user or create new.Manual:Initial Configuration 7 Both screens are similar as illustrated in screenshot below.

means your ISP is not providing you with automatic configuration and you can use button in selection 2.Manual:Initial Configuration 8 Configure access to internet If initial configuration did not work (your ISP is not providing DHCP server for automatic configuration) then you will have to have details from your ISP for static configuration of the router. if it is in state as displayed in screenshot. Open 'IP -> DHCP Client' and inspect field 1. to remove DHCP-Client configured on the interface. to see status of DHCP Client. . It has to be disabled if your ISP is not providing this service in the network. These settings should include € IP address you can use € Network mask for the IP address € Default gateway address Less important settings regarding router configuration: € DNS address for name resolution € NTP server address for time automatic configuration € Your previous MAC address of the interface facing ISP DHCP Client Default configuration is set up using DHCP-Client on interface facing your ISP or wide area network (WAN).

88.Manual:Initial Configuration Static IP Address To manage IP addresses of the router open 'IP -> Address' 9 You will have one address here .88. Examples: 172.1 one you are connected to router. You have to fill only fields that are marked. should contain IP address provided by your ISP and network mask'.67/24 . Field 1. Select Add new to add new static IP address to your router's configuration.168.16.address of your local area network (LAN) 192.

webfig will calculate if address you have typed is acceptable. you have to set up network masquerade. so that your LAN is hidden behind IP address provided by your ISP. In screenshot correct rule is visible. Essential fields for masquerade to work: € € € € enabled is checked.ether1 Note: While you type in the address. action should be set to masquerade. since your ISP does not know what LAN addresses you are going to use and your LAN will not be routed from global network. To check if you have the source NAT open 'IP -> Firewall -> tab NAT' and check if item highlighted (or similar) is in your configuration. note that irrelevant fields that should not have any value set here are hidden (and can be ignored) . This should be interface your ISP is connected to. but that is not required Configuring network address translation (NAT) Since you are using local and global networks. chain . That should be so. if you followed this guide . otherwise it will be blue 10 Note: It is good practice to add comments on the items to give some additional information for the future. if it is not label of the field will turn red. if your ISP gave you address in one notation.interface contains name . use one provided and router will do the rest of calculation. Other field of interest is interface this address is going to be assigned.should be srcnat. out-interface is set to interface connected to your ISP network. Following this guide ether1. or in the other.Manual:Initial Configuration both of these notations mean the same.

Manual:Initial Configuration 11 Default gateway under 'IP -> Routes' menu you have to add routing rule called default route. And select Add new to add new route. In screen presented you will see the following screen: .

when you have pressed the + button and enter gateway into the field displayed. At this moment. you should be able to reach any globally available host on the Internet using IP address. To check weather addition of default gateway was successful use Tools -> Ping . you can press OK button to finish creation of the default route. This should look like this. or simply gateway given by your ISP. After this.Manual:Initial Configuration 12 here you will have to press button with + near red Gateway label and enter in the field default gateway.

so that DNS addresses are given out by DHCP-Server that you are already using. first Open 'IP ->DNS': 13 Then select Settings to set up DNS cacher on the router.Manual:Initial Configuration Domain name resolution To be able to open web pages or access Internet hosts by domain name DNS should be configured. and check Allow Remote Requests marked with 2. This can be done in 'IP -> DNS ->Settings'. either on your router or your computer. in image below. In scope of this guide. section 1. You have to add field to enter DNS IP address. i will present only option of router configuration. .

that will allow to enter NTP server IP addresses in third area. go to 'System -> SNTP' where you have to enable it. . so you can use global or ISP provided NTP servers. change mode from broadcast to unicast. other way it will be marked red. SNTP Client RouterBOARD routers do not keep time between restarts or power failuers. first mark.Manual:Initial Configuration 14 The result of pressing + twice will result in 2 fields for DNS IP addresses: Note: Filling acceptable value in the field will turn field label blue. To have correct time on the router set up SNTP client if you require that. To do that.

€ There is appropriate security profile created and selected in interface settings. in other words. if ethernet port is set as slave to another port go to 'Interface' menu and open Ethernet interface details. router you have has level 4 or higher license level). € Wireless interface mode is set to ap-bridge (in case. They can be distinguished by Type column displaying Ethernet. so that your wired hosts will be in same ethernet broadcast domain as wireless clients. To make this happen several things has to be checked: € Ethernet interfaces designated for LAN are swtiched or bridged. Use Safe Mode so in case of disconnection made changes are reverted back to what they where before you entered safe mode To check if ethernet port is switched. Check Ethernet interface state Warning: Changing settings may affect connectivity to your router and you can be disconnected from the router. then mode has to be set to bridge and only one client (station) will be able to connect to the router using wireless network.Manual:Initial Configuration 15 Setting up Wireless For ease of use bridged wireless setup will be used. if not. . or they are separate ports. € If bridge interface exists.

set on ether3 to ether5 attribute Master Port to ether2. Available settings for the attribute are none.means that Ethernet interface is used as port in bridge. ether3. Check if all intended LAN Ethernet ports are set as slave ports of the rest of one of the LAN ports. or one of Ethernet interface names. you have to remove them from bridge to enable hardware packet switching between Ethernet ports. ether4 and ether5 are intended as LAN ports. look up Master Port setting. that mean. . For example. if ether2. that interface is set as slave port. In case this operation fails . Usually RouterBOARD routers will come with ether1 as intended WAN port and rest of ports will be set as slave ports of ether2 for LAN use. To do this. ether3 to ether5) from the tab.Manual:Initial Configuration 16 When interface details are opened. go to Bridge -> Ports and remove slave ports (in example. If name is set.

Options that has to be set are highlighted with read and recommended options are outlined by red boxes and pre-set to recommended values. € Using highlighted path in screenshot edit default profile that is already assigned to wireless interface. when sufficient length is reached it will turn blue. intended configuration requires it there. editing it is quite similar.shared key should be entered with sufficient length. . so no malicious acts can be performed by 3rd parties using your wireless access-point. If key length is too short field label will indicate that by turning red.shared key and WPA2 Pre. WPA and WPA2 is used since there are still legacy equipment around (Laptops with Windows XP. In This example i will create new security profile.Manual:Initial Configuration 17 Note: If master port is present as bridge port. that is fine. same applies to wireless interface (wlan) Security profile It is important to protect your wireless network. To edit or create new security profile head to 'Wireless -> tab 'Security Prodiles' and choose one of two options: € Using Add new create new profile. that do not support WPA2 etc.) WPA Pre.

however it is possible. Consider these safe. . so they can be successfully entered into device configuration that are going to connect to wireless access-point Wireless settings Adjusting wireless settings. that these has to be adjusted slightly. That can be done here: In General section adjust settings to settings as shown in screenshot.Manual:Initial Configuration 18 Note: WPA and WPA2 pre-shared keys should be different Note: When configuring this. you can deselect Hide passwords in page header to see the actual values of the fields.

11b. Set SSID . 802. setting band to 2GHz-b/g/n will enable clients with 802. as result.11n to connect to the access point Adjust channel width to enable faster data rates for 802. It is good practice to enable all chains that are available . 20/40MHz HT Above or 20/40 MHz HT Below can be used. if that is not possible (license resctrictions) set to bridge. so one client will be able to connect to device. It will be visible when you scan for networks using your WiFi equipment. In example channel 6 is used.4GHz modes in mind. Choose either of them.the name of the access point.11n clients.11g and 802. 19 In section HT set change HT transmit and receive chains.Manual:Initial Configuration Interface mode has to be set to ap-bridge. WiFI devices usually are designed with 2.

Manual:Initial Configuration When settings are set accordingly it is time to enable our protected wireless access-point 20 Bridge LAN with Wireless Open Bridge menu and check if there are any bridge interface available first mark. When bridge interface is availbe continue to Ports tab where master LAN interface and WiFI interface have to be added. select Add New marked with second mark and in the screen that opens just accept the default settings and create interface. If there is not. . choose Add New to add new ports to created bridge interfaces. If there are no ports added. First marked area is where interfaces that are added as ports to bridge interface are visible.

select that it is enabled (part of active configuration). select correct bridge interface.Manual:Initial Configuration When new bridge port is added.there should be only 1 interface. And select correct port .LAN interface master port and WiFi port 21 Finished look of bridge configured with all ports required . following this guide .

€ type in password and re-type it to know it is one you intend to set . Change password for existing user If you have full privileges on the router. first section. It can require more understanding of networking. with correct address and network mask and network field with correct network. To correct that problem it is required to change address field. wireless networks in general. General Check IP address Adding IP address with wrong network mask will result in wrong network setting. so it is going to be recalculated again Change password for current user To change password of the current user. That can be done under System -> Users menu. There is other place where this can be done in case you have full privileges on the router.Manual:Initial Configuration 22 Troubleshooting & Advanced configuration This section is here to make some deviations from configuration described in the guide itself. Steps are: € Select user. safe place to go is System -> Password Where all the fields has to be filled. or unset it. it is possible to change password for any user without knowledge of current one.

Channel # Frequency Below Above 1 2 3 4 5 6 7 8 9 10 11 2412 MHz 2417 MHz 2422 MHz 2427 MHz 2432 MHz 2437 MHz 2442 MHz 2447 MHz 2452 MHz 2457 MHz 2462 MHz no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes no 23 . since there are no 20MHz channels available below set frequency.New Terminal from the left side menu. there are certain things to check: € If masquerade is configured properly. If new window is not opening check your browser if it is allowing to open popup windows for this place. using channel 1 or 2412MHz frequency setting 20/40MHz HT below will not yield any results. Respectively. Channel frequencies and width It is possible to choose different frequency. here are frequencies that can be used and channel width settings to use 40MHz HT channel (for 802. Fill in Ping To field and press start to initiate sending of ICMP packets. second . Change of mac address is available only from CLI . Checking link There are certain things that are required for Ethernet link to work: € Link activity lights are on when Ethernet wire is plugged into the port € Correct IP address is set on the interface € Correct route is set on the router What to look for using ping tool: € If all packets are replied.check configuration if you are not missing any part of configuration. € If setting MAC address of previous device on WAN interface changes anything € ISP has some captive portal in place. For example.11n). Wireless Wireless unnamed features in the guide that are good to know about. there are several ways how to solve the issue. € If all packets have approximately same round trip time (RTT) on non-congested Ethernet link It is located here: Tool -> Ping menu.set MAC address. one . There you will have to write following command by replacing MAC address to correct one: /interface ethernet set ether1 mac-address=XX:XX:XX:XX:XX:XX Or contact your ISP for details and inform that you have changed device.Manual:Initial Configuration No access to the Internet or ISP network If you have followed this guide to the letter but even then you can only communicate with your local hosts only and every attempt to connect to Internet fails. Configuration adjustments.

Manual:Initial Configuration 24 12 13 2467 MHz 2472 MHz yes yes no no Warning: You should check how many and what frequencies you have in your regulatory domain before. € Wait for some time as scan results are displayed.. If there are 10 or 11 channels adjust settings accordingly.. Do that for minute or two. With only 10 channels. Usage. channel #10 will have no sense of setting 20/40MHz HT above since no full 20MHz channel is available Wireless frequency usage If wireless is not performing very well even when data rates are reported as being good. To make sure follow these steps: € Open frequency usage monitoring tool Freq. . there might be that your neighbours are using same wireless channel as you are. that is located in wireless interface details. Smaller numbers in Usage column means that channel is less crowded.

To do that do the following: € Go to wireless menu and select Advanced mode. if selected country would be Latvia.Manual:Initial Configuration 25 Note: Monitoring is performed on default channels for Country selected in configuration. € Look up Country attribute and from drop-down menu select country . For example. there would have been 13 frequencies listed as at that country have 13 channels allowed. It is good practice to change this (if available) to change country you are in. Change Country settings By default country attribute in wireless settings is set to no_country_set.

that is done from /ip firewall nat menu. This also has to be used when service you are using does not support dynamic configuration. Static configuration A lot of users prefer to configure these rules statically.22 to-ports=86 . then to-ports can be left unset. remote service is 22 and local is also 22. Port forwarding To make services on local servers/hosts available to general public it is possible to forward ports from outside to inside your NATed network. Following rule will forward all connections to port 22 on the router external ip address to port 86 on your local host with set IP address: if you require other services to be accessible you can change protocol as required.16.168.Manual:Initial Configuration 26 Note: Advanced mode is toggle button that changes from Simple to Advanced mode and back.67 protocol=tcp dst-port=22 \ action=dst-nat to-address=192. eg. Comparable command line command: /ip firewall nat add chain=dstnat dst-address=172. to make possible for remote helpdesk to connect to your desktop and guide you. For example.88.88. but usually services are running TCP and dst-port. to have more control over what service is reachable from outside and what is not. If change of port is not required. make your local file cache available for you when not at location etc.

Set up Web Proxy for page filtering From IP -> Web Proxy menu Access tab open Web Proxy Settings and make sure that these attributes are set follows: Enabled -> checked Port -> 8080 Max. Set up Access rules This list will contain all the rules that are required to limit access to sites on the Internet. /ip upnp interface add interface=ether1 type=external /ip upnp interface add interface=ether2 type=internal € Enable service itself /ip upnp set allow-disable-external-interface=no show-dummy-rule=no enabled=yes Limiting access to web pages Using IP -> Web Proxy it is possible to limit access to unwanted web pages.com will be unaccessible. Host -> .* Action -> Deny With this rule any host that has example. . This requires some understanding of use of WebFig interface. your host running the service and your data Configuring uPnP service on the router: € Set up what interfaces should be considered external and what internal. Cache Size -> none Cache on disk -> unchecked Parent proxy -> unset When required alterations are done applysettings to return to Access tab. Warning: Services you are not aware of can request port forwarding.*example\.com do the following when adding new entry: Dst. To add sample rule to deny access to any host that contain example.com. That can compromise security of your local network.Manual:Initial Configuration 27 Note: Screenshot contain only minimal set of settings are left visible Dynamic configuration uPnP is used to enable dynamic port forwarding configuration where service you are running can request router using uPnP to forward some ports for it.

v4 Description There are different ways to log into console: € € € € € € serial port console (screen and keyboard) telnet ssh mac-telnet winbox terminal Input and validation of user name and password is done by login process. that matches everything with Action set to Deny. TAB key to automatically complete words in the command you are typing. At the end of successful login sequence login process prints banner and hands over control to the console process. so Control-C followed by Control-D will log you out in most cases). After that you can start writing commands. Use up arrow to recall previous commands from command history.9. and Control-C to interrupt currently running command and return to prompt. Console process displays system note. Easiest way to log out of console is to press Control-D at the command prompt while command line is empty (You can cancel current command and get an empty line with Control-C. demo version upgrade reminder. default configuration). auto-detects terminal size and capabilities and then displays command prompt]. Login process can also show different informative screens (license. software key information. v3. ENTER key to execute command. . [ Top | Back to Content ] 28 Manual:Console login process Applies to RouterOS: 2.Manual:Initial Configuration Limitation strategies There are two main approaches to this problem € deny only pages you know you want to deny (A) € allow only certain pages and deny everything else (B) For approach A each site that has to be denied is added with Action set to Deny For approach B each site that has to be allowed should be added with Action set to Allow and in the end is rule. last critical log entries.

will disable console colors and set terminal width to 80. If number is not present then implicit value of parameter is used. See also: branding.'9' [ number ] If parameter is not present.14 it is possible to specify console options during login process. login_name ::= user_name [ '+' parameters ] parameters ::= parameter [ parameters ] parameter ::= [ number ] 'a'.Manual:Console login process 29 Console login options Starting from v3.'z' number ::= '0'... example: admin+c80w . These options enables or disables various console features like color. terminal detection and many other. MMM MMM MMMM MMMM MMM MMMM MMM MMM MM MMM MMM MMM MMM MMM KKK KKK KKK KKK KKKKK KKK KKK KKK KKK TTTTTTTTTTT TTTTTTTTTTT OOOOOO TTT OOO OOO TTT OOO OOO TTT OOOOOO TTT KKK KKK KKK KKK KKKKK KKK KKK KKK KKK III III III III RRRRRR RRR RRR RRRRRR RRR RRR III III III III MikroTik RouterOS 3. Param Default Implicit "w" "h" "c" "t" "e" auto auto on on on auto auto off off off Description Set terminal width Set terminal height disable/enable console colors Do auto detection of terminal capabilities Enables "dumb" terminal mode Different information shown by login process Banner Login process will display MikroTik banner after validating user name and password. Additional login parameters can be appended to login name after '+' sign. then default value is used.com/ Actual banner can be different from the one shown here if it is replaced by distributor. .mikrotik.0rc (c) 1999-2007 http://www.

Router will automatically reboot in a day. following information is shown after login: ROUTER HAS NEW SOFTWARE KEY ---------------------------Your router has a valid key. register your license "software ID" on our account server www.one year feature support . Demo version upgrade reminder After logging into router that has demo key. Pressing SPACE will skip this step and the same question will be asked after next login.one year online upgrades (avoid re-installation and re-configuring your router) To upgrade. .mikrotik. Current installation "software ID": ABCD-456 Please press "Enter" to continue! After entering valid software key. After logging in following information is shown: ROUTER HAS NO SOFTWARE KEY ---------------------------You have 16h58m to configure the router to be remotely accessible.com Current installation "software ID": ABCD-456 Please press "Enter" to continue! Software key information If router does not have software key.receive technical support . it is running in the time limited trial mode.mikrotik.Manual:Console login process 30 License After logging in for the first time after installation you are asked to read software licenses. === Automatic configuration === Usually after [[netinstall|installation]] or configuration [[reset]] RouterOS will apply [[default settings]]. First login into will show summary of these settings and offer to undo them. See www. and to enter the key by pasting it in a Telnet window or in Winbox. Do you want to see the software license? [Y/n]: Answer y to read licenses. but it will become active only after reboot. following remonder is shown: UPGRADE NOW FOR FULL SUPPORT ---------------------------FULL SUPPORT benefits: .com/key for more details. such as an IP address. n if you do not wish to read licenses (question will not be shown again).

or you can view them later with '/system default-configuration print' command. .Default command prompt. During console session these messages are printed on screen.Prompt indicates that console session is in Safe Mode. it shows word SAFE in the command prompt.1 via telnet dec/10/2007 10:40:07 system.While entering multiple line command continuation prompt shows open parentheses.While editing multiple line command prompt shows current line number and line count. you will be disconnected. If you are connected using the above IP and you remove it.0.0. and current command path. € line 2 of 3> .0.1/24 is on ether1 ether1 is enabled 31 ------------------------------------------------------------------------------You can type "v" to see the exact commands that are used to add and remove this default configuration. .Manual:Console login process This is an example: <pre> The following default configuration has been installed on your router: ------------------------------------------------------------------------------IP address 192.Command requests additional input. followed by current command path (if it is not '/'). followed by space.1 via telnet dec/10/2007 10:40:09 system.error.88. Different information shown by console process after logging in System Note It is possible to always display some fixed text message after logging into console.0. Prompt shows name of requested value.error.error.168.critical login failure for user test from 10. See log for more details on configuration.critical login failure for user root from 10. dec/10/2007 10:40:06 system.. € [admin@MikroTik] /interface<SAFE> .0. Console can show different prompts depending on enabled modes and data that is being edited.critical login failure for user root from 10. shows user name. Critical log messages Console will display last critical error messages that this user has not seen yet. system identity.1 via telnet Prompt € [admin@MikroTik] /interface> . [admin@MikroTik] /interface<SAFE> Hotlock mode is indicated by an additional yellow '>' character at the end of the prompt. € {(\. '@' sign and system name in brackets.Prompt indicates that HotLock is turned on. Default command prompt looks like this: [admin@MikroTik] /interface> Default command prompt shows name of user. € address: .0.. followed by '>' and space. € [admin@MikroTik] >> . To remove this default configuration type "r" or hit any other key to continue. When console is in safe mode. Applying and removing of the default configuration is done using console script (you can press 'v' to review it).

console shows continuation prompt that lists all open parentheses. command '/password' asks for old and new passwords. In such cases prompt shows name of requested value. brackets and quotes.. Q: Thank you.0 releases. it receives some strange characters. now terminal width is not right. prompt shows number of current line and total line count instead of usual username and system name.. When entered line is not a complete command and more input is expected. line 2 of 3> :put (\ Sometimes commands ask for additional input from user. and also trailing backslash if previous line ended with backslash-whitespace.. [admin@MikroTik] > /password old password: ****** new password: ********** retype new password: ********** 32 FAQ Q: How do I turn off colors in console? A: Add '+c' after login name. followed by colon and space.. [admin@MikroTik] > { {. where 80 is your terminal width. 1+2)} 3 When you are editing such multiple line entry. :put (\ {(\. what to do? Q: My expect script does not work with newer 3. braces. Q: After logging in console prints rubbish on the screen. What are those? A: These sequences are used to automatically detect terminal size and capabilities. For example. [ Top | Back to Content ] . Add '+t' after login name to turn them off.Manual:Console login process [admin@MikroTik] >> It is possible to write commands that consist of multiple lines. How do I set terminal width? A: Add '+t80w' after login name.

. .google. nslookup € is a command-line administrative tool for testing and troubleshooting DNS servers. enter "ipconfig /?" or •ipconfig -?‚. . It allows configure interfaces. .Manual:Troubleshooting tools 33 Manual:Troubleshooting tools Troubleshooting tools Before. .16. . C:\>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix .99. : fe80::58ad:cd3f:f3df:bf18%8 IPv4 Address.77. 74. enter "ipconfig" in the command prompt. routing protocols. We will look only at commonly used Windows networking tools and commands. and UDP protocols. : mshome. if you want to know what IP address is "www. here is little reminder on how to check host computer's network interface parameters on .147. iwconfig .a) ip € show/manipulate routing.com" and you will find that there are more addresses 74. routing tables. Here is the list of basic networking commands and tools on Linux: ifconfig € it is similar like ipconfig commands on windows. To open it. All of the tools are being ran from windows terminal.77.243 Subnet Mask .125.net Link-local IPv6 Address . routing filters and display currently running configuration. netstat € displays the active TCP connections and ports on which the computer is listening. . . netstat € print network connections. The Microsoft windows have a whole set of helpful command line tools that helps testing and configuring LAN/WAN interfaces. but it is always good to be familiar with the command-line tools. Go to Start/Run and enter "cmd" to open a Command window. (netstat € r.com". .16. . To obtain a list of additional options. It comes with a number of options for displaying a variety of properties of the network and TCP connections •netstat €?‚. . routes. That also view and set the basic Wi-Fi network details. Today in most of Linux distributions network settings can be managed via GUI. assigned IP address and netmask details as well as show currently network interface configuration. : 173.iwconfig tool is like ifconfig and ethtool for wireless cards. Very similar commands are available also on unix-like machines. . .77.255. . we look at the most significant commands for connectivity checking and troubleshooting. and more.255.16. netsh € is a tool an administrator can use to configure and monitor Windows-based computers at a command prompt.104. . . . . statistics for the IP. . . . devices. For example. . : 173. Some of commands on windows are: ipconfig € used to display the TCP/IP network configuration values.16. : 255.0 Default Gateway . nslookup € give a host name and the command will return IP address. It lets enable/disable network adapters. interface statistics. . 74. the IP routing table. .1 There are also a variety of additional functions for ipconfig.125. including port connections. . netstat . . . . enter "nslookup www.google. policy routing and tunnels on linux-machine. . ICMP. check IP address on interface using ip command: . For example. Ethernet statistics. TCP. . masquerade connections. . .125.

Remember if you want full details on the tools and commands options use man command. Maximum = 1ms.6: icmp_seq=4 ttl=61 time=0.6: icmp_seq=3 ttl=61 time=0.255.255. 34 Check network connectivity Using the ping command Ping is one of the most commonly used and known commands.255.255.4: bytes=32 time<1ms TTL=61 Reply from 10. 0% packet loss.255.255. Ping uses Internet Control Message Protocol (ICMP) protocol for echo response and echo request.4: Packets: Sent = 4.948/1. From MikroTik: .4 Pinging 10. for example: $ip route add 192.6 ping statistics --4 packets transmitted.6: icmp_seq=2 ttl=61 time=0.255.780 ms 64 bytes from 10.255.23 ms 64 bytes from 10.255.10.879 ms ^C --.255.0/24 via 192.255.255.255.4: bytes=32 time<1ms TTL=61 Reply from 10.255.255.255.255. Ping output displays the minimum. if you want to know all options on ifconfig write command man ifconfig in terminal.255.Manual:Troubleshooting tools $ip addr show You can add static route using ip following command: ip route add {NETWORK address} via {next hop address} dev {DEVICE}.255. including the local host's own interfaces.232/0. 64 bytes from 10. 4 received.255.254 dev eth1 mentioned tools are only small part of networking tools that is available on Linux.6) 56(84) bytes of data. For example.168.255.255.255. Average = 0ms Unix-like: andris@andris-desktop:/$ ping 10.255. Ping sends ICMP echo request packets to the target host and waits for an ICMP response.780/0.6 (10.174 ms Press Ctrl-C to stop ping process.6: icmp_seq=1 ttl=61 time=1.4 with 32 bytes of data: Reply from 10. Lost = 0 (0% Approximate round trip times in milli-seconds: Minimum = 0ms.6 PING 10.1. Received = 4.255.168.4: bytes=32 time=1ms TTL=61 Reply from 10.4: bytes=32 time<1ms TTL=61 Ping statistics for 10.255. average and maximum times used for a ping packet to find a specified system and return. From PC: Windows: C:\>ping 10.255. Administration utility used to test whether a particular host is reachable across an Internet Protocol (IP) network and to measure the round-trip time for packets sent from the local host to a destination host. time 2999ms rtt min/avg/max/mdev = 0.904 ms 64 bytes from 10.255.55.255.255.

255.255.2) 3: no reply 4: 10.168.2 Trace complete.255.1) 1: 192.4 64 byte ping: ttl=62 time=1 ms 10.255.255.1.255.4 64 byte ping: ttl=62 time=2 ms 10.13.168.1 (192.13.255.local (192.255.Manual:Troubleshooting tools [admin@MikroTik] > ping 10.255. each router in the path towards the destination decrements the TTL field by one unit TTL reaches zero. Unix-like: Traceroute and tracepath is similar. Each hop decrements TTL value by 1.255.542ms 0. Using this command you can see how packets travel through the network and where it may fail or slow down.168. Traceroute operation is based on TTL value and ICMP •Time Exceeded‚ massage. Next time TTL value is incremented by 1 and so on.2 (192.1.255.6 (10. This message lets the source know that the packet traverses that particular router as a hop. Initially by traceroute. the TTL value is set to 1 when next router finds a packet with TTL = 1 it sets TTL value to zero. Typically.255.10.301ms reached .10.168.1 2 1 ms 1 ms 1 ms 10.255.557ms 1. switch or other network device that possibly causing network issues or failures.255.255.1) 2: 192.4 64 byte ping: ttl=62 time=8 ms 10.6 1: andris-desktop.2 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 10.10. Remember that TTL value in IP header is used to avoid routing loops.255. router.255.1 ADDRESS STATUS 0.255.168.255.4 10.1 (192. 4 packets received.255. The traceroute or tracepath tool is available on practically all Unix-like operating systems and tracert on Microsoft Windows operating systems.255. Using this information you can determine the computer.2/10 ms Press Ctrl-C to stop ping process. only tracepath does not not require superuser privileges.4) 1: 192.10.255. 35 Using the traceroute command Traceroute displays the list of the routers that packet travels through to get to a remote host.4 64 byte ping: ttl=62 time=10 ms 4 packets transmitted.255.123ms pmtu 1500 0. andris@andris-desktop:~$ tracepath 10.6) Resume: pmtu 1500 hops 4 back 61 From MikroTik: [admin@MikroTik] > tool traceroute 10.10.168.2 Tracing route to 10. and responds with an ICMP "time exceeded" message to the source. From Personal computer: Windows: C:\>tracert 10. the packet is discarded and ICMP Time Exceeded message is sent back to the sender when this occurs. 0% packet loss round-trip min/avg/max = 1/5.213ms 2.255. If the TTL reaches zero.168.

255. sent by email or even sent to remote syslog server. Log file is a text file created in the server/router/host capturing different kind of activity on the device.06kbps udp 896bps icmp 480bps ospf 0bps tool> torch ether1 protocol=any-ip RX 608bps 3.Manual:Troubleshooting tools 1 10. disk.info OSPFv2 network added by admin Read more about logging on RouterOS here>> Torch (/tool torch) Torch is realtime traffic monitoring tool that can be used to monitor the traffic flow through an interface.info mangle rule added by admin 16:17:52 system.info. port.1. RouterOS is capable of logging various system events and status information. [admin@MikroTik] tool> torch ether1 port=telnet SRC-PORT DST-PORT 1439 23 (telnet) [admin@MikroTik] tool> To see what IP protocols are sent via ether1: [admin@MikroTik] PRO.7kbps RX 368bps [admin@MikroTik] tool> .14 via winbox 16:16:29 system.0.17 2ms 1ms 1ms 2 10..13.13. file.info simple queue removed by admin 16:18:15 system. destination address. Logs can be saved in routers memory (RAM). TX tcp 1. Torch shows the protocols you have chosen and tx/rx data rate for each of them. Example: The following example monitor the traffic generated by the telnet protocol.14 via telnet 16:17:16 system.account user admin logged out from 10.255.7kbps 480bps 192bps TX 1.account user admin logged out from 10. topics that this message belongs to and message itself. Each entry contains time and date when event occurred.1 5ms 1ms 1ms [admin@MikroTik] > 36 Log Files System event monitoring facility allows to debug different problems using Logs. source address.13.13.info. This file is the primary data analysis source. which passes through the interface ether1. All messages stored in routers local memory can be printed from /log menu. You can monitor traffic classified by protocol name.info device changed by admin 16:16:29 system.info filter rule added by admin 16:17:34 system. [admin@MikroTik] /log> print 15:22:52 system.

.1kbps 18..101.38 10.0.5 TX 60.144/32 ether1: [admin@MikroTik] tool> torch ether1 src-address=10.144 480bps [admin@MikroTik] tool> RX 608bps 480bps 37 IPv6 Starting from v5RC6 torch is capable of showing IPv6 traffic.0.0.0. Example: admin@RB1100test] > /tool torch interface=bypass-bridge src-address6=::/0 ip-protocol=any sr c-address=0.101.0.0.5.0/0 MAC-PROTOCOL ipv6 ip ip ip ip ip IP-PROT..0.34 10.144/32 protocol=any PRO.0.101.0.0.0.Manual:Troubleshooting tools In order to see what protocols are linked to a host connected to interface 10.176 224.5kbps 288bps 304bps 416bps 0bps 1010.5.01kbps icmp 10.0.google.7kbps RX 1005.0.0kbps 0bps 0bps 0bps 544bps 78. Two new parameters are introduced src-address6 and dst-address6.4kbps 3.1 10.0. SRC-ADDRESS tcp tcp vrrp udp tcp ospf 2001:111:2222:2::1 10.com] By default ping tool will take IPv4 address.5. SRC-ADDRESS TX tcp 10.0kbps To make /ping tool to work with domain name that resolves IPv6 address use the following: /ping [:resolve ipv6. .144 1.

240 filter-stream: yes filter-protocol: ip-only filter-address1: 0.0. file-name will be set to test and packet sniffer will be started and stopped after some time: [admin@MikroTik] tool sniffer> set streaming-server=192.0/0:0-65535 filter-address2: 0.0.168.240 \ \. Packet Sniffer Configuration In the following example streaming-server will be added.0.0. streaming will be enabled. streaming-enabled=yes file-name=test [admin@MikroTik] tool sniffer> print interface: all only-headers: no memory-limit: 10 file-name: "test" file-limit: 10 streaming-enabled: yes streaming-server: 192.168.0.. In Winbox you can also trigger a Filter bar by hitting the F key on the keyboard.0/0:0-65535 . packet sniffer uses libpcap format.0. Packet Sniffer (/tool sniffer) Packet sniffer is a tool that can capture and analyze packets sent and received by specific interface..Manual:Troubleshooting tools 38 Winbox More attractive Torch interface is available from Winbox (Tool>Torch).

stopped: 39 [admin@MikroTik] tool sniffer> start [admin@MikroTik] tool sniffer> stop Below the sniffed packets will be saved in the file named test: [admin@MikroTik] tool sniffer> save file-name=test View sniffed packets There are also available different submenus for viewing sniffed packets.0.1.0.stops sniffing.616 5.1.99 6.18:45630 10. € /tool sniffer packet € show the list of sniffed packets € /tool sniffer protocol € show all kind of protocols that have been sniffed € /tool sniffer host € shows the list of hosts that were participating in data exchange you've sniffed For example: [admin@MikroTik] tool sniffer packet> print # 0 1 2 3 4 5 6 7 8 9 -TIME 1.087 9.0.0.0.0.057 7.0.1.1.18 0.42.138 10.0:68 (bootpc) 10.18 159. To save currently sniffed packets in a specific file save command is used.0. file size limit in KBs.977 more INTERFACE ether1 ether1 ether1 ether1 ether1 ether1 ether1 ether1 ether1 ether1 SRC-ADDRESS 0. /tool sniffer stop.1.18:1701 (l2tp) 10.148. The start command is used to start/reset sniffing.18:1701 (l2tp) Figure below shows sniffer GUI in Winbox. .616 2.0:68 (bootpc) 10.067 8.0. Running Packet Sniffer Tool There are three commands that are used to control runtime operation of the packet sniffer: /tool sniffer start. /tool sniffer save.0. In the following example the packet sniffer will be started and after some time .82 2.1. stop .Manual:Troubleshooting tools running: no [admin@MikroTik] tool sniffer> start [admin@MikroTik] tool sniffer> stop Here you can specify different packet sniffer parameters. which is more user-friendly.697 1.1. like maximum amount of used memory.5:1701 (l2tp) 10.007 2.0.17 10.

Statistics for throughput are calculated using the entire size of the TCP data stream. congestion window mechanism and all other features of TCP algorithm. As acknowledgments are an internal working of TCP. Please review the TCP protocol for details on its internal speed settings and how to analyze its behavior. Remember that Bandwidth Test uses all available bandwidth (by default) and may impact network usability. If you want to test real throughput of a router. the packet size should be set for the maximum MTU allowed by the links which is usually 1500 bytes. BW test uses two protocols to test bandwidth: € TCP € uses the standard TCP protocol operation principles with all main components like connection initialization. this implementation means that the closest approximation of the throughput can be seen. . their size and usage of the link are not included in the throughput statistics. To see the maximum throughput of a link.network point with lowest throughput. To do this you need at least 3 routers connected in chain: Bandwidth Server € router under test € Bandwidth Client. Therefore statistics are not as reliable as the UDP statistics when estimating throughput. you should run bandwidth test through the router not from or to it. € UDP traffic € sends 110% or more packets than currently reported as received on the other side of the link. There is no acknowledgment required by UDP. packets acknowledgments.Manual:Troubleshooting tools 40 Detailed commands description can be found in the manual >> Bandwidth test The Bandwidth Tester can be used to measure the throughput (Mbps) to another MikroTik router (either wired or wireless network) and thereby help to discover network "bottlenecks".

1Mbps tx-total-average: 75. Configuration example: Server To enable bandwidth-test server with client authentication: [admin@MikroTik] /tool bandwidth-server> set enabled=yes authenticate=yes [admin@MikroTik] /tool bandwidth-server> print enabled: yes authenticate: yes allocate-udp-ports-from: 2000 max-sessions: 100 [admin@MikroTik] /tool bandwidth-server> Client Run UDP bandwidth test in both directions. [admin@MikroTik] > tool bandwidth-test protocol=udp user=admin password="" direction=both \ address=10.0. In case if you use TCP then Bandwidth Test counts only TCP data (TCP header and IP header are not included). In this case user name is ƒadmin„ without any password.Manual:Troubleshooting tools 41 Note: If you use UDP protocol then Bandwidth Test counts IP header+UDP header+UDP data.8Mbps rx-total-average: 72.4Mbps lost-packets: 294 random-data: no direction: both tx-size: 1500 rx-size: 1500 -.1.[Q quit|D dump|C-z pause] More information and all commands description can be found in the manual>> .5 status: running duration: 22s tx-current: 97.2Mbps rx-current: 91.0Mbps tx-10-second-average: 97.7Mbps rx-10-second-average: 91. user name and password depends on remote Bandwidth Server.

Manual:Troubleshooting tools 42 Profiler Profiler is a tool that shows CPU usage for each process running on RouterOS. Read more >> [ Top | Back to Content ] . It helps to identify which process is using most of the CPU resources.

rif section and upload the file. which is stored on the router and can be downloaded from the router using ftp. simply to to the Supout. you must type: /system sup-output In command line. or use winbox: You can also use the terminal in Winbox: .rif file? Applies to RouterOS: ALL 'The support file is used for debugging MikroTik RouterOS and to solve the support questions faster.' You can view the contents of this file in your Mikrotik account [1]. logs and some other details that will help the MikroTik Support to solve your issue.Manual:Support Output File 43 Manual:Support Output File What is a supout. This file contains all your routers configuration. To generate this file. All MikroTik Router information is saved in a binary file.

simply drag the file to your desktop: Of course. it is also possible to download the file with FTP/SFTP or to automate this process with scripting. and have the file emailed to you. [ Top | Back to Content ] .Manual:Support Output File 44 To save the file direcly from Winbox.

the way to create your own configuration and monitoring applications.5 kernel. telnet and ssh € API . Backup/Restore € Binary configuration backup saving and loading € Configuration export and import in human readable text format Firewall € Statefull filtering € Source and destination NAT € NAT helpers (h323. sip.3. mikrotik. USB and flash storage medium with minimum of 64MB space € Network cards supported by linux v3.Manual:Support Output File 45 References [1] http:/ / www. routing and packet marks € Filtering by IP address and address range. irc. port and port range. quake3. DSCP and many more € Address lists .5 kernel (PCI. SATA. pptp. IP protocol.advanced web based configuration interface Basic web interface configuration tool Powerful command-line configuration interface with integrated scripting capabilities. tftp) € Internal connection. com Manual:RouterOS features RouterOS features RouterOS is MikroTik's stand-alone operating system based on linux v3. accessible via local terminal. The following list shows features found in the latest RouterOS release: Hardware Support € i386 compatible architecture € SMP € multi-core and multi-CPU compatible € Minimum 32MB of RAM (maximum supported 2GB. PCI-X) € Partial hardware compatibility list (user maintained) € Switch chip configuration support Installation € M:Netinstall: Full network based installation from PXE or EtherBoot enabled network card € Netinstall: Installation to a secondary drive mounted in Windows € CD based installation Configuration € € € € € MAC based access for initial configuration WinBox € standalone Windows GUI configuration tool Webfig . where there is no maximum) € IDE. ftp. except on Cloud Core devices. serial console.3.

Manual:RouterOS features € Custom Layer7 matcher € IPv6 support € PCC - per connection classifier, used in load balancing configurations

46

Routing
€ € € € € € € € Static routing Virtual Routing and Forwarding (VRF) Policy based routing Interface routing ECMP routing IPv4 dynamic routing protocols: RIP v1/v2, OSPFv2, BGP v4 IPv6 dynamic routing protocols: RIPng, OSPFv3, BGP Bidirectional Forwarding Detection ( BFD)

MPLS
€ Static Label bindings for IPv4 € Label Distribution protocol for IPv4 € € € € RSVP Traffic Engineering tunnels VPLS MP-BGP based autodiscovery and signaling MP-BGP based MPLS IP VPN complete list of MPLS features

VPN
€ Ipsec € tunnel and transport mode, certificate or PSK, AH and ESP security protocols. Hardware encryption support on RouterBOARD 1000 [1]. € Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP, SSTP) € Advanced PPP features (MLPPP, BCP) € Simple tunnels ( IPIP, EoIP) IPv4 andIPv6 support € 6to4 tunnel support (IPv6 over IPv4 network) € VLAN € IEEE802.1q Virtual LAN support, Q-in-Q support € MPLS based VPNs

Wireless
€ € € € € € € € € € € IEEE802.11a/b/g wireless client and access point Full IEEE802.11n support Nstreme and Nstreme2 proprietary protocols NV2 protocol Wireless Distribution System (WDS) Virtual AP WEP, WPA, WPA2 Access control list Wireless client roaming WMM HWMP+ Wireless MESH protocol

€ MME wireless routing protocol

Manual:RouterOS features

47

DHCP
€ € € € € € € Per interface DHCP server DHCP client and relay Static and dynamic DHCP leases RADIUS support Custom DHCP options DHCPv6 Prefix Delegation (DHCPv6-PD) DHCPv6 Client

Hotspot
€ € € € Plug-n-Play access to the Network Authentication of local Network Clients Users Accounting RADIUS support for Authentication and Accounting

QoS
€ Hierarchical Token Bucket ( HTB) QoS system with CIR, MIR, burst and priority support € Simple and fast solution for basic QoS implementation - Simple queues € Dynamic client rate equalization ( PCQ)

Proxy
€ € € € € € € € HTTP caching proxy server Transparent HTTP proxy SOCKS protocol support DNS static entries Support for caching on a separate drive Parent proxy support Access control list Caching list

Tools
€ € € € € € € € € Ping, traceroute Bandwidth test, ping flood Packet sniffer, torch Telnet, ssh E-mail and SMS send tools Automated script execution tools CALEA File Fetch tool Advanced traffic generator

Manual:RouterOS features

48

Other features
€ € € € € € € € € € € € € € Samba support OpenFlow support Bridging € spanning tree protocol (STP, RSTP), bridge firewall and MAC natting. Dynamic DNS update tool NTP client/server and synchronization with GPS system VRRP v2 and v3 support SNMP M3P - MikroTik Packet packer protocol for wireless links and ethernet MNDP - MikroTik neighbor discovery protocol, supports CDP (Cisco discovery protocol) RADIUS authentication and accounting TFTP server Synchronous interface support (Farsync cards only) (Removed in v5.x) Asynchronous € serial PPP dial-in/dial-out, dial on demand ISDN € dial-in/dial-out, 128K bundle support, Cisco HDLC, x75i, x75ui, x75bui line protocols, dial on demand

[ Top | Back to Content ]

References
[1] http:/ / routerboard. com

Manual:RouterOS FAQ
See also: Mikrotik_RouterOS_Preguntas_Frecuentes_(espa•ol/spanish)

What is MikroTik RouterOS€?
What does MikroTik RouterOS… do? MikroTik RouterOS… is a router operating system and software which turns a regular Intel PC or MikroTik RouterBOARD… hardware into a dedicated router. What features does RouterOS… have? RouterOS feature list Can I test the MikroTik RouterOS… functionality before I buy the license? Yes, you can download the installation from MikroTik's webpage and install your own MikroTik router. The router has full functionality without the need for a license key for 24h total running time. That's enough time to test the router for 3 days at 8h a day, if you shut down the router at the end of each 8h day. Where can I get the License Key? Create an account on MikroTik's webpage (the top right-hand corner of www.mikrotik.com). You can use a credit card to pay for the key. Can I use MikroTik router to hook up to a service provider via a T1, T3, or other high speed connection? Yes, you can install various NICs supported by MikroTik RouterOS… and get your edge router, backbone router, firewall, bandwidth manager, VPN server, wireless access point, HotSpot and much more in one box. Please check the Specification Sheet [1] and Manual [2] for supported interfaces! How fast will it be?

How secure is the router once it is setup? Access to the router is protected by username and password. Do not interrupt the file system check! It would make your installation unusable. Can I run MikroTik RouterOS… from any hard drive in my system? Yes Is there support for multiple hard drives in MikroTik RouterOS…? A secondary drive is supported for web cache. the RouterOS… will perform a file system check. Try to reboot the computer and start the installation again. and there is plenty of processing power even in a 100MHz CPU. ease of management and maintenance. and there is no password (hit the 'Enter' key). . Remote access to the router can be restricted by user. the file system has not been unmounted properly. 49 Installation How can I install RouterOS? RouterOS can be installed with CD Install or Netinstall. except for WEB proxy cache. there is no recovery for it. How does this software compare to using a Cisco router? You can do almost everything that a proprietary router does at a fraction of the cost of such a router and have flexibility in upgrading. Your hard drive will be wiped completely by the installation process. Logging on and Passwords What is the username and password when logging on to the router for the first time? Username is 'admin'. The MikroTik RouterOS… is standalone Operating System. Firewall filtering is the easiest way to protect your router and network.Manual:RouterOS FAQ An Intel PC is faster than almost any proprietary router. specific rights can be set for user groups. The OS is Linux kernel based and very stable. You have to reinstall the router. IP address. Why the CD installation stops at some point and does not go "all the way through"? The CD installation is not working properly on some motherboards. This support has been added in 2. You can change the password using the '/password' command. it may take several minutes to complete. When starting up. just one PRIMARY MASTER HDD or FlashDisk. older versions don't support multiple hard drives. How can I recover a lost password? If you have forgotten the password.8. What OS do I need to install the MikroTik RouterOS…? No Operating System is needed. Additional users can be added to the router. How can I access the router if the LAN interface has been disabled? You can access the router either locally (using monitor and keyboard) or through the serial console. How large HDD can I use for the MikroTik RouterOS…? MikroTik RouterOS… supports disks larger than 8GB (usually up to 120GB). No additional disk support. After power failure the MikroTik router is not starting up again If you haven't shut the router down. Depending on the HDD size. If it does not help. try using different hardware. But make sure the BIOS of the router's motherboard is able to support these large disks.

Floppies or Netinstall procedure and install the MikroTik RouterOS… on the HDD with the previous MikroTik RouterOS… installation still intact. Do not use format or partitioning utilities. or purchase the base license. We may request you to send the broken hard drive to us as proof prior to issuing a replacement key. if my hard drive with MikroTik RouterOS… crashes. and then choose `fix key`.x as long as you want. What to do. Does the license expire? The license never expires. If you have a free demo license.Manual:RouterOS FAQ 50 Licensing Issues How many MikroTik RouterOS… installations does one license cover? The license is per RouterOS installation. For example if it says "Upgradable to v4. What happens if my hardware breaks again. we need physical proof that there is in fact been another incident. The router runs for ever. More information available here All_about_licenses How can I enter a new Software Key? Entering the key from Console/FTP: € import the attached file with the command '/system license import' (you should upload this file to the router's FTP server) Entering the key with Console/Telnet: € use copy/paste to enter the key into a Telnet window (no matter which submenu). Your only limitation is to which versions you can upgrade. Please obtain another demo license. including the lines "--BEGIN MIKROTIK SOFTWARE KEY--" and "--END MIKROTIK SOFTWARE KEY--" Entering the key from Winbox: € use 'system -> license' menu in Winbox to Paste or Import the key I have mis-typed the software ID when I purchased the Software Key. then select your mis-typed key. but you should use the same HDD. it means you can use all v4 releases. you can use different hardware (motherboard. The license is kept with the HDD unless format or fdisk utilities are used. When paying for the license.x". that it cannot be used on another harddrive than the one it was installed upon. Contact support to arrange this. and I have to install another one? If you have paid for the license. you have to write to support[at]mikrotik. It is not required to reinstall the system when moving to different hardware. they will delete your key! Use the same (initial) BIOS settings for your HDD! Can I use my MikroTik RouterOS… software license on a different hardware? Yes. Each installed router needs a separate license. but not v5 This doesn't mean you can't stay on v4. NICs). How can I reinstall the MikroTik RouterOS… software without losing my software license? You have to use CD. License transfer to another hard drive costs 10$. and I lose my replacement key? The same process is used as above. no replacement key can be issued. The license is kept with the HDD. About entering keys. How can I fix this? In the Account Server choose `work with keys`. please be aware. but this time. see more on this page Entering a RouterOS License key All other information about License Keys can be found here . Be sure to copy the whole key.com and describe the situation.

Check the free space on router's HDD using the /system resource print command before uploading the package files. Then reboot the router by issuing /system reboot command. After reboot. Downgrading How can I downgrade the MikroTik RouterOS… installation to an older version? You can downgrade by reinstalling the RouterOS… from any media. You have to obtain (purchase) the required license level or install the NPK package for this interface (for example package 'wireless'). The configuration of the router will be lost (it is possible to save the old configuration. will I lose my configuration? No. and then upgrade the remaining ones. Upload the older packages to the router via FTP and then use the /system package downgrade command. you will need to download the latest package files (*. Another way is to use the /system package downgrade command.4 first. V2. When upgrading version families (for example. This works only if you downgrade to 2. How can I upgrade? To upgrade the software. The software license will be kept with the HDD as long as the disk is not repartitioned/reformatted. For example when upgrading from V2. the installed packages are listed in the /system package print list. You can monitor the installation process on the monitor screen connected to the router.6) you may lose the configuration of some features that have major changes.npk) as the system package. How much free disk space do I need when upgrading to higher version? You need space for the system package and the additional packages you have to upgrade.20 and not lower.npk) from our website (the 'system' package plus the ones that you need). . More information here: Upgrading_RouterOS I installed additional feature package.5 to V2. After uploading the newer version packages to the router you should have at least 2MB free disk space left. If not.Manual:RouterOS FAQ All_about_licenses 51 Upgrading How can I install additional feature packages? You have to use the same version package files (extension . If I do upgrade RouterOS. do not try to make the upgrade! Uninstall the unnecessary packages first. connect to the router via FTP and upload the new packages to it by using Binary transfer mode. you should upgrade to the last version of 2. Use the /system package print command to see the list of installed packages. Make sure you have at least 2MB free disk space on the router after you have uploaded the package files! Upload the package files using the ftp BINARY mode to the router and issue /system reboot command to shut down the router and reboot. Then. but the relevant interface does not show up under the /interface print list. but this option has unpredictable results when downgrading and it is not recommended to use it).7.4. The packages are installed (upgraded) while the router is going for shutdown. configuration is kept intact for upgrades within one version family.

or. When I use the IP address/mask in the form 10. DHCP is insecure by default. The rules 'do not work'.1.1. set the mangle rule as follows: / ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!0-1448 new-mss=1448 .1.1. since they do not match the packets due to the incorrectly specified address/mask. Upload it to the router and reboot! Can I statically bind IP's to MAC addresses via DHCP? Yes. I have no firewall setup. D . It should be one of the router's external addresses.1. if you have encrypted PPPoE link with MTU=1492.dynamic 0 chain=srcnat out-interface=Public action=masquerade How can I change the TCP port number for telnet or http services. There is an example how to masquerade your private LAN: [admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public [admin@MikroTik] ip firewall nat> print Flags: X . This is a typical problem. specify the to-src-address argument value. Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes less than your connection MTU. I cannot surf some sites when I use PPPoE. if I do not want to use the ports 23 and 80. How can I masquerade two different subnets using two different external IP addresses for them? Use /ip firewall nat rule with chain=srcnat action=nat. since it is substituted by the external address of the router automatically. the to-src-address is not taken into account.1.invalid.1. and it is better to use PPPoE for user authentication and handing out IP addresses. where you do not have routing set up at your main Internet gateway.0/24 for the IP addresses in the range 10.disabled. I need to set up DHCP client. You need to install the dhcp package. If you use action=masquerade. There you can request the user to log on from a specified MAC address as well. The correct form would be: 10.17/24 for my filtering or queuing rules. you need to 'tell' about it your main gateway (your ISP). Since you have introduced a new network. I .17.1. you can 'hide' your new network by means of masquerading to get access to the Internet. you can add static leases to the DHCP server leases list.17/32 for just one IP address 10. However. they do not work. respectively? You can change the allocated ports under /ip service. Alternatively.255.1.1. I can ping both networks from the router but can't ping from one network through the router to the other network and to the Internet. The DHCP feature is not included in the system software package. where the problem is described and the solution is given.1.Manual:RouterOS FAQ 52 TCP/IP Related Questions I have two NIC cards in the MikroTik router and they are working properly. 10.0-10. A route should be added for your new network. but there is no menu '/ip dhcp-client'. For example.1. Please take time to study the Basic Setup Guide.

We can use these flow-marks in queue trees now. Can I use MikroTik as a bridge and a traffic shaper in one machine? Yes. 9/ guide/ specs [2] http:/ / www. It is not the bridge interface! The queue on the bridge interface is involved only for the traffic generated from the router. You can use all the extensive queue management features. Can I limit bandwidth based on MAC addresses? For download: 1. com/ docs/ ros/ 2. it is fundamentally flawed as the first packet of each connection destined to these clients will not be taken into account. com/ docs/ ros/ 2. you cannot. See more >> BGP Questions See BGP FAQ and HowTo [ Top | Back to Content ] References [1] http:/ / www. mikrotik. While this solution should function. For upload: [admin@AP] ip firewall mangle> add chain=prerouting src-mac-address=11:11:11:11:11:11 \ action=mark-packet new-packet-mark=upload Wireless Questions Can I bridge wlan interface operating in the station mode? No. connection-mark all packets from the MAC of each client with different marks for each client using action=passthrough: /ip firewall mangle add chain=prerouting src-mac-address=11:11:11:11:11:11 \ action=mark-connection new-connection-mark=host11 passthrough=yes 2. Remark these packets with flow-mark (again different flow-marks for each connection-marks): /ip firewall mangle add chain=prerouting connection-mark=host11 new-packet-mark=host11 3. when passing through the router. 9/ . mikrotik. Set the queue to the interface where the traffic is actually leaving the router.Manual:RouterOS FAQ 53 Bandwidth Management Related Questions How can I controll bandwidth(bandwidth shaping)in Bridge mode? In bridge settings enable use-ip-firewall.

Connection establishment included operations such as dial number. . It is similar with analog telephone network where you had to establish connection before you are able to communicate with a recipient.Manual:Connection oriented communication (TCP/IP) 54 Manual:Connection oriented communication (TCP/IP) Connection oriented communication (TCP/IP) The connection-oriented communication is a data communication mode in which you must first establish a connection with remote host or server before any data can be sent. TCP has several message types used in connection establishment and termination process (see Figure 2. receive dial tone. wait for calling signal etc. As the result end-to-end virtual (logical) circuit is created where flow control and acknowledgment for reliable delivery is used.1.). TCP session establishment and termination Process when transmitting device establishes a connection-oriented session with remote peer is called a three-way handshake.

2. Let„s think about what happens when datagrams are sent out faster than receiving device can process. Unlike TCP Connection establishment. 4. If host B does not have any data to transmit to the host A it will also terminate the connection by sending FIN segment. Segments transmission (windowing) Now that we know how the TCP connection is established we need to understand how data transmission is managed and maintained. does not terminate the connection but enters into a "passive close" (CLOSE_WAIT) state and sends the ACK for the FIN back to the host A. But since buffer space are not unlimited. it sends back ACK (Acknowledgment) macket. then the receiver will send a positive window advertisement (increase the windows size) with each acknowledgement. When the host A receives the SYN-ACK. The host A. but can continue transmit data to host A. window mechanism is used to control the flow of the data. Host B receives ACK and at this stage the connection is ESTABLISHED. In TCP/IP networks transmission between hosts is handled by TCP protocol. 4. So the size of window controls how much information can be transmitted from one host to another without receiving an acknowledgment. who needs to terminate the connection. After packet with data is transmitted. 2. A sender that receives a zero window advertisement must stop transmit until it receives a positive window. TCP uses flow control protocol. 3. Windowing process is illustrated in Figure 2. . Connection termination When the data transmission is complete and the host wants to terminate the connection. and sends an ACK back to the host B. 1. The host B. connection termination uses four-way massages. If the receiving application can process data as quickly as it arrives from the sender. Figure 1. If time expires and sender did not receive ACK. When the host B receives SYN message. The host A who needs to initialize a connection sends out a SYN (Synchronize) packet with proposed initial sequence number to the destination host B. It works until sender becomes faster than receiver and incoming data will eventually fill the receiver's buffer. When connection is established. who receives the FIN segment.Manual:Connection oriented communication (TCP/IP) 55 Connection establishment process 1. receiver specifies window field (see. sender waits acknowledgement from receiver. it enters into a (TIME_WAIT) state. window size (in bytes) is send together with acknowledgements to the sender. Receiver stores them in memory called a buffer.6. packet is retransmitted. Connection is terminated when both sides have finished the shut down procedure by sending a FIN and receiving an ACK. it returns a packet with both SYN and ACK fags set in the TCP header (SYN-ACK). All dropped frames must be retransmitted again which is the reason for low transmission performance. Sender will send only amount of bites specified in window size and then will wait for acknowledgments with updated window size. Window size represents the amount of received data that receiver is willing to store in the buffer. which uses three-way handshake. when its capacity is exceeded receiver starts to drop the frames. termination process is initiated. 2. When the host A receives the last ACK from the host B. 3. sends a special message with the FIN (finish) flag.) in each TCP frame. TCP header format. Now the host B enters into LAST_ACK state. Connection-oriented protocol services are often sending acknowledgments (ACKs) after successful delivery. To address this problem. At this point host B will no longer accept data from host A. Host B gets the ACK from the host A and closes the connection. indicating that it has finished sending the data. causing the receiver to advertise acknowledgment with a zero window.

The network detects the "collision" of the two transmitted packets and discards both of them. Ethernet network uses Carrier Sense Multiple Access with Collision detection (CSMA/CD) protocol for data transmission. CSMA/CD is a modification of Carrier Sense Multiple Access. After that receiver advertises an initial window size to 2500. Now sender transmits three frames (two containing 1. Carrier Sense Multiple Access with Collision Detection is used to improve CSMA performance by terminating transmission as soon as collision is detected. one 1000byte frame is transmitted. The first three segments fill the receiver's buffer faster than the receiving application can process the data. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the same time. € medium access control system embedded in each Ethernet interface that allow multiple computers to fairly control access to the shared Ethernet channel. That helps to control and manage access to shared bandwidth when two or more devices want to transmit data at the same time. collision domain and network segment. Receiver (host B) returns ACK with window size to increase to 2000. Before we discuss a little more about CSMA/CD we need to understand what is collision. Tahoe etc. . so the advertised window size reaches zero indicating that it is necessary to wait before further transmission is possible. € Ethernet frame that consists of a standardized set of bits used to carry data over the system. Vegas.Manual:Connection oriented communication (TCP/IP) 56 The host A starts transmit with window size of 1000.000 bytes and one containing 500 bytes) and waits for an acknowledgement. reducing the probability of a second collision on retry. Ethernet networking CSMA/CD The Ethernet system consists of three basic elements: € the physical medium used to carry Ethernet signals between network devices. The host A receives ACK and transmits two frames (1000 bytes each). The size of the window and how fast to increase or decrease the window size is available in various TCP congestion avoidance algorithms such as Reno.

When the sender is ready to send data.4 bellow where simple example of CSMA/CD is explained. it checks continuously if the medium is busy. only one computer can receive data simultaneously otherwise collision can occur and data will be lost. Look at the Figure 2. Multiple Access € means that multiple stations send and receive on the one medium. Carrier Sense € means that a transmitter listens for a carrier (encoded information signal) from another station before attempting to transmit. A collision domain is a physical network segment where data packets can "collide" with each other when being sent on a shared medium.involves algorithms for checking for collision and advertises about collision with collision response € •Jam signal‚.each of switch ports create separate network segment which result in separate collision domain.Manual:Connection oriented communication (TCP/IP) If we have one large network solution is to break it up into smaller networks € often called network segmentation. 57 Hub (called also repeater) is specified in Physical layer of OSI model because it regenerates only electrical signal and sends out input signal to each of ports. Collision Detection . Therefore on a hub. . If the medium becomes idle the sender transmits a frame. Today hubs do not dominate on the LAN networks and are replaced with switches. It is done by using devices like routers and switches .

Today Ethernet cables consist of four twisted pairs (8 wires). Full-duplex Ethernet offers . Full-duplex data transmission means that data can be transmitted in both directions using different twisted pairs for each of direction at the same time. Host A and host C on shared network segment sees that nobody else is sending and tries to send frames. Also in the Gigabit Ethernet is defined (Half-duplex) specifications. Half and Full duplex Ethernet Ethernet standards such as Ethernet II and Ethernet 802. and each segment is connected directly to a switch. Half-duplex data transmission means that data can be transmitted in both directions between two nodes.3 are passed through formal IEEE (Institute of Electrical and Electronics Engineers) standardization process. 4. Host A and Host B detect this collision and send out •jam‚ signal to tell other hosts not to send data at this time. coaxial cable. Ethernet supports different data transfer rates Ethernet (10BaseT) € 10 Mbps. collisions are not possible since data is transmitted and received on different wires.3 this field was changed to length field. Full Duplex Ethernet. but we don't want them to send frames simultaneously once again. but only one direction at the same time. Host A and Host C are listening at the same time so both of them will transmit at the same time and collision will occur. 3. Fast Ethernet (100Base-TX) € 100 Mbps Gigabit Ethernet (1000Base-T) € 1000 Mbps through different types of physical mediums (twisted pairs (Copper). 2. host A and host B will start a random timer (ms) before attempting to start CSMA/CD process again by listening to the wire. The difference is that Ethernet II header includes Protocol type field whereas in Ethernet 802. but it isn„t used in practice. optical fiber). Each computer on Ethernet network operates independently of all other stations on the network. Ethernet is the standard CSMA/CD access method. Collision results in what we refer to as "noise" .Manual:Connection oriented communication (TCP/IP) 58 1. 10Base-T uses only one of these wire pairs for running in both directions using half-duplex mode.a change in the voltage of the signals in the line (wire). To avoid this. For example. Any host on the segment that wants to send data •listens‚ what is happening on the physical medium(wire) an is checking whether someone else is not sending data already. Both Host A and Host C need to retransmit this data.

Each network device maintains ARP tables (cache) that contain list of MAC address and its corresponding IP address. If the destination host„s MAC address is not in ARP table. ARP sends broadcast request message to all devices on the LAN by asking the devices with the specified IP address to reply with its MAC address. Commands that displays current ARP entries on a PC (linux. [ Top | Back to Content ] . Figure 2. IP addresses are used for path selection to destination (in the routing process). DOS) and a MikroTik router (commands might do the same thing. MAC addresses uniquely identify every network interface in the network.5 shows how an ARP looks for MAC address on the local network. but frame forwarding process from one interface to another occur using MAC addresses. it must looks for Ethernet MAC address of destination host in its ARP cache. 59 Simple network communication example ARP protocol operation Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address of host in the local network to the hardware address (MAC address). if your computer supports Gigabit Ethernet (full duplex mode) and your gateway (router) also support it then between your computer and gateway 2Gbps aggregated bandwidth is available. but they syntax may be different): For windows and Unix like machines: arp € a displays the list of IP addresses with its corresponding MAC addresses ip arp print € same command as arp € a but display the ARP table on a MikroTik Router. When host on local area network wants to send IP packet to another host in this network.Manual:Connection oriented communication (TCP/IP) performance in both directions for example. A device that recognizes the IP address as its own returns ARP response with its own MAC address. The physical/hardware address is also known as a Media Access Control or MAC address. then ARP request is sent to find device with corresponding IP address.

com/index. Marisb Manual:Console login process ‚Source: http://wiki.php?oldid=21955 ‚Contributors: Eep.Gates.mikrotik.com/index.mikrotik. Kirshteins.php?oldid=22160 ‚Contributors: Jandrade28.php?oldid=22202 ‚Contributors: Janisk. Eugene.com/index.Article Sources and Contributors 60 Article Sources and Contributors Manual:First time startup ‚Source: http://wiki.mikrotik. Megis. Nest. Nest. Janisk. Normis. Marisb.mikrotik.com/index.php?oldid=19069 ‚Contributors: Andriss.com/index. SergejsB Manual:RouterOS features ‚Source: http://wiki. Normis.php?oldid=22862 ‚Contributors: Andriss. Janisk. SergejsB Manual:Initial Configuration ‚Source: http://wiki. Grimp.com/index. Marisb.php?oldid=25703 ‚Contributors: Janisk.mikrotik. Marisb. Normis.php?oldid=21957 ‚Contributors: B. Uldis Manual:RouterOS FAQ ‚Source: http://wiki. MarkSorensen. Normis.mikrotik. SergejsB. Marisb.mikrotik. Maximan. Normis Manual:Troubleshooting tools ‚Source: http://wiki.com/index.mikrotik. Normis Manual:Support Output File ‚Source: http://wiki. Marisb.com/index. Marisb . Dsdee. Janisk. Rock on all you f little dudes!.php?oldid=22340 ‚Contributors: Janisk. Marisb. Eep. Rieks Manual:Connection oriented communication (TCP/IP) ‚Source: http://wiki.

png ‚License: unknown ‚Contributors: Janisk File:to_the_routes.php?title=File:Image2003.com/index.png ‚License: unknown ‚Contributors: Normis Image:Supout2.php?title=File:To_the_routes.png ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Janisk File:enable_wireless.png ‚License: unknown ‚Contributors: Janisk File:adding_new_address.mikrotik.mikrotik.com/index.png ‚License: unknown ‚Contributors: Janisk File:masqurade_rule.mikrotik.com/index.png ‚Source: http://wiki.mikrotik.php?title=File:Wifi_freq_usage1.gif ‚License: unknown ‚Contributors: Andriss Image:image2005.gif ‚Source: http://wiki.mikrotik.png ‚License: unknown ‚Contributors: Janisk File:dst-nat.png ‚Source: http://wiki.com/index.mikrotik.mikrotik.png ‚Source: http://wiki.mikrotik.php?title=File:Add_new_address.com/index.png ‚License: unknown ‚Contributors: Janisk File:remove_bridge_port.com/index.Image Sources.png ‚Source: http://wiki.php?title=File:Brtidge_ports_view.php?title=File:Add_default_route.png ‚Source: http://wiki.php?title=File:Enable_wireless.png ‚License: unknown ‚Contributors: Janisk File:add_default_route.php?title=File:Go_to_DNS_settings.php?title=File:Ediit_create_user.com/index.com/index.com/index.png ‚License: unknown ‚Contributors: Normis File:Winbox-loader2.png ‚License: unknown ‚Contributors: Janisk Image:image11001.php?title=File:Supout3.png ‚Source: http://wiki.gif ‚License: unknown ‚Contributors: Andriss Image:image2003.com/index.mikrotik.png ‚License: unknown ‚Contributors: Janisk File:dns_add_server.mikrotik.php?title=File:Master_port.png ‚Source: http://wiki.png ‚Source: http://wiki.php?title=File:Version.png ‚License: unknown ‚Contributors: Janisk File:DHCP_client.png ‚Source: http://wiki.png ‚Source: http://wiki.com/index.php?title=File:Goto_system.png ‚License: unknown ‚Contributors: Janisk File:wireless_ht.png ‚License: unknown ‚Contributors: Janisk File:correct_address_1. Route File:interface_open_details.com/index.png ‚License: unknown ‚Contributors: Janisk File:Wifi_select_country.php?title=File:Wifi_freq_usage.mikrotik.php?title=File:Wifi_select_country.php?title=File:Winbox-loader2.png ‚Source: http://wiki.mikrotik.php?title=File:Dst-nat.php?title=File:Creating_security_profile.com/index.com/index.png ‚Source: http://wiki.png ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Normis Image:Supout3.png ‚License: unknown ‚Contributors: Janisk File:change_password_user_edit.png ‚License: unknown ‚Contributors: Janisk File:ediit_create_user.com/index.png ‚Source: http://wiki.com/index.com/index.com/index.gif ‚Source: http://wiki.mikrotik.com/index.png ‚Source: http://wiki.com/index.mikrotik.com/index.php?title=File:Change_passwd_current_user.mikrotik.png ‚License: unknown ‚Contributors: Janisk File:wifi_adv_mode.php?title=File:Interface_open_details.com/index.png ‚Source: http://wiki.com/index.png ‚Source: http://wiki.png ‚Source: http://wiki.mikrotik.mikrotik.php?title=File:Webfig_login.mikrotik.php?title=File:Adding_new_address.png ‚Source: http://wiki.mikrotik. Licenses and Contributors Image:Version.png ‚Source: http://wiki.com/index.png ‚License: unknown ‚Contributors: Janisk File:Brtidge_ports_view.php?title=File:Check_nat_masquerade.php?title=File:Dns_add_server.mikrotik.gif ‚Source: http://wiki.mikrotik.com/index.png ‚Source: http://wiki.php?title=File:Image2004.com/index.png ‚Source: http://wiki.php?title=File:Add_bridge_port.png ‚License: unknown ‚Contributors: Janisk File:set_up_bridge.png ‚License: unknown ‚Contributors: Marisb File:Webfig-2.com/index.php?title=File:Secuirtas_profle.gif ‚License: unknown ‚Contributors: Andriss File:profiler.png ‚License: unknown ‚Contributors: Janisk File:goto_wireless.png ‚Source: http://wiki.png ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Janisk File:webfig_login.mikrotik.mikrotik.php?title=File:Profiler.gif ‚License: unknown ‚Contributors: Andriss Image:image2002.com/index.png ‚Source: http://wiki.png ‚Source: http://wiki.mikrotik.com/index.com/index.png ‚License: unknown ‚Contributors: Janisk File:add_bridge_port.png ‚License: unknown ‚Contributors: Janisk File:add_new_address.com/index.png ‚License: unknown ‚Contributors: Marisb Image:Supout.com/index.php?title=File:Change_password_user_edit.com/index.com/index.mikrotik.png ‚Source: http://wiki.gif ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Janisk.png ‚License: unknown ‚Contributors: Janisk File:master_port.mikrotik.com/index.php?title=File:Webfig-2. Route File:check_nat_masquerade.php?title=File:Correct_address_1.mikrotik.com/index.php?title=File:Supout.mikrotik.png ‚Source: http://wiki.php?title=File:Supout2. Marisb File:users_management.mikrotik.com/index.mikrotik.mikrotik.php?title=File:Icon-warn.mikrotik.png ‚Source: http://wiki.mikrotik.php?title=File:Image11002.png ‚License: unknown ‚Contributors: Janisk File:for_2_dns_servers.mikrotik.mikrotik.mikrotik.mikrotik.com/index.png ‚License: unknown ‚Contributors: Janisk File:go_to_DNS_settings.png ‚Source: http://wiki. Licenses and Contributors 61 Image Sources.com/index.mikrotik.png ‚License: unknown ‚Contributors: Normis Image:image2001.mikrotik.gif ‚License: unknown ‚Contributors: Andriss Image:image2004.png ‚License: unknown ‚Contributors: Janisk File:goto_system.php?title=File:Set_up_bridge.png ‚Source: http://wiki.com/index.php?title=File:Wifi_adv_mode.mikrotik.php?title=File:Image11001.php?title=File:Sntp_client_setup.png ‚Source: http://wiki.php?title=File:Masqurade_rule.png ‚Source: http://wiki.mikrotik.mikrotik.gif ‚Source: http://wiki.mikrotik.png ‚Source: http://wiki.php?title=File:Image2001.mikrotik.png ‚License: unknown ‚Contributors: Janisk File:route_add_gateway.php?title=File:Winbox-workarea.com/index.png ‚License: unknown ‚Contributors: Janisk File:wifi_freq_usage1.png ‚Source: http://wiki.php?title=File:Icon-note.mikrotik.mikrotik.php?title=File:Initial_screen_webfig.png ‚Source: http://wiki.com/index.mikrotik.php?title=File:Goto_wireless.png ‚Source: http://wiki.mikrotik.png ‚Source: http://wiki.mikrotik.com/index.png ‚Source: http://wiki.png ‚Source: http://wiki.png ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Janisk Image:Icon-warn.png ‚License: unknown ‚Contributors: Janisk File:secuirtas_profle.php?title=File:Users_management.png ‚Source: http://wiki.gif ‚License: unknown ‚Contributors: Andriss Image:image11002.png ‚Source: http://wiki.gif ‚Source: http://wiki.gif ‚Source: http://wiki.gif ‚License: unknown ‚Contributors: Andriss .php?title=File:Route_add_gateway.php?title=File:Image2002.com/index.com/index.png ‚Source: http://wiki.png ‚License: unknown ‚Contributors: Janisk Image:Icon-note.com/index.php?title=File:For_2_dns_servers.php?title=File:Remove_bridge_port.png ‚License: unknown ‚Contributors: Marisb.mikrotik.png ‚License: unknown ‚Contributors: Janisk File:creating_security_profile.mikrotik.com/index.png ‚License: unknown ‚Contributors: Marisb.png ‚License: unknown ‚Contributors: Marisb File:initial_screen_webfig.php?title=File:Wireless_general.com/index.com/index.png ‚License: unknown ‚Contributors: Janisk File:sntp_client_setup.png ‚Source: http://wiki.com/index.png ‚Source: http://wiki.com/index.com/index.png ‚License: unknown ‚Contributors: Janisk File:wireless_general.png ‚License: unknown ‚Contributors: Janisk File:change_passwd_current_user.png ‚License: unknown ‚Contributors: Janisk File:wifi_freq_usage.mikrotik.com/index.php?title=File:Image2005.php?title=File:Wireless_ht.png ‚License: unknown ‚Contributors: Marisb File:Winbox-workarea.php?title=File:DHCP_client.mikrotik.com/index.mikrotik.