RouterOS Howto (1) - Part 1
This is Part 1 of the RouterOS Howto for MikroTik hEX S.
Hardware
This Howto was tested on the following hardware:
| Component | Product |
|---|---|
| Router | MikroTik hEX S |
| SFP module | TP-Link TL-SM321B |
Definitions
Network interfaces
| List | Interfaces | Type |
|---|---|---|
| WAN direct | sfp1, ether1 | DHCP (dynamic) |
| WAN with VLAN | sfp1-vlan10, ether1-vlan10 | DHCP (dynamic) |
| LAN-STD | bridge1 (ether2, ether3, ether4, ether5) | IP |
| LAN-STD-GW | bridge1-vrrp1 | IP (Fallover) |
Services
| Service | Hostname | STD IP |
|---|---|---|
| Firewall (active) | tellurium | 192.168.1.5 |
| Firewall (passive) | palladium | 192.168.1.6 |
| Fallover IP | - | 192.168.1.1 |
| Default gateway | - | Fallover IP |
| DHCP | - | Fallover IP |
| DNS (external) | - | Fallover IP |
| DNS (internal) | services | 192.168.1.65 |
| NTP | ntp | Fallover IP |
| TFTP | tftp | Fallover IP |
Reset
Documentation:
[RouterOS CLI]: Software based reset (takes time!)
/system/reset-configuration
[Device]: Hardware based reset using the Reset button
- Disconnect the device from power
- Press & hold the Reset button
- Connect the device to power
- Release the Reset button when the network LEDs start blinking
- Wait until the device has booted (takes time!)
First login
[Device]: Connect the router to the internal network using the second Ethernet port
[UNIX shell]: Ping the router
ping '192.168.88.1'
[UNIX shell]: Log in with the user admin but without password using SSH
ssh -F '/dev/null' 'admin@192.168.88.1'
[RouterOS CLI]: Set the passwort from user admin
/password
Configure the system
Documentation:
[RouterOS CLI]: Define environment
- for tellurium.raysoft.loc
:global hostName "tellurium"
- for palladium.raysoft.loc
:global hostName "palladium"
[RouterOS CLI]: Configure the device name
/system/identity
set name="$hostName"
print
[RouterOS CLI]: Disable the login note
/system/note
set note="" show-at-login="no" show-at-cli-login="no"
print
Configure the network
Documentation:
[UNIX shell]: Define environment
- for tellurium.raysoft.loc
host_name='tellurium'
host_ip="192.168.1.5"
- for palladium.raysoft.loc
host_name='palladium'
host_ip="192.168.1.6"
[RouterOS CLI]: Define environment
- for tellurium.raysoft.loc
:global hostIP "192.168.1.5"
:global vrrpPriority 254
- for palladium.raysoft.loc
:global hostIP "192.168.1.6"
:global vrrpPriority 100
[RouterOS CLI]: Configure the Ethernet interfaces
/interface/ethernet
:foreach interface in=[find name~"^ether"] do={
set $interface \
advertise="10M-baseT-full,100M-baseT-full,1G-baseT-full" \
rx-flow-control="auto" tx-flow-control="auto" \
loop-protect="on"
}
print detail
[RouterOS CLI]: Configure the default gateway
/ip/route
add gateway="192.168.1.1"
print detail
[RouterOS CLI]: Configure DNS
/ip/dns
set servers="192.168.1.1" allow-remote-requests="no" \
cache-max-ttl="10m"
print
LAN-STD
[RouterOS CLI]: Rename the existing interface bridge bridge to bridge1
/interface/bridge
set "bridge" name="bridge1" comment=""
print detail
[RouterOS CLI]: Rename the existing interface list LAN to LAN-STD
/interface/list
set "LAN" name="LAN-STD" comment=""
print detail
[RouterOS CLI]: Configure IP addresses for the interface bridge bridge1
/ip/address
add interface="bridge1" address="$hostIP/24"
print detail
LAN-STD-GW
[RouterOS CLI]: Add the VRRP interface bridge1-vrrp1 on the interface bridge bridge1
/interface/vrrp
add name="bridge1-vrrp1" interface="bridge1" priority="$vrrpPriority"
print detail
[RouterOS CLI]: Configure IP addresses for the interface bridge1-vrrp1
/ip/address
add interface="bridge1-vrrp1" address="192.168.1.1/24"
print detail
[RouterOS CLI]: Add the interface bridge1-vrrp1 to the interface list LAN-STD-GW
/interface/list
add name="LAN-STD-GW"
print detail
/interface/list/member
add list="LAN-STD-GW" interface="bridge1-vrrp1"
print detail
Round up
[RouterOS CLI]: Reboot to activate the settings
/system/reboot
[Device]: Change the network cable on the router & the computer!
[UNIX shell]: Clean up the list of known SSH servers in the file ~/.ssh/known_hosts
for host in "${host_name}"{,'raysoft.loc'} "${host_ip}" '192.168.88.1'; do
ssh-keygen -R "${host}"
done
[UNIX shell]: Log in with the user admin using SSH
ssh -F '/dev/null' "admin@${host_name}.raysoft.loc"
[RouterOS CLI]: Remove the factory-set IP address, default gateway & DNS static name
/ip/address
remove [find address~"^192.168.88"]
print detail
/ip/route
remove [find dst-address~"^192.168.88"]
print detail
/ip/dns/static
remove [find name="router.lan"]
print detail
[RouterOS CLI]: Test the name resolution & Internet connectivity
/ping count="5" "raysoft.ch"
Configure date & time
Documentation:
[RouterOS CLI]: Configure the time zone
/system/clock
set time-zone-autodetect="no" time-zone-name="UCT"
print
[RouterOS CLI]: Configure the NTP client
/system/ntp/client
set enable="yes" mode="unicast" servers="ntp.raysoft.loc"
print
Update
Documentation:
Available RouterOS Update Channels:
- development
- long-term
- stable
- testing
[RouterOS CLI]: Configure the RouterOS Update Channel
/system/package/update
set channel="stable"
print
[RouterOS CLI]: Check if updates are available. If so, download them
/system/package/update
check-for-updates
download
[RouterOS CLI]: Reboot to install the updates
/system/reboot
[RouterOS CLI]: Verify the boot loader version. If current-firmware != upgrade-firmware, upgrade it
/system/routerboard
print
upgrade
[RouterOS CLI]: Reboot to install the boot loader
/system/reboot