RouterOS Howto (1) - Part 1
This is Part 1 of the RouterOS Howto for MikroTik hEX S.
Hardware
This Howto was tested on the following hardware:
| Component | Product |
|---|---|
| Router | MikroTik hEX S |
| SFP module | TP-Link TL-SM321B |
Definitions
Network interfaces
| List | Interfaces | Type |
|---|---|---|
| WAN | sfp1-vlan10, ether1-vlan10 | DHCP (dynamic) |
| LAN-STD | bridge1 (ether2, ether3, ether4, ether5) | IP |
| LAN-STD-GW | bridge1-vrrp1 | IP (Fallover) |
Services
| Service | Hostname | STD IP |
|---|---|---|
| Firewall (active) | tellurium | 192.168.1.5 |
| Firewall (passive) | palladium | 192.168.1.6 |
| Fallover IP | - | 192.168.1.1 |
| Default gateway | - | Fallover IP |
| DHCP | - | Fallover IP |
| DNS (external) | - | Fallover IP |
| DNS (internal) | services | 192.168.1.65 |
| NTP | ntp | Fallover IP |
| TFTP | tftp | Fallover IP |
Reset
Documentation:
- RouterOS manual [EN]
[RouterOS CLI]: Software based reset (takes time!)
/system reset-configuration
[Device]: Hardware based reset using the Reset button
- Disconnect the device from power
- Press & hold the Reset button
- Connect the device to power
- Release the Reset button when the network LEDs start blinking
- Wait until the device has booted (takes time!)
First login
[Device]: Connect the router to the internal network using the second Ethernet port
[UNIX shell]: Log in with the user admin but without password using SSH
ssh -F '/dev/null' 'admin@192.168.88.1'
[RouterOS CLI]: Set the passwort from user admin
/password
Configure the system
Documentation:
- RouterOS manual [EN]
[RouterOS CLI]: Define environment
- for tellurium.raysoft.loc
:global hostName "tellurium"
- for palladium.raysoft.loc
:global hostName "palladium"
[RouterOS CLI]: Configure the device name
/system identity
set name="$hostName"
print
[RouterOS CLI]: Disable the login note
/system note
set show-at-login="no"
print
Configure the network
Documentation:
- RouterOS manual [EN]
[UNIX shell]: Define environment
- for tellurium.raysoft.loc
host_name='tellurium'
host_ip="192.168.1.5"
- for palladium.raysoft.loc
host_name='palladium'
host_ip="192.168.1.6"
[RouterOS CLI]: Define environment
- for tellurium.raysoft.loc
:global hostIP "192.168.1.5"
:global vrrpPriority 254
- for palladium.raysoft.loc
:global hostIP "192.168.1.6"
:global vrrpPriority 100
[RouterOS CLI]: Configure the Ethernet interfaces
/interface ethernet
:foreach interface in=[find name~"^ether"] do={
set $interface advertise="10M-full,100M-full,1000M-full" \
full-duplex="yes" rx-flow-control="auto" tx-flow-control="auto" \
loop-protect="on"
}
print detail
[RouterOS CLI]: Configure the default gateway
/ip route
add gateway="10.0.10.1"
print detail
[RouterOS CLI]: Configure DNS
/ip dns
set servers="192.168.1.1" allow-remote-requests="no" \
cache-max-ttl="10m"
print
LAN-STD
[RouterOS CLI]: Rename the existing interface bridge to bridge1
/interface bridge
set "bridge" name="bridge1" comment=""
print detail
[RouterOS CLI]: Configure IP addresses for the interface bridge bridge1
/ip address
add interface="bridge1" address="$hostIP/24"
print detail
LAN-STD-GW
[RouterOS CLI]: Add the VRRP interface bridge1-vrrp1 on the interface bridge bridge1
/interface vrrp
add name="bridge1-vrrp1" interface="bridge1" priority="$vrrpPriority"
print detail
[RouterOS CLI]: Configure IP addresses for the interface bridge1-vrrp1
/ip address
add interface="bridge1-vrrp1" address="192.168.1.1/24"
print detail
[RouterOS CLI]: Add the interface bridge1-vrrp1 to the interface list LAN-STD-GW
/interface list
add name="LAN-STD-GW"
print detail
/interface list member
add list="LAN-STD-GW" interface="bridge1-vrrp1"
print detail
Round up
[RouterOS CLI]: Reboot to activate the settings
/system reboot
[Device]: Change the network cable on the router & the computer!
[UNIX shell]: Clean up the list of known SSH servers in the file ~/.ssh/known_hosts
for host in "${host_name}"{,'raysoft.loc'} "${host_ip}" '192.168.88.1'; do
ssh-keygen -R "${host}"
done
[UNIX shell]: Log in with the user admin using SSH
ssh -F '/dev/null' "admin@${host_name}.raysoft.loc"
[RouterOS CLI]: Remove the factory-set IP address & default gateway
/ip address
remove [find address~"^192.168.88"]
print detail
/ip route
remove [find dst-address~"^192.168.88"]
print detail
[RouterOS CLI]: Test the name resolution & Internet connectivity
/ping count="5" "raysoft.ch"
Configure date & time
Documentation:
- RouterOS manual [EN]
[RouterOS CLI]: Configure the time zone
/system clock
set time-zone-autodetect="no" time-zone-name="UCT"
print
[RouterOS CLI]: Configure the NTP client
/system ntp client
set enable="yes" servers="ntp.raysoft.loc"
print
Configure email forwarder
Documentation:
- RouterOS manual [EN]
[RouterOS CLI]: Configure email forwarder to GMail
/tool e-mail
set address=[:resolve "smtp.gmail.com"] port=587 tls="starttls" \
user="alex.the.lion@gmail.com" password="**********" \
from="alex.the.lion@gmail.com"
print
[RouterOS CLI]: Send a test email
/tool e-mail
send to="alex.the.lion@gmail.com" subject="Email test" body="email test"
Configure microSD card
Documentation:
- RouterOS manual [EN]
[Device]: Insert the card into the microSD slot
[RouterOS CLI]: Define environment
:global cardName "mircosd1"
[RouterOS CLI]: Show the card
/disk
print
[RouterOS CLI]: Format the card & set its name
/disk
format-drive "sd1" file-system="ext4" label="$cardName"
set name="$cardName" [find label="$cardName"]
print
[RouterOS CLI]: Show the card in the file management
/file
print where name~"$cardName"