To find out how the MikroTik Router, used RB450G MikroTik Wireless Router (Indoor) and RB1000. It is expected that this router can answer the problems faced such as how to control bandwidth (Bandwidth Control), PAT (local device access from the Internet), NAT (local computer can access the Internet), VLANs for segmentation purposes, the user controls the Hot Spot. Before performing the initial installation, you should download the following files:
1.Aplikasi Mikrotik Neighbor Viewer 2.Aplikasi Winbox
3.Reference Manual (in PDF) With the above two applications, the installation of a new beginning can be made. While still new, RB450G not equipped with an IP Address, MAC Address only. It is necessary to use a telnet application that supports the MAC Address. In applications Mikrotik Neighbor Telnet Viewer is available with MAC Address. But unfortunately, every time you want to log into RB450, always fails with error message "Connection timeout". Initially we connect the PC and RB450G to a switch. Although the relationship has changed from a PC directly to RB450G, the error message still appears and the process of IP address always fails.
Because the use Mikrotik Neighbor Viewer application always failed, ultimately disposable WinBox application. Because RB450G not yet have an IP Address, then entered the MAC address it. As always, when beginning to use the username is admin with no password. Once able to get into RB450G use WinBox Console, we can set a new IP Address.
Setting IP Address: IP -> Addresses -> + -> Address: 192.168.1.3/24; Network: blank; Broadcast: blank; Interface: ether-1 gateway -> OK
After the first port or Eth1/PoE given IP = 192.168.1.3, I tried to get out of WinBox Console in order to enter again into WinBox Console but use IP address rather than MAC Address.
It did not get into RB450G by using an IP Address. Finally had to use MAC Address again. Do not know why. Is it possible for port 8291 not open?
Apparently there Action = drop on the menu IP -> Firewall -> Filter Rules -> Chain: input; In Interface: ether1-gateway. After the amended Action = accept, the connection with WinBox Console via IP addresses and connection with a web browser can be done.
Login [Msmunir @ lenovo ~] $ telnet 202.46.3.xx Trying 202.46.3.xx. .. Connected to 202.46.3.xx. Escape character is'^]'.
MikroTik v3.28 Login: admin Password: [Admin @ MikroTik]>
Change Password: [Admin @ MikroTik]> password old password: ******* new password: ******** Retype new password: ******** [Admin @ MikroTik]>
Change the machine name of the MikroTik be MikroTik1: [Admin @ MikroTik]> system identity set name = MikroTik1 [Admin @ MikroTik1]>
Viewing interface [Admin @ MikroTik1]> interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU 0 R ether1-gateway ether 1500 1526 1 R Local ether 1500 ether2-1524 2-local ether3 ether 1500 1524 3-local ether4 ether 1500 1524 4-local ether5 ether 1500 1524 [Admin @ MikroTik1]>
Giving IP Address: [Admin @ MikroTik1]> ip address add address = 192.168.1.3 netmask = 255.255.255.0 interface = ether1-gateway [Admin @ MikroTik1]> ip address add address = 192.168.2.1 netmask = 255.255.255.0 interface = ether2-local [Admin @ MikroTik1]>
Viewing IP Address Configuration: [Admin @ MikroTik1]> ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.1.3/24 192.168.1.0 192.168.1.255 ether1-gateway 1 192.168.2.1/24 192.168.2.0 192.168.2.255 ether2-local [Admin @ MikroTik1]>
Provide default Gateway [Admin @ MikroTik1]> ip route add gateway = 192.168.1.1
Viewing the routing table [Admin @ MikroTik1]> ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - OSPF, m - MME, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS G GATEWAY pref-SRC DISTANCE IN .. 0 A S 0.0.0.0 / 0 r 192.168.1.1 1 et .. 1 ADC 192.168.1.0/24 192.168.1.3 0 et .. 2 ADC 192.168.2.0/24 192.168.2.1 0 et .. [Admin @ MikroTik1]>
Setting DNS [Admin @ MikroTik1]> ip dns set primary-dns = 203 130 196 155 remoterequests = no allow- [Admin @ MikroTik1]> ip dns set secondary-dns = 203.130.208.18 allow-remoterequests = no
Looking at the DNS configuration [Admin @ MikroTik1]> ip dns print primary-dns: 203 130 196 155 secondary-dns: 203.130.208.18 allow-remote-requests: yes max-udp-packet-size: 512 cache-size: 2048KiB cache-max-ttl: 1W cache-Used: 6KiB [Admin @ MikroTik1]>
Access test domain: admin @ MikroTik1]> ping yahoo.com 209.191.93.53 64 byte ping: ttl = 43 time = 369 ms 209.191.93.53 64 byte ping: ttl = 43 time = 402 ms 209.191.93.53 64 byte ping: ttl = 43 time = 376 ms 209.191.93.53 64 byte ping: ttl = 43 time = 372 ms 4 packets transmitted, 4 packets received, 0% packet loss round-trip min / avg / max = 369/379.7/402 ms [Admin @ MikroTik1]>
Setup Masquerading [Admin @ MikroTik1]> ip firewall nat add action = masquerade out-interface = ether1 chain-gateway = srcnat [Admin @ MikroTik1]>
See masquerading configuration: [Admin @ MikroTik1]> ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 chain = srcnat action = masquerade out-interface = ether1-gateway [Admin @ MikroTik1]>
Another way is to use the menu:
Change Password: System -> Password -> New Password: 123456; Confirm Password: 123456 -> OK
Activate eth2 IP -> Firewall -> Filter Rules -> Chain: input; In. Interface: ether2-local; Action: accept -> OK IP -> Firewall -> NAT -> Chain: srcnat; Src. Address: 192.168.2.0/24; Out. Interface: ether1-gateway; Action: masquerade -> OK IP -> Firewall -> Mangle -> Chain: forward; In. Interface: ether1-gateway; Out. Interface: ether2-local; Src. Address List:! nice; Action: mark connection; New Connection Mark: VLAN1; passthrough: Enable -> OK
Setting DNS IP -> Settings -> Primary DNS = 203 130 196 155; Secondary DNS = 203.130.208.18 -> OK
Activate MRTG to Interface Tools -> Graphing -> Rules Interface -> Interface: ether1-gateway; Allow Address: 0.0.0.0 / 0; Store on Disk: Enable -> OK
Activate MRTG to Resource (Memory, CPU, HDD) Tools -> Graphing -> Resource Rules -> Allow Address: 0.0.0.0 / 0; Store on Disk: Enable -> OK
Enable VLAN Interfaces -> VLAN -> Name: VLAN1; Type: VLAN; MTU: 1500; VLAN ID: 1; Interface: ether1-local -> OK. IP -> Firewall -> Mangle -> Chain: forward; In. Interface: ether1-gateway; Out. Interface: VLAN1; Action: accept -> OK
Set Clock System -> NTP Client -> Enabled: yes; Mode: unicast; Primary NTP Server: ntp.kim.lipi.go.id or 203 160 128 178; others (such as the Poll Interval, Active Server, Last Update From) will be filled with itself -> OK
System -> Clock -> Time Zone Name: Asia / Jakarta; the others will be filled by itself -> OK
Set the system clock for referring to the NTP System -> NTP Client-> Enabled -> Mode: unicast -> Primary NTP Server: 202.134.6.170 -> Apply -> OK System -> Clock -> Time Zone Name: Asia / Jakarta -> Apply -> OK
Bandwidth Control Queues -> Queue Tree -> Name; Parent; Packet Mask; Queue Type, Priority; Max Limit, Burst Limit, Burst Time -> OK Burst Limit and Burst Time to test the bandwidth. Queues -> Queue Types -> Type Name; Kind; Rate = 0; Limit = 50; Total Limit = 2000; Classifier -> OK Bandwidth control is linked to the Mangle on IP -> Firewall -> Mangle. Mark Packet in Queue Tree will be used in
Backup and Restore Files -> Backup -> wait until there is a new file with the names of approximately: MikroTik-10042010-2021.backup. Notice Creation Time is in accord with the current time? The file name seems to fit with the time of manufacture. 10042010 means April 10, 2010. 2021 means the clock 20:21. To move a file backup to outside MikroTik, eg to your PC, use FTP Client. For that you must know the IP address of the MikroTik FTP would be this. To mengaktikan (restore) the results of this backup in another MikroTik, move these backup files from your PC to another MikroTik. IN another MikroTik this lalukan Restore command. Files -> select the backup file -> Restore.
Initially to move the settings and configuration of the MikroTik MikroTik MikroTik one to another with export and import orders. It turned out that this command does not give the desired results.
Knowing the number of PCs that are connected Tools -> IP Scan -> Interface: vlan_ppin -> Address Range: 0.0.0.0 -> Start Wait a while until the list of IP addresses that are active appear, see the window of his title the words "running".
Previously using a command line nmap from Proxy Server. In MikroTik no command nmap.
Adding Users System -> Users -> Users Tab -> (+) -> Name: xxxxx, Group: All -> Password -> New Password: xxx, Confirm Password: xxx -> OK
1.Aplikasi Mikrotik Neighbor Viewer 2.Aplikasi Winbox
3.Reference Manual (in PDF) With the above two applications, the installation of a new beginning can be made. While still new, RB450G not equipped with an IP Address, MAC Address only. It is necessary to use a telnet application that supports the MAC Address. In applications Mikrotik Neighbor Telnet Viewer is available with MAC Address. But unfortunately, every time you want to log into RB450, always fails with error message "Connection timeout". Initially we connect the PC and RB450G to a switch. Although the relationship has changed from a PC directly to RB450G, the error message still appears and the process of IP address always fails.
Because the use Mikrotik Neighbor Viewer application always failed, ultimately disposable WinBox application. Because RB450G not yet have an IP Address, then entered the MAC address it. As always, when beginning to use the username is admin with no password. Once able to get into RB450G use WinBox Console, we can set a new IP Address.
Setting IP Address: IP -> Addresses -> + -> Address: 192.168.1.3/24; Network: blank; Broadcast: blank; Interface: ether-1 gateway -> OK
After the first port or Eth1/PoE given IP = 192.168.1.3, I tried to get out of WinBox Console in order to enter again into WinBox Console but use IP address rather than MAC Address.
It did not get into RB450G by using an IP Address. Finally had to use MAC Address again. Do not know why. Is it possible for port 8291 not open?
Apparently there Action = drop on the menu IP -> Firewall -> Filter Rules -> Chain: input; In Interface: ether1-gateway. After the amended Action = accept, the connection with WinBox Console via IP addresses and connection with a web browser can be done.
Login [Msmunir @ lenovo ~] $ telnet 202.46.3.xx Trying 202.46.3.xx. .. Connected to 202.46.3.xx. Escape character is'^]'.
MikroTik v3.28 Login: admin Password: [Admin @ MikroTik]>
Change Password: [Admin @ MikroTik]> password old password: ******* new password: ******** Retype new password: ******** [Admin @ MikroTik]>
Change the machine name of the MikroTik be MikroTik1: [Admin @ MikroTik]> system identity set name = MikroTik1 [Admin @ MikroTik1]>
Viewing interface [Admin @ MikroTik1]> interface print Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE MTU L2MTU 0 R ether1-gateway ether 1500 1526 1 R Local ether 1500 ether2-1524 2-local ether3 ether 1500 1524 3-local ether4 ether 1500 1524 4-local ether5 ether 1500 1524 [Admin @ MikroTik1]>
Giving IP Address: [Admin @ MikroTik1]> ip address add address = 192.168.1.3 netmask = 255.255.255.0 interface = ether1-gateway [Admin @ MikroTik1]> ip address add address = 192.168.2.1 netmask = 255.255.255.0 interface = ether2-local [Admin @ MikroTik1]>
Viewing IP Address Configuration: [Admin @ MikroTik1]> ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 192.168.1.3/24 192.168.1.0 192.168.1.255 ether1-gateway 1 192.168.2.1/24 192.168.2.0 192.168.2.255 ether2-local [Admin @ MikroTik1]>
Provide default Gateway [Admin @ MikroTik1]> ip route add gateway = 192.168.1.1
Viewing the routing table [Admin @ MikroTik1]> ip route print Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - OSPF, m - MME, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS G GATEWAY pref-SRC DISTANCE IN .. 0 A S 0.0.0.0 / 0 r 192.168.1.1 1 et .. 1 ADC 192.168.1.0/24 192.168.1.3 0 et .. 2 ADC 192.168.2.0/24 192.168.2.1 0 et .. [Admin @ MikroTik1]>
Setting DNS [Admin @ MikroTik1]> ip dns set primary-dns = 203 130 196 155 remoterequests = no allow- [Admin @ MikroTik1]> ip dns set secondary-dns = 203.130.208.18 allow-remoterequests = no
Looking at the DNS configuration [Admin @ MikroTik1]> ip dns print primary-dns: 203 130 196 155 secondary-dns: 203.130.208.18 allow-remote-requests: yes max-udp-packet-size: 512 cache-size: 2048KiB cache-max-ttl: 1W cache-Used: 6KiB [Admin @ MikroTik1]>
Access test domain: admin @ MikroTik1]> ping yahoo.com 209.191.93.53 64 byte ping: ttl = 43 time = 369 ms 209.191.93.53 64 byte ping: ttl = 43 time = 402 ms 209.191.93.53 64 byte ping: ttl = 43 time = 376 ms 209.191.93.53 64 byte ping: ttl = 43 time = 372 ms 4 packets transmitted, 4 packets received, 0% packet loss round-trip min / avg / max = 369/379.7/402 ms [Admin @ MikroTik1]>
Setup Masquerading [Admin @ MikroTik1]> ip firewall nat add action = masquerade out-interface = ether1 chain-gateway = srcnat [Admin @ MikroTik1]>
See masquerading configuration: [Admin @ MikroTik1]> ip firewall nat print Flags: X - disabled, I - invalid, D - dynamic 0 chain = srcnat action = masquerade out-interface = ether1-gateway [Admin @ MikroTik1]>
Another way is to use the menu:
Change Password: System -> Password -> New Password: 123456; Confirm Password: 123456 -> OK
Activate eth2 IP -> Firewall -> Filter Rules -> Chain: input; In. Interface: ether2-local; Action: accept -> OK IP -> Firewall -> NAT -> Chain: srcnat; Src. Address: 192.168.2.0/24; Out. Interface: ether1-gateway; Action: masquerade -> OK IP -> Firewall -> Mangle -> Chain: forward; In. Interface: ether1-gateway; Out. Interface: ether2-local; Src. Address List:! nice; Action: mark connection; New Connection Mark: VLAN1; passthrough: Enable -> OK
Setting DNS IP -> Settings -> Primary DNS = 203 130 196 155; Secondary DNS = 203.130.208.18 -> OK
Activate MRTG to Interface Tools -> Graphing -> Rules Interface -> Interface: ether1-gateway; Allow Address: 0.0.0.0 / 0; Store on Disk: Enable -> OK
Activate MRTG to Resource (Memory, CPU, HDD) Tools -> Graphing -> Resource Rules -> Allow Address: 0.0.0.0 / 0; Store on Disk: Enable -> OK
Enable VLAN Interfaces -> VLAN -> Name: VLAN1; Type: VLAN; MTU: 1500; VLAN ID: 1; Interface: ether1-local -> OK. IP -> Firewall -> Mangle -> Chain: forward; In. Interface: ether1-gateway; Out. Interface: VLAN1; Action: accept -> OK
Set Clock System -> NTP Client -> Enabled: yes; Mode: unicast; Primary NTP Server: ntp.kim.lipi.go.id or 203 160 128 178; others (such as the Poll Interval, Active Server, Last Update From) will be filled with itself -> OK
System -> Clock -> Time Zone Name: Asia / Jakarta; the others will be filled by itself -> OK
Set the system clock for referring to the NTP System -> NTP Client-> Enabled -> Mode: unicast -> Primary NTP Server: 202.134.6.170 -> Apply -> OK System -> Clock -> Time Zone Name: Asia / Jakarta -> Apply -> OK
Bandwidth Control Queues -> Queue Tree -> Name; Parent; Packet Mask; Queue Type, Priority; Max Limit, Burst Limit, Burst Time -> OK Burst Limit and Burst Time to test the bandwidth. Queues -> Queue Types -> Type Name; Kind; Rate = 0; Limit = 50; Total Limit = 2000; Classifier -> OK Bandwidth control is linked to the Mangle on IP -> Firewall -> Mangle. Mark Packet in Queue Tree will be used in
Backup and Restore Files -> Backup -> wait until there is a new file with the names of approximately: MikroTik-10042010-2021.backup. Notice Creation Time is in accord with the current time? The file name seems to fit with the time of manufacture. 10042010 means April 10, 2010. 2021 means the clock 20:21. To move a file backup to outside MikroTik, eg to your PC, use FTP Client. For that you must know the IP address of the MikroTik FTP would be this. To mengaktikan (restore) the results of this backup in another MikroTik, move these backup files from your PC to another MikroTik. IN another MikroTik this lalukan Restore command. Files -> select the backup file -> Restore.
Initially to move the settings and configuration of the MikroTik MikroTik MikroTik one to another with export and import orders. It turned out that this command does not give the desired results.
Knowing the number of PCs that are connected Tools -> IP Scan -> Interface: vlan_ppin -> Address Range: 0.0.0.0 -> Start Wait a while until the list of IP addresses that are active appear, see the window of his title the words "running".
Previously using a command line nmap from Proxy Server. In MikroTik no command nmap.
Adding Users System -> Users -> Users Tab -> (+) -> Name: xxxxx, Group: All -> Password -> New Password: xxx, Confirm Password: xxx -> OK