Basic configuration

-set hostname
[admin@MikroTik] > system identity set name=MikroTik
-check interface

[admin@MikroTik] > interface print
Flags: D – dynamic, X – disabled, R – running, S – slave
#     NAME                                TYPE         MTU L2MTU  MAX-L2MTU
0  R  ether1                              ether       1500

-set ip address
[admin@MikroTik] /ip> address add address=10.0.0.211/24 interface=ether1
-verify ip address
[admin@MikroTik] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
#   ADDRESS            NETWORK         INTERFACE
0   10.0.0.211/24      10.0.0.0        ether1
-set gateway
[admin@MikroTik] > ip route add gateway=10.0.0.1
-verify gateway
[admin@MikroTik] > ip route print
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,
B – blackhole, U – unreachable, P – prohibit
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0 A S  ;;; added by setup
0.0.0.0/0                          10.0.0.1                  1
1 ADC  10.0.0.0/24        10.0.0.211      ether1                    0
-set dns server
[admin@MikroTik] > ip dns set servers=8.8.8.8,8.8.4.4
-test connection to outside world
[admin@MikroTik] > ping 8.8.8.8
HOST                                     SIZE TTL TIME  STATUS
8.8.8.8                                    56  46 28ms
8.8.8.8                                    56  46 34ms
-set time zone
[admin@MikroTik] > system clock set time-zone-name=Asia/Jakarta
-point to ntp server
[admin@MikroTik] > system ntp client set enabled=yes primary-ntp=[:resolve sg.pool.ntp.org] mode=unicast
-set admin password
[admin@MikroTik] > password
old-password:
new-password: ********
confirm-new-password: ********
-set alternate admin password in case you lost your admin password
/user add name=badmin password=putpasshere group=full address=10.0.0.0/24
-check services
[admin@MikroTik] > ip service print
Flags: X – disabled, I – invalid
#   NAME      PORT ADDRESS                                       CERTIFICATE
0   telnet      23
1   ftp         21
2   www         80
3   ssh         22
4 X www-ssl    443                                               none
5   api       8728
6   winbox    8291
7   api-ssl   8729                                               none
-disable ftp telnet api
[admin@MikroTik] > ip service disable 0
[admin@MikroTik] > ip service disable 1
[admin@MikroTik] > ip service disable 5
-enable www-ssl
[admin@MikroTik] > ip service enable 4
> snmp set enabled=yes location=”The Matrix” contact=admin@poc.local
-set time zone
[admin@MikroTik] > system clock set time-zone-name=Asia/Jakarta
-set local ntp server
[admin@MikroTik] > system ntp server set broadcast=no enabled=yes manycast=yes multicast=no trap-version=3
-point local ntp server to public ntp server
[admin@MikroTik] > system ntp client set enabled=yes primary-ntp=[:resolve sg.pool.ntp.org] mode=unicast
[admin@MikroTik] > system package print
Flags: X – disabled
#   NAME                    VERSION                    SCHEDULED
0   ntp                     6.19
1   kvm                     6.19
2   dhcp                    6.19
3   multicast               6.19
4   mpls                    6.19
5   isdn                    6.19
6   ups                     6.19
7   security                6.19
8   gps                     6.19
9   ppp                     6.19
10   user-manager            6.19
11   hotspot                 6.19
12   system                  6.19
13   calea                   6.19
14   ipv6                    6.19
15   lcd                     6.19
16   routing                 6.19
17   wireless                6.19
18   advanced-tools          6.19
[admin@MikroTik] > system license print
software-id: ZJ3M-ESHW
upgradable-to: v7.x
nlevel: 6
features:
Let say we have another interface for WAN connection and we need to delete default gateway from current config
[admin@MikroTik] > ip dhcp-client add interface=ether2 disabled=no
[admin@MikroTik] > ip dhcp-client print detail
Flags: X – disabled, I – invalid
0   interface=ether2 add-default-route=yes default-route-distance=1
use-peer-dns=yes use-peer-ntp=yes dhcp-options=hostname,clientid
status=bound address=192.168.1.106/24 gateway=192.168.1.1
dhcp-server=192.168.1.1 primary-dns=192.168.1.1
secondary-dns=192.168.1.1 expires-after=23h44m5s
[admin@MikroTik] > ip address print
Flags: X – disabled, I – invalid, D – dynamic
#   ADDRESS            NETWORK         INTERFACE
0   10.0.0.211/24      10.0.0.0        ether1
1 D 192.168.1.106/24   192.168.1.0     ether2
[admin@MikroTik] > ip route print
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,
B – blackhole, U – unreachable, P – prohibit
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0 ADS  0.0.0.0/0                          10.0.0.1               1
1 ADS  0.0.0.0/0                          192.168.1.1               1

2 ADC  10.0.0.0/24        10.0.0.211      ether1                    0
3 ADC  192.168.1.0/24     192.168.1.106   ether2                    0

[admin@MikroTik] > ip route remove 0
[admin@MikroTik] > ip route print
Flags: X – disabled, A – active, D – dynamic,
C – connect, S – static, r – rip, b – bgp, o – ospf, m – mme,
B – blackhole, U – unreachable, P – prohibit
#      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
0 ADS  0.0.0.0/0                          192.168.1.1               1

1 ADC  10.0.0.0/24        10.0.0.211      ether1                    0
2 ADC  192.168.1.0/24     192.168.1.106   ether2                    0

[admin@MikroTik] > interface print
Flags: D – dynamic, X – disabled, R – running, S – slave
#     NAME                                TYPE         MTU L2MTU  MAX-L2MTU
0  R  ether1                              ether       1500
1  R  ether2                              ether       1500
-harden admin access by  giving no access to admin
ssh to mikrotik as badmin
[badmin@MikroTik] > user group add name=noaccess
[badmin@MikroTik] > user group print
0 name=”read” policy=local,telnet,ssh,reboot,read,test,winbox,password,web,
sniff,sensitive,api,!ftp,!write,!policy
skin=default

1 name=”write” policy=local,telnet,ssh,reboot,read,write,test,winbox,password,
web,sniff,sensitive,api,!ftp,!policy
skin=default

2 name=”full” policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,
password,web,sniff,sensitive,api
skin=default

3 name=”noaccess” policy=!local,!telnet,!ssh,!ftp,!reboot,!read,!write,!policy,View Post
!test,!winbox,!password,!web,!sniff,!sensitive,!api
skin=default

[admin@MikroTik] > user print
Flags: X – disabled
#   NAME             GROUP             ADDRESS            LAST-LOGGED-IN
0   ;;; system default user
admin            noaccess                             sep/24/2014 19:33:47
1   badmin           full
[badmin@MikroTik] > user set 0 group=noaccess
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s