Configure a MikroTik RouterBoard as a basic Router. The following guide is based on using a MikroTik RB/751U-2HnD. This guide however can be used for any MikroTik Router with minor adjustments (i.e. You may have more or less ethernet and or wireless interfaces on other Routers and therefore your configuration will be slightly different when adding interfaces to the bridge).
Ensure you are connected to an ethernet port other than ether1 as this is in most cases configured as a WAN port with the default RouterOS configuration and prevents Winbox access until the configuration is removed.
Login to the Router via Winbox and remove the RouterOS Default Configuration.
Setting up the WAN port:
Option 1:
Configure a WAN port that will receive a DHCP address from an uplink Router or ADSL Modem.
[admin@MikroTik] > /ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=wan-ip-address disabled=no
Option 2:
Configure a WAN port with a PPPoE client (great for connecting to an uplink Draytek ADSL modem that is in bridge mode).
Note: You will need your ISP Username and Password to continue.
Create a PPP Profile for the PPPoE Client Interface:
[admin@MikroTik] > /ppp profile add name=ppp-wan change-tcp-mss=yes
Create the PPPoE Client Interface:
[admin@MikroTik] > /interface pppoe-client add name=pppoe-wan interface=ether1 user=user.xadsl@xtra.co.nz password=my_password add-default-route=yes use-peer-dns=yes profile=ppp-wan allow=pap disabled=no
Setup DNS:
[admin@MikroTik] > /ip dns set allow-remote-requests=yes
Create a bridge and add all the remaining ports / interfaces into it:
[admin@MikroTik] > /interface bridge add name=bridge-local comment="Internal Network" disabled=no
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether2
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether3
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether4
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether5
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=wlan1
Assign an IP Address to the bridge we created in the previous step:
[admin@MikroTik] > /ip address add address=192.168.2.1/24 interface=bridge-local
Configure a DHCP Server for your network:
[admin@MikroTik] > /ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: bridge-local
Select network for DHCP addresses
dhcp address space: 192.168.2.0/24
Select gateway for given network
gateway for dhcp network: 192.168.2.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.2.2-192.168.2.254
Select DNS servers
dns servers: 192.168.2.1
Select lease time
lease time: 3d
Configuring NAT for Internet Access:
Option 1:
NAT rule for masquerading traffic out ether1 (Use this rule if you have configured your router using WAN Port Configuration Option 1).
[admin@MikroTik] > /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment=nat-internet-access disabled=no
[admin@MikroTik] > /ip firewall nat add chain=srcnat out-interface=pppoe-wan action=masquerade comment=nat-internet-access disabled=no
[admin@MikroTik] > /interface wireless security-profiles add name=wifi_security mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=wifipassword123 management-protection=allowed
Configure Wireless Interface:
[admin@MikroTik] > /interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2412 ssid="My MikroTik" wireless-protocol=802.11 security-profile=wifi_security default-authentication=yes ht-txchains=0,1 ht-rxchains=0,1 disabled=no
Basic MikroTik Firewall Configuration:
At this point your MikroTik router does not have the Firewall configured. This means you will be open to threats and attacks from the Internet. For more information on configuring your Routers firewall please visit "Secure your MikroTik Firewall"
Finish
May Be Useful
Ensure you are connected to an ethernet port other than ether1 as this is in most cases configured as a WAN port with the default RouterOS configuration and prevents Winbox access until the configuration is removed.
Login to the Router via Winbox and remove the RouterOS Default Configuration.
Setting up the WAN port:
Option 1:
Configure a WAN port that will receive a DHCP address from an uplink Router or ADSL Modem.
[admin@MikroTik] > /ip dhcp-client add interface=ether1 add-default-route=yes use-peer-dns=yes use-peer-ntp=yes comment=wan-ip-address disabled=no
Option 2:
Configure a WAN port with a PPPoE client (great for connecting to an uplink Draytek ADSL modem that is in bridge mode).
Note: You will need your ISP Username and Password to continue.
Create a PPP Profile for the PPPoE Client Interface:
[admin@MikroTik] > /ppp profile add name=ppp-wan change-tcp-mss=yes
Create the PPPoE Client Interface:
[admin@MikroTik] > /interface pppoe-client add name=pppoe-wan interface=ether1 user=user.xadsl@xtra.co.nz password=my_password add-default-route=yes use-peer-dns=yes profile=ppp-wan allow=pap disabled=no
Setup DNS:
[admin@MikroTik] > /ip dns set allow-remote-requests=yes
Create a bridge and add all the remaining ports / interfaces into it:
[admin@MikroTik] > /interface bridge add name=bridge-local comment="Internal Network" disabled=no
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether2
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether3
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether4
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=ether5
[admin@MikroTik] > /interface bridge port add bridge=bridge-local interface=wlan1
Assign an IP Address to the bridge we created in the previous step:
[admin@MikroTik] > /ip address add address=192.168.2.1/24 interface=bridge-local
Configure a DHCP Server for your network:
[admin@MikroTik] > /ip dhcp-server setup
Select interface to run DHCP server on
dhcp server interface: bridge-local
Select network for DHCP addresses
dhcp address space: 192.168.2.0/24
Select gateway for given network
gateway for dhcp network: 192.168.2.1
Select pool of ip addresses given out by DHCP server
addresses to give out: 192.168.2.2-192.168.2.254
Select DNS servers
dns servers: 192.168.2.1
Select lease time
lease time: 3d
Configuring NAT for Internet Access:
Option 1:
NAT rule for masquerading traffic out ether1 (Use this rule if you have configured your router using WAN Port Configuration Option 1).
[admin@MikroTik] > /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade comment=nat-internet-access disabled=no
Option 2:
NAT rule for masquerading traffic out the ppp-wan Interface (Use this rule if you have configured your WAN port as a PPPoE Client interface Option 2).
Configure the Wireless Interface (if any):
Note: This wireless configuration is based on 2.4GHz b/g/n.
Create a Wireless Security Profile:
[admin@MikroTik] > /interface wireless security-profiles add name=wifi_security mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa2-pre-shared-key=wifipassword123 management-protection=allowed
Configure Wireless Interface:
[admin@MikroTik] > /interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2412 ssid="My MikroTik" wireless-protocol=802.11 security-profile=wifi_security default-authentication=yes ht-txchains=0,1 ht-rxchains=0,1 disabled=no
Basic MikroTik Firewall Configuration:
At this point your MikroTik router does not have the Firewall configured. This means you will be open to threats and attacks from the Internet. For more information on configuring your Routers firewall please visit "Secure your MikroTik Firewall"
Finish
May Be Useful
Regards
Merah Putih Segoroasat
Thanks
Tidak ada komentar :
Posting Komentar