Skip to main content

MikroTik - RouterOS Setup with WinBox, VLAN Setup

801 words·
MikroTik RouterOS WinBox Router VLAN
Table of Contents

MikroTik RB750GR3
#

MikroTik hEX Series RouterBOARD RB750GR3


RouterOS - Basic Setup
#

Webinterface
#

  • Open the webinterface with the default IP: 192.168.88.1

  • The welcome text looks like this

The following default configuration has been installed on your router:

Welcome to RouterOS!
   1) Set a strong router password in the System > Users menu
   2) Upgrade the software in the System > Packages menu
   3) Enable firewall on untrusted networks
-----------------------------------------------------------------------------
RouterMode:
 * WAN port is protected by firewall and enabled DHCP client
 * Ethernet interfaces (except WAN port/s) are part of LAN bridge
LAN Configuration:
    IP address 192.168.88.1/24 is set on bridge (LAN port)
    DHCP Server: enabled;
    DNS: enabled;
WAN (gateway) Configuration:
    gateway:  ether1 ;
    ip4 firewall:  enabled;
    NAT:   enabled;
    DHCP Client: enabled;

Delete Default Configuration
#

  • Select No Default Configuration

  • Optional select Keep User Configuration to keep the admin password


WinBox
#

  • Use WinBox to connect to the router via it’s MAC address

DNS Server
#

Set the Mikrotik router up to function as DNS server:

Go to IP > DNS

  • Define upstream DNS servers like “1.1.1.1” and “8.8.8.8”

  • Check the “Allow Remote Requests” option. This enables other devices on the network to use the MikroTik router as their DNS server


DHCP for WAN
#

Go to IP > DHCP Client

  • Click +

  • Select the Internet / WAN interface

  • Click Apply / OK

  • Wait for the interface to optain an IP
  • Optional: Click New Terminal and ping an external IP to test the connection

Create a Bridge
#

Go to the Bridge section

  • Click + to create a new bridge

  • Define a name and click Apply / OK

Add the needed ethernet ports to the bridge:

Go to the Ports section

  • Click + to add an ethernet port

  • Click Apply / OK


Add IP Address
#

Create a LAN IP address for the bridge

Go to IP > Addresses

  • Click + to add a new IP

  • Define an IP address

  • Select the bride from the Interface menu

  • Click Apply / OK

  • It should look like this


DHCP Server
#

Go to IP > DHCP Server

  • Click DHCP Setup

  • Select the bridge in the DHCP Server Interface menu

  • Define the DHCP Address Space
  • Define the Gateway
  • Define the DHCP range
  • Define one or more DNS servers, or define the subnets gateway if the router should function as DNS server
  • Define the lease time
  • The client should now show up in the leases section

Firewall / NAT
#

Go to IP > Firewall

  • Select the NAT tab

  • Click + to add a NAT rule

  • Define srcnatto create a source NAT

  • Define the Internet / WAN interface as Out. Interface

  • Define masquerade as action
  • Click Apply / OK

The clients should now be able to access the internet.


VLAN Setup
#

Create VLAN Interfaces
#

Go to Interfaces

  • Select the VLAN tab

  • Click + to add a new VLAN interface


Assign IP Address
#

Go to IP > Addresses

  • Click + to add a new IP address

  • Define the Address / Gateway IP

  • Define the subnet

  • Select the correct VLAN interface


DHCP Server
#

Go to IP > DHCP Server

  • Select ther DHCP tab

  • Click DHCP Setup

  • Select the VLAN


Firewall / NAT
#

The same firewall NAT masquarade rule is used that was created earlier. Recap:

Go to IP > Firewall

  • Select the NAT tab

  • Click + to add a NAT rule

  • Define srcnatto create a source NAT

  • Define the Internet / WAN interface as Out. Interface

  • Define masquerade as action
  • Click Apply / OK

More
#

Port Forwarding
#

Go to IP > Firewall

  • Open the NAT tab

  • Click + to create a new rule

General section:

  • Select “Chain:” dstnat

  • Select “Dst. Port” for example port 80

  • Select “In. Interface” Internet / WAN

Action section:

  • Select “Action:” dst-nat

  • Define “To Addresses:” the IP of the destination server

  • Define “To Ports:” the port of the destination server


Security
#

Admin Password
#

Go to System > Users

  • Select the admin user to change the password

Note: As best practive create a new user and disable the existing admin user, to make brute force attacks more difficult.


Disable Services
#

Disable services that are don’t needed:

Go to IP > Services

  • Use the context-menu to disable / enable services

Or disable the services from the shell:

# Disable services
/ip service disable api,api-ssl,ftp

# Enable services
/ip service enable api,api-ssl,ftp

Hardware Reset
#

To reset the router proceed as follows:

  • Unplug the power cable

  • Plugin the power cable

  • Press and hold the reset button right after applying power

  • Hold the reset button until the “USR” LED starts flashing

Note: After the router has reset, it’s necessary to change the pw. Keep the “Old Password” field empty.


Links #

# Official Documentation
https://help.mikrotik.com/docs/display/ROS/Getting+started

# Official Documentation: Router Reset
https://help.mikrotik.com/docs/display/ROS/Reset+Button

# Download Winbox
https://mikrotik.com/download