Week 12: MikTik Add Ons - M199205zn/Datacomm-CS3 GitHub Wiki

Learning Objectives

  1. Understand the purpose and use of MikroTik RouterOS.
  2. Configure MikroTik routers using CLI and GUI (WinBox).
  3. Implement basic networking concepts such as IP addressing and DHCP.
  4. Configure firewall rules for network security.
  5. Set up routing, NAT, and VPN services.
  6. Implement VLANs and wireless settings.

1. Introduction to MikroTik RouterOS

What is MikroTik RouterOS?

MikroTik RouterOS is a powerful operating system designed for routers and network devices, offering features like routing, firewall, bandwidth management, wireless, and VPN services.

Ways to Access MikroTik Routers

  • WinBox (Graphical Interface)
  • SSH/Telnet (Command Line Interface)
  • Web Interface (Browser-based configuration)

Default Credentials

  • Username: admin
  • Password: (empty by default)

2. Basic Configuration

Assigning an IP Address to an Interface

CLI Command:

/ip address add address=192.168.1.1/24 interface=ether1

WinBox:

  1. Go to IP > Addresses
  2. Click Add
  3. Enter IP Address and Interface

Configuring DHCP Server

CLI Command:

/ip dhcp-server setup

WinBox:

  1. Go to IP > DHCP Server
  2. Click Setup
  3. Follow the wizard

Viewing Assigned IP Addresses

/ip address print

3. Firewall and Network Security

MikroTik’s firewall allows users to control traffic and secure their network using filtering rules.

Basic Firewall Rule to Block SSH (Port 22)

/ip firewall filter add chain=input protocol=tcp port=22 action=drop

Explanation: This rule blocks all incoming SSH connections to the router.

Viewing Firewall Rules

/ip firewall filter print

Network Address Translation (NAT) - Enabling Internet Access

/ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

4. Routing and Network Management

Adding a Static Route

/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.1

Purpose: This sets the default gateway for network traffic.

Monitoring Network Traffic

Use Torch to analyze real-time traffic:

/tool torch interface=ether1

5. VLANs and Wireless Configuration

Creating a VLAN

/interface vlan add name=vlan10 vlan-id=10 interface=ether1

Purpose: This command creates VLAN 10 on interface ether1.

Enabling Wireless Interface

/interface wireless enable wlan1

Purpose: Activates the wireless network.

Setting up a Wireless Access Point

/interface wireless set wlan1 mode=ap-bridge ssid=MyWiFi password=SecurePass

Purpose: Configures a MikroTik router as a Wi-Fi access point.

6. VPN Configuration

Enabling PPTP VPN Server

/interface pptp-server enable

Adding a VPN User

/ppp secret add name=user1 password=pass1 service=pptp

Purpose: This creates a VPN user for secure remote access.

7. Summary & Review

Key Takeaways

  • MikroTik RouterOS is a powerful networking system used for routing, firewalling, and wireless networking.
  • Configuration can be done via WinBox, CLI, or Web Interface.
  • Firewall rules protect the network from unauthorized access.
  • DHCP Server assigns IP addresses automatically.
  • Routing and NAT are essential for managing network traffic.
  • VLANs allow network segmentation for better security and organization.
  • Wireless settings enable routers to function as Wi-Fi access points.
  • VPN configuration allows remote secure access to the network.

Practice Questions

  1. What is the primary use of MikroTik RouterOS?
  2. How do you assign an IP address to an interface?
  3. Which command enables the wireless interface?
  4. How do you create a firewall rule to block SSH access?
  5. What is the purpose of NAT in MikroTik?