Manual:Default Configurations: Difference between revisions
Line 145: | Line 145: | ||
<td align=center>Masquerade wan port</td> | <td align=center>Masquerade wan port</td> | ||
<td align=center>192.168.88.1/24 on ether1</td> | <td align=center>192.168.88.1/24 on ether1</td> | ||
<td align=center>Disabled on wan port</td> | <td align=center>Disabled on wan port</td> | ||
</tr> | </tr> | ||
Line 253: | Line 239: | ||
<td align=center>wlan1</td> | <td align=center>wlan1</td> | ||
<td align=center>ether1</td> | <td align=center>ether1</td> | ||
<td align=center>station | <td align=center>station a/n 5GHz</td> | ||
<td align=center>0,1</td> | <td align=center>0,1</td> | ||
<td align=center>above control</td> | <td align=center>above control</td> | ||
Line 320: | Line 306: | ||
</tr> | </tr> | ||
<tr class="styled_table"> | <tr class="styled_table"> | ||
<td><b>QRT 2</b></td> | <td><b>QRT-2</b></td> | ||
<td align=center>wlan1</td> | <td align=center>wlan1</td> | ||
<td align=center>ether1</td> | <td align=center>ether1</td> | ||
<td align=center>station b/g/n 2.4GHz</td> | <td align=center>station b/g/n 2.4GHz</td> | ||
<td align=center>0 | <td align=center>0</td> | ||
<td align=center>above control</td> | <td align=center>above control</td> | ||
<td align=center>on lan port</td> | <td align=center>on lan port</td> | ||
Line 448: | Line 420: | ||
<td align=center>192.168.88.1/24 on lan port</td> | <td align=center>192.168.88.1/24 on lan port</td> | ||
<td align=center>-</td> | <td align=center>-</td> | ||
</tr> | </tr> | ||
</table> | </table> | ||
Line 525: | Line 427: | ||
{{Warning | <code><b>/system default-configuration print </b></code> Always shows factory default configuration even if it is overridden by a different netinstall script. }} | {{Warning | <code><b>/system default-configuration print </b></code> Always shows factory default configuration even if it is overridden by a different netinstall script. }} | ||
== WAN Port == | == WAN Port == |
Revision as of 11:44, 15 June 2016
Applies to RouterOS: v5, v6+
List of Default Configs
Integrated Indoors
Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
---|---|---|---|---|---|---|---|---|---|---|---|
RB750 RB750G | ether1 | Switched ether2-ether5 | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB751 | ether1 | Switched ether2-ether5, bridged wlan1 with switch | AP b/g/n 2412MHz | 0,1 | above-control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB951 | ether1 | Switched ether2-ether5, bridged wlan1 with switch | AP b/g/n 2412MHz | 0 | above-control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB1100 AH/AHx2 | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
RB1200 | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
CCR series | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
RB2011 | ether1 | two switch groups bridged (ether2-ether10, wlan1 if present) | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on ether1 | Disabled on wan port |
CRS | - | all ports switched | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
CRS with wireless | ether1 | all other ports switched and bridged with wireless | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on ether1 | Disabled on wan port |
Integrated Outdoors
Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
---|---|---|---|---|---|---|---|---|---|---|---|
Groove 2Hn | wlan1 | ether1 | station b/g/n 2.4GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Groove 5Hn | wlan1 | ether1 | station a/n 5GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Groove A-5Hn | - | bridged wlan1,ether1 | AP a/n 5300MHz | 0 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
Metal 5 | wlan1 | ether1 | station a/n 5GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Metal 2 | wlan1 | ether1 | station b/g/n 2GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
SXT 5xx, SXT G-5xx |
wlan1 | ether1 | station a/n 5GHz | 0,1 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
OmniTik | ether1 | Switched ether2-ether5, bridged wlan1 with switch | AP a/n 5300MHz | 0,1 | - | on lan port | on wan port | - | Masquerade wan port | 192.168.88.1/24 on lan port | - |
SEXTANT | wlan1 | ether1 | station a/n 5GHz | 0,1 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
BaseBox 5 | - | bridged wlan1,ether1 | AP a/n 5GHz | 0,1 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
BaseBox 2 | - | bridged wlan1,ether1 | AP b/g/n 2GHz | 0,1 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
QRT-2 | wlan1 | ether1 | station b/g/n 2.4GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Engineered
Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
---|---|---|---|---|---|---|---|---|---|---|---|
RB411xx, RB435G, RB433xx, RB495xx, RB800 |
- | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
RB450xx | ether1 | Switched ether2-ether5 | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB711-5xx, RB711G-5xx |
wlan1 | ether1 | station a/n 5GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB711UA-5xx, RB711GA-5xx |
- | bridged wlan1,ether1 | AP a/n 5300MHz | 0 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
RB711-2xx | wlan1 | ether1 | station b/g/n 2.4GHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
RB711UA-2xx | - | bridged wlan1,ether1 | AP a/n 2412MHz | 0 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
Note: To see configuration script that will be applied after system reset use following command (however, see warning below) /system default-configuration print
Warning: /system default-configuration print
Always shows factory default configuration even if it is overridden by a different netinstall script.
WAN Port
When applying configuration, WAN port is renamed to "<wan port>-gateway", for example, if wan port is ether1, it will be renamed to "ether1-gateway".
Local Port
Local port can be:
- single interface
- ethernets configured in switch group
- bridged, with all interfaces that are not WAN and switch slaves.
If ports are switched then master port is renamed to "<ethernet name>-master-local" and slaves to "<ethernet name>-slave-local".
Let's take RB751 as an example. Board has ether1 configured as WAN port, it has switch chip and one pre-configured wireless interface. So in this case all ethernet ports except ether1 are grouped in a switch group and bridged with wireless interface.
Generated config will be:
/interface set ether2 name=ether2-master-local; /interface set ether3 name=ether3-slave-local; /interface set ether4 name=ether4-slave-local; /interface set ether5 name=ether5-slave-local; /interface ethernet set ether3-slave-local master-port=ether2-master-local; /interface ethernet set ether4-slave-local master-port=ether2-master-local; /interface ethernet set ether5-slave-local master-port=ether2-master-local; /interface bridge add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp; :local bMACIsSet 0; :foreach k in=[/interface find] do={ :local tmpPort [/interface get $k name]; :if ($bMACIsSet = 0) do={ :if ([/interface get $k type] = "ether") do={ /interface bridge set "bridge-local" admin-mac=[/interface ethernet get $tmpPort mac-address]; :set bMACIsSet 1; } } :if (!($tmpPort~"bridge" || $tmpPort~"ether1" || $tmpPort~"slave")) do={ /interface bridge port add bridge=bridge-local interface=$tmpPort; } }
Wireless Config
Wireless configuration depends on market segment for which board is designed. It can be configured as an AP or a station on 2GHz and 5GHz frequencies. Default 2GHz frequency is 2412 and default 5GHz frequency is 5300. SSID is "Mikrotik-" + last 3 bytes in hex from wireless MAC address. Starting from v5.25 and v6rc14 Wireless Security profile is configured with WPA/WPA2 and security key equal to router's serial number.
For example, If Mac address of the wlan1 interface is 00:0B:6B:30:7F:C2, and serial number of the board is
/sys routerboard print routerboard: yes serial-number: 0163008F8883
Then following settings will be applied:
- SSID="MikroTik-307FC2"
- security settings:
- mode=dynamic-keys
- authentication-types=wpa-psk,wpa2-psk
- wpa-pre-shared-key=0163008F8883
- wpa2-pre-shared-key=0163008F8883
Note: security key is case sensitive
If board has two chains (letter D in the naming of the board), then both chains are enabled. HT Extension is enabled on all CPEs.
For example generated config on RB751:
:if ( $wirelessEnabled = 1) do={ # wait for wireless :while ([/interface wireless find] = "") do={ :delay 1s; }; /interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 \ disabled=no country=no_country_set wireless-protocol=any /interface wireless set wlan1 channel-width=20/40mhz-ht-above ; }
Default IP and DHCP Config
Default IP address on all boards is 192.168.88.1/24. Boards without specific configuration has IP address set on ether1, other boards has IP address on LAN interface.
All boards that have the WAN port configured, will have a DHCP client set on WAN port.
Typically on all CPEs, DHCP server is set on LAN port giving out addresses in a range from 192.168.88.2-192.168.88.254
An example RB751 applied DHCP config.
/ip dhcp-client add interface=ether1-gateway disabled=no /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254; /ip dhcp-server add name=default address-pool="default-dhcp" interface=bridge-local disabled=no; /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
Firewall, NAT and MAC server
All boards with a configured WAN port also has protection configured on that port. Any traffic leaving the WAN port is masqueraded. In forward chain there are also three rules added for boards with a masquerade rule: accept established, accept related and drop invalid to prevent packets with local network IP to be leaked onto the wan port.
Config example:
/ip firewall { filter add chain=input action=accept protocol=icmp comment="default configuration" filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration" filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration" filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration" nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration" } /tool mac-server remove [find]; /tool mac-server mac-winbox disable [find]; :foreach k in=[/interface find] do={ :local tmpName [/interface get $k name]; :if (!($tmpName~"ether1")) do={ /tool mac-server add interface=$tmpName disabled=no; /tool mac-server mac-winbox add interface=$tmpName disabled=no; } } /ip neighbor discovery set [find name="ether1-gateway"] discover=no
DNS
Every board allows remote DNS requests and has a static DNS name of 'router' pre-configured.
/ip dns { set allow-remote-requests=yes static add name=router address=192.168.88.1 }
[ Top | Back to Content ]