Manual:Default Configurations
Applies to RouterOS: v5
List of Default Configs
Integrated Indoors
| Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| RB750 RB750G | ether1 | Switched ether2-ether5 | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| RB751-2n | ether1 | Switched ether2-ether5, bridged wlan1 with switch | AP b/g/n 2412MHz | 0 | above-control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| RB1100 | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
| RB1200 | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
| RB2011 | - | - | - | - | - | - | - | - | - | 192.168.88.1/24 on ether1 | - |
Integrated Outdoors
| Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Groove 5 | wlan1 | ether1 | station a/n 5300MHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| Groove A-5xx | - | bridged wlan1,ether1 | AP a/n 5300MHz | 0 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
| SXT 5D | wlan1 | ether1 | station a/n 5300MHz | 0,1 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| OmniTik | ether1 | Switched ether2-ether5, bridged wlan1 with switch | AP a/n 5300MHz | 0,1 | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Engineered
| Wan port | Lan port | Wireless mode | ht chain | ht extension | dhcp-server | dhcp-client | Firewall | NAT | Default IP | Mac Server | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| RB450 RB450G | ether1 | Switched ether2-ether5 | - | - | - | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| RB711-5 | wlan1 | ether1 | station a/n 5300MHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
| RB711-A5 | - | bridged wlan1,ether1 | AP a/n 5300MHz | 0 | - | - | - | - | - | 192.168.88.1/24 on lan port | - |
| RB711-2 | wlan1 | ether1 | station b/g/n 2412MHz | 0 | above control | on lan port | on wan port | blocked access to wan port | Masquerade wan port | 192.168.88.1/24 on lan port | Disabled on wan port |
Wan Port
When applying configuration WAN port is renamed to "<wan port>-gateway", for example, if wan port is ether1, it will be renamed to "ether1-gateway".
Local Port
Local port can be:
- single interface
- ethernets configured in switch group
- bridged all interfaces that are not WAN and switch slaves.
If ports are switched then master port is renamed to "<ethernet name>-master-local" and slaves to "<ethernet name>-slave-local".
Lets take RB751 as an example. Board has ether1 configured as WAN port, it has switch chip and one pre-configured wireless interface. So in this case all ethernets except ether1 are groped in switch group and bridged with wireless interface. Here how generated config would look like:
/interface ethernet set ether2 name=ether2-master-local set ether3 name=ether3-slave-local master-port=ether2-master-local set ether4 name=ether4-slave-local master-port=ether2-master-local set ether5 name=ether5-slave-local master-port=ether2-master-local /interface bridge add name="bridge-local" auto-mac=no protocol-mode=rstp admin-mac=[/interface ethernet get [find name~"ether2"] mac-address]; /interface bridge port add bridge=bridge-local interface=wlan1 add bridge=bridge-local interface=ether2-master-local
Wireless Config
Wireless configuration depends on market segment for which board is designed. It can be configured as AP or station in 2GHz and 5GHz frequencies. Default 2GHz frequency is 2412 and default 5GHz frequency is 5300. SSID is "Mikrotik".
If board has two chains (letter D in the naming of the board), then both chains are enabled. HT Extension is enabled on all CPEs.
Code from default config. Variables mode, band, htChains and htExt are determined based on type of the board (See table above).
/interface wireless set wlan1 mode=$mode band=$band ht-txchains=$htChains ht-rxchains=$htChains \ ht-extension-channel=$htExt disabled=no country=no_country_set wireless-protocol=any
Default IP and DHCP Config
Default IP address on all boards is 192.168.88.1/24. Boards without specific configuration has IP address set on ether1, other boards has IP address on LAN interface.
All boards that has WAN port configured, DHCP client is set on WAN port.
Typically on all CPEs DHCP server is set on LAN port, giving out addresses in range from 192.168.88.2-192.168.88.254
As an example RB751 applied DHCP config.
/ip dhcp-client add interface=ether1-gateway disabled=no /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254; /ip dhcp-server add name=default address-pool="default-dhcp" interface=bridge-local disabled=no; /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
Firewall, NAT and MAC server
All boards with configured WAN port has configured protection on that port. Any traffic leaving WAN port is masqueraded.
Config example:
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="default configuration"
filter add chain=input action=accept connection-state=established in-interface="$wanPort-gateway" comment="default configuration"
filter add chain=input action=accept connection-state=related in-interface="$wanPort-gateway" comment="default configuration"
filter add chain=input action=drop in-interface="$wanPort-gateway" comment="default configuration"
nat add chain=srcnat out-interface="$wanPort-gateway" action=masquerade comment="default configuration"
}
/tool mac-server remove [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~$wanPort)) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disabled=no;
}
}
/ip neighbor discovery set [find name="$wanPort-gateway"] discover=no
DNS
Every board allows remote DNS requests and static DNS name is pre-configured.
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.88.1
}
[ Top | Back to Content ]