Manual:Default Configurations: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
(Created page with '{{Versions| v5}} == List of Default Configs == ===Integrated Indoors=== <table width="1180" > <tr class="styled_table"> <th width="100"></th> <th width="40">Wan port</th> …')
 
No edit summary
 
(101 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Versions| v5}}
{{Warning|This manual is moved to https://help.mikrotik.com/docs/display/ROS/Default+configurations}}


== List of Default Configs ==
== Overview ==


===Integrated Indoors===
All RouterBOARDs from factory come with default configuration. There are several different configurations depending on board type:
<table width="1180" >
* CPE Router;
<tr class="styled_table">
* LTE CPE AP router;
  <th width="100"></th>
* AP Router (single or dual band);
  <th width="40">Wan port</th>
* PTP Bridge (AP or CPE);
  <th width="200">Lan port</th>
* WISP Bridge (AP in ap_bridge mode);
  <th width="100">Wireless mode</th>
* Switch;
  <th width="40">ht chain</th>
* IP Only;
  <th width="80">ht extension</th>
* CAP.
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>RB750 RB750G</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB751-2n</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5, bridged wlan1 with switch</td>
  <td align=center>AP b/g/n 2412MHz</td>
  <td align=center> 0 </td>
  <td align=center>above-control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>


<tr class="styled_table">
You can run command <code>/system default-configuration print</code> to see exact applied default configuration commands.
  <td><b>RB1100</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB1200</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB2011</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
</table>


===Integrated Outdoors===
== CPE Router ==
<table width="1180" >
<tr class="styled_table">
  <th width="100"></th>
  <th width="40">Wan port</th>
  <th width="200">Lan port</th>
  <th width="100">Wireless mode</th>
  <th width="40">ht chain</th>
  <th width="80">ht extension</th>
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>Groove 5</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>Groove A-5xx</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>SXT 5D</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5300MHz</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>OmniTik</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5, bridged wlan1 with switch</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0,1</td>
  <td align=center>-</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
</table>


===Engineered===
In this type of configurations router is configured as wireless client device. WAN interface is <b>Wireless</b> interface. WAN port has configured DHCP client, is protected by IP firewall and MAC discovery/connection is disabled.
<table width="1180" >
<tr class="styled_table">
  <th width="100"></th>
  <th width="40">Wan port</th>
  <th width="200">Lan port</th>
  <th width="100">Wireless mode</th>
  <th width="40">ht chain</th>
  <th width="80">ht extension</th>
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>RB450 RB450G</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB711-5</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB711-A5</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB711-2</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2412MHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
</table>


== Wan Port ==
List of routers using this type of configuration:
* RB 711,911,912,921,922 - with level3 license
* SXT
* QRT
* SEXTANT
* LHG
* LDF
* DISC
* Groove
* Metal


When applying configuration WAN port is renamed to "<wan port>-gateway", for example, if wan port is ether1, it will be renamed to "ether1-gateway".
== LTE CPE AP router ==


== Local Port ==
This configuration type is applied to routers that has both LTE and wireless interfaces. LTE interface is considered a WAN port protected by firewall and MAC discovery/connection disabled. IP address on WAN port is acquired automatically. Wireless is configured as access point and bridged with all available Ethernet ports.


Local port can be:
* wAP LTE Kit
* single interface
* SXT LTE
* ethernets configured in switch group
* LtAP 4G kit
* bridged all interfaces that are not WAN and switch slaves.
* LtAP LTE kit
If ports are switched then master port is renamed to "<ethernet name>-master-local" and slaves to "<ethernet name>-slave-local".


Lets take '''RB751''' as an example.
== AP Router ==
Board has ether1 configured as WAN port, it has switch chip and one pre-configured wireless interface. So in this case all ethernets except ether1 are groped in switch group and bridged with wireless interface.
Here how generated config would look like:
<pre>
/interface ethernet
set ether2 name=ether2-master-local
set ether3 name=ether3-slave-local master-port=ether2-master-local
set ether4 name=ether4-slave-local master-port=ether2-master-local
set ether5 name=ether5-slave-local master-port=ether2-master-local


/interface bridge
This type of configuration is applied to home access point routers to be used straight out of the box without additional configuration (except router passwords and wireless keys)
add name="bridge-local" auto-mac=no protocol-mode=rstp admin-mac=[/interface ethernet get [find name~"ether2"] mac-address];


/interface bridge port
First Ethernet is always configured as WAN port (protected by firewall, enabled DHCP client and disabled MAC connection/discovery). Other Ethernet ports and wireless interfaces are added to local LAN bridge with 192.168.88.1/24 address set and configured DHCP server. In case of dual band routers, one wireless is configured as 5 GHz access point and other as 2.4 GHz access point.
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether2-master-local
</pre>


== Wireless Config ==
List of routers using this type of configuration:
* RB 450,751,850,951,953,2011,3011,4011
* hEX,PowerBox
* mAP
* wAP,wAP R (without LTE card)
* hAP
* cAP
* OmniTIK
* CRS series with wireless interface


Wireless configuration depends on market segment for which board is designed. It can be configured as AP or station in 2GHz and 5GHz frequencies.
== PTP Bridge ==
Default 2GHz frequency is 2412 and default 5GHz frequency is 5300.
SSID is "Mikrotik".


If board has two chains (letter D in the naming of the board), then both chains are enabled. HT Extension is enabled on all CPEs.
Bridged ethernet with wireless interface. Default IP address 192.168.88.1/24 is set on the bridge interface.
There are two possible options - as CPE and as AP. For CPE wireless interface is set in "station-bridge" mode, for AP "bridge" mode is used.


Code from default config. Variables mode, band, htChains and htExt are determined based on type of the board (See table above).
List of routers using this type of configuration:
<pre>
* DynaDish - as CPE
/interface wireless set wlan1 mode=$mode band=$band ht-txchains=$htChains ht-rxchains=$htChains \
* Wireless Wire kit
ht-extension-channel=$htExt disabled=no country=no_country_set wireless-protocol=any
* wAP 60G - with level3 license
</pre>


==Default IP and DHCP Config ==
== WISP Bridge ==


Default IP address on all boards is 192.168.88.1/24. Boards without specific configuration has IP address set on ether1, other boards has IP address on LAN interface.
Configuration is the same as PTP Bridge in AP mode, except that wireless mode is set to ap_bridge for PTMP setups.
Router can be accessed directly using MAC address. If device is connected to the network with enabled DHCP server, configured DHCP client configured on the bridge interface will get the IP address, that can be used to access the router.


All boards that has WAN port configured, DHCP client is set on WAN port.
List of routers using this type of configuration:
* RB 911,912,921,922 - with Level4 license
* Groove A, RB 711 A
* BaseBox, NetBox
* mANTBox, NetMetal
* wAP 60G AP - with level4 license
* LtAP


Typically on all CPEs DHCP server is set on LAN port, giving out addresses in range from 192.168.88.2-192.168.88.254
== Switch ==


As an example '''RB751''' applied DHCP config.  
This configuration utilizes switch chip features to configure dumb switch. All ethernet ports are added to switch group and default IP address 192.168.88.1/24 is set on master port.
<pre>
/ip dhcp-client add interface=ether1-gateway disabled=no


/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
List of routers using this type of configuration:
/ip dhcp-server
* FiberBox
  add name=default address-pool="default-dhcp" interface=bridge-local disabled=no;
* CRS without wireless interface


/ip dhcp-server network
== IP Only ==
  add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
</pre>


== Firewall, NAT and MAC server==
When no specific configuration is found, IP address 192.168.88.1/24 is set on ether1, or combo1, or sfp1.


All boards with configured WAN port has configured protection on that port. Any traffic leaving WAN port is masqueraded.
List of routers using this type of configuration:
* RB 411,433,435,493,800,M11,M33,1100
* CCR


Config example:
== CAP ==
<pre>
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="default configuration"
filter add chain=input action=accept connection-state=established in-interface="$wanPort-gateway" comment="default configuration"
filter add chain=input action=accept connection-state=related in-interface="$wanPort-gateway" comment="default configuration"
filter add chain=input action=drop in-interface="$wanPort-gateway" comment="default configuration"
nat add chain=srcnat out-interface="$wanPort-gateway" action=masquerade comment="default configuration"
}
/tool mac-server remove [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~$wanPort)) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disabled=no;
}
}


/ip neighbor discovery set [find name="$wanPort-gateway"] discover=no
This type of configuration is used when device need to be used as wireless client device controlled by CAPsMAN.


</pre>
When CAP default configuration is loaded, ether1 is considered a management port with DHCP client configured. All other Ethernet interfaces are bridged and wlan1 is set to be managed by CAPsMAN.


==DNS==
To load CAP configuration refer to [[M:Reset_button | Reset Button manual]].
 
Every board allows remote DNS requests and static DNS name is pre-configured.
<pre>
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.88.1
}
</pre>





Latest revision as of 10:36, 1 June 2020


Overview

All RouterBOARDs from factory come with default configuration. There are several different configurations depending on board type:

  • CPE Router;
  • LTE CPE AP router;
  • AP Router (single or dual band);
  • PTP Bridge (AP or CPE);
  • WISP Bridge (AP in ap_bridge mode);
  • Switch;
  • IP Only;
  • CAP.

You can run command /system default-configuration print to see exact applied default configuration commands.

CPE Router

In this type of configurations router is configured as wireless client device. WAN interface is Wireless interface. WAN port has configured DHCP client, is protected by IP firewall and MAC discovery/connection is disabled.

List of routers using this type of configuration:

  • RB 711,911,912,921,922 - with level3 license
  • SXT
  • QRT
  • SEXTANT
  • LHG
  • LDF
  • DISC
  • Groove
  • Metal

LTE CPE AP router

This configuration type is applied to routers that has both LTE and wireless interfaces. LTE interface is considered a WAN port protected by firewall and MAC discovery/connection disabled. IP address on WAN port is acquired automatically. Wireless is configured as access point and bridged with all available Ethernet ports.

  • wAP LTE Kit
  • SXT LTE
  • LtAP 4G kit
  • LtAP LTE kit

AP Router

This type of configuration is applied to home access point routers to be used straight out of the box without additional configuration (except router passwords and wireless keys)

First Ethernet is always configured as WAN port (protected by firewall, enabled DHCP client and disabled MAC connection/discovery). Other Ethernet ports and wireless interfaces are added to local LAN bridge with 192.168.88.1/24 address set and configured DHCP server. In case of dual band routers, one wireless is configured as 5 GHz access point and other as 2.4 GHz access point.

List of routers using this type of configuration:

  • RB 450,751,850,951,953,2011,3011,4011
  • hEX,PowerBox
  • mAP
  • wAP,wAP R (without LTE card)
  • hAP
  • cAP
  • OmniTIK
  • CRS series with wireless interface

PTP Bridge

Bridged ethernet with wireless interface. Default IP address 192.168.88.1/24 is set on the bridge interface. There are two possible options - as CPE and as AP. For CPE wireless interface is set in "station-bridge" mode, for AP "bridge" mode is used.

List of routers using this type of configuration:

  • DynaDish - as CPE
  • Wireless Wire kit
  • wAP 60G - with level3 license

WISP Bridge

Configuration is the same as PTP Bridge in AP mode, except that wireless mode is set to ap_bridge for PTMP setups. Router can be accessed directly using MAC address. If device is connected to the network with enabled DHCP server, configured DHCP client configured on the bridge interface will get the IP address, that can be used to access the router.

List of routers using this type of configuration:

  • RB 911,912,921,922 - with Level4 license
  • Groove A, RB 711 A
  • BaseBox, NetBox
  • mANTBox, NetMetal
  • wAP 60G AP - with level4 license
  • LtAP

Switch

This configuration utilizes switch chip features to configure dumb switch. All ethernet ports are added to switch group and default IP address 192.168.88.1/24 is set on master port.

List of routers using this type of configuration:

  • FiberBox
  • CRS without wireless interface

IP Only

When no specific configuration is found, IP address 192.168.88.1/24 is set on ether1, or combo1, or sfp1.

List of routers using this type of configuration:

  • RB 411,433,435,493,800,M11,M33,1100
  • CCR

CAP

This type of configuration is used when device need to be used as wireless client device controlled by CAPsMAN.

When CAP default configuration is loaded, ether1 is considered a management port with DHCP client configured. All other Ethernet interfaces are bridged and wlan1 is set to be managed by CAPsMAN.

To load CAP configuration refer to Reset Button manual.


[ Top | Back to Content ]