Manual:Default Configurations: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
m (Reverted edits by Uldis (talk) to last revision by Marisb)
No edit summary
Line 1: Line 1:
{{Versions| v5, v6+}}
{{Versions| v5, v6+}}


== List of Default Configs ==
== Overview ==


===Integrated Indoors===
All RouterBOARDs from factory come with default configuration. There are several different configurations depending on board type:
<table width="1180" >
* CPE Router;
<tr class="styled_table">
* LTE CPE AP router;
  <th width="100"></th>
* AP Router (single or dual band);
  <th width="40">Wan port</th>
* PTP Bridge (AP or CPE);
  <th width="200">Lan port</th>
* WISP Bridge (AP in ap_bridge mode);
  <th width="100">Wireless mode</th>
* Switch;
  <th width="40">ht chain</th>
* CAP;
  <th width="80">ht extension</th>
* IP Only.
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>RB750 RB750G</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB751</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5, bridged wlan1 with switch</td>
  <td align=center>AP b/g/n 2412MHz</td>
  <td align=center> 0,1 </td>
  <td align=center>above-control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>


<tr class="styled_table">
You can run command /system default-configuration print to see exact applied default configuration commands.
  <td><b>RB951</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5, bridged wlan1 with switch</td>
  <td align=center>AP b/g/n 2412MHz</td>
  <td align=center> 0 </td>
  <td align=center>above-control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>


<tr class="styled_table">
  <td><b>RB1100 AH/AHx2</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB1200</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>CCR series</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB2011</b></td>
  <td align=center>ether1</td>
  <td align=center>two switch groups bridged (ether2-ether10, wlan1 if present)</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>CRS</b></td>
  <td align=center>-</td>
  <td align=center>all ports switched</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>CRS with wireless</b></td>
  <td align=center>ether1</td>
  <td align=center>all other ports switched and bridged with wireless</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>mAP</b></td>
  <td align=center>ether1</td>
  <td align=center>bridged wireless</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
</table>


===Integrated Outdoors===
== CPE Router ==
<table width="1180" >
<tr class="styled_table">
  <th width="100"></th>
  <th width="40">Wan port</th>
  <th width="200">Lan port</th>
  <th width="100">Wireless mode</th>
  <th width="40">ht chain</th>
  <th width="80">ht extension</th>
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>Groove 2Hn</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>Groove 5Hn</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>Groove A-5Hn</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>Metal 5</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>Metal 2</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>SXT 5xx,<br />SXT G-5xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station 5GHz-a/n (5ghz-a/n/ac)</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>OmniTik</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5, bridged wlan1 with switch</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0,1</td>
  <td align=center>-</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>-</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>SEXTANT</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5GHz</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>BaseBox 5</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 5GHz</td>
  <td align=center>0,1</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>BaseBox 2</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP b/g/n 2GHz</td>
  <td align=center>0,1</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>QRT 2</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>QRT 5</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station 5GHz-a/n</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
</table>


===Engineered===
In this type of configurations router is configured as wireless client device. Depending on type of the board WAN interface can be <b>Wireless</b> or <b>LTE</b> interfaces. WAN port has configured DHCP client (except for LTE), is protected by ip firewall and MAC discovery/connection is disabled.
<table width="1180" >
<tr class="styled_table">
  <th width="100"></th>
  <th width="40">Wan port</th>
  <th width="200">Lan port</th>
  <th width="100">Wireless mode</th>
  <th width="40">ht chain</th>
  <th width="80">ht extension</th>
  <th width="90">dhcp-server</th>
  <th width="90">dhcp-client</th>
  <th width="100">Firewall</th>
  <th width="80">NAT</th>
  <th width="80">Default IP</th>
  <th>Mac Server</th>
</tr>
<tr class="styled_table">
  <td><b>RB411xx, <br />RB435G, <br />RB433xx, <br />RB495xx, <br />RB800</b></td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on ether1</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB450xx</b></td>
  <td align=center>ether1</td>
  <td align=center>Switched ether2-ether5</td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center> - </td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB711-5xx,<br /> RB711G-5xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station a/n 5GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB711UA-5xx,<br />RB711GA-5xx</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 5300MHz</td>
  <td align=center>0</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB711-2xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB711UA-2xx</b></td>
  <td align=center>-</td>
  <td align=center>bridged wlan1,ether1</td>
  <td align=center>AP a/n 2412MHz</td>
  <td align=center>0</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>-</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>-</td>
</tr>
<tr class="styled_table">
  <td><b>RB911/912-2xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB911/912-5xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>ether1</td>
  <td align=center>station 5GHz-a/n (5GHz-a/n/ac)</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB921/922-2xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>bridged wireless with ethernets</td>
  <td align=center>station b/g/n 2.4GHz</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB921/922-5xx</b></td>
  <td align=center>wlan1</td>
  <td align=center>bridged wireless with ethernets</td>
  <td align=center>station 5GHz-a/n (5GHz-a/n/ac)</td>
  <td align=center>0,1</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
<tr class="styled_table">
  <td><b>RB953GS-5xx</b></td>
  <td align=center>ether1</td>
  <td align=center>switched: sfp1,ether2,ether3 and bridged with wireless</td>
  <td align=center>ap-bridge 5GHz-a/n (5GHz-a/n/ac)</td>
  <td align=center>0,1,2</td>
  <td align=center>above control</td>
  <td align=center>on lan port</td>
  <td align=center>on wan port</td>
  <td align=center>blocked access to wan port</td>
  <td align=center>Masquerade wan port</td>
  <td align=center>192.168.88.1/24 on lan port</td>
  <td align=center>Disabled on wan port</td>
</tr>
</table>


{{Note | To see configuration script that will be applied after system reset use following command (however, see warning below) <code><b>/system default-configuration print </b></code> }}
List of routers using this type of config:
* SXT
* QRT
* LHG
* RB 911,912 - with level3 license
* RB 711
* Groove
* Metal
* NetMetal
* RB 921,922,A21 - with level3 license




{{Warning | <code><b>/system default-configuration print </b></code> Always shows factory default configuration even if it is overridden by a different netinstall script. }}
== LTE CPE AP router ==


=== CAP ===
This configuration type is applied to routers that has both LTE and wireless interfaces. LTE interface is considered a WAN port protected by firewall and MAC discovery/connection disabled. Wireless is configured as access point and bridged with all Ethernets.


When CAP default configuration is loaded, 'ether1' is considered a management port with DHCP client configured.


All other Ethernet interfaces are bridged and 'wlan1' is set to be managed by CAPsMAN
== AP Router ==


== WAN Port ==
This type of configuration is applied to home access point routers to be used straight out of the box without additional configuration (except router passwords and wireless keys)


When applying configuration, WAN port is renamed to "<wan port>-gateway", for example, if wan port is ether1, it will be renamed to "ether1-gateway".
First Ethernet is always configured as WAN port (protected by firewall, enabled DHCP client and disabled MAC connection/discovery). Other Ethernet and wireless interfaces are added to local LAN bridge with 192.168.88.1/24 address set and configured DHCP server.


== Local Port ==
In case of dual band routers, one wireless is configured as 5Ghz access point and other as 2.4Ghz access point.


Local port can be:
List of routers using this type of config:
* single interface
* 450,750,850
* ethernets configured in switch group
* mAP
* bridged, with all interfaces that are not WAN and switch slaves.
* wAP
If ports are switched then master port is renamed to "<ethernet name>-master-local" and slaves to "<ethernet name>-slave-local".
* RB 931
* hAP, RB 952,962
* RB 941
* RB 751,951
* RB 953
* OmniTIK
* RB 960
* RB 2011,3011
* CRS with wireless interface


Let's take '''RB751''' as an example.
Board has ether1 configured as WAN port, it has switch chip and one pre-configured wireless interface. So in this case all ethernet ports except ether1 are grouped in a switch group and bridged with wireless interface.


Generated config will be:
== PTP Bridge ==
<pre>
/interface set ether2 name=ether2-master-local;
/interface set ether3 name=ether3-slave-local;
/interface set ether4 name=ether4-slave-local;
/interface set ether5 name=ether5-slave-local;
/interface ethernet set ether3-slave-local master-port=ether2-master-local;
/interface ethernet set ether4-slave-local master-port=ether2-master-local;
/interface ethernet set ether5-slave-local master-port=ether2-master-local;


/interface bridge add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp;
List of routers using this type of config:
* DynaDish - as CPE


:local bMACIsSet 0;
:foreach k in=[/interface find] do={
        :local tmpPort [/interface get $k name];
        :if ($bMACIsSet = 0) do={
              :if ([/interface get $k type] = "ether") do={
                      /interface bridge set "bridge-local" admin-mac=[/interface ethernet get $tmpPort mac-address];
                      :set bMACIsSet 1;
                }
        }
        :if (!($tmpPort~"bridge" || $tmpPort~"ether1" || $tmpPort~"slave")) do={
              /interface bridge port add bridge=bridge-local interface=$tmpPort;
        }
}
</pre>


== Wireless Config ==
== WISP Bridge ==


Wireless configuration depends on market segment for which board is designed. It can be configured as an AP or a station on 2GHz and 5GHz frequencies.
Configuration is the same as PTP Bridge in AP mode, except that wireless mode is set to ap_bridge for PTMP setups.
Default 2GHz frequency is 2412 and default 5GHz frequency is 5300.
SSID is "Mikrotik-" + last 3 bytes in hex from wireless MAC address.
Starting from v5.25 and v6rc14 Wireless Security profile is configured with WPA/WPA2 and security key equal to router's serial number.


For example,
List of routers using this type of config:
If Mac address of the wlan1 interface is 00:0B:6B:30:7F:C2, and serial number of the board is
* cAP
<pre>
* Groove A, Metal A, RB 711 A
/sys routerboard print
* OmniGroove
      routerboard: yes
* RB 911,912 - with Level4 license.
    serial-number: 0163008F8883
* RB 921,922,A21 - with Level4 license.
</pre>




Then following settings will be applied:
== Switch ==


* SSID="MikroTik-307FC2"
This configuration utilizes switch chip features to configure dumb switch. All ethernet ports are added to switch group and default IP address 192.168.88.1/24 is set on master port.


* security settings:
List of routers using this type of config:
** mode=dynamic-keys
* CRS without wireless interface
** authentication-types=wpa-psk,wpa2-psk
** wpa-pre-shared-key=0163008F8883
** wpa2-pre-shared-key=0163008F8883


{{ Note | security key is case sensitive}}


== IP Only ==


If board has two chains (letter D in the naming of the board), then both chains are enabled. HT Extension is enabled on all CPEs.
When no specific configuration is found, IP address 192.168.88.1/24 is set on ether1, or combo1, or sfp1. Typically such configuration is applied to all CCR series and other rackmount routers.


For example generated config on RB751:
<pre>
:if ( $wirelessEnabled = 1) do={
# wait for wireless
      :while ([/interface wireless find] = "") do={ :delay 1s; };


      /interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 \
              disabled=no country=no_country_set wireless-protocol=any
      /interface wireless set wlan1 channel-width=20/40mhz-ht-above ;
}


</pre>
== CAP ==


==Default IP and DHCP Config ==
This type of configuration is used when device need to be used as wireless client device controlled by CAPsMAN.


Default IP address on all boards is 192.168.88.1/24. Boards without specific configuration has IP address set on ether1, other boards has IP address on LAN interface.
When CAP default configuration is loaded, ether1 is considered a management port with DHCP client configured. All other Ethernet interfaces are bridged and wlan1 is set to be managed by CAPsMAN.


All boards that have the WAN port configured, will have a DHCP client set on WAN port.
Typically on all CPEs, DHCP server is set on LAN port giving out addresses in a range from 192.168.88.2-192.168.88.254
An example '''RB751''' applied DHCP config.
<pre>
/ip dhcp-client add interface=ether1-gateway disabled=no
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
/ip dhcp-server
  add name=default address-pool="default-dhcp" interface=bridge-local disabled=no;
/ip dhcp-server network
  add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
</pre>
== Firewall, NAT and MAC server==
All boards with a configured WAN port also has protection configured on that port. Any traffic leaving the WAN port is masqueraded. In forward chain there are also three rules added for boards with a masquerade rule: accept established, accept related and drop invalid to prevent packets with local network IP to be leaked onto the wan port.
Config example:
<pre>
/ip firewall {
      filter add chain=input action=accept protocol=icmp comment="default configuration"
      filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration"
      filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration"
      filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
      nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
}
/tool mac-server remove [find];
/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
      :local tmpName [/interface get $k name];
      :if (!($tmpName~"ether1")) do={
              /tool mac-server add interface=$tmpName disabled=no;
              /tool mac-server mac-winbox add interface=$tmpName disabled=no;
        }
}
/ip neighbor discovery set [find name="ether1-gateway"] discover=no
</pre>
==DNS==
Every board allows remote DNS requests and has a static DNS name of 'router' pre-configured.
<pre>
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.88.1
}
</pre>




Revision as of 12:49, 31 May 2017

Version.png

Applies to RouterOS: v5, v6+

Overview

All RouterBOARDs from factory come with default configuration. There are several different configurations depending on board type:

  • CPE Router;
  • LTE CPE AP router;
  • AP Router (single or dual band);
  • PTP Bridge (AP or CPE);
  • WISP Bridge (AP in ap_bridge mode);
  • Switch;
  • CAP;
  • IP Only.

You can run command /system default-configuration print to see exact applied default configuration commands.


CPE Router

In this type of configurations router is configured as wireless client device. Depending on type of the board WAN interface can be Wireless or LTE interfaces. WAN port has configured DHCP client (except for LTE), is protected by ip firewall and MAC discovery/connection is disabled.

List of routers using this type of config:

  • SXT
  • QRT
  • LHG
  • RB 911,912 - with level3 license
  • RB 711
  • Groove
  • Metal
  • NetMetal
  • RB 921,922,A21 - with level3 license


LTE CPE AP router

This configuration type is applied to routers that has both LTE and wireless interfaces. LTE interface is considered a WAN port protected by firewall and MAC discovery/connection disabled. Wireless is configured as access point and bridged with all Ethernets.


AP Router

This type of configuration is applied to home access point routers to be used straight out of the box without additional configuration (except router passwords and wireless keys)

First Ethernet is always configured as WAN port (protected by firewall, enabled DHCP client and disabled MAC connection/discovery). Other Ethernet and wireless interfaces are added to local LAN bridge with 192.168.88.1/24 address set and configured DHCP server.

In case of dual band routers, one wireless is configured as 5Ghz access point and other as 2.4Ghz access point.

List of routers using this type of config:

  • 450,750,850
  • mAP
  • wAP
  • RB 931
  • hAP, RB 952,962
  • RB 941
  • RB 751,951
  • RB 953
  • OmniTIK
  • RB 960
  • RB 2011,3011
  • CRS with wireless interface


PTP Bridge

List of routers using this type of config:

  • DynaDish - as CPE


WISP Bridge

Configuration is the same as PTP Bridge in AP mode, except that wireless mode is set to ap_bridge for PTMP setups.

List of routers using this type of config:

  • cAP
  • Groove A, Metal A, RB 711 A
  • OmniGroove
  • RB 911,912 - with Level4 license.
  • RB 921,922,A21 - with Level4 license.


Switch

This configuration utilizes switch chip features to configure dumb switch. All ethernet ports are added to switch group and default IP address 192.168.88.1/24 is set on master port.

List of routers using this type of config:

  • CRS without wireless interface


IP Only

When no specific configuration is found, IP address 192.168.88.1/24 is set on ether1, or combo1, or sfp1. Typically such configuration is applied to all CCR series and other rackmount routers.


CAP

This type of configuration is used when device need to be used as wireless client device controlled by CAPsMAN.

When CAP default configuration is loaded, ether1 is considered a management port with DHCP client configured. All other Ethernet interfaces are bridged and wlan1 is set to be managed by CAPsMAN.


[ Top | Back to Content ]

Retrieved from "https://wiki.mikrotik.com/index.php?title=Manual:Default_Configurations&oldid=29313"