Manual:RouterOS FAQ

From MikroTik Wiki
Jump to navigation Jump to search

What is MikroTik RouterOS™?

What does MikroTik RouterOS™ do?
MikroTik RouterOS™ is router operating system and software which turns regular Intel PC or MikroTik RouterBOARD™ hardware into a dedicated router.
Can I test the MikroTik RouterOS™ functionality before I buy the license?
Yes, you can download the installation from MikroTik's webpage and install your own MikroTik router. The router has full functionality without license key for 24h total running time. It's enough time to test the router out for 3 days 8h a day, if you shut down the router at the end of each day.
Where can I get the License Key?
Create an account on MikroTik's webpage (the top right-hand corner of www.mikrotik.com). You can use credit card to pay for the key.
Can I use MikroTik router to hook up to a service provider via a T1, T3, or other high speed connection?
Yes, you can install various NICs supported by MikroTik RouterOS™ and get your edge router, backbone router, firewall, bandwidth manager, VPN server, wireless access point and much more in one box. Please check the Specification Sheet and Manual for supported interfaces!
How fast will it be?
An Intel PC is faster than almost any proprietary router, and there is plenty of processing power in a 100MHz Pentium.
How does this software compare to using a Cisco router?
You can do almost everything what a proprietary router does at a fraction of cost of such a router and have flexibility in upgrading, ease of management and maintenance.
What OS do I need to install the MikroTik RouterOS™?
No Operating System is needed. The MikroTik RouterOS™ comes with its own Operating System and Software. The OS is Linux kernel based and very stable. Your hard drive will be wiped out completely by the installation. No additional disk support, just one PRIMARY MASTER HDD or FlashDisk, except for WEB proxy cache.
How secure is the router once it is setup?
Access to the router is protected by username and password. Additional users can be added to the router, specific rights can be set for user groups. Remote access to the router can be restricted by user, IP address. Firewall filtering is the easiest way to protect your router and network.

Logging on and Passwords

What is the username and password when logging on to the router for the first time?
Username is 'admin', and there is no password (hit the 'Enter' key). You can change the password using the '/password' command.
How can I recover a lost password?
If you have forgotten the password, there is no recovery for it. You have to reinstall the router.
After power failure the MikroTik router is not starting up again
If you haven't shut the router down, the file system has not been unmounted properly. When starting up, the RouterOS™ is doing file system check. Depending on the HDD size, it may take several minutes to complete. Do not interrupt the file system check! It would make your installation unusable.

Licensing Issues

How many MikroTik RouterOS™ installations does one license cover?
The license is per RouterOS installation. Each installed router needs a separate license.
Does the license expire?
The license never expires. The router runs for ever. But, the license has a limited upgrade time - a time period during which you can upgrade the software to a newer version.
What to do when my upgrade period is over?
You can keep running the router as it is if you are happy with the installed software version. In case you want to upgrade, you need to extend the upgrade period by purchasing another license key at a 60% of the license cost.
How can I reinstall the MikroTik RouterOS™ software without loosing my software license?
You have to use CD, Floppies or Netinstall procedure and install the MikroTik RouterOS™ on the HDD with previous MikroTik RouterOS™ installation. The license is kept with the HDD. Do not use format or partitioning utilities, they will delete your key! Use the same (initial) BIOS settings for your HDD!
Can I use my MikroTik RouterOS™ software license on a different hardware?
Yes, you can use another hardware (motherboard, NICs), but you should use the same HDD. The license is kept with the HDD until format or fdisk utilities are used. It is not required to reinstall the system when moving to a different hardware. When paying for the license, please be aware, that it cannot be used on another harddrive.
License transfer to another hard drive costs 10$. Contact support to arrange this.
What to do, if my hard drive with MikroTik RouterOS™ crashes, and I have to install another one?
If you have paid for the license, you have to write to support[at]mikrotik.com and describe the situation. We may request you to send the broken hard drive to us prior to issuing a replacement key.
If you have a free demo license, no replacement key can be issued. Please obtain another demo license, or purchase the base license.
What limitations does the Free Demo License have?
RouterOS allows you to use all its features without registration for 24h running time from the first run. During this period you must get a key, otherwise you will need to reinstall the system. After you get a demo key (Free key), there are following limitations:
  • max EoIP tunnels - 1
  • max PPTP tunnels - 1.
  • max PPPoE tunnels - 1.
  • max L2TP tunnels - 1
  • max HotSpot active users - 1.
  • max P2P firewall rules - 1
  • max VLAN interfaces - 1
  • max number of queues - 1.
  • max number of NAT rules - 1.
  • Web Cache is disabled
  • Radius client is disabled
  • RIP, OSPF, BGP are disabled
  • Wireless or Synchronous are disabled
  • Upgrade erases all configuration
More information available in the manual
How can I enter a new Software Key?
Entering the key from Console/FTP:
  • import the attached file with the command '/system license import' (you should upload this file to the router's FTP server)
Entering the key with Console/Telnet:
  • use copy/paste to enter the key into a Telnet window (no matter which submenu). Be sure to copy the whole key, including the lines "--BEGIN MIKROTIK SOFTWARE KEY--" and "--END MIKROTIK SOFTWARE KEY--"
Entering the key from Winbox:
  • use 'system -> license' menu in Winbox to Paste or Import the key
I have mis-typed the software ID when I purchased the Software Key. How can I fix this?
In the Account Server choose `work with keys`, then select your mis-typed key, and then choose `fix key`.
About entering keys, see more on this page
Entering a RouterOS License key

Installation

How large HDD can I use for the MikroTik RouterOS™?
MikroTik RouterOS™ supports disks larger than 8GB (usually up to 120GB). But make sure the BIOS of the router's motherboard supports these large disks..
Can I run MikroTik RouterOS™ from any hard drive in my system?
The hard drive should be PRIMARY MASTER. Starting with 2.7.5 and 2.8beta2 the MikroTik RouterOS™ can be installed on a disk other than primary master if it is the only hard disk in the system. In that case the hard disk is only bootable in the same configuration as it was installed.
Is there support for multiple hard drives in MikroTik RouterOS™?
A secondary drive is supported for web cache. This support has been added in 2.8, older versions don't support multiple hard drives.
Why the CD installation stops at some point and does not go "all the way through"?
The CD installation is not working properly on some motherboards. Try to reboot the computer and start the installation again. If it does not help, try using different hardware.

Upgrading

How can I install additional feature packages?
You have to use the same version package files (extension .npk) as the system package. Use the /system package print command to see the list of installed packages. Check the free space on router's HDD using the /system resource print command before uploading the package files. Make sure you have at least 2MB free disk space on the router after you have uploaded the package files!
Upload the package files using the ftp BINARY mode to the router and issue /system reboot command to shut down the router and reboot. The packages are installed (upgraded) while the router is going for shutdown. You can monitor the installation process on the monitor screen connected to the router. After reboot, the installed packages are listed in the /system package print list.
How can I upgrade?
To upgrade the software, you will need to download the latest package files (*.npk) from our website (the 'system' package plus the ones that you need). Then, connect to the router via FTP and upload the new packages to it by using Binary transfer mode.
Then reboot the router by issuing /system reboot command.
Note:
After you upgrade to 2.8 from 2.7 or older, your license will require updating. This is a painless process, and simply requires you to hit `update key` button in Winbox, or type `/system license update-key` in command line interface. More help here: http://www.mikrotik.com/docs/ros/2.8/system/license.main
What is Level 2 License?
V2.8 introduced a new license system. When compared to previous versions before V2.8, there are no additional `features` anymore, there are License `Levels`. If you have updated an older license to V2.8, your `Level` would be `2` and would have the same features as your V2.7 key.
Can I purchase Level 2 License?
No, you cannot purchase Level 2 license after a clean install, the Level 2 is only a transitional license. See table for details: http://www.mikrotik.com/software.php
I installed additional feature package, but the relevant interface does not show up under the /interface print list.
You have to obtain (purchase) the required license level.
If I do upgrade, will I loose my configuration?
No, configuration is kept intact for upgrades within one version family. When upgrading version families (for example, V2.5 to V2.6) you may loose the configuration of some features that have major changes. When upgrading from V2.4, you should upgrade to V2.4.7 first.
How much free disk space do I need when upgrading to higher version?
You need space for the system package and the additional packages you have to upgrade. After uploading the newer version packages to the router you should have at least 2MB free disk space left. If not, do not try to make the upgrade! Uninstall the unnecessary packages first, and then upgrade the remaining ones.

Downgrading

How can I downgrade the MikroTik RouterOS™ installation to an older version?
You can downgrade by reinstalling the RouterOS™ from any media. The software license will be kept with the HDD as long as the disk is not repartitioned/reformatted. The configuration of the router will be lost (it is possible to save the old configuration, but this option has unpredictable results when downgrading and it is not recommended to use it).
Another way is to use the /system downgrade command. This works only if you downgrade to 2.7.20 and not lower. Upload the older packages to the router via FTP and then use the /system downgrade command.

TCP/IP Related Questions

I have two NIC cards in the MikroTik router and they are working properly. I can ping both networks from the router but can't ping from one network through the router to the other network and to the Internet. I have no firewall setup.
This is a typical problem, where you do not have routing set up at your main Internet gateway. Since you have introduced a new network, you need to 'tell' about it your main gateway (your ISP). A route should be added for your new network. Alternatively, you can 'hide' your new network by means of masquerading to get access to the Internet. Please take time to study the Basic Setup Guide, where the problem is described and the solution is given.
There is an example how to masquerade your private LAN:
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=srcnat out-interface=Public action=masquerade 
How can I change the TCP port number for telnet or http services, if I do not want to use the ports 23 and 80, respectively?
You can change the allocated ports under /ip service.
When I use the IP address/mask in the form 10.1.1.17/24 for my filtering or queuing rules, they do not work.
The rules 'do not work', since they do not match the packets due to the incorrectly specified address/mask. The correct form would be:
   10.1.1.0/24 for the IP addresses in the range 10.1.1.0-10.1.1.255, or,
   10.1.1.17/32 for just one IP address 10.1.1.17. 
I need to set up DHCP client, but there is no menu '/ip dhcp-client'.
The DHCP feature is not included in the system software package. You need to install the dhcp package. Upload it to the router and reboot!
Can I statically bind IP's to MAC addresses via DHCP?
Yes, you can add static leases to the DHCP server leases list. However, DHCP is insecure by default, and it is better to use PPPoE for user authentication and handing out IP addresses. There you can request the user to log on from a specified MAC address as well.
How can I masquerade two different subnets using two different external IP addresses for them?
Use /ip firewall nat rule with chain=srcnat action=nat, specify the to-src-address argument value. It should be one of the router's external addresses. If you use action=masquerade, the to-src-address is not taken into account, since it is substituted by the external address of the router automatically.
I cannot surf some sites when I use PPPoE.
Use /ip firewall mangle to change MSS (maximum segment size) to a value less 40 bytes your connection MTU. For example, if you have encrypted PPPoE link with MTU=1492, set the mangle rule as follows:
/ ip firewall mangle 
add chain=forward protocol=tcp tcp-flags=syn action=change-mss new-mss=1448

Bandwidth Management Related Questions

Can I use MikroTik as a bridge and a traffic shaper in one machine?
Yes. You can use all the extensive queue management features. Set the queue to the interface where the traffic is actually leaving the router, when passing through the router. It is not the bridge interface! The queue on the bridge interface is involved only for the traffic generated from the router.
Can I limit bandwidth based on MAC addresses?
For download:
   1. connection-mark all packets from the MAC of each client with different marks
   for each client using action=passthrough:
   /ip firewall mangle add chain=prerouting src-mac-address=11:11:11:11:11:11 \
   action=mark-connection new-connection-mark=host11 passthrough=yes
   2. Remark these packets with flow-mark (again different flow-marks for each connection-marks):
   /ip firewall mangle add chain=prerouting connection-mark=host11 new-packet-mark=host11
   3. We can use these flow-marks in queue trees now.
While this solution should function, it is fundamentally flawed as the first packet of each connection destined to these clients will not be taken into account.
For upload:
   [admin@AP] ip firewall mangle> add chain=prerouting src-mac-address=11:11:11:11:11:11 \
   action=mark-packet new-packet-mark=upload