From MikroTik Wiki
Revision as of 17:50, 20 November 2018 by Artursl (Removed see also link to a non-existent page in Spanish)
What is MikroTik RouterOS™?
- What does MikroTik RouterOS™ do?
- MikroTik RouterOS™ is a router operating system and software which turns a regular Intel PC or MikroTik RouterBOARD™ hardware into a dedicated router.
- What features does RouterOS™ have?
- RouterOS feature list
- Can I test the MikroTik RouterOS™ functionality before I buy the license?
- Yes, you can download the installation from MikroTik's webpage and install your own MikroTik router. The router has full functionality without the need for a license key for 24h total running time. That's enough time to test the router for 3 days at 8h a day, if you shut down the router at the end of each 8h day.
- Where can I get the License Key?
- Create an account on MikroTik's webpage (the top right-hand corner of www.mikrotik.com). You can use a credit card to pay for the key.
- Can I use MikroTik router to hook up to a service provider via a T1, T3, or other high speed connection?
- Yes, you can install various NICs supported by MikroTik RouterOS™ and get your edge router, backbone router, firewall, bandwidth manager, VPN server, wireless access point, HotSpot and much more in one box. Please check the Specification Sheet and Manual for supported interfaces!
- How fast will it be?
- An Intel PC is faster than almost any proprietary router, and there is plenty of processing power even in a 100MHz CPU.
- How does this software compare to using a Cisco router?
- You can do almost everything that a proprietary router does at a fraction of the cost of such a router and have flexibility in upgrading, ease of management and maintenance.
- What OS do I need to install the MikroTik RouterOS™?
- No Operating System is needed. The MikroTik RouterOS™ is standalone Operating System. The OS is Linux kernel based and very stable. Your hard drive will be wiped completely by the installation process. No additional disk support, just one PRIMARY MASTER HDD or FlashDisk, except for WEB proxy cache.
- How secure is the router once it is setup?
- Access to the router is protected by username and password. Additional users can be added to the router, specific rights can be set for user groups. Remote access to the router can be restricted by user, IP address. Firewall filtering is the easiest way to protect your router and network.
- How large HDD can I use for the MikroTik RouterOS™?
- MikroTik RouterOS™ supports disks larger than 8GB (usually up to 120GB). But make sure the BIOS of the router's motherboard is able to support these large disks.
- Can I run MikroTik RouterOS™ from any hard drive in my system?
- Is there support for multiple hard drives in MikroTik RouterOS™?
- A secondary drive is supported for web cache. This support has been added in 2.8, older versions don't support multiple hard drives.
- Why the CD installation stops at some point and does not go "all the way through"?
- The CD installation is not working properly on some motherboards. Try to reboot the computer and start the installation again. If it does not help, try using different hardware.
Logging on and Passwords
- What is the username and password when logging on to the router for the first time?
- Username is 'admin', and there is no password (hit the 'Enter' key). You can change the password using the '/password' command.
- How can I recover a lost password?
- If you have forgotten the password, there is no recovery for it. You have to reinstall the router.
- After power failure the MikroTik router is not starting up again
- If you haven't shut the router down, the file system has not been unmounted properly. When starting up, the RouterOS™ will perform a file system check. Depending on the HDD size, it may take several minutes to complete. Do not interrupt the file system check! It would make your installation unusable.
- How can I access the router if the LAN interface has been disabled?
- You can access the router either locally (using monitor and keyboard) or through the serial console.
- How many MikroTik RouterOS™ installations does one license cover?
- The license is per RouterOS installation. Each installed router needs a separate license.
- Does the license expire?
- The license never expires. The router runs for ever. Your only limitation is to which versions you can upgrade. For example if it says "Upgradable to v4.x", it means you can use all v4 releases, but not v5 This doesn't mean you can't stay on v4.x as long as you want.
- How can I reinstall the MikroTik RouterOS™ software without losing my software license?
- You have to use CD, Floppies or Netinstall procedure and install the MikroTik RouterOS™ on the HDD with the previous MikroTik RouterOS™ installation still intact. The license is kept with the HDD. Do not use format or partitioning utilities, they will delete your key! Use the same (initial) BIOS settings for your HDD!
- Can I use my MikroTik RouterOS™ software license on a different hardware?
- Yes, you can use different hardware (motherboard, NICs), but you should use the same HDD. The license is kept with the HDD unless format or fdisk utilities are used. It is not required to reinstall the system when moving to different hardware. When paying for the license, please be aware, that it cannot be used on another harddrive than the one it was installed upon.
- License transfer to another hard drive costs 10$. Contact support to arrange this.
- What to do, if my hard drive with MikroTik RouterOS™ crashes, and I have to install another one?
- If you have paid for the license, you have to write to support[at]mikrotik.com and describe the situation. We may request you to send the broken hard drive to us as proof prior to issuing a replacement key.
- What happens if my hardware breaks again, and I lose my replacement key?
- The same process is used as above, but this time, we need physical proof that there is in fact been another incident.
- If you have a free demo license, no replacement key can be issued. Please obtain another demo license, or purchase the base license.
- More information available here All_about_licenses
- How can I enter a new Software Key?
- Entering the key from Console/FTP:
- import the attached file with the command '/system license import' (you should upload this file to the router's FTP server)
- Entering the key with Console/Telnet:
- use copy/paste to enter the key into a Telnet window (no matter which submenu). Be sure to copy the whole key, including the lines "--BEGIN MIKROTIK SOFTWARE KEY--" and "--END MIKROTIK SOFTWARE KEY--"
- Entering the key from Winbox:
- use 'system -> license' menu in Winbox to Paste or Import the key
- I have mis-typed the software ID when I purchased the Software Key. How can I fix this?
- In the Account Server choose `work with keys`, then select your mis-typed key, and then choose `fix key`.
- About entering keys, see more on this page
- Entering a RouterOS License key
- All other information about License Keys can be found here
- How can I install additional feature packages?
- You have to use the same version package files (extension .npk) as the system package. Use the /system package print command to see the list of installed packages. Check the free space on router's HDD using the /system resource print command before uploading the package files. Make sure you have at least 2MB free disk space on the router after you have uploaded the package files!
- Upload the package files using the ftp BINARY mode to the router and issue /system reboot command to shut down the router and reboot. The packages are installed (upgraded) while the router is going for shutdown. You can monitor the installation process on the monitor screen connected to the router. After reboot, the installed packages are listed in the /system package print list.
- How can I upgrade?
- To upgrade the software, you will need to download the latest package files (*.npk) from our website (the 'system' package plus the ones that you need). Then, connect to the router via FTP and upload the new packages to it by using Binary transfer mode.
- Then reboot the router by issuing /system reboot command. More information here: Upgrading_RouterOS
- I installed additional feature package, but the relevant interface does not show up under the /interface print list.
- You have to obtain (purchase) the required license level or install the NPK package for this interface (for example package 'wireless').
- If I do upgrade RouterOS, will I lose my configuration?
- No, configuration is kept intact for upgrades within one version family. When upgrading version families (for example, V2.5 to V2.6) you may lose the configuration of some features that have major changes. For example when upgrading from V2.4, you should upgrade to the last version of 2.4 first.
- How much free disk space do I need when upgrading to higher version?
- You need space for the system package and the additional packages you have to upgrade. After uploading the newer version packages to the router you should have at least 2MB free disk space left. If not, do not try to make the upgrade! Uninstall the unnecessary packages first, and then upgrade the remaining ones.
- How can I downgrade the MikroTik RouterOS™ installation to an older version?
- You can downgrade by reinstalling the RouterOS™ from any media. The software license will be kept with the HDD as long as the disk is not repartitioned/reformatted. The configuration of the router will be lost (it is possible to save the old configuration, but this option has unpredictable results when downgrading and it is not recommended to use it).
- Another way is to use the /system package downgrade command. This works only if you downgrade to 2.7.20 and not lower. Upload the older packages to the router via FTP and then use the /system package downgrade command.
TCP/IP Related Questions
- I have two NIC cards in the MikroTik router and they are working properly. I can ping both networks from the router but can't ping from one network through the router to the other network and to the Internet. I have no firewall setup.
- This is a typical problem, where you do not have routing set up at your main Internet gateway. Since you have introduced a new network, you need to 'tell' about it your main gateway (your ISP). A route should be added for your new network. Alternatively, you can 'hide' your new network by means of masquerading to get access to the Internet. Please take time to study the Basic Setup Guide, where the problem is described and the solution is given.
- There is an example how to masquerade your private LAN:
[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-interface=Public [admin@MikroTik] ip firewall nat> print Flags: X - disabled, I - invalid, D - dynamic 0 chain=srcnat out-interface=Public action=masquerade
- How can I change the TCP port number for telnet or http services, if I do not want to use the ports 23 and 80, respectively?
- You can change the allocated ports under /ip service.
- When I use the IP address/mask in the form 10.1.1.17/24 for my filtering or queuing rules, they do not work.
- The rules 'do not work', since they do not match the packets due to the incorrectly specified address/mask. The correct form would be:
10.1.1.0/24 for the IP addresses in the range 10.1.1.0-10.1.1.255, or, 10.1.1.17/32 for just one IP address 10.1.1.17.
- I need to set up DHCP client, but there is no menu '/ip dhcp-client'.
- The DHCP feature is not included in the system software package. You need to install the dhcp package. Upload it to the router and reboot!
- Can I statically bind IP's to MAC addresses via DHCP?
- Yes, you can add static leases to the DHCP server leases list. However, DHCP is insecure by default, and it is better to use PPPoE for user authentication and handing out IP addresses. There you can request the user to log on from a specified MAC address as well.
- How can I masquerade two different subnets using two different external IP addresses for them?
- Use /ip firewall nat rule with chain=srcnat action=nat, specify the to-src-address argument value. It should be one of the router's external addresses. If you use action=masquerade, the to-src-address is not taken into account, since it is substituted by the external address of the router automatically.
- I cannot surf some sites when I use PPPoE.
- Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes less than your connection MTU. For example, if you have encrypted PPPoE link with MTU=1492, set the mangle rule as follows:
/ ip firewall mangle add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!0-1448 new-mss=1448
Bandwidth Management Related Questions
- How can I controll bandwidth(bandwidth shaping)in Bridge mode?
- In bridge settings enable use-ip-firewall.
- Can I use MikroTik as a bridge and a traffic shaper in one machine?
- Yes. You can use all the extensive queue management features. Set the queue to the interface where the traffic is actually leaving the router, when passing through the router. It is not the bridge interface! The queue on the bridge interface is involved only for the traffic generated from the router.
- Can I limit bandwidth based on MAC addresses?
- For download:
1. connection-mark all packets from the MAC of each client with different marks for each client using action=passthrough: /ip firewall mangle add chain=prerouting src-mac-address=11:11:11:11:11:11 \ action=mark-connection new-connection-mark=host11 passthrough=yes
2. Remark these packets with flow-mark (again different flow-marks for each connection-marks): /ip firewall mangle add chain=prerouting connection-mark=host11 new-packet-mark=host11
3. We can use these flow-marks in queue trees now.
- While this solution should function, it is fundamentally flawed as the first packet of each connection destined to these clients will not be taken into account.
- For upload:
[admin@AP] ip firewall mangle> add chain=prerouting src-mac-address=11:11:11:11:11:11 \ action=mark-packet new-packet-mark=upload
- Can I bridge wlan interface operating in the station mode?
- No, you cannot.