Difference between revisions of "Manual:Winbox"

From MikroTik Wiki
Jump to: navigation, search
m (moved Winbox to Manual:Winbox)
(Summary)
(40 intermediate revisions by 7 users not shown)
Line 1: Line 1:
<h2>Summary</h2>
+
==Summary==
<p>
+
 
Winbox is a small utility that allows administration of Mikrotik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on <b>Linux</b> and <b>Mac OSX</b> using Wine.
+
Winbox is a small utility that allows administration of MikroTik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on <b>Linux</b> and <b>MacOS (OSX)</b> using Wine. All Winbox interface functions are as close as possible mirroring the console functions, that is why there are no Winbox sections in the manual. Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface [http://wiki.mikrotik.com/wiki/Winbox_changelog Winbox changelog]
</p>
+
 
<p>
+
From Winbox v3.14, the following security features are used:
All Winbox interface functions are as close as possible to Console functions, that is why there are no Winbox sections in the manual.
+
 
</p>
+
* Winbox.exe is signed with an Extended Validation certificate, issued by SIA Mikrotīkls (MikroTik).
<p>
+
* WinBox uses ECSRP for key exchange and authentication (requires new winbox version).
Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface.
+
* Both sides verify that other side knows password (no man in the middle attack is possible).
</p>
+
* Winbox in RoMON mode requires that agent is the latest version to be able to connect to latest version routers.
 +
* Winbox uses AES128-CBC-SHA as encryption algorithm (requires winbox version 3.14 or above).
 +
 
 +
==Starting Winbox==
 +
 
 +
Winbox loader can be downloaded from the [http://www.mikrotik.com/download mikrotik download page]. When winbox.exe is downloaded, double click on it and winbox loader window will pop up:
  
<h2>Starting the Winbox</h2>
+
[[File:Wb-man-1.PNG | center]]
<p>
 
Winbox loader can be downloaded directly from the router.
 
</p>
 
<p>
 
Open your browser and enter router's IP address, RouterOS welcome page will be displayed. Click on the link to download <b>winbox.exe</b>
 
</p>
 
[[File:win-web-snap.png|608px]]
 
  
<p>
+
To connect to the router enter IP or MAC address of the router, specify username and password (if any) and click on '''Connect''' button. You can also enter the port number after the IP address, separating them with a colon, like this 192.168.88.1:9999. The port can be changed in RouterOS '''services''' menu.  
When winbox.exe is downloaded, double click on it and winbox loader window will pop up:
 
</p>
 
[[File:winbox-loader.png|400px]]
 
  
<p>
 
To connect to the router enter IP or MAC address of the router, specify username and password (if any) and click on <b>Connect</b> button.
 
</p>
 
 
{{ Note | It is recommended to use IP address whenever possible. MAC session uses network broadcasts and is not 100% reliable.}}
 
{{ Note | It is recommended to use IP address whenever possible. MAC session uses network broadcasts and is not 100% reliable.}}
  
<p>
+
You can also use neighbor discovery, to list available routers use <b>Neighbors</b> tab:
You can also use neighbor discovery, to list available routers by clicking on <b>[...]</b> button:
+
 
</p>
+
[[File:Wb-man-2.PNG|center]]
[[File:winbox-loader2.png|400px]]
 
  
 
From list of discovered routers you can click on IP or MAC address column to connect to that router. If you click on IP address then IP will be used to connect, but if you click on MAC Address then MAC address will be used to connect to the router.
 
From list of discovered routers you can click on IP or MAC address column to connect to that router. If you click on IP address then IP will be used to connect, but if you click on MAC Address then MAC address will be used to connect to the router.
  
{{ Note | Neighbor discovery will show also devices which are not compatible with Winbox, like Cisco routers or any other device that uses CDP (Cisco Discovery Protocol) }}
+
{{ Note | Neighbor discovery will show also devices which are not compatible with Winbox, like Cisco routers or any other device that uses CDP (Cisco Discovery Protocol). If you will try to connect to SwOS device, then connection will be established through web browser }}
  
 +
<b>Description of buttons and fields of loader screen</b>
 +
 +
* Simple mode:
 +
 +
-- Buttons/check-boxes
  
<p>
 
Description of buttons and fields of loader screen
 
 
<ul class="bullets">
 
<ul class="bullets">
<li><b>[...]</b> - discovers and shows MNDP (MikroTik Neighbor Discovery Protocol) or CDP (Cisco Discovery Protocol) devices.
 
 
<li><b>Connect</b> - Connect to the router
 
<li><b>Connect</b> - Connect to the router
<li><b>Save</b> - Save address, login, password and note. Saved entries are listed at the bottom of loader window.
+
<li><b>Connect To RoMON</b> - Connect to [[ Manual:RoMON | RoMON ]] Agent
<li><b>Remove</b> - Remove selected entry from saved list
+
<li><b>Add/set</b> - Save/Edit any of saved router entries in <b>Managed</b> tab.
<li><b>Tools...</b> - Allows to run various tools: removes all items from the list, clears cache on the local disk, imports addresses from wbx file or exports them to wbx file.
+
<li><b>Open In New Window</b> - Leaves loader open in background and opens new windows for each device to which connection is made.
 
</ul>
 
</ul>
<br />
+
 
 +
-- Fields
 +
 
 
<ul class="bullets">
 
<ul class="bullets">
 
<li><b>Connect To:</b> - destination IP or MAC address of the router  
 
<li><b>Connect To:</b> - destination IP or MAC address of the router  
Line 54: Line 49:
 
<li><b>Password</b> - password used for authentication
 
<li><b>Password</b> - password used for authentication
 
<li><b>Keep Password</b> - if unchecked, password is not saved to the list
 
<li><b>Keep Password</b> - if unchecked, password is not saved to the list
<li><b>Secure Mode</b> - if checked, winbox will use TLS encryption to secure session
 
<li><b>Load Previous Session</b> - if checked, winbox will try to restore all previously opened windows.
 
<li><b>Note</b> - description of the router that will be saved to the list.
 
 
</ul>
 
</ul>
</p>
 
{{ Warning | Passwords are saved in plain text. Anyone with access to your file system will be able to retrieve passwords. }}
 
  
<h2>Interface Overview</h2>
+
 
 +
* Advanced mode:
 +
 
 +
-- Buttons/check-boxes
 +
 
 +
<ul class="bullets">
 +
<li><b>Browse</b> - Browse file directory for some specific session
 +
<li><b>Keep Password</b> - if unchecked, password is not saved to the list
 +
<li><b>Secure mode</b> -  if checked, winbox will use DH-1984 for key exchange and modified and hardened RC4-drop3072 encryption to secure session.
 +
<li><b>Autosave session</b> - Saves sessions automatically for devices to which connection are made.
 +
</ul>
 +
 
 +
-- Fields:
 +
 
 +
<ul class="bullets">
 +
<li><b>Session</b> - Saved router session.
 +
<li><b>Note</b> - Note that is assigned to save router entry.
 +
<li><b>Group</b> - Group to which saved router entry is assigned.
 +
<li><b>RoMON Agent</b> - Select RoMON Agent from available device list
 +
</ul>
 +
 
 +
 
 +
<b>Description of menu items in loader screen</b>
 +
 
 +
-- File
 +
 
 +
<ul class="bullets">
 +
<li><b>New</b> - Create new managed router list in specified location
 +
<li><b>Open</b> - Open managed router list file
 +
<li><b>Save As</b> - Save current managed router list to file
 +
<li><b>Exit</b> - Exit Winbox loader
 +
</ul>
 +
 
 +
-- Tools
 +
 
 +
<ul class="bullets">
 +
<li><b>Advanced Mode</b> - Enables/Disables advanced mode view
 +
<li><b>Import</b> - Imports saved session file
 +
<li><b>Export</b> - Exports saved session file
 +
<li><b>Move Session Folder</b> - Change path where session files are stored
 +
<li><b>Clear cache</b> - Clear winbox cache
 +
<li><b>Check For Updates</b> - Check for updates for Winbox loader
 +
</ul>
 +
 
 +
{{ Warning | Managed routers list is encrypted, but it can still be loaded in other winbox without problems IF the master password is not set for it!  }}
 +
 
 +
It is possible to use command line to pass connect to, user and password parameters automatically:
 +
<pre>
 +
winbox.exe [<connect-to> [<login> [<password>]]]
 +
</pre>
 +
For example (with no password):
 +
<pre>
 +
winbox.exe 10.5.101.1 admin ""
 +
</pre>
 +
Will connect to router 10.5.101.1 with user "admin"without password.
 +
 
 +
It is possible to use command line to pass connect to, user and password parameters automatically to conenct to router through RoMON. In this case RoMON Agent must be saved on Managed routers list so Winbox would know user and password for this device:
 +
<pre>
 +
winbox.exe --romon [<romon-agent> [<connect-to> [<login> [<password>]]]]
 +
</pre>
 +
For example (with no password):
 +
<pre>
 +
winbox.exe --romon 10.5.101.1 D4:CA:6D:E1:B5:7D admin ""
 +
</pre>
 +
Will connect to router D4:CA:6D:E1:B5:7D through 10.5.101.1 RoMON Agent with user "admin" without password.
 +
 
 +
===IPv6 connectivity===
 +
Winbox supports IPv6 connectivity. To connect to the routers IPv6 address, it must be placed in square braces the same as in web browsers when connecting to IPv6 server.
 +
Example:
 +
[[File:Wb-man-3.PNG|center]]
 +
 
 +
Winbox neighbor discovery is now capable of discovering IPv6 enabled routers. As you can see from the image below, there are two entries for each IPv6 enabled router, one entry is with IPv4 address and another one with IPv6 link-local address. You can easily choose to which one you want to connect:
 +
[[File:Wb-man-2.PNG|center]]
 +
 
 +
== Run Winbox on macOS ==
 +
 
 +
==== Wine bottler ====
 +
 
 +
It is possible to use Winbox in Apple macOS operating system by using Wine emulation software. For easier use it can be combined with [http://winebottler.kronenberg.org WineBottler software] to create a more convenient executable.
 +
 
 +
==== Homebrew ====
 +
 
 +
If the bottled version does not work, you can use Homebrew to install Wine and then launch the regular Winbox.exe file from [http://mt.lv/winbox our download page]
 +
 
 +
Requirements:
 +
 
 +
# [https://developer.apple.com/download/ Xcode] latest version. If you have Xcode 9-beta, delete Xcode 8 first, then rename the Beta to "Xcode".
 +
# [https://brew.sh Homebrew]
 +
 
 +
Then just follow these steps:
 +
 
 +
brew cask install xquartz
 +
brew install wine
 +
 
 +
If you'd like to create a launcher in MacOS, to avoid launching Wine from the Terminal, you can do it with Automator and save the result as a service or as an app. This is an example setup:
 +
 
 +
[[File:Automator.png|1000px]]
 +
 
 +
==Interface Overview==
 
<p>
 
<p>
 
Winbox interface has been designed to be intuitive for most of the users.
 
Winbox interface has been designed to be intuitive for most of the users.
 
Interface consists of:
 
Interface consists of:
 
<ul class="bulets">
 
<ul class="bulets">
<li>Main toolbar at the top where users ca add various info fields, like CPU and memory usage.
+
<li>Main toolbar at the top where users can add various info fields, like CPU and memory usage.
 
<li>Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example if IPv6 package is disabled, then <b>IPv6</b> menu and all it's sub-menus will not be displayed.
 
<li>Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example if IPv6 package is disabled, then <b>IPv6</b> menu and all it's sub-menus will not be displayed.
 
<li>Work area - area where all menu windows are opened.
 
<li>Work area - area where all menu windows are opened.
 
</ul>
 
</ul>
 
</p>
 
</p>
[[File:Winbox-workarea.png]]
+
[[File:Wb-man-4.PNG]]
 
<br />
 
<br />
 
<p>
 
<p>
Line 78: Line 166:
 
[username]@[Router's IP or MAC] ( [RouterID] ) - Winbox [ROS version] on [RB model] ([platform])
 
[username]@[Router's IP or MAC] ( [RouterID] ) - Winbox [ROS version] on [RB model] ([platform])
 
</pre>
 
</pre>
From screenshot above we can see that user <b>admin</b> is logged into router with IP address <b>10.1.101.18</b>. Router's ID is <b>MikroTik</b>, currently installed RouterOS version is <b>v5.0beta1</b>, RouterBoard is <b>RB800</b> and platform is <b>PowerPC</b>.  
+
From screenshot above we can see that user <b>krisjanis</b> is logged into router with IPv4/IPv6 address <b>[fe80::4e5e:cff:fef6:c0ab%3]</b>. Router's ID is <b>3C18-Krisjanis_GW</b>, currently installed RouterOS version is <b>v6.36rc6</b>, RouterBoard is <b>CCR1036-12G-4S</b> and platform is <b>tile</b>.  
 
</p>
 
</p>
 
<p>
 
<p>
Line 84: Line 172:
 
<ul class="bulets">
 
<ul class="bulets">
 
<li>winbox traffic indicator displayed as a green bar,  
 
<li>winbox traffic indicator displayed as a green bar,  
<li>indicator that shows whether winbox session uses TLS encryption  
+
<li>indicator that shows whether winbox session uses encryption  
<li>checkbox <b>Hide password</b>. This checkbox replaces all sensitive information (for example, ppp secret passwords) with '*' asterisk symbols.
+
<!--<li>checkbox <b>Hide password</b>. This checkbox replaces all sensitive information (for example, ppp secret passwords) with '*' asterisk symbols.-->
 
</ul>
 
</ul>
 
</p>
 
</p>
  
<h2>Work Area and child windows</h2>
+
==Work Area and child windows==
 
<p>
 
<p>
 
Winbox has MDI interface meaning that all menu configuration (child) widows are attached to main (parent) Winbox window and are showed in work area.
 
Winbox has MDI interface meaning that all menu configuration (child) widows are attached to main (parent) Winbox window and are showed in work area.
 
</p>
 
</p>
[[File:winbox-win-child.png|735px]]
+
[[File:Wb-man-5.PNG]]
 
<p>
 
<p>
 
Child windows can not be dragged out of working area. Notice in screenshot above that <b>Interface</b> window is dragged out of visible working area and horizontal scroll bar appeared at the bottom. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear.
 
Child windows can not be dragged out of working area. Notice in screenshot above that <b>Interface</b> window is dragged out of visible working area and horizontal scroll bar appeared at the bottom. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear.
 
</p>
 
</p>
  
<h3>Child window menu bar</h3>
+
===Child window menu bar===
 
<p>
 
<p>
 
Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:
 
Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:
Line 112: Line 200:
 
Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below
 
Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below
 
</p>
 
</p>
[[File:winbox-window-search.png]]
+
[[File:Wb-man-6.PNG]]
 
<p>
 
<p>
 
Notice that at the right side next to quick find input filed there is a dropdown box. For currently opened (IP Route) window this dropdown box allows to quickly sort out items by routing tables. For example if <b>main</b> is selected, then only routes from main routing table will be listed. <br />
 
Notice that at the right side next to quick find input filed there is a dropdown box. For currently opened (IP Route) window this dropdown box allows to quickly sort out items by routing tables. For example if <b>main</b> is selected, then only routes from main routing table will be listed. <br />
 
Similar dropdown box is also in all firewall windows to quickly sort out rules by chains.
 
Similar dropdown box is also in all firewall windows to quickly sort out rules by chains.
 
</p>
 
</p>
<h3>Sorting out displayed items</h3>
+
===Sorting out displayed items===
 
<p>
 
<p>
 
Almost every window has a <b>Sort</b> button. When clicking on this button several options appear as illustrated in screenshot below
 
Almost every window has a <b>Sort</b> button. When clicking on this button several options appear as illustrated in screenshot below
 
</p>
 
</p>
[[File:Winbox-window-sort.png]]
+
[[File:Wb-man-7.PNG]]
 
<p>
 
<p>
 
Example shows how to quickly filter out routes that are in 10.0.0.0/8 range
 
Example shows how to quickly filter out routes that are in 10.0.0.0/8 range
Line 149: Line 237:
 
</p>
 
</p>
  
<h3>Customizing list of displayed columns</h3>
+
===Customizing list of displayed columns===
 
<p>
 
<p>
 
By default winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example "BGP AS Path" or other BGP attributes to monitor if routes are selected properly.  
 
By default winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example "BGP AS Path" or other BGP attributes to monitor if routes are selected properly.  
Line 160: Line 248:
 
</ul>
 
</ul>
 
</p>
 
</p>
[[File:Winbox-window-field.png|640px]]
+
[[File:Wb-man-8.PNG]]
  
 
<p>
 
<p>
 
Changes made to window layout are saved and next time when winbox is opened the same column order and size is applied.
 
Changes made to window layout are saved and next time when winbox is opened the same column order and size is applied.
 
</p>
 
</p>
<h4>Detail mode</h4>
+
====Detail mode====
<p>
+
 
 
It is also possible to enable <b>Detail mode</b>. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.  
 
It is also possible to enable <b>Detail mode</b>. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.  
</p>
+
 
<p>
 
 
To enable detail mode right mouse click on the item list and from the popupmenu pick <b>Detail mode</b>
 
To enable detail mode right mouse click on the item list and from the popupmenu pick <b>Detail mode</b>
</p>
 
[[File:Winbox-window-detail.png|640px]]
 
  
<h3>Drag & Drop</h3>
+
[[File:Wb-man-9.PNG]]
 +
 
 +
====Category view====
 +
It is possible to list items by categories. In tis mode all items will be grouped alphabetically or by other category.  For example items may be categorized alphabetically if sorted by name, items can also be categorized by type like in screenshot below.
 +
 
 +
To enable Category view, right mouse click on the item list and from the popupmenu pick <b>Show Categories</b>
 +
 
 +
[[File:Wb-man-10.PNG]]
 +
 
 +
===Drag & Drop===
 
<p>
 
<p>
It is possible to upload and download files to/from router using winbox drag & drop functionality.  
+
It is possible to upload and download files to/from router using winbox drag & drop functionality. You can also download file by pressing right mouse button on it and selecting "Download".
 
</p>
 
</p>
[[File:Winbox1.jpg]]
+
[[File:Wb-man-11.PNG]]
  
 
{{Note | Drag & Drop does not work if winbox is running on Linux using wine. This is not a winbox problem, wine does not support drag & drop. }}
 
{{Note | Drag & Drop does not work if winbox is running on Linux using wine. This is not a winbox problem, wine does not support drag & drop. }}
  
<h3>Traffic monitoring</h3>
+
===Traffic monitoring===
 
<p>
 
<p>
 
Winbox can be used as a tool to monitor traffic of every interface, queue or firewall rule in real-time. Screenshot below shows ethernet traffic monitoring graphs.
 
Winbox can be used as a tool to monitor traffic of every interface, queue or firewall rule in real-time. Screenshot below shows ethernet traffic monitoring graphs.
 
</p>
 
</p>
[[File:winbox-window-trafmon.png|640px]]
+
[[File:Wb-man-12.PNG]]
 +
 
 +
===Item copy===
 +
This shows how easy it is to copy an item in Winbox. In this example, we will use the COPY button to make a Dynamic PPPoE server interface into a Static interface.
 +
 
 +
This image shows us the initial state, as you see DR indicates "D" which means Dynamic:
 +
*[[File:Wb-man-13.PNG | 750px ]]
 +
 
 +
Double-Click on the interface and click on COPY:
 +
*[[File:Wb-man-14.PNG | 750px ]]
  
 +
A new interface window will appear, a new name will be created automatically (in this case pppoe-in1)
 +
*[[File:Wb-man-15.PNG | 750px ]]
 +
 +
After this Down/Up event this interface will be Static:
 +
*[[File:Wb-man-16.PNG | 750px ]]
  
 
== Transferring Settings ==
 
== Transferring Settings ==
  
On Windows Vista/7 Winbox settings are stored in: %USERPROFILE%\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
+
* Managed router transfer - In File menu, use Save As and Open functions to save managed router list to file and open it up again on new workstation.
 +
 
 +
* Router sessions transfer - In Tools menu, use Export and Import functions to save existing sessions to file and import them again on new workstation.
 +
 
 +
==Troubleshooting==
 +
 
 +
; Winbox cannot connect to router's IP address
 +
: Make sure that Windows firewall is set to allow Winbox connections or disable windows firewall.
 +
 
 +
; I get an error '(port 20561) timed out' when connecting to routers mac address
 +
: Windows (7/8) does not allow mac connection if file and print sharing is disabled.
 +
 
 +
== Legacy version manual ==
 +
 
 +
[[ Manual:Winbox_v2.x | Winbox v2.x.x ]]
  
Simply copy this file to the same location on the new host.
+
{{Cont}}
  
[[Category:Manual]]
+
[[Category:Manual|W]]
 +
[[Category:Basic|W]]

Revision as of 10:30, 29 May 2018

Summary

Winbox is a small utility that allows administration of MikroTik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on Linux and MacOS (OSX) using Wine. All Winbox interface functions are as close as possible mirroring the console functions, that is why there are no Winbox sections in the manual. Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface Winbox changelog

From Winbox v3.14, the following security features are used:

  • Winbox.exe is signed with an Extended Validation certificate, issued by SIA Mikrotīkls (MikroTik).
  • WinBox uses ECSRP for key exchange and authentication (requires new winbox version).
  • Both sides verify that other side knows password (no man in the middle attack is possible).
  • Winbox in RoMON mode requires that agent is the latest version to be able to connect to latest version routers.
  • Winbox uses AES128-CBC-SHA as encryption algorithm (requires winbox version 3.14 or above).

Starting Winbox

Winbox loader can be downloaded from the mikrotik download page. When winbox.exe is downloaded, double click on it and winbox loader window will pop up:

Wb-man-1.PNG

To connect to the router enter IP or MAC address of the router, specify username and password (if any) and click on Connect button. You can also enter the port number after the IP address, separating them with a colon, like this 192.168.88.1:9999. The port can be changed in RouterOS services menu.

Icon-note.png

Note: It is recommended to use IP address whenever possible. MAC session uses network broadcasts and is not 100% reliable.


You can also use neighbor discovery, to list available routers use Neighbors tab:

Wb-man-2.PNG

From list of discovered routers you can click on IP or MAC address column to connect to that router. If you click on IP address then IP will be used to connect, but if you click on MAC Address then MAC address will be used to connect to the router.

Icon-note.png

Note: Neighbor discovery will show also devices which are not compatible with Winbox, like Cisco routers or any other device that uses CDP (Cisco Discovery Protocol). If you will try to connect to SwOS device, then connection will be established through web browser


Description of buttons and fields of loader screen

  • Simple mode:

-- Buttons/check-boxes

  • Connect - Connect to the router
  • Connect To RoMON - Connect to RoMON Agent
  • Add/set - Save/Edit any of saved router entries in Managed tab.
  • Open In New Window - Leaves loader open in background and opens new windows for each device to which connection is made.

-- Fields

  • Connect To: - destination IP or MAC address of the router
  • Login - username used for authentication
  • Password - password used for authentication
  • Keep Password - if unchecked, password is not saved to the list


  • Advanced mode:

-- Buttons/check-boxes

  • Browse - Browse file directory for some specific session
  • Keep Password - if unchecked, password is not saved to the list
  • Secure mode - if checked, winbox will use DH-1984 for key exchange and modified and hardened RC4-drop3072 encryption to secure session.
  • Autosave session - Saves sessions automatically for devices to which connection are made.

-- Fields:

  • Session - Saved router session.
  • Note - Note that is assigned to save router entry.
  • Group - Group to which saved router entry is assigned.
  • RoMON Agent - Select RoMON Agent from available device list


Description of menu items in loader screen

-- File

  • New - Create new managed router list in specified location
  • Open - Open managed router list file
  • Save As - Save current managed router list to file
  • Exit - Exit Winbox loader

-- Tools

  • Advanced Mode - Enables/Disables advanced mode view
  • Import - Imports saved session file
  • Export - Exports saved session file
  • Move Session Folder - Change path where session files are stored
  • Clear cache - Clear winbox cache
  • Check For Updates - Check for updates for Winbox loader
Icon-warn.png

Warning: Managed routers list is encrypted, but it can still be loaded in other winbox without problems IF the master password is not set for it!


It is possible to use command line to pass connect to, user and password parameters automatically:

winbox.exe [<connect-to> [<login> [<password>]]]

For example (with no password):

winbox.exe 10.5.101.1 admin ""

Will connect to router 10.5.101.1 with user "admin"without password.

It is possible to use command line to pass connect to, user and password parameters automatically to conenct to router through RoMON. In this case RoMON Agent must be saved on Managed routers list so Winbox would know user and password for this device:

winbox.exe --romon [<romon-agent> [<connect-to> [<login> [<password>]]]]

For example (with no password):

winbox.exe --romon 10.5.101.1 D4:CA:6D:E1:B5:7D admin ""

Will connect to router D4:CA:6D:E1:B5:7D through 10.5.101.1 RoMON Agent with user "admin" without password.

IPv6 connectivity

Winbox supports IPv6 connectivity. To connect to the routers IPv6 address, it must be placed in square braces the same as in web browsers when connecting to IPv6 server. Example:

Wb-man-3.PNG

Winbox neighbor discovery is now capable of discovering IPv6 enabled routers. As you can see from the image below, there are two entries for each IPv6 enabled router, one entry is with IPv4 address and another one with IPv6 link-local address. You can easily choose to which one you want to connect:

Wb-man-2.PNG

Run Winbox on macOS

Wine bottler

It is possible to use Winbox in Apple macOS operating system by using Wine emulation software. For easier use it can be combined with WineBottler software to create a more convenient executable.

Homebrew

If the bottled version does not work, you can use Homebrew to install Wine and then launch the regular Winbox.exe file from our download page

Requirements:

  1. Xcode latest version. If you have Xcode 9-beta, delete Xcode 8 first, then rename the Beta to "Xcode".
  2. Homebrew

Then just follow these steps:

brew cask install xquartz
brew install wine

If you'd like to create a launcher in MacOS, to avoid launching Wine from the Terminal, you can do it with Automator and save the result as a service or as an app. This is an example setup:

Automator.png

Interface Overview

Winbox interface has been designed to be intuitive for most of the users. Interface consists of:

  • Main toolbar at the top where users can add various info fields, like CPU and memory usage.
  • Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example if IPv6 package is disabled, then IPv6 menu and all it's sub-menus will not be displayed.
  • Work area - area where all menu windows are opened.

Wb-man-4.PNG

Title bar shows information to identify with which router Winbox session is opened. Information is displayed in following format:

[username]@[Router's IP or MAC] ( [RouterID] ) - Winbox [ROS version] on [RB model] ([platform])

From screenshot above we can see that user krisjanis is logged into router with IPv4/IPv6 address [fe80::4e5e:cff:fef6:c0ab%3]. Router's ID is 3C18-Krisjanis_GW, currently installed RouterOS version is v6.36rc6, RouterBoard is CCR1036-12G-4S and platform is tile.

On the Main toolbar's left side is located undo and redo buttons to quickly undo any changes made to configuration. On the right side is located:

  • winbox traffic indicator displayed as a green bar,
  • indicator that shows whether winbox session uses encryption

Work Area and child windows

Winbox has MDI interface meaning that all menu configuration (child) widows are attached to main (parent) Winbox window and are showed in work area.

Wb-man-5.PNG

Child windows can not be dragged out of working area. Notice in screenshot above that Interface window is dragged out of visible working area and horizontal scroll bar appeared at the bottom. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear.

Child window menu bar

Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:

  • Win-add.png Add - add new item to the list
  • Win-remove.png Remove - remove selected item from the list
  • Win-enable.png Enable - enable selected item (the same as enable command from console)
  • Win-disable.png Disable - disable selected item (the same as disable command from console)
  • Win-comment.png Comment - add or edit comment
  • Win-sort.png Sort - allows to sort out items depending on various parameters. Read more >>

Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below

Wb-man-6.PNG

Notice that at the right side next to quick find input filed there is a dropdown box. For currently opened (IP Route) window this dropdown box allows to quickly sort out items by routing tables. For example if main is selected, then only routes from main routing table will be listed.
Similar dropdown box is also in all firewall windows to quickly sort out rules by chains.

Sorting out displayed items

Almost every window has a Sort button. When clicking on this button several options appear as illustrated in screenshot below

Wb-man-7.PNG

Example shows how to quickly filter out routes that are in 10.0.0.0/8 range

  1. Press Sort button
  2. Chose Dst.Address from the first dropdown box.
  3. Chose in form the second dropdown box. "in" means that filter will check if dst address value is in range of specified network.
  4. Enter network against which values will be compared (in our example enter "10.0.0.0/8")
  5. These buttons are to add or remove another filter to the stack.
  6. Press Filter button to apply our filter.

As you can see from screenshot winbox sorted out only routes that are within 10.0.0.0/8 range.

Comparison operators (Number 3 in screenshot) may be different for each window. For example "Ip Route" window has only two is and in. Other windows may have operators such as "is not", "contains", "contains not".

Winbox allows to build stack of filters. For example if there is a need to filter by destination address and gateway, then

  • set first filter as described in example above,
  • press [+] button to add another filter bar in stack.
  • set up seconf filter to filter by gateway
  • press Filter button to apply filters.

You can also remove unnecessary filter from the stack by pressing [-] button.

Customizing list of displayed columns

By default winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example "BGP AS Path" or other BGP attributes to monitor if routes are selected properly.

Winbox allows to customize displayed columns for each individual window. For example to add BGP AS path column:

  • Click on little arrow button (1) on the right side of the column titles or right mouse click on the route list.
  • From popped up menu move to Show Columns (2) and from the sub-menu pick desired column, in our case click on BGP AS Path (3)

Wb-man-8.PNG

Changes made to window layout are saved and next time when winbox is opened the same column order and size is applied.

Detail mode

It is also possible to enable Detail mode. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.

To enable detail mode right mouse click on the item list and from the popupmenu pick Detail mode

Wb-man-9.PNG

Category view

It is possible to list items by categories. In tis mode all items will be grouped alphabetically or by other category. For example items may be categorized alphabetically if sorted by name, items can also be categorized by type like in screenshot below.

To enable Category view, right mouse click on the item list and from the popupmenu pick Show Categories

Wb-man-10.PNG

Drag & Drop

It is possible to upload and download files to/from router using winbox drag & drop functionality. You can also download file by pressing right mouse button on it and selecting "Download".

Wb-man-11.PNG

Icon-note.png

Note: Drag & Drop does not work if winbox is running on Linux using wine. This is not a winbox problem, wine does not support drag & drop.


Traffic monitoring

Winbox can be used as a tool to monitor traffic of every interface, queue or firewall rule in real-time. Screenshot below shows ethernet traffic monitoring graphs.

Wb-man-12.PNG

Item copy

This shows how easy it is to copy an item in Winbox. In this example, we will use the COPY button to make a Dynamic PPPoE server interface into a Static interface.

This image shows us the initial state, as you see DR indicates "D" which means Dynamic:

  • Wb-man-13.PNG

Double-Click on the interface and click on COPY:

  • Wb-man-14.PNG

A new interface window will appear, a new name will be created automatically (in this case pppoe-in1)

  • Wb-man-15.PNG

After this Down/Up event this interface will be Static:

  • Wb-man-16.PNG

Transferring Settings

  • Managed router transfer - In File menu, use Save As and Open functions to save managed router list to file and open it up again on new workstation.
  • Router sessions transfer - In Tools menu, use Export and Import functions to save existing sessions to file and import them again on new workstation.

Troubleshooting

Winbox cannot connect to router's IP address
Make sure that Windows firewall is set to allow Winbox connections or disable windows firewall.
I get an error '(port 20561) timed out' when connecting to routers mac address
Windows (7/8) does not allow mac connection if file and print sharing is disabled.

Legacy version manual

Winbox v2.x.x

[ Top | Back to Content ]