Setting UP MikroTik Router HOWTO

Dicomot langsung dari http://www.timmclaughlin.com/mikrotik.html

Link Bagus lainnya http://wiki.mikrotik.com/wiki/Hotspot_server_setup

Login: (admin is the default)
Password: (none by default)

From any menu you can type:
“?” to show a list of possible commands
“print” will display any configuration from that menu if there is any.
“..” will navigate to a previous menu
“/” will navigate to the root menu
to change from “ip address>” to “ip route>” type “..” then “route”


Set the IP addresses.
ip address> add address=x.x.x.x netmask=x.x.x.x interface=ether1
(to set up the second interface use ether2 for the interface)


Add the default route or gateway.

ip route> add gateway=x.x.x.x

For additional routes:

ip route> add dst-address=x.x.x.x netmask=x.x.x.x gateway=x.x.x.x
(dst-address=”this is the subnet address”)
(netmask=”this is the mask of the dst-address”)
(gateway=”this is the next router to the dst-address”)

Enable the interfaces.

interface> print (this will display the interfaces you have an X will show if it is diasbled or not)
interface> set 0 disable=no (this will enable interface 0, repeet for any interface needed)

Change port speed and duplex of the ethernet ports if needed.

interface ethernet> set ether1 “press TAB for options for ether1”

Configure the DHCP POOL.

ip dhcp-server>setup
dhcp server interface:ether2
dhcp server address space:x.x.x.x/x (this is the subnet for dhcp)
Gateway for DHCP network:x.x.x.x (this is normaly the ip of the mikrotik dhcp server interface)
addresses to give out:x.x.x.x-x.x.x.x (these are the ip’s of handed out with DHCP)
DNS Servers:69.5.139.3,69.5.136.253 (our DNS servers)
Lease time:3d (default of 3 days)

Configure the Hotspot service.

ip hotspot>setup (DO NOT run setup on a router more than once it WILL screw things up)
hotspot interface:ether2
interface already configured:yes
use ssl:no
use transparent web proxy:no
use local DNS cache:no
dns Name:x.x.x.x (please enter the ip of ether2)
another port for service:8081 (this is the port winbox connects on)
name of local hotspot user:admin (admin is the default)
password for the user: (please enter one or provide anyone with a clue free access)

ip hotspot> set auth-http-cookie=yes (tell to hotspot to use cookies)
ip hotspot> set http-cookie-lifetime=3d (how long before the login cookie expires)
ip hotspot> set auth-mac=yes (alows mac address authentication)
ip hotspot> set auth-mac-password=yes (uses mac address for password with the mac login)
ip hotspot> set login-mac-universal=yes
(this allows computers to be logged in without a web browser you must set up universal for this to work)

Configure Walled-garden to allow non-authenticated users access to some of our servers.

ip hotspot walled-garden> add dst-host=faye.ics-llc.net
ip hotspot walled-garden> add dst-host=www.ics-llc.net
ip hotspot walled-garden> add dst-host=secure.ics-llc.net

Setting up universal.

ip hotspot universal> add address-pool=dhcp_pool1 addresses-per-mac=1 arp=no-arp interface=ether2 use-dhcp=yes
(address-pool=’the name of the DHCP pool’)(addesses-per-mac=’number of ips allowed per mac address’)
(arp=’weather or not to respond to ALL arp requests’)(interface=’should be the same as hotspot interface)

Configure the Hotspot service to use radius.

ip hotspot aaa> set use-radius=yes

Configure the firewall to allow an ssl login on our server.

ip firewall mangle> add dst-address=69.5.139.13/32 action=accept mark-flow=hs-auth

Configure DNS Servers.

ip dns> set primary-dns=69.5.139.3 secondary-dns=69.5.136.253

Adding the Radius Server

Radius> add service=login,hotspot, address=x.x.x.x secret=xxxxxxxxx
(service=’login-if you want to use the database for authentication to the console, hotspot for internet users’)
(address=’the ip of your radius server’)
(secret=’this is the radius server passphase’)

!!!!!Remember to allow the Mikrotik access to the Radius Server!!!!!

Changeing the Admin Login password

User> set admin password=xxxxxxxxx

Setting up WatchDog reboot

system watchdog> set reboot-on-failure=yes watch-address=x.x.x.x watchdog-timer=yes ping-start-after-boot=5m

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: