sobota, 27. december 2014

Basic Mikrotik setup using WinBox and Quick Set option



In this blog I will write about basic configuration of Mikrotik. In my specific instance that will be an RB951Ui-2HnD. This will be just basic configuration to setup working internet with WiFi and NAT using WinBox + Quick Set option from the WinBox menu. This is just the basic configuration to get your router on the internet, nothing fancy, just the basic stuff.
First thing to do is to unpack the totally unimpressive box that has no flashy pictures of various features the router has like this one :


If you have one in your hand I don’t need to show you how it looks but for all the others, here is the most unimpressive box you will ever see. 


I probably don’t need to tell you that now you need to plug it in to work. Now connect your computer with a normal (straight) UTP cable with one of his ports 2 – 5

The basic configuration of your router will give your computer an IP address in a 192.168.88.0/24 subnet. All you need now is WinBox. If you have existing internet connection you can download the newest version at: 


You will find it under Useful tools and utilities. If for some miracle, you don’t have an active Internet connection, you can download the preloaded version directly from router. Just open your prefered internet browser aka Chrome, Mozilla, IE and go to the address of 192.168.88.1 

After the page displays, just click on the WinBox Icon and the download will start.


Now that we have all we need you need to run the WinBox – NOPE Mikrotik users do not use the web interface for configuration. WinBox is the main tool. YES, there is an option to do it via the WEB interface, but I still need to meet the person that uses that.
The default user is admin with blank password and of course the IP is- 192.168.88.1


You will be greeted with this default configuration popup.
  

If you are doing a home configuration and are not familiar with RouterOS then you should keep this configuration and just click OK. 

What will this default configuration do:
-      - It will set your port 1 to wait for IP address (WAN - DHCP)
-       - It will bridge ports 2-5 together to work as a switch
-      - Set the IP of the router to 192.168.88.1
-      - Enable DHCP
-      - Enable NAT
-      - Enable basic Firewall
-      - Configure WiFi with SSID – Mikro Tik, as an AP bridge (mixed b/g/n)

Basically if your internet provider deals out IP addresses and you don’t use PPPoE this would work out of the box for you. But you can’t connect a router with default configurations to internet. And we do want a different SSID and some encryption on our WiFi at least. Also, changing out default password would be a great idea, so lets start with that.
The most important thing to do in any configuration of a router, is to change the default user (if possible) and password. In this case we will create a new user named- user1 (you can name it as u like) and add him to GROUP = FULL !! Don’t forget that since we will disable the default user admin. And if you forget to add him in the right group you lose your admin and need to factory reset the router. Group FULL has administrative permissions.

You will find this under System\Users in the WinBox menu.


After you create the new user click on the admin user and click the red X to disable him. On the next login you will need to login with the new user.
With that done you now click the Quick set button and configure our router and settings.

1 1.   Change the mode to Home AP mode.
2 2.   Change the name of the SSID to your liking
3 3.   Use WiFi password (at least 8 symbols required) default encryption is WPS2- Personal – AES
4 4.   Change how your internet provider supplies your IP address. 


    All you need to do now is plug in the UTP cable from your ISP modem or whatever to port 1 and your good to go. This was pretty simple as you can see, but there are still things to do, like disabling or limiting access to active services on the router, pimping out the firewall, setup the time server so your router knows what time it is, maybe setup a VPN…
    But that will be done in my next blogs. Thank you all for reading, I hope this has been some use to you.




 

Ni komentarjev:

Objavite komentar