I was able to do basic configuration on a MikroTik router and allowed the LAN to go the Internet using NAT (Source NAT). Below is the network topology and actual photos of the MikroTik Cloud Core Router used for this lab scenario.
You can delete the default admin account by clicking the dash or minus icon ( - ) which is beside D (disable).
Take note of the default Add Default Route of yes.
You can do an IP Scan on selected Interface (ether2) under Tools > IP Scan. Notice the MikroTik router was able to fingerprint the host NetBIOS (MACBOOKPRO).
You can also view DHCP leased addresses under IP > Pool > Used Addresses.
To configure a default route, go to under IP > Routes. Notice the ISP DHCP Client automatically configured a default route 0.0.0.0/0 since we selected yes under Add Default Route.
Click on the 0.0.0.0/0 route entry to view more details.
You can view interface status and statistics under Interfaces.
Click a specific interface (ether1) to view more details.
You can perform troubleshooting or diagnostics, go to Tools > Ping > type an IP address (8.8.8.8) under Ping To > click Start.
You can also do a Traceroute which perform like an MTR.
You can view NAT translations under IP > Firewall > Connections.
Click on a specific output (line 2) in order to view more details.
To view chassis information, go to System > Health.
You can also view more chassis environment info under System > Resources.
To view Syslogs to to Log.
You can also do Packet Sniffer or capture under Tools > Packet Sniffer > Start.
Click Stop > then click Packets.
Click on a specific output or line (line 2) to view more details.
You can do real-time traffic monitoring on a specific interface under Torch > select an Interface (ether2) > type Src Address (Source Address) > type Dst Address (Destination Address) > click Start (then click Stop).
You can do a factory reset under System > Reset Configuration.
You can do a remote reboot under System >Reboot.
You can do a quick network setup under Quick Set found on the upper right hand corner of the web GUI.
You can launch the CLI terminal (inband) under Terminal.
You can connect (out-of-band) a console (rollover) cable to the MikroTik CONSOLE port. Set the baud rate to 115200 (8-N-1-N).
Below are some useful CLI show commands.
[admin@MikroTik] > system resource print
uptime: 2h36s
version: 6.39.2 (stable)
build-time: Jun/06/2017 08:01:04
factory-software: 6.36.4
free-memory: 1742.1MiB
total-memory: 1956.2MiB
cpu: tilegx
cpu-count: 9
cpu-frequency: 1200MHz
cpu-load: 0%
free-hdd-space: 82.1MiB
total-hdd-space: 128.0MiB
architecture-name: tile
board-name: CCR1009-7G-1C-1S+
platform: MikroTik
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R combo1 ether 1500 1580 10222 6C:3B:6B:E3:C5:21
1 R ether1 ether 1500 1580 10222 6C:3B:6B:E3:C5:22
2 R ether2 ether 1500 1580 10222 6C:3B:6B:E3:C5:23
3 ether3 ether 1500 1580 10222 6C:3B:6B:E3:C5:24
4 ether4 ether 1500 1580 10222 6C:3B:6B:E3:C5:25
5 ether5 ether 1500 1580 10222 6C:3B:6B:E3:C5:26
6 ether6 ether 1500 1580 10222 6C:3B:6B:E3:C5:27
7 ether7 ether 1500 1580 10222 6C:3B:6B:E3:C5:28
8 sfp-sfpplus1 ether 1500 1580 10222 6C:3B:6B:E3:C5:20
[admin@MikroTik] > interface ethernet cable-test ether1
name: ether1
status: link-ok
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 222.165.112.1 1
1 ADC 192.168.1.0/24 192.168.1.1 ether2 0
2 ADC 192.168.88.0/24 192.168.88.1 combo1 0
3 ADC 222.165.x.0/21 222.165.x.x9 ether1 0
[admin@MikroTik] > ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 55 8ms
1 8.8.8.8 56 55 7ms
2 8.8.8.8 56 55 7ms
3 8.8.8.8 56 55 8ms
4 8.8.8.8 56 55 8ms
5 8.8.8.8 56 55 7ms
6 8.8.8.8 56 55 7ms
sent=7 received=7 packet-loss=0% min-rtt=7ms avg-rtt=7ms max-rtt=8ms
[admin@MikroTik] > tool traceroute 8.8.8.8
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS
1 10.47.0.1 0% 7 8ms 7.6 4.6 11.3 2.2
2 10.47.0.1 16.. 7 8.1ms 8.2 6.8 10.3 1.2
3 172.20.43.65 0% 6 7.2ms 7.1 6.3 7.6 0.5
4 172.20.9.230 0% 6 9.4ms 9.5 9.4 9.8 0.1
5 203.116.188.85 0% 6 26.5ms 28.3 8.2 41.5 11.3
6 203.117.36.21 0% 6 9.4ms 11.2 6 23.4 6.2
7 203.116.189.181 0% 6 8.1ms 12.9 8 22.5 6.8
8 203.117.34.34 0% 6 7.6ms 18.8 7.6 44.8 13.3
9 72.14.196.189 0% 6 8.5ms 7.5 5.1 8.9 1.4
10 108.170.242.65 0% 6 7.7ms 8.4 7.7 8.7 0.3
11 108.170.237.229 0% 6 8.1ms 13.2 7.4 27.7 8
12 8.8.8.8 0% 6 7.2ms 12.5 7.2 22.5 7.1
[admin@MikroTik] > /log print
jan/01/1970 00:00:08 system,error,critical router rebooted without proper shutdown, probably power outage
jan/02/1970 00:00:10 script,info Starting_defconf_script_
jan/02/1970 00:00:10 script,info Defconf_script_finished
jan/02/1970 00:00:10 system,info address added
jan/02/1970 00:02:53 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:07:58 interface,info ether2 link down
jan/02/1970 00:08:02 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:08:32 interface,info ether2 link down
jan/02/1970 00:08:36 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:09:06 interface,info ether2 link down
jan/02/1970 00:09:10 interface,info ether1 link up (speed 1G, full duplex)
jan/02/1970 00:10:21 interface,info ether1 link down
jan/02/1970 00:10:27 interface,info combo1 link up (speed 1G, full duplex)
jan/02/1970 00:13:13 system,error,critical login failure for user admin from 192.168.88.2 via ftp
jan/02/1970 00:13:15 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:13:16 system,info,account user admin logged in from 192.168.88.2 via ftp
jan/02/1970 00:13:17 system,info,account user admin logged out from 192.168.88.2 via ftp
jan/02/1970 00:14:39 system,info,account user admin logged in via local
jan/02/1970 00:19:15 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:19:15 system,info,account user admin logged out via local
jan/02/1970 00:19:27 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:19:27 system,info,account user admin logged in via local
jan/02/1970 00:19:51 system,info,account user admin logged in via local
jan/02/1970 00:20:00 system,info,account user admin logged out via local
jan/02/1970 00:20:01 system,info,account user admin logged in via local
jan/02/1970 00:20:04 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:20:04 system,info,account user admin logged out via local
jan/02/1970 00:20:04 system,info,account user admin logged out via local
jan/02/1970 00:20:13 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:20:14 system,info,account user admin logged in via local
jan/02/1970 00:20:20 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:20:20 system,info,account user admin logged out via local
jan/02/1970 00:20:45 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:20:47 system,info,account user admin logged in via local
jan/02/1970 00:20:48 system,info,account user admin logged out via local
jan/02/1970 00:25:00 system,info,account user admin logged in via local
jan/02/1970 00:30:00 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:31:01 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:33:26 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:33:28 system,info,account user admin logged in from 192.168.88.2 via web
<OUTPUT TRUNCATED>
[admin@MikroTik] > /system health print
fan-mode: auto
use-fan: main
active-fan: main
cpu-overtemp-check: yes
cpu-overtemp-threshold: 100C
cpu-overtemp-startup-delay: 1m
voltage: 24.1V
current: 738mA
temperature: 34C
cpu-temperature: 52C
power-consumption: 17.8W
psu1-state: ok
psu2-state: fail
fan1-speed: 6466RPM
[admin@MikroTik] > /export
# jul/11/2017 22:36:28 by RouterOS 6.39.2
# software id = 1E6H-GITN
#
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 lease-time=8h name=\
dhcp1
/ip address
add address=192.168.88.1/24 comment=defconf interface=combo1 network=\
192.168.88.0
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,4.2.2.2 gateway=192.168.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system clock
set time-zone-name=Asia/Singapore
[admin@MikroTik] > system reset-configuration
Dangerous! Reset anyway? [y/N]:
To initially configure the MikroTik router, manually set your
PC IP to 192.168.88.2/24 > connect an RJ45 cable between PC LAN port and
MikroTik router's ETH (leftmost port).
Open a web browser > HTTP
to 192.168.88.1 > type admin under
login > leave Password blank > click Login.
Create a new user account under WebFig > Users > Add New.
Type
the Name > choose a Group (full by default) > type and confirm Password
> click Apply > OK.
You can delete the default admin account by clicking the dash or minus icon ( - ) which is beside D (disable).
I’m using a cable modem at home which provides a public IP address via its Ethernet port. To configure the MikroTik router's ISP/WAN interface, go to IP
> DHCP Client > Add New.
Under
Interface > choose ether1 > Apply > OK. Notice
the ISP public IP address appeared.
Take note of the default Add Default Route of yes.
To configure the LAN IP address, go to IP > Addresses > Add New.
Type
the LAN Address 192.168.1.1/24 (default gateway) > type 192.168.1.0 under
Network > choose ether2 under Interface > click Apply > OK.
Type
a Name > choose the LAN Interface > set a Lease Time (HH:MM:SS) >
click Apply > OK.
Choose dynamic under Bootp
Support.
Click DHCP Setup > choose ether2 under
DHCP Server Interface > Next.
Leave the default DHCP Address Space
(192.168.1.0/24) > click Next.
Leave the default (192.168.1.1) for Gateway
for DHCP Network.
Leave the default for Address to Give Out
(192.168.1.2-192.168.1.254).
Type a Primary (optional Secondary) DNS
Servers. It auto filled the ISP DNS Servers if WAN is a DHCP Client.
Optionally change the default lease time
(10 mins) to 8 hours.
Click Leases tab to see DHCP clients (I had a PC
connected on ether2)
You can do an IP Scan on selected Interface (ether2) under Tools > IP Scan. Notice the MikroTik router was able to fingerprint the host NetBIOS (MACBOOKPRO).
You can also view DHCP leased addresses under IP > Pool > Used Addresses.
To configure a default route, go to under IP > Routes. Notice the ISP DHCP Client automatically configured a default route 0.0.0.0/0 since we selected yes under Add Default Route.
Click on the 0.0.0.0/0 route entry to view more details.
You need to configure NAT in order to allow the private IP address
(192.168.1.0/24) to reach the public Internet. To configure NAT (Source NAT),
go to IP > Firewall > NAT > Add New.
Leave
the default srcnat under Chain > select Out.Interface ether1 (ISP)
You can view interface status and statistics under Interfaces.
Click a specific interface (ether1) to view more details.
You can perform troubleshooting or diagnostics, go to Tools > Ping > type an IP address (8.8.8.8) under Ping To > click Start.
You can also do a Traceroute which perform like an MTR.
You can view NAT translations under IP > Firewall > Connections.
Click on a specific output (line 2) in order to view more details.
To view chassis information, go to System > Health.
You can also view more chassis environment info under System > Resources.
To view Syslogs to to Log.
You can also do Packet Sniffer or capture under Tools > Packet Sniffer > Start.
Click Stop > then click Packets.
Click on a specific output or line (line 2) to view more details.
You can do real-time traffic monitoring on a specific interface under Torch > select an Interface (ether2) > type Src Address (Source Address) > type Dst Address (Destination Address) > click Start (then click Stop).
You can do a factory reset under System > Reset Configuration.
You can do a remote reboot under System >Reboot.
You can do a quick network setup under Quick Set found on the upper right hand corner of the web GUI.
You can launch the CLI terminal (inband) under Terminal.
You can connect (out-of-band) a console (rollover) cable to the MikroTik CONSOLE port. Set the baud rate to 115200 (8-N-1-N).
Below are some useful CLI show commands.
[admin@MikroTik] > system resource print
uptime: 2h36s
version: 6.39.2 (stable)
build-time: Jun/06/2017 08:01:04
factory-software: 6.36.4
free-memory: 1742.1MiB
total-memory: 1956.2MiB
cpu: tilegx
cpu-count: 9
cpu-frequency: 1200MHz
cpu-load: 0%
free-hdd-space: 82.1MiB
total-hdd-space: 128.0MiB
architecture-name: tile
board-name: CCR1009-7G-1C-1S+
platform: MikroTik
[admin@MikroTik] > interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
# NAME TYPE ACTUAL-MTU L2MTU MAX-L2MTU MAC-ADDRESS
0 R combo1 ether 1500 1580 10222 6C:3B:6B:E3:C5:21
1 R ether1 ether 1500 1580 10222 6C:3B:6B:E3:C5:22
2 R ether2 ether 1500 1580 10222 6C:3B:6B:E3:C5:23
3 ether3 ether 1500 1580 10222 6C:3B:6B:E3:C5:24
4 ether4 ether 1500 1580 10222 6C:3B:6B:E3:C5:25
5 ether5 ether 1500 1580 10222 6C:3B:6B:E3:C5:26
6 ether6 ether 1500 1580 10222 6C:3B:6B:E3:C5:27
7 ether7 ether 1500 1580 10222 6C:3B:6B:E3:C5:28
8 sfp-sfpplus1 ether 1500 1580 10222 6C:3B:6B:E3:C5:20
[admin@MikroTik] > interface ethernet cable-test ether1
name: ether1
status: link-ok
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 222.165.112.1 1
1 ADC 192.168.1.0/24 192.168.1.1 ether2 0
2 ADC 192.168.88.0/24 192.168.88.1 combo1 0
3 ADC 222.165.x.0/21 222.165.x.x9 ether1 0
[admin@MikroTik] > ping 8.8.8.8
SEQ HOST SIZE TTL TIME STATUS
0 8.8.8.8 56 55 8ms
1 8.8.8.8 56 55 7ms
2 8.8.8.8 56 55 7ms
3 8.8.8.8 56 55 8ms
4 8.8.8.8 56 55 8ms
5 8.8.8.8 56 55 7ms
6 8.8.8.8 56 55 7ms
sent=7 received=7 packet-loss=0% min-rtt=7ms avg-rtt=7ms max-rtt=8ms
[admin@MikroTik] > tool traceroute 8.8.8.8
# ADDRESS LOSS SENT LAST AVG BEST WORST STD-DEV STATUS
1 10.47.0.1 0% 7 8ms 7.6 4.6 11.3 2.2
2 10.47.0.1 16.. 7 8.1ms 8.2 6.8 10.3 1.2
3 172.20.43.65 0% 6 7.2ms 7.1 6.3 7.6 0.5
4 172.20.9.230 0% 6 9.4ms 9.5 9.4 9.8 0.1
5 203.116.188.85 0% 6 26.5ms 28.3 8.2 41.5 11.3
6 203.117.36.21 0% 6 9.4ms 11.2 6 23.4 6.2
7 203.116.189.181 0% 6 8.1ms 12.9 8 22.5 6.8
8 203.117.34.34 0% 6 7.6ms 18.8 7.6 44.8 13.3
9 72.14.196.189 0% 6 8.5ms 7.5 5.1 8.9 1.4
10 108.170.242.65 0% 6 7.7ms 8.4 7.7 8.7 0.3
11 108.170.237.229 0% 6 8.1ms 13.2 7.4 27.7 8
12 8.8.8.8 0% 6 7.2ms 12.5 7.2 22.5 7.1
[admin@MikroTik] > /log print
jan/01/1970 00:00:08 system,error,critical router rebooted without proper shutdown, probably power outage
jan/02/1970 00:00:10 script,info Starting_defconf_script_
jan/02/1970 00:00:10 script,info Defconf_script_finished
jan/02/1970 00:00:10 system,info address added
jan/02/1970 00:02:53 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:07:58 interface,info ether2 link down
jan/02/1970 00:08:02 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:08:32 interface,info ether2 link down
jan/02/1970 00:08:36 interface,info ether2 link up (speed 1G, full duplex)
jan/02/1970 00:09:06 interface,info ether2 link down
jan/02/1970 00:09:10 interface,info ether1 link up (speed 1G, full duplex)
jan/02/1970 00:10:21 interface,info ether1 link down
jan/02/1970 00:10:27 interface,info combo1 link up (speed 1G, full duplex)
jan/02/1970 00:13:13 system,error,critical login failure for user admin from 192.168.88.2 via ftp
jan/02/1970 00:13:15 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:13:16 system,info,account user admin logged in from 192.168.88.2 via ftp
jan/02/1970 00:13:17 system,info,account user admin logged out from 192.168.88.2 via ftp
jan/02/1970 00:14:39 system,info,account user admin logged in via local
jan/02/1970 00:19:15 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:19:15 system,info,account user admin logged out via local
jan/02/1970 00:19:27 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:19:27 system,info,account user admin logged in via local
jan/02/1970 00:19:51 system,info,account user admin logged in via local
jan/02/1970 00:20:00 system,info,account user admin logged out via local
jan/02/1970 00:20:01 system,info,account user admin logged in via local
jan/02/1970 00:20:04 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:20:04 system,info,account user admin logged out via local
jan/02/1970 00:20:04 system,info,account user admin logged out via local
jan/02/1970 00:20:13 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:20:14 system,info,account user admin logged in via local
jan/02/1970 00:20:20 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:20:20 system,info,account user admin logged out via local
jan/02/1970 00:20:45 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:20:47 system,info,account user admin logged in via local
jan/02/1970 00:20:48 system,info,account user admin logged out via local
jan/02/1970 00:25:00 system,info,account user admin logged in via local
jan/02/1970 00:30:00 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:31:01 system,info,account user admin logged in from 192.168.88.2 via web
jan/02/1970 00:33:26 system,info,account user admin logged out from 192.168.88.2 via web
jan/02/1970 00:33:28 system,info,account user admin logged in from 192.168.88.2 via web
<OUTPUT TRUNCATED>
[admin@MikroTik] > /system health print
fan-mode: auto
use-fan: main
active-fan: main
cpu-overtemp-check: yes
cpu-overtemp-threshold: 100C
cpu-overtemp-startup-delay: 1m
voltage: 24.1V
current: 738mA
temperature: 34C
cpu-temperature: 52C
power-consumption: 17.8W
psu1-state: ok
psu2-state: fail
fan1-speed: 6466RPM
[admin@MikroTik] > /export
# jul/11/2017 22:36:28 by RouterOS 6.39.2
# software id = 1E6H-GITN
#
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2 lease-time=8h name=\
dhcp1
/ip address
add address=192.168.88.1/24 comment=defconf interface=combo1 network=\
192.168.88.0
add address=192.168.1.1/24 interface=ether2 network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=8.8.8.8,4.2.2.2 gateway=192.168.1.1
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1
/system clock
set time-zone-name=Asia/Singapore
[admin@MikroTik] > system reset-configuration
Dangerous! Reset anyway? [y/N]:
No comments:
Post a Comment