In this tutorial, we are going to discuss how to configure the Mikrotik router for an internet connection or we can say how to configure the Mikrotik router for the first time use. We will go through the step-by-step process for the Mikrotik router configuration.
Every Mikrotik router has preconfigured with a default IP address. The default IP address is 192.168.88.1/24. This address is configured on the "Ether-1" port. This address is used by the "Winbox" or "Webfig" tool to access the router interface.
The "Winbox" is a proprietary tool of the Mikrotik that is used to take the graphical access into the router.
The Mikrotik has a built-in web-server called "Webfig". This web server is also used to configure the router. A network administrator or engineer can access this web-server using any browser program such as Mozilla Firefox, Google Chrome, etc.
For authentication purposes, every router has preconfigured with a default user called "admin". At the first time during access to the Mikrotik router, we have to use this default user. This "admin" user has no password. Please keep in mind that the user name is case-sensitive.
We can take three different types of access or three different layer access into the Mikrotik router. The different types or layer are following:-
1. Layer-7 access or application-level access.
2. Layer-3 access or network-level access.
3. Layer-2 access or MAC-level access
The description for those layers are:-
1. Layer-7 access or application-level access:- If we take access to the router using the API, then this type of access called Layer-7 access or application-level access.
2. Layer-3 access or network-level access:- If we take access to the router using the IP address, then this type of access called Layer-3 access or network-level access.
3. Layer-2 access or MAC-level access:- If we take access to the router using the MAC address, then this type of access called Layer-2 access or MAC-level access. To take the layer-2 access or MAC-level access, we have to use the "Winbox" tool. Using this "Winbox" tool, we can take layer-3 access also.
Just connect your laptop or desktop computer to the Mikrotik Ethernet port. Now write the interface MAC address instead of an IP address at the "Connect To" field.
If you didn't find the interface MAC address then navigate to the "Neighbors" tab. Now the "Winbox" tool will automatically find out the interface MAC address. Just double-click on it.
At the "Login" field, use the default user name i.e 'admin'. Password will be blank as default. After that click on the "Connect" button to access the router.
Now we will go for the configuration. The Mikrotik router has a built-in setup wizard to configure the internet connection very easily. This setup wizard is called "Quick Set". This "Quick Set" feature provides us a single interface to configure all the necessary configurations such as DHCP server, DNS server, NAT, IP address configuration, etc.
The network engineers or administrators who are new to the Mikrotik router, they can use this built-in feature to enable the internet connection for the user very easily. The whole process will be done automatically by this feature. That's why it is recommended for all freshers or home users.
In this tutorial, we will also learn the manual configuration process. We will configure manually all the necessary settings from different locations.
First of all, we will start using the "Quick Set" feature. We can access this feature from the Mikrotik menu item.
We can operate this router in two different modes. One is "Router" mode and another one is "Bridge" mode. If we want to connect this Mikrotik device directly to the internet, then we need to select the "Router" mode. And if we want that this Mikrotik device will connect or merge two separate networks, then we will select the "Bridge" mode.
In this tutorial, since we will configure the internet connection, we have selected the "Router" mode. Now we will select the IP address configuration method. We need to assign an IP address to this router so that it can connect to the internet. There are three methods available to configure the IP address for this router. Respectively they are Static, Automatic, and PPPoE.
If we want to assign an IP address manually, then we have to select the "Static" Method. On the other hand, If we want this Mikrotik Router will receive an IP address from the DHCP server, then we have to select the "Automatic" method. And finally, if we want this Mikrotik router will connect to a PPPoE server or it will act as a PPPoE client, then we have to select this method.
Now we will provide our IP, Netmask, Gateway information as well as we have to provide our DNS server address for resolving a name to IP addresses.
Then we will provide our LAN network information. This network information must be the same with all devices within the LAN. If we want this Mikrotik device will act as a DHCP server or it will provide an IP address to the other devices on the network then we have to enable the DHCP service. To do that just put a tick mark on the "DHCP Server" parameter. If you want you can change the address range of the DHCP server which it is going to provide. Also, put a tick mark on the NAT parameter so that this Mikrotik device performs the NAT function.
Now define your router name and set the password. Finally, click on "Apply" and then "OK".
Our "Quick Set" configuration is done. Now my LAN user can connect to the internet through this Mikrotik Router.
Now we will go through the manual configuration process. At first, we will assign the IP address in the Mikrotik Ethernet interface. We assume that the Ether-1 interface will be connected to the Internet and the Ether-2 interface will be connected to LAN Network. We will use the "Static" IP address configuration method mean we will assign an IP address manually.
To assign an IP address go to "IP" from the main menu and then the "Address" from the sub-menu. Now click on add (+) sign to add a new entry.
Now we will type the IP address. Then we will select the interface in which we will set this IP. We assume that our Ether-1 address will be 1.1.1.1/24 and the Ether-2 address will be 192.168.1.254/24.
Now we will set an IP address for the Ether-1 interface. This interface will be connected to the internet.
Now we will set for the Ether-2 interface and this will be connected to our LAN network.
Now we will configure the NAT function so that any private IP should be translated to public IP before its leaving the router. Because we know that private IP addresses can't access the internet. To enable the NAT function, go to the "IP" from the menu and then select "Firewall" from the sub-menu. Finally, navigate to the "NAT" tab and click on the (+) sign to add a new NAT rule.
Now navigate to the "General" tab. Select "Srcnat" as the "Chain" value. Write the LAN network address as the "Src Address" value
Now navigate to the "Action" tab and select the "src-nat" as the "Action" parameter value. Write the "Ether-1" IP address at the "To Addresses' field. Through this, it will translate the private IP address to the "Ether-1" IP address before leaving the router. Finally, click on "Apply" and then "OK".
Now we will configure our default gateway or default route. To do that, go to the "IP" menu and then go to the "Routes" sub-menu. Navigate to the "Routes" tab and then click on add (+) sign to add a new entry.
We assume that our gateway address is 2.2.2.2. Now we will add the default gateway or default route information. If the router not found any routing information for the specific network in its own routing table, then it will forward that network traffic via default route or default gateway.
At the "Dst Address" field we will write 0.0.0.0/0 means any network will be affected by this rule. At the "Gateway" field we will write the 2.2.2.2 address that is our default gateway address. By this entry, the router will forward all the network traffic to the default gateway, which is not found in its own routing table.
Now we will configure our DNS server address. To do that, go to the "IP" section and then the "DNS" sub-menu. Write the DNS server IP address at the "Server" field. We assume that our DNS address is 10.16.16.5
All is done. From now on our LAN users can access the internet. But notice here, we didn't configure any DHCP server service in our router. So we have to manually assign an IP address to all of our LAN users. It is okay for the small LAN network. But if the LAN network is large then it is difficult to manage IP address manually for the network. In that case, we should use a DHCP server. This server will maintain the IP address assignment process.
Mikrotik router has a built-in package to enable the DHCP server. If we want we can use other DHCP servers also.
Now we will enable the DHCP Server service on this router. Go to the "IP" section from the menu and then select the "DHCP Server" from the sub-menu. After opening the "DHCP" server interface, navigate to the "DHCP" tab and then click on the "DHCP Setup" wizard.
We will configure the DHCP server in our "Ether-2" interface so that my LAN users can receive the IP address from this DHCP server. We will select "Ether-2" for the "DHCP Server Interface" parameter value. Then click on the "Next" button.
Now we will write the network address that we want to provide through this DHCP server. As our example, our LAN network will be 192.168.1.0/24. And then click on "Next".
At this step, we have to write the gateway address for our LAN users. The "Ether-2" interface of the Mikrotik router will be the gateway for our LAN users. It receives all the internet traffic requests from the LAN users and then forwards them to the ISP's network. So the gateway address will be for our LAN users is 192.168.1.254. Because this address is used in our "Ether-2" interface.
Now we have to provide the address range that we want to allocate to our LAN users. Our address range will be "192.168.1.1"-"192.168.1.253". Lan users should receive the IP address from this address range. Here notice one thing, we didn't add our "Ether-2" IP address (192.168.1.254) within this range. Because this address is already being used. If the DHCP server is allocated this 192.168.1.254 address to someone then there will be a conflict with that "Ether-2" interface. That's we remove it from our address range.
At this step, we will write our DNS server address to provide our LAN users through this DHCP server. As our scenario, our DNS server address will be "10.16.16.5".
Now we will specify how long an address will remain with the LAN users. This is called the "Lease time". After this lease time is expired, LAN users will have to renew their IP address. Here I will leave the default setting.
After click on the "Next", this DHCP server will add to the list and it will be ready to provide the IP address to the LAN users.
All the work is done. Now any LAN user should get their IP address automatically from the router and get internet access.
Now we have to secure our router. We have to change or disable our default user name and have to assign a password. To do that, we will go "System" option from the "Menu" and then select "Users" from the sub-menu. Here we can change the user password or we can create a new user.
No comments:
Post a Comment