RouterOS and Wireless Systems
Quick Setup Guide
and Warranty Information
MikroTik Wireless Package Installation
A MikroTik Wireless package
includes a router, coaxial cable with connectors installed, and antenna(s). To
deploy your newly received Wireless package, you should proceed as follows:
1.
Place and align your antenna. Antenna
positioning is very individual for each site, so it will not be described here,
except for some general suggestions:
●
Maintain clear line of sight between the
antenna and all the points that will connect to it (unless used indoors, where
radio waves are reflected extensively). Note that most antennas do not cover a
complete sphere around them, and do not radiate equally in all directions –
they only roughly cover a spherical cone (directional and flat-panel antennas)
or an elliptic torus (omnidirectional antennas).
● Having
obstacles in the signal path even if clear line of sight is maintained, may
influence and reduce signal quality due to Fresnel effect. Note that even when
clear line of sight is not secured, a connection with [a significantly weaker]
signal level still might be possible due to reflection and diffraction effects.
● Beware
of large open surfaces reflecting radio waves (like ground and rivers) – they
might affect signal quality greatly (up to neutralizing it completely) if
appear in the area of coverage of both antennas because of direct and reflected
received signal phase difference. This is also caused by Fresnel effect.
●
Keep in mind that the antennas at both sides
of the link must have the same polarization. Having one antenna vertically
polarized, and the other one horizontally, will effectively neutralize the
signal. Note that indoors this effect may not be considered because of many
reflections. Also note that vertical antenna polarization is considered to be
better for longer links as the radio wave is less reflected by ground, but
horizontal – for links across water or marsh lands.
2.
Install the router at the desired location.
Consider placing the router as much close to the antenna as possible. Long cables between the router and antenna weaken
signal strength due to significant attenuation in cable (having 10-15 meter long cable on each side of the wireless
link means reducing the maximal distance between the endpoints two times).
Consider using outdoor package if you have problems placing the router close to
the antenna.
3.
Attach supplied coaxial cable to appropriate
connectors on the router and the antenna. When tying the coaxial cable, make sure no water can get into it and/or
into the equipment it is attached to. It is very important to seal the
connection properly with a good rubber tape made particularly for this purpose
(note that many general purpose tapes will not prevent moisture to leak into
connector, or will fail after some time).
Connecting to the router
If you have received a
factory-configured router, it is preset to have all factory-installed
interfaces enabled, and IP addresses assigned. There is the 192.168.0.1 address
on the first Ethernet interface and DHCP client on the second. Other interfaces
have addresses 192.168.1.1, 192.168.2.1, and so on (wireless interfaces are
enumerated after the Ethernet ones). Newly installed interfaces will not be
enabled and configured automatically. CAUTION:
it is possible to reset the configuration, in which case all the configuration,
including IP addresses will be permanently erased and it will only be possible
to connect to this router using serial console, the MAC-telnet tool, as well as Winbox. It is also possible to restore
the initial factory configuration (including all IP addresses) with the command
/system backup
load=factory-default .
Not factory-configured routers do not have any IP configuration preset,
but only have Ethernet ports enabled, so you can only connect to the router using serial
console, the MAC-telnet tool, as
well as Winbox.
Normally you connect to the router
by IP addresses with any telnet or SSH client software (a simple text-mode
telnet client is usually called telnet and is distributed together with
almost any OS). You can also use graphical configuration tool for Windows (also can be run in Linux using Wine)
called Winbox. To get Winbox, connect to the router's IP address with a
web
browser, and follow the link to download winbox.exe
from the router. After connecting to the router, use “admin” (without quotation marks) as username and blank password
(just press [Enter] key instead of
it) to log in.
MAC-telnet is used to connect to a
router when there is no other way to connect to it remotely – if the router has
no IP address or in case of misconfigured firewall. MAC-telnet can only be used from the same broadcast domain (so
there should be no routers in between) as any of the router's enabled
interfaces (you can not connect to a disabled interface). MAC- telnet program is a part of the Neighbor Viewer. Download it from www.mikrotik.com, unpack both files contained
in the archive to the same directory, and run NeighborViewer.exe. A list of MikroTik routers working in the same
broadcast domain will be showed – double-click the one you need to connect to.
Note that Winbox is also able to connect to routers by their MAC addresses, and
has the discovery tool buiilt-in.
You can also connect to the router
using a standard DB9 serial null-modem
cable from any PC. Default settings of the
router's serial port are 9600 bits/s (for RouterBOARD 500 series –
115200 bits/s), 8 data bits, 1 stop
bit, no parity, hardware (RTS/CTS) flow control. Use terminal emulation
program (like HyperTerminal or SecureCRT in Windows, or minicom in UNIX/Linux) to connect to
the router. The router will beep twice when booted up, and you should see the
login prompt shortly before that (check cabling and serial port settings if you
do not see anything in the terminal window).
Basic Software Setup
Assume you need to configure the MikroTik router for the following network setup:
In the current example we use two
networks:
●
The local LAN with network address 192.168.0.0
and 24-bit netmask: 255.255.255.0. The router's address is 192.168.0.254 in
this network
●
The ISP's network with
address 10.0.0.0 and 24-bit netmask 255.255.255.0. The router has 10.0.0.217
address in this network and it's gateway is 10.0.0.1
Enabling Interfaces
Interface must be enabled in
order to use it. To enable the interfaces we are using in this example:
/interface enable
Public, Local
Here the interface names Public and Local are generic. Use ether1,
ether2, wlan1, etc. according to your actual configuration. If you are
using wireless interfaces in this setup, please consult the next chapter “Wireless Configuration Examples” on how
to configure wireless interfaces as it is not enough just to enable them as
shown here.
Adding Addresses
The addresses can be added and
viewed using the following commands:
/ip address add
address=10.0.0.217/24 interface=Public
/ip address add
address=192.168.0.254/24 interface=Local
The resulting configuration
can be viewed using the /ip address print command:
Flags: X - disabled, I - invalid, D – dynamic
#
|
ADDRESS
|
NETWORK
|
BROADCAST
|
INTERFACE
|
0
|
10.0.0.217/24
|
10.0.0.0
|
10.0.0.255
|
Public
|
1
|
192.168.0.254/24
|
192.168.0.0
|
192.168.0.255
|
Local
|
Here, the network mask has been
specified together with the IP address in the address field. Alternatively, the netmask argument could have been used with the value of either 24 or 255.255.255.0 with the same effect. Please note that you must specify network mask for each address. The
network and broadcast addresses were not specified in the input since they could be calculated automatically.
Please note that the addresses assigned to different interfaces of the
router should belong to different networks.
Adding Routes
To configure the default route for
the traffic from your network to get to the Internet through your ISP's gateway
(10.0.0.1), which can be reached through the interface Public :
/ip route add gateway=10.0.0.1
Now
to check that we have set up the default route correctly, issue the /ip route print command.
Let's analyze the output
Flags: X - disabled, I - invalid, D
- dynamic, J – rejected, C - connect, S - static, R - rip, O - ospf, B – bgp
# DST-ADDRESS
|
G GATEWAY
|
DISTANCE
|
INTERFACE
|
0 S 0.0.0.0/0
|
r 10.0.0.1
|
1
|
Public
|
1
DC 192.168.0.0/24
|
r 0.0.0.0
|
0
|
Local
|
2
DC 10.0.0.0/24
|
r 0.0.0.0
|
0
|
Public
|
Here,
the default route is listed under #0. As we see, the gateway 10.0.0.1 can be
reached through the interface Public.
If the gateway was specified incorrectly, the value for the argument interface would be unknown.
Notes
You
cannot add two routes to the same destination, i.e.,
destination-address/netmask! It applies to the default routes as well. Instead, you can enter multiple
gateways for one destination.
If you have added an unwanted
static route accidentally, use the remove command to delete it (so if you need to delete route #1, issue the /ip route remove 1 command). You will
not be able to delete dynamic (DC) routes. They are added automatically and
represent routes to the networks the router connected directly.
If
you do not have at least one dynamic (DC) route for each interface you have
configured, it may mean that some interface is either disabled or not configured.
Testing the Network Connectivity
From
now on, the ping command can be used
to test the network connectivity on both interfaces. You can reach any host on
both connected networks from the router.
This is how the ping command
works:
[admin@MikroTik] > /ping 192.168.0.1 192.168.0.1 64 byte ping:
ttl=255 time=1 ms 192.168.0.1 64 byte ping: ttl=255 time=1 ms
3 packets transmitted, 3 packets received, 0% packet loss round-trip
min/avg/max = 1/1.0/1 ms
[admin@MikroTik] >
The workstation and the laptop
can reach (ping) the router at its local address 192.168.0.254, If the router's
address 192.168.0.254 is specified as the default gateway in the TCP/IP
configuration of both the workstation and the laptop, then you should be able
to ping the router:
C:\>ping
192.168.0.254
Reply from 192.168.0.254: bytes=32 time=10ms TTL=253 Reply from
192.168.0.254: bytes=32 time<10ms TTL=253
C:\>ping 10.0.0.4 Request timed out. Request timed out.
Why I cannot access anything beyond
the router?
You cannot access anything
beyond the router (network 10.0.0.0/24 and the Internet), unless you do one of
the following:
●
Use source network address translation
(masquerading) on the MikroTik router to 'hide' your private LAN 192.168.0.0/24
(see the information below), or
●
Add a static route on the ISP's gateway
10.0.0.1, which specifies the host 10.0.0.217 as the gateway to network
192.168.0.0/24. Then all hosts on the ISP's network, including the server, will
be able to communicate with the hosts on
the LAN
To set up routing, it is also
required that you have some knowledge of TCP/IP networks. There is a
comprehensive list of IP resources compiled by Uri Raz at http://www.private.org.il/tcpip_rl.html.
We strongly recommend that you obtain more networking knowledge, if you have
difficulties configuring your network setups.
If you want to 'hide' the private
192.168.0.0/24 LAN 'behind' the 10.0.0.217 address given to you by the ISP, you
should use source network address
translation (masquerading) feature of the MikroTik router. Masquerading is
useful, if you want to access the ISP's network and the Internet, so that all
requests appear to be coming from the 10.0.0.217 host of the ISP's network. The
masquerading will change the source IP address and port of the packets
originated from the 192.168.0.0/24 network to the address 10.0.0.217 of the
router when the packet is routed through it.
Masquerading
conserves the number of global IP addresses required and it lets the whole
network use a single IP address in its communication with the world.
To use masquerading, a source
NAT rule with action masquerade should
be added to the firewall configuration:
/ip firewall nat
add chain=srcnat action=masquerade out-interface=Public
Further Information
Please consult the online RouterOS
documentation (http://www.mikrotik.com/documentation.html)
for more information on different kinds of configuration. You can also find
many configuration examples there. If, after reading the manual, you still have
some questions, you can contact support@mikrotik.com.
Wireless Configuration Examples
These basic examples show some
introductory configuration tasks done from text-mode interface, not from Winbox
(but they still can be done with Winbox). Note that the examples given assume
that you are configuring the first wireless interface (wlan1) and/or the first Ethernet interface (ether1) of the router.
Wireless Client
Choose frequency band (one
of: 2.4ghz-b, 2.4ghz-b/g,
2.4ghz-g-turbo,
2.4ghz-only-g, 5ghz, 5ghz-turbo), SSID (a text identifier of the wireless network,
must be the same as on the AP the client is connecting to) and mode (station):
/interface wireless
set wlan1 ssid="test" band=5ghz mode=station disabled=no
Wireless Base Station (Access
Point)
Choose frequency band (one
of: 2.4ghz-b, 2.4ghz-b/g,
2.4ghz-g-turbo, 2.4ghz-only-g, 5ghz, 5ghz-turbo), actual frequency (in
MHz), SSID (a text identifier of the wireless network, should be different from
the APs of other wireless networks) and mode (ap-bridge):
/interface wireless
set wlan1 ssid="test" frequency=5805 band=5ghz mode=ap-bridge disabled=no
Wireless Bridge
Configuration is the same as for Wireless Base Station, but in addition
if you want to bridge the wireless network together with the wired Ethernet,
connected to the ether1 port of the
router, do the following:
/interface bridge
add name=wirebridge disabled=no
/interface bridge
port set ether1,wlan1 bridge=wirebridge
Note that cards in station mode
can not be bridged – this example is only for access points.
Wireless WDS Repeater or Point-to-Point Link
You can define static
Point-to-Point (WDS) connections between wireless access points (note: you do not need wireless AP Level 5 license to do this – Level 4 license will be sufficient).
Choose frequency band (one of: 2.4ghz-b,
2.4ghz-b/g, 2.4ghz-g-turbo, 2.4ghz-only-g, 5ghz, 5ghz-turbo), actual
frequency (in MHz), SSID (a text identifier of the wireless network, should be
different from the APs of other wireless networks and the same between the APs
you want to connect with WDS to) and
mode (either bridge or ap-bridge). You can put multiple WDS
connections on one physical radio card.
If you do not plan to use the wlan1 card as a regular access point
(i.e. to connect wireless clients), but only to create a single Point-to-Point
link to the 00:0B:6B:31:AE:AF remote
wireless card, simply create one WDS interface:
/interface wireless set wlan1 ssid="test" frequency=5805
band=5ghz mode=bridge wds-mode=static
default-authentication=no disabled=no
/interface wireless
wds add name=AF master-interface=wlan1 wds-address=00:0B:6B:31:AE:AF
disabled=no
You may also want to bridge the
newly created WDS interface with the Ethernet port, just like in the previous
example.
To create an additional wireless
WDS link to the 00:0B:6B:31:02:4B cards,
and bridge the connections together (thus creating a wireless repeater between
the two mentioned remote sites), add the following to the configuration:
/interface wireless
wds add name=4B master-interface=wlan1 wds-address=00:0B:6B:31:02:4B
disabled=no
/interface bridge
add name=repeater disabled=no
/interface bridge
port set AF,4B bridge=repeater
Note that on the remote sites there should be the same
configuration of wireless card (band, frequency, SSID and WDS mode), and WDS
interface created to the wireless card of the given location.
Copyright and Warranty Information
Copyright and Trademarks. Copyright 2004-2005 MikroTikls SIA. This
manual contains information protected by copyright law. No part of it may be
reproduced or transmitted in any form without prior written permission from the
copyright holder. RouterBOARD, RouterOS, RouterBIOS and MikroTik are trademarks
of MikroTikls SIA. All trademarks and registered trademarks appearing in this
manual are the property of their respective holders.
Hardware. MikroTikls SIA warrants all its routers for the term of
one year from the shipping date to be free of defects in materials and
workmanship under normal use and service. All parts will be repaired or
replaced with similar or functionally equivalent parts by MikroTikls SIA during
the warranty term, except in case the returned parts have mechanical,
electrical or other accidental or intended damages caused by improper use or
due to wind, rain, fire or other acts of nature.
Parts (or systems) must be shipped
pre-paid to our facility in Riga, Latvia. All items must have a Return Material Authorization (RMA) which you can
get by contacting us via email, telephone or fax. RMA must be printed, signed,
and enclosed with the shipment, also the RMA number must be written on the
package itself. Parts sent without following the proper procedure will be
treated as those not to be repaired or replaced due to the above mentioned
conditions. Items proved to be free of
defects in our lab will be returned to the customer at the customer's expense.
Those that do meet the warranty repair requirements will be repaired or
replaced, and returned to the customer's location at our expense, extending the
warranty term for the time the items are being shipped to and from our facility
and replaced or repaired.
Manual. This manual is provided “as is” without a warranty of any
kind, expressed or implied, including, but not limited to, the implied warranty
of merchantability and fitness for a particular purpose. The manufacturer has
made every effort to ensure the accuracy of the contents of this manual,
however, it is possible that it may contain technical inaccuracies, typographical
or other errors. No liability is assumed for any inaccuracy found in this
publication, nor for direct or indirect, incidental, consequential or other
damages that may result from such an inaccuracy, including, but not limited to,
loss of data or profits. Please report any inaccuracies found to docs@mikrotik.com.
loss of data or profits. Please report any inaccuracies found to docs@mikrotik.com.
0 تعليقات على " RouterOS and Wireless Systems Quick Setup Guide and Warranty Information "