RouterOS Basics¶

Download: https://mikrotik.com/download
Default IP: 192.168.88.1
Default user: admin
Default password: (empty)

ssh admin@192.168.88.1

http://192.168.88.1

/user set admin password=YourSecurePassword

# Перевірити версію
/system resource print

# Оновити
/system package update check-for-updates
/system package update download
/system reboot

/interface print
/interface ethernet print

# Статичний IP
/ip address add address=192.168.1.1/24 interface=ether2

# Перегляд IP
/ip address print

# Створити VLAN
/interface vlan add name=vlan100 vlan-id=100 interface=ether1

# IP для VLAN
/ip address add address=10.100.0.1/24 interface=vlan100

/ip route add dst-address=0.0.0.0/0 gateway=192.168.1.254

/ip route add dst-address=10.0.0.0/8 gateway=192.168.1.2

/ip route print

# Дозволити established
/ip firewall filter add chain=input connection-state=established,related action=accept

# Дозволити ICMP
/ip firewall filter add chain=input protocol=icmp action=accept

# Дозволити SSH (обмежено)
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address=192.168.1.0/24 action=accept

# Заблокувати все інше
/ip firewall filter add chain=input action=drop

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

/ip firewall nat add chain=dstnat protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.100 to-ports=80

/ip firewall filter print
/ip firewall nat print

/interface bridge add name=bridge1

/interface bridge port add bridge=bridge1 interface=ether2
/interface bridge port add bridge=bridge1 interface=ether3
/interface bridge port add bridge=bridge1 interface=ether4

/ip address add address=192.168.1.1/24 interface=bridge1

/interface wireless set wlan1 mode=ap-bridge ssid="MyNetwork" frequency=2437 band=2ghz-b/g/n

# Безпека
/interface wireless security-profiles add name=profile1 mode=dynamic-keys authentication-types=wpa2-psk wpa2-pre-shared-key=SecurePassword123

/interface wireless set wlan1 security-profile=profile1

/interface wireless registration-table print

# Статус системи
/system resource print

# Час роботи
/system resource print | grep uptime

# Логи
/log print

# Reboot
/system reboot

# Shutdown
/system shutdown

# Створити backup
/system backup save name=backup-2024

# Export конфігурації (text)
/export file=config-2024

# Відновити
/system backup load name=backup-2024

# Трафік інтерфейсу
/interface monitor-traffic ether1

# Активні з'єднання
/ip firewall connection print

# ARP таблиця
/ip arp print

/system script add name=backup-daily source={
  /system backup save name=("daily-" . [:pick [/system clock get date] 0 10])
}

/system scheduler add name=daily-backup interval=1d on-event=backup-daily

/ip service disable telnet,ftp,www,api,api-ssl
/ip service set ssh port=2222

/ip service set ssh address=192.168.1.0/24
/ip service set winbox address=192.168.1.0/24

# Новий користувач
/user add name=operator password=SecurePass group=read

# Видалити default admin (після створення нового!)
/user remove admin

# WAN на ether1, LAN на bridge
/interface bridge add name=lan
/interface bridge port add bridge=lan interface=ether2
/interface bridge port add bridge=lan interface=ether3

/ip address add address=192.168.88.1/24 interface=lan
/ip pool add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
/ip dhcp-server add name=dhcp1 interface=lan address-pool=dhcp-pool
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=8.8.8.8,8.8.4.4

/ip dhcp-client add interface=ether1 disabled=no
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade