How to configure a Mikrotik Router to replace CPE router
This is my first post about the Mikrotik Product. I will be putting up several examples in the coming weeks and months, so if you don’t see what you are looking for, be sure to contact me directly. Leaving a comment is fine, but not likely to be “answered” unless it is a clarification for the specific article.
This article is intended to be a short guide to help you configure a Mikrotik router to behave in a way that is similar to a soho router with a wireless connection upstream. This configuration is perfect for a WISP that is using devices like the RouterBoard 411 (priced at about $59), along with a CM9 or similar radio (about $40), associated power supply, outdoor enclosure/antenna, etc. The total cost of a flexible device like this is about $150-160, including everything needed to install at a customer’s house or business.
This particular configuration features a DHCP server for the LAN clients, wireless upstream and a NAT function that will allow you, the WISP, to only require a single IP for the customer. For the impatient, you can scroll to the bottom for a CUT/PASTE complete script without further ado. For those that WANT further ado, read on…
Step one with a newly opened RouterBoard product is to log into the board. Other articles explain that process, so I won’t take time to do it here.
Now, on with the explanation:
# Get rid of any static routes
/ip route remove [find]
This removes any routes that may have been added by the vendor you purchased your router from. There are a few that may set this up.
#turn on all interfaces and delay for 3 seconds
/interface enable [find]
:delay 3
This bit of code will enable all interfaces on the router (including the wlan card, which is not “on” by default). The “:delay 3” line causes a pause in the processing of the script. This allows time for the system to load the drivers for the wlan card.
# Set SSID and band
/ interface wireless
set wlan1 mode=station ssid="SET_ME" band=2.4ghz-b/g disabled=no
This is where you will configure the parameters for the operation of the wlan card. In this example, we set the card to operate as a 2.4GHz client in either “b” or “g” mode. Your network may be different, so set this accordingly. You can determine the supported bands with the following command:
/interface wireless info print
The CM9 card, for example, supports the following bands:
2ghz-b, 5ghz, 2ghz-g, 5ghz-10mhz, 5ghz-5mhz, 2ghz-10mhz, 2ghz-5mhz
#Next, we set the identity:
#Set customer name here -- no spaces or crazy characters please
/system identity
set name="client_NAME"
This is the name that will show up in the top of Winbox and as part of the prompt in terminal mode. You will, also, see this name in the “neighbor list” of other local routers (“/ip neighbor print”). Setting this makes it pretty easy to see which device is which when connecting to multiple routers.
# Set the wireless card to get an IP via DHCP
/ ip dhcp-client
add interface=wlan1 add-default-route=yes use-peer-dns=yes \
use-peer-ntp=yes comment="This interface talks to the tower" disabled=no
If you provide your customers with an IP address via DHCP server at the AP, then this is the code you will use to set up the client side. If you assign your customer a static IP address, then you can add that IP below and leave this portion of the configuration out.
# This should be the IP inside the network...
# Doesn't need to be changed unless the network demands it (private network)
/ ip address
add address=192.168.7.1/24 interface=ether1 \
comment="This is the customer's gateway" disabled=no
We are assigning the CUSTOMER LAN address here. If they are using a different range of addresses (static assignments), then you may need to alter this address and the DHCP server below. Also, you can add the “outside interface” (wlan card) IP address assignment here if that is the way your network functions. You just have to duplicate the last 2 lines and set the “interface” to “wlan1” and set the address appropriately. Also, you will have to add the default route as follows:
/ip route add gateway=10.10.10.1
Just be sure that you set the gateway appropriately for your network.
# Configuration for the DHCP server for the LAN
/ ip pool
add name="dhcp_pool1" ranges=192.168.7.100-192.168.7.200
/ ip dhcp-server
add name="dhcp1" interface=ether1 lease-time=1d address-pool=dhcp_pool1 \
bootp-support=static authoritative=yes disabled=no
/ ip dhcp-server network
add address=192.168.7.0/24 gateway=192.168.7.1 dns-server=4.2.2.3
This code does several things, but as a whole, it sets up a DHCP server on the LAN side of the network. If you changed the LAN IP above, you will need to make adjustments in this section of the configuration. Note that the “dns-server” setting here is the server that is sent to the LAN clients.
# You can change the DNS to be what you want
/ ip dns
set primary-dns=4.2.2.2 secondary-dns=4.2.2.3 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
Strictly speaking, the DNS servers here are not necessary, but are advised. Just ensure that you use working DNS servers here. One reason you may want to set these is if you want to create a caching dns server for the LAN clients. If you want to do this, you can set the “dns-server” parameter above to point to the 192.168.7.1 (ether1 IP) address. Note the option above that says “allow-remote-requests=yes“. That is not a default setting (it’s off by default), so be sure that you turn it on if you want the caching dns server to work.
/ ip firewall nat
add chain=srcnat out-interface=wlan1 src-address=192.168.7.0/24 \
action=masquerade disabled=no
This section only has to be changed if you made changes to the LAN IP address above. This is the code that sets up the router to masquerade (NAT) traffic out the wlan port.
That’s all there is to it! Below you will find the full script ready for you to hack to fit your network. Just copy this code to the clipboard (highlight it, then hit CTRL-C), then paste it into notepad (or other favorite text editor), make appropriate changes and save it somewhere that is convenient for you. To use it on a router, you simply connect to the NEW router, open a “New Terminal”, RIGHT-CLICK in the window and select paste. That’s all there is to it! Here’s the script in it’s entirety:
# Get rid of any static routes
/ip route remove [find]
#turn on all interfaces and delay for 3 seconds
/interface enable [find]
:delay 3
# Set SSID and band
/ interface wireless
set wlan1 mode=station ssid="SET_ME" band=2.4ghz-b/g disabled=no
#Set customer name here -- no spaces or crazy characters please
/system identity
set name="client_NAME"
# Set the wireless card to get an IP via DHCP
/ ip dhcp-client
add interface=wlan1 add-default-route=yes use-peer-dns=yes \
use-peer-ntp=yes comment="This interface talks to the tower" disabled=no
# This should be the IP inside the network...
# Doesn't need to be changed unless the network demands it (private network)
/ ip address
add address=192.168.7.1/24 interface=ether1 \
comment="This is the customer's gateway" disabled=no
# Configuration for the DHCP server for the LAN
/ ip pool
add name="dhcp_pool1" ranges=192.168.7.100-192.168.7.200
/ ip dhcp-server
add name="dhcp1" interface=ether1 lease-time=1d address-pool=dhcp_pool1 \
bootp-support=static authoritative=yes disabled=no
/ ip dhcp-server network
add address=192.168.7.0/24 gateway=192.168.7.1 dns-server=4.2.2.3
# You can change the DNS to be what you want
/ ip dns
set primary-dns=68.109.202.25 secondary-dns=10.21.11.1 \
allow-remote-requests=yes cache-size=2048KiB cache-max-ttl=1w
/ ip firewall nat
add chain=srcnat out-interface=wlan1 src-address=192.168.7.0/24 \
action=masquerade disabled=no
June 24th, 2011 at 10:44 am
very very nice…………..
http://wirelessrouterproxy.blogspot.com