Skip to main content

Posts

Securing of MikroTik Router.

Why? Prevent un-authorized people to access to the system. Intruder can steal information from you, or even deny you access to your resources. Intruder can use your resources to access to the other system. How? Keeping router up-to-date. Securing user & password. Securing physical access. Configuring packages. Hardening services. 01. Keeping router up-to-date firmware. Use current version Check Changelog before upgrade to newer version Download from trusted source Check file (MD5) when download from third party site https://mikrotik.com/download 02. Securing user & password. System> Users Change admin account name. Set complex password. Create separate account for each user. Set allowed address. Put read-only user in “read” group 03. Securing physical access. Interfaces> Interface List Disable Console (optional). Always logout console session. Disable Unused interface. Don’t configunused interface (optional). 04. Configurin
Post a Comment
Read more
Recent posts

MikroTik Firewall Rules.

01. How to change default MikroTik ip services. IP> Services> IP Service List Default ip services SSH: 22 --> 62222 ftp: 21 --> 62121 telnet: 23 --> 62223 www: 80 --> 62880 winbox: 8291 --> 68291 02. Firewall Rules Allow. IP> Firewall> Filter Rules (+) General Chain: input Protocol: 6(tcp) Dst. Port: 8291 Action Action: accept Click Apply and OK button. 03. Test Verification. cmd telnet 192.168.1.1 62223 Login: admin Password: *****
Post a Comment
Read more

How to create VLAN in MikroTik Router.

01. Create VLAN. Interfaces> VLAN> (+) Name: VLAN-10 VLAN ID: 10 Interface: Ether5 Click Apply and OK button. Name: VLAN-20 VLAN ID: 20 Interface: Ether5 Click Apply and OK button. Name: VLAN-30 VLAN ID: 30 Interface: Ether5 Click Apply and OK button. 02. IP assign into VLAN interface. Go to Menu > IP > Addresses > (+) Add Type Address: 192.168.10.1/24 [Local IP address] Interface: VLAN-10 Click Apply and OK button. Type Address: 192.168.20.1/24 [Local IP address] Interface: VLAN-20 Click Apply and OK button. Type Address: 192.168.30.1/24 [Local IP address] Interface: VLAN-30 Click Apply and OK button. Note: If you want to create VLAN for WAN connection, your ISP will provide you the VLAN ID. If you want to create VLAN for your network, provide an integer number between 1 to 4095 what you wish.
Post a Comment
Read more

Bridge Configuration of MikroTik Router.

01. Create Bridge interface. Bridge> Bridge (+)  Name: Bridge1 Comment: Ether2+Ether3 Click Apply and OK button. 02. Port Assign in interface Bridge. Bridge> Ports (+)  Double click into Ether2 Interface: Ether2 Bridger: Bridge1 Click Apply and OK button. Bridge> Ports (+)  Double click into Ether3 Interface: Ether3 Bridger: Bridge1 Click Apply and OK button.
Post a Comment
Read more

MikroTik L2TP/IPsec VPN Configuration.

01. L2TP Server Bonding. PPP> Interface> L2TP Server Bonding. Name: L2TP-VPN Click Apply and OK button. 02. Enable L2TP Server. PPP> Interface> L2TP Server> Enable: Yes Authentication: Yes (pap, chap, mschap1, mschap2) Use IPSec: Yes IPsec Secret: 12345 Caller IP Type: IP address Click Apply and OK button. 03. Create IP Pool. IP> Pool> (+) Name: L2TP-Poll Address: 30.30.30.30.10-30.30.30.40 Next Pool: None Click Apply and OK button. 04. Create PPP Profile. PPP> Profile> (+) Name: L2TP-VPN Local Address: 30.30.30.1 Remote Address: L2TP-Pool Click Apply and OK button. 05. Create PPP account for each users. PPP> Secret> (+) Name: abc Password: 123 Service: L2TP Profile: L2TP-VPN Click Apply and OK button. Client Portion 01. Network and Sharing Center Set up a new connection or network Connect to a workplace (Set up a dial-up or VPN) Next Use my Internet connection (VPN) Internet address: 103.X.XX.224 Destination name: L2TP-VPN
Post a Comment
Read more

Remember the basic of MikroTik Router.

01. Default MikroTik Router Login. IP address: 192.168.88.1 Username: admin Password: blank 02. Identity Rename. System> Identity> Identity 03. Password Recovery. Backup MikroTik router Open Web browser mikrotikpasswordrecovery.net Choose File as backup file Click on Upload and show me passwords!. 04. How to system reset-configuration. Go to New Terminal > Type > system reset-configuration > Enter Dangerous! Reset anyway? [y/N]: y > Enter Router has been disconnected! > Ok Could not connect to 00:0C:42:89:A9:A6 (port 2056) – other end is not responding! > Ok Open WinBox > Neighbors > Select MAC Address > Connect > Remove Configuration Or Push reset button in mikrotik router
Post a Comment
Read more