In first logging it is very important to configure following things:
- Configure one interface as DHCP server and make all remaining interfaces slave to the DHCP interface.
- Configure a password for admin login.
- Disable all service ports except winbox.
- Set system date and time.
- Configure NTP client to synchronize router clock.
- Add all the important things to the top of Winbox interface.
- Add some filter rules to control access to your router.
Now let’s start. First of all we will configure one interface as DHCP server and make all remaining interfaces slave to that DHCP interface.
To configure a DHCP server for the first time we will go through following steps:
Step 1:
Connect to the router using MAC address and via Winbox and click on Interfaces.
Step 2:
Rename the interface you want to configure as DHCP server:
- Click on Interfaces button.
- Double click on any interface which you want to rename.
- Insert your preferred name into Name field.
- Click Apply and then OK.
Step 3:
Now you should assign an IP address for your renamed interface, which usually will be the first address of your DHCP address range.
- Go to IP.
- Click on Addresses.
- Click on “+” button.
- Type your ip address with subnet mask.
- Select interface from the dropdown list.
- Click Apply.
- Click OK.
Step 4:
Now you should add a pool for your DHCP server:
- Go to IP.
- Select Pool.
- Click on add button “+”.
- Name your pool.
- Assign an address range which you want to give your users. I used 192.168.3.2-192.168.3.254, 192.168.3.1 is for the router’s dhcp interface as I configured.
- Click Apply and then OK.
Step 5:
After creating pool, you are ready to configure your DHCP server:
- Go to IP->DHCP Server.
- Click DHCP Setup.
- Select your interface from dropdown list.
- Click Next.
Click Next.
Click Next.
Click Next again.
Enter your dns server addresses into the text field.
Click Next.
And you have successfully created one of your router’s ports as DHCP server.
Now one last thing that you have to change your DHCP server name as you required:
- Double click on the DHCP server we just created.
- Rename as you wish.
- Select interface from dropdown list.
- Select pool which you created before from dropdown list.
- Click Apply.
- Finally, click OK.
Now you have to plug a network cable to the router’s interface you have configured and you should connect other end of the cable with you Switch so everybody can get dhcp ip from your server. Also you should configure host PC to get ip address automatically.
Configure a password for admin login:
It is very important that you have configured your router with a strong password for admin login.
- Click on System.
- And then Password.
Leave Old Password field blank as we don’t have any password configured yet. Insert new password and click Change.
th
Now you should able to connect with the router using admin as username and with new password.
Disable all service ports except winbox:
Until you totally secure your router it is good to disable all the service ports except winbox.
- Go to IP.
- And then Services.
Select all the service and click (“x”) disable button.
Now go to IP->Firewall->Service Ports, select all of them and click disable (“x”) button.
Now all the service ports are disabled except winbox, now nobody or nothing outside you knowledge cannot access your router.
Note: You must not disable winbox port; otherwise you cannot access the router any more.
Set system date and time:
Setting system date and time is the most important for keeping track on Log file and Graphing:
- Go to Systems.
- Select Clock.
- Enter time into Time field.
- Enter date into Date field.
- Select time zone form the dropdown list.
- Click Apply.
- Click OK.
Configure NTP client to synchronize router clock:
After setting the system clock you have to configure a NTP client to automatically synchronize date and time, because with every restart date and time will be changed:
Step 1:
Search on the internet for free ntp server IP address of your region.
Step 2:
- Go to System.
- Click on SNTP Client or NTP Client, which you have.
Select and copy NTP server name:
- Past NTP server name into Primary NTP Server field.
- Copy another NTP server name and past into Secondary NTP Server.
- Select Unicast from the Mode dropdown list.
- Check Enable.
- Click Apply.
- Click OK.
Now your rouer is configured as a NTP client, system time should synchroniz with given NTP server.
Add all the important things to the top of Winbox interface:
For your own benefit you can add all the necessary fields to top of the winbox interface.
Right click on the blank space at the top and select what you want to add:
Finally, it will look something like the below image:
Add some filter rules to control access to your router:
For the security of your router filter rules are very important.
Initially adding following rules are enough:
This will allow all establish connections:
add chain=input action=accept connection-state=established comment=”Allow Established connections”
This will allow all related connections:
add chain=input action=accept connection-state=related comment=”Allow related connections”
This will drop all invalid connections:
add chain=input action=drop connection-state=invalid comment=”Drop Invalid connections”
This will allow ping to the router from outside network:
add chain=input action=accept protocol=icmp comment=”Allow ICMP”
This rule will only allow input from our local network, which we have configured as DHCP-Server
add chain=input action=accept src-address=192.168.3.0/24 in-interface= DHCP-Server comment=”Allow local LAN”
This rule will drop all invalid forward request:
add chain=forward action=drop connection-state=invalid protocol=tcp comment=”Drop invalid connections”
This rule will accept and forward all already established connections to the clients:
add chain=forward action=accept connection-state=established comment=”Allow already established connections”
This rule will accept and forward all related connections to the clients:
add chain=forward action=accept connection-state=related comment=”Allow related connections”
To add above rules go to New Terminal
Type ip firewall filter in the terminal and click Enter button:
Now copy the rules and past it on the terminal and click Enter:
Insert all the necessary rules similar way.
Finally, the initial configuration of the Mikrotik router is completed.
My name is Rayhan and I’m an IT professional with over 10 years of experience in the field. I’m passionate about all things tech, and I love helping people solve their IT problems. In my free time, I enjoy tinkering with new gadgets and software, and I’m always on the lookout for the latest tech trends. I believe that technology has the power to make our lives easier and more enjoyable, and I’m excited to be a part of this ever-evolving field. Thank you for taking the time to visit my page.