Skip to content

WIP

merge with initial.md

https://help.mikrotik.com/docs/

How to do some basic stuff in mikrotik.

The documentation https://wiki.mikrotik.com/wiki/Main_Page.

SSH keys

Generate a keyfile, and save it as /home/yu/.ssh/mikrotik or not. 

ssh-keygen -C "$(whoami)@$(hostname)-$(date -I)" -t rsa -b 4096

Copy the key. Copy only the .pub file.

Over the web interface, in files, upload, browse.

Over ftp: 

%ftp 10.20.1.1
Connected to 10.20.1.1.
220 mikrotik FTP server (MikroTik 2.9.16) ready
Name (10.20.1.1:user): admin
331 Password required for admin
Password:

ftp> put mikrotik.pub
226 ASCII transfer complete

ftp> exit

Over ssh: 

scp mikrotik.pub mikrotik:/
No, mikrotik does not support rsync.

Apply the key and lock down the login and change the port. Actually I have no fucking idea what it does. 

/user ssh-keys import public-key-file=mikrotik.pub
/ip ssh set always-allow-password-login=no allow-none-crypto=no strong-crypto=yes
If you try to login without using ssh keys you will be prompted for a password but it won't work.

For each new user you create you MUST give it a key or a password promp will appear.

Add the router to the ssh config file in ~/.ssh/config. The default user is admin 

Host mikrotik
  Hostname 10.10.10.1
  User admin
  IdentityFile /home/user/.ssh/mikrotik

Backup over ssh

backup_name="$( date +%Y.%m.%d-%H.%M )"
ssh mikrotik /system backup save name=mikrotik.$backup_name.backup
/file print ## location
scp mikrotik:/mikrotik.$backup_name.backup ~/Downloads/

Update router

/system package update set channel=long-term
/system package update check-for-updates
/system package update download ## Will ONLY download the new image
/system package update install ## Will install and reboot the router

Update firmware

/system routerboard upgrade
/system reboot

Seems to be the BIOS used for recovery. Has nothing to do with the software running in normal operation.

WinBox on Linux

mkdir -m 700 /tmp/winbox
WINEPREFIX=/tmp/winbox wine winbox.exe

You may need to install mono.

Load a backup

Insert a pen in the reset hole and connect the power. Hold it there until the USR light start blinking.

Connect to some port except apparently ether1.

Set your computer to get an IP address from DHCP.

Upload the backup. By default the user admin has no password. 

scp mikrotik.backup admin@192.168.88.1:/

Connect to the router and load the backup. 

ssh admin@192.168.88.1
/system backup load name=mikrotik.backup

Input the password and select reboot.

Wifi

If the AP is in "Detecting radars" is becuase DFS. Just skip DFS channels or wait 10 minutes. 

/interfaces wireless set [ find default-name=wlan2 ] skip-dfs-channels=all

MAC filtering

/interface wireless set wlan2 default-authentication=no
/interface wireless access-list add mac-address=00:00:00:00:00:00 interface=wlan2 \
    authentication=yes forwarding=no

Limit speed

/interface wireless access-list add mac-address=00:00:00:00:00:00 interface=wlan2 \
    authentication=yes forwarding=no ap-tx-limit=10485760 client-tx-limit=10485760

Get a client inside a vlan

I have not tested this. 

/interface wireless access-list add mac-address=00:00:00:00:00:00 interface=wlan1 \
    authentication=yes forwarding=no vlan-mode=no-tag vlan-id=1