...
After successful RouterOS software
...
installation (if it was needed) it is time to access the router for the first time. There are various ways how to connect to it:
...
- Command Line Interface (CLI) via Telnet,
...
- SSH, serial cable or
...
- keyboard and monitor if the router has VGA card.
...
...
...
...
...
Normally you connect to the router by IP addresses with any telnet or SSH client software (a simple text-mode telnet client is usually called telnet and is distributed together with almost any OS).
...
If no IP
...
or
...
MAC connectivity is available, some devices allow connection through a serial port (DB9 or RJ45, depending on the model);
You can also connect to the router using a standard DB9 serial null-modem cable from any PC. Default settings of the router's serial port are 9600 bits/s (for RouterBOARD 500 series - 115200 bits/s), 8 data bits, 1 stop bit, no parity, hardware (RTS/CTS) flow control. Use terminal emulation program (like HyperTerminal or SecureCRT in Windows, or minicom in UNIX/Linux) to connect to the router. The router will beep twice when booted up, and you should see the login prompt shortly before that (check cabling and serial port settings if you do not see anything in the terminal window).
When logging into the router via terminal console, you will be presented with the MikroTik RouterOS™ login prompt. Use 'admin' and no password (hit [Enter]) for logging in the router for the first time, for example:
MikroTik v7.0
Login: admin
Password:
The password can be changed with the /password command.
[admin@MikroTik] > password
old password:
new password: ************
retype new password: ************
Winbox
Winbox is a small utility that allows administration of Mikrotik RouterOS using a fast and simple GUI. It is a native Win32 binary, but can be run on Linux and Mac OSX using Wine.
All Winbox interface functions are as close as possible to Console functions, that is why there are no Winbox sections in the manual.
Some of advanced and system critical configurations are not possible from winbox, like MAC address change on an interface.
Running Winbox
First you need to download winbox loader executable. You can get it from mikrotik.com download section or directly from the Router (if it is accessible by IP/IPv6 address)
When winbox.exe is downloaded, double click on it and winbox loader window will pop up:
To connect to the router enter IP or MAC address of the router, specify username and password (default username is admin with no password) and click on Connect button.
You can also enter the port number after the IP address, separating them with a colon, like this 192.168.88.1:9999. The port can be changed later in RouterOS services menu.
IPv6 address must be in square brackets, and port is specified after the square brackets, for example, [2001::2]:9999.
Warning! It is recommended to use IP/IPv6 address whenever possible. MAC session uses network broadcasts and is not 100% reliable.
Notice the Neighbors tab in lowest section of the window. It will list all discovered routers located in the same broadcast network where your PC is connected.
You can click on IP or MAC address column to auto fill Connect to field with either MAC or IP/IPv6 address.
Note: Neighbor discovery will show also devices which are not compatible with Winbox, like Cisco routers or any other device that uses CDP (Cisco Discovery Protocol)
Description of buttons and fields of loader screen
- Connect To - ip/ipv6 or mac address of target device
- Login - username used for authentication
- Password - password used for authentication
- Add/Set - Save address, login, password, group and note to the Managed list
- Connect To RoMON - connect to RoMON Agent
- Connect - connect to the router
- Keep Password - if unchecked, password is not saved to the list
- Open In New Window - if checked, winbox will open in new window
- Managed list - list of all saved routers. List can be exported and then later imported on another PC using Export and Import buttons
- Neighbors list - lists all the routers from broadcast domain.
Description of menu items in loader screen.
--File
- New - Create new managed router list in specified location;
- Open - Open managed router list file;
- Save As - Save current managed router list to file;
- Exit - Exit Winbox loader.
--Tools
- Advanced Mode - Enables/Disables advanced mode view;
- Import - Imports saved session file;
- Export - Exports saved session file;
- Move Session Folder - Change path where session files are stored;
- Clear cache - Clear Winbox cache;
- Check For Updates - Check for Winbox loader updates.
It is possible to use command line to pass 'connect to', 'user' and 'password' parameters automatically
winbox.exe [<connect-to> [<login> [<password>]]]Advanced Mode
Advanced mode reveals few more options
- Session - Saved router session;
- Browse - to load specifi session saved to file;
- Note - description of the router that will be saved to the list;
- Group - group that saved router belongs to;
- RoMON Agent - Select RoMON Agent from available device list;
- Secure Mode - if checked, winbox will use encryption to secure session (Keys exchanged using DH-1984, encryption using modified and hardened RC4-drop3072);
- Autosave Session - if checked, winbox will try to autosave winbox session;
- Keep Password - if unchecked, password is not saved to the list
Import/Export Sessions
Interface Overview
Winbox interface has been designed to be intuitive for most of the users. Interface consists of:
- Main toolbar at the top where users can add various info fields, like CPU and memory usage.
- Menu bar on the left - list of all available menus and sub-menus. This list changes depending on what packages are installed. For example, if IPv6 package is disabled, then IPv6 menu and all it's sub-menus will not be displayed.
- Work area - area where all child windows are opened.
Title bar shows information to identify which router Winbox session is connected to. Information is displayed in following format:
[username]@[Router's IP or MAC] ( [RouterID] ) - Winbox [ROS version] on
[RB model] ([platform])From screenshot above we can see that user krisjanis is logged into router with IP address [fe80::4e5e:cff:fef6:c0ab%3]. Router's ID is 3C18-Krisjanis_GW, currently installed RouterOS version is v6.36rc6, RouterBoard is CCR1036-12G-4S and platform is tile.
On the Main toolbar's left side is located undo, redo and Safe Mode buttons to quickly undo any changes made to configuration or enable/disable safe mode. It also shows currently loaded session.
On the right side is located:
- winbox traffic indicator displayed as a green bar
- indicator that shows whether winbox session uses TLS encryption
By Right-clicking on the main tool bar, you can add additional info fileds: time, date, cpu usage, memory usage and uptime (illustrated in screeshnot above). In the screenshot above two fileds are added to show CPU usage and free memory.
Work Area And Child Windows
Winbox has MDI interface meaning that all menu configuration (child) windows are attached to main (parent) Winbox window and are showed in work area.
Child windows can not be dragged out of working area. If any window is outside visible work area boundaries the vertical or/and horizontal scrollbars will appear. In screenshot below Interface List is dragged outside visible working area and horizontal scrollbar have appeared.
Each child window has its own toolbar. Most of the windows have the same set of toolbar buttons:
Add - add new item to the list
Remove - remove selected item from the list
Enable - enable selected item (the same as enable command from console)
Disable - disable selected item (the same as disable command from console)
Comment - add or edit comment
Sort - allows to sort out items depending on various parameters. Read more >>
Almost all windows have quick search input field at the right side of the toolbar. Any text entered in this field is searched through all the items and highlighted as illustrated in screenshot below
Notice that at the right side next to quick find input filed there is a dropdown box. For currently opened (IP Route) window this dropdown box allows to quickly sort out items by routing tables. For example if main is selected, then only routes from main routing table will be listed.
Similar dropdown box is also in all firewall windows to quickly sort out rules by chains.
Sorting Out Displayed Items
Almost every window has a Sort button. When clicking on this button several options appear as illustrated in screenshot below
Example shows how to quickly filter out routes that are in 10.0.0.0/8 range
- Click on Sort button
- Chose Dst.Address from the first dropdown box.
- Chose in form the second dropdown box. "in" means that filter will check if dst address value is in range of specified network.
- Enter network against which values will be compared (in our example enter "10.0.0.0/8")
- These buttons are to add or remove another filter to the stack.
- Press Filter button to apply our filter.
As you can see from screenshot winbox sorted out only routes that are within 10.0.0.0/8 range. Comparison operators (Number 3 in screenshot) may be different for each window. For example "Ip Route" window has only two is and in. Other windows may have operators such as "is not", "contains", "contains not". Winbox allows to build stack of filters. For example if there is a need to filter by destination address and gateway, then
- set first filter as described in example above,
- press [+] button to add another filter bar in stack.
- set up seconf filter to filter by gateway
- press Filter button to apply filters.
You can also remove unnecessary filter from the stack by pressing [-] button.
Customizing List of Displayed Items
By default winbox shows most commonly used parameters. However sometimes it is needed to see another parameters, for example "BGP AS Path" or other BGP attributes to monitor if routes are selected properly. Winbox allows to customize displayed columns for each individual window. For example to add BGP AS path column:
- Click on little arrow button (1) on the right side of the column titles or right mouse click on the route list.
- From popped up menu move to Show Columns (2) and from the sub-menu pick desired column, in our case click on BGP AS Path (3)
Changes made to window layout are saved and next time when winbox is opened the same column order and size is applied.
Detail Mode
It is also possible to enable Detail mode. In this mode all parameters are displayed in columns, first column is parameter name, second column is parameter's value.
To enable detail mode right mouse click on the item list and from the popupmenu pick Detail mode
Category View
It is possible to list items by categories. In tis mode all items will be grouped alphabetically or by other category. For example items may be categorized alphabetically if sorted by name, items can also be categorized by type like in screenshot below.
To enable Category view, right mouse click on the item list and from the popupmenu pick Show Categories
Monitoring
Winbox can be used as a tool to monitor traffic of interfaces, firewall stats, queue and many other in real-time. Screenshot below shows ethernet traffic monitoring graphs.
Drag and Drop
It is possible to upload and download files to/from router using winbox drag & drop functionality. Since drag and drop do not use ftp, files can be dragged even if you are connected to the router with MAC address.
Note: Drag & Drop may not work if Winbox is running on Linux using Wine. This is not a winbox problem, wine does not have proper drag and drop support.
Troubleshooting
Winbox cannot connect to router's IP address
Make sure that Windows firewall is set to allow Winbox connections or disable windows firewall.
I get an error '(port 20561) timed out' when connecting to routers mac address
Windows (7/8) does not allow mac connection if file and print sharing is disabled.
TikApp
TikApp is a small mobile utility (currently only on Android platform) that allows administration of Mikrotik RouterOS using the same features as WinBox including neighbor discovery and MAC connection.
Webfig
WebFig is a web based RouterOS utility which allows you to monitor, configure and troubleshoot the router. It is designed as an alternative of WinBox, both have similar layouts and both have access to almost any feature of RouterOS.
WebFig is accessible directly from the router which means that there is no need to install additional software (except web browser with JavaScript support, of course).
As Webfig is platform independent, it can be used to configure router directly from various mobile devices without need of a software developed for specific platform.
Command Line Interface
The console is used for accessing the MikroTik Router's configuration and management features using text terminals, either remotely using serial port, telnet, SSH or console screen within Winbox, or directly using monitor and keyboard. The console is also used for writing scripts. This manual describes the general console operation principles. Please consult the Scripting Manual on some advanced console commands and on how to write scripts.
Login Options
Console login options enables or disables various console features like color, terminal detection and many other.
Additional login parameters can be appended to login name after '+' sign.
login_name ::= user_name [ '+' parameters ]
parameters ::= parameter [ parameters ]
parameter ::= [ number ] 'a'..'z'
number ::= '0'..'9' [ number ]
If parameter is not present, then default value is used. If number is not present then implicit value of parameter is used.
Example: admin+c80w - will disable console colors and set terminal width to 80.
| Param | Default | Implicit | Description |
|---|---|---|---|
| "w" | auto | auto | Set terminal width |
| "h" | auto | auto | Set terminal height |
| "c" | on | off | disable/enable console colors |
| "t" | on | off | dDo auto detection of terminal capabilities |
| "e" | on | off | Enables "dumb" terminal mode |
Banner and Messages
Login process will display MikroTik banner and short help after validating user name and password.
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS 6.22 (c) 1999-2014 https://www.mikrotik.com/
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
After the banner can be printed other important information, like system note set by another admin, last few crytical log messages, demo version upgrade reminder and default configuration description.
For example, demo license prompt and last crytical messages are printed
UPGRADE NOW FOR FULL SUPPORT
----------------------------
FULL SUPPORT benefits:
- receive technical support
- one year feature support
- one year online upgrades
(avoid re-installation and re-configuring your router)
To upgrade, register your license "software ID"
on our account server www.mikrotik.com
Current installation "software ID": ABCD-456
Please press "Enter" to continue!
dec/10/2007 10:40:06 system,error,critical login failure for user root from 10.0.0.1 via telnet
dec/10/2007 10:40:07 system,error,critical login failure for user root from 10.0.0.1 via telnet
dec/10/2007 10:40:09 system,error,critical login failure for user test from 10.0.0.1 via telnet
Command Prompt
At the end of successful login sequence login process prints banner, shows command prompt and hands over control to the user.
Default command prompt, consists of user name, system identity, and current command path />
For example, change current path from root to interface then go back to root
[admin@MikroTik] > interface [enter]
[admin@MikroTik] /interface> / [enter]
[admin@MikroTik] >
Use up arrow to recall previous commands from command history, TAB key to automatically complete words in the command you are typing, ENTER key to execute command, Control-C to interrupt currently running command and return to prompt and ? to display built-in help.
Easiest way to log out of console is to press Control-D at the command prompt while command line is empty (You can cancel current command and get an empty line with Control-C, so Control-C followed by Control-D will log you out in most cases).
It is possible to write commands that consist of multiple lines. When entered line is not a complete command and more input is expected, console shows continuation prompt that lists all open parentheses, braces, brackets and quotes, and also trailing backslash if previous line ended with backslash-whitespace.
[admin@MikroTik] > {
{... :put (\
{(\... 1+2)}
3
When you are editing such multiple line entry, prompt shows number of current line and total line count instead of usual username and system name.
line 2 of 3> :put (\Sometimes commands ask for additional input from user. For example, command '/password' asks for old and new passwords. In such cases prompt shows name of requested value, followed by colon and space.
[admin@MikroTik] > /password
old password: ******
new password: **********
retype new password: **********
Hierarchy
The console allows configuration of the router's settings using text commands. Since there is a lot of available commands, they are split into groups organized in a way of hierarchical menu levels. The name of a menu level reflects the configuration information accessible in the relevant section.
For example, you can issue the /ip route print command:
[admin@MikroTik] > ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DIS INTE...
0 A S 0.0.0.0/0 r 10.0.3.1 1 bridge1
1 ADC 1.0.1.0/24 1.0.1.1 0 bridge1
2 ADC 1.0.2.0/24 1.0.2.1 0 ether3
3 ADC 10.0.3.0/24 10.0.3.144 0 bridge1
4 ADC 10.10.10.0/24 10.10.10.1 0 wlan1
[admin@MikroTik] >
Instead of typing ip route path before each command, the path can be typed only once to move into this particular branch of menu hierarchy. Thus, the example above could also be executed like this:
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC G GATEWAY DIS INTE...
0 A S 0.0.0.0/0 r 10.0.3.1 1 bridge1
1 ADC 1.0.1.0/24 1.0.1.1 0 bridge1
2 ADC 1.0.2.0/24 1.0.2.1 0 ether3
3 ADC 10.0.3.0/24 10.0.3.144 0 bridge1
4 ADC 10.10.10.0/24 10.10.10.1 0 wlan1
[admin@MikroTik] ip route>
Notice that the prompt changes in order to reflect where you are located in the menu hierarchy at the moment. To move to the top level again, type " / "
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> /
[admin@MikroTik] >
To move up one command level, type " .. "
[admin@MikroTik] ip route> ..
[admin@MikroTik] ip>
You can also use / and .. to execute commands from other menu levels without changing the current level:
[admin@MikroTik] ip route> /ping 10.0.0.1
10.0.0.1 ping timeout
2 packets transmitted, 0 packets received, 100% packet loss
[admin@MikroTik] ip firewall nat> .. service-port print
Flags: X - disabled, I - invalid
# NAME PORTS
0 ftp 21
1 tftp 69
2 irc 6667
3 h323
4 sip
5 pptp
[admin@MikroTik] ip firewall nat>
Item Names and Numbers
Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similarly looking lists. All items in the list have an item number followed by flags and parameter values.
To change properties of an item, you have to use set command and specify name or number of the item.
Item Names
Some lists have items with specific names assigned to each of them. Examples are interface or user levels. There you can use item names instead of item numbers.
You do not have to use the print command before accessing items by their names, which, as opposed to numbers, are not assigned by the console internally, but are properties of the items. Thus, they would not change on their own. However, there are all kinds of obscure situations possible when several users are changing router's configuration at the same time. Generally, item names are more "stable" than the numbers, and also more informative, so you should prefer them to numbers when writing console scripts.
Item Numbers
Item numbers are assigned by the print command and are not constant - it is possible that two successive print commands will order items differently. But the results of last print commands are memorized and, thus, once assigned, item numbers can be used even after add, remove and move operations (since version 3, move operation does not renumber items). Item numbers are assigned on a per session basis, they will remain the same until you quit the console or until the next print command is executed. Also, numbers are assigned separately for every item list, so ip address print will not change numbering of the interface list.
You can specify multiple items as targets to some commands. Almost everywhere, where you can write the number of item, you can also write a list of numbers.
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
[admin@MikroTik] > interface set 0,1,2 mtu=1460
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1460
1 R ether2 ether 1460
2 R ether3 ether 1460
3 R ether4 ether 1500
[admin@MikroTik] >
General Commands
There are some commands that are common to nearly all menu levels, namely: print, set, remove, add, find, get, export, enable, disable, comment, move. These commands have similar behavior throughout different menu levels.
| Property | Description |
|---|---|
| add | This command usually has all the same arguments as set, except the item number argument. It adds a new item with the values you have specified, usually at the end of the item list, in places where the order of items is relevant. There are some required properties that you have to supply, such as the interface for a new address, while other properties are set to defaults unless you explicitly specify them. Common Parameters
Return Values
|
| edit | This command is associated with the set command. It can be used to edit values of properties that contain large amount of text, such as scripts, but it works with all editable properties. Depending on the capabilities of the terminal, either a fullscreen editor, or a single line editor is launched to edit the value of the specified property. |
| find | The find command has the same arguments as set, plus the flag arguments like disabled or active that take values yes or no depending on the value of respective flag. To see all flags and their names, look at the top of print command's output. The find command returns internal numbers of all items that have the same values of arguments as specified. |
| move | Changes the order of items in list. Parameters:
|
hows all information that\'s accessible from particular command level. Thus, /system clock print shows system date and time, /ip route print shows all routes etc. If there\'s a list of items in current level and they are not read-only, i.e. you can c hange/remove them (example of read-only item list is /system history, which shows history of executed actions), then print command also assigns numbers that are used by all commands that operate with items in this list.Common Parameters:
| |
| remove | Removes specified item(-s) from a list. |
| set | Allows you to change values of general parameters or item parameters. The set command has arguments with names corresponding to values you can change. Use ? or double Tab to see list of all arguments. If there is a list of items in this command level, then set has one action argument that accepts the number of item (or list of numbers) you wish to set up. This command does not return anything. |
Input Modes
It is possible to switch between several input modes:
- Normal mode - indicated by normla command prompt.
- Safe mode - safe mode is indicated by a word SAFE after command prompt. In this mode configuration is saved to disk only after safe mod eis turned off. Safe mode can bet turned on/off with Ctrl+c
- Hotlock mode - indicated by additional yellow >. Hotlock mode auto completes commands and can be turned on/off with Ctrl+v
List of Keys
...