MikroTik™ V2.2 Router Software Technical Reference Manual

Preface

Document Organization

The document consists of 11 main parts. Parts can be divided further into sections. Each section (or a part if it doesn't consist of sections) of this document is divided into three subsections. In the first subsection, management from the Java Console is described. Management from the Console is described in the second subsection. The third subsection is devoted to description of the parameters. However some sections are not divided if it is not necessary.

Document Conventions

In this publication, the following conventions are used:

• All console related settings: commands, arguments, parameters, examples and keywords are marked out with the Courier New font;
• The following conventions are used in the command syntax description:
  • In the place where something is written in between of "<" and ">" you need to enter a value, e.g. <address>
  • Optional parameters are enclosed in brackets, e.g. [interface <name>];
  • The vertical line "|" means "OR";

   

1. Startup Guide

Before You Start

To make a PC based router running MikroTik™ Router Software, it is necessary to:

• Prepare the PC hardware to be a dedicated router - no other programs can be held on the HDD or run on the PC except the MikroTik™ Router Software
• Prepare to obtain an installation archive from "MikroTikls" SIA - the file is approximately 6MB
• Prepare six 3.5" 1.44 MB blank, formatted floppy disks. Make sure that they are not write-protected or damaged. Disks will be used to make six installation floppy disks from the installation archive for installing the PC router software. After the preparations have been done
• Download the installation archive from www.MikroTik.com. The standard MikroTik™ Router Software installation is distributed as self - extracting archive which will make the floppy installation disk needed.
• Run the archive file on a Win95/98/NT computer, and press the 'Setup' button to automatically launch the "MikroTik™ Disk Maker". Follow the screen instructions to create six installation floppy disks. Insert the disks in the FDD as prompted. Put a label on each disk to avoid later confusion. When the "MT Disk Maker" ends its work, you will have a set of MikroTik™ Router Software installation disks ready.
• Install the MikroTik™ Router Software using the six installation floppy disks as described below.
• Obtain the license for your installation of the MikroTik™ Router Software from www.mikrotik.com. Simply log onto the "Account Server".

Hardware Requirements and BIOS Settings

The MikroTik™ Router Software installs on a standard PC system with a hard disk or flash disk. Hardware requirements are as follows:

Processor - 486DX or higher CPU with math co-processor. Pentium (AMD, Cyrix, IDT WinChip or Intel) 100MHz or higher suggested;
RAM - at least 16 MB (preferably 32 MB);
Video - Color or Monochrome VGA video card or on-board VGA port;
HDD controller - IDE hard drive controller;
HDD - Hard disk or flash disk (preferably at least 32 MB);
FDD - 1,44 MB Floppy Drive. This is not needed after installation, and can be safely removed;
Keyboard - may also be removed after the software installation, if BIOS allows the PC to boot without a keyboard.
Monitor - may be removed after installation. You should keep the keyboard and monitor attached if you want to administer the system locally from the console.
Network Interface - NE2000 or compatible NIC. For more supported network cards and devices, please see 'Supported Hardware' section.

Check the BIOS settings of your router. Make sure that the boot sequence is 'A: C:', and 'Floppy drive seek at boot' is enabled.

Check that the BIOS settings for PNP OS are disabled and PCI and ISA allocation of IRQs correspond to your interface installation plans. Disable the paralell port to free resources. Check the IO and IRQ assignments for Serial Interfaces, which should be as follows:

COM1 - IO 0x3f8 and IRQ 4
COM2 - IO 0x2f8 and IRQ 3

If you use 20MB SanDisk 3.5" FlashDrive as the target HDD for your router installation, use the recommended BIOS settings for it:

Cylinders 612, Heads 2, Sectors 32, Mode NORMAL

Installing the software

Put 'Disk #1' in the floppy drive, and boot up your router. The installation will be looking for hard drives. You will see something like this:

Found harddrive on IDE primary master (disk C)
To install software properly, it needs to be reformatted.
Format it? [y/n]:

Press yes to FORMAT your HDD.

Note that the primary hard disk of your router will be OVERWRITTEN, and any existing data on it will be destroyed.

You will be asked to insert all next three installation floppies:

Please insert 2nd installation floppy.
Press ENTER when ready

and so on until the last floppy drive will be inserted and you will be asked to reboot your computer:

Software installed.
Press ENTER to reboot

Remove the installation disk from the floppy disk drive and press ENTER.

While booting up the router for the first time you will see your software ID, and you will be asked to enter your software key. This key is unique depending on several variables including the particular data carrier (flash disk or hard drive) and information from your MikroTik registered account. Please enter the software key obtained from MikroTik - www.MikroTik.com. Register with our "Account Server" to obtain a key.

The software installation is complete.

Log on to your PC router running MikroTik™ Router Software for the first time using login name 'admin' and blank password (just press ). Please change admin's password later for security reasons to avoid unauthorized access to your router.
Note There is no way to replace a lost password, so be careful! You will need to re-install the router if the password is lost.

Configuring the Router

If you have an NE2000 Ethernet card then it was loaded automatically on boot all you have to do is to enable this interface and make all necessary IP settings. You can do that using the setup command:

Here is an example for PCI Ethernet card:

[MikroTik]> setup
Enable interface [ether1]: ether1 ip address: 10.5.8.161
Netmask [255.255.255.0]: 255.255.255.0
Gateway [10.5.8.254]: 10.5.8.1
[MikroTik]>

Try to ping some host on your network to test the initial configuration, for example:

[MikroTik]> ping 10.5.8.1

If you get responses from the host, your network connection works properly, and you should be able to access the router remotely via network.

If you have some other network card please read the "Device Driver Management" section in the User Manual for details on a specific driver you are using, whether it is loaded automatically or not. If it was loaded automatically then the setup command would work as described above.

If the driver was not loaded automatically then the setup command will ask you to do that. Also you will be prompted to enter IP parameters:

Here is an example for 3C509 ISA card:

[MikroTik]> setup
Load driver: 3c509
driver io: 0x300
driver irq: 11
IP address: 10.5.8.161
Netmask [255.255.255.0]: 255.255.255.0
Gateway [10.5.8.254]: 10.5.8.1
[MikroTik]>

Use ping command as described above to check your settings.

If you get responses from the host, your network connection works properly, and you should be able to access the router remotely via network.

Please read appropriate sections of this manual for more detailed description of configuration options.

A connection via console port is established using an RS-232 null modem cable. Standard PCs have a 9 pin male serial port built-in. Use any VT100 terminal emulation program on your PC or Laptop. The required communication settings are:

9600 bps, 8 bit, No parity, 1 stop bit

For PC with Windows running, set the COM port to your corresponding serial port. Usually it is COM2.

2. User Interconnection Description

Java Interconnection Description

MikroTik Java Console requires Java 2 browser plug-in. This may be downloaded from the "Download" page at www.mikrotik.com or www.sun.com.

In the Web Browser open the page with the address http://<IPAddressOfTheRouter>. Then start the applet.

General Information

When you type your login name and password you are logged in the router via Java Console.

All operations are performed via the main menu that is situated on the left of the main window. It consists of twelve items. If a menu item has an arrow sign then it contains submenu. Each of menu item is described in the User Manual in the corresponding chapters, excluding menu item "Help". The table below describes the correlation.

How To

Here are the most common actions that you perform on the entries:

Action	Description
Open	To open the required window simply click on the corresponding menu item.
Add	To add a new entry you should click on the icon in the corresponding window.
Remove	To remove an existing entry click on the icon.
Edit	Click twice on the icon on the left of each line.
Enable	To enable interface, address etc. click the icon.
Disable	To disable interface, address etc. click the icon.
Comment	To save a comment an entry click the icon.
Refresh	Click on the icon in the corresponding window.
Undo	Click on the icon above the main menu.
Redo	Click on the icon above the main menu.
Logout	Click on the icon above the main menu.

Main Menu

Console Interconnection Description

When you log into the router via console or telnet you get a base level prompt. As it is in Java almost every command has the corresponding chapter in the Manual. In the table below base level commands are described:

How To

The table below describes how you can execute commands, move through the levels in the console, etc.

You can abbreviate names of levels, commands and arguments.

Overview of Common Functions

The console allows configuration of the router settings using text commands. The command structure is similar to the Unix shell. Since there's a whole lot of available commands, they're split into hierarchy. For example, all commands that work with routes start with "ip route":

[drax]> ip route print

[drax]> ip route set 1 netmask 255.255.0.0
[drax]> ip route print

Instead of typing "ip route" before each command, "ip route" can be typed once to "change into" that particular branch of command hierarchy. Thus, the example above could also be executed like this:

[drax]> ip route
[drax] ip route> print

[drax] ip route> set 1 netmask 255.255.0.0
[drax]> ip route print

Notice that prompt changes to show where in the command hierarchy you are located at the moment. To change to top level, type "/"

[drax] ip route> /
[drax]>

To move up one command level, type ".."

[drax] ip route> ..
[drax] ip>

You can also use "/" and ".." to execute commands from other levels without changing the current level:

[drax] ip route> /ping 10.0.0.10
timeout: ping reply not recieved after 1000 mss
timeout: ping reply not recieved after 1000 mss
ping interrupted 2 packets transmitted, 0 packets received, 100% packet loss
interrupted

Or alternatively, to go back to the base level you could use the ".." twice:

[drax] ip route> .. .. ping 10.0.0.10
10.0.0.10 pong: ttl=128 time=2 ms
10.0.0.10 pong: ttl=128 time=1 ms
ping interrupted 2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1/1.5/2 ms
interrupted
[drax] ip route>

- Lists -

Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similar looking lists. All items in the list have an item number followed by it's parameter values. For example:

[drax]> interface print
# NAME STATE TYPE MTU

To change parameters of an item (interface in this particular case), you have to specify it's number:

[drax]> interface set 1 mtu 1234
[drax]> interface print

Numbers are assigned by "print" command and are not constant - it is possible that two successive "print" commands will order items differently. Thus, you must use the print command before any other command that works with list items, to assign numbers.

Note Although numbers can change each time you use the "print" command, they don't change between these uses. Once assigned, they will remain the same until you quit the console or until the next "print" command. Also, numbers are assigned separately for every item list, so "ip address print" won't change numbers for interface list.

Let's assume "ip address print" hasn't been executed already. In this case:

[drax]> ip address set 123 netmask 255.255.0.0
Error: number : (no numbers assigned)

To understand better how do item numbers work, you can play with "from" argument of "print" commands:

[drax]> interface print from 1

The "from" argument specifies what items to show. Numbers are assigned by every "print" command, thus, after executing command above there will be only one item accessible by number - interface "ether1" by number 0.

- Item names -

Some lists have items that have specific names assigned to each. Examples are "interface" or "user" levels. There you can use item names instead of numbers:

[drax]> interface set ether1 mtu 1234

You don't have to use the "print" command before accessing items by name - as opposed to numbers, names are not assigned by the console internally, but are one of the items' parameters. Thus, they won't change on their own (But there are all kinds of obscure situations possible when several users are changing router configuration at the same time). Generally, item names are more "stable" than numbers, and also more informative, so you should prefer them ver numbers when writing console scritps. Also, <tab> completions work on item names, making them easy to type.

- Quick typing -

There are two features in router console that help entering commands a lot quicker and easier - tab key completions and abbreviations of command names. Completions work similarly to the bash shell in UNIX. If you press the tab key after part of word, console tries to find command in current context that begins with this word. If there's only one match, it is automatically appended, followed by space character:

/inte<tab>_ becomes /interface _

(where "_" is cursor position)

If there's more than one match, but they all have a common beginning which is longer that what you've typed, then the word is completed to this common part, and no space is appended:

/interface set e<tab>_ becomes /interface set ether_
(because "e" matches both "ether5" and "ether1" in this example)

If you've typed just the common part, pressing the tab key once has no effect. However, pressing it second time shows all possible completions in compact form:

[drax]> /interface set e<tab>_
[drax]> /interface set ether<tab>_
[drax]> /interface set ether<tab> ether1 ether5
[drax]> /interface set ether_

The tab key can be used almost in any context where the console might have a clue about possible values - command names, argument names, arguments that have only several possible values (like names of items in some lists or name of protocol in firewall and NAT rules). You can't complete numbers, IP addresses and similar values.

Another way to press less keys while typing is to abbreviate command and argument names. You can type only beginning of command name, and if it is not ambiguous console will accept it as a full name:

[drax]> ip f s r 1 equals to [drax]> ip firewall static-nat remove 1

[drax]> pi 10.1 c 3 s 100 equals to [drax]> ping 10.0.0.1 count 3 size 100

Note ".." can be shortened to ".", because no other words in command levels begin with dot.

- Help -

The console has a built-in help, which can be accessed by typing '?'. General rule is that help shows what you can type in position where the '?' was pressed (similarly to pressing tab key twice, but in verbose form and with explanations).

- Internal item numbers -

Items can also be addressed by their internal numbers. These numbers are generated by console for scripting purposes and, as the name implies, are used internally. Although you can see them if you print return values of some commands (internal numbers look like hex number preceded by '*' - for example "*100A"), there's no reason for you to type them in manually. Use of invalid internal numbers can result in severe injury of your router configuration.

- Multiple items -

You can specify multiple items as targets of some commands. Almost everywhere, where you can write the number of items, you can also write a list of numbers:

[drax]> interface print

This is handy when you want to perform same action on several items, or do a selective export. However, this feature becomes really useful when combined with scripting.

- Return values -

The router console has limited scripting capability. Syntax is simple and similar to TCL. There's a new command "find" added to many of the command levels for scripting use. This command doesn't print anything on screen. Instead, it creates a return value that contains internal numbers of items that match parameters of the "find" command. This return value can be used in another command, by placing "find" in square brackets:

[drax]> interface
[drax] interface> print from [find name ether5]

If you don't give "find" any arguments, it returns internal numbers of all items:

[drax] interface> set [find] mtu 1500
[drax] interface> print

You can see the return value of "find" command (and other router commands) using ":put" command:

[drax] interface> :put [find]
*10002 *10001

These are internal numbers of all router interfaces. Also, there's a trailing space after last number, so you can concatenate results of several "find" commands:

[drax] interface> print from [find][find]

- Time Setting -

In the console time can be set in various ways. If it is just a number, then it is in seconds. You can also enter the following values:

If the is no number before the letters, it will be one unit. You also can use decimal numbers. Multiple time intervals can be written consequently - they will be summarized.

- Variables -

The console has variables that can store string values. Assigning such a variable is done by ":set" command:

[drax]> :set var1 J.Random.String

If the value is assigned to a non-existing variable, it's created, otherwise current value is replaced. To access the value of variable, you have to type "$" followed by the name of the variable, and it will be replaced by the value of the variable:

[drax]> :put $var1
J.Random.String
[drax]> :put $var1-$var1-yo-ho-ho-$var1
J.Random.String-J.Random.String-yo-ho-ho-
J.Random.String

- Magic Variables -

There are two magic variables in the console. "_" (underscore) has the last valid command entered.

[drax]> /system clock print
jun/16/2000 17:06:57
[drax]> :put $_
/system clock print
[drax]> :put $_
:put $_

The second magic variable is the "^" (caret). It contains the return value of the last executed command. Note that all commands return values (even if they're empty strings), so if you want to use the return value of some command (say, "find") several times, you have to assign it to normal variable. In the console, "^" is used to export some items:

[drax]> ip firewall static-nat
[drax] ip firewall static-nat> print

[drax] ip firewall static-nat> export
/ip firewall static-nat
add interface all src-address 0.0.0.0 src-netmask
0.0.0.0 \
dst-address 0.0.0.0 dst-netmask 0.0.0.0 protocol
all \
src-port 0-65535 dst-port 0-65535 to-src-address
0.0.0.0 \
to-dst-address 0.0.0.0 to-src-netmask 0.0.0.0 \
to-dst-netmask 0.0.0.0 to-src-port 0 to-dst-port 0
translate no \ direction in
comment $^ blah-blah\nyadda-yadda
disable $^
[drax] ip firewall static-nat>

Here, "add" returns internal number of item the it has added, and "comment" command returns list of internal numbers of items it received as the first argument. Thus "comment $^" will add comment to the item created by "add", and "disable $^" will disable this item.

- General layout of command levels -

There are two different kinds of command levels. First, there are levels that allow you to work with lists of similar items - routes, interfaces, users and the like. Second, there are levels that allow you to change some general parameters - time, bridge settings etc.

Most command groups have some or all of these commands:

print
set
remove
add
find
export
enable
disable
comment

These commands have similar behaviour in all hierarchy.

- print -

The "print" command shows all information that's accessible from particular command level. Thus, "/system time print" shows system time, "/ip route print" shows all routes etc. If there's a list of items in this level and they are not read-only, i.e. you can change/remove them (example of read-only item list is "/system history", which shows history of executed actions), then "print" command also assigns numbers that are used by all commands that operate on items in this list. Thus, "print" usually must be executed before any other commands in the same command level.

If there's list of items then "print" usually can have a "from" argument. The "from" argument accepts space separated list of item numbers, names (if items have them). and internal numbers. The action (printing) is performed on all items in this list in the same order in which they're given.

- set -

The "set" command allows you to change values of general parameters or item parameters. The "set" command has arguments with names corresponding to values you can change. Use "?" or double tab to see list of all arguments. If there is list of items in this command level, then set has one unnamed argument that accepts the number of item (or list of numbers) you wish to set up. Values for unnamed arguments must follow right after the name of the command, and their order can't be changed. Example: in firewall rules, the "set" command has two unnamed arguments - first is the name of chain and second is the number of rule in this chain. "set" returns internal numbers of items it has set up.

- remove -

"remove" has one unnamed argument which contains number(s) of item(s) to remove.

- add -

"add" usually has the same arguments as "set", minus the unnamed number argument. It adds new item with values you've specified, usually to the end of list (in places where order is relevant). There are some values that you have to supply (like interface for new route), and other values that are set to defaults if you don't supply them. The "add" command returns internal number of item it has added.

- find -

The "find" command has the same arguments as "set", and an additional "from" argument which works like the "from" argument with the "print" command. The "find" command returns internal numbers of all items that have the same values of arguments as specified.

- export -

The "export" command prints a script that can be used to restore configuration. If it has the argument "from", then it is possible to export only specified items. Also, if the "from" argument is given, "export" does not descend recursively through the command hierarchy. "export" also has the argument "file", which allows you to save the script in file on router to retrieve it later via ftp. Argument "noresolve" is used to disable reverse resolving of IP addresses if it proves to be problem.

- enable/disable -

You can enable/disable some items (like ip address or default route). Is an item is disabled, it number is shown in parenthesis. If an item is inactive, but not disabled, it number is shown in brackets.

- comment -

You can add comments to any item. If item is commented, comments are shown after item number before all parameters and prefixed with ";;;".

3. Device Driver Management

Device drivers represent the software interface part of installed network devices. For example, the MikroTik system includes device drivers for NE2000 compatible Ethernet cards and other network devices. If you need a device driver for a device, which is not on the list, please suggest it at our suggestion page on our web site.

Most device drivers are loaded automatically. For instructions on specific device drivers see the supported interfaces below.

Unloading of device driver is useful when changing network devices - this can be useful to save system resources in avoiding loading drivers for devices which have been removed from the system. This may be done automatically by removing the card and rebooting before inserting the new network device. The device drivers can be removed only if the appropriate interface has been disabled first.

Managing Device Drivers from Java

Select the "Drivers" menu to display the currently installed drivers. New drivers can be installed by selecting the . Existing drivers can be removed by selecting the as long as their status is 'disabled' (set in the Interface menu). PCI drivers cannot be removed.

Managing Device Drivers from Console

Driver management commands are located in the "driver" menu.

Where <number> is number of a loaded driver, which can be viewed in the list, generated by the "print" command.

Device Driver Parameters

*- In console use abbreviated form of driver name, available from help.

Supported interfaces

PCI Cards (loaded automatically, can't be loaded by name)

Driver name: ne2k-pci

Driver name: 3c95x (3Com 3c590/3c900 series Vortex/Boomerang driver)

This device driver is designed for the 3Com FastEtherLink and FastEtherLink XL, 3Com's PCI to 10/100baseT adapters. It also works with the 10Mbs versions of the FastEtherLink cards. The supported product IDs are shown in the following table:

Driver name: lmc

Driver name: eepro100 (Intel i82557/i82558 PCI EtherExpressPro driver)

This device driver is designed for the Intel i82557 "Speedo3" chip, Intel's single-chip fast Ethernet controller for PCI, as used on the IntelEtherExpressPro 100 adapter.

Driver name: tulip

This device driver is designed for the DECchip "Tulip", Digital's single-chip ethernet controllers for PCI. Supported members of the family are the 21040, 21041, 21140, 21140A, 21142, and 21143. Similar work-alike chips from Lite-On, Macronics, ASIX, Compex and other listed below are also supported.

Driver name: rtl8139

This device driver is designed for the RealTek RTL8129, the RealTek Fast Ethernet controllers for PCI. This chip is used on a few clone boards.

Driver name: winbond-840

This driver is for the Winbond w89c840 chip.

ISA Cards

Driver name: ne2k-isa

Driver name: 3c509

ISDN Cards

Only PCI ISDN cards are supported.

4. Network Interface Management

Introduction

An Interface is physical or virtual device which provides a connection to an external network. Network interfaces are created automatically when the Network Interface Card driver is loaded. Virtual (software) interfaces can be created manually.

Managing Network Interfaces from Java

Select the "Interfaces" menu to open the interface list window. The interfaces list displays basic interface parameters. Interface type specific parameters can be changed from interface details windows (opened by double clicking on icon to the left from interface name). The Interface details window has a standard "Traffic" tab which displays traffic that enters and leaves router through the interface. It can also contain other tabs with interface type specific parameters.

The Interfaces list window also contains a "blink" button. Selecting this button causes traffic to be generated on the highlighted interface and therefore blink the LEDs (light emitting diodes) on the card so that an administrator can determine which Interface name corresponds to the actual interface (when there are multiple interfaces of the same type). Some interfaces must have an Ethernet cable connected before the lights will blink. Note that not all interfaces support this function.

Managing Network Interfaces from Console

Network interface commands and submenus are located in the "interface" menu. It contains several commands that are common to all interfaces:

Whre <interface> is interface name or number obtained from "print" command.

The "interface" menu also contains device type specific submenus with device type specific commands. The following device type submenus can be available, depending on what features are licensed for a particular installation:

Basic Interface Parameter Description

Ethernet Interfaces

Ethernet interfaces include standard 10/100 Mbit Ethernet network interface. Ethernet interfaces do not have any device type dependent parameters. Each Ethernet interface has its MAC-address (Medium Access Control).

Managing Ethernet Interfaces from Java

Ethernet interface parameters can be changed from interface list window or from interface details window "General" tab.

Managing Ethernet Interfaces from Console

Ethernet interface management is done in submenu "interface ether".

Where <interface> is interface name or number obtained from "print" command.

Ethernet Interface Parameters

PPP Server

PPP (or Point-to-Point Protocol) provides a method for transmitting datagrams over serial point-to-point links. The 'com1' and 'com2' ports from standard PC hardware configurations will appear as 'serial0' and 'serial1' automatically. It is possible to add thirty-two additional serial ports with the Moxa C168 PCI multiport asynchronous card (eight ports each) to use the router for a modem pool.

Managing PPP Server from Java

To add PPP server interface, you have to choose "Interfaces" and click "Add New" . Then choose PPP Server and set all PPP server settings. When next time you want to change PPP server settings or check out status or traffic of the PPP server you have to double click on PPP server interface you added in the Interfaces list.

Managing PPP Server from Console

PPP server management is done in the submenu "interface ppp-server".

Where <interface> is interface name or number obtained from "print" command.

PPP Client

Managing PPP Client from JAVA

To add PPP client interface, you have to choose "Interfaces" and click "Add New" . Then choose PPP Client and set all PPP client settings. When next time you want to change PPP client settings or check out status or traffic of the PPP client you have to double click on PPP client interface you added in the Interfaces list.

Managing PPP Client from console

PPP server management is done in the submenu "interface ppp-server".

PPP Interface Parameters

Moxa Sync Interfaces

Moxa Sync interfaces supports the Moxa C101 Sync adapters. Moxa C101 hardware specific instructions come together with the C101 when purchased from "MirkoTikls".

Managing Moxa Sync Interfaces from Java

Moxa Sync specific parameters can be controlled from "Synchronous" tab in interface details window. Current status (status of modem control lines, time since last keepalive and sequence number difference) can be monitored in real time under the "Status" tab in interface details window.

Managing Moxa Sync Interfaces from Console

Moxa Sync interface management is done in submenu "interface sync".

Where <interface> is an interface name or number obtained from "print" command.

Interface status includes status of modem control lines (DTR, RTS, CTS, DSR, DCD), time since last keepalive, and sequence number difference.

Moxa Sync Interface Parameters

PPTP Server

PPTP (Point-to-Point Tunneling Potocol) provides a method for transmitting datagrams over IP network encapsulated into PPP protocol. Configuring PPTP server is much like configuring PPP server.

PPTP tunnels are used to create virtual private networks. You can connect two private networks via PPTP tunnel.

Managing PPTP Server from Java

You can configure PPTP Server settings by clicking icon. Then set all parameters as necessary. Read about PPTP Server parameters below.

Managing PPTP Server from Console

Go to the “interface pptp-server” menu.

"ip pptp-server" menu commands:

PPTP Server Parameters

PPTP Client

Managing PPTP Client from Java

You can configure PPTP Client settings by clicking icon. Then set all parameters as necessary. Read about PPTP Client parameters below.

Managing PPTP Client from Console

Go to the "interface pptp-client" menu. The following commands are possible there:

PPTP Client Parameters

PPPoE Server

PPPoE (Point-to-Point Potocol over Ethernet) provides a method for transmitting datagrams over ethernet encapsulated into PPP protocol. Configuring PPPoE server is much like configuring PPP server.

Example PPPoE server configuration:
/ip pppoe-server set ether1 server-name ExampleServer pap yes chap yes ms-chapv2 yes encryption optional compression no mtu 1460 mru 1460 idle-timeout 0 local-address-from 10.0.0.1 local-address-to 10.0.0.127 remote-address-from 10.0.0.128 remote-address-to 10.0.0.254
/ip pppoe-server enable ether1

This configures PPPoE server on ether1 interface. ether1 interface should be up. No ip address configuration is required on interface. Next thing is to add users with group PPP. We will add user test with password seCreT in this example:
/user add name test password seCreT group ppp

Next, configure general PPP settings - name server addresses that will be provided to PPPoE client. For example:
/ip ppp set primary-dns 159.148.60.2 secondary-dns 159.148.108.1 authentication local

Managing PPPoE Server from JAVA

PPPoE server from JAVA you can manage in Interface list window by choosing General settings and then PPPoE server.

Managing PPPoE Server from console

It is done from "interface pppoe-server" submenu.

And "ip pppoe-server" submenu.

PPPoE Client

Managing PPPoE Client from JAVA

You can configure PPPoE Client settings by clicking icon. Then set all parameters as necessary.

Managing PPPoE Client from console

It is done from "interface pppoe-client" submenu.

Where <interface> is an interface name or number obtained from "print" command.

IP Tunnel

Managing IP Tunnel from JAVA

IP Tunnel you can manage from Interfaces list. To add IP Tunnel interface you have to click add and choose IP Tunnel. To modify IP Tunnel interface you have to double click on added IP Tunnel interface in interfaces list.

Managing IP Tunnel from console

It is done from "interface ipip" submenu.

EOIP Interface

Managing EOIP from JAVA

EOIP management from JAVAis done from Interfaces menu. EOIP interface you can add by choosing add and EOIP Tunnel. EOIP Tunnel settings you can change by double clicking on added EOIP Tunnel interface in Interfaces list.

Managing EOIP from Console

It is done from "interface eoip" submenu.

ISDN Server

Managing ISDN Server from Console

It is done from "interface isdn-server" submenu.

Where <interface> is an interface name or number obtained from "print" command.

ISDN Client

Managing ISDN Client from JAVA

It is done from Interfaces list. To add isdn client you have to choose add and then ISDN client. If you want to change isdn client settings you have to double click on added isdn client interface in Interace list.

Managing ISDN Client from Console

It is done from "interface isdn-client" submenu.

Where <interface> is an interface name or number obtained from "print" command.

LMC- WAN

Managing LMC- WAN from Console

It is done from "lmc-wan" submenu.

Where <interface> is an interface name or number obtained from "print" command.

Aironet 35/45/4800 and Cisco 340 Interfaces

Aironet 35/45/4800 interfaces include Aironet 3500, 4500, 4800, and Cisco 349 ISA and PCI adapters. If you have an ISA adapter, than make sure to configure DIP switches correctly.

Configuring DIP Switches (ISA Only)

The Aironet/Cisco ISA adapter contains DIP switches for setting Plug and Play Mode (PnP), Base Address, and Interrupt Levels (IRQ). The switches are set for PnP mode by default.

Devices cannot share the same Base address or IRQ. Check the switch settings on the adapter to ensure the do not conflict with other devices in the computer.

PnP mode is controlled by the 6^th switch:

If you set PnP mode on then all other settings are not taken into account. If you still want to use PnP mode make sure that the default IRQ and Base Address do not conflict with the other devices. The default are:

If you want to configure other IRQ and Base Address values, make sure PnP mode is turned off, i.e. 6^th switch is On.

Managing Aironet 35/45/4800/Cisco 340 Interfaces from Java

Aironet 35/45/4800 specific parameters can be controlled from “General”, “RF Network,” and “Advanced” tabs in interface details window. Current status (current signal quality, channel frequency, synchronization and association status, name of Access Point, and MAC address of Access Point) can be monitored in real time under the “Status” tab in interface details window.

Aironet 35/45/4800 interface management is done in the submenu “interface pc“.

Where <interface> is interface name or number obtained from “print“ command.

Interface status includes current signal quality, channel frequency, synchronization, association, name of Access Point, and MAC address of Access Point.

Aironet 35/45/4800 Interface Parameters

Read the User Guide for details how to connect to the Access Point.

Arlan IC2200 Interfaces

Arlan IC2200 interfaces include Aironet’s Arlan IC2200 (655) 2.4GHz 2Mbps ISA Client Cards. This hardware line has been discontinued.

Managing Arlan IC2200 Interfaces from Java

Arlan IC2200 specific parameters can be controlled from the “Radio” tab in interface details window. Current status (registration status and registered router and backbone) can be monitored in real time on “Status” tab in interface details window.

Managing Arlan IC2200 Interfaces from Console

Arlan IC2200 interface management is done in the submenu “interface arlan”.

Where <interface> is interface name or number obtained from “print“ command.

Interface status includes registration status and registered router and backbone.

Arlan IC2200 Parameter Description

RadioLAN Interfaces

RadioLAN interface supports the RadioLAN ISA CardLINK – Model 101 10Mbit radio card.

Managing RadioLAN Interfaces from Java

RadioLAN specific parameters can be controlled from the “Radio” tab in interface details window. Current status (current default destination) can be monitored in real time on “Status” tab in interface details window.

RadioLAN interfaces have an additional capability of low level radio connection testing. Test can be started and results monitored in real time under the “Ping” tab.

Managing RadioLAN Interfaces from Console

RadioLAN interface management is done in submenu “interface radiolan”.

Where <interface> is an interface name or number obtained from the “print“ command. Interface status includes current default destination.

RadioLAN Interface Parameters

WaveLAN Interfaces Base Configuration

WaveLAN interfaces support 802.11 standard, i.e. it works with Aironet access points and works at 11Mbps rate. Tx power: 35 mW.

This interfaces needs the same license as for Aironet 4800 interfaces. The driver is loaded automatically when you boot up the router with the PCMCIA WaveLAN Network Adapter.

Managing WaveLAN Interfaces from Console

WaveLAN interface management is done in the submenu “interface wavelan“.

Where <interface> is interface name or number obtained from “print“ command.

WaveLAN Interface Parameters

Samsung Wireless IEEE 802.11 11Mb/s Interfaces

Managing Samsung Wireless Interfaces from Console

Samsung wireless interfaces can be configured from “interface samsung” submenu.

Where <interface> is interface name or number obtained from “print“ command.

Samsung Wireless Interface Parameters

5. Bridge Configuration

Bridging is used to pass MAC layer packets between interfaces without any routing. When the routers are used in bridging mode, Spanning Tree Protocol is used to avoid bridging loops and to communicate information between routers/bridges. Bridgingworks only for Ethernet and RadioLan interfaces. You can bridge between Ethernet and RadioLan networks, only the router should be a default destination (on MAC level) for others clients of the radio network. Also you can bridge Ethernet networks through RadioLan network (point-to-point).

Configuring Bridge from Java

Select the Bridge menu. Various protocols can be enabled or disabled.

Configuring Bridge from Console

Bridge configuration commands are located in “bridge” menu.

“bridge interface” submenu commands:

Bridge Configuration Parameters

6. Internet Protocol Management

The Internet Protocol Management section includes configuration of all IP level settings such as IP addresses, DHCP, static routes, and so on.

Addresses

Addresses serve as identification when communicating with other network devices. It is possible to add multiple IP addresses to each of the interfaces or to leave interfaces without addresses assigned to them.

Managing Addresses from Java

Select the IP/Addresses menu. The “Addresses List” list shows all IP addresses with basic settings. From the ”Address List” window addresses can be edited, added (), removed (), enabled (), disabled () and commented (). You can also disable and enable addresses and comment them. Some addresses (when using PPP) can appear and disappear dynamically. Dynamic addresses are marked with blue icon, others with yellow. Inactive addresses (their interfaces are disabled) are shown in gray and italic.

Select “address” in the “ip” menu.

General Address Parameters

Routes

Routes are needed for communicating with networks that are not directly attainable via the router’s local interfaces. Routes to locally connected interfaces and networks are created automatically based on the IP address assigned to local interfaces. Static routes, including the default route, are set in the IP/Routes menu. Other automatic routes are created by routing daemons, such as RIP and OSPF, which can be found in the Routing menu from the base level. Dynamic routes are shown in IP/Routes, too.

Managing Routes from Java

Select the “Routes” menu under the “IP” menu. The “Routes List” shows current routes settings which can be edited, added, and deleted. Disabled routes (interface they are using is disabled) are shown in gray and italic. Dynamic routes are marked with blue icon, others with green.

Managing Routes from Console

Select the submenu “ip route”.

General Routes Parameters

ARP

ARP (Address Resolution Protocol) displays IP addresses and respective MAC addresses of interfaces which are physically connected to local interface. The ARP table entries appear automatically as it sends broadcast messages to all interfaces physically connected to the local interfaces. It is possible to manually assign static ARP entries.

Managing ARP from Java

Select the ‘ARP’ menu under the ‘IP’ menu. The ‘ARP List’ displays IP addresses, MAC addresses, and interface names and allows to edit, add, and remove ARP entries. Inactive entries are shown in gray color and italic font.

Managing ARP from Console

Select the located in “address” menu that is in the “ip” menu.

General ARP Parameters

DHCP Server

DHCP is Dynamic Host Configuration Protocol. DHCP's purpose is to enable individual computers on an IP network to extract their configurations from a server (the 'DHCP server') or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network.

Managing DHCP Server from Java

Select the “DHCP” menu under the ”IP” menu.

Managing DHCP Server from Console

DHCP management is controlled from the “dhcp-server” menu under the “ip” menu. The “dhcp-server” menu “lease” option shows all current DHCP leases.

“ip dhcp-server” menu commands:

“ip dhcp-server lease” menu commands:

General DHCP Server Parameters

Lease parameters (read only):

DHCP Client

It is possible to set the MikroTik router as DHCP client, so it can obtain IP addresses automatically from a DHCP server.

Managing DHCP Client from Java

Select the “DHCP” menu under the ”IP” menu.

Managing DHCP Client from Console

DHCP client configuration is performed in the “dhcp-client” menu under the “ip” menu.

“ip dhcp-client” menu commands:

“ip dhcp-client lease” menu commands:

General DHCP Client Parameters

Firewall

The firewall supports filtering and security functions that are used to manage data flows to the router and through it. Along with the Network Address Translation they serve as security tools for preventing unauthorized access to networks.

Filtering rules organized together in chains do packet filtering. Each chain can be considered as a set of rules. There are three default chains, which cannot be deleted. More chains can be added for grouping together filtering rules. When processing a chain, rules are taken from the chain in the order they are listed from the top to the bottom.

Packets entering the router through one of the interfaces are first matched against the filtering rules of the Input chain. If the packet is not dropped or rejected, and it is for the router itself, the packet is delivered locally. If the packet is not dropped or rejected, but it has to be delivered outside the router, then the packet is processed according to the routing table. If the processing is successful, then the packet is matched to the filtering rules of the forward chain. After that, packet is passed to the output interface and processed according to the rules of output chain.

Packets originated from the router are processed according to the output chain only.

Managing Firewall Functions from Java

Select the “Firewall” menu under the “IP” menu. Use and icons to add/remove chains. Double click on the chain to perform operations with rules: add, remove, comment. You can set policy of the chain by clicking on the following icon: .

Managing Firewall Functions from Console

Firewall management can be performed from the “ip firewall” menu.

“ip firewall rule” menu commands:

“ip firewall masq” menu commands:

General Firewall Parameters

Rule parameters:

Actions to perform on rules:

Chain parameters:

Accounting

Managing IP Accounting from JAVA

IP Accounting you can manage by choosing IP and then "accounting".

Managing IP Accounting from Console

It is done from "ip accounting" submenu.

"ip accounting web" submenu.

Static NAT

NAT (Network Address Translation) is the translation of an IP address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Typically, an administrator maps the local inside network addresses to one or more global outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP addresses. This helps ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. NAT also conserves the number of global IP addresses and it lets the whole network use a single IP address in its communication with the world.

Managing Static NAT from Java

Select the “Static NAT” menu under the “IP Firewall” by clicking on icon. The “Static NAT” list allows editing, adding, and removing NAT entries.

Managing Static NAT from Console

Network Address Translation management is performed in the “ip firewall static-nat” menu.

DNS

By using a DNS server, router administrators can use hostnames instead of IP addresses when setting up routes, filters, and other places where a numbered IP address is not required.

Managing DNS from Java

Select the “DNS” menu under the “IP” menu. The “DNS” box can be configured with the primary DNS and secondary DNS by selecting the DNS settings icon . Static DNS entries have higher priority than dynamic ones that received from DNS server.

Managing DNS from Console

“ip dns” menu commands:

“ip dns static” menu commands:

DNS Parameters

General DNS Settings:

Static DNS parameters:

7. SNMP Service Configuration

The MikroTik router currently supports a limited implementation of the SNMP protocol. Currently SNMP can only be used to remotely monitor the network and collect statistics. The current MikroTik SNMP provides information about traffic on network interfaces and system information (name, location, contact, routes, addresses, interfaces, ARPs, and TCP connections). MikroTik router has only one community (others are not supported) of the type "public" and it is read-only. I.e. the router cannot be configured using SNMP management programs. It is possible only to set location and contact information parameters from the Console or the Java Console.

Configuring SNMP from Java

Select the SNMP menu to enabled or disabled and set SNMP service information.

Configuring SNMP from Console

SNMP configuration commands are located in "snmp-server" menu. It contains following commands:

SNMP Configuration Parameters

8. Queues Management

Queuing is a mechanism that controls bandwidth allocation, delay variability, timely delivery, and delivery reliability.

Managing Queuing from Java

Open the “Queues” window by clicking on the corresponding menu. New queues are automatically added when an interface is inserted and set up. When a queue is set to type “split”, new sub-node queues can be added. Each new queue can be set to queuing type (or algorithm).

Managing Queuing from Console

Queues can be configured in “ip queue” submenu.

General Queuing Parameters

Queue parameters:

Queue types:

RED queue parameters:

PFIFO queue parameters:

BFIFO queue parameters:

9. Advanced Routing Management

Standard kernel routes are created when adding an address to the router and static routes are added by the user. A third type of route is created by routing protocol. For exchanging the routing information between the routers, MikroTik™ Router Software supports two interior routing protocols: the Routing Information Protocol (RIP) [Version 1 and Version 2] and the Open Shortest Path First (OSPF) protocol.

Routing Information Protocol

RIP selects the route with the lowest metric as the best route. The metric is a hop count representing the number of gateways through which data must pass through to reach its destination. To enable the exchange of routing information between two routers connected to the same network both routers should have RIP enabled on the interfaces to the network which connects them.

Select the “Routing” menu and the “RIP” menu. Select the icon of the desired interface to change its RIP settings. To choose to redistribute static, connected and OSPF routes, click on the icon .

Managing RIP from Console

Go to the “router” menu by executing the command with the corresponding name from the base level. Then go to the “rip” menu.

To set RIP for a specific interface, go to “interface” submenu. Here are the commands:

General RIP Parameters

Open Shortest Path First

OSPF is a shortest path first or link-state protocol. OSPF is an interior gateway protocol that distributes routing information between routers in a single autonomous system. OSPF chooses the least cost path as the best path. OSPF is better suited than RIP for complex networks with many routers. To enable OSPF for an interface, OSPF network with this interface network and mask. If interface has multiple logical networks all of these networks should be added as OSPF networks.

Select the “Routing” menu and then the “OSPF” menu. Four tabs can be used for configuration: “Interfaces”, “Areas”, “Networks” and “Virtual Links”. To change general OSPF settings (router ID and routes redistribution) click on the icon under “Interfaces” tag.

Go to the “routing ospf” menu.

OSPF interfaces menu commands:

OSPF areas menu commands:

OSPF networks menu commands:

OSPF virtual links menu commands:

Interface parameters:

Area parameters:

Network parameters:

Virtual links parameters:

10. System Configuration

Terminal Setup and Basic System Setup

This action can be performed only in the console. The described below commands can be executed from the base level or from anywhere else if you type “/” before them.

Basic Router Setup

Basic router setup can be done from the base level using setup command.

Terminal setup is performed in the “terminal” menu.

Packages

Packages are used to upgrade the router or add features. Packages should be obtained from the MikroTik web site. After rebooting the router, the packages will be installed.

Viewing Packages from Java

Select the “System” menu. Information about packages is divided in two parts – one about installed packages (“Packages”) and the other about uploaded ones (“Store”). Press to refresh information, to remove uploaded package, to uninstall package and to cancel uninstall.

Viewing Packages from Console

In the console installed and uploaded packages information can be found under the “system package” and “system store” menus.

“sys package” menu commands:

“sys store” menu commands:

Packages Parameters

General packages parameters:

System History

The system keeps a history of the configuration changes since last boot. The history is lost when the router is rebooted. The ‘history’ buttons on the Java panel (and ) allow the user to ‘undo’ and ‘redo’ actions.

Viewing System History from Java

Select the “History” menu. The system history can be viewed in the appeared “History” window. The information is read only. Use the buttons on the main widow to ‘undo’ and ‘redo’ actions. The action that is undone is marked with blue dot.

Viewing System History from Console

The system history can be viewed from the “system history” menu.

System History Parameters

User Management

User management includes adding users, removing users, setting names, access, access groups, and passwords.

User Management from Java

User management can be performed from the “Users List” windows that appears after you select the “Users” menu. Under “Groups” tag click twice on a group to edit it’s policies.

User Management from Console

Go to the “user” menu.

“user group” menu commands:

User Parameters

Note user “*” will be used for PPP as any user

Policies:

Change Password

You can easily change password using this special command.

In the main menu there is an item “Password”. You will be prompted to enter your old password and enter new password twice. When you logout and login for the next time, you must enter the new password. The old password is lost forever.

Go to the base level and execute the following command:

You will be prompted to enter your old password and enter new password twice. When you logout and login for the next time, you must enter the new password. The old password is lost forever.

System Resources

System’s uptime, total memory, HDD/Flash drive size, CPU type, and CPU frequency are displayed.

Viewing System Resources from Java

Select the “System” menu and the “Resources” menu. Java gives you expanded possibilities in viewing the system resources. Under the ‘Monitor’ tab a window shows the utilization of system’s CPU and memory usage in graphical form. Under the ‘IRQ’ tab, the system’s hardware IRQ’s and their usage are shown. Under ‘IO’ tab, the system’s IO memory ranges used by various devices are shown.

Viewing System Resources from Console

In the console, system resources can be viewed in the “system resource” menu. There are three submenu there.

System Resources Parameters

General parameters:

IRQ parameters:

I/O parameters:

System Shutdown

System shutdown (halt), reboot, and reset controls. For most systems, it is necessary to wait approximately 30 seconds for a safe power down.

System Shutdown from Java

Select the “System” menu then the “Shutdown” menu. The dialog box will appear asking you whether you want to reboot or shutdown the router. Warning: after entering ‘shutdown,’ it is necessary to manually restart the router.

System Shutdown from Console

The following commands can be executed in the “system” menu:

System Identity

Set the identification name of the router.

Setting System Identity from Java

Select “System” menu and then “Identity” and enter the router name.

Setting System Identity from Console

Go to the “system identity” menu.

System Identity Parameters

System Date and Time

View and change the system date and time settings.

Setting Date and Time from Java

Select the “System” menu and the “Clock” menu.

Setting Date and Time from Console

In the system console date and time settings can be change in two different menus. These commands can be executed from the “sys date” menu:

Date and time settings become permanent and effect BIOS settings.

Date and Time Parameters

Date parameters:

System Logs Management

Various system events and status information can be logged. Logs can be saved in a file on the router or sent to a remote server running a syslog daemon. MikroTik provides a shareware Windows Syslog daemon at www.MikroTik.com.

Managing System Logs from Java

Click on the “System” menu. If you want to view all system logs then go to the “Logs” menu. For configuring logs select the “Log Manager” menu. Select the “Log Default Settings” icon to set number of buffer lines, default IP address, and default port. To configure log sources select the icon of the corresponding line.

Managing System Logs from Console

Local logs can be viewed in the “log” menu:

Global logging management is performed in the “system logging” menu.

“system logging” menu commands:

“facility” submenu commands:

System Logs Parameters

Log facility parameters:

Types of logging:

Global logging parameters:

License

You can view and set Software ID Number by executing the following commands in “system license” menu in console.

11. Tools

MikroTik tools include standard TCP/IP tools such as ping and trace-route and also custom made tools. MikroTik custom tools are designed to assist you in verifying the quality of links – stability and bandwidth. If you have any suggestion for improving these tools, please suggest it at our suggestion page on our web site.

Ping

Ping uses Internet Control Message Protocol (ICMP) Echo messages to determine if a remote host is active or inactive and to determine the round-trip delay when communicating with it.

Launching Ping Utility from Java

Select the “Ping” submenu in the “Tools” menu. The Ping utility sends four ping messages and displays them in real time in the Ping list box.

Launching Ping Utility from Console

From local console enter the command “ping” from the base level or us /ping from any location in the console.

Ping utility shows Time To Live value of the received packet (ttl) and Roundtrip time (time) in ms.

The console Ping session may be stopped when the Ctrl + C is pressed.

Ping Utility Parameter Description

Traceroute

Traceroute is a TCP/IP protocol-based utility, which allows the user to determine how packets are being routed to a particular host. Traceroute works by increasing the time-to-live value of packets and seeing how far they get until they reach the given destination; thus, a lengthening trail of hosts passed through is built up.

Launching Traceroute Utility from Java

Select the “Traceroute” window in the “Tools” menu. When the trace is complete, the output indicates total number of hops to the host and corresponding TTL values per hop.

Launching Traceroute Utility from Console

Execute the command “traceroute“ from the base level:

Traceroute shows the number of hops to the given host address of every passed gateway. Traceroute utility sends packets three times to each passed gateway so it shows three timeout values for each gateway in ms.

General Traceroute Utility Parameters