MikroTik RouterOS™ V2.4 Reference Manual

Document revision 11-Jan-2002
This document applies to the MikroTik RouterOS™ V2.4

If you want to see all sections together,
view this Manual as one file

Basic Software Reference

Basic Setup Guide
Using the Terminal Console
Using the Java Console
Software Package Installation and Upgrading
SSH Installation and Usage
Scripting Manual

Software Technical Reference and Application Examples

Device Driver Management
Bridge Management
Network Interface Management
Internet Protocol Management
Routing Protocols
- OSPF Protocol
- RIP Protocol
System Information and Utilities
Diagnostics Tools
SNMP Service

If you want to see all sections together,
view this Manual as one file

MikroTik RouterOS V2.4 Basic Setup Guide

Document revision 31-Jan-2002
This document applies to the MikroTik RouterOS V2.4

The Guide describes the basic steps of installing and configuring a dedicated PC router running MikroTik RouterOS V2.4. The following sections are included in this Guide:

Downloading and Installing the MikroTik RouterOS

Obtaining the Software License

Logging into the MikroTik Router

Navigating the Terminal Console

Working with Interfaces
Adding Addresses
Configuring the Default Route
Testing the Network Connectivity

Application Example with Masquerading
Application Example with Bandwidth Management
Application Example with NAT

Accessing the Router Remotely using Web Browser and Java Console
Adding Software Packages
Software Licensing Issues

Downloading and Installing the MikroTik RouterOS

The download and installation process of the MikroTik RouterOS is described in the following diagram:

1. Download the basic installation archive file.

Depending on the desired media to be used for installing the MikroTik RouterOS please chose one of the following archive types for downloading:

ISO image of the installation CD, if you have a CD writer for creating CDs. The ISO image is in the MTcdimage_v2.4_dd-mmm-yyyy.zip archive file containing a bootable CD image. The CD will be used for booting up the dedicated PC and installing the MikroTik RouterOS on its hard-drive or flash-drive.
MikroTik Disk Maker, if you want to create 3.5' installation floppies. The Disk Maker is a self-extracting archive DiskMaker_v2-4_dd-mmm-yyyy.exe file, which should be run on your Win95/98/NT/2K workstation to create the installation floppies. The installation floppies will be used for booting up the dedicated PC and installing the MikroTik RouterOS on its hard-drive or flash-drive.
MikroTik Disk Maker in a set of smaller files, if you have problems downloading one large file.

2. Create the installation media

Use the appropriate installation archive to create the Installation CD or floppies.

For the CD, write the ISO image onto a blank CD.
For the floppies, run the Disk Maker on your Windows workstation to create the installation floppies. Follow the instructions and insert the floppies in your FDD as requested, label them as Disk 1,2,3, etc.

3. Install the MikroTik RouterOS software.

Your dedicated PC router hardware should have:

A 486 or newer Intel compatible motherboard and processor (dual processors are not supported);
24MB or more RAM (32MB suggested);
30MB or more PRIMARY MASTER IDE HDD or IDE flashdrive. Note: The hard disk will be entirely reformatted during the installation and all data on it will be lost!
A network adapter (NE2000 compatible PCI or ISA Ethernet card, or any other supported NIC, see specifications of supported interfaces on our web page);
A SECONDARY MASTER CD drive set as primary boot device, if you want to use the created CD for installing the MikroTik RouterOS onto the primary master HDD;
A 3.5' FDD set as primary boot device, if you want to use the created set of floppies for installing the MikroTik RouterOS;
A monitor and keyboard for installation and initial setup of the MikroTik Router. The monitor and keyboard do not need to be connected to the router after it is set up for connecting to it over the network.

Boot up your dedicated PC router from the Installation Media you created and follow the instructions on the console screen while the HDD is reformatted and MikroTik RouterOS installed on it.

After successful installation please remove the installation media from your CD or floppy disk drive and hit 'Enter' to reboot the router. While the router will be starting up for the first time you will be given a Software ID for your installation and asked to supply a valid software license key (Software Key) for it. Write down the Software ID. You will need it to obtain the Software License through the MikroTik Account Server.

If you need extra time to obtain the Software License Key, you may want to power off the router. Press Ctrl-Alt-Del keys to properly shut down and reboot the router. Power the router off while the BIOS is doing memory check.

Obtaining the Software License

The MikroTik RouterOS Software licensing process is described in the following diagram:

After installing the router and starting it up for the first time you will be given a Software ID.

Write down the Software ID reported by the RouterOS.
If you have an account with MikroTik, follow to the next step.
If you do not have an account at www.mikrotik.com, just press the 'New' button on the upper right-hand corner of the MikroTik's web page to create your account.

You will be presented with the Account Sign-Up Form where you chose your account name and fill in the required information.
To obtain the Software License Key, log on to your account at www.mikrotik.com entering your account name and password (upper right-hand corner on this webpage), for example:
After logging on to the Account Server select "Free Demo License" or "Order Software License" in the Account Menu.
Note! The CD installation cannot be 'unlocked' with the Free Demo Key. Use the Floppy installation, or, purchase the License Key.
The Software Key will be sent to the email address, which has been specified in your account setup.
Read your email and enter the Software Key at the router's console, for example:
```
Software ID: 5T4V-IUT
Software key: 4N7X-UZ8-6SP
```

Instead of entering the license key you can enter 'shutdown' to shut down the router and enter the license key later, or enter 'display' to read the License Agreement, or 'help' to see a help message.

After entering the correct Software License Key you will be presented with the MikroTik Router's login prompt.

Logging into the MikroTik Router

When logging into the router via terminal console, you will be presented with the MikroTik RouterOS login prompt. Use 'admin' and no password (hit 'Enter') for logging on to the router for the first time, for example:

MikroTik v2.4.1
Login: admin
Password:

The password can be changed with the '/password' command.

Navigating the Terminal Console

After logging into the router you will be presented with the MikroTik RouterOS Welcome Screen and command prompt, for example:


  MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

Mikrotik RouterOS v2.4 (c) 1999-2001       http://www.mikrotik.com/
[MikroTik] >

The command prompt shows the identity name of the router and the current menu level, for example:

[MikroTik] >                          Base level menu
[MikroTik] interface>                 Interface configuration
[MikroTik] ip firewall static-nat>    NAT rule management

The list of available commands at any menu level can be obtained by entering the question mark '?', for example:

[MikroTik] > ?
     bridge  Bridge settings
     driver  Driver management
     e-mail  sending e-mail from router
     export  print configuration as set of router commands
       file  Local router file storage.
     import  Run exported configuration script
  interface  Interface configuration
         ip  IP protocol settings
        log  System logs
   password  Change password
       ping  Send ICMP Echo packets
       port  Serial ports
       quit  Quit console
       redo  Redo previosly undone action
    restore  Restore previously backed up configuration
    routing  Routing protocol configuration
      setup  Do basic setup of system
     system  System information and utilities
       tool  Diagnostics tools
       undo  Undo previous action
       user  User management
[MikroTik] > ip ?
      accounting  Traffic accounting
         address  Address management
             arp  ARP entries management
     dhcp-client  DHCP client settings
     dhcp-server  DHCP server settings
             dns  DNS settings
          export  print configuration as set of router commands
        firewall  Firewall management
        neighbor  Neighbor discovery
         packing  IP Packet Packing setup
  policy-routing  Policy routing setup
             ppp  PPP general settings
           queue  Bandwidth management
           route  Route management
         service
[MikroTik] >

The list of available commands and menus has short descriptions next to the items. You can move to the desired menu level by typing its name and hitting the [Enter] key, for example:

[MikroTik]>                      Base level menu
[MikroTik]> driver               Enter 'driver' to move to the driver level menu
[MikroTik] driver> /             Enter '/' to move to the base level menu from any level 
[MikroTik]> interface            Enter 'interface' to move to the interface level menu
[MikroTik] interface> /ip        Enter '/ip' to move to the IP level menu from any level
[MikroTik] ip>

A command or an argument does not need to be completed, if it is not ambiguous. For example, instead of typing 'interface' you can type just 'in' or 'int'. To complete a command use the [Tab] key.

The commands may be invoked from the menu level, where they are located, by typing its name. If the command is in a different menu level than the current one, then the command should be invoked using its full or relative path, for example:

[MikroTik] ip route> print                  Prints the routing table
[MikroTik] ip route> .. address print       Prints teh IP address table           
[MikroTik] ip route> /ip address print      Prints teh IP address table

The commands may have arguments. The arguments have their names and values. Some arguments, that are required, may have no name. Below is a summary on executing the commands and moving between the menu levels:

       Command                               Action
command [Enter]      Execute the command
[?]                  Show the list of all available commands
command [?]          Display help on the command and the list of arguments
command argument [?] Display help on the command's argument
[Tab]                Complete the command/word. If the input is ambiguous, a
                     second  gives possible options
/                    Move up to the base level
/command             Execute the base level command
..                   Move up one level
""                   Enter an empty string
"word1 word2"        Enter 2 words that contain a space

You can abbreviate names of levels, commands and arguments.

For the IP address configuration, instead of using the 'address' and 'netmask' arguments, in most cases you can specify the address together with the number of bits in the network mask, i.e., there is no need to specify the 'netmask' separately. Thus, the following two entries would be equivalent:

/ip address add address 10.0.0.1/24 interface ether1
/ip address add address 10.0.0.1 netmask 255.255.255.0 interface ether1

However, if the netmask argument is not specified, you must specify the size of the network mask in the address argument, even if it is the 32-bit subnet, i.e., use 10.0.0.1/32 for address 10.0.0.1 and netmask 255.255.255.255

Working with Interfaces

Before configuring the IP addresses and routes please check the '/interface' menu to see the list of available interfaces. If you have PCI Ethernet cards installed in the router, it is most likely that the device drivers have been loaded for them automatically, and the relevant interfaces appear on the '/interface print' list, for example:

[MikroTik] interface> print                                                    
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0 X ether1               1500  ether                                         
[MikroTik] interface>

The device drivers for NE2000 compatible ISA cards need to be loaded using the 'add' command under the /drivers menu. For example, to load the driver for a card with IO address 0x280 and IRQ 5, it is enough to issue the command:

[MikroTik] driver> add name=ne2k-isa io=0x280                                       
[MikroTik] driver> print                                                       
Flags: I - invalid, D - dynamic 
  #   DRIVER                            IRQ IO         MEMORY     ISDN-PROTOCOL
  0 D PCI NE2000                                                               
  1   ISA NE2000                            280                                
[MikroTik] driver>

The interfaces need to be enabled, if you want to use them for communications. Use the '/interface enable name' command to enable the interface with a given name, for example:

[MikroTik] interface> print                                                    
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0 X ether1               1500  ether                                         
  1 X ether2               1500  ether                                         
[MikroTik] interface> enable 0                                                  
[MikroTik] interface> enable ether2                                             
[MikroTik] interface> print                                                    
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1500  ether                                         
  1   ether2               1500  ether                                         
[MikroTik] interface>

You can use the number or the name of the interface in the 'enable' command.

The interface name can be changed to a more descriptive one by using the '/interface set' command:

[MikroTik] interface> set 0 name=Public                                            
[MikroTik] interface> set 1 name=Local                                         
[MikroTik] interface> print                                                    
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   Public               1500  ether                                         
  1   Local                1500  ether                                         
[MikroTik] interface>

Use of the 'setup' Command

The initial setup of the router can be done by using the '/setup' command which enables an interface, assigns an address/netmask to it, and configures the default route. If you do not use the setup command, or need to modify/add the settings for addresses and routes, please follow the steps described below.

Adding Addresses

Assume you need to configure the MikroTik router for the following network setup:

Please note that the addresses assigned to different interfaces of the router should belong to different networks. In the current example we use two networks:

The local LAN with network address 192.168.0.0 and 24-bit netmask 255.255.255.0 The router's address is 192.168.0.254 in this network.
The ISP's network with address 10.1.1.0 and 24-bit netmask 255.255.255.0 The router's address is 10.1.1.12 in this network.

The addresses can be added and viewed using the following commands:

[MikroTik] ip address> add address 192.168.0.254/24 interface Local
[MikroTik] ip address> add address 10.1.1.12/24 interface Public
[MikroTik] ip address> print                                                   
Flags: X - disabled, I - invalid, D - dynamic 
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE             
  0   192.168.0.254/24   192.168.0.0     192.168.0.255   Local                 
  1   10.1.1.12/24       10.1.1.0        10.1.1.255      Public                
[MikroTik] ip address>

Here, the network mask has been specified in the value of the address argument. Alternatively, the argument 'netmask' could have been used with the value '255.255.255.0'. The network and broadcast addresses were not specified in the input since they could be calculated automatically.

Configuring the Default Route

You can see two dynamic (D) kernel (K) routes, which have been added automatically when the addresses were added:

[MikroTik] ip route> print                                                     
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE    DST-ADDRESS        NEXTHOP-S... GATEWAY     DISTANCE INTERFACE  
  0 D  connect 192.168.0.0/24     A            0.0.0.0     0        Local      
  1 D  connect 10.1.1.0/24        A            0.0.0.0     0        Public     
[MikroTik] ip route> print detail                                              
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  0 D  dst-address=192.168.0.0/24 gateway=0.0.0.0 nexthop-state=A 
       preferred-source=192.168.0.254 interface=Local distance=0 type=connect 

  1 D  dst-address=10.1.1.0/24 gateway=0.0.0.0 nexthop-state=A 
       preferred-source=10.1.1.12 interface=Public distance=0 type=connect 

[MikroTik] ip route>

These routes show, that IP packets with destination to 10.1.1.0/24 would be sent through the interface Public, whereas IP packets with destination to 192.168.0.0/24 would be sent through the interface Local. However, you need to specify where the router should forward packets, which have destination other than networks connected directly to the router. This is done by adding the default route (destination 0.0.0.0, netmask 0.0.0.0). In this case it is the ISP's gateway 10.1.1.254, which can be reached through the interface Public:

[MikroTik] ip route> add gateway=10.1.1.254       
[MikroTik] ip route> print                                                     
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE    DST-ADDRESS        NEXTHOP-S... GATEWAY     DISTANCE INTERFACE  
  0    static  0.0.0.0/0          A            10.1.1.254  1        Public     
  1 D  connect 192.168.0.0/24     A            0.0.0.0     0        Local      
  2 D  connect 10.1.1.0/24        A            0.0.0.0     0        Public     
[MikroTik] ip route>

Here, the default route is listed under #0. As we see, the gateway 10.1.1.254 can be reached through the interface 'Public'. If the gateway would have been specified incorrectly, the value for the argument 'interface' would be unknown. Note, that you cannot add two routes to the same destination, i.e., destination-address/netmask! It applies to the default routes as well. Instead, you can enter multiple gateways for one destination. For more information on IP routes, please read the relevant topic in the Manual.

If you have added an unwanted static route accidentally, use the 'remove' command to delete the unneeded one. Do not remove the dynamic (D) routes! They are added automatically and should not be deleted 'by hand'. If you happen to, then reboot the router, the route will show up again.

Testing the Network Connectivity

From now on, the '/ping' command can be used to test the network connectivity on both interfaces. You can reach any host on both connected networks from the router:

[MikroTik] ip address> /ping 10.1.1.17
10.1.1.17 pong: ttl=255 time<1 ms
10.1.1.17 pong: ttl=255 time<1 ms
10.1.1.17 pong: ttl=255 time<1 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
interrupted
[MikroTik] ip address> /ping 192.168.0.1
192.168.0.1 pong: ttl=255 time<1 ms
192.168.0.1 pong: ttl=255 time<1 ms
192.168.0.1 pong: ttl=255 time<1 ms
ping interrupted
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0/0.0/0 ms
interrupted
[MikroTik] ip address>

The workstation and the laptop can reach (ping) the router at its local address 192.168.0.254, whereas the server can reach the router at its local address 10.1.1.12. The router's address 192.168.0.254 should be specified as the default gateway in the TCP/IP configuration of both the workstation and the laptop. Then you should be able to ping the router's address 10.1.1.12, which is on the ISP's network:

C:\>ping 10.1.1.12
Pinging 10.1.1.12 with 32 bytes of data:
Reply from 10.1.1.12: bytes=32 time<10ms TTL=255
Reply from 10.1.1.12: bytes=32 time<10ms TTL=255
Reply from 10.1.1.12: bytes=32 time<10ms TTL=255
C:\>

However, you cannot ping the workstation and laptop from the server, unless you do the following:

Add a static route on the ISP's gateway, which specifies the host 10.1.1.12 as the gateway to network 192.168.0.0/24. Then all hosts on the ISP's network, including the server, will be able to communicate with the hosts on the LAN.
Alternatively, specify the address 10.1.1.12 as the default gateway for the server. Then the server will forward packets with destination other than 10.1.1.0/24 to the MikroTik router.

It is required that you have some knowledge of configuring TCP/IP networks. There is a comprehensive list of IP resources compiled by Uri Raz at http://www.private.org.il/tcpip_rl.html We strongly recommend that you obtain more knowledge, if you have difficulties configuring your network setups.

Next will be discussed situation with 'hiding' the private LAN 192.168.0.0/24 'behind' one address 10.1.1.12 given to you by the ISP.

Application Example with Masquerading

If you want to 'hide' the private LAN 192.168.0.0/24 'behind' one address 10.1.1.12 given to you by the ISP, you should use the masquerading function of the MikroTik router. Masquerading is useful, if you want to access the ISP's network and the Internet appearing as all requests coming from the host 10.1.1.12 of the ISP's network. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.1.1.12 of the router, when the packet is routed through it.

Masquerading helps to ensure security since each outgoing or incoming request must go through a translation process that also offers the opportunity to qualify or authenticate the request or match it to a previous request. Masquerading also conserves the number of global IP addresses required and it lets the whole network use a single IP address in its communication with the world.

To use masquerading, a firewall rule with action 'masq' should be added to the forward chain of the router's firewall configuration:

[MikroTik] ip firewall rule forward>
add action=masq interface=Public src-address=192.168.0.0/24 
[MikroTik] ip firewall rule forward>                                           
Flags: X - disabled, I - invalid 
  0   protocol=all src-address=192.168.0.0/24:0-65535 
      dst-address=0.0.0.0/0:0-65535 interface=Public action=masq 
      tcp-options=all log=no 

[MikroTik] ip firewall rule forward>

Please consult the Firewall Manual for more information on masquerading.

Application Example with Bandwidth Management

Assume you want to limit the bandwidth to 128kbps on downloads and 64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by applying queues for outgoing interfaces regarding the traffic flow. It is enough to add two queues at the MikroTik router:

[MikroTik] ip queue>
add interface Local queue red limit-at 128000 max-burst 0 bounded yes
add interface Public queue red limit-at 64000 max-burst 0 bounded yes
[MikroTik] ip queue> print                                                     
Flags: X - disabled, I - invalid 
  0   src-address=0.0.0.0/0:0-65535 dst-address=0.0.0.0/0:0-65535 
      protocol=all queue=red limit-at=128000 max-burst=0 bounded=yes priority=8 
      weight=1 allot=1538 bfifo-limit=10000 pfifo-limit=100 red-limit=60 
      red-min-threshold=10 red-max-threshold=50 red-burst=20 interface=Local 

  1   src-address=0.0.0.0/0:0-65535 dst-address=0.0.0.0/0:0-65535 
      protocol=all queue=red limit-at=64000 max-burst=0 bounded=yes priority=8 
      weight=1 allot=1538 bfifo-limit=10000 pfifo-limit=100 red-limit=60 
      red-min-threshold=10 red-max-threshold=50 red-burst=20 interface=Public 

[MikroTik] ip queue>

Leave all other parameters as set by default. The limit is approximately 128kbps going to the LAN and 64kbps leaving the client's LAN. No burst of the packets is allowed. Please note, that the queues have been added for the outgoing interfaces regarding the traffic flow.

Please consult the Queues Manual for more information on bandwidth management and queuing.

Application Example with NAT

Assume we have moved the server in our previous examples from the public network to our local one:

The server's address now is 192.168.0.17, and we are running web server on it that listens to the TCP port 80. We want to make it accessible from the Internet at address:port 10.1.1.12:80. This can be done by means of Static Network Address translation (NAT) at the MikroTik Router. The Public address:port 10.1.1.12:80 will be translated to the Local address:port 192.168.0.17:80. Two static NAT rules are required for translating the address:port - one for the incoming packets, and one for the outgoing packets:

[MikroTik]> ip firewall static-nat
[MikroTik] ip firewall static-nat>
add interface Public translate yes direction in protocol tcp \
    dst-address 10.1.1.12/32:80 to-dst-address 192.168.0.17/32:80
add interface Public translate yes direction out protocol tcp \
    src-address 192.168.0.17/32:80 to-src-address 10.1.1.12/32:80
[MikroTik] ip firewall static-nat>                                             
Flags: X - disabled, I - invalid 
  0   interface=Public src-address=0.0.0.0/0:0-65535 dst-address=10.1.1.12/32:80 
      protocol=tcp to-src-address=0.0.0.0/0:0 to-dst-address=192.168.0.17/32:80 
      translate=yes direction=in 

  1   interface=Public src-address=192.168.0.17/32:80 dst-address=0.0.0.0/0:0-65535 
      protocol=tcp to-src-address=10.1.1.12/32:80 to-dst-address=0.0.0.0/0:0 
      translate=yes direction=out 

[MikroTik] ip firewall static-nat>

Since we use masquerading for the Local network 192.168.0.0/24 (see the Application Example above), we should exclude masquerading for the server's address 192.168.0.17 and TCP port 80 by adding a rule with action 'accept' to the forward chain. After adding the rule, it should be moved before the masquerading rule:

[MikroTik]> ip firewall rule forward
[MikroTik] ip firewall rule forward>
add src-address 192.168.0.17/32:80 protocol tcp interface Public 
[MikroTik] ip firewall rule forward>                                           
Flags: X - disabled, I - invalid 
  0   protocol=all src-address=192.168.0.0/24:0-65535 
      dst-address=0.0.0.0/0:0-65535 interface=Public action=masq 
      tcp-options=all log=no 

  1   protocol=tcp src-address=192.168.0.17/32:80 
      dst-address=0.0.0.0/0:0-65535 interface=Public action=accept 
      tcp-options=all log=no 

[MikroTik] ip firewall rule forward> move 1 0                                     
[MikroTik] ip firewall rule forward> print                                     
Flags: X - disabled, I - invalid 
  0   protocol=tcp src-address=192.168.0.17/32:80 
      dst-address=0.0.0.0/0:0-65535 interface=Public action=accept 
      tcp-options=all log=no 

  1   protocol=all src-address=192.168.0.0/24:0-65535 
      dst-address=0.0.0.0/0:0-65535 interface=Public action=masq 
      tcp-options=all log=no 

[MikroTik] ip firewall rule forward>

Please consult the Static NAT Manual for more information on NAT.

Accessing the Router Remotely using Web Browser and Java Console

The MikroTik router can be accessed remotely using

the telnet protocol, for example, using the telnet client of your Windows or Unix workstation. Working with the telnet console is the same as working with the monitor and keyboard attached to the router locally.
the ftp for uploading the software upgrade packages or retrieving the exported configuration files.
the http and Java Console, for example, using the web browser of your workstation.

To use the Java Console, you will need IE5.0 or Netscape 4.0 or higher with Java Runtime Environment (JRE) 1.2 or higher installed. Please download the JRE and install it on your workstation to enable the Java Console access. When connecting to the MikroTik router via http, the router's Welcome Page is displayed in the web browser, for example:

By clicking on the Java Console icon you can open the Java console with the login window. Use the username and password to log on to the router, for example:

After logging on to the router you can work with the MikroTik router's configuration through the Java console and perform the same tasks as using the regular console:

You can use the menu bar to navigate through the router's configuration menus, open configuration windows. By double clicking on some list items in the windows you can open configuration windows for the specific items, and so on. Please consult the MikroTik RouterOS Manual for more detailed description of using the Java console.

Adding Software Packages

The basic installation comes with only the "system" package and few other packages. This includes basic IP routing and router administration. To have additional features such as IP Telephony, OSPF, wireless, and so on, you will need to download additional software packages.

The additional software packages should have the same version as the system package. If not, the packege wont be installed. Please consult the MikroTik RouterOS Software Package Installation and Upgrading Manual for more detailed information about installing additional software packages.

Software Licensing Issues

If you want to upgrade to a 'paid' version of your MikroTik RouterOS installation, please purchase the new Software License KEY for the Software ID you used when getting the 'free' demo license. Similarly, if additional license is required to enable the functionality of a software package, the license should be obtained for the Software ID of your system. The new key should be entered using the /system license set key command, and the router should be rebooted afterwards:

[MikroTik] system license> print                                               
      software-id: TPNG-SXN
              key: 2C6A-YUE-3H2
    upgradable-to: may/01/2002
[MikroTik] system license> feature print                                       
Flags: X - disabled 
  #   FEATURE                                                                  
  0 X AP                                                                       
  1 X synchronous                                                              
  2 X radiolan                                                                 
  3 X wireless-2.4gHz                                                          
  4   licensed                                                                 
[MikroTik] system license> set key=D45G-IJ6-QM3                                
[MikroTik] system license> /system reboot
Reboot, yes? [y/N]: y
system will reboot shortly

If there is no appropriate license, the appropriate interfaces wont show up under the interface list, even though the packages can be installed on the MikroTik RouterOS and corresponding drivers loaded.

MikroTik RouterOS V2.4 Terminal Console Manual

Document revision 21-Jan-2002
This document applies to the MikroTik RouterOS v2.4

Overview

The Terminal Console is used for accessing the MikroTik Router configuration and management features using text terminals, i.e., remote terminal clients, as well as local monitor and keyboard. The Terminal Console is used for writing scripts. This manual describes the general console operation principles. Please consult the Scripting Manual on how to write scripts.

Contents of the Manual

The following topics are covered in this manual:

Overview of Common Functions
General Layout of Command Levels

Overview of Common Functions

The console allows configuration of the router settings using text commands. The command structure is similar to the Unix shell. Since there's a whole lot of available commands, they're split into hierarchy. For example, all (well, almost all) commands that work with routes start with "ip route":

[drax]> ip route print
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE        DST-ADDRESS        NEXTHOP... GATEWAY    DISTANCE INTERFACE 
  0    ;;; test multihop route
       static      0.0.0.0/0          A          10.0.0.1   1        ether2    
                                      I          1.1.1.1             (unknown) 
  1 D  connect     10.0.0.0/24        A          0.0.0.0    0        ether2    
  2 D  connect     7.7.7.0/24         A          0.0.0.0    0        tunl        
[drax]> ip route set 0 gateway=10.0.0.1
[drax]> ip route print
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE        DST-ADDRESS        NEXTHOP... GATEWAY    DISTANCE INTERFACE 
  0    ;;; test multihop route
       static      0.0.0.0/0          A          10.0.0.1   1        ether2    
  1 D  connect     10.0.0.0/24        A          0.0.0.0    0        ether2    
  2 D  connect     7.7.7.0/24         A          0.0.0.0    0        tunl

Instead of typing "ip route" before each command, "ip route" can be typed once to "change into" that particular branch of command hierarchy. Thus, the example above could also be executed like this:

[drax]> ip route
[drax] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE        DST-ADDRESS        NEXTHOP... GATEWAY    DISTANCE INTERFACE 
  0    ;;; test multihop route
       static      0.0.0.0/0          A          10.0.0.1   1        ether2    
  1 D  connect     10.0.0.0/24        A          0.0.0.0    0        ether2    
  2 D  connect     7.7.7.0/24         A          0.0.0.0    0        tunl        

...etc

Notice that prompt changes to show where in the command hierarchy you are located at the moment. To change to top level, type "/"

[drax] ip route> /
[drax]>

To move up one command level, type ".."

[drax] ip route> ..
[drax] ip>

You can also use "/" and ".." to execute commands from other levels without changing the current level:

[drax] ip route> /ping 10.0.0.10
timeout: ping reply not recieved after 1000 mss
timeout: ping reply not recieved after 1000 mss
2 packets transmitted, 0 packets received, 100% packet loss

Or alternatively, to go back to the base level you could use the ".." twice:

[drax] ip route> .. .. ping 10.0.0.10
10.0.0.10 pong: ttl=128 time=1 ms
10.0.0.10 pong: ttl=128 time<1 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0/0.5/1 ms
[drax] ip route>

Lists

Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similarly looking lists. All items in the list have an item number followed by its parameter values. For example:

[drax]> interface print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0 X ether1               1500  ether                                         
  1   ether2               1500  ether                                         
  2 X pptp-in1                   pptp-in                                       
  3   tunl                 1500  eoip-tunnel

To change parameters of an item (interface settings in this particular case), you have to specify it's number to the "set" command:

[drax]> interface set 1 mtu=1460
[drax]> interface print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0 X ether1               1500  ether                                         
  1   ether2               1460  ether                                         
  2 X pptp-in1                   pptp-in                                       
  3   tunl                 1500  eoip-tunnel

Numbers are assigned by "print" command and are not constant - it is possible that two successive "print" commands will order items differently. Thus, you must use the print command before any other command that works with list items, to assign numbers.

Note: Although numbers can change each time you use the "print" command, they don't change between these uses. Once assigned, they will remain the same until you quit the console or until the next "print" command is executed. Also, numbers are assigned separately for every item list, so "ip address print" won't change numbers for interface list.

Let's assume "ip address print" hasn't been executed already. In this case:

[drax]> ip address set 1 netmask=255.255.0.0
ERROR: item numbers not assigned

Console is telling that there has been no "ip address print" command, and thus, it cannot know which address number 1 corresponds to.

To understand better how do item numbers work, you can play with "from" argument of "print" commands:

[drax]> interface print from=1
  #   NAME                 MTU   TYPE                                          
  0   ether2               1460  ether

The "from" argument specifies what items to show. Numbers are assigned by every "print" command, thus, after executing command above there will be only one item accessible by number - interface "ether2" by number 0.

Item names

Some lists have items that have specific names assigned to each. Examples are "interface" or "user" levels. There you can use item names instead of numbers:

[drax]> interface set ether2 mtu 1500

You don't have to use the "print" command before accessing items by name. As opposed to numbers, names are not assigned by the console internally, but are one of the items' parameters. Thus, they won't change on their own. However, there are all kinds of obscure situations possible when several users are changing router configuration at the same time. Generally, item names are more "stable" than numbers, and also more informative, so you should prefer them to numbers when writing console scripts. Also, [tab] completions work on item names, making them easy to type.

Quick Typing

There are two features in router console that help entering commands much quicker and easier - the [Tab] key completions, and abbreviations of command names. Completions work similarly to the bash shell in UNIX. If you press the [Tab] key after part of a word, console tries to find the command in current context that begins with this word. If there's only one match, it is automatically appended, followed by space character:

/inte_ becomes /interface _

Here, "_" is the cursor position.

If there's more than one match, but they all have a common beginning, which is longer than that what you have typed, then the word is completed to this common part, and no space is appended:

/interface set e_

becomes

/interface set ether_ 

because "e" matches both "ether5" and "ether1" in this example)

If you've typed just the common part, pressing the tab key once has no effect. However, pressing it for the second time shows all possible completions in compact form:

[drax]> /interface set e_
[drax]> /interface set ether_
[drax]> /interface set ether
ether1 ether5
[drax]> /interface set ether_

The tab key can be used almost in any context where the console might have a clue about possible values - command names, argument names, arguments that have only several possible values (like names of items in some lists or name of protocol in firewall and NAT rules). You can't complete numbers, IP addresses and similar values.

New in V2.4: It is now possible to complete not only beginning, but also any distinctive substring of name. When is pressed, console builds list of all possible words that can be entered at current cursor position. It then looks for words that begin with string immediately before cursor. If there is more that one match, then second key will display them in a compact table form. If there's a single match, then it is completed at cursor position. Otherwise, console starts to look for words that have string being completed as first letters of a multiple word name, or that simply contain letters of this string in the same order. If single such word is found, it is completed at cursor position. For example:

[drax]> /interface x_
[drax]> /interface export _

"x" is completed to "export", because no other word in this context contains 'x'.

[drax]> /interface mt_
[drax]> /interface monitor-traffic _

No word begins with letters "mt", but it is an abbreviation of "monitor-traffic".

Another way to press fewer keys while typing is to abbreviate command and argument names. You can type only beginning of command name, and, if it is not ambiguous, console will accept it as a full name. So typing:

[drax]> ip f st r 1

equals to typing:

[drax]> ip firewall static-nat remove 1

and:

[drax]> pi 10.1 c 3 s 100

equals to:

[drax]> ping 10.0.0.1 count 3 size 100

Help

The console has a built-in help, which can be accessed by typing '?'. General rule is that help shows what you can type in position where the '?' was pressed (similarly to pressing tab key twice, but in verbose form and with explanations).

Internal item numbers

Items can also be addressed by their internal numbers. These numbers are generated by console for scripting purposes and, as the name implies, are used internally. Although you can see them if you print return values of some commands (internal numbers look like hex number preceded by '*' - for example "*100A"), there's no reason for you to type them in manually. Use of invalid internal numbers can result in severe injury of your router configuration.

Multiple items

You can specify multiple items as targets of some commands. Almost everywhere, where you can write the number of items, you can also write a list of numbers:

[drax]> interface print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1500  ether                                         
  1   ether2               1500  ether                                         
[drax]> interface set "0 1" mtu=1600
[drax]> interface print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1600  ether                                         
  1   ether2               1600  ether

Note: In the example above, "0 1" could be substituted with "0,1". Lists can be entered either whitespace separated, in quotes, or comma separated. In later case quotes are not required.

This is handy when you want to perform same action on several items, or do a selective export. However, this feature becomes really useful when combined with scripting.

Return values

The router console has limited scripting capability. The syntax is simple and similar to TCL. The commands "find" and "get" can be found in many command levels. These commands do not print anything on screen, but create return values that can be used by other console commands. The "find" command creates a return value that contains internal numbers of all items that match parameters of the "find" command. This return value can be used in another command, by placing "find" in square brackets:

[drax]> interface
[drax] interface> print from=[find name=ether2]
  #   NAME                 MTU   TYPE
  0   ether2               1600  ether
[drax] interface> set 0 mtu 1460
[drax] interface> print from=[find mtu=1460]
  #   NAME                 MTU   TYPE
  0   ether2               1460  ether

If you don't give "find" any arguments, it returns internal numbers of all items:

[drax] interface> set [find] mtu=1500
[drax] interface> print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1500  ether                                         
  1   ether2               1500  ether

You can see the return value of "find" command (and other router commands) using ":put" command:

[drax] interface> :put [find]
*1 *2

These are internal numbers of all router interfaces. Also, there's a trailing space after last number, so you can concatenate results of several "find" commands:

[drax] interface> print from [find][find]
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1500  ether                                         
  1   ether2               1500  ether                                         
  3   ether1               1500  ether                                         
  4   ether2               1500  ether

The "get" command allows to access item values that can be seen with "print" command from scripts. It takes two arguments - item number and name of property:

[drax] interface> :put [get 0 name]
ether1

Item numbers cannot be used in scripts, instead use item names or result of "find" command:

[drax] interface> :put [get ether2 type]
ether

Time Setting

In the console time can be entered in various ways. You can use either hours:minutes:seconds form, or a number followed by:

If there is no number before the letters, it will be one unit. You also can use numbers with decimal point. Multiple time intervals can be written consequently - they will be summed.

Variables

The console has variables that can store string values. Assigning such a variable is done by ":set" command:

[drax]> :set var1 J.Random.String

If the value is assigned to a non-existing variable, then the variable is created, otherwise current value is replaced. To access the value of variable, you have to type "$" followed by the name of the variable, and it will be replaced by the value of the variable:

[drax]> :put $var1
J.Random.String
[drax]> :put $var1-$var1-yo-ho-ho-$var1
J.Random.String-J.Random.String-yo-ho-ho-J.Random.String

Magic Variable

The magic variable is the "^" (caret). It contains the return value of the last executed command. Not all commands set this value. Commands like "print" or "telnet" don't have any meaningful way to define return value, so they don't modify it. "add" returns internal number of new item. It is used in some export scripts:

[bainug] interface> /ip route 
[bainug] ip route> export 
/ ip route 
add dst-address=0.0.0.0/0 gateway=10.0.0.1,1.1.1.1 prefered-source=0.0.0.0 
comment $^ "test multihop route"
enable $^

This script could also be rewritten so that it does not use "^" variable, at the expense of clarity:

/ ip route
set item [add dst-address=0.0.0.0/0 gateway=10.0.0.1,1.1.1.1 \
    prefered-source=0.0.0.0]
comment $item "test multihop route"
enable $item

General Layout of Command Levels

There are two different kinds of command levels. First, there are levels that allow you to work with lists of similar items - routes, interfaces, users and the like. Second, there are levels that allow you to change some general parameters - time, bridge settings etc.

Most command groups have some or all of these commands: print, set remove, add, find, get, export, enable, disable, comment. These commands have similar behavior in all hierarchy.

print

The "print" command shows all information that's accessible from particular command level. Thus, "/system clock print" shows system date and time, "/ip route print" shows all routes etc. If there's a list of items in this level and they are not read-only, i.e. you can change/remove them (example of read-only item list is "/system history", which shows history of executed actions), then "print" command also assigns numbers that are used by all commands that operate on items in this list. Thus, "print" usually must be executed before any other commands in the same command level.

If there's list of items then "print" usually can have a "from" argument. The "from" argument accepts space separated list of item numbers, names (if items have them), and internal numbers. The action (printing) is performed on all items in this list in the same order in which they're given.

Output can be formatted either as a table, with one item per line, or as a list with "property=value" pairs for each item. By default "print" uses one of these forms, but it can be set explicitly with "brief" and "detail" arguments. In "brief" (table) form, "columns" argument can be set to a list of property names that should be shown in the table. The "without-paging" argument suppresses prompting after each screen of output.

set

The "set" command allows you to change values of general parameters or item parameters. The "set" command has arguments with names corresponding to values you can change. Use "?" or double tab to see list of all arguments. If there is list of items in this command level, then set has one unnamed argument that accepts the number of item (or list of numbers) you wish to set up. Values for unnamed arguments must follow right after the name of the command, and their order can't be changed. Example: in firewall rules, the "set" command has two unnamed arguments - first is the name of chain and second is the number of rule in this chain. "set" returns internal numbers of items it has set up.

remove

The "remove" command has one unnamed argument, which contains number(s) of item(s) to remove.

add

The "add" command usually has the same arguments as "set", minus the unnamed number argument. It adds new item with values you've specified, usually to the end of list (in places where order is relevant). There are some values that you have to supply (like interface for new route), and other values that are set to defaults if you don't supply them. The "add" command returns internal number of item it has added.

New in 2.4: You can create a copy of an existing item by using "copy-from" argument. It takes default values of new item's properties from another item. If you don't want exact copy, you can specify new values for some properties. When copying items that have names, you will usually have to give new name to a copy.

find

The "find" command has the same arguments as "set", and an additional "from" argument which works like the "from" argument with the "print" command. The "find" command returns internal numbers of all items that have the same values of arguments as specified.

export

The "export" command prints a script that can be used to restore configuration. If it has the argument "from", then it is possible to export only specified items. Also, if the "from" argument is given, "export" does not descend recursively through the command hierarchy. The "export" command also has the argument "file", which allows you to save the script in file on router to retrieve it later via ftp. Argument "noresolve" is used to disable reverse resolving of IP addresses if it proves to be problem.

enable/disable

You can enable/disable some items (like ip address or default route). If an item is disabled, it is marked with the "X" flag. If an item is invalid, but not disabled, it is marked with the "I" flag:

[MikroTik] ip route>                                                           
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE        DST-ADDRESS        NEXTHOP... GATEWAY    DISTANCE INTERFACE 
  0    static      0.0.0.0/0          A          10.0.0.1   1        ether1    
  1 X  static      192.168.0.0/16     I          159.148... 1        (unknown) 
  2 I  static      10.1.1.0/24        I          10.0.1.3   1        (unknown) 
  3 D  connect     159.148.24.0/24    A          0.0.0.0    0        ether1    
  4 D  connect     10.0.0.0/24        A          0.0.0.0    0        ether1    
[MikroTik] ip route>

comment

You can add comments to some items. If the item is commented, comments are shown next to the item number before all parameters and prefixed with ";;;":

[Main_GW] ip route> print                                                          
Flags: X - disabled, I - invalid, D - dynamic, R - rejected 
  #    TYPE        DST-ADDRESS        NEXTHOP... GATEWAY    DISTANCE INTERFACE 
  0    ;;; our default gateway
       static      0.0.0.0/0          A          192.168... 1        ispnet    
  1    ;;; to-pptp-client in the branch office
       static      192.168.223.55/32  A          192.168... 1        ispnet    
  3 D  ospf        159.148.36.0/24    A          10.1.0.2   110      rlan      
  4 D  connect     192.168.248.128/25 A          0.0.0.0    0        ispnet    
...

MikroTik RouterOS V2.4 Java Console Manual

Document revision 25-Sep-2001
This document applies to the V2.4 of the MikroTik RouterOS

Overview

The Java Console is used for accessing the MikroTik Router configuration and management features using graphical user interface. To access the MikroTik RouterOS Java Console, you will need IE5.0 or Netscape 4.0 or higher with Java 2 Runtime Environment (JRE) plugin installed. Please download the JRE v1.2 or higher and install it on your workstation to enable the Java Console access.

This manual describes the general Java console operation principles.

Contents of the Manual

The following topics are covered in this manual:

Overview of Common Functions
Troubleshooting for Java Console

Overview of Common Functions

When connecting to the MikroTik router via http (TCP port 80), the router's Welcome Page is displayed in the web browser, for example:

By clicking on the Java Console icon you can open the Java console with the login window. Use the username and password to log on to the router, for example:

The Java Console uses TCP port 3986. After logging on to the router you can work with the MikroTik router's configuration through the Java console and perform the same tasks as using the regular console:

There are some hints for using the Java Console:

To open the required window, simply click on the corresponding menu item.
To add a new entry you should click on the icon in the corresponding window.
To remove an existing entry click on the icon.
To enable an item, click on the icon.
To disable an item, click on the icon.
To make or edit a comment for a selected item, click on the icon.
To refresh the window, click on the icon.
To undo an action, click on the icon above the main menu.
To redo an action, click on the icon above the main menu.
To logout from the Java Console, click on the icon.

Troubleshooting for Java Console

I cannot open the Java box
The MikroTik Java console requires the Java2 web browser plug-in. You may download this from http://java.sun.com/j2se/1.3/. Java2 supports Windows 95/98/NT & Solaris & Linux.
I have installed Java2 and the MikroTik Java console still does not work.
Run the "Java Plug-in Control Panel" from the "Programs" pull-down menu (standard windows "Program" menu):
- In "Java Plug-in Control Panel" window, under the "Basic" tab, select "Enable Java Plug-in." Under the "Advanced" tab, select "JRE 1.2 in ..." and make sure the path is correct.
- In "Proxies" window, make sure that you are not using a proxy.
I still cannot open the Java Console
The Java Console uses TCP port 3986. Make sure you have access to it through the firewall.

© Copyright 1999-2001, MikroTik MikroTik RouterOS V2.4 Software Package Installation and Upgrading Document revision 10-Oct-2001
This document applies to the MikroTik RouterOS V2.4

MikroTik RouterOS V2.4 Software Package Installation and Upgrading

Overview

The MikroTik RouterOS consists of a formatted HDD specific to our installation and of software packages. The main package is the system software package, which provides the basic functionality of the router. Additional software packages can be installed that provide special support, e.g., PPPoE, PPTP, PPP, wireless, etc.

Features

The modular software package system of MikroTik RouterOS has following features:

Ability to add RouterOS functions by installing additional software packages
Optimal usage of the storage space by the modular/compressed system
The software packages can be uninstalled
The RouterOS functions and software can be easily upgraded
Multiple packages can be installed at once
The package dependency is checked before installing a software package. The package wont be installed, if the required software package is missing
The version of the software package should be the same as that of the system package
The packages are stored on the router using ftp and installed only when the router is going for shutdown during the reboot process of the router.
If the software package file can be uploaded to the router, then the disk space is sufficient for installation of the package

Contents of the Manual

The following sections are included in this Manual:

Software Upgrade Instructions

Software Package Installation Instructions

Contents of the Software Packages

Software Package Resource Usage

Troubleshooting

Software Upgrade Instructions

Upgrading of the MikroTik RouterOS can be done by uploading the newer version software packages to the router and rebooting it. Before upgrading the router please check the current version of the system software and of the additional software packages. The version of the MikroTik RouterOS system software (and the build number) are shown before the console login prompt, for example:

MikroTik v2.4rc19
Login:

Information about the version (and build) numbers of the installed MikroTik RouterOS software packages can be obtained using the /system package print command, for example:

[MikroTik] > system package print                                              
  # NAME                   VERSION               BUILD-TIME           UNINSTALL
  0 routing                2.4rc19               sep/10/2001 12:58:27 no       
  1 ppp                    2.4rc19               sep/10/2001 12:58:36 no       
  2 pptp                   2.4rc19               sep/10/2001 12:59:07 no       
  3 system                 2.4rc19               sep/10/2001 12:58:09 no       
  4 ssh                    2.4rc19               sep/10/2001 12:59:28 no       
[MikroTik] >

The list shows the number, name, version, and build time of the installed software packages. If the functions provided by a software package are not required for the router implementation, the package can be marked for uninstalling at the next shutdown/reboot of the router. Use the /system package set command to mark the packages for uninstallation:

[MikroTik] > system package set 0 uninstall=yes                                
[MikroTik] > system package print                                              
  # NAME                   VERSION               BUILD-TIME           UNINSTALL
  0 routing                2.4rc19               sep/10/2001 12:58:27 yes      
  1 ppp                    2.4rc19               sep/10/2001 12:58:36 no       
  2 pptp                   2.4rc19               sep/10/2001 12:59:07 no       
  3 system                 2.4rc19               sep/10/2001 12:58:09 no       
  4 ssh                    2.4rc19               sep/10/2001 12:59:28 no       
[MikroTik] >

If a package is marked for uninstallation, but it is required for another (dependent) package, then the marked package cannot be uninstalled. For example, the ppp package wont be uninstalled, if the pptp package is installed. You should uninstall the depended package too. For package dependencies see the section about contents of the software packages below. The system package wont be uninstalled even if marked for uninstallation.

Software Package Installation Instructions

The software package files are compressed binary files, which can be downloaded from MikroTik's web page www.mikrotik.com Download section. The full name of the package file consists of a descriptive name, version number, and file extension '.npk'. For example, 'system-2.4.npk', 'ppp-2.4.npk'. 'pppoe-2.4.npk', etc. To install (upgrade) newer version of the MikroTik RouterOS system software please follow the upgrade instructions below:

Check the availability of free HDD space on the router using the /system resource print command:
```
[MikroTik] > /system resource print                                            
           uptime: 11d23h58m50s
     total-memory: 30856
      free-memory: 7368
         cpu-type: Intel
    cpu-frequency: 233
        hdd-total: 30362
         hdd-free: 10295
[MikroTik] > 
```
Note! If there is not enough free disk space for storing the upgrade packages, disk space can be freed up by uninstalling some software packages, which provide functionality not required for your needs.
If the free disk space is sufficient for storing the upgrade packages, connect to the router using ftp. Use user name and password of a user with full access privileges.
Select the BINARY mode file transfer.
Upload the software package files to the router and disconnect.
View the information about the uploaded software packages using the /file print command.
Reboot the router by issuing the /system reboot command or by pressing Ctrl-Alt-Del keys at the router's console.

Example output of the /file print command:

[MikroTik] > /file print                                                       
  # NAME                  SIZE       TYPE                  TIME                
  0 ssh_host_key.pub      332        unknown               feb/14/2001 15:10:19
  1 ssh_host_dsa_key.pub  603        unknown               feb/14/2001 15:10:35
  2 ppp-2.4.npk           314563     package               sep/25/2001 11:39:14
  3 pppoe-2.4.npk         125822     package               sep/25/2001 11:39:14
  4 pptp-2.4.npk          113055     package               sep/25/2001 11:39:15
  5 ssh-2.4.npk           462380     package               sep/25/2001 11:39:16
  6 system-2.4.npk        6566535    package               sep/25/2001 11:39:28
[MikroTik] >

The installation/upgrade process is shown on the console screen (monitor) attached to the router. After successful installation the software packages are shown on the output list of the /system package print command, for example:

[MikroTik] > system package print                                              
  # NAME                   VERSION               BUILD-TIME           UNINSTALL
  0 ppp                    2.4                   sep/24/2001 03:37:21 no       
  1 pptp                   2.4                   sep/24/2001 03:38:03 no       
  2 ssh                    2.4                   sep/24/2001 03:43:19 no       
  3 system                 2.4                   sep/24/2001 03:33:17 no       
  4 pppoe                  2.4                   sep/24/2001 03:39:04 no       
[MikroTik] >

Note! The versions of packages should match the version number of the system software package.

Automatic Software Package Upgrading

The automatic upgrade option of the MikroTik RouterOS software packages can be accessed under the /system package auto-update menu. The option is not functional and cannot be used yet.

Contents of the Software Packages

System Software Package

The system software package provides the basic functionality of the MikroTik RouterOS, namely:

IP address, ARP, static IP routing, policy routing, firewall (packet filtering, masquerading, and static NAT), IP traffic accounting, DHCP server and client, MikroTik Neighbour Discovery, IP Packet Packing, queuing (traffic shaping), DNS settings, IP service (servers)
Ethernet interfaces
IP over IP tunnel interfaces (IPIP)
Ethernet over IP tunnel interfaces (EoIP)
driver management for Ethernet ISA cards
serial port management
local user management
export and import of router configuration scripts
backup and restore of the router's configuration
e-mail setup
undo and redo of configuration changes
network diagnostics tools (ping, traceroute, floodping, bandwidth tester, traffic monitor, and network monitor)
bridge configuration
system resource management
package management
telnet client
local or remote logging facility

After installing the MikroTik RouterOS, a license should be obtained from MikroTik to enable the basic system functionality.

Additional Software Feature Packages

The table below shows additional software feature packages, the provided functionality, the required prerequisites and additional licenses, if any.

Name	Contents	Prerequisites	Additional License
routing	Provides RIP & OSPF support	-	-
snmp	Provides read only SNMP support	-	-
ssh	Provides remote access via SSH	-	-
lcd	Provides LCD monitor support	-	-
ups	Provides APC Smart Mode UPS support	-	-
ppp	Provides asynchronous PPP support	-	-
pptp	Provides PPTP support	ppp	-
pppoe	Provides PPPoE support	ppp	-
isdn	Provides support for ISDN	ppp	-
telephony	Provides IP telephony support (H.323) for Quicknet cards	-	-
framerelay	Provides support for frame relay (used with Moxa C101 or Cyclades PC300 interfaces	-	-
moxa-c101	Provides support for Moxa C101 synchronous card	-	synchronous
lmc-wan	Provides support for LMC synchronous cards	-	synchronous
cyclades	Provides support for PC300 synchronous interfaces	-	synchronous
aironet	Provides support for CISCO Aironet IEEE 802.11 wireless PC/PCI/ISA cards	-	2.4GHz wireless
arlan	Provides support for DSSS 2.4GHz 2mbps Aironet ISA cards	-	2.4GHz wireless
wavelan	Provides support for Lucent WaveLAN IEEE 802.11 wireless cards	-	2.4GHz wireless
teletronics	Provides support for Teletronics IEEE 802.11 2Mbps wireless cards	-	2.4GHz wireless
radiolan	Provides support for 5.8GHz RadioLAN ISA cards	-	radiolan
prism	Provides support for Prism II chipset based IEEE 802.11 wireless cards as clients or as access points	-	2.4GHz wireless (station mode); 2.4GHz wireless and Prism II AP (AP mode)
thinrouter-pcipc	Used for Thin Routers. Forces the PCI to cardbus bridge to use IRQ 11	-	-

If additional license is required to enable the functionality of a software package, the license should be obtained for the Software ID of your system. The new key should be entered using the /system license set key command, and the router should be rebooted afterwards:

[MikroTik] system license> print                                               
      software-id: TPNG-SXN
              key: 2C6A-YUE-3H2
    upgradable-to: may/01/2002
[MikroTik] system license> feature print                                       
Flags: X - disabled 
  #   FEATURE                                                                  
  0 X AP                                                                       
  1 X synchronous                                                              
  2 X radiolan                                                                 
  3 X wireless-2.4gHz                                                          
  4   licensed                                                                 
[MikroTik] system license> set key=D45G-IJ6-QM3                                
[MikroTik] system license> /system reboot
Reboot, yes? [y/N]: y
system will reboot shortly

Software Package Resource Usage

The following table shows the required resources of HDD storage and RAM for the various software packages. The total required storage space can be calculated by adding the together the required storage of all installed packages including the system software package.

Name Memory (RAM) usage, MB Storage (HDD) usage, MB

system 16.5 16.0

routing 0.6 1.2

snmp 0.6 0.5

ssh 1.0 1.2

lcd 0.4 0.1

ups 0.5 0.2

ppp 2.0 0.8

pptp 1.3 0.3

pppoe 1.2 0.4

isdn 2.4 1.0

telephony 4.8 4.5

framerelay 0.1 0.1

moxa-c101 0.8 0.1

lmc-wan 0.8 0.1

cyclades 0.8 0.1

aironet 1.1 0.2

arlan 0.8 0.1

wavelan 1.1 0.1

teletronics 0.8 0.1

radiolan 0.8 0.2

prism 1.3 0.5

thinrouter-pcipc 1.0 0.01

Name	Memory (RAM) usage, MB	Storage (HDD) usage, MB
system	16.5	16.0
routing	0.6	1.2
snmp	0.6	0.5
ssh	1.0	1.2
lcd	0.4	0.1
ups	0.5	0.2
ppp	2.0	0.8
pptp	1.3	0.3
pppoe	1.2	0.4
isdn	2.4	1.0
telephony	4.8	4.5
framerelay	0.1	0.1
moxa-c101	0.8	0.1
lmc-wan	0.8	0.1
cyclades	0.8	0.1
aironet	1.1	0.2
arlan	0.8	0.1
wavelan	1.1	0.1
teletronics	0.8	0.1
radiolan	0.8	0.2
prism	1.3	0.5
thinrouter-pcipc	1.0	0.01

Troubleshooting

After upgrading to V2.4 the router requires entering the Software ID.
If you have a purchased the license, and your license period has not expired, please send your current Software ID to key-support@mikrotik.com We will issue you a new Software KEY, which needs to be entered prior upgrading to V2.4
I have Free Demo license for V2.3 of MikroTik RouterOS, and I want to upgrade to V2.4 You will need to obtain a new demo license after the upgrade, or purchase the license. It can be done prior the upgrade.
Not enough space to upgrade the system package.
Uninstall some packages not in use.
The system package does not install because of incorrect version.
Use system package version that is greater than the currently installed one.
Additional packages do not install because of incorrect version of the system package.
Upgrade the system package first, then install the additional packages. The packages should be of the same version as your system package.
The package file is corrupted after upload.
Use BINARY mode for file transfer.
The package has been successfully installed and the driver loaded, but there is no interface in the interface list
Obtain the required license to enable the functionality of provided by the software package.
The package files have been uploaded to the router, but they have not been installed.
Reboot the router!
The version 2.2.x has been upgraded to the version 2.3.y, but the connection to the router was lost after the reboot. The interfaces are disabled and they do not have the previously specified names. Also, the IP addresses, routes, filtering rules have interface -UNKNOWN-.
Using the console (monitor and keyboard attached to the router), specify new names for the interfaces, enable them, and specify interfaces for IP addresses, routes and filters.
The version 2.2.x has been upgraded to the version 2.4.y, but the connection to the router was lost after the reboot. The configuration has been lost.
Using the console (monitor and keyboard attached to the router), restore the configuration.

Top

MikroTik RouterOS V2.4 SSH Installation and Usage

Document revision 01-Oct-2001
This document applies to the MikroTik RouterOS V2.4

Overview

The SSH feature can be used with various SSH Telnet clients to securely connect to and administrate the router.

The MikroTik RouterOS supports:

SSH 1.3, 1.5, and 2.0 protocol standards
server functions for secure administration of the router
telnet session termination with 40 bit RSA SSH encryption is supported
secure ftp is not supported

The MikroTik RouterOS v2.4 has been tested with the following SSH telnet terminals:

PuTTY
Secure CRT
Most SSH compatible telnet clients

Contents of the Manual

The following topics are covered in this manual:

Installation
Hardware Resource Usage
Suggested Windows Client Setup
Suggested UNIX/Linux Client Setup

Installation

The 'ssh-2.4.x.npk' (less than 1MB) package for installation of SSH is required. The package can be downloaded from MikroTik’s web page www.mikrotik.com. To install the package, please upload it to the router with ftp and reboot. No additional settings are required. You may check to see if the SSH package is installed with the command:

[MikroTik] > system package print
  # NAME                   VERSION               BUILD-TIME           UNINSTALL
  0 aironet                2.4                   sep/25/2001 05:08:05 no
  1 pptp                   2.4                   sep/25/2001 05:06:44 no
  2 ppp                    2.4                   sep/25/2001 05:06:35 no
  3 pppoe                  2.4                   sep/25/2001 05:06:45 no
  4 ssh                    2.4                   sep/25/2001 05:08:11 no
  5 routing                2.4                   sep/25/2001 05:06:07 no
  6 snmp                   2.4                   sep/25/2001 05:06:09 no
  7 moxa-c101              2.4                   sep/25/2001 05:08:08 no
  8 framerelay             2.4                   sep/25/2001 05:08:56 no
  9 system                 2.4                   sep/25/2001 05:05:48 no
[MikroTik] >

Line 4 shows that the SSH package is installed.

Hardware Resource Usage

The uncompressed package will use approximately 1MB of additional Flash/HD IDE memory. A minimum amount of additional RAM is used. No hardware upgrades are suggested.

Suggested Windows Client Setup

PuTTY is a free Windows (all Windows) SSH client which needs no complex installation. It is one .exe file which can be downloaded and run.

Download this program from the MikroTik utilities download page or http://www.chiark.greenend.org.uk/~sgtatham/putty.html (suggested for the most recent program version).

Simple instructions:

After downloading, run the program,
Set the connection type to SSH,
On the first connection to the router a Security Alert will notify that the server’s host is not in the registry. Answer 'YES' to trust this server.
The normal router login will not be display. Instead, 'login as:' and 'name@xxx.xxx.xxx.xxx’s password:' will appear.

Suggested UNIX/Linux Client Setup

No client installation is needed on all standard Linux distributions. The command: ssh –l [username] [router address] will initiate a connection.

Additional Resources

Links for Windows Client:

http://www.zip.com.au/~roca/ttssh.html
http://www.chiark.greenend.org.uk/~sgtatham/putty.html
http://www.massconfusion.com/ssh/
http://telneat.lipetsk.ru/
http://support.jgaa.com/?cmd=ShowArticle&ID=11
http://akson.sgh.waw.pl/~chopin/ssh/index_en.html
http://cs.mscd.edu/MSSH/index.html
http://www.networksimplicity.com/openssh/

MikroTik RouterOS V2.4 Scripting Manual

Document revision 21-Mar-2002
This document applies to the MikroTik RouterOS V2.4

Overview

Scripting gives the administrator a way to execute console commands by writing a script for the router which is executed on the basis of time or events that can be monitored on the router. Some examples of uses of scripting could be: setting bandwidth settings according to time. In RouterOS v2.4, a script may be started in three ways. A script may be started according to a specific time or an interval of time. A script may also be started on an event - for example, if the netwatch tool sees that an address does not respond to pings. Also, a script may be started by another script.

To write a script, the writer must learn all of the console commands described in the relevant documentation. Scripts may be written for the System Scheduler, the Traffic Monitoring Tool, and for the Netwatch Tool.

Note: RouterOS v2.5 will have additional scripting functions to better enable the reporting or monitored variable as well as a delay function.

Contents of the Manual

The following topics are covered in this manual:

System Scheduler
Traffic Monitoring Tool
Network Watching Tool

System Scheduler

The sheduler is used to execute scripts at certain times. It has an ordered list of scripts; each script has following properties:

Descriptions of settings:

name - useful for disabling or changing properties of this item from other scripts
start-time and start-date - time and date of first execution
interval - interval between two script executions, if time "interval" is set to zero, the script is only executed at it's start time, otherwise it is executed repeatedly at the time interval specified
run-count - to monitor script usage, this counter is incremented each time the script is executed, it can be reset to zero.
script - the script itself

Here is a simple script that logs "kuku" every hour sharp:

[mountain] system scheduler> add name=x interval=1h script={:log message=kuku}
[mountain] system scheduler> print 
Flags: X - disabled 
  0   name=x start-time=00:00:00 start-date=jan/01/1970 interval=1h run-count=0 
      script=:log message=kuku 

[mountain] system scheduler>

Here are two scripts that will change the bandwidth setting of a queue rule. Everyday at 9AM the queue will be set to 64Kb/s and at 5PM the queue will be set to 128Kb/s.

/system scheduler add interval=24h name="set-64k" start-time=9:00:00 script={
    /ip queue set [/ip queue find dst-address=1.2.3.0/24:0-65535]
        limit-at=64000
}

/system scheduler add interval=24h name="set-128k" start-time=21:00:00 script={
    /ip queue set [/ip queue find dst-address=1.2.3.0/24:0-65535]
        limit-at=128000
}

The following console command schedules script that sends each week backup of router configuration by e-mail.

/system scheduler add interval=7d name="email-backup" script={
    /system backup save name=email
    /e-mail send to="madmin@1.2.3.4" \
        subject=[/system identity get name]" backup" \
        file=email.backup
}

If more than one script has to be executed at one time, they are executed in the order they appear in the scheduler configuration. This can be important if, for example, one scheduled script is used to disable another. The order of scripts can be changed with "move" command.

If a more complex execution pattern is needed, it can usually be done by scheduling several scripts, and making them enable and disable each other. Example below will put 'x' in logs each hour from midnight till noon:

[mountain] system scheduler> print 
Flags: X - disabled 
  0   name=x-up start-time=00:00:00 start-date=jan/01/1970 interval=24h
      run-count=1 script=/system scheduler enable x
  1 X name=x start-time=00:00:00 start-date=jan/01/1970 interval=1h run-count=3 
      script=:log message=x
  2   name=x-down start-time=12:00:00 start-date=jan/01/1970 interval=24h
      run-count=0 script=/system scheduler disable x

Traffic Monitoring Tool

The traffic monitor tool is used to execute console scripts on when interface traffic crosses some given thresholds.

Each item in traffic monitor list consists of it's name (which is useful if you want to disable or change properties of this item from another script), some parameters specifying traffic condition and the script to execute when this condition is met.

[MikroTik] tool traffic-monitor> print 
Flags: X - disabled, I - invalid 
  0   name=e2warm interface=ether2 threshold=15000 trigger=above
      traffic=received script=...

  1   name=e2cold interface=ether2 threshold=12000 trigger=below 
      traffic=transmitted script=...

Descriptions of arguments:

name - Name of traffic monitor item.
interface - Interface to monitor.
threshold - Traffic threshold, in bits per second.
trigger - ( above / always / below ) Condition on which to execute script.
traffic - ( transmitted / received ) Type of traffic to monitor.
script - Script source.

You should specify the interface on which to monitor the traffic, the type of traffic to monitor (transmitted or received), the threshold (bits per second). The script is started, when traffic exceeds the threshold in direction given by the "trigger" argument. "above" means that script will be run each time traffic exceeds the threshold, i.e. goes from being less than threshold to being more than threshold value. "below" triggers script in the opposite condition, when traffic drops under the threshold. "always" triggers script on both "above" and "below" conditions.

Traffic Monitor Examples

[MikroTik] tool traffic-monitor > add name=turn_on interface=ether1 threshold=15000\
           script={/interface enable ether2} trigger=above traffic=received
[MikroTik] tool traffic-monitor > add name=turn_off interface=ether1 threshold=12000\
           script={/interface disable ether2} trigger=below traffic=received

The example monitor enables the interface ether2, if the received traffic exceeds 15kbps on ether1, and disables the interface ether2, if the received traffic falls below 12kbps on ether1.

Network Watching Tool

Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. Here's an example configuration.

[bainug] tool netwatch> print 
Flags: X - disabled 
  #   HOST            TIMEOUT              INTERVAL             STATUS 
  0 X 10.0.0.17       998ms                2s                   unknown

Scripts are not displayed by default, to see them type "detail" after "print" command.

[bainug] tool netwatch> print detail 
Flags: X - disabled 
  0 X host=10.0.0.17 timeout=998ms interval=10s since=apr/1/2001 13:38:54 
      status=unknown up-script=/ip route set [/ip route find dst \
                              0.0.0.0] gateway 10.0.0.17
      
      down-script=/ip route set [/ip route find dst 0.0.0.0] gateway 10.0.0.255

This line (when enabled) will ping 10.0.0.17 every 10 seconds, and if nothing comes back, it will change status to "down". If some pings do return, status will change to "up".

Without scripts, netwatch can be used just as an information tool, to see which links are up, or which specific host are running at the moment. The "since" field shows last time when state of host has changed.

The main advantage of netwatch is ability to issue arbitrary console commands on host state changes. Let's look at the example above - it changes default route if gateway becomes unreachable. How it's done?

There are two scripts. The "up-script" is executed once when status of host changes to "up". In our case, it's equivalent to entering this console command:

[bainug] tool netwatch> /ip route set [/ip route find dst 0.0.0.0] gateway 10.0.0.17

The "/ip route find dst 0.0.0.0" command returns list of all routes whose "dst-address" value is zero. Usually that's the default route. It is substituted as first argument to "/ip route set" command, which changes gateway of this route to 10.0.0.17

The second script is executed once when status of host becomes "down". It does the following:

[bainug] tool netwatch> /ip route set [/ip route find dst 0.0.0.0] gateway 10.0.0.255

ie. it restores default gateway if 10.0.0.17 address has become unreachable. Here's another example, that sends email notification whenever the 10.3.15.7 host goes down:

[avots] tool netwatch> print detail 
Flags: X - disabled 
  0   host=10.3.15.7 timeout=999ms interval=20s since=sep/27/2001 13:55:04 
      status=up up-script=""
      down-script=/e-mail send from="router@vieta.lv" server=\
                 "159.144.25.102" body="Router down" subject="Router at \
                 second floor is down" to="admin@vieta.lv"

Monitors hosts by pinging IP addresses. Following values can be configured for each list entry:

Descriptions of settings:

host - IP address of host that should be monitored
interval - Time between pings. Lowering this will make state changes more responsive, but can create unnecessary traffic and consume system resources.
timeout - Timeout for each ping. If no reply from host is received in this time, host is considered unreachable ("down").
up-script - Console script that is executed once when state of host changes from "unknown" or "down" to "up".
down-script - Console script that is executed once when state of host changes from "unknown" or "up" to "down".

In addition, following value is available with "print" command:

since - Time when state of host changed last time.

To see values of "up-script", "down-script" or "since" use "print detail" command form.

State of host changes to "unknown" when any properties of this list entry are changed, or it is enabled or disabled. Also, any entry that is added has state "unknown" initially.

Value of host IP address is available in both "up-script" and "down-script" scripts as value of variable "host". This variable is available only while the script is running, and it's values are not remembered or shared between multiple script executions.

MikroTik RouterOS V2.4 Device Driver Management

Document revision 25-Sep-2001
This document applies to the MikroTik RouterOS V2.4

Overview

Device drivers represent the software interface part of installed network devices. For example, the MikroTik RouterOS includes device drivers for NE2000 compatible Ethernet cards and other network devices. Device drivers are included in the system software package and in the additional feature packages.

The device drivers for PCI and PC cards are loaded automatically. Other network interface cards (most ISA and ISDN PCI cards) require the device drivers loaded manually by using the /driver add command.

Users cannot add their own device drivers. Only drivers included in the Mikrotik RouterOS software packages can be used. If you need a device driver for a device, which is not supported by the MikroTik RouterOS, please suggest it at our suggestion page on our web site.

Contents of the Manual

The following topics are covered in this manual:

Loading Device Drivers
Removing Device Drivers
List of Drivers
Troubleshooting

Loading Device Drivers

The drivers for PCI cards (except the ISDN cards) are loaded automatically at the system startup. Use the /driver print command to see the list of loaded drivers:

[MikroTik] driver> print                                                       
Flags: I - invalid, D - dynamic 
  #   DRIVER                            IRQ IO         MEMORY     ISDN-PROTOCOL
  0 D RealTek RTL8129/8139                                                     
[MikroTik] driver>

As we see, the driver for the Realtek PCI card has been loaded automatically.

If the driver required to be loaded, use the /driver add command. The syntax of the command is:

[MikroTik] driver> add ?                                                        
Load driver name [irq IRQ] [io IO range start] [mem shared memory]. 

  copy-from  Item number
         io  IO port base address
        irq  IRQ number
     memory  Shared Memory base address
       name  Driver name
[MikroTik] driver>

If hexadecimal values are used for the arguments, put 0x before the number. To see the list of available drivers, enter the /driver add name ? command:

[MikroTik] driver> add name=?
Name of driver to load. 

     3c509  3com 3c509 ISA
  ne2k-isa  ISA NE2000
[MikroTik] driver> add name=ne2k-isa io 0x280                                  
[MikroTik] driver> print                                                       
Flags: I - invalid, D - dynamic 
  #   DRIVER                            IRQ IO         MEMORY     ISDN-PROTOCOL
  0 D RealTek RTL8129/8139                                                     
  1   ISA NE2000                            280                                
[MikroTik] driver>

To see the system resources occupied by the devices, use the '/system resource io print' and '/system resource irq print' commands:

[MikroTik] system resource> irq print                                          
 IRQ USED OWNER                                                                 
 1   yes  keyboard                                                              
 2   yes  APIC                                                                  
 3   no                                                                         
 4   yes  serial port                                                           
 5   no                                                                         
 6   no                                                                         
 7   no                                                                         
 8   no                                                                         
 9   no                                                                         
 10  yes  Public                                                                
 11  yes  Local                                                                 
 12  no                                                                         
 13  yes  FPU                                                                   
 14  yes  IDE 1                                                                 
 15  yes  PCMCIA service                                                        
[MikroTik] system resource> io print                                           
 PORT-RANGE            OWNER                                                    
 20-3F                 APIC                                                     
 40-5F                 timer                                                    
 60-6F                 keyboard                                                 
 80-8F                 DMA                                                      
 A0-BF                 APIC                                                     
 C0-DF                 DMA                                                      
 F0-FF                 FPU                                                      
 1F0-1F7               IDE 1                                                    
 2F8-2FF               serial port                                              
 3C0-3DF               VGA                                                      
 3E0-3E1               PCMCIA service                                           
 3F6-3F6               IDE 1                                                    
 3F8-3FF               serial port                                              
 4000-4007             IDE 1                                                    
 4008-400F             IDE 2                                                    
 6300-631F             Local                                                    
 6700-67FF             Public                                                   
[MikroTik] system resource>

Note, that the resource list shows only the interfaces, if they are enabled!

Removing Device Drivers

Use the '/driver remove' command to remove device drivers. Unloading of device driver is useful when changing network devices - this can be useful to save system resources in avoiding loading drivers for devices, which have been removed from the system. Device driver needs to be removed and loaded again, if some parameter (memory range, i/o base address) has been changed for the adapter card. The device drivers can be removed only if the appropriate interface has been disabled.

List of Drivers

The list of device drivers included in the system software package is given below:

ISA Drivers

Drivers for ISA cards should be loaded manually.

ne2k-isa
Load the driver by specifying the I/O base address. IRQ is not required.
Driver is suitable for most of the NE2000 compatible ISA cards.
3c509
Load the driver by specifying the I/O base address. IRQ is not required.
Driver is suitable for 3COM 509 Series ISA cards.

PCI Drivers

Drivers for PCI cards are loaded automatically, if the relevant interface card is installed, and it does not have hardware conflicts. The list of PCI drivers is below:

ne2k-pci
Driver is suitable for the Ethernet cards with RealTek RTL-8029 chip:
RealTek RTL-8029
Winbond 89C940
Compex RL2000
KTI ET32P2
NetVin NV5000SC
Via 86C926
SureCom NE34
Winbond
Holtek HT80232
Holtek HT80229
3c95x
(3Com 3c590/3c900 series Vortex/Boomerang driver)
This device driver is designed for the 3Com FastEtherLink and FastEtherLink XL, 3Com's PCI to 10/100baseT adapters. It also works with the 10Mbs versions of the FastEtherLink cards. The supported product IDs are:
3c590, 3c592, 3c595, 3c597, 3c900, 3c905
3c590 Vortex 10Mbps
3c595 Vortex 100baseTx
3c595 Vortex 100baseT4
3c595 Vortex 100base-MII
3Com Vortex
3c900 Boomerang 10baseT
3c900 Boomerang 10Mbps Combo
3c900 Cyclone 10Mbps Combo
3c900B-FL Cyclone 10base-FL
3c905 Boomerang 100baseTx
3c905 Boomerang 100baseT4
3c905B Cyclone 100baseTx
3c905B Cyclone 10/100/BNC
3c905B-FX Cyclone 100baseFx
3c905C Tornado
3c980 Cyclone
3cSOHO100-TX Hurricane
3c555 Laptop Hurricane
3c575 Boomerang CardBus
3CCFE575 Cyclone CardBus
3CCFE656 Cyclone CardBus
3c575 series CardBus (unknown version)
3Com Boomerang (unknown version)
eepro100
(Intel i82557/i82558 PCI EtherExpressPro driver)
This device driver is designed for the Intel i82557 "Speedo3" chip, Intel's single-chip fast Ethernet controller for PCI, as used on the IntelEtherExpressPro 100 adapter.
tulip
This device driver is designed for the DECchip "Tulip", Digital's single-chip ethernet controllers for PCI. Supported members of the family are the 21040, 21041, 21140, 21140A, 21142, and 21143. Similar work-alike chips from Lite-On, Macronics, ASIX, Compex and other listed below are also supported:
Interfaces: Digital DC21040 Tulip
Digital DC21041 Tulip
Digital DS21140 Tulip
Digital DS21143 Tulip
D-Link DFE 570TX
Lite-On 82c168 PNIC
Macronix 98713 PMAC
Macronix 98715 PMAC
Macronix 98725 PMAC
ASIX AX88140
Lite-On LC82C115 PNIC-II
ADMtek AN981 Comet
Compex RL100-TX
Intel 21145 Tulip
Xircom Tulip clone
rtl8139
This device driver is designed for the RealTek RTL8129, the RealTek Fast Ethernet controllers for PCI. This chip is used on a few clone boards:
RealTek RTL8129 Fast Ethernet
RealTek RTL8139 Fast Ethernet
SMC1211TX EZCard 10/100 (RealTek RTL8139)
Accton MPX5030 (RealTek RTL8139)
winbond-840
This driver is for the Winbond w89c840 chip:
Winbond W89c840
Compex RL100-ATX

For the list of drivers included in additional feature software packages, please see the manual of the relevant software package.

Troubleshooting

Driver for a PCI or PC card does not load automatically.
Check for a possible IRQ or IO conflict with other devices.
The driver cannot be found on the system.
Upload the required software package containing the required drivers and reboot the router.
I have loaded the driver, but the interface does not show up.
Obtain the required software license to enable the functionality of the interface.

MikroTik RouterOS V2.4 Bridge Management

Document revision 03-Oct-2001
This document applies to the MikroTik RouterOS V2.4

Overview

MAC level bridging of Ethernet packets is supported. The router has one internal bridging table. Interfaces can be included or excluded. Ethernet, Ethernet over IP (EoIP), and RadioLAN interfaces are supported. All 802.11b client wireless interfaces (ad-hoc or infrastructure) do not support this because of the limits of 802.11b – it is possible to bridge over them using the Ethernet over IP protocol (please see documentation on EoIP).

Features include:

Spanning Tree Protocol (STP)
Bridge enabled or disabled on a per interface basis
Protocol can be selected to be forwarded or discarded
MAC address table can be monitored in real time
IP address assignment for router access

Contents of the Manual

The following topics are covered in this manual:

Installation
Hardware Resource Usage
Bridge Setup
Bridge Monitoring

Installation

The bridge feature is included in the 'system' package. No installation is needed for this feature.

Hardware Resource Usage

When Bridge is enabled, it uses a small amount of memory. No increase of memory is suggested.

Bridge Setup

IP bridge management can be accessed under the /bridge menu:

[MikroTik] bridge> ?
Configure interfaces that are used for bridge forwarding, protocols that will
be forwarded and look at bridge forwarding table.

     export  print configuration as set of router commands
        get  get value of property
       host  Bridge forwarding table
  interface  Interfaces used for bridging
      print  print settings
        set  change settings
[MikroTik] bridge> print
           ip: discard
          ipx: discard
    appletalk: discard
         ipv6: discard
          arp: discard
        other: discard
     priority: 1
[MikroTik] bridge>

Assume we want to enable bridging between two Ethernet LAN segments and have the MikroTik router be the default gateway for them:

When configuring the MikroTik router for bridging you should do the following:

Configure the bridge settings
Configure the bridge interfaces for bridging
Enable the bridge interface
Assign an IP address to the bridge interface, if needed

When configuring the bridge settings, each protocol that should be forwarded should be set to 'forward'. The 'other' protocol includes all protocols not listed before:

[MikroTik] bridge> set ip=forward arp=forward other=forward
[MikroTik] bridge> print
           ip: forward
          ipx: discard
    appletalk: discard
         ipv6: discard
          arp: forward
        other: forward
     priority: 1
[MikroTik] bridge>

The priority argument is used by the Spanning Tree Protocol to determine, which port remains enabled if two ports form a loop.

Next, each interface that should be included in the bridging table should be set to 'forward=yes':

[MikroTik] bridge interface> print
  # INTERFACE                                                           FORWARD
  0 ether2                                                              no
  1 ether1                                                              no
[MikroTik] bridge interface> set 0 forward=yes
[MikroTik] bridge interface> set 1 forward=yes
[MikroTik] bridge interface> print
  # INTERFACE                                                           FORWARD
  0 ether2                                                              yes
  1 ether1                                                              yes
[MikroTik] bridge interface>

After setting some interface for bridging, a bridge interface is added to the router's interfaces table. You should enable the interface in order to start using it:

[MikroTik] bridge interface> /interface
[MikroTik] interface> print
Flags: X - disabled, D - dynamic
  #   NAME                 MTU   TYPE
  0   ether2               1500  ether
  1   ether1               1500  ether
  2   wavelan1             1500  wavelan
  3 X pppoe-out1           1492  pppoe-out
  4 X bridge1              1500  bridge
[MikroTik] interface> enable bridge1
[MikroTik] interface> print
Flags: X - disabled, D - dynamic
  #   NAME                 MTU   TYPE
  0   ether2               1500  ether
  1   ether1               1500  ether
  2   wavelan1             1500  wavelan
  3 X pppoe-out1           1492  pppoe-out
  4   bridge1              1500  bridge
[MikroTik] interface> bridge print
Flags: X - disabled
  #   NAME                 MAC-ADDRESS
  0   bridge1              FE:FD:08:00:9A:CB
[MikroTik] interface>

If you want to access the router through unnumbered bridged interfaces, it is required to add an IP address to the 'bridge' interface:

[MikroTik] ip address> add address=192.168.0.254/24 interface=bridge1
[MikroTik] ip address> add address=10.1.1.12/24 interface=wavelan1
[MikroTik] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
  #   ADDRESS            NETWORK         BROADCAST       INTERFACE
  0   192.168.0.254/24   192.168.0.0     192.168.0.255   bridge1
  1   10.1.1.12/24       10.1.1.0        10.1.1.255      wavelan1
[MikroTik] ip address>

The hosts on LAN segments #1 and #2 should use IP addresses from the same network 192.168.0.0/24 and have the default gateway set to 192.168.0.254 (MikroTik router).

Bridge Monitoring

The bridge can be monitored in real time. The bridging table shows the MAC address of hosts, interface which can forward packets to the host, and the age of the information shown in seconds:

[MikroTik] bridge host> print
 MAC-ADDRESS       ON-INTERFACE                                       AGE
 00:00:40:11:A1:8D ether1                                             1831
 00:00:40:11:A1:8A ether1                                             1651
 00:00:39:E2:35:39 ether2                                             7
 00:00:40:11:A1:89 ether2                                             1591
 00:00:40:11:A1:8B ether1                                             1711
 00:00:40:11:A1:8C ether1                                             1771
[MikroTik] bridge host>

MikroTik RouterOS V2.4 Ethernet Interfaces

Document revision 05-Oct-2001
This document applies to the MikroTik RouterOS V2.4

Overview

MikroTik RouterOS supports the following types of Ethernet Network Interface Cards:

Most NE2000 compatible ISA and PCI cards
3com 3c509 ISA cards
Intel Pro Gigabit PCI cards

The complete list of supported Ethernet NICs can be found in the Device Driver Management Manual.

Contents of the Manual

The following topics are covered in this manual:

Ethernet Adapter Hardware and Software Installation
Ethernet Interface Configuration

Ethernet Adapter Hardware and Software Installation

Software Packages

The drivers for Ethernet NICs are included in the 'system' package. No installation of other packages is needed.

Software License

The license for Ethernet NICs is included in the Basic License. No additional license is needed.

System Resource Usage

Before installing the Ethernet adapter, please check the availability of free IRQ's and I/O base addresses:

[MikroTik] > system resource irq print                                         
 IRQ USED OWNER                                                                 
 1   yes  keyboard                                                              
 2   yes  APIC                                                                  
 3   no                                                                         
 4   yes  serial port                                                           
 5   yes  PCMCIA service                                                        
 6   no                                                                         
 7   no                                                                         
 8   no                                                                         
 9   no                                                                         
 10  yes  [e1000]                                                               
 11  yes  ether3                                                                
 12  yes  ether1                                                                
 13  yes  FPU                                                                   
 14  yes  IDE 1                                                                 
[MikroTik] > system resource io print                                          
 PORT-RANGE            OWNER                                                    
 20-3F                 APIC                                                     
 40-5F                 timer                                                    
 60-6F                 keyboard                                                 
 80-8F                 DMA                                                      
 A0-BF                 APIC                                                     
 C0-DF                 DMA                                                      
 F0-FF                 FPU                                                      
 1F0-1F7               IDE 1                                                    
 2F8-2FF               serial port                                              
 3C0-3DF               VGA                                                      
 3F6-3F6               IDE 1                                                    
 3F8-3FF               serial port                                              
 9400-94FF             ether1                                                   
 F000-F007             IDE 1                                                    
 F008-F00F             IDE 2                                                    
[MikroTik] >

Loading the Driver

PCI adapters do not require a 'manual' driver loading, since they are recognized automatically by the system and the driver is loaded at the system startup.

ISA adapters require the driver to be loaded by issuing the following command:

[MikroTik] driver> add name=ne2k-isa io=0x300                                       
[MikroTik] driver> print                                                       
Flags: I - invalid, D - dynamic 
  #   DRIVER                            IRQ IO         MEMORY     ISDN-PROTOCOL
  0 D RealTek RTL8129/8139                                                     
  1 D NationalSemiconductors 83820                                             
  2 D Intel PRO 1000 Server Adaper                                             
  3   ISA NE2000                            0x300
[MikroTik] driver>

There can be several reasons for a failure to load the driver:

The driver cannot be loaded because other device uses the requested IRQ.
Try to free up the required IRQ, or get a different card.
The requested I/O base address cannot be used on your motherboard.
Get another motherboard.

Ethernet Interface Configuration

If the driver has been loaded successfully (no error messages), then the Ethernet interface should appear under the interfaces list with the name etherX, where X is 1,2,... You can change the interface name to a more descriptive one using the 'set' command. To enable the interface, use the 'enable' command:

[MikroTik] interface > print
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0 X ether1               1500  ether                                         
  1   ether2               1500  ether                                         
  2 X ether3               1500  ether                                         
[MikroTik] interface> enable 0                                                  
[MikroTik] interface> enable ether3                                             
[MikroTik] interface> print                                                    
Flags: X - disabled, D - dynamic 
  #   NAME                 MTU   TYPE                                          
  0   ether1               1500  ether                                         
  1   ether2               1500  ether                                         
  2   ether3               1500  ether                                         
[MikroTik] interface>

You can monitor the traffic passing through any interface using the /interface monitor command:

[MikroTik] interface> monitor-traffic ether2                                   
    received-packets-per-second: 271       
      received-bytes-per-second: 148.4kbps 
        sent-packets-per-second: 600       
          sent-bytes-per-second: 6.72Mbps  

[MikroTik] interface>

For some Ethernet NICs it is possible to blink the LEDs for 10s. Type /interface ethernet blink ether1 and watch the NICs to see the one which has blinking LED.

For some Ethernet NICs it is possible to monitor the Ethernet status:

[MikroTik] interface ethernet> monitor ether3
              status: no-link  
    auto-negotiation: disabled 
                rate: 100Mbit  
          fullduplex: yes      

[MikroTik] interface ethernet> monitor ether1                                  
              status: no-link    
    auto-negotiation: incomplete 

[MikroTik] interface ethernet> monitor ether2                                  
              status: unknown 

[MikroTik] interface ethernet>

Please see the IP Address manual on how to add IP addresses to the interfaces.

MikroTik RouterOS V2.4 IP over IP (IPIP) Tunnel Interface

Document revision 21-Nov-2001
This document applies to the MikroTik RouterOS V2.4

Overview

The IPIP tunneling implementation on the MikroTik RouterOS is RFC 2003 compliant. IPIP tunnel is a simple protocol that encapsulates IP packets in IP to make a tunnel between two routers. The IPIP tunnel interface appears as an interface under the interfaces list. Many routers, incl

MikroTik RouterOS™ V2.4 Reference Manual

Basic Software Reference

Software Technical Reference and Application Examples

MikroTik RouterOS V2.4 Basic Setup Guide

Downloading and Installing the MikroTik RouterOS

1. Download the basic installation archive file.

2. Create the installation media

3. Install the MikroTik RouterOS software.

Use of the 'setup' Command

Adding Addresses

MikroTik RouterOS V2.4 Terminal Console Manual

Overview

Contents of the Manual

Lists

Item names

Quick Typing

Help

Internal item numbers

Multiple items

Return values

Time Setting

Variables

Magic Variable

MikroTik RouterOS V2.4 Java Console Manual

Overview

Contents of the Manual

Overview of Common Functions

MikroTik RouterOS V2.4 Software Package Installation and Upgrading

Overview

Features

Contents of the Manual

Automatic Software Package Upgrading

Contents of the Software Packages

System Software Package

Additional Software Feature Packages

MikroTik RouterOS V2.4 SSH Installation and Usage

Overview

Contents of the Manual

Installation

Suggested Windows Client Setup

Additional Resources

Links for Windows Client:

Other links:

MikroTik RouterOS V2.4 Scripting Manual

Overview

Contents of the Manual

System Scheduler

Traffic Monitoring Tool

Traffic Monitor Examples

MikroTik RouterOS V2.4 Device Driver Management

Overview

Contents of the Manual

Loading Device Drivers

ISA Drivers

PCI Drivers

MikroTik RouterOS V2.4 Bridge Management

Overview

Contents of the Manual

Installation

Hardware Resource Usage

Bridge Setup

MikroTik RouterOS V2.4 Ethernet Interfaces

Overview

Contents of the Manual

Ethernet Adapter Hardware and Software Installation

Software Packages

Software License

System Resource Usage

Loading the Driver

MikroTik RouterOS V2.4 IP over IP (IPIP) Tunnel Interface

Overview