Household dumbframes on Mikrotik: the butt will increase the manual adjustment. Setting up CAPsMAN on MikroTik (seamless roaming) Hardware implementation Mikrotik wAP
The number of childless annexes grows rapidly, continuously advancing up to the throughput capacity of the netting and pokrittya.
On the market, at once, there is enough solution for the establishment of the great childless hedge like in a small private booth, as well as a great Zamysky cottage, repairing with Luma, Eero, and ending.
One solution is based on the simplicity of adjusting and at a high price; More and more about Mikrotik products, as we see the miraculous days of high hopes, great functionality, and a whole lot of democratic benefits. At the same hour, Mikrotik will be folded in a smart way for a large number of household corystoids, which will increase the level of input and strongly intertwine with the real fixation of systems on the basis of Mikrotik in household sinks.
Unimportant to digest descriptions, once you have set up Mikrotik, you can forget about it in the month and in the rock. The possession of Mikrotik is very efficient and can be done more without rewiring, for a very important hour and nerves.
Within the framework of the publication, it will be shown that it is possible to set up and set up on the basis of Mikrotik over the edge of a large apartment without a mouth for a great apartment, a private office or a small office with a small office.
Vibir router
A router (model RB960PGS) is used to extend a highly productive grid. The presence of the SFP slot allows you to connect to the Internet provider for additional optics, as well as to equip 5 gigabyte interfaces.
As far as SFP is concerned, you can connect to the Internet for an additional RJ-45 hedgehog interface, which also accepts PoE In. Reshta 4 interface accepts PoE Out, which allows powering from them to a number of access points, but not more than 4.
On a practical level, it’s practical to choose to use and provide a net, for that one more port of demand will be seen for a local net, at once our ordered PoE will have 3 ports of PoE, which is enough for a private weekday of mid-rise.
It is possible to transfer home victories - before the expansion of the wire fence, be it a gigabyte commutator of any brand. At the same hour, if you plan to check VLAN and іншої exotic, you will know the switching commutator, or as the minimum of Easy-Smart, radically brutalize respect for the switching commutator.
If you need to power more than 3 access points, you can purchase an additional switch with PoE -. Worse, if you buy an additional PoE switch, it will be correct only if you supply 2-4 additional points of access. In general, the purchase of a commutator for living without one point will be a waste of pennies.
For 100 MBytes, go to available models of routers with PoE:
It is not necessary to add an attachment with a PoE adapter, but in any case, you will need to pick up a small communal screen and space in all of the injectors and adapters.
Vibir access points
At vipadku with access points, vibir kudi is wider. The crumbs of the lower ones picked up the most favorable propositions, and the stench was sorted in the order of growth of price.
To be honest, the Groove 52 (RBGroove52HPn) is not going to go, because shipped from the 3rd time of the license, which does not allow vikoristovuyu AP mode.
Mabut, do you have a clear diet, how can you use hAP ac lite in the table? It's simple. First of all, the new PoE driver has the ability to power it from afar. In another way, the power of this installation is transferred to the router. In a tertiary, tse, vividly, 802.11ac support and the price of only 45 usd.
The settings for the set of parameters can be set up as a Dual-Band access point with the functionality of a pre-switch. One of the interconnections is the speed of hemline interfaces at 100 Mbits.
Point GrooveA 52 was seen in the vicinity of the city. The vona is equipped with a taut radio module that allows you to send a call if you need to cover even a large area. Beat the respect, just one hour you can shoot only in one range - either 2.4 GHz, or 5 GHz. I will give the vibe to the range in the Keruvannya panel.
The tables also display OmniTIK and Metal through price / performance ratio. The decision is more likely to go for the victorian at the commercial fences.
The most optimal option for encouraging a booth is wAP, cAP and wAP ac. Moreover, wAP and wAP ac can be victorious.
The older wAP ac model is equipped with a gigabyte mesh interface for securing high bandwidth, allowing the robot to operate in two ranges for one hour with a channel bandwidth of 300 and 1300 Mbps for 2.4 and 5 GHz altogether.
The wAP and wAP ac are well on the butt with the hEX PoE switch and can be seen to prompt the home mouthless hedgehog.
Connecting and setting up the gateway
hEX PoE allows you to play the role of the head router, which will not allow you to connect to the Internet. As a result, the gateway will have IP addresses for their attachments, the DHCP server will be enabled on the access points themselves.
The key is attached and logged into the control panel.
The process of adjusting will be looked at on the butt of adjusting for the suggestions, to make the process as simple as possible for Mikrotik's earbuds.
The standard configuration is for us all along the way, but if you do not want to be able to do it, you can set up the type of connection to the provider's bottom and vibrate the ETH1 port ( twisted pair) or SFP (optics)
For the sake of a quick change of IP, the attachment of local fences to larger sizes is 192.168.0.1/24.
Beastly respect, the DHCP pool we navmisno pіdnyat pіdnya pіdnіt, which roboti zvsіm not obov'yazkovo. It is especially simpler in the lower part of the Vikoristovuvati statics and binding MAC: IP, and in the upper part it has IP for solving clients.
Remember the name of the annex, for our vipadk it will be "GATEWAY" (gateway), given the great number of attachments, you will be easier to order for names, lower by IP.
Zastosovuєmo nalashtuvannya. Since Winbox is no longer available, on some PCs it is necessary to reconnect to the cable by the cable, and then the net has lost the new IP.
As a rule of thumb, you will go to IP-DHCP Server-Networks and hand over the IP of our router as a DNS server for clients, which will be able to receive the DHCP service. Mikrotik has its own DNS functionality, so the service provider DNS on clients is not easy to use.
Before the speech, you can immediately use NTP, the server of the exact hour can be easily accessed by Mikrotik itself. As in the static DNS records of time.windows.com on the IP of the microsoft, the machine from the Windows kervans can take the exact hour from the main gateway without additional adjustments. Read the report in the publication okremya, poilannya vische.
Do not forget to update the gateway until the last version RouterOS, our price drops from 6.36.1 to 6.38.1. Try to re-enroll for renewal.
The building of the airlock is completed. The creation of the new koristuvach, the change of the password, the inclusion of unnecessary services and the adjustment to the Mikrotik owner is a topic for a recent publication, so we will not go back to it.
At any stage, you can connect the access point to the router.
Connecting access points to the router
Offended points live behind additional PoE from the head router. Such a move will allow us to rewrite the attachments programmatically on the visible, and also wake up the darts.
On the practical side, the connection of points is brighter here, step by step, the fragments of all wAP can be displayed as a standard password.
It is not possible to offend points at once, because for the well-informed koristuvach, the process of borrowing a dough of khviliin.
The access point Mikrotik wAP has no problems with PoE, and the axis for wAP ac brought the PoE "forced on" mode to the port to vibrate. For more details about the priorities and adjustments of PoE Out, you can read at.
Well, in idle mode, wAP lasts only 1.1 W, and the older sister wAP ac - 3.3 W.
At the distribution IP - DHCP Server - Leases, it is possible to change, but offending access points have been denied an IP address.
It will start before the onset stage is set up.
Mikrotik wAP connection
The process of setting up both wAP points go along the path of connecting to an open mouthless access point. For a complete netbook, laptop or PC with a mouthless adapter. Our vipadku will have a netbook.
Yak bachite, the netbook has been successful with 3 hems. Why three and not two? On the right in that, wAP ac has one 2.4 GHz hedge, a friend at 5 GHz.
MikroTik-5EDCC7 is our MikroTik wAP, MikroTik-7D550D and MikroTik-7D550E and Mikrotik wAP ac, it is easy to refer to the name of the net (the name is used as a symbol).
Adjustment of repair is done from the simplest point, tse shvidshe and allow you to see, as you will adjust the point.
When connected to the Mouthless Math MikroTik-5EDCC7, Winbox will be configured with the standard IP 192.168.88.1
Accept standard configuration. Yak bachite, set the tracker to routing mode, you can’t get overwhelmed by connecting through the cable.
Moving the point to the bridge mode (Bridge = mіst), in order to fix the prism we will see through. Option "Adress Acquisition" is displayed in "Automatic", tobto. IP pristіy otrimuvatime from the DHCP server. For bazhannya it is possible to realize IP statics, but not about the whole thing, but not about the whole thing.
"Address Source" goes to "Any", when you select a logical "Ethernet", the attachment will have IP 0.0.0.0, and you just don't connect to it. If everything is broken correctly - pristіy otrimaє nalashtuvannya fringes.
Yak and earlier, I will name the annex.
Mikrotik wAP ac connection
All the distributions of food are repeated for a new point, as well as for a skin attack, which will be added to the net.
If everything is broken correctly, Winbox will have all three attachments visible.
And, obviously, it’s not forgotten to update RouterOS on all the outbuildings of the hem.
Mouthless fingering in Mikrotik wAP
Let's start the wAP access point.
Wireless - Interfaces have a clear power to the mouthless interface.
Especially I attachment Advanced Mode (expansion mode), as many options as you can - you can choose Simple Mode. Remixing between modes, you will be able to get there at any moment at the right side of the window with the nestled windows.
On the streaming screen, click Freq. Usage ... ". When you press the button, you will see a new one at the end, in which there is a "Start". The system can quickly scan the channels and you will be able to peer over the view of the channels at the real time.
Yak bachite, 2442-2452 MHz is victorious, that's the best practice in the range 2412-2432 MHz. At the same time, there is no time to forget, but when there are wide channels at 40 MHz, the number of channels, which does not overlap, is the third.
When I set up a mouthless interface, I see the pass-through clearly in 2GHz-only-N, but I set the 802.11n mode. if you have old attachments without adopting a new standard - choose the change modes.
The channel width can be set to 20/40 eC, it is also possible to use 20/40 eC. Index eC and Ce indicate, where it is necessary to expand the range in relation to the main channel. eC - downward extended, Ce - upward extended. In such a rank, if you vibrate the first channel, it is possible to expand it only up the hill, at the end of the remaining channel, the situation is ringing, it can be expanded only downward.
SSID is the name of a mouthless mesh. As long as you have є access points with a 5 GHz power supply, you can obviously use 2G and 5G sufixi, in addition to helping to expand the range. Although it’s not defective, on the client, you will not see two hemlines, the list will not see only one, and the connection here will be up to the priority of the adapter (Prefer 2G / Prefer 5G).
WPS doesn’t fail.
"Frequency Mode" will be set to "regulatory-domain", and "Country" - "ukraine". Tse nalashtuvannya allow not to poruchuvati regional obmezhennya radio frequency resource.
WMM Support can be vibrated enabled. The price of a special QoS nadbudova, which allows the priority of multimedia traffic.
Go to the Advanced tab. For setting up “Hw. Protection Mode "vibraєmo rts cts. In short, there is an option for additional help to avoid conflicts, if you do not connect to the point of contact, and you cannot wait until the last transmission of the data.
For Adaptive Noise Immunity, ap and client mode will be installed. I know, however, briefly, that the option allows activating a special filtering algorithm for noise generated by a point and / or a client, for example, a lot of transformations of the signal from the stin. Zvernit uvagu, opts_ya pracyuvatime leish on adapters with chips Atheros.
On the HT deposit, reverse the Tx / Rx Chains parameters, but also check the boxes. If the box is not ticked on one channel, the adapter cannot be used for the first time.
Oscillations didn’t change the parameters of the radio module pressure, the standard value didn’t change.
We are all about HT20-x and HT40-x. By the way, the price of its kind is a source of pressure for a specific radio module.
HT20 and HT40 can be used for a channel width of 20 and 40 MHz as appropriate. The number in the suffix is the MCS index for the 802.11n standard. Chim vishcha figure, tim more shvidkist. Yak bachite, for greater flexibility, you will need less pressure, and more pressure, then lower pressure. Respect the tsі danі, if you check the speed of the force of the mouthless module in manual mode.
At the final stage, go to the Security Profiles tab. At the same time, it is necessary to change the profile of safety. Vibrating mode "dynamic keys", as well as options WPA2 and AES. You can forget about WPA and TKIP (not even mentioning the old WEP), they have already compromised themselves for a long time and may have "flaws", so allow the suspicious malevolent to deny access to the childless mortality by the method.
The password is entered in the WPA2 Pre-Shared Key fields. The first point is completed.
Mouthless fingering in Mikrotik wAP ac
When another point of access is set up, everything is similar to the first point of access.
Do not forget that it is necessary to scan a mouthful for a dermal point, fragments of an ethereum can change in a fallowness from a dermal point. If you want to trust the automatics - select the "auto" channel, Mikrotik is completely unsuccessful to cope with the set of employees.
Do not forget to use the SSID itself for the new skin attack point, as it is on the first attachment. Robotizing is required for automatic roaming of AP clients.
When working, the frequency can be turned on the same way, but at times, if the access points are slightly overwhelmed. At the same time, there will be a delay of the ether between oneself, and it will be negatively represented on the speed of one hour at a time. Naykrastovuvati principle of "shakhovyi dosha", tobto. cherguvati canals so that the stench did not overturn in zagalі.
In addition to the Dual-Band access points, the list of Wireless Interfaces will have two interfaces, and there will be skincare options.
The principle is that the scannable range and the optimal frequency are vibrated. If you have a clear range of 5745-5805, it is recommended to use it. Our vipadku has already been "clogged" by mobile providers.
Before the speech, for additional administrators in the future, the cicaviy speсtral-scan and spectral-history. Start insulting tools through the terminal.
For wiklik vikoristovuyutsya commands:
/ interface mouthless spectral-scan
/ interface mouthless spectral-history
Z channels and frequencies were numbered.
For the 5GHz band, the Sufix 5G is not necessarily robust, as we have already said about it earlier.
The channel width for the promising channel will be 20/40 MHz, but I know that 802.11ac can be used for 80 MHz channels and they will not have high performance.
For channels on 80 MHz, the eCee nadbudov should be selected from the new combinations, їх 4, because channel at 80 MHz with 4 channels at 20 MHz. The vibration logic is the same as for 2.4 GHz.
The configuration is similar to the ones we tried to do for the front point to the 2.4 GHz band. Do not forget to change the Chains and adjust the parameters of the security (profile).
Nuance roaming on Mikrotik
The principle, on which it is possible to complete the instruction, is just one more nuance.
In practice, it is often the case that the mouthfuls are re-melted, if the mouthless ones are re-melted. Once a client can be hooked on a point with a weak signal, they can be guided by the fact that the point with an alert signal is overruled.
Vlasne the butt of such a vipadku on the screen shot. Zlіva mi bacimo, who phone of connections up to 5 GHz good luck signal. When the smartphone is moved to the inner zone, it hangs on the 5 GHz net, while the channel bandwidth has dropped to 87 Mb, and the handheld is 2.4 GHz with the video signal.
What kind of robots do such people have? I can rewrite the hemline, as if I name it for the hem, or it’s also possible to pick a “file” and “militia”.
On all mouthless interfaces, you must enable the "Default Authenticate" option. This is necessary in order for the ACL functionality to be victorious.
The Access List (Wireless) has 2 rules.
Perche rule... The range is set for the signal -75 ... 120 dBm, the Authentication and Forward options are set. Tse rule If the connection is allowed for the clients, the signal is no less than -75 dBm.
Another rule... The range is -120 ...- 76 dBm, the Authentication and Forward options are enabled. The whole rule of switching on the clientele, for which the signal drops below -76 dBm.
The Authentication option allows you to connect, so that you can see the connected fence. The Forward option allows the exchange of data between stations / clients. Forward can be crimson at the kidnappings homemade festoon, and the axis at the publ_chnіy іdkritіy fencing is exchanged by given mіzh clients obov'yazkovo demand for fencing with the meta of safety.
For bazhannya, you can immediately set up rules for the day that hour. For the lower spoiler Time є required parameters.
In addition, like the ACL rules, you can add a list of authorized clients in the Registration tables. Moreover, a comment from the ACL rule will be indicated to the skin client, which will be done manually.
Converted to a robot on a smartphone. When the signal goes down to -75 dBm, try to trim to the old point. When the signal goes down to -76 dBm, the point automatically switches on the client, if the client switches on to the strongest point.
Wit, Danish method no addition of shortcomings. On the right in that, where the point is to go to the primus, the connection of the client is connected, through the shortly at the end of the client the victor has a short-hour shaving off the ring. In a short time, ~ 2 seconds. Bagato to lay down from the clientele possession.
I set the level to a signal of -75 dBm for the butt, the higher the recommendation level, the lower the universal parameter "for any kind". As a matter of fact, it should be reported that the value is -80 dBm i vid. Whatever type of meaning is chosen, it is an experimental method right on the spot, depending on the specificity and sensitivity of the client's possession.
At the end
Apparently, the options for the implementation of home, childless hedgehog on Mikrotik without manual adjustment That ends with the CAPsMAN and the Mesh.
We have described the options for manual adjustment in order to make sure that there is no need for much knowledge. At the same hour, the configuration will allow you to open the top of your mouth without a mouth, as you can stably work without getting involved.
For a short time, it means the need for a separate installation of all annexes, which borrows trochas for more than an hour, less with the victorian CAPsMAN. With a few points, such a variant is quite addictive and nada ness.
When WiFi is set up on mikrotik routers, there are few nuances, on which varto bulo will be brutalized by system administrators.
It’s easy to see in the statistics, how to set up wifi and set up an access point on routers lineup Mikrotik.
How can I connect to a mikrotik router to set up wifi fancy?
Now, just set up Wi-Fi on mikrotik routers, you need to go to special program"winbox" Give you another option to go to the Neighbors tab - in ten hours of the program, you will know your router.
Now you need to click on the Mac address and click on the "Connect" button. Respect, for the devices of the Mikrotik family, the password will be left empty, and the login - like on all standard models - is admin.
If you have successfully connected to the router, you should go to the Interface tab and click on the Wireless tab, then vibrate the dot with the name Wlan1 and click on the blue tick. This allows you to activate the mouthless router interface.
Now you need to go to the Security profiles tab, and then click on the main profile default.
If you need to change the "Mode" tab to "default keys", then select the WPA PSK and WPA2 PSK and aes ccm checkboxes. If you have entered the password for wifi mikrotik, enter the password at the field without mouthless fingering, in order to save the adjustment.
How to set up a wifi access point on mikrotik?
Turn to the front interface tab, then click on the wlan 1 interface and go to the Wireless tab.
It will be seen in a clear manner that the mouthless hedge is adjusted, if necessary, if it is necessary to display the following values:
- 1. In the Mode field - display the value "AP bridge" (allowing the clients to connect to the central access point in the "bridge" mode)
- 2. In the Band field - display the value "2 Ghz B / G / N" (protocol for connecting clients at a given frequency).
- 3. In the Channel Width field, the display value is "20/40 Mhz HT Above" wifi... For example, 20 Mhz give you the efficiency of great distances).
- 4. In the Frequency field - display the value "2412" (the main frequency, you can set the wifi frequency, see from the public access points).
- 5. At the SSID field - write down if you were lucky, if you would like to name your access point, if there will be a bachiti mobile annexes that computer.
- 6. In the Wireless Protocol field - the vibration value is "unspecified" (the vibration of the productivity of the mouthless point, finding the productivity for this value).
- 7. In the Security Profile field - the value "default" is too much (vibir: on the cob, the password of the same type of encryption was added to the profile "default").
- 8. For the WMM suport field - change to "enabled" (enable WiFi multimedia support, so you can vote, so that other multimedia add-ons have the least number of pardons).
- 9. In the Default Forward field - check the box (when the checkboxes are enabled, the mouthless fingering client cannot be exchanged with data).
- 10. If Hide SSID is in the field - check the box, then your hem will be hidden, and you will need to hand over the password for the hem.
I continue to talk about the miracle of a series of outbuildings from Latvia, which have recommended themselves as functional and superb devices. At the top of the statute, I will report the power of the basic setup of mikrotik routers on the application of the budgetary and most popular model RB951G-2HnD. The process of instruction is practical before any model, because all the stench of destruction is based on one and the same operating system.
Qia article є part of one cycle article about.
Entry
Routeri Mikrotik routerboard has been on the market for a long time, but they have not gained great popularity. Want to take their nіshu. Especially I vvazhayu, as a miraculous router for the house, for the reliability of the win there are no competitors. There is a true router, which can be set up once. Especially less than once, I didn’t trample pristіy, which brought the primus to re-zavantazhuvati, how to get yogo from the Komi, as it was often thrown with the lowest budget wagons.
The widening of the middle of the home streams is streaming ahead of the foldability of the adjustment. I wish the man who was pushed through the koristuvachev could get up, but there’s nothing folding here. Ale naspravdi є. And I often went with the help of a router to set up a router for distributing the Internet via wifi, that is why I bought it for my recommendation, but I could not learn to set up the required functionality, I want an installer.
All the while, I want to remember and write a report on the instructions for setting up microtics from scratch for kettles on the buttstock model RB951G-2HnD, which is suitable for home use. I have prepared a cheat sheet for a text file for a long time. As of now, I literally for 10 hilin on-site router and send koristuvachev. Tobto, really nothing folding is not, as you know, scho robish. I will write material on the basis of the cheat sheet.
Mikrotik RB951G-2HnD description
Axis vin, the hero of the current statty. You can describe it, see it, and you can easily convert it to Yandex.Market. For a number of updates, you can create new ones about the popularity of your router.
An important feature of this router, which I am especially active in criminating, is the ability to power it with the help of a special adapter.
On the picture, the right-handed person is. Take the standard unit from the router and the poe adapter. The living unit is connected to the adapter, and the adapter is also located at the first port of the routerboard. The router can be connected to the wall in any place without the need to connect to the outlet. Immediately, I mean, you can only power the router with the help of the mikrotika adapter. The newest standard and high-quality poe 802.3af switches do not go out.
Onslaught on the poppy's annex address, guilty of copying in the field Connect to... Password for zamovchuvannyam to enter the router empty, and koristuvach - admin... Enter the name of the koristuvach, the field with the password will not be stored. Onslaughtєmo connect. We are informed about the information, in which the description of the standard nalashtuvan is directed.
Here їkh can either be overlooked or seen. I can see that some of the standard adjustments are most often not suitable for a specific situation. I will put a knife on the butt, for which it should be like this:
- I powered my router on the first port through the Poe adapter and the port is local. For the port of choice, the port is chosen as a wan port for rejecting the Internet from the provider.
- At nalashtuvannyah for promovchannyam automatically set to reject the settings from the provider by dhcp. If you have the other type of connection, then you standardly adjusted do not go.
- The address space is 192.168.88.0/24. It is especially unbecoming for me to bend the net for the motions, for that it’s just that they have a new pristine in them, if I’m so hammered into the address, then there will be problems in the net. At home, it may not be relevant, but in the case of commercial organizations, it was possible for me to get stuck. That’s why I’m talking about every kind of drink.
So it is my onslaught Remove Configuration, you can see the installation. Let the router rewire itself. Chekaєmo is approximately hilinu and connected to the new knowledge.
If for some reason you did not see the re-installation at once, then you can throw off the adjustment in mikrotik at the factory for a change. For any need in the terminal, type in a collection system, and then reset... You have to power up the hardware and let the routerboard get rewired from the factory settings.
Firmware update
For cleaning up the installation, I recommend one time to check the firmware update of the Mikrotik router. For tsiy ydemo in the download of the official site and zavantazhuєmo required file... We've got a platform mipsbe, package for engaging Main package... Zavanazhuєmo yogo on the computer and switch to the router for the additional winbox. Vibiraєmo zlіva razdіl Files... Then two windows are displayed - one with the firmware file, the other with the winbox and drag the file from the folder near the winbox to the list of files.
Ochіkuєmo the end of the firmware upgrade and re-upgradeєmo mikrotik through the menu section System -> Reboot... The firmware is updated for an hour when the router is locked. Pochekati will be finished. 3. Send the knowledge to the annex. For updating the firmware, it is necessary to update the firmware. To be afraid of the menu items System - RouterBoard... Come on in there, rewire the rows Current Firmwareі Upgrade Firmware... If the stink comes up, then you press the button Upgrade... However, it is possible that there is nothing to be bothered with. Zmіni nabudnostі pі for re-entailing.
You can revise the installed firmware version at the System - Packages.
My firmware version is 6.43.4. Maybutny, if there is an Internet connection on the router, it can be automatically monitored in a wide range of distributions, pressing on Check For Updates.
The firmware has been updated, you can start it before setting it up.
Ob'dnannya port at the bridge
One of the features of mikrotik routerboard routers is the number of installed ports. Lumbar on the fingers, scho tse take. Buy an extra budgetary router, you can change your signatures to ports. On one of them, WAN will be written by default, but LAN will not be written on any of them. So that you will also have one port for setting up a singing rank for connecting to the Internet and resolving ports for connecting to a switch for conveniently connecting ownership.
Mikrotik has a lot of clothes. There you must spoil the equal WAN port maybe absolutely be-like, like zabazhate. So, as I am the 1st port of the vikorist for connecting live, as WAN, I will have the 5th port. And I will unite the rashtu into one hedge behind the bridge and the wifi interface before them. For a whole lot of people Bridge that opening bridge1.
Everything is overridden by default. Bridge1 has appeared in us. Go to the ports tab і embossed plus sign. Dodaamo to brdige1 all port, crim WAN. I have 5 port.
We have combined all the necessary interfaces at the bridge for organizing one space for all connected attachments.
Setting up a static IP
Until then, we were connected to the router at the MAC address. Infection can be assigned to a static local IP address, for which it will be available in the net. For a whole lot of people IP -> Addressesі embossed plus sign.
Add in the Address section if you will. I picked 192.168.9.0 ... The address is based on the name 192.168.9.1/24 ... Yak vibramo interface bridge1... The Network field may not be stored, it will be automatically stored. Now our router is available both for local interfaces, and for wifi (which should be set up) for the address 192.168.9.1.
Setting up the Internet in mikrotik
The infection itself will be connected in an hour to the provider and set up the Internet. It is important to search for the available connection options. Їx maybe buti rich. I will look at two of the most popular ways:
- You will automatically deactivate the settings from the provider via dhcp.
- The provider will give you the readiness to set up and enter it manually.
As I already wrote earlier, for the connection to the provider, we will vikoristovuvati port 5. Connect your provider.
To remove the dhcp nalashtuvan, go to winbox at razdіl IP -> DHCP Client and draw a plus sign. Vibrate interface ether5 and stamp OK.
If you did everything correctly, then beat it up, you got the IP address off. In razdіlі IP -> Addresses there will be information about the adjustment.
The option is available, if the provider has seen the efforts to set it up and you will need to give it yourself. Please note that our Internet setup is as follows:
Chat with IP address. Robim is all those that are in the foreground when a static IP is set up. Only now replace the interface bridge1 vkazumo ether5 and entered according to the address - 192.168.1.104/24 ... Here we were told at once to the address, and the mask of the address.
Give us the need to install a gateway for the requests. Without a bunch of binding crochet, the Internet cannot be shut down. Іdemo before distribution IP -> Routes and an embossed plus sign for adding a gateway for a change. Have Dst. Address zalishaєmo yak є 0.0.0.0/0 , and in the field Gateway enter the gateway of the provider and the onslaught is OK.
At the same time, the Internet can make money, but without a DNS server, it is possible to turn around for direct ip addresses. For example, you can propose the ip address of google servers. New Terminal is displayed and overridden.
Now the DNS server can be installed. For many people in IP -> DNS, in the field Servers entered by the dns address of the provider's server. If you have two, then after pulling a tricycle, straight with the top down, you can enter another value. Obov'yazkovo put a tick on the right Allow Remote Requests.
As long as you have the name of the IP-address and you have allowed the DNS to be fed into the server, visually and block all the incoming connections. As long as it is not damaged, your router can become a victim of dns power failures, as it is victorious for ddos attacks.
On the whole, all of us have installed the Internet provider's adjustment. It is possible to reconsider and propose to the site address.
On the router itself, go to the Internet. We need yo nalashtuvati for koristuvachіv. For tso prodovzhuєmo nalashtuvannya mikrotik.
Dhcp server setup
In order for the connection of the attachments to be able to trim the lines automatically from the router, it is necessary to set up a DHCP server. It’s not easy to fight, I’ll write everything in crocs at once. Ydemo to IP -> DHCP, go to the DHCP tab and onslaught DHCP Setup... We will understand the vibrati interface, on which the server is right. Vibiraєmo bridge1.
Tisnemo next. Now it is necessary to vibrate the address space, from which you can see the ip addresses. For zamovchuvannyam specified a pidmerezha, before which to enter the ip address of the router. On the way to go, there is too much value for the changes 192.168.9.0/24 .
Now it is necessary to specify a range of address, as it will be available to clients. If you are not important, and if you don’t know, if you really need to change it, then go ahead and do it. There will be vikoristano all the addresses of the houses.
At the last stage, the dns address of the server is entered, which can be seen by the clients. It can be either the mikrotik itself or the provider's DNS server. It's not important, it's more beautiful to use the router itself. So it’s written to the local address 192.168.9.1 .
The step parameter is needed for the selection і embossed Next. On the whole, the dhcp server setup for the local mesh is completed.
As soon as a wire is connected from any client to a mikrotik, then it’s okay to set up a net, but you can’t go to the Internet. Not a single important fix - NAT.
Nalashtuvannya NAT
NAT is a re-implementation, as if it seems to be a translation of a hedgehog address. I don’t tell you, well, you can read it yourself on the Internet. All current routers are capable of NAT for access to the Internet for subscribers. This is how NAT is configured in mikrotik.
Іdemo before distribution IP -> Firewall, the NAT tab and the plus sign are displayed. There is only one parameter on the General deposit. Out. Interface - ether5(the interface is connected to the provider), everything is not easy.
Go to the Action tab, select the list, go to the vipadaє masquerade... Rashtu is not chіpaєmo і embossed OK.
Everything, NAT configured. Now, if you connect the client with a wire to one of the ports, you will be able to set up the customization by DHCP and have access to the Internet. We are overwhelmed by the call of nebagato - set up wifi for connecting mouthless clients.
Set up wifi hotspots in mikrotik
Our router is robotic-ready. If it’s overshadowed, it’s possible to set up a wi fi access point, and it’s possible to forget about it :). The establishment of wifi in the smallest of merit on the outskirts of the article. There are even more nuances and possibilities. At the same time, it is extremely simple to adjust, as soon as I get satisfied with the consumption of homemade wifi router... And for those who have lost knowledge, we can be quick to cover with material on the topic.
In front of us is an active mouthless interface. For the deputies of the yogo they are imprisoned. Іdemo before distribution Wireless, vibrate wlan1 and embossed blue checkmark.
The interface from the gray camp is light. Go to the Security profiles tab, two embossed with a bear on the row with the default profile. In the field Mode amassed dynamic keys... Check the box right now WPA PSKі WPA2 PSKі aes ccm... By the field WPA Pre-Shared Keyі WPA2 Pre-Shares Key a password is entered from the I recommend vikoristovuvati a new password (not less than 12 characters) with numbers and special characters. So, enter it not just manually, just because I myself have brutalized hashes of simple passwords without any problems, I crossed over to put a folding password more beautifully, if you do not want to connect to your wifi.
Zberigaєmo nalashtuvannya. Turn to tab Interfaces and two embossed on wlan1, you can see the wifi setting on the microtic interface. Go to the Wireless tab. Vistavlyaєmo nalashtuvannya yak at me on a screen shot.
I wrap up my respect for this:
- SSID- I’m your childless hedgehog. Write, I want to.
- Frequency- Frequency, which is shown to one of 12 channels. The most important is the most important channel and so far. Here it is recommended to vibrate the channel, which has the least access points for your particular type. If you don’t know what the channel is and how you’re changing it, then don’t get overwhelmed, you can vibrate whether it’s on the list.
Zberigak nalashtuvannya, onslaught OK. Everything, wifi access points on mikrotik are set up, you can change it. Launch be-like pristіy, whisper your line, enter the password for access and reconfigure the Internet. All maє pratsyuvati.
On the whole, the setting of the mikrotika is over, but I recommend that the viconate is set up for the sake of lightness and safety.
Changing the administrator's password for changes
As I have already written earlier, the administrator's password for replacing mikrotik with no tasks, it is empty. Іm'ya koristuvach - admin... Let's set up a password for interconnecting access to third parties before setting up. For a whole lot of people System -> Users... Vibiraєmo lone koristuvach admin, embossed with the right button and select the option password.
At the end, when you open it, you have to enter your password 2 times, and you will need it. Now, you can connect through the winbox, you will need to enter not only the admin, but also the password.
In the light of the last evils of the mikrotik, I strongly recommend that you not just set a folding password on the administrative regional record, but set a new one, with the names of the koristuvach, as seen by admin. For the whole of the list of koristuvachіv, click on the plus sign and create a new koristuvachіv.
The message of the tsyy koristuvach admin can be found.
Nalashtuvannya hour
I recommend setting the correct timing to enable automatic synchronization. It may be in the middle of the day, if you know how to wonder how the logs are and leave an hour. Yaksho won’t be set up, it’s important to revive. The identity is nalashtuєmo yogo. Ydemo to System -> Clock, I will install it by hand, the hour, the date and the time zone.
It’s so hard, automatically for an hour, it’s been automatically connected via the Internet. Іdemo before distribution System -> SNTP Client... Check the box Enabled, in the field with server addresses it is entered 193.171.23.163 і 85.114.26.194 ... Tisnemo Apply і sposterіgaєmo result of synchronization.
Now the year of the router, wait for the current hour.
On the whole base, the setting up of the mikrotik router for homemade curing is over. You can get up on the spot and turn up.
Visnovok
I will change the butt of a mikrotika adjustment for a home koristuvach, I will replace the most popular budget routers. For a more foldable and comprehensible adjustment, you can speed up my articles on the topic:
- An article about those who connect two providers to the Internet and automatically change access from one to the other in case of problems with a call from one of them. The situation is taken from the real butt of the Zamisky booth with two Internet channels.
I will end my discussion. I’ll be radium. I guess I’ll say it’s a part of one cycle of an article about.
Internet for happy people becoming like an indispensable and necessary attribute, and the first subject of significance, having replaced with itself the rich speeches that were victorious earlier. That is why the Internet is an expensive one. For encourage the childless hedge it is necessary that you do not have to change, it is necessary to have an integrator that will involve your project. Pridbati is necessary wi fi possession selling is not so easy for your fancy goods. Do not waste your hour on the trick of the gift, be brutal before Online store website... We have you know active that passive possession in a wide range of light brands. Installation of wi-fi for a restaurant and hotels, twisted pair for new laying, optical cable, PON possession, PON annex, OLT annex, possession of CWDM and a lot of it is presented in our on-line Internet catalog Mstrom.
Mi spіvpratsyuєmo tilki with inverted virobniks of the IT market. Ubiquiti, Mikrotik, Cambium Networks, D-link, Hikvision, Furuno, Ajax, Ok-net, ICOM, Sailor, Zenitel, Cobham And in fact, all that is possessed for radio communication, sea navigation, childless or local hedge, presented in our store, meet the highest standards of quality. Submit wifi internet possession It is possible both in the distribution and wholesale (by means of Internet providers, integrators and resellers). For permanent clientele in the Internet shops Mstream dіє nnuchka system of notes and a line to payment. Prices for wi-fi internet possession will delight you to find new customers. Our zavdannya is not deprived of developing ourselves, but also additional assistance in developing the business of our customers. Wi fi space of Ukraine is not a place of accusations and occupations, but our meta is a global integration of new technologies and distribution on the Ukrainian market of technologies.
Having bought from us possession for wi-fi , you will be guaranteed to reject even more nadіynі, yakіsnі and dovovіchnіy solutions from the smallest svіtovіh vyrobnikіv and brands of childless technology from nykorotshі terms. Great assortment and direct delivery Wifi availability from the virobnik allow us as a system integrator to satisfy the projects of our clients - local wi fi fences. Professional consultants give a new consultation for an hour to choose the required one hedgehog possession With the help of individual projects, that will help the client to spare your efforts that hour. Delivery of low-grade possessions in all places of Ukraine - Odessa, Kiev, Kharkiv, Kherson, Kryvyi Rig, Kropyvnytskyi, Mykolaiv, Dnipropetrovsk, Zaporizhzhya, Vinnytsya, Chernigiv Terkasy, Lviv, Lviv, Mariuposk, , Tiraspil, Moldova and інші.
Copying of any information from the site without distributing the active vocal power is protected.
New attachment of MikroTik company with 2G / 3G / 4G add-ons at the constructive attachments of the wAP series, which is the first multi-band attachment of the company, now a solution has already been presented for the support of LTE
The model is given to allow the public to hunt for the stationary segment - even a small workday behind the city, an apartment in the city, and mobile solutions such as hot spots for transport minibuses, buses, mini buses and extravagantly, special automobile services.
For transport of special integration on the plate of roses
When you open a window, you can get access to roses, Ethernet, indicators, a slot with a picture and buttons for a discount.
Knowing the case of Bachimo, the module of wi-fi antennas and two LTE antennas are similar in size to the ZyXEL MAX-206M2
Available for PoE technology (8-30V), DC power (8-30V) and transport for transport (8-30V)
miniPCIe 2G / 3G / 4G module R11e-LTE, 2 x U.FL (Ultra Miniature Coaxial Connector Receptacle) male rose
Specification of the module:
2G Multislot Classes for GPRS / EGPRS
| Multislot class | Downlink TS | Uplink TS | Active TS |
|---|---|---|---|
| 12 | 4 | 4 | 5 |
3G Category 14 (21Mbps Downlinks, 5.76Mbps Uplink)
| Evolved HSDPA User Equipment (UE) categories | ||||||
|---|---|---|---|---|---|---|
| Category | Release | Max. number of HS-DSCH codes (per cell) |
Modulation | MIMO, Multi-Cell | Code rate at max. Data Rate |
Max. Downlink Speed (Mbit / s) |
| 14 | 7 | 15 | 64-QAM | .98 | 21.1 | |
LTE Category 4 (150Mbps Downlink, 50Mbps Uplink)
| E-UTRA Band |
Duplex- Mode |
ƒ (MHz) |
Common name | Included in (subset of) Band |
Uplink (UL) BS receive UE transmit (MHz) |
Downlink (DL) BS transmit UE receive (MHz) |
Duplex spacing (MHz) |
Channel bandwidths (MHz) |
|---|---|---|---|---|---|---|---|---|
| 1 | FDD | 2100 | IMT | 65 | 1920 – 1980 | 2110 – 2170 | 190 | 5, 10, 15, 20 |
| 2 | FDD | 1900 | PCS blocks A-F | 25 | 1850 – 1910 | 1930 – 1990 | 80 | 1.4, 3, 5, 10, 15, 20 |
| 3 | FDD | 1800 | DCS | 1710 – 1785 | 1805 – 1880 | 95 | 1.4, 3, 5, 10, 15, 20 | |
| 7 | FDD | 2600 | IMT-E | 2500 – 2570 | 2620 – 2690 | 120 | 5, 10, 15, 20 | |
| 8 | FDD | 900 | E-GSM | 880 – 915 | 925 – 960 | 45 | 1.4, 3, 5, 10 | |
| 20 | FDD | 800 | EU Digital Dividend | 832 – 862 | 791 – 821 | −41 | 5, 10, 15, 20 | |
| 38 | TDD | 2600 | IMT-E (Duplex Spacing) | 41 | 2570 – 2620 | N / A | 5, 10, 15, 20 | |
| 40 | TDD | 2300 | 2300 – 2400 | N / A | 5, 10, 15, 20 | |||
Zvorotny bik pay for new slot for sewing cards
Complete set
Plus I will attach
- Found an available 2G 3G 4G modem for connections through the miniPCIe slot in the system, you can see usb, an hour of switching between bands is 15 seconds
- Intuitive multi-band 4.5dBi MIMO antennas
- a radiator has been installed on the chipset for wAP LTE 2nD donor payment
- є Indication of the signal, sensitivity to be set programmatically in the System - LEDs distribution
- Roz'єm vivlennya for a car id in a set
- the bolt is a lock for the lock and the key is in the kit, the bolt for securing the spring is not necessary to catch it when it is opened
Minusi will attach
- Non-handled Sim slot for a ringing spring - by the way, a sim card can be picked up, or for an additional pincer
UPDATES
In the assortment of MikroTik products there are new accessories for retrofitting the wAP LTE kit with a new panel antenna:
- ACSMAUFL cables - ACSMAUFL - Pigtail U.fl-SMA - 2 pcs
- mANT LTE 5o - MTAO-LTE-5D-SQ - 5dBi LTE antenna
- SMASMA - cable folding 1m SMA male - SMA male - 2 pcs
Testing the productivity of the latest versions of ROS on the application of the Biline operator
Factory standard version ROS 6.39.2
Remain Release candidate version ROS 6.43.14
The last version of Bugfix only ROS 6.40.8
There is a difference in the speed of the day, the release of the candidate ROS 6.43.14 is great, but it can be attributed to a mistake.
Nalashtuvannya
UPDATE It’s better not to adjust the modem, the modem is in automatic mode, it’s better to connect to the net, but just uncheck the GSM (GPRS / EGPRS class 12) checkbox, we don’t know the speed in the actual size.
In the manual mode of the vibrator "bands", the modem is connected to the operator's markings much better
Changes from the version of RouterOS 6.41:
APN profiles
Parameter apn change now at LTE depository - apn profile:
/ interface lte apn add name = profile1 apn = internet authentication = chap password = web user = web Application for operator Yota/ interface lte apn add name = profile1 apn = yota.ru
Vibrating profile for streaming LTE data:
/ interface lte set apn-profiles = profile1
For the web interface, USB modems have been re-set presets to be displayed in automatic mode and assigned a profile to the operator, such a functional is still not available
Passthrough
When fixing with RouterOS v6.41, deyaki LTE interface adapt the LTE Passthrough function, de-configuring the IP will be stuck without prioritizing to the client's annex. At the same time, the firmware of the modem will be displayed for setting up IP, and the router will only be used for setting parameters in the modem - APN, hedgehog technologies and IP-type. In the current configuration, the router does not accept the IP configuration of the modem. The LTE Passthrough modem can transmit offensive IPv4 and IPv6 addresses as the stench is received by the modem. Deyaki modems accept an APN number, you can transfer traffic from a skin APN to a specific router interface.
Passthrough will only be used for one host. The router will automatically assign the MAC address of the first packet to be rejected and the same for Passthrough. As long as there are few or more hosts, you can block Passthrough for a singing MAC. On the host in the mesh, de Passthrough is assigned an IP address, DHCP client can be connected to the whole interface. I’m sorry, but you will not be able to connect to the LTE router via an IP address, or from the host, which will be subject to transit overrides. To set up, you need to open an additional connection from the LTE router to the host. For example, the vlan interface between the LTE router and the host.
Nalashtuєmo Passthrough on ether1 interface:
/ interface lte apn add apn = apn1 passthrough-interface = ether1 / interface lte set lte1 apn-profiles = apn1
Nalashtumo Passthrough on ether1 interface for host 00: 11: 22: 33: 44: 55:
/ interface lte apn add apn = apn1 passthrough-interface = ether1 passthrough-mac = 00: 11: 22: 33: 44: 55 / interface lte set lte1 apn-profiles = apn1
Linking R11e-LTE to the base station sector
Vikoristovuchi will step on the team in the terminal
/ interface lte info lte1 once
I will accept the station to the modem:
> / interface lte info lte1 once
pin-status: no password required
functionality: full
manufacturer: "MikroTik"
model: "R11e-LTE"
revision: "MikroTik_CP_2.160.000_v001"
current-operator: 25099
lac: 578
current-cellid: 200005126
phy-cellid: 74
access-technology: Evolved 3G (LTE)
session-uptime: 1h33m38s
imei:
earfcn: 3300 (band 7, bandwidth 10Mhz)
rsrp: -90dBm
rsrq: -10dB
sinr: 5dB
qi: 15
the ones we need phy-cellid: 74, earfcn: 3300 (band 7, bandwidth 10Mhz) with them mi pratsyuvatimo dalі
You can send the AT command to the modem to block the BS sector in this format:
AT * Cell =
To block the modem in LTE mode, and before the victorious sector of the BS, I will step on the AT command::
/ interface lte at-chat lte1 input = "AT * Cell = 2,3,3300,74"
It's a pity, if I rewrite the attachment, or if the modem is canceled, everything the establishment of a blockade ruin.
For bazhannyam you can write a script that automatically prescribes one of the same parameters.
Default adjustments or adjustments for changes
can be entered into the terminal with an offensive command, more importantly, via ssh
/ system default-configuration print
classic version of export configuration, virobnik vikoristovuu bridge address lists that static dns
# | LTE CPE Router with wireless AP: # | * lte interface connected to providers network (WAN por> # | * WAN port is protected by firewall and enabled DHCP cl> # | wlan1 Configuration: # | mode: ap-bridge; # | band: 2ghz-b / g / n; # | ht-chains: 0,1; # | ht-extension: 20 / 40mhz-Ce; # | LAN Configuration: # | IP address 192.168.88.1/24 is set on bridge (LAN por> # | DHCP Server: enabled ## DNS: enabled; # | WAN (gateway) Configuration: # | gateway: lte1; # | ip4 firewall: enabled; # | NAT: enabled; / interface lte set [find] route-distance = 2 mac-address = 00 : 00: 00: 00: 00: 00 name = lte1 use-peer-dns = yes / interface bridge add admin-mac = E4: 8D: 8C: 3B: 1C: BA auto -mac = no comment = defconf name = bridge / interface wireless set [find default-name = wlan1] band = 2ghz-b / g / n = ap-bridge ssid = MikroTik-000000 / ip neighbor discovery set lte1 discover = no / interface list add comment = defconf name = WAN add comment = defconf name = LAN / interface wireless securi ty-profiles set [find default = yes] supplicant-identity = MikroTik / ip pool add name = default-dhcp ranges = 192.168.88.10-192. 168.88.254 / ip dhcp-server add address-pool = = bridge name = defconf / interface bridge port add bridge = bridge comment = defconf interface = ether1 add bridge = bridge comment = defconf interface = wlan1 / interface list member add comment = defconf interface = bridge list = LAN add comment = defconf interface = lte1 list = WAN / ip address add address = 192.168.88.1 / 24 comment = defconf interface = bridge network = 192.168.88.0 / ip dhcp-server network add address = 192.168.88.0 / 24 comment = defconf 24 comment = defconf set allow-remote-requests = yes / ip dns static add address = 192.168.88.1 name = router.lan / ip firewall filter add action = accept chain = input comment = "defconf: accept established , related, untracked "connection-state = established, related, untracked add action = drop chain = input comment =" defconf: drop invalid "connection-state = invalid add action = accept chain = inp ut comment =" defconf: accept ICMP " protocol = icmp add action = drop chain = input comment = "defconf: drop all not coming from LAN" in-interface-list =! LAN add action = accept chain = forward comment = "defconf: accept in ipsec policy" ipsec policy = in, ipsec add action = accept chain = forward comment = "defconf: accept out ipsec policy" ipsec-policy = out, ipsec add action = fasttrack-connection chain = forward comment = "defconf: fasttrack" connection-state = established, related add action = accept chain = forward comment = "defconf: accept established, related, untracked" connection-state = established, related, untracked add action = drop chain = forward comment = "defconf: drop invalid" connection-state = invalid add action = drop chain = forward comment = "defconf: drop all from WAN not DSTNATed" connection-nat-state =! dstnat connection-state = new in-interface-list = WAN / ip firewall nat add action = masquerade chain = srcnat comment = "defconf: masquerade" ipsec-policy = out, none out-interface-list = WAN / tool abled = yes add interface = bridge / tool Mac-server mac-winbox set [find default = yes] disabled = yes add interface = bridge