What is MikroTik RouterOS™?

What does MikroTik RouterOS™ do?

MikroTik RouterOS™ is a router operating system and software which turns
a regular Intel PC or MikroTik RouterBOARD™ hardware into a dedicated
router.

What features does RouterOS™ have?

RouterOS feature list

Can I test the MikroTik RouterOS™ functionality before I buy the license?
Yes, you can download the installation from MikroTik's webpage and install
your own MikroTik router. The router has full functionality without the need for
a license key for 24h total running time. That's enough time to test the router
for 3 days at 8h a day, if you shut down the router at the end of each 8h day.

Where can I get the License Key?

Create an account on MikroTik's webpage (the top right-hand corner of
www.mikrotik.com). You can use a credit card to pay for the key.

Can I use MikroTik router to hook up to a service provider via a T1, T3, or
other high speed connection?
Yes, you can install various NICs supported by MikroTik RouterOS™ and get
your edge router, backbone router, firewall, bandwidth manager, VPN server,
wireless access point, HotSpot and much more in one box. Please check the
Specification Sheet and Manual for supported interfaces!

Blok m –
gading
1999
How fast will it be?
An Intel PC is faster than almost any proprietary router, and there is plenty
of processing power even in a 100MHz CPU.
How does this software compare to using a Cisco router?
You can do almost everything that a proprietary router does at a fraction of
the cost of such a router and have flexibility in upgrading, ease of
management and maintenance.

What OS do I need to install the MikroTik RouterOS™?

No Operating System is needed. The MikroTik RouterOS™ is standalone
Operating System. The OS is Linux kernel based and very stable. Your hard
drive will be wiped completely by the installation process. No additional disk
support, just one PRIMARY MASTER HDD or FlashDisk, except for WEB proxy
cache.

How secure is the router once it is setup?

Access to the router is protected by username and password. Additional
users can be added to the router, specific rights can be set for user groups.
Remote access to the router can be restricted by user, IP address. Firewall
filtering is the easiest way to protect your router and network.

Installation

How can I install RouterOS?

 RouterOS can be installed with CD Install or Netinstall.

How large HDD can I use for the MikroTik RouterOS™?

MikroTik RouterOS™ supports disks larger than 8GB (usually up to 120GB).
But make sure the BIOS of the router's motherboard is able to support these
large disks.
Can I run MikroTik RouterOS™ from any hard drive in my system?
Yes

Is there support for multiple hard drives in MikroTik RouterOS™?

A secondary drive is supported for web cache. This support has been added
in 2.8, older versions don't support multiple hard drives.

Why the CD installation stops at some point and does not go "all the way
through"?
The CD installation is not working properly on some motherboards. Try to
reboot the computer and start the installation again. If it does not help, try
using different hardware.

Logging on and Passwords

What is the username and password when logging on to the router for the first
time?
Username is 'admin', and there is no password (hit the 'Enter' key). You can
change the password using the '/password' command.

How can I recover a lost password?

If you have forgotten the password, there is no recovery for it. You have to
reinstall the router.

1997
After power failure the MikroTik router is not starting up again
If you haven't shut the router down, the file system has not been
unmounted properly. When starting up, the RouterOS™ will perform a file
system check. Depending on the HDD size, it may take several minutes to
complete. Do not interrupt the file system check! It would make your
installation unusable.

How can I access the router if the LAN interface has been disabled?
You can access the router either locally (using monitor and keyboard) or
through the serial console.

Licensing Issues

How many MikroTik RouterOS™ installations does one license cover?

The license is per RouterOS installation. Each installed router needs a
separate license.

Does the license expire?

The license never expires. The router runs for ever. Your only limitation is to
which versions you can upgrade. For example if it says "Upgradable to v4.x", it
means you can use all v4 releases, but not v5 This doesn't mean you can't stay
on v4.x as long as you want.

How can I reinstall the MikroTik RouterOS™ software without losing my

software license?
You have to use CD, Floppies or Netinstall procedure and install the MikroTik
RouterOS™ on the HDD with the previous MikroTik RouterOS™ installation still
intact. The license is kept with the HDD. Do not use format or partitioning
utilities, they will delete your key! Use the same (initial) BIOS settings for your
HDD!

1997
Can I use my MikroTik RouterOS™ software license on a different hardware?
Yes, you can use different hardware (motherboard, NICs), but you should
use the same HDD. The license is kept with the HDD unless format or fdisk
utilities are used. It is not required to reinstall the system when moving to
different hardware. When paying for the license, please be aware, that it
cannot be used on another harddrive than the one it was installed upon.

License transfer to another hard drive costs 10$. Contact support to arrange
this.
1987
What to do, if my hard drive with MikroTik RouterOS™ crashes, and I have to
install another one?
If you have paid for the license, you have to write to
support[at]mikrotik.com and describe the situation. We may request you to
send the broken hard drive to us as proof prior to issuing a replacement key.

If you have a free demo license, no replacement key can be issued. Please
obtain another demo license, or purchase the base license.

More information available here All_about_licenses

How can I enter a new Software Key?

Entering the key from Console/FTP:

* import the attached file with the command '/system license import' (you
should upload this file to the router's FTP server)

Entering the key with Console/Telnet:

 * use copy/paste to enter the key into a Telnet window (no matter which
submenu). Be sure to copy the whole key, including the lines "--BEGIN
MIKROTIK SOFTWARE KEY--" and "--END MIKROTIK SOFTWARE KEY--"

Entering the key from Winbox:

* use 'system -> license' menu in Winbox to Paste or Import the key

I have mis-typed the software ID when I purchased the Software Key. How can
I fix this?
In the Account Server choose `work with keys`, then select your mis-typed
key, and then choose `fix key`.

About entering keys, see more on this page

Entering a RouterOS License key

All other information about License Keys can be found here

All_about_licenses

Upgrading

How can I install additional feature packages?

You have to use the same version package files (extension .npk) as the
system package. Use the /system package print command to see the list of
installed packages. Check the free space on router's HDD using the /system
resource print command before uploading the package files. Make sure you
have at least 2MB free disk space on the router after you have uploaded the
package files!

Upload the package files using the ftp BINARY mode to the router and
issue /system reboot command to shut down the router and reboot. The
packages are installed (upgraded) while the router is going for shutdown. You
can monitor the installation process on the monitor screen connected to the
router. After reboot, the installed packages are listed in the /system package
print list.

How can I upgrade?

1997
To upgrade the software, you will need to download the latest package files
(*.npk) from our website (the 'system' package plus the ones that you need).
Then, connect to the router via FTP and upload the new packages to it by using
Binary transfer mode.

Then reboot the router by issuing /system reboot command. More

information here: Upgrading_RouterOS

I installed additional feature package, but the relevant interface does not show
up under the /interface print list.
You have to obtain (purchase) the required license level or install the NPK
package for this interface (for example package 'wireless').

If I do upgrade RouterOS, will I lose my configuration?

No, configuration is kept intact for upgrades within one version family. When
upgrading version families (for example, V2.5 to V2.6) you may lose the
configuration of some features that have major changes. For example when
upgrading from V2.4, you should upgrade to the last version of 2.4 first.

How much free disk space do I need when upgrading to higher version?
You need space for the system package and the additional packages you
have to upgrade. After uploading the newer version packages to the router you
should have at least 2MB free disk space left. If not, do not try to make the
upgrade! Uninstall the unnecessary packages first, and then upgrade the
remaining ones.

Downgrading

How can I downgrade the MikroTik RouterOS™ installation to an older version?

You can downgrade by reinstalling the RouterOS™ from any media. The
software license will be kept with the HDD as long as the disk is not
repartitioned/reformatted. The configuration of the router will be lost (it is
possible to save the old configuration, but this option has unpredictable results
when downgrading and it is not recommended to use it).

Another way is to use the /system package downgrade command. This

works only if you downgrade to 2.7.20 and not lower. Upload the older
packages to the router via FTP and then use the /system package downgrade
command.

TCP/IP Related Questions

I have two NIC cards in the MikroTik router and they are working properly. I
can ping both networks from the router but can't ping from one network
through the router to the other network and to the Internet. I have no firewall
setup.

This is a typical problem, where you do not have routing set up at your main
Internet gateway. Since you have introduced a new network, you need to 'tell'
about it your main gateway (your ISP). A route should be added for your new
network. Alternatively, you can 'hide' your new network by means of
masquerading to get access to the Internet. Please take time to study the
Basic Setup Guide, where the problem is described and the solution is given.

There is an example how to masquerade your private LAN:

[admin@MikroTik] ip firewall nat> add chain=srcnat action=masquerade out-

interface=Public
[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat out-interface=Public action=masquerade

How can I change the TCP port number for telnet or http services, if I do not
want to use the ports 23 and 80, respectively?
You can change the allocated ports under /ip service.

When I use the IP address/mask in the form 10.1.1.17/24 for my filtering or

queuing rules, they do not work.
The rules 'do not work', since they do not match the packets due to the
incorrectly specified address/mask. The correct form would be:

10.1.1.0/24 for the IP addresses in the range 10.1.1.0-10.1.1.255, or,

10.1.1.17/32 for just one IP address 10.1.1.17.

I need to set up DHCP client, but the

1997
client'.
re is no menu '/ip dhcp-

The DHCP feature is not included in the system software package. You need
to install the dhcp package. Upload it to the router and reboot!

Can I statically bind IP's to MAC addresses via DHCP?

Yes, you can add static leases to the DHCP server leases list. However,
DHCP is insecure by default, and it is better to use PPPoE for user
authentication and handing out IP addresses. There you can request the user
to log on from a specified MAC address as well.

How can I masquerade two different subnets using two different external IP
addresses for them?
Use /ip firewall nat rule with chain=srcnat action=nat, specify the to-src-
address argument value. It should be one of the router's external addresses. If
you use action=masquerade, the to-src-address is not taken into account,
since it is substituted by the external address of the router automatically.

I cannot surf some sites when I use PPPoE.

Use /ip firewall mangle to change MSS (maximum segment size) 40 bytes
less than your connection MTU. For example, if you have encrypted PPPoE link
with MTU=1492, set the mangle rule as follows:

/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss tcp-mss=!
0-1448 new-mss=1448

Bandwidth Management Related Questions

How can I controll bandwidth(bandwidth shaping)in Bridge mode?

In bridge settings enable use-ip-firewall.

Can I use MikroTik as a bridge and a traffic shaper in one machine?

Yes. You can use all the extensive queue management features. Set the
queue to the interface where the traffic is actually leaving the router, when
passing through the router. It is not the bridge interface! The queue on the
bridge interface is involved only for the traffic generated from the router.

Can I limit bandwidth based on MAC addresses?

For download:

1. connection-mark all packets from the MAC of each client with different
marks
for each client using action=passthrough:
/ip firewall mangle add chain=prerouting src-mac-
address=11:11:11:11:11:11 \
action=mark-connection new-connection-mark=host11 passthrough=yes

2. Remark these packets with flow-mark (again different flow-marks for each
connection-marks):
/ip firewall mangle add chain=prerouting connection-mark=host11 new-
packet-mark=host11

3. We can use these flow-marks in queue trees now.

While this solution should function, it is fundamentally flawed as the first

packet of each connection destined to these clients will not be taken into
account.

For upload:

[admin@AP] ip firewall mangle> add chain=prerouting src-mac-

address=11:11:11:11:11:11 \
action=mark-packet new-packet-mark=upload
Wireless Questions

Can I bridge wlan interface operating in the station mode?

No, you cannot.

See more >>

BGP Questions