Mikrotic Basic Configuration

3
Step 1 Set LAN IP Address
Step 2 Set WAN IP Address
Step 3 Add Default Route
Step 4 NAT Configuration
Step 5 DNS Server Configure
Mikrotic Queue Management
Simple Queue

Priority Queue
Double Click on any user

Parent Queue
1.Create Child
Create another child and add this to worker Parent

Destination Based Queue

PCQ (per connection queue)
How ISP Configure Different Packages
 Add those address to the interface ether 1
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24

With Same manner Create others Package

2M Upload
2M Download
3M Upload
3M Download
In this Process create other Queue 2MB,3MB

Static mac Binding

DHCP Server
Configuration
DHCP Client Configuration
DHCP MAC Binding Concept
Mikrotik PPPoE Concept
Create user

Route interface
Client end ip
ip

Giving dns server manually

ISP Setup with PPoE
Static Routing
OSPF Configuration with Single Area
Router R1

Router R2
 Same for R2

Now advertise the R1 and R2 networks using network tab from R1 and R2

OSPF Configuration with Multi Area

 Configure another area 100 in Router R1

in Router R3 create Area 100 and advertise all the networks

VLAN
Creating VLan in router 1 Interfaces
Creating VLan in router 2 Interfaces
Adding Ip address to VLAN in router R1

Do the same thing in R2

 Creating new bridge
LAN-BR-VL10
Creating Bridge in R2
Now Assign port to VLAN

Assign VLAN LAN to

Bridge LAN-BR-VL10

Assign ether2 to Bridge

LAN-BR-VL10

Creating new bridge Assign VLAN voice to

voice-BR-VL20 Bridge voice-BR-VL20
Now configuration for the VLAN 20 voice

Assign VLAN Voice to

Bridge LAN-BR-VL20
Create Vlan 10 (Lan) and 20 (Voice) on interface 2
Now assign IP address on Vlan 10 (Lan) and Vlan 20 (Voice)

Create DHCP Server on Vlan 10 and 20

Mikrotic
Bridge
Concept
 Mikrotic Firewall

There are three pre-defined chain on Mikrotik RouterOS:

Input processes those packets which are entering to your MikroTik Router. These packets may
come through any interface of your router. So, any packet that is coming to your MikroTik
Router and containing MikroTik interface IP address as destination IP address is processed by
input chain. In short, when MikroTik Router is destination then it is considered as input chain
activity.
For example, if you or anyone wants to connect to MikroTik Router with SSH or Winbox or
wants to browse HTTP contents, the destination IP address will be MikroTik IP addresses. So,
this is an input chain activity and if you want to block SSH or HTTP protocol, you have to select
input chain in firewall rule.

Output processes those packets which are originated from your MikroTik Router and leaving it
through one of the MikroTik interfaces. So, the packet that is leaving from your router
containing any interface IP address as source IP address is processed by output chain. In short,
when MikroTik Router address is the packet source address then it is considered as output
chain activity.
For example, if you ping any remote server from your MikroTik console, the source IP address is
your MikroTik IP address. So, this is an output chain activity.

Forward processes those packets which are passing through your MikroTik Router. In this
case, MikroTik Router is neither source nor destination. In short, when packet passes through
MikroTik Router then it is considered as forward chain activity.
For example, when your LAN user browses any website, they pass through your MikroTik
router. Here, the destination is web server and the source is your LAN user. So, this is a forward
chain activity. If you want to block any user who will not get access to any web server, you have
to select forward chain property in firewall rule.
 Mikrotic NAT

DST NAT / Port Forwarding

Src NAT

ISP Setup