Setting up an Mikrotik Router

Setting up a MikroTik router for your homelab can be an exciting way to improve network performance, security, and management. MikroTik routers are known for their flexibility, power, and affordability, making them an ideal choice for homelab enthusiasts looking to build a robust network infrastructure. In this post, we’ll walk you through the essential steps to get your MikroTik router up and running.

Connect to the router

To configure the MikroTik router, you’ll first need to establish a connection. We recommend using either a serial cable or an SSH connection. These methods allow you to easily copy and paste the configuration commands provided below, making the setup process more efficient and error-free.

Using a Serial Cable

1. Connect the serial cable to the MikroTik router and your computer.
2. Use terminal software like PuTTY (Windows), screen (Linux), or Serial (macOS).
3. Configure the terminal software with the following settings:

• Baud Rate : 115200
• Data Bits : 8
• Stop Bits : 1
• Parity : None
• Flow Control : None

4. Open the connection, and you’ll see the MikroTik console.
5. When prompted, enter the default username admin and leave the password field blank (default).

Using SSH

1. Connect your computer to one of the LAN ports of the MikroTik router using an Ethernet cable.
2. Ensure your computer is set to obtain an IP address automatically (DHCP). The router will assign your computer an IP address.
3. Find the default IP address of the MikroTik router (usually 192.168.88.1) and use SSH to connect.
4. When prompted, enter the default username admin and leave the password field blank (default).

First, we’ll configure the LAN ports to establish a network connection for all your devices. This will ensure that both your homelab and internet access are set up properly, providing seamless connectivity throughout your network.

LAN

Bridge Interface

we’ll create a bridge interface, allowing us to combine all the ports into a single network. This will enable seamless communication between all your devices on the same network.

 1/interface bridge
 2add name=bridge1 protocol-mode=none
 3/interface bridge port
 4add bridge=bridge1 interface=ether2
 5add bridge=bridge1 interface=ether3
 6add bridge=bridge1 interface=ether4
 7add bridge=bridge1 interface=ether5
 8add bridge=bridge1 interface=ether6
 9add bridge=bridge1 interface=ether7
10add bridge=bridge1 interface=ether8
11/interface list
12add name=LAN
13/interface list member
14add interface=bridge1 list=LAN
15/ip address
16add address=192.168.1.1/24 interface=bridge1 network=192.168.1.0

DHCP

Now, we’ll set up a DHCP server to automatically assign IP addresses to all the devices connected to your network.

1/ip dhcp-server network
2add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24
3/ip pool
4add name=dhcp_pool0 ranges=192.168.1.100-192.168.1.254
5/ip dhcp-server
6add address-pool=dhcp_pool0 interface=bridge1 lease-time=1d name=dhcp1

DNS

Next, we’ll enable DNS queries on the router and configure it to forward those queries to the upstream DNS server. This will ensure that your devices can resolve domain names and access websites without any issues.

1/ip dns
2set allow-remote-requests=yes

Firewall

The firewall will be configured to block all incoming traffic by default, only allowing connections that are established, related, or untracked. Outgoing traffic will be permitted solely from the LAN side, ensuring secure and controlled communication between your devices and the internet.

 1/ip firewall filter
 2add action=accept chain=forward comment="Allow established,related,untracked" connection-state=established,related,untracked
 3add action=drop chain=forward comment="drop invalid traffic" connection-state=invalid
 4add action=accept chain=forward comment="port forwarding" connection-nat-state=dstnat
 5add action=accept chain=forward comment="internet traffic" in-interface-list=LAN out-interface-list=WAN
 6add action=accept chain=forward comment="LAN to LAN" in-interface-list=LAN out-interface-list=LAN
 7add action=drop chain=forward comment="drop all else"
 8add action=accept chain=input comment="Allow established,related,untracked" connection-state=established,related,untracked
 9add action=drop chain=input comment="Drop invalid" connection-state=invalid
10add action=accept chain=input comment="Allow traffic from LAN interface list to the router" in-interface-list=LAN
11add action=drop chain=input comment="Drop all else"
12/ip firewall service-port
13set ftp disabled=yes
14set tftp disabled=yes
15set h323 disabled=yes
16set sip disabled=yes

WAN

We’ll need to configure the WAN interface to obtain an IP address from your ISP. In this setup, the physical interface ether1 will be used to connect to your ISP.

Be sure to replace the placeholder variables [inside brackets] with values specific to your setup.

1/interface vlan add interface=ether1 name=internet vlan-id=[ISP VLAN ID]
2/ip dhcp-client add interface=internet disabled=no use-peer-ntp=no add-default-route=yes 
3/interface list add name=WAN 
4/interface list member add interface=internet list=WAN

1/interface ethernet set ether1 name=internet 
2/ip dhcp-client add interface=internet add-default-route=yes disabled=no use-peer-ntp=no 
3/interface list add name=WAN 
4/interface list member add interface=internet list=WAN`

1/interface add interface=ether1 name=vlan_int vlan-id=[ISP VLAN ID]
2/interface pppoe-client add add-default-route=yes disabled=no interface=vlan_int name=internet use-peer-dns=yes user=[username] password=[password]
3/interface list add name=WAN 
4/interface list member add interface=internet list=WAN`

1/interface pppoe-client add add-default-route=yes disabled=no interface=ether1 name=internet use-peer-dns=yes user=[username] password=[password]
2/interface list add name=WAN 
3/interface list member add interface=internet list=WAN`

1/interface ethernet set ether1 name=internet 
2/ip address add address=[IP Address] interface=internet 
3/ip route add gateway=[IP Gateway]
4/ip dns set servers=[DNS Server]
5/interface list add name=WAN 
6/interface list member add interface=internet list=WAN`

NAT

We’ll now set up a NAT rule to translate all outgoing traffic from your local network to your public IP address. This will enable devices in your homelab to access the internet using the router’s public IP, ensuring proper routing and security for all outgoing connections.

1/ip firewall nat
2add action=masquerade chain=srcnat comment="Enable NAT on WAN interface" out-interface-list=WAN

System

We’ll create a new user account with the necessary privileges and then disable the default user account. This will help prevent unauthorized access and ensure that only trusted users can manage the router. As well we you can change the hostname for the router.

User Account

1/user add name=[YourUsername] password=[YourPassword] group=full
2/user disable admin

• Replace [YourUsername] to your new username
• Replace [YourPassword] to your new password

Hostname

1/system identity
2set name=<Your hostname>

NTP

To ensure the router displays the accurate time, we’ll configure the correct timezone.

1/system ntp client
2set enabled=yes
3/system ntp client servers
4add address=time.cloudflare.com
5/system clock
6set time-zone-name=Your Timezone

Replace Your Timezone this to your timezone

Now your MikroTik router is fully configured and ready to power your homelab! 🎉 With a secure and efficient network in place, you can focus on building and exploring your homelab projects. Happy networking! 🤝