Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Mikrotik to replace Gargoyle routers

Locked
 
SumTingWong
just joined
Topic Author
Posts: 14
Joined: Fri Aug 19, 2016 7:16 am

Mikrotik to replace Gargoyle routers

Wed Aug 31, 2016 8:18 am

Greetings,

Have been playing with a hAP ac RB962UiGS-5HacT2HnT for about a month. It has been a very steep learning curve.

Have 20+ Gargoyle routers and they are getting old and unreliable and they are needing to be replaced more frequently, so looking to migrate to Mikrotik.

The main issue I have at this point in time is configuring the DHCP address range. I cannot find a resource that explains the concepts/steps I need to configure this.

Due to existing setups I need to setup the DHCP server to issue addresses in the 192.168.100.1/24 range. I keep locking myself out of the router and after 100+ hours of failing, could you please assist me? A resource that explains the concepts, so I can learn would be great, but at this stage a simple answer would suffice.

Thank you in advance.

Here is an export of a base configuration that I am working with:
Code: Select all
# aug/31/2016 13:04:05 by RouterOS 6.36
# software id = Q4Q4-R643
#
/interface bridge
add admin-mac=E4:8D:8C:6B:C3:6B auto-mac=no comment=defconf name=bridge
add name=bridge-iptc
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/ip neighbor discovery
set ether1 discover=no
set bridge comment=defconf
/interface vlan
add interface=ether1 name=vlan500 vlan-id=500
add interface=ether1 name=vlan600 vlan-id=600
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan500 max-mru=1492 max-mtu=\
    1492 name=unifi password=PASSWORD use-peer-dns=yes user=USER
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" management-protection=\
    allowed mode=dynamic-keys name="Cam Key" supplicant-identity="" \
    wpa-pre-shared-key=0416431737 wpa2-pre-shared-key=0416431737
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \
    disabled=no distance=indoors frequency=auto mode=ap-bridge security-profile=\
    "Cam Key" ssid=2GHz wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee \
    disabled=no distance=indoors frequency=auto mode=ap-bridge security-profile=\
    "Cam Key" ssid=5GHz wireless-protocol=802.11
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge-iptc interface=ether4
add bridge=bridge-iptc interface=vlan600
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=\
    8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=input comment="defconf: drop all from WAN" in-interface=\
    ether1
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
    invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" \
    connection-nat-state=!dstnat connection-state=new in-interface=ether1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" log-prefix="" \
    out-interface=unifi
/system clock
set time-zone-name=Asia/Kuala_Lumpur
/system routerboard settings
set cpu-frequency=720MHz protected-routerboot=disabled
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=bridge
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=bridge
Top
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Mikrotik to replace Gargoyle routers

Wed Aug 31, 2016 12:39 pm

Code: Select all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
First of all, I wouldn't disable the mac-winbox service, as that ensures you can manage the router even if there's no L3 connectivity.

Turn that back to enabled, and you should see the router appearing in the "neighbors" tab in Winbox, meaning you can connect to it over Layer 2.

Tools > Romon is a lifesaver too.

To set up a DHCP server, you must ensure that:

1- The interface the dhcp-server runs "over" has an IP
2.- This IP is in the same range as the ip pool.
3.- The DHCP server network is properly defined

So if you want to set the DHCP server for the 192.168.100.0/24 range:
Code: Select all
/ip pool
add name=default-dhcp ranges=192.168.100.10-192.168.100.254

/ip address
add address=192.168.100.1/24 comment=defconf interface=bridge network=\
    192.168.100.0

/ip dhcp-server network
add address=192.168.100.0/24 comment=defconf gateway=192.168.100.1
Next time you set up a DHCP server from scratch, use IP > DHCP Server, DHCP tab, you can click the "DHCP setup" wizard which will guide you through all the steps involved.
Top
 
SumTingWong
just joined
Topic Author
Posts: 14
Joined: Fri Aug 19, 2016 7:16 am

Re: Mikrotik to replace Gargoyle routers

Thu Sep 01, 2016 7:06 am

First of all, I wouldn't disable the mac-winbox service
Thank you very much. Enabling this service has really helped me troubleshoot without having to restore the configuration every time I stuff up.

I would like to give you reputation points but it appears that I don't have any to give.
Top
 
User avatar
pukkita
Trainer
Trainer
Posts: 3051
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: Mikrotik to replace Gargoyle routers

Thu Sep 01, 2016 2:18 pm

Never mind... if you found mac-winbox useful, have a look at RoMON... there are video presentations on youtube
Top
 
SumTingWong
just joined
Topic Author
Posts: 14
Joined: Fri Aug 19, 2016 7:16 am

Re: Mikrotik to replace Gargoyle routers

Fri Sep 02, 2016 9:16 am

I have made great progress (for me) now that I can maintain MAC access to WinBox.

Somehow I have stuffed up my previously working WLAN interfaces. The HaP has wlan1 (2GHz) and wlan2 (5GHz) on by default.

I have created Virtual AP (wlan3) on wlan1 that connects to the internet without issue.

For some reason I cannot connect to wlan1 even though can connect to a virtual AP on wlan1.

I am looking at the export files that I make after each change but cannot see why I no longer can connect to wlan1.


I have noticed that the wlan interfaces that are not working have their names in Italics.
Image

In WinBox when I look at the Bridges/Ports page, there is a | (pipe) in the first column (un-labeled) and I can't Enable them. Removing and re-adding them does not solve issue.

Thanks.
Last edited by normis on Fri Sep 02, 2016 10:45 am, edited 1 time in total.
Reason: you do have rights, but your URL was incorrect
Top
Locked
  4. RouterOS
  5. Beginner Basics