Архив метки: Mikrotik

MikroTik Wireless AP Configuration with DHCP using Winbox

MikroTik Wireless Router is one of the most popular and stable WiFi Routers. WiFi Zone for an ISP or for an office or for a home can easily be configured with MikroTik WiFi Router. MikroTik has a lot of WiFi Routers that can be used as a WiFi Access Point (AP), a WiFi Station or a WiFi Repeater. MikroTik Wireless Router can also be used as both WiFi Station and WiFi AP simultaneously. The simple usage of MikroTik Wireless Router is to create a WiFi Zone with MikroTik WiFi AP. So, in this article I will discuss how to configure MikroTik WiFi AP to create a WiFi Zone in a home or in an office or even in an ISP network using MikroTik hAP lite wireless router.




MikroTik WiFi Access Point




The bridge or ap-bridge mode of a MikroTik Wireless Router is used to create a WiFi Access Point. MikroTik Wireless Router offers creating meaningful SSID with WPA and WPA2 PSK security. MAC Address filtering can also be applied in MikroTik WiFi AP with Access List and RADIUS Server. A lot of WiFi Routers are available in MikroTik for different purpose. Among these we will configure a hAP lite (RB941-2nD) wireless router (but the configuration can be same for all MikroTik Wireless Routers) to create a WiFi Zone in a home, office or ISP.




Network Diagram




The following network diagram is being followed for this article configuration.




MikroTik WiFi Router
MikroTik WiFi Router




In this network diagram a hAP lite MikroTik Wireless Router is being used as a WiFi AP and LAN gateway. This wireless router has one WLAN interface and four Ethernet interfaces. WiFi AP will be created on WLAN interface so that wireless devices can be connected. Among four Ethernet interfaces, ether1 port will be used as WAN connection with IP network 192.168.70.0/30. We will create a bridge interface and configure a DHCP Server (with IP block 10.10.70.0/24) on this bridge interface and then add WLAN interface and ether2 to ether4 interfaces to this bridge so that WiFi users and LAN users can get IP address, default gateway and other network parameters from this DHCP Server automatically.




MikroTik WiFi AP Configuration




We will now configure WiFi AP and LAN gateway in MikroTik hAP light Wireless Router. Complete Wireless AP Setup and LAN Gateway Configuration can be divided into the following five steps.




  • Resetting Default RouterOS Configuration
  • WiFi AP Setup on WLAN Interface
  • Creating Bridge Interface and Adding LAN and WLAN Ports
  • Basic RouterOS Configuration
  • DHCP Configuration on Bridge Interface




Step 1: Resetting RouterOS Default Configuration




MikroTik Wireless RouterOS usually comes with default configuration. But default configuration sometimes makes you confused. So, I always suggest to reset and remove default configuration. The following steps will show how to reset and remove RouterOS default configuration.




  • Login to RouterOS using Winbox with admin user or any full permission user.
  • Click on System menu item and then click Reset Configuration option. Reset Configuration window will appear.
  • Click the No Default Configuration checkbox.
  • Click on Reset Configuration button. It will ask to confirm resetting configuration. Click Yes to confirm.
  • Now default configuration will be reset and Routerboard will be rebooted. After successful reboot, you will get a fresh and zero configuration RouterOS.




Resetting RouterOS Default Configuration
Resetting RouterOS Default Configuration




Step 2: WiFi AP Setup on WLAN Interface




MikroTik hAP lite wireless router has a WLAN interface where WiFi AP has to be setup. To setup WiFi Access Point in MikroTik Wireless Router we have to first create Security Profile and then create SSID to connect wireless devices.




Creating Security Profiles




To connect a wireless device with MikroTik WiFi AP, wireless devices must provide security key (password).  MikroTik wireless supports both WPA PSK and WPA2 PSK authentication type.  The following steps will show how to create passkey for MikroTik WiFi AP with Security Profile.




  • From Winbox, click on Wireless menu item. Wireless Tables window will appear.
  • Click on Security Profiles tab and then click on PLUS SIGN (+). New Security Profile window will appear.
  • Put a meaningful profile name (WiFi Profile) in Name input field.
  • Choose dynamic keys from Mode drop down menu.
  • Check WPA PSK and WPA2 PSK checkbox from Authentication Types panel.
  • Now provide strong password in WPA Pre-Shared Key and WPA2 Pre-Shared Key password box.
  • Click Apply and OK button.




MiKroTik Wireless AP Security Profile
MiKroTik Wireless AP Security Profile




Creating SSID for MikroTik WiFi AP




After creating Security Profile we will now set Wireless Mode and create SSID (Service Set Identifier) so that wireless devices can find our MikroTik Access Point with created SSID. The following steps will show how to create SSID and set wireless mode in hAP lite MikroTik Wireless Router.




  • Click on WiFi Interfaces tab and you will find WLAN interface (by default: wlan1) here. It may be disabled at first time. So, if you find disabled, click mouse right button on it and then click on Enable option to enable WiFi interface.
  • Double click on available and enabled WiFi Interface. Interface window will appear.
  • From General tab you can set WiFi interface name from Name input box or you can keep it default.
  • Click on Wireless tab and choose ap bridge from Mode dropdown menu.
  • Put SSID name (MikroTik AP) in SSID input box.
  • Now click on Advanced Mode button and choose your created security profile from Security Profile drop down menu.
  • Make sure Default Authenticate and Default Forward checkbox is checked. Otherwise devices will not be connected until MAC authentication.
  • Click Apply and OK button.




MikroTik WiFi AP Setup
MikroTik WiFi AP Setup




Now created SSID will be found in wireless devices and wireless device can be connected providing password. You will find connected devices in Registration tab. But connection is not enough to get internet. IP address, default gateway and other network parameters have to provide to get internet to the connected devices. So, we will now do MikroTik Router basic configuration with creating bridge interface. We will also configure DHCP Server to assign IP address, default gateway and other network parameters automatically.




Step 3: Creating Bridge Interface and Adding LAN and WLAN Ports




We will now create a bridge interface and add ether2 to ether3 interfaces including WLAN interface to this bridge because we want to provide same block IP address to LAN and WiFi users. The following steps will show how to create bridge interface and add physical interfaces to it.




  • Click on Bridge menu item. Bridge interface will appear.
  • Click on Bridge tab and then click on PLUS SIGN (+). New Interface window will appear.
  • Put bridge interface name in (LAN_Bridge) Name input field.
  • Click Apply and OK button.
  • Now click on Ports tab and click on PLUS SIGN (+). New Bridge Port window will appear.
  • Choose ether2 interface from Interface dropdown menu.
  • Choose created bridge interface (LAN_Bridge) from Bridge dropdown menu.
  • Click Apply and OK button.
  • Similarly add ether3, ether4 and wlan1 interfaces to this bridge.




Adding Interface to Bridge
Adding Interface to Bridge




Step 4: Basic RouterOS Configuration




We will now do RouterOS basic configuration where we will assign WAN IP, LAN Gateway, DNS IP, and Default Gateway IP and configure NATing. The following steps will show how to do basic configuration in MikroTik Wireless Router.


  • Go to IP > Address menu item. Address List window will appear.
  • Click on PLUS SIGN (+). New Address window will appear. Put ISP provided IP address (192.168.70.2/30) in Address input box. Now choose ether1 from Interface dropdown menu. Click Apply and OK button.
  • Similarly, click on PLUS SIGN (+) again and put LAN Gateway IP (10.10.70.1/24) in Address input field and choose bridge interface (LAN_Bridge) from Interface dropdown menu and click Apply and OK button.
  • Now go to IP > DNS menu item. DNS Settings window will appear. Put your ISP provided DNS IP or Google Public DNS IP 8.8.8.8 in Servers input field.
  • Go to IP > Routes menu item. Route List window will appear. Click on Gateway input field and put ISP provided gateway IP (192.168.70.1) in this field. Click Apply and OK button.
  • Go to IP > Firewall menu item. Firewall window will appear. Click on NAT tab and then click on PLUS SIGN (+). New NAT Rule window will appear. From General tab choose srcnat from Chain drop down menu and put LAN Block (10.10.70.0/24) in Src. Address input field. Click on Action tab and choose masquerade from Action drop down menu and then click Apply and OK button.
  • Now click New Terminal menu item and ping google.com. If everything is OK, you will get response that means MikroTik Router is now ready to communicate to internet.




MikroTik Winbox Terminal
MikroTik Winbox Terminal




Step 5: DHCP Server Configuration on Bridge Interface




We will now setup DHCP Server on bridge interface so that WiFi users and LAN users can get IP address, default gateway and other network parameters automatically. The following steps will show how to setup DHCP Server on bridge interface in MikroTik RouterOS.




  • Go to IP > DHCP Server menu item. DHCP Server window will appear.
  • Click on DHCP Setup button. DHCP Setup window will appear.
  • Choose bridge interface (LAN_Bridge) from DHCP Server Interface drop down menu and then click Next button.
  • LAN Block (10.10.70.0/24) will be automatically assigned in DHCP Address Space input field. So, nothing to do. Just click Next button.
  • LAN Gateway (10.10.70.1) will automatically be assigned in Gateway for DHCP Network input field. So, just click Next button.
  • IP Pool from where IP address will be assigned to Wireless devices and LAN devices will be automatically assigned from LAN Block (10.10.70.2-10.10.70.254) in Addresses to Give Out input field. So, just click Next button.
  • Your assigned DNS Server IP will automatically be assigned in DNS Server input filed. So click Next button.
  • Default DHCP lease time is 10 minute. So, 10 minute will keep assigned in Lease Time input filed. If you want, you can increase lease time as much you want. Click Next button.
  • Now you will find DHCP Setup successful message window. Just click OK button.




MikroTik DHCP Server Setup
MikroTik DHCP Server Setup




MikroTik WiFi AP with DHCP Server is now ready. Now connect any wireless device or connect any LAN device. The device will get IP address, default gateway and other network parameters automatically and be able to get internet access.




With this MikroTik WiFi AP configuration any wireless user who knows WiFi password can connect with SSID and any LAN user who will be connected with LAN cable can able to get access to DHCP Server and DHCP Server will be happy to provide him/her IP address, default gateway and other network parameters because there is no filter rule to block unauthorized access.




MikroTik Wireless or WiFi AP is smart enough granting access based on MAC address. But MAC address filtering can only save WiFi access. LAN users should also filter based on MAC Address. For this, it is always better to use Static DHCP Server Configuration which will filter access based on MAC Address.




If you face any confusion to follow the above steps, watch the following video on MikroTik WiFi AP Configuration with DHCP Server. I hope it will reduce your any confusion.