MikroTik – basic configuration

1. for sure, reset the system

/system reset-configuration

2.1. wifi – disable interface

/interface wireless disable wlan1

2.2. set wifi security policy

/interface wireless security-profiles set * mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="P@ssw0rd1234!" wpa2-pre-shared-key="P@ssw0rd1234!" supplicant-identity="wifi-krai" eap-methods=passthrough tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=no radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=disabled management-protection-key=""

2.3. configure and enable wifi

/interface wireless set 0 ssid=wifi-krai wps-mode=disabled band=2ghz-g/n
/interface wireless enable wlan1

3. set default user name and password

/user set 0 name=root
/user set 0 password="P@ssw0rd1234!"

4. disable unnecessary services

/ip service disable telnet
/ip service disable ftp
/ip service disable www 
/ip service disable api
/ip service disable api-ssl
/ip service disable winbox
/ip service disable www-ssl

5. secure the ssh service

/ip service set ssh port=2222
/ip ssh set strong-crypto=yes

6. name the interfaces

/interface set 0 name=WAN1
/interface set 0 name=LAN2
/interface set 1 name=LAN3

7. set the DNS servers eg. from OpenNIC

/ip dhcp-client set 0 use-peer-dns=no use-peer-ntp=no
/ip dns set servers=,,

8. set router name

/system identity set name=router.krai.local

Leave a Reply

Your email address will not be published. Required fields are marked *