# Here is a script you can paste into the console to do some of the above:
# /system reset-configuration no-defaults=yes
/user set admin password=Xxxveryxxxlong123xxxPASSWORDxxx
/system package update install
A MikroTik has no time/date keeping battery, so it needs to update time+date on each boot. A MikroTik by default updates it's time use a MikroTik cloud, check Winbox: IP ⇢ Cloud: Update time is enabled. If you wish to setup a NTP/SNTP client to update from your own network, disable the cloud time.
If you need the router to be able to route/connect to internal networks, give the router an IP on each network, and it will create a dynamic route in the routing table and be able to connect. Add ex. address "10.0.1.1/24", no network, and put the IP on the interface that is cabled to the network. If you have several ports cabled on the network, then bridge the ports and add the address on the bridge.
Since most RouterOS devices can perform either as layer 2 or layer 3, you need to choose your setup of switch chip and CPU. For devices including a switch chip, you will usually connect all ports to one master port, to gain full wire speed switching. Check your devices setup of master ports with:
# Show which master-port each port is using:
/interface ethernet print
If there is a switch chip and you want to use it, set all ports as having the primary port as master port, the ports are now called slaves.
If you want to use the CPU, bridge the ports you want to have Layer 2 access together.
# Show which bridge ports are bridged to:
/interface bridge port print
Rename the interfaces, so they represent your chosen setup and where they are connected to. Example: ether1-slave-crs-17 (ether1 is a slave port, and is cabled to your CRS switch on the CRS switch port 17).
If you are unsure what is included in your device, you can check the cpu with /system resource print and check if a switch chip is present with /interface ethernet switch print.
See RouterOS 6.41 master-port to bridge changes.
There is no technical difference as to what private network you use internally, but if you happen to use the exact same /24 network as your technicians use at home or elsewhere, it might become a nuisance for VPNs. Therefor a common way is:
10.0.x.x: Your company networks
192.168.0-10.x: Your own home or your users private home networks
192.168.11-255.x: Other business networks
172.16.0.0-172.31.255.255: VPN connections and SAN networks
The above is just a common usage, you may choose freely from these networks that are reserved for private networks:
I have local network access from same local subnet, but no internet access?