Har nogen spørgsmål? support@tikdis.com
All MikroTik devices except CSS units, can be configured with the powerful Winbox application. These are the different main categories of devices:
In the cheapest devices you will find copper ethernet ports, and as the price increases you will also get SFP ports while in the core/edge devices there will only be SFP ports.
The ethernet ports are the common 10/100/1000 ports. The SFP ports can be used as different types of ports, depending on the adapter you insert.
A switch is a device that can move packets between ports, based on their destination MAC address on the LAN. The MAC address is the id of a physical network card and looks like 4C:5E:0C:15:47:2E. All MAC addresses have to be unique on the same switched network, which they always are since all vendors use their assigned MAC address ranges. This is called Layer 2 or OSI 2.
If the MikroTik device has a built-in switch chip, RouterOS and Winbox will show a switch submenu. Since most switches have a dedicated switch chip providing full wire speed, the CPU is often slow as it usually not needed. Remember to use the settings in the switch menu to use the switch chip, some features like VLAN can be set both for the CPU (⇢ interfaces ⇢ VLAN) and for the switch chip (⇢ switch ⇢ VLAN).
To enable the switch chip, all ports except the first one have to have the setting masterport="name of first port". If you set the masterport to none for a port, then that port will connect to the CPU, which will provide more options, but less speed.
The switch will continuously update it's own address table of destination MAC addresses, so any packet going to a machine connected to the same switch, will pass directly to that port. If the destination port is not on the switch, the packet will pass either to the local CPU or an external connected router, to be routed based on the IP address.
To transparently connect different switch LANs, you bridge them. Bridging two switched networks, creates one large LAN. Since this works on layer 2 based on MAC addresses, the bridge will be invisible for an IP network.
Using EoIP (Ethernet over IP) you can create a tunnel across the internet, and bridge 2 geographically separated LANs to one LAN.
If you enable bridging on a MikroTik device, it will use the MAC address of the first bridge port which comes up, as the MAC address of the bridge, which means that after a reboot of the device, the MAC address might change. Often you will want to change the MAC address assigned to the bridge, to a be a static address, to avoid the MAC address from changing on the bridge. Just copy the current MAC address of the bridge to "Admin. MAC Address".
The difference from a switch, is that a router understands IP addresses, which a switch do not. The ability to understand IP addresses and route between them, is called layer 3 or OSI 3.
Home routers usually incorporate both a switch chip to provide speed between ports and a CPU to provide the neccessary routing, firewalling, WiFi access etc. High-end routers like the CCR series, only have CPUs which provide all options, but need a lot of CPU power, which increase the cost of the units.
To be able to route, the router needs a route list of IP addresses, to know where to send the packets. At least "0.0.0.0/0" meaning all IP addresses need to be in the route list, with a gateway to the internet. On a home device the gateway will usually be an IP like 192.168.0.1 or the first port in the router, where the internet cable is usually attached.
To be able to route to different local networks, you can manually create routes. But the common way is to add an extra IP to the routers address list on the other network assigned to the port where the network is attached, and give the router an available IP on the other network like 192.168.10.2. This way, the router will automatically create the necessary route.
RouterSwitch: What we call a RouterSwitch is a device that have both a switch chip for wirespeed switching and a CPU for routing. Most home devices are routerswitches.
CPE / Wireless station: CPE is short for Customer Premises Equipment, and means any kind of device that you own, but have placed at a customer. In MikroTik quick settings, a CPE is a wireless station. That is a device working as an external WiFi network card for a computer. Can be used to secure a machine or add new network or WiFi options to a computer.
AP: Short for Access Point, the primary device in your network that allow users to access a WiFi network, it is your WiFi server and primary WiFi connection.
Home AP: A home AP works as both a router, switch and also an access point. In Winbox quick settings it adds one wireless SSID per WiFi card in the AP.
WISP AP: Wireless Internet Service Provider. An advanced AP usually used by ISPs, hotels etc., providing multiple SSIDs simultaneous on the same WiFi network. With VLAN support these different SSIDs become completely isolated networks.
cAP or CAP: Controlled Access Point, a device that only do WiFi and extends your WiFi network. Can work as a standalone WiFi repeater or be controlled by CAPsMAN (Controlled Access Point system Manager) allowing central wireless network management and processing. To use CAPsMAN, you enable it on your AP and then have no configuration on the CAPs.
PTP Bridge: Point to Point Bridge. Will connect two networks through a tunnel across the internet, so both networks are layer 2 LAN connected and works as if they had a local ethernet cable between them.
The layers 4-6 are transport, session and presentation. The transport layer 4 defines the protocol used to communicate, almost all data are transported using the TCP or UDP protocol. The primary difference is that TCP creates a connection, TCP packets travel within this connection and the destination responds to the source telling if a packet is received or not. UDP is stateless, there is no connection and the source is not informed if the packet is received.
In common network setups you rarely need to use session layer 5 and presentation layer 6.
All MikroTik routers can also work as layer 7 devices. A layer 7 device is able to inspect the content of a packet, and take action depending on the content. Like checking to see if the URL of a webpage is a known hacking attempt. Be aware that checking the content of packets may be very ressource intensive and if done wrong, may easily consume all the devices CPU power. So take care when using this feature, and make sure you understand the recommended firewall setup first.
To separate different networks on the same switches or LAN, the common way is to use VLANs. Using VLANs you may safely have a guest WiFi network use the same cables as you office network, with none of them being able to see the other networks packets. In server setups, VLANs are commonly used to separate different types of traffic or different customers in the same hosting environment.
Using a VLAN adds an ID to each packet after which the packet is tagged, and you then need to setup your devices to match the specific IDs to the right ports.
On a router, you commonly bridge the ports and the VLANs.
On a switch like the CRS series, there are many different ways to setup VLANs. You can setup the VLAN per port, by MAC address, by protocol etc. Remember to use the VLAN settings in the switch menu, to use the switch chip on a switch.
Winbox is a Windows/Mac/Linux application, which makes it much easier to setup and administrate both single devices and large networks of devices. Winbox is a native Windows application, which also works fine using Wine on macOS and Linux. You can download precompiled wine versions on the download page.
Using RoMON as an agent on a MikroTik device, you can even use Winbox to connect through your router to administrate MikroTik switches by MAC inside your network.