First install, did I miss anything?

This is my first install of a MikroTik router. I’m using a RB2011 running 6.1.

The device should be set to 192.168.1.0/24, with a gateway of 192.168.1.1. It should get an address/DNS servers from the modem (not connected yet,) and assign addresses in the from 192.168.1.50-100. Firewall should not be dropping anything other than what would be considered normal for a consumer router. Modem will come in on port 1, and connect my master network switch on port 2. Basically, this should be set up exactly as the generic 54GL/Tomato I am currently running is.

I don’t think I missed anything, as the router is assigning addresses correctly and I can log into 192.168.1.1 with no trouble. Before I cut over this weekend, I’m hoping someone can take a quick look and tell me if I missed anything.

[admin@MikroTik] > export compact
# jan/02/1970 00:29:41 by RouterOS 6.1
# software id = WMZC-U08A
#
/interface bridge
add admin-mac=<removed> auto-mac=no l2mtu=1598 name=bridge-local \
    protocol-mode=rstp
/interface ethernet
set 0 name=ether1-gateway
set 5 name=ether6-master-local
set 6 master-port=ether6-master-local name=ether7-slave-local
set 7 master-port=ether6-master-local name=ether8-slave-local
set 8 master-port=ether6-master-local name=ether9-slave-local
set 9 master-port=ether6-master-local name=ether10-slave-local
/ip neighbor discovery
set ether1-gateway discover=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip pool
add name=rhino ranges=192.168.1.50-192.168.1.100
/ip dhcp-server
add address-pool=rhino disabled=no interface=bridge-local name=default
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge-local interface=ether2
add bridge=bridge-local interface=ether3
add bridge=bridge-local interface=ether4
add bridge=bridge-local interface=ether5
add bridge=bridge-local interface=ether6-master-local
add bridge=bridge-local interface=sfp1
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
    bridge-local network=192.168.1.0
add address=192.168.1.1/32 interface=ether2 network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
    no interface=ether1-gateway
/ip dhcp-server network
add address=192.168.1.0/24 comment="default configuration" dns-server=\
    192.168.1.1 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.1.1 name=router
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add action=drop chain=input comment="default configuration" in-interface=\
    ether1-gateway
add chain=forward comment="default configuration" connection-state=\
    established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
    connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" \
    out-interface=ether1-gateway to-addresses=0.0.0.0
/lcd
set current-interface=ether2
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2
add interface=ether3
add interface=ether4
add interface=ether5
add interface=ether6-master-local
add interface=ether7-slave-local
add interface=ether8-slave-local
add interface=ether9-slave-local
add interface=sfp1
add interface=bridge-local

Thanks for the help. I’m really liking this router so far.

First of all, update to RouterOS 6.7 and update the BIOS [firmware]

You remove the mac:
/interface bridge
add admin-mac=
It can be the same as ether6 mac

On system packages disable hotspot, mpls and routing if you not use that (effective after reboot).

is better to specify static dns than obtaining from dhcp client.
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,4.4.4.4

missing ntp for sync the routerboard time
/system ntp client
set enabled=yes primary-ntp=[:resolve 0.europe.pool.ntp.org] secondary-ntp=[:resolve 1.europe.pool.ntp.org]

I see no errors.

Thanks for the info, I really appreciate it.

The MAC address for the router is actually there, I just got in the habit of removing as much identifying information as possible. I left the DNS servers as dynamic because my ISP appears to hijack Google DNS, and OpenDNS has problems updating within a reasonable amount of time. If it’s better to put them as static, I’ll see if I can find out exactly why my ISP is returning their results instead of Google’s.

I’ll turn off packages tonight and update the NTP settings when I cut it over this weekend.

edit: It occurred to me that the clock is wrong because there was no WAN connection at the time of export. I’ll still check the NTP servers and add in the correct ones.

I added in all the recommended items, my static DHCP routes and forwards last night. Everything came up and I had WAN access immediately. I’m still solving a few minor issues, but the network is working great. Thanks again.

Can I ask a couple questions…

I’ve got a 24 port unit sitting here that I am trying to setup and I haven’t really moved forward…

Can you walk me thru a couple sections as to what they are doing.. or what’s in ports 2-5 and 6-10

When you say it connects my master network switch on port 2, is that another device or is port 2 essentially connecting your router to the switch on the 2011?

On my setup, my cable modem connects to port 1, and comes out on port 2. Port 2 is firewalled, forwarded, etc.

Port 2 then connects directly to the rest of the network - an unmanaged switch, a wireless AP, and all the devices that ride on the network. I’m not using ports 3-10 right now, but I’m thinking of ways to have something plugged into them.