Tag Archives: wifi


Switches and access-points

Today i got my RB4011 ! Wooot!

Total tally

  • MikroTik CRS305-1G-4S+IN – Lab
  • MikroTik RB2011UiAS-RM – Office
  • MikroTik hAP AC2 – Studio
  • MikroTik CRS109-8G-1S-2HnD-IN – Attic
  • MikroTik RB4011iGS+5HacQ2HnD-IN – Livingroom
  • NEW (2022-04-02) crs125-24g-1s-in (2022-04-02)

To replace .. 4 SLM2008 and a TPLink switch 🙂

How much fun is this! .. A display on a switch!

I’ll be posting something about connecting an arduino to the serial console using a tcp server later.

Mikrotiks are all you can eat .. And there is a lot of functionality. One of the main features (besides being switches and routers)

  • Openvpn server
  • DIY display connect
  • Proxy
  • Today Vincent mentioned Mqtt plugin (2022-apr-6)
  • https://help.mikrotik.com/docs/display/ROS/Packet+Sniffer sounds interesting also

Installing extra packages

  • Download correct package zip from ( https://mikrotik.com/download )
  • Extract and use file upload
  • Reboot your mikrotik

Mikrotik Guest Network

I’ve got several AccessPoints in my network.
Using a roaming setup, clients can connect to strongest AP.

For our Folkband i’ve setup same.
With the exception of those clients only being able to connect to the Internet, and not the rest of my Network

  • Virtual Access Point
  • Own subnet
  • dhcp server only for this access point
  • NAT and Firewall rules for access limitation
/interface bridge 
add name=bridgeguest
/interface wireless security-profiles 
add authentication-types=wpa2-psk eap-methods="" management-protection=allowed mode=dynamic-keys name=guest supplicant-identity=MikroTikHAP wpa2-pre-shared-key=guestkey
/interface wireless
add disabled=no mac-address=MACADDRESS master-interface=wlan1 name=guest security-profile=guest ssid=guest station-roaming=enabled wds-default-bridge=bridge wps-mode=disabled
/ip pool
add name=guest ranges=
/ip dhcp-server
add address-pool=guest disabled=no interface=bridgeguest name=dhcpserverguest
/interface bridge port
add bridge=bridgenb interface=guest
/ip address
add address= comment=defconf interface=ether2 network=
add address= interface=bridgeguest network=
/ip dhcp-client
/ip dhcp-server network
add address= dns-server= gateway=
/ip dns static
add address= name=router.lan type=A
/ip firewall filter
add action=drop chain=input dst-address= dst-port=22,80,443,8291,21,23 protocol=tcp src-address=
add action=drop chain=input dst-address=MYNETWORKSHERE/16 src-address=
add action=drop chain=forward dst-address=MYNETWORKSHERE/16 src-address=
add action=drop chain=forward dst-address=MYNETWORKSHERE/16 src-address=
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=accept chain=srcnat src-address=