New Router Setup – Mikrotik CRS305-1G-4S+IN

Configuration, Networking

I recently replaced my default gateway router with a Mikrotik CRS305-1G-4S+IN. Instead of clickopsing the setup, I decided to use the available cli to script it. Here’s the setup.

If you need to reset the device manually, unplug the device, hold down the reset button while plugging it back in. Hold it until it blinks at you and then release it.

To blow away the existing config and make sure the default config isn’t laid down, here’s the command.

/system reset-configuration no-defaults=yes skip-backup=yes

The default router config sets up on a 192.168.88.1/24 network. I connect to it directly using eth and manually set my ip config to be something like 192.168.88.2 with a subnetmask of 255.255.255.0 and a gateway of 192.168.88.1. I also download Winbox for the administration at https://help.mikrotik.com/docs/spaces/ROS/pages/328129/WinBox

Router Setup

Here’s the full command list on setting up my router. 

/interface ethernet
set ether1 name=wan
set sfp-sfpplus1 name=lan1
set sfp-sfpplus2 name=lan2
set sfp-sfpplus3 name=lan3
set sfp-sfpplus4 name=lan4

/interface list
add name=lan
add name=wan

/interface list member
add list=lan interface=vlan1
add list=lan interface=vlan2
add list=lan interface=vlan3
add list=lan interface=vlan4
add list=wan interface=wan

/ip dhcp-client
add interface=wan use-peer-dns=no add-default-route=yes

/ip dns
set servers=9.9.9.9,149.112.112.112 allow-remote-requests=yes

/interface bridge
add name=bridge1 vlan-filtering=yes

/interface bridge port
add bridge=bridge1 interface=lan1 pvid=1
add bridge=bridge1 interface=lan2 pvid=2
add bridge=bridge1 interface=lan3 pvid=3
add bridge=bridge1 interface=lan4

/interface vlan
add name=vlan1 interface=bridge1 vlan-id=1
add name=vlan2 interface=bridge1 vlan-id=2
add name=vlan3 interface=bridge1 vlan-id=3

/interface bridge vlan
add bridge=bridge1 vlan-ids=1 tagged=bridge1,lan4 untagged=lan1
add bridge=bridge1 vlan-ids=2 tagged=bridge1,lan4 untagged=lan2
add bridge=bridge1 vlan-ids=3 tagged=bridge1,lan4 untagged=lan3

/ip address
add address=10.1.0.1/24 interface=vlan1
add address=10.2.0.1/24 interface=vlan2
add address=10.3.0.1/24 interface=vlan3

/ip firewall nat
add chain=srcnat out-interface=wan action=masquerade

/ip service
disable api
disable api-ssl
disable ftp
set ssh address=10.0.0.0/8
disable telnet
set winbox address=10.0.0.0/8,192.168.0.0/16
set winbox port=8299
disable www
disable www-ssl