Initial setup of Mikrotik Chateau 5G
Initial setup of Mikrotik Chateau 5G in preparation for Terraform management Notes on intial router settings:
- default IP address is 192.168.88.1
- both wireless and LAN ports 1 to 5 are assigned to same bridge.
- LTE modem is assigned as WAN port.
Things to configure
- Admin credential
- Hostname
- Default wifi password
- Web console https
- Updating RouterOS and LTE modem firmware without a SIM card attached
Admin credential
- After a config reset accessing the router webconsole or ssh you will be asked to give a password for admin
- Upload your ssh public key and assigned it to admin.
# on your local machine's terminal
scp ~/.ssh/key.pub admin@192.168.88.1:./
# on Mikrotik terminal
/user/ssh-keys/ import public-key-file=key.pub key-owner=admin user=admin
Set router hostname
/system/identity/set name=yourRouterHostname
Configure default SSID passwords (2.4G/5G)
- By default both 2.4G and 5G SSID uses the same “default” security profile.
Note: from @rextended https://forum.mikrotik.com/viewtopic.php?t=183221
All special characters must be put inside quotes, or, for one reason or another, cause errors.
Some chracters must be escaped
" if used as character, and not for contain a string, must be escaped like \"
$ if used as character, and not for start a variable or function name, must be escaped like \$
? on RouterOS 6.x Terminal must be escaped with \ like \? (stored script inside scirpt, scheduler, dhcp, ppp profiles, etc. , do not need to escape the ? )
\ the \ is the escape symbol, for use \ as character instead, escape it like \\
/interface/wireless/security-profiles/set default wpa2-pre-shared-key="yourWifiSecuredPassword" authentication-types="wpa2-psk" mode="dynamic-keys"
Configure webconsole HTTPS
- Upload server ca bundle and server key
# on your local machine's terminal
scp server_ca-bundle.pem admin@192.168.88.1:./ # cert must contain full chain/bundle server,intermediate-ca,root-ca
scp server.key admin@192.168.88.1:./
- Import certificates and assign to www-ssl service
/certificate/ import name=yourCertificateName
/ip/service/ set www-ssl certificate=yourCertificateName disabled=no
Updating RourterOS7 and LTE modem firmware without a SIM card
This creates a new bridge where one of the LAN ports can be assigned to it and obtain IP from upstream modem/router
- Create bridge
/interface/bridge/add name=yourBridgeName comment="bridge for ethernet WAN"
- Assign LAN port No. 5 into newly created bridge.
/interface/bridge/port/ set 4 interface=ether5 bridge=yourBridgeName
- Add a dhcp client and assign it to newly created bridge
/ip/dhcp-client/add interface=yourBridgeName
- Once port 5 have acquired an IP from upstream modem/router. You can perform the upgrade as directed by the official guide
No comment
Say something
Thank you
Your post has been submitted and will be published once it has been approved.
OK
OOPS!
Your post has not been submitted. Please return to the page and try again. Thank You!
If this error persists, please open an issue by clicking here.
OK