Initial setup of Mikrotik Chateau 5G in preparation for Terraform management Notes on intial router settings:

  • default IP address is 192.168.88.1
  • both wireless and LAN ports 1 to 5 are assigned to same bridge.
  • LTE modem is assigned as WAN port.

Things to configure

  1. Admin credential
  2. Hostname
  3. Default wifi password
  4. Web console https
  5. Updating RouterOS and LTE modem firmware without a SIM card attached

Admin credential

  1. After a config reset accessing the router webconsole or ssh you will be asked to give a password for admin
  2. Upload your ssh public key and assigned it to admin.
# on your local machine's terminal
scp ~/.ssh/key.pub admin@192.168.88.1:./
# on Mikrotik terminal
/user/ssh-keys/ import public-key-file=key.pub key-owner=admin user=admin

Set router hostname

/system/identity/set name=yourRouterHostname

Configure default SSID passwords (2.4G/5G)

  1. By default both 2.4G and 5G SSID uses the same “default” security profile.

Note: from @rextended https://forum.mikrotik.com/viewtopic.php?t=183221

All special characters must be put inside quotes, or, for one reason or another, cause errors.
Some chracters must be escaped
" if used as character, and not for contain a string, must be escaped like \"
$ if used as character, and not for start a variable or function name, must be escaped like \$
? on RouterOS 6.x Terminal must be escaped with \ like \? (stored script inside scirpt, scheduler, dhcp, ppp profiles, etc. , do not need to escape the ? )
\ the \ is the escape symbol, for use \ as character instead, escape it like \\
/interface/wireless/security-profiles/set default wpa2-pre-shared-key="yourWifiSecuredPassword" authentication-types="wpa2-psk" mode="dynamic-keys"

Configure webconsole HTTPS

  1. Upload server ca bundle and server key
# on your local machine's terminal
scp server_ca-bundle.pem admin@192.168.88.1:./  # cert must contain full chain/bundle server,intermediate-ca,root-ca
scp server.key admin@192.168.88.1:./
  1. Import certificates and assign to www-ssl service
/certificate/ import name=yourCertificateName
/ip/service/ set www-ssl certificate=yourCertificateName disabled=no

Updating RourterOS7 and LTE modem firmware without a SIM card

This creates a new bridge where one of the LAN ports can be assigned to it and obtain IP from upstream modem/router

  1. Create bridge
/interface/bridge/add name=yourBridgeName comment="bridge for ethernet WAN"
  1. Assign LAN port No. 5 into newly created bridge.
/interface/bridge/port/ set 4 interface=ether5 bridge=yourBridgeName
  1. Add a dhcp client and assign it to newly created bridge
/ip/dhcp-client/add interface=yourBridgeName
  1. Once port 5 have acquired an IP from upstream modem/router. You can perform the upgrade as directed by the official guide