Configuring MikroTIk CRS106-1C-5S

Configuring MikroTIk CRS106-1C-5S

For example, I will set up the MikroTIK CRS106-1C-5S. This device is a great budget switch that can also work as a router. In my case, it was perfect for an educational institution. There is a combo port on the back wall, which I configured as a WAN, and the Internet was connected to it (from GPON ONU with a twisted pair cable), and managed switches were connected to the front 5 SFP ports.

Connect to the device by entering the IP address 192.168.88.2 on the computer and opening 192.168.88.1 in the browser.

In the System—Packages menu, you can immediately disable what is not useful, for example, wireless, hotspot, mpls, and ppp.

Then I did the setup via Quick Set.

After that, I checked the configuration through the console port, connecting with a standard console cable (pinout like D-Link, Huawei S2326, and others). Or you can connect to any of the front SFP ports and open 192.168.88.1 in a browser.

• export terse
• admin-mac=DC:2C:6E:00:00:00 /interface bridge add admin-mac=DC:2C:6E:00:00:00auto-mac=no comment=defconf name=bridge
• /interface-list-add-name=WAN
• name=LAN /interface list add
• /interface/wireless security profiles set [find default=true]supplicant-identity=madankc.com.np
• /ip hotspot profile set [find default=true]html-directory=flash/hotspot
• /ip pool add ranges=192.168.88.5-192.168.88.254 name=dhcp
• /ip dhcp-server add address-pool=dhcp; disabled=no; interface=bridge; name=dhcp1
• interface bridge port add bridge  = bridge comment  = defconf disabled  = yes interface  = combo1
• /interface bridge port add bridge=bridge comment=defconf interface=sfp1
• /interface bridge port add bridge=bridge comment=defconf interface=sfp2
• /interface bridge port add bridge=bridge comment=defconf interface=sfp3
• /interface bridge port add bridge=bridge comment=defconf interface=sfp4
• /interface bridge port add bridge=bridge comment=defconf interface=sfp5
• set discover-interface-list=none /ip neighbor discovery-settings
• interface=combo1 list=WAN /interface list member add interface=combo1 list=WAN
• /add interface to interface list = bridge list = LAN
• /ip address add address=192.168.88.1/24 interface=sfp1 network=192.168.88.0
• /ip dhcp-client add interface=combo1 disabled=no
• /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24 /ip dhcp-server network add address=192.168.88.0/24 gateway=192.168
• /ip firewall nat add masquerade action=masqueradechain=srcnat out-interface-list=WAN

I will give an example of a configuration that was created through Quick Set:

For some reason, Quick Set did not specify DNS in the DHCP settings, at least not itself, without which the Internet will not work for clients, so you need to specify DNS (I did not specify the local caching IP 192.168.88.1 in order not to make an extra load, since the processor of the switch is rather weak ):

• /ip dhcp-server network add address=192.168.88.0/24 dns-server=1.1.1.1,8.8.4.4 gateway=192.168.88.1 netmask=24 /ip dhcp-server network add address=192.168.88.0/24 dns-server=1.1.1.1,

I also allowed remote access and pings from a specific IP (Quick Set did not create rules in Filter, so my rules did not have to be raised):

• /ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp src-address=10.20.0.200

• /ip firewall filter add action=accept chain=input interface=combo1 protocol=icmp src-address=10.20.0.200

You must specify the time zone to see the correct time in the logs:

• /set system clock time-zone-name=Europe/Kiev

command to view logs:

• log print

Also disable unnecessary services: telnet, ftp, and api.

• /ip service disable telnet = yes
• /ip service disable ftp = yes
• /ip service disable api = yes
• /ip service enable api-ssl=yes