This set of exercises will help you learn the basic set of RouterOS commands required to configure and secure your Mikrotik switch or router.
Using your console cable, connect to your RB532 following the instructions from the Wireless Scanning & Antenna Lab.
The wireless cards in your Mikrotik RB532 are dual-band, 2.4 and 5 GHz radio cards. You can confirm they are dual band with this command:
[admin@Mikrotik] > /interface wireless info hw-info wlan1
ranges: 4920-6100/5/a,a-turbo
2192-2507/5/b,g,g-turbo
2224-2539/5/b,g,g-turboTo set the card into 5GHz mode, issue this command:
[admin@Mikrotik] > /interface wireless set wlan1 band=5ghz-a frequency-mode=superchannelNow that you're in 5GHz mode, get a list of all the channels available to you:
[admin@Mikrotik] > /interface wireless info allowed-channels wlan1Not all of these channels are legal to use! Always consult your country's radio regulations before choosing a wireless channel.
First perform a wireless scan as you did in the wireless scanning lab. Note the frequencies in use - you'll want to avoid using them!
In this lab, we'll assume the ability to use the ranges 5150-5350 and 5470-5875 at up to 1W EIRP.
Talk with your neighbours to determine how each of you can have a 20 MHz channel that's spaced 40 MHz away from the next used frequency. This leaves an empty channel above and below your radio.
When you've picked a channel, configure your wireless interface
[admin@Mikrotik] > /interface wireless set wlan1 channel-width=20mhz frequency=5320 disabled=no Mikrotik wireless interfaces support a number of modes. AP mode supports point-to-multipoint topologies. Bridge mode supports Point to Point links. Set your wireless interface to Bridge mode.
[admin@Mikrotik] > /interface wireless set wlan1 mode=bridgeThere are a number of different station modes, including station, station-bridge, station-pseudobridge, station-pseudobridge-clone, and station-wds. The many modes are explained in the Mikrotik manual: http://wiki.mikrotik.com/wiki/Manual:Wireless_Station_Modes For this exercise we will be building ethernet tunnels across a Layer 3 infrastructure, so set your radio to station mode, which only handles L3 packets.
[admin@Mikrotik] > /interface wireless set wlan1 mode=stationIn order to ensure your station will find your access point, set its scan list to include the channel you've chosen for your link
[admin@Mikrotik] > /interface wireless set wlan1 scan-list=xxxxChoose an SSID for your radio link, and set both radios to the same SSID.
[admin@Mikrotik] > /interface wireless set wlan1 ssid=groupxp2pDisplaying an SSID for infrastructure is a security risk. Any curious or malicious party scanning wireless spectrum might find your SSID and try to connect to it. For production links, it can be a good idea to hide SSIDs.
[admin@Mikrotik] > /interface wireless set wlan1 hide-ssid=yesCreate a security profile for your link so that traffic is encrypted. WPA2 is an ok choice for a point-to-point link. Create the same profile on both radio units.
[admin@Mikrotik] > /interface wireless security-profiles add name=p2plink wpa2-pre-shared-key="groupxkey" mode=dynamic-keys authentication-types=wpa2-pskApply the security profile to both radio units.
[admin@MikroTik] > /interface wireless set wlan1 security-profile=p2plinkWith matching frequencies, you should now have a connected link. You can check this with the registration table:
[admin@MikroTik] > /interface wireless registration-table printThe registration table will also show you the power levels your link has achieved. Try to adjust the power of your link so that the received signal strength at each end is -50 dBm.
[admin@MikroTik] > /interface wireless set wlan1 tx-power-mode=all-rates-fixed tx-power=1Use the antennas you built earlier in the week to focus your limited transmit and receive power