Configure MikroTik hAP mini for IPTV Beeline
On The last MUM in Moscow is 3-3317. , I, like everyone else, were handed the router MikroTik hAP mini.
I decided to replace them with an old, constantly hanging, router from their parents.
To get maximum performance, I decided to use a switch chip. On the Internet, I did not find a suitable instruction, where there would be a description of the settings of both the wired and wireless parts, so I decided to share my experience.
Running a little ahead, I will say that hAP mini coped with the task perfectly.
The scheme is as follows:
Internet and IPTV from Beeline, IPOE connection. On the first port comes the Internet, on the second port IPTV prefix, on 3 and on wifi local area network.
And so, let's start:
1. Without connecting the router to the Internet, turn it on, connect it to the third port with a cable, start WinBox, go to the router and reset the settings, remembering to cancel the creation of the backup and use the default config.
2. After rebooting the router, reconnect to it via Winbox at the MAC address 3r-3281.
3. Run New terminal and enter the following commands: 3r33281.
[b] The very first thing we change the password for the user admin. 3r3355.
Ideally, create another user, and admin-a delete.
/user set admin password = qwFnnNn # 4 $ 2hWR # QirEx
Create a bridge:
/interface bridge add name = bridge1 protocol-mode = none
Add interfaces to the bridge:
/interface bridge port
add bridge = bridge1 interface = ether1
add bridge = bridge1 interface = ether2
add bridge = bridge1 interface = ether3
add bridge = bridge1 interface = wlan1
We create two additional interface VLANs on the bridge:
add interface = bridge1 name = VLAN10 vlan-id = 10
add interface = bridge1 name = VLAN20 vlan-id = 20
Configuring for VLAN interfaces:
/interface ethernet switch vlan
add independent-learning = yes ports = ether? ether? switch1-cpu switch = switch1 vlan-id = 10
add independent-learning = yes ports = ether? switch1-cpu switch = switch1 vlan-id = 20
/interface ethernet switch port
set 0 default-vlan-id = 10 vlan-header = always-strip vlan-mode = secure
set 1 default-vlan-id = 10 vlan-header = always-strip vlan-mode = secure
set 2 default-vlan-id = 20 vlan-header = always-strip vlan-mode = secure
set 3 vlan-mode = secure
Configure WiFi (do not forget the SSID and password for your replace):
/interface wireless security profiles
set[find default=yes ]authentication-types = wpa2-psk eap-methods = "" mode = dynamic-keys wpa2-pre-shared-key = MyWifiPassword
set[find default-name=wlan1 ]band = 2ghz-onlyn disabled = no mode = ap-bridge ssid = MyWifiName vlan-id = 20 vlan-mode = use-tag wireless-protocol = ??? wps-mode = disabled
Internet connection is IPOE, i.e. the address is obtained by DHCP. Please note that we configure dhcp-client for VLAN:
/ip dhcp-client add dhcp-options = hostname, clientid disabled = no interface = VLAN10
Configure the local network:
/ip address add address = ???.1 /24 interface = VLAN20 network = ???.0
/ip pool add name = pool-lan ranges = ???.2-???.99
/ip dhcp-server add address-pool = pool-lan disabled = no interface = VLAN20 lease-time = 1h name = dhcp-server
/ip dhcp-server network add address = ???.0 /24 dns-server = ???.1 gateway = ???.1 3r-3232. /ip dns set allow-remote-requests = yes
For convenience, we combine the interfaces into groups:
add name = WAN
add name = LAN
/interface list member
add interface = VLAN10 list = WAN
add interface = VLAN20 list = LAN
Create minimal firewall rules:
/ip firewall filter
add action = accept chain = input comment = "Allow icmp" protocol = icmp
add action = accept chain = input comment = "Allow established & related" connection-state = established,
add action = accept chain = input comment = "Allow access for ManageIP group" src-address-list = ManageIP
add action = drop chain = input comment = "All other drop"
add action = fasttrack-connection chain = forward comment = Fasttrack connection-state = established,
add action = accept chain = forward comment = "Allow established & related" connection-state = established, related, untracked
add action = drop chain = forward comment = "Drop invalid connection packets" connection-state = invalid
add action = accept chain = forward comment = "Allow Internet" in-interface-list = LAN out-interface-list = WAN
add action = drop chain = forward comment = "All other drop"
Add to the ManageIP group the addresses from which access to the router will be:
/ip firewall address-list add address = ???.0 /24 list = ManageIP
Configure NAT to access the Internet from lokalki:
/ip firewall nat add action = masquerade chain = srcnat out-interface-list = WAN
Well and in the conclusion, not obligatory, but useful commands:
/ip cloud set ddns-enabled = yes update-time = no
/system clock set time-zone-autodetect = no
/system clock manual set time-zone = + 03: 00
/system identity set name = MyHome
/system ntp client set enabled = yes primary-ntp = ???.248 secondary-ntp = ???.7
We allow neighbor discovery only from the local network.
If you have not updated ROS and you have ???:
/ip neighbor discovery
set ether1 discover = no
set ether2 discover = no
set ether3 discover = no
set wlan1 discover = no
set bridge1 discover = no
If updated to the latest, then:
/ip neighbor discovery settings settings discover-list = LAN
But in this case, the MAC connection from the wifi network does not work. Any idea why?
You can connect the provider cable to the first port and test it.
The results of a small test showed that the cable received almost all 100Mbps from the provider (launched a torrent), the IPTV set-top box works, and the load on the router processor was only 20%. By WiFi, it was possible to get only 25Mbps, too much air is dirtied, but this speed is enough.
It may be interesting
Your post is very helpful to get some effective tips to reduce weight properly. You have shared various nice photos of the same. I would like to thank you for sharing these tips. Surely I will try this at home. Keep updating more simple tips like this. BBQ and Hog Roast buffet catering Bristol