I want to show few most important steps that should be done on every mt device. It is directed to users that don't know Mikrotik's well, but need to configure one and don't know where to start. It is not straight "copy -> paste" HOW-TO but rather "please dig here and here". Somebody could say that this is nothing special, because such information can be found in many places, especially on the web site of Greg Sowell [http://mikrotikuniversity.com/] - Mikrotik Guru. On the other hand, when I am asked to take care of some client with MTs devices - usually most of devices are not configured properly :/.
List of contents: COMMENTS
SAFE MODE
DEFAULT CONFIG
PACKAGE UPGRADES
FIRMWARE UPGRADES
NTP, CLOCK
SYSTEM IDENTITY
SERVICES
NEIGHBOURS
BACKUPS
USERS
Rest in next post.
COMMENTS
On MT devices there is useful feature that you can add comments. It is very important especially if you have more devices or complicated config :).
SAFE MODE
You can start safe mode in terminal to be secured during testing. Activate by CTRL-X in terminal. I never used this feature :).
You can enable it for the winbox window. In both options changes will became permanent if you will turn that feature off, but if you will, quit everything will be unrolled.
DEFAULT CONFIG (SYSTEM -> RESET CONFIGURATION)
In my opinion this is the best solution to remove default config always, when you start with new device.
PACKAGE UPGRADES (SYSTEM -> PACKAGES)
FIRMWARE UPGRADES (SYSTEM -> ROUTERBOARD -> UPGRADE)
NTP, CLOCK (SYSTEM -> SNTP CLIENT, CLOCK)
I use official PL NTP servers tempus1.gum.gov.pl and tempus2.gum.gov.pl
SYSTEM IDENTITY (SYSTEM -> IDENTITY)
Some sexy name for your device. Best would be to add device role like AP01 or CAPS02 etc.
SERVICES (IP-> SERVICES)
You should disable all not used services. Leave only ssh and winbox. Good practice is to change ssh to some non standard port like 9876. Do not leave the configuration as on the screenshot, unless your devices is in secure LAN network.
NEIGHBOURS (IP-> NEIGHBOURS) You can see other MT devices, but they will see you too. Have it in your mind that it is good to turn off this feature for your wan interface.
BACKUPS One method was shown in earlier post [__GHOST_URL__/mikrotik-backup/].
USERS (SYSTEM -> USERS)
You can add users with different rights. It is also good to add address class from which this user can log in. Second important tab is SSH Keys, where you can add... wait for it... SSH Keys (useful for mentioned backup [__GHOST_URL__/mikrotik-backup/]).
In next post there will be supplement with additional aspects, especially basic firewall options.