Mikrotik Part6

Mikrotik -Part6
Hardware
PDF generated using the open source mwlib toolkit. See http://code.pediapress.com/ for more information.
PDF generated at: Thu, 19 Dec 2013 19:57:16 CET
Contents
Articles
RouterBOARD hardware
Manual:Grounding
RouterBOOT changelog
RouterBOARD Troubleshooting
Manual:Bootloader upgrade
10
Manual:Netinstall
11
Manual:System/Serial Console
18
Password reset
22
Manual:Switch Chip Features
25
Manual:USB Features
32
Manual:Default Configurations
34
RouterBOARD 500
39
RouterBOARD Feature Request
40
Mini-PCI (In)Compatibility
43
Solar Power HOWTO
43
Manual:User Manager
54
User Manager/Introduction
57
User Manager/Getting started
58
User Manager/Hotspot Example
59
User Manager/PPP Example
61
User Manager/DHCP Example
63
User Manager/Wireless Example
64
User Manager/RouterOS user Example
65
User Manager/Customers
66
User Manager/Users
68
User Manager/Routers
69
User Manager/Sessions
69
User Manager/Payments
70
User Manager/Reports
70
User Manager/Logs
70
User Manager/Permissions
72
User Manager/Character constants
73
User Manager/Active sessions
75
User Manager/Active users
75
User Manager/Public ID
75
User Manager/Profiles
76
User Manager/MAC binding
77
User Manager/Languages
78
User Manager/Subscribers
79
User Manager/Credits
79
User Manager/User prefix
80
User Manager/Limiting
81
User Manager/Prepaid and unlimited users
82
User Manager/Voucher template
83
User Manager/Search patterns
85
User Manager/Tables
86
User Manager/Detail forms
92
User Manager/Printing
94
User Manager/Customer page
94
User Manager/User page
108
User Manager/User sign up
114
User Manager/User payments
116
User Manager/Backup
132
References
Article Sources and Contributors
133
Image Sources, Licenses and Contributors
135
Grounding and ESD protection

Upgrading RouterBOARD Bootloader
Netinstall- How to install or re-install RouterOS on to a RouterBoard
Serial Console- How to access the Comand Console via the Serial Port of a RouterBoard
MikroTik Password Recovery
RouterBOARD Switch chips
RouterBOARD USB port capability table
List of Default Configuration files for RouterBOARD devices
Other
RouterBOARD 500
Mini-PCI_(In)Compatibility - List of Mini-PCI radios which are known to work well or (and not at all)
Solar Power HOWTO - How to design and build a solar power system for Routerboard devices (includes
examples).
Manual:Grounding
Manual:Grounding
Introduction
The installation infrastructure (towers and masts), as well as antennas and
the router itself must be properly grounded, and lightning arrestors must
be installed on all external antenna cables (near the antennas or on the
antennas themselves) to prevent equipment damage and human injury.
Note that lightning arrestors will not have any effect if not grounded.
Use 1 AWG (7mm in diameter) wire with corrosion-resistant connectors
for grounding. Be sure to check that the grounding infrastructure you use
is indeed functional (as opposed to decorative-only grounding present on
some sites). For smaller devices you can use thinner wire.
1. Only shielded and outdoor usage Ethernet cables should be used,
magnetic shield should be grounded via shielded RJ-45 connector or
via additional wire that is soldered to RJ45 or ground wire.
2. Grounding wire should be connected to RouterBOARD (to the
mounting point where board is fastened to the outdoor box), this wire
is connected to bottom of the tower and connection to the tower is
according to the standards. Antenna grounding wire is connected near
RouterBOARD Outdoor case, this wire could be connected to the same
RouterBOARD grounding wire.
3. Ethernet port ligthing protectors are not recommended, as most of
them are not intended to use for PoE (they are shortening PoE supply).
If protectors are used, they could be placed at the outdoor case, where
RouterBOARD and grounding pads are connected.
Example grounding wire attachment screw on an outdoor case:
Shielded cable
Manual:Grounding
ESD Protection on RouterBOARD devices

1. Three arrows mark the grounding inside the ethernet port, the shielded cable connects it's shield to these two
grounding pins via the metallic ethernet connector.
2. The middle arrow points to the metal plate inside the port, which connects the grounding pins to the board. The
board needs to be grounded at the mounting hole (put grounding wire on the screw when you mount the board
inside a case). Any surges will go from the grounding pins, to the grounding plate, to the board, and then to the
grounding installation.
3. The two separate arrows show the ESD protection chips on the board - in case there was no shielded cable, to
protect the CPU and other parts of the board.
The protection is not too effective if you only use shielded cable, and don't ground the board itself. You need to do
both things to be successful. See below for possible methods, option 1 is recommended.
Grounding RouterBOARD installations

There are two methods, one of them more effective than the other.
1. Using a Shielded cable + Board is grounded: If you connect
grounding to the mounting point of the RB711 (or the mounting
loop inside SXT door), you don't necessary need to ground the
device at other end of the shielded cable. Just using a shielded cable
is enough. Special PoE is also not needed. This is the best option to
protect against all ESD damage.
2. Using only shielded cable: If you can't ground the
RB711/SXT/other device itself, you can ground the device on the
other end of your shielded cable (switch, router, etc). If you need to
use PoE, the injector with a metal shielding around connectors will
be required, because it allows shielded cable to be used. This
method is not recommended, better ground the board itself also
(option 1).
PoE with shielded connectors
Manual:Grounding
Illustrations of the above methods

Method #1 (shielded cable + grounding of the device):
Method #2 (only shielded cable):
Manual:Grounding
Note! Even if you don't ground the outdoor wireless device, and only use a shielded cable, you should still ground
the device it's connected to (indoors). Ie. the switch, routerboard or PC.
What's new in 3.2.1:
) fixed etherboot on p2020,mpc8544,amcc460;
) fix possible etherboot problems on ar7100,ar7240,ar9330,ar9342,ar9344;
What's new in 3.1.1 (ar7100,ar7240,ar9330,ar9340,ar9344,tilegx 3.02 release):
) ar9344: added new product support;
) fixed partition support not to hang bootup process;
) finished partition support, requires RouterOS v6.0rc5 or newer;
What's new in 3.0.1 (tilegx 3.0 release):
) pass routerboot version to RouterOS;
What's new in 3.0:
) reset buton now supports RouterOS reset also on serial-port devices (push button right after power is applied);
What's new in 3.0rc4
) ar9344: fix etherboot with ar8327 switch chip;

) ar9344: fix ethernet leds on 100MBs links;
) ar9344: fix xlna on SXT-2nDr2;
) ar9344: added lcd support on RB2011;
) tilegx: added support for CCR 1016/1036 boards;
What's new in 2.40.5 (ar9330 2.41 release):

) ar9330: fixes few rb951-2n errors;
) ar7100: fix RB411L to have configuration reset with button;
) fix sw version soft setting not to have multiple copies;
) fix for easy ar9344 stale booter detection;
) mips: reset some more CP0 registers to 0 on bootup;
) AR934x: fixed cache initialization (fixes RB2011 stall on decompressing);
) AR9344: added user-led support for RB2011;
) added AR8327 rev B support (RB2011, RB433GL);
) yaffs kernel load improvement;
) P2020: faster kernel loading (ubifs optimization);
) AR934x: increase AHB bus speed from DDR / 3 -> CPU / 3;
) AR9344: improve NAND speed;
) AR7100: remove duplicate spi access code (bios got smaller);
) AR7240: fixed button reset (broken in 2.38.3);
What's new in 2.39.2 (mpc8544 2.39 release):
) AR7100: fix RB433L etherboot led behavior;
) AR9344: setup DDR RAM voltage before accessing it;
) mips: change cpu mode description;
) AR9330: fixed support for 40 MHz crystal;
) AR7100: fixed NAND access through CPLD (broken in 2.38.3);
) added 64MB large page nand support;
What's new in 2.38.4 (ar9344,ar9330 2.39 prerelease):
) AR9344: fixed etherboot on RB2011;
What's new in 2.38.3 (p2020 2.39 release):
) P2020: increase kernel partition size to 8MB on large page nands;
) AR7xxx: fix cfg not to be lost at kernel load from nand;
) AR9344: fix ethernet switching on RB2011;
) P2020: fix 128 MB Samsung nand detection;
What's new in 2.38.1 (amcc460 2.38 release):
) AMCC460: fix support for some RAM modules;
What's new in 2.38:
) added support for some new products;
What's new in 2.37:
) pin-hole reset: changed default boot device to flashfig;
What's new in 2.36:
What's new in 2.35:
) fixed wireless throughput on SXT 5HnD (broken in 2.34);
What's new in 2.34:
) fixed wireless throughput on RB711 and Groove (broken in 2.31);
What's new in 2.33:
) added support for Groove;
) added support for RB751G;
What's new in 2.32:
) fixed beep after failed flashfig on SXT 5HnD;
What's new in 2.31:
) Slight SXT booting speed improvement
) Flashfig initialization improvements (makes sound if Flashfig server not used)
What's new in 2.30:
) fixed RB1000 not to reset configuration all the time (broken in v2.29);
What's new in 2.29:
) fixed rare issue with large nand booting;
) fixed RB800 and RB1100 to turn on user led during boot-up;
) fixed RB711 to turn off user led during boot-up;
What's new in 2.28:
) fixed problem - wireless did not show up on some RB411 units with 18V PoE power supply;
What's new in 2.27:
) memory fix for RB800/RB1000/RB1100;
) fixed problem - sometimes wireless was missing on RB711 after reboot;
) fixed pin-hole reset on RB750G;
What's new in 2.26:
) added RB816 support on RB600;

) fixed router hangup during etherboot if blasted with lots of packets;
) added silent boot;
) fixed Flashfig;
What's new in 2.25:
new feature - Flashfig;

fixed etherboot on RB493;
fixed occasional lockup of kernel image loading on RB400 series;
added disable UART feature;
What's new in 2.24:

added support for RB816;
What's new in 2.23:
added support for RB750G;
What's new in 2.22:
fixed support for RB750;
What's new in 2.21:
What's new in 2.20:
added support for RB450G;
What's new in 2.19:
fixed support for MLC NAND chip;
fixed memory issue on RB600;
What's new in 2.18:
fixed via-rhine disappearing on RB532 and RB564;
added support for RB493AH;
What's new in 2.17:
added support for MLC NAND chip;
What's new in 2.16:
fixed bug - boot from NAND on RB532A could fail (bug introduced in 2.13);
fixed bug - etherboot on RB433/RB450 at 10Mbit did not work;
What's new in 2.15:
fixed RB333 overheating problem;
added support for microSD card on RB433;
What's new in 2.14:
fixed nand boot on RB150 (broken in v2.13);
What's new in 2.13:
improved memtest;
fixed RB600 memory issue;
What's new in 2.12:
nand improvement for RB532A;
What's new in 2.11:
fixed bug - in one rare case boot from NAND could fail with "data is corrupted" message while data is correctable
in reality;
What's new in 2.10:
100ms delay before PCI bus are initialized;
What's new in 2.9:
What's new in 2.8:
fixed CompactFlash resetting router config on RB153 (broken in v2.7);
What's new in 2.7:
fixed bug - RouterOS command "/system reset-configuration"
was not resetting RB532 VIA ethernet mac address to default;
added support for RB532r5;
What's new in 2.6:
fixed CompactFlash reseting router config on RB153;
What's new in 2.4:
fixed etherboot on RB100 to work reliably;
What's new in 2.2:
fixed repeated initrd image loading;
What's new in 2.1:
fixed crash during memory test within RouterBOOT;
What's new in 2.0:
What's new in 1.13:
fixed nand format feature to mark back really bad blocks as bad;
What's new in 1.12:
reset-jumper resets bios settings to defaults;
What's new in 1.11:
fixed reboot failure on RB500 with new RAM modules;
What's new in 1.10:
added workaround for reboot failure on RB500 with new RAM modules;
What's new in 1.9:
new boot option - "boot NAND, if fail then Ethernet";
What's new in 1.8:
fixed bug - it was possible for RB500 booter to stop working completely;
What's new in 1.7:
added nand format feature;
What's new in 1.3:
added support for large block NAND devices;
What's new in 1.2:
fixed bios entering on <delete> key for hyperterminal;

routerboard 100 beep before jumping to kernel code;
added nand READY/BUSY checking for rb100;
improved speed for memory test;
This page describes methods of testing if a RouterBOARD device has troubles. Before contacting support, or RMA
department, please carefully try ALL of the mentioned methods:
Can't connect over IP or MAC

Try to connect over a different ethernet port
Try another cable
See what is output on the Serial console (next sections)
Boots, but stops loading after BIOS info
Check if the baud rate of your terminal program is set correctly, usually it's 9600 or 115000
Try using mac-telnet, or mac-winbox to connect
Make sure your RouterBOARD's BIOS is set to boot from NAND
If all else fails, hold the button next to the LEDs to load backup BIOS
Starts, but an ERROR interrupts loading of RouterOS

Enter the BIOS, set it to boot from "ethernet, then NAND" and reinstall OS with Netinstall. In most cases, it will
not hurt the configuration or license.
Examine the error message and see if it's meaning leads to a logical solution
Contact support [1] with the error message
No information on the console output
While turning on the device, hold the button next to the LEDs to load backup BIOS
Check if the baud rate of your terminal program is set correctly, usually it's 9600 or 115000
Check Power jumpers, are they set according to the manual [2]?
do any LEDs blink or turn on? Clarify their meaning with support
Wireless card problems

This article shows how to determine whether R52, R52H or R52Hn card was damaged in storm
Operational Problems
CPU load 100% or slow traffic speeds: Check traffic coming to/through router with Torch Tool. Disable
interfaces. See if a P2P user, or an attacker is not causing it.
Wireless card disappearing: Check if the pigtail or something else metallic is not touching the wireless card's metal
parts.
References
[1] http:/ / www. mikrotik. com/ support. html
[2] http:/ / www. routerboard. com
This page shows how to upgrade the Bootloader firmware of a RouterBOARD device.
Simple Upgrade
Run command /system routerboard upgrade
Reboot your router to apply the upgrade (/system reboot)]
Note! If you need to install a different version than included in your "routerboard.npk - Upload the latest
RouterBOOT firmware to your router's FTP, the latest firmware is available on routerboard.com [2] and then follow
above steps.
Checking RouterBOOT version
This command shows the current RouterBOOT version of your device, and available upgrade which is either
included in routerboard.npk package, or if you uploaded a FWF file corresponding to device model:
[admin@MikroTik] > system routerboard print
routerboard: yes
model: "750"
serial-number: "1FC201DD513B"
current-firmware: "2.18"
upgrade-firmware: "2.20"
[admin@MikroTik] >
In this case you see, that there is a newer version of the Bootloader firmware available already inside your current
RouterOS version.
10
Xmodem Method
If there is no IP connectivity with your RouterBOARD, you can also use the Serial Console XMODEM transfer to
send the FWF file to the router, while connected via Serial Console. From the Bootloader menu it's possible to
upgrade the firmware with this method. This method is the last resort, and should be used only if the first two
methods are not available.
Manual:Netinstall
Applies to RouterOS: 2.9, v3, v4
NetInstall Description
NetInstall is a program that runs on Windows computer that allows you to install MikroTiK RouterOS onto a PC or
onto a RouterBoard via an Ethernet network.
You can download Netinstall on our download page [1].
NetInstall is also used to re-install RouterOS in cases where the the previous install failed, became damaged or
access passwords were lost.
Your device must support booting from ethernet, and there must be a direct ethernet link from the Netinstall
computer to the target device. All RouterBOARDs support PXE network booting, it must be either enabled inside
RouterOS "routerboard" menu if RouterOS is operable, or in the bootloader settings. For this you will need a
serial cable.
Note: For RouterBOARD devices with no serial port, and no RouterOS access, the reset button can also start PXE
booting mode. See your RouterBOARD manual PDF for details. For example RB750 PDF [2]
Netinstall can also directly install RouterOS on a disk (USB/CF/IDE/SATA) that is connected to the Netinstall
Windows machine. After installation just move the disk to the Router machine and boot from it.
Interface
The following options are available in the Netinstall window:
Routers/Drives - list of PC drives, and in the routers that were detected near the Netinstall PC
Make floppy - used to create a bootable 1.44" floppy disk for PCs which don't have Etherboot support
Net booting - used to enable PXE booting over network (your default choice)
Install/Cancel - after selecting the router and selecting the RouterOS packages below, use this to start install
SoftID - the SoftID that was generated on the router. Use this to purchase your key
Key / Browse - apply the purchased key here, or leave blank to install a 24h trial
Get key - get the key from your mikrotik.com account directly
Flashfig - launch Flashfig - the mass config utility which works on brand new devices
Keep old configuration - keeps the configuration that was on the router, just reinstalls software (no reset)
IP address / "Netmask - enter IP address and netmask in CIDR notation to preconfigure in the router
Gateway - default gateway to preconfigure in the router
Baud rate - default serial port baud-rate to preconfigure in the router
11
Manual:Netinstall
Configure script File that contains RouterOS CLI commands that directly configure router (e.g. commands
produced by export command). Used to apply default configuration
Screenshot
for installation over network, don't forget to enable the PXE server, and make sure Netinstall is not blocked by
your firewall or antivirus. The connection should be directly from your Windows PC to the Router PC (or
RouterBOARD), or at least through a switch/hub.
NetInstall Example
This is a step by step example of how to install RouterOS on a RouterBoard 532 from a typical notebook computer.
Requirements
The Notebook computer must be equiped with the following ports and contain the following files:
Ethernet port.
Serial port.
Serial communications program (such as Hyper Terminal)
The .npk RouterOS file(s) (not .zip file) of the RouterOS version that you wish to install onto the Routerboard.
The NetInstall program available from the Downloads page at www.mikrotik.com
It is recommended to disable any other Network interfaces in your PC, leave only the one which is connected to
your router
12
Manual:Netinstall
Connection process
1. Connect the routerboard to a switch, a hub or directly to the Notebook computer via Ethernet. The notebook
computer Ethernet port will need to be configured with a usable IP address and subnet. For example: 10.1.1.10/24
2. Connect the routerboard to the notebook computer via serial, and establish a serial communication session with
the RouterBoard. Serial configuration example in in the Serial console manual
3. Run the NetInstall program on your notebook computer.
4. Press the NetInstall "Net Booting" button, enable the Boot Server, and enter a valid, usable IP address (within
the same subnet of the IP address of the Notebook) that the NetInstall program will assign to the RouterBoard to
enable communication with the Notebook computer. For example: 10.1.1.5/24
5. Set the RouterBoard BIOS to boot from the Ethernet interface.
Configuring RouterBOARD
Configuring RouterBOARD without COM port
To boot RouterBOARD withtout COM port from Network, you can use reset button. Consult RouterBOARD.com
and specific RouterBOARD User Guide to find reset button location and usage instructions. For example
RB751U-2HnD etherboot instructions,
RouterBOARD 751U-2HnD RouterBOOT reset button (RES, front panel) has two functions to reset RouterOS
configuration and boot it from Etherboot: - Connect Netinstall PC to "ether1" port and hold this button during boot
time longer, until LED turns off, then release it to make the RouterBOARD look for Netinstall servers.
As well Etherboot can be configured by RouterOS (when you have access to it),
system routerboard settings set boot-device=try-ethernet-once-then-nand
Configuring RouterBOARD with COM port
To access Routerboard BIOS configuration: reboot the Routerboard while observing the activity on the Serial
Console. You will see the following prompt on the Serial Console Press any key within 2 seconds to enter setup
indicating that you have a 1 or 2 second window of time when pressing any key will give you access to Routerboard
BIOS configuration options.
(press any key when prompted):
You will see the following list of available BIOS Configuration commands. To set up the boot device, press the 'o'
key:
What do you want to configure?
d - boot delay
k - boot key
s - serial console
l - debug level
o - boot device
b - beep on boot
v - vga to serial
t - ata translation
p - memory settings
m - memory test
u - cpu mode
f - pci back-off
r - reset configuration
g - bios upgrade through serial port
13
Manual:Netinstall
14
c - bios license information

x - exit setup
Next Selection: Press the 'e' key to make the RouterBoard to boot from Ethernet interface:
Select boot device:
* i - IDE
e - Etherboot
1 - Etherboot (timeout
5 - IDE, try Etherboot
15s),
1m),
5m),
30m),
first
first
first
first
IDE
IDE
IDE
IDE
on next
on next
on next
on next
boot
boot
boot
boot
(15s)
(1m)
(5m)
(30m)
The RouterBoard BIOS will return to the first menu. Press the 'x' key to exit from BIOS. The router will reboot.
Make sure boot-protocol is bootp.
Installation
Watch the serial console as the RouterBoard reboots, it will indicate that the RouterBoard is attempting to boot to the
NetInstall program. The NetInstall program will give the RouterBoard the IP address you entered at Step 4 (above),
and the RouterBoard will be ready for software installation. Now you should see the MAC Address of the
RouterBoard appear in the Routers/Drives list of the NetInstall program.
Click on the desired Router/Drive entry and you will be able to configure various installation parameters associated
with that Router/Drive entry.
Manual:Netinstall
For most Re-Installations of RouterOS on RouterBoards you will only need to set the following parameter:
Press the "Browse" button on the NetInstall program screen. Browse to the folder containing the .npk RouterOS
file(s) of the RouterOS version that you wish to install onto the Routerboard.
When you have finalized the installation parameters, press the "Install" button to install RouterOS.
15
Manual:Netinstall
When the installation process has finished, press 'Enter' on the console or 'Reboot' button in the NetInstall program.
16
Manual:Netinstall
Cleanup
1. Reset the BIOS Configuration of the RouterBoard to boot from its own memory.
2. Reboot the RouterBoard.

Reset RouterOS Password
Netinstall can be used to reset password of RouterOS by erasing all configuration from the router. Uncheck 'Keep
Old Configuration' during Netinstall and proceed with standard procedure,
[ Top | Back to Content ]
17
Manual:Netinstall
References
[1] http:/ / www. mikrotik. com/ download. html
[2] http:/ / www. routerboard. com/ pricelist/ download_file. php?file_id=118
Applies to RouterOS: v3, v4, v5+
Overview
Sub-menu: /system console, /system serial-terminal
Standards: RS-232
The Serial Console and Terminal are tools, used to communicate with devices and other systems that are
interconnected via serial port. The serial terminal may be used to monitor and configure many devices - including
modems, network devices (including MikroTik routers), and any device that can be connected to a serial
(asynchronous) port.
The Serial Console feature is for configuring direct-access configuration facilities (monitor/keyboard and serial port)
that are mostly used for initial or recovery configuration.
If you do not plan to use a serial port for accessing another device or for data connection through a modem, you can
configure it as a serial console. The first serial port is configured as a serial console, but you can choose to
unconfigure it to free it for other applications. A free serial port can also be used to access other routers' (or other
equipment, like switches) serial consoles from a MikroTik RouterOS router. A special null-modem cable is needed
to connect two hosts (like, two PCs, or two routers; not modems). Note that a terminal emulation program (e.g.,
HyperTerminal on Windows or minicom on linux) is required to access the serial console from another computer.
Several customers have described situations where the Serial Terminal (managing side) feature would be useful:
on a mountaintop, where a MikroTik wireless installation sits next to equipment (including switches and Cisco
routers) that can not be managed in-band (by telnet through an IP network)
monitoring weather-reporting equipment through a serial port
connection to a high-speed microwave modem that needed to be monitored and managed by a serial connection
With the serial-terminal feature of the MikroTik, up to 132 (and, maybe, even more) devices can be monitored and
controlled.
Serial Console Configuration

A special null-modem cable should be used for connecting to the serial console from another computer. The Serial
Console cabling diagram for DB9 connectors is as follows:
18
19
Router Side (DB9f) Signal
Direction Side (DB9f)
1, 6
CD, DSR IN
RxD
IN
TxD
OUT
DTR
OUT
1, 6
GND
RTS
OUT
CTS
IN
Note that the above diagram will not work if the software is configured to do hardware flow control, but the
hardware does not support it (e.g., some RouterBOARD models have reduced seral port functionality). If this is the
case, either turn off the hardware flow control or use a null-modem cable with loopback, which will simulate the
other device's handshake signals with it's own. The diagram for such cable is as follows:
Router Side (DB9f) Signal
Direction Side (DB9f)
1, 4, 6
CD, DTR, DSR LOOP
1, 4, 6
RxD
IN
TxD
OUT
GND
7, 8
RTS, CTS
LOOP
7, 8
Note that although it is recommended to have 5-wire cable for this connection, in many cases it is enough to have 3
wires (for unlooped signals only), leaving both loops to exist only inside the connectors. Other connection schemes
exist as well.
Configuring Console
Sub-menu: /system console
Properties
Property
Description
disabled (yes | no; Default: no) Whether serial console is enabled or not.
Read-only properties
port (string)
Which port should the serial terminal listen to
term (string)
Terminal type
20
Property
Description
free (yes | no)
Console is ready for use.
used (yes | no)
Console is in use.
vcno (integer)
number of virtual console - [Alt]+[F1] represents '1', [Alt]+[F2] - '2', etc..
wedged (yes | no) Console is currently not available
Example
To disable all virtual consoles (available through the direct connection with keyboard and monitor) extept for the
first one:
[admin@MikroTik] system console> print
Flags: X - disabled, W - wedged, U - used, F - free
#
PORT
VCNO
TERM
0 F serial0
MyConsole
1 U
1
linux
2 F
2
linux
3 F
3
linux
4 F
4
linux
5 F
5
linux
6 F
6
linux
7 F
7
linux
8 F
8
linux
[admin@MikroTik] system console> disable 2,3,4,5,6,7,8
[admin@MikroTik] system console> print
Flags: X - disabled, W - wedged, U - used, F - free
#
PORT
VCNO
TERM
0 F serial0
MyConsole
1 U
1
linux
2 X
2
linux
3 X
3
linux
4 X
4
linux
5 X
5
linux
6 X
6
linux
7 X
7
linux
8 X
8
linux
[admin@MikroTik] system console>
To check if the configuration of the serial port:
[admin@MikroTik] system serial-console> /port print detail
0 name=serial0 used-by=Serial Console baud-rate=9600 data-bits=8 parity=none
stop-bits=1 flow-control=none
1 name=serial1 used-by="" baud-rate=9600 data-bits=8 parity=none stop-bits=1
flow-control=none
[admin@MikroTik] system serial-console>
21
Using Serial Terminal

Command: /system serial-terminal
The command is used to communicate with devices and other systems that are connected to the router via serial port.
All keyboard input is forwarded to the serial port and all data from the port is output to the connected device. Ctrl-A
is the prefix key, which means that you will enter a small "menu" by pressing this combination of keys. The Ctrl-A
character will not be sent to your device! If you need to send Ctrl-A character to remote device, press Ctrl-A twice.
After exiting with Ctrl-A and then Q, the control signals of the port are lowered. The speed and other parameters of
serial port may be configured in the /port directory of router console. No terminal translation on printed data is
performed. It is possible to get the terminal in an unusable state by outputting sequences of inappropriate control
characters or random data. Do not connect to devices at an incorrect speed and avoid dumping binary data.
Property
Description
port (string; Default: ) Port name to use
The serial port to be used as a serial terminal needs to be free (e.g., there should not be any serial consoles, LCD or
other configuration). Chack the previous chapter to see how to disable serial console on a particular port. Use /port
print command to see if some other application is still using the port.
Ctrl-A have special meaning and is used to provide a possibility of exiting from nested serial-terminal sessions:
To send Ctrl-A to to serial port, press Ctrl-A Ctrl-A
Note: When rebooting a RouterBoard the bootloader (RouterBOOT) will always use the serial console
(serial0 on RouterBoards) to send out some startup messages and offer access to the RouterBOOT menu.
Having text coming out of the serial port to the connected device might confuse your attached device and get
stuck on boot loader. To avoid this you can reconfigure RouterBOOT to enter the RouterBOOT menu only
when a DEL character is received.
Example
To connect to a device connected to the serial1 port:
[admin@dzeltenais_burkaans] > /system serial-terminal serial0
[Ctrl-A is the prefix key]
[admin@R2] /ip address>
Console Screen
Sub-menu: /system console screen
This facility is created to change line number per screen if you have a monitor connected to router.
Property
Description
line count (25|40|50; Default: 25) Number of lines on monitor
This parameter is applied only to a monitor, connected to the router.
Example
To set monitor's resolution from 80x25 to 80x40:
[admin@MikroTik] system console screen> set line-count=40
[admin@MikroTik] system console screen> print
line-count: 40
[admin@MikroTik] system console screen>
See More
Special Login
Sigwatch
Password reset
RouterOS password can only be reset by reinstalling the router, or using the reset button (or jumper hole) in case the
hardware is RouterBOARD.
For X86 devices, only complete reinstall will clear the password, along with other configuration. For RouterBOARD
devices, several methods exist, depending on our model.
Button reset
Most RouterBOARD devices are fitted with a reset button.
Using: unplug the device power, hold the button, apply power and wait until the USER LED starts flashing. Now
release the button to clear configuration.
Note: If you wait until LED stops flashing, and only then release the button - this will instead launch Netinstall
mode, to reinstall RouterOS.
22
Password reset
Jumper hole reset

All RouterBOARD current models are also fitted with a reset jumper hole. Some devices might need opening of the
enclosure, RB750/RB951/RB751 have the jumper hole under one of the rubber feet of the enclosure.
Using: Close the jumper with a metal screwdriver, and boot the board until the configuration is cleared.
23
Password reset
Jumper reset for older models

The below image shows the location of the Reset Jumper on older RouterBOARDs like RB133C:
Note: Don't forget to remove the jumper after configuration has been reset, or it will be reset every time you reboot.
24
25

Applies to RouterOS: v4.0 +
Introduction
There are several types of switch chips on Routerboards and they have a different set of features. Most of them (from
now on "Other") have only basic "Port Switching" feature, but there are few with more features:
Capabilities of switch chips:
Feature
Atheros8327 Atheros8316 Atheros8227 Atheros7240 ICPlus175D Other
Port Switching yes
yes
yes
yes
yes
yes
Port Mirroring yes
yes
yes
yes
yes
no
Host table
2048 entries
2048 entries
1024 entries
2048 entries
no
no
Vlan table
4096 entries
4096 entries
4096 entries
16 entries
no
no
Rule table
92 rules
32 rules
no
no
no
no
Atheros8316 is present on RB493G(ether1+ether6-ether9, ether2-ether5), RB1200(ether1-ether5), RB450G(all

ports with ether1 optional[more [1]]), RB435G(all ports with ether1 optional[more [1]]), RB750G and
RB1100(ether1-ether5, ether6-ether10).
Atheros8327 is present on RB2011 series(ether1-ether5+sfp1) RB750GL, RB751G-2HnD, RB951G-2HnD and
RB1100AH, RB1100AHx2(ether1-ether5, ether6-ether10).
Atheros8227 is present on RB2011 series(ether6-ether10).
Atheros7240 is present on RB750(ether2-ether5), RB750UP(ether2-ether5), RB751U-2HnD(ether2-ether5),
RB951-2n(ether2-ether5) and RB951Ui-2HnD(ether2-ether5).
ICPlus175D is present on newest versions of RB450(ether2-ether5) and RB433 series(ether2-ether3).
ICPlus175C is present on some RB450(ether2-ether5) and some RB433 series(ether2-ether3).
ICPlus178C is present on RB493 series(ether2-ether9) and RB816.
Command line config is under /interface ethernet switch menu. This menu contains a list of all switch
chips present in system, and some sub-menus as well. /interface ethernet switch menu list item
represents a switch chip in system:
[admin@MikroTik] /interface ethernet switch> print
Flags: I - invalid
#
NAME
TYPE
MIRROR-SOURCE
MIRROR-TARGET
0
switch1 Atheros-8316 ether2
none
Depending on switch type there might be available or not available some configuration capabilities.
Atheros8316 packet flow diagram [2]
26
Features
Port Switching
Switching feature allows wire speed traffic passing among a group of ports, like the ports were a regular ethernet
switch. You configure this feature by setting a "master-port" property to one ore more ports in /interface
ethernet menu. A 'master' port will be the port through which the RouterOS will communicate to all ports in the
group. Interfaces for which the 'master' port is specified become inactive - no traffic is received on them and no
traffic can be sent out.
For example consider a router with five ethernet interfaces:
[admin@MikroTik] > interface ethernet print
Flags: X - disabled, R - running, S - slave
#
NAME
MTU
MAC-ADDRESS
ARP
0 R ether1
1500 00:0C:42:3E:5D:BB enabled
1
ether2
1500 00:0C:42:3E:5D:BC enabled
2
ether3
1500 00:0C:42:3E:5D:BD enabled
3
ether4
1500 00:0C:42:3E:5D:BE enabled
4 R ether5
1500 00:0C:42:3E:5D:BF enabled
MASTER-PORT
SWITCH
none
none
none
none
switch1
switch1
switch1
switch1
And you configure a switch containing three ports ether3, ether4 and ether5:
[admin@MikroTik] /interface ethernet> set ether4,ether5 master-port=ether3
[admin@MikroTik] /interface ethernet> print
Flags: X - disabled, R - running, S - slave
#
NAME
MTU
MAC-ADDRESS
ARP
MASTER-PORT
SWITCH
0 R ether1
1500 00:0C:42:3E:5D:BB enabled
1
ether2
1500 00:0C:42:3E:5D:BC enabled
none
switch1
2 R ether3
1500 00:0C:42:3E:5D:BD enabled
none
switch1
3 S ether4
1500 00:0C:42:3E:5D:BE enabled
ether3
switch1
4 RS ether5
1500 00:0C:42:3E:5D:BF enabled
ether3
switch1
ether3 is now the master port of the group. Note: you can see that previously a link was detected only on ether5, but
now as the ether3 is a 'master' the running flag is propagated to master port.
In essence this configuration is the same as if you had a RouterBoard with 3 ethernet interfaces with ether3
connected to ethernet switch that has 4 ports:
A more general diagram of RouterBoard with switch chip that has 5 port switch chip:
Here you can see that, a packet that gets received by one of the ports always passes through the switch logic at first.
Switch logic decides to which ports the packet should be going to. Passing packet 'up' or giving it to RouterOS is
also called sending it to switch chips 'cpu' port. That means that at the point switch forwards the packet to cpu port
the packet starts to get processed by RouterOS as some interfaces incoming packet. While the packet does not have
to go to cpu port it is handled entirely by switch logic and does not require any cpu cycles and happen at wire speed
for any frame size.
Ether1 port on RB450G has a feature that allows it to be removed/added to the default switch group. By default
ether1 port will be included in the switch group. This configuration can be changed with /interface
ethernet switch set switch1 switch-all-ports=no
switch-all-ports=yes/no "yes" means ether1 is part of switch and supports switch grouping, and all other advanced Atheros8316 features
including extended statistics (/interface ethernet print stats).
"no" means ether1 is not part of switch, effectivly making it as stand alone ethernet port, this way increasing its
troughtput to other ports in bridged, and routed mode, but removing the switching possibility on this port.
27
Port Mirroring
Port mirroring lets switch 'sniff' all traffic that is going in and out of one port (mirror-source) and send a copy of
those packets out of some other port (mirror-target). This feature can be used to easily set up a 'tap' device that
receives all traffic that goes in/out of some specific port. Note that mirror-source and mirror-target ports have to
belong to same switch. (See which port belong to which switch in /interface ethernet switch port
menu). Also mirror-target can have a special 'cpu' value, which means that 'sniffed' packets should be sent out of
switch chips cpu port. Port mirroring happens independently of switching groups that have or have not been set up.
Host Table
Basically the table represents switch chips internal mac address to port mapping. It can contain two kinds of entries:
dynamic and static. Dynamic entries get added automatically, this is also called a learning process: when switch chip
receives a packet from certain port, it adds the packets source mac address X and port it received the packet from to
host table, so when a packet comes in with destination mac address X it knows to which port it should forward the
packet. If the destination mac address is not present in host table then it forwards the packet to all ports in the group.
Dynamic entries take about 5 minutes to time out. Learning is enabled only on ports that are configured as part of
switch group. So you won't see dynamic entries if you have not specified some 'master-ports'. Also you can add
static entries that take over dynamic if dynamic entry with same mac-address already exists. Also by adding a static
entry you get access to some more functionality that is controlled via following params:
copy-to-cpu=yes/no - a packet can be cloned and sent to cpu port

redirect-to-cpu=yes/no - a packet can be redirected to cpu port
mirror=yes/no - a packet can be cloned and sent to mirror-target port configured in "/interface ethernet switch"
drop=yes/no - a packet with certain mac address coming from certain ports can be dropped
copy-to-cpu, redirect-to-cpu, mirror actions are performed for packets which destination mac matches mac address
specified in entry drop action is performed for packets which source mac address matches mac address specified in
entry
Another possibility for static entries is that mac address can be mapped to more that one port, including 'cpu' port.
28
Vlan Table
Vlan tables specifies certain forwarding rules for packets that have specific 802.1q tag. Those rules are of higher
priority than switch groups configured using 'master-port' property. Basically the table contains entries that map
specific vlan tag ids to a group of one or more ports. Packets with vlan tags leave switch chip through one or more
ports that are set in corresponding table entry. The exact logic that controls how packets with vlan tags are treated is
controlled by vlan-mode parameter that is changeable per switch port in /interface ethernet switch
port menu. Vlan-mode can take following values:
disabled - ignore vlan table, treat packet with vlan tags just as if they did not contain a vlan tag;
fallback - the default mode - handle packets with vlan tag that is not present in vlan table just like packets without
vlan tag. Packets with vlan tags that are present in vlan table, but incoming port does not match any port in vlan
table entry does not get dropped.
check - drop packets with vlan tag that is not present in vlan table. Packets with vlan tags that are present in vlan
table, but incoming port does not match any port in vlan table entry does not get dropped.
secure - drop packets with vlan tag that is not present in vlan table. Packets with vlan tags that are present in vlan
table, but incoming port does not match any port in vlan table entry get dropped.
Vlan tag id based forwarding also take into account the mac addresses learned or manually added in host table.
Packets without vlan tag are treated just like if they had a vlan tag with vlan id = 0. This means that if
"vlan-mode=check or secure" to be able to forward packets without vlan tags you have to add a special entry to vlan
table with vlan id set to 0.
Vlan-header option (configured in /interface ethernet switch port) sets the VLAN tag mode on
egress port. Starting from RouterOS version 6 this option works with AR8316, AR8327, AR8227 and AR7240
switch chips and takes the following values:
leave-as-is - packet remains unchanged on egress port;
always-strip - if VLAN header is present it is removed from the packet;
add-if-missing - if VLAN header is not present it is added to the packet.
Rule Table
Rule table is very powerful tool allowing wire speed packet filtering, forwarding and vlan tagging based on
L2,L3,L4 protocol header field condition.
Each rule contains a conditions part and an action part. Action part is controlled by following parameters:
copy-to-cpu=yes/no - clones matching packets and sends them to cpu port;

redirect-to-cpu=yes/no - redirects matching packets to cpu port;
mirror=yes/no - clones matching packets and send them to mirror-target port;
new-dst-ports - if set forces the destination port to be as specified, multiple ports allowed, including cpu port.
Non obvious feature of this parameter is to pass empty list of ports to drop matching packets;
new-vlan-id (only applies to Atheros8316) - if specified changes the vlan tag id, or add new vlan tag if one was
not present;
new-vlan-priority - if specified changes the vlan tag priority bits;
rate (only applies to Atheros8327) - Sets limitation (bits per second) for all matched traffic. Can only be applied
to first 32 rule slots.
Conditions part is controlled by rest of parameters:
ports - match port that packet came in from (multiple ports allowed);
mac layer conditions
dst-mac-address - match by destination mac address and mask;
29
src-mac-address - ...;
vlan-header - match by vlan header presence;
vlan-id (only applies to Atheros8316) - match by vlan tag id;
vlan-priority (only applies to Atheros8316) - match by priority in vlan tag;
mac-protocol - match by mac protocol (skips vlan tags if any);
ip conditions
dst-address - match by destination ip and mask;

src-address - match by source ip and mask;
dscp - match by ip dscp field;
protocol - match by ip protocol;
ipv6 conditions
dst-address6 - match by destination ip and mask;

src-address6 - match by source ip and mask;
flow-label - match by ipv6 flow label;
traffic-class - match by ipv6 traffic class;
protocol - match by ip protocol;
L4 conditions
src-port - match by tcp/udp source port range;
dst-port - match by tcp/udp destination port range;
IPv4 and IPv6 specific conditions cannot be present in same rule. Menu contains ordered list of rules just like in
/ip firewall filter. Due to the fact that the rule table is processed entirely in switch chips hardware there is
limitation to how many rules you may have. Depending on the amount of conditions (MAC layer, IP layer, IPv6, L4
layer) you use in your rules the amount of active rules may vary from 8 to 32 for Atheros8316 switch chip and from
24 to 96 for Atheros8327 switch chip. You can always do /interface ethernet switch rule print
after modifying your rule set to see that no rules at the end of the list are 'invalid' which means those rules did not fit
into the switch chip.
30
Example - 802.1Q Trunking with Atheros switch chip in RouterOS v6

Routerboards with Atheros switch chips can be used for 802.1Q Trunking. This
feature in RouterOS version 6 is supported on AR8316, AR8327, AR8227 and
AR7240 switch chips. In this example ether2,ether3 and ether4 interfaces are
access ports, while ether5 is trunk port. VLAN IDs for each access port: ether2 200, ether3 - 300, ether4 - 400.
Create a group of switched ports.
/interface
set ether3
set ether4
set ether5
ethernet
master-port=ether2
master-port=ether2
master-port=ether2
Assign "vlan-mode" and "vlan-header" mode for each port and "default-vlan-id" on ingress for each access port.
Set "vlan-mode=secure" to ensure strict use of VLAN table. Set "vlan-header=always-strip" for access ports - it
removes VLAN header from frame when it leaves the switch chip. Set "vlan-header=add-if-missing" for trunk
port - it adds VLAN header to untagged frames. "Default-vlan-id" specifies what VLAN ID is added for ingress
traffic of the access port.
/interface
set ether2
set ether3
set ether4
set ether5
ethernet switch port

vlan-mode=secure vlan-header=always-strip default-vlan-id=200
vlan-mode=secure vlan-header=add-if-missing
Add VLAN table entries to allow frames with specific VLAN IDs between ports.
/interface ethernet switch vlan
add ports=ether2,ether5 switch=switch1 vlan-id=200
31
Management IP Configuration
This example will show one of the possible management IP address configurations. Management IP will be
accessible only through trunk port and it will have a separate VLAN with ID 99.
Configure the port which connects switch-chip with CPU, set "vlan-header=leave-as-is" because management
traffic already should be tagged.
/interface ethernet switch port
set switch1_cpu vlan-mode=secure vlan-header=leave-as-is
Add VLAN table entry to allow management traffic through switch-cpu port and the trunk port.
/interface ethernet switch vlan
add ports=ether5,switch1_cpu switch=switch1 vlan-id=99
Add VLAN 99 and assign IP address to it. Since the master-port receives all the traffic coming from switch-cpu
port, VLAN has to be configured on master-port, in this case "ether2" port.
/interface vlan
add name=vlan99 vlan-id=99 interface=ether2
/ip address
add address=192.168.88.1/24 interface=vlan99 network=192.168.88.0
References
[1] http:/ / wiki. mikrotik. com/ wiki/ Manual:Switch_Chip_Features#switch-all-ports
[2] http:/ / wiki. mikrotik. com/ wiki/ Manual:Packet_flow_through_Atheros8316
Manual:USB Features
Summary
Sub-menu: /system routerboard usb
Package: routerboard (v5) / system (v6)
Not all of the RouterBOARDS with USB ports have the same supported features. This article list all supported USB
features by each RouterBOARD.
Warning: On RB2011 and CRS series boards usb devices may not work first time they are plugged in.
Power cycle (not reboot) is needed.
USB power reset

USB power reset turns off USB port power for specified time. It is useful when 3G modem needs
to be restarted but there is no direct access to it (tower installation).
Available properties:
duration (time; Default: "3s") - Time interval how long power is turned off.
For example, "/system routerboard usb power-reset duration=10s" will turn off USB port power for 10 seconds.
32
Manual:USB Features
33
RB2011 USB port mode

RB2011 series have micro USB port which operates in host mode when USB device is attached through USB OTG
cable. Some vendor cables require forced host mode to recognize connected device.
usb-mode (automatic | force-host; Default: "automatic") - Defines USB port mode.
Note: In RouterOS v5 this setting was called "mode".
RB912 USB port type

RB912 series have USB port and miniPCIe slot. Due to hardware restrictions it is possible to use
only one at the time.
type (USB-type-A | mini-PCIe; Default: "USB-type-A") - Type of enabled port.
Note: In RouterOS v5 this setting was called "use".
USB feature table

Information about RouterBoard USB features.
RouterBOARD
USB ports Power Reset USB powering
CCR1016-12G
yes
yes
CCR1036-12G-4S
yes
yes
RB OmniTik U-5HnD
yes
yes
RB OmniTik UPA-5HnD 1
yes
yes
RB SXT 5HnD
yes
yes
RB SXT 5HPnD
yes
yes
RB SXT G-2HnD
yes
yes
RB SXT G-5HnD
yes
yes
RB2011UAS
yes
yes
RB2011UAS-2HnD
yes
yes
RB411GL
yes
yes
RB411U
no
yes
RB411UAHL
yes
yes
RB411UAHR
no
no*
RB433GL
yes
yes
RB433UAH
no
yes
RB433UAHL
yes
yes
RB435G
no
yes
RB493G
no
no*
RB711UA-2HnD
yes
yes
RB711UA-5HnD
yes
yes
Manual:USB Features
34
RB750UP
no
yes
RB751G-2HnD
no
yes
RB751U-2HnD
no
yes
RB912UAG-2HPnD
yes
yes
RB912UAG-5HPnD
yes
yes
RB951G-2HnD
yes
yes
RB951Ui-2HnD
yes
yes
RBSXTG-5HPnD-SAr2
yes
yes
CRS125-24G-1S
yes
yes
* use of USB power injector [1] is required in these models
References
[1] http:/ / routerboard. com/ 5VUSB
Applies to RouterOS: v5
List of Default Configs

Integrated Indoors
Wan port
Lan port
RB750
RB750G
ether1
Switched
ether2-ether5
RB751
ether1
RB951
ether1
Wireless
ht
ht extension dhcp-server dhcp-client Firewall
mode
chain
-
NAT
Default IP
Mac
Server
on lan port
on wan port blocked Masquerade 192.168.88.1/24 Disabled

access
wan port
on lan port
on wan
to wan
port
port
Switched
AP b/g/n
ether2-ether5, 2412MHz
bridged wlan1
with switch
0,1
above-control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
Switched
AP b/g/n
bridged wlan1
with switch
above-control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
RB1100
AH/AHx2
192.168.88.1/24
on ether1
RB1200
192.168.88.1/24
on ether1
RB2011
sfp1,ether1
two switch
gropups
bridged
(ether2-ether10,
wlan1 if
present)
35
-
on lan port

access
wan port
on ether1
on wan
to wan
port
port
Integrated Outdoors
Wan
port
Lan port
Groove
2Hn
wlan1
ether1
station
a/n
2.4GHz
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
Groove
5Hn
wlan1
ether1
station
a/n 5GHz
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
Groove
A-5Hn
bridged
AP a/n
wlan1,ether1 5300MHz
Metal 5
wlan1
ether1
station
a/n 5GHz
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
SXT 5xx,
SXT
G-5xx
wlan1
ether1
station
a/n 5GHz
0,1
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
OmniTik
ether1
Switched
AP a/n
bridged
wlan1 with
switch
0,1
on lan port
on wan port
0,1
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
SEXTANT wlan1
Engineered
ether1
Wireless
ht
ht
dhcp-server dhcp-client Firewall
mode
chain extension
station
a/n 5GHz
NAT
Default IP
192.168.88.1/24
on lan port
Masquerade 192.168.88.1/24
wan port
on lan port
Mac
Server
36
Wan
port
Lan port
RB411xx,
RB435G,
RB433xx,
RB495xx,
RB800
RB450xx
ether1
Switched
ether2-ether5
on lan port

access
wan port
on lan port
on wan
to wan
port
port
RB711-5xx,
RB711G-5xx
wlan1
ether1
station
a/n 5GHz
above
control
on lan port

access
wan port
on lan port
on wan
to wan
port
port
bridged
AP a/n
above
control
on lan port
RB711UA-5xx,
RB711GA-5xx
RB711-2xx
RB711UA-2xx
wlan1
ether1
Wireless
ht
ht
dhcp-server dhcp-client Firewall
mode
chain extension
station
b/g/n
2.4GHz
bridged
AP a/n
NAT
Default IP
Mac
Server
192.168.88.1/24
on ether1
192.168.88.1/24
on lan port

access
wan port
on lan port
on wan
to wan
port
port
-
192.168.88.1/24
on lan port
Note: To see exact configuration script that will be applied after system reset use following command
/system default-configuration print
Warning: /system default-configuration print Always shows factory default configuration

even if it is override by different netinstall script.
Wan Port
When applying configuration WAN port is renamed to "<wan port>-gateway", for example, if wan
port is ether1, it will be renamed to "ether1-gateway".
Local Port
Local port can be:
single interface
ethernets configured in switch group
bridged all interfaces that are not WAN and switch slaves.
If ports are switched then master port is renamed to "<ethernet name>-master-local" and slaves to "<ethernet
name>-slave-local".
Lets take RB751 as an example. Board has ether1 configured as WAN port, it has switch chip and one
pre-configured wireless interface. So in this case all ethernets except ether1 are grouped in switch group and bridged
with wireless interface.
Generated config will be:
/interface set ether2 name=ether2-master-local;
/interface set ether3 name=ether3-slave-local;
/interface ethernet set ether3-slave-local master-port=ether2-master-local;
/interface bridge add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp;
:local bMACIsSet 0;
:foreach k in=[/interface find] do={
:local tmpPort [/interface get $k name];
:if ($bMACIsSet = 0) do={
:if ([/interface get $k type] = "ether") do={
/interface bridge set "bridge-local" admin-mac=[/interface ethernet get $tmpPort mac-address];
:set bMACIsSet 1;
}
}
:if (!($tmpPort~"bridge" || $tmpPort~"ether1" || $tmpPort~"slave")) do={
/interface bridge port add bridge=bridge-local interface=$tmpPort;
}
}
Wireless Config
Wireless configuration depends on market segment for which board is designed. It can be configured as AP or
station in 2GHz and 5GHz frequencies. Default 2GHz frequency is 2412 and default 5GHz frequency is 5300. SSID
is "Mikrotik-" + last 3 bytes in hex from wireless MAC address. Starting from v5.25 and v6rc14 Wireless Security
profile is configured with WPA/WPA2 and security key equal to router's serial number.
For example, If Mac address of the wlan1 interface is 00:0B:6B:30:7F:C2, and serial number of the board is
/sys routerboard print
routerboard: yes
serial-number: 0163008F8883
Then following settings will be applied:
SSID="MikroTik-307FC2"
security settings:
mode=dynamic-keys
authentication-types=wpa-psk,wpa2-psk
wpa-pre-shared-key=0163008F8883
wpa2-pre-shared-key=0163008F8883
37
38
Note: security key is case sensitive
If board has two chains (letter D in the naming of the board), then both chains are enabled. HT
Extension is enabled on all CPEs.
For example generated config on RB751:
:if ( $wirelessEnabled = 1) do={

# wait for wireless
:while ([/interface wireless find] = "") do={ :delay 1s; };
/interface wireless set wlan1 mode=ap-bridge band=2ghz-b/g/n ht-txchains=0,1 ht-rxchains=0,1 \

disabled=no country=no_country_set wireless-protocol=any
/interface wireless set wlan1 channel-width=20/40mhz-ht-above ;
}
Default IP and DHCP Config

Default IP address on all boards is 192.168.88.1/24. Boards without specific configuration has IP address set on
ether1, other boards has IP address on LAN interface.
All boards that has WAN port configured, DHCP client is set on WAN port.
Typically on all CPEs DHCP server is set on LAN port, giving out addresses in range from
192.168.88.2-192.168.88.254
As an example RB751 applied DHCP config.
/ip dhcp-client add interface=ether1-gateway disabled=no
/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;

/ip dhcp-server
add name=default address-pool="default-dhcp" interface=bridge-local disabled=no;
/ip dhcp-server network

add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
Firewall, NAT and MAC server

All boards with configured WAN port has configured protection on that port. Any traffic leaving WAN port is
masqueraded. In forward chain also three rules are added for boards with masquerade rule: accept established, accept
related and drop invalid to prevent packets with local network IP to be leaked on the wan port.
Config example:
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="default configuration"
filter add chain=input action=accept connection-state=established in-interface=ether1-gateway comment="default configuration"
filter add chain=input action=accept connection-state=related in-interface=ether1-gateway comment="default configuration"
filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
}
/tool mac-server remove [find];

/tool mac-server mac-winbox disable [find];
:foreach k in=[/interface find] do={
:local tmpName [/interface get $k name];
:if (!($tmpName~"ether1")) do={
/tool mac-server add interface=$tmpName disabled=no;
/tool mac-server mac-winbox add interface=$tmpName disabled=no;
}
}
/ip neighbor discovery set [find name="ether1-gateway"] discover=no
DNS
Every board allows remote DNS requests and static DNS name is pre-configured.
/ip dns {
set allow-remote-requests=yes
static add name=router address=192.168.88.1
}
RouterBOARD 500
1. Linux installation guide and notes on how to use RouterBOARD 500 specific functions
2. RB500 Power options (Jumpers settings)
3. RB500 BIOS upgrade (over serial port)
39

Not Official - user generated.
Please add your vote to an existing feature request, or add a new one. **Only one vote per user**
!!! Sort the list by votes !!!

Note: these are requests for HARDWARE features for future boards, not ROUTEROS features
RackMount RouterBoard (RB1100 & RB1200) with 2 expansion slots. Expansion cards could be: mcpi-x for 3G
with sim card reader, another is: 2 SFP slots, another is: 2 USB ports
(Votes: 85) ADSL/ADSL2+/VDSL2 modem support on RB4xx/7xx board (maybe in the form of a mini-pci card?
USB ?, or even better - port RouterOS to Broadcom BCM6368 Single chip xDSL router, RB750GD/R, or USB
DSL Modem (like Zyxel 660RU or 630S) ) In RB250GS have one space for put USB port, if use this case in
RB750GU and put any ADSL USB modem or 3G modem [EXCELLENT!!]
(Votes: 39) Voltage monitor (meaning input POE voltage) + access via SNMP
(Votes: 34) Temperature Monitoring (environment temp and CPU temp), be able to use it in scripting for
reporting or decision making purpose + access via SNMP
(Votes: 33) SFP slots for copper/fiber GBICs on the highend RB's (SFP slots could then be used for fiber to the
home FTTH projects)
(Votes: 20) Routerboard that support 802.16/e (WiMax) mini-PCI
(Votes: 20) FULL 802.3af compatibility power over DATA LINES! (merged 5 votes from "New routerboard Like
433AH with 48V POE - 802.3AF - more support poe switchs") & 802.3at (PoE+)
(Votes: 18) Connectors that can be monitored with routeros e.g. (monitor open box or water on box, if is open or
close with script send a email) (merged with i2c bus request, it's the same thing - 10/4/09 TB) (at least one i2c
master port)
(Votes: 15) SNMP reporting of UPS monitor information.
(Votes: 14) A RouterBOARD alternative to SOHO (like popular Linksys WRT54G/GL/GS) routers. With 5
Ethernet ports and only one WLAN module already build-in - R2N. Low-cost (as it is main factor of popularity
RB750 units), in nice plastic enclosure with power supply and Level4 license. Sort of popular RouterBOARD
750/750G on steroids:D - Add wall mount holes and this would make for a great AP inside companies. 802.11n
2x2 would be awesome.
(Votes: 11) Cryptographic hardware acceleration - merged 4 votes from RoS feautures request "Mini-pci
Hardware VPN accelerator cards" (like the Hifn 7955 mini-PCI).
(Votes: 10) Ethernet statistics/counters capabilities (Like a managed switch).
(Votes: 10) Gigabit Ethernet for RB411 and Newer Model Boards.
(Votes: 9) Good ESD protection for all interfaces
(Votes: 9) Add 802.1x supplicant support for wired ethernet.
(Votes: 6) Live to die feature. Small, built-in (C-mos) battery backup that together with the input voltage
monitor function can send last e-mail notification before unit goes down due input-power failure (UPS will
eventually die as well but remote rbs with POE cannot monitor status of UPS. Voltage stays fine until sudden
death.)
(Votes: 6) Real Time Clock
40

(Votes: 6) RouterBOARD as a PCI card! 1 eth interface available to the host PC (Mac?) via the PCI buss. 2-4
ethernet ports out the back, maybe serial port, Antenna connector for onboard mini pci slot. Inspired by this...
http://www.securecomputing.com/index.cfm?skey=1560
(Votes: 4) On-Board GPS chip (optional for mobile) with antenna connector and software port to transmit data to
a server (TCP/UDP)
(Votes: 4) More slots & More watts! Instead of faster CPU's, more miniPCI slots and bigger voltage regulators.
We already got this to some degree with the newest revision of the RB532, but an even bigger model would be
nice. Something on the order of 8 slots, fully populated with XR cards.
(Votes: 4) New routerboard Crossroads with 5G card / 300MHz cpu / 32MB RAM / L3 / 80usd
(Votes: 4) Routing hardware acceleration (Use hardware ASIC instead of CPU)
(Votes: 4) Daughterboard with telephony interfaces (preferably Digium compatible)
(Votes: 3) Support for NAT64 and DNS64
(Votes: 3) Longer-term availability (non-obsolescence) e.g. RB112
(Votes: 3) MPLS hardware acceleration (Use hardware ASIC instead of CPU)
(Votes: 3) A 12 and 24 port RouterBoard for Layer3 switch use.
(Votes: 3) Long Term Support, more hardware revisions instead of new models.
(Votes: 3) Have the capability of a built in adsl+ cablemodem with automatic traffic shaping+wifi (G+N
protocol)+1Gbit ports
(Votes: 3) 3.65Ghz 802.11 N MIMO Mini PCI Card
(Votes: 2) API in RB250GS.
(Votes: 2) "Market change." Integrating ports mini pci express that they are more efficient
(Votes: 2) Documentation about the mini-ups in board connector and how it works (ie: rb230), package ups with
support it.
(Votes: 2) Additional (i.e. 2) async serial interfaces
(Votes: 2) SNMP-TRAP Support would by nice for Receiving events with NET-SNMP's trapd
(Votes: 2) 5 to 10 binary inputs (maybe a few that detect a break in continuity and a few that detect when voltage
goes high) (MERGE with I2C bus at top, it's the same request)
(Votes: 2) 4 x 8 bit value input headers (to industry standard data acquisition specifications)
(Votes: 2) 2 x ( 16 bit value input headers (again, to industry standard data acquisition specs)
(Votes: 2) MetaRouter on RB600(A)
(Votes: 2) Support for ERICSSON F3507g mini-pci express card
(Votes: 2) IGMP Proxy support in RB250GS, RB750 and in comming RB2011
(Votes: 2) OpenVPN with no auth-user-pass requirement.
(Votes: 1) SFP Slot on Access Pont and Pont To Point Cards (Eg. RB800, RB433) to solve RF Problems on
ethernet cables on telco towers
(Votes: 1) a small micro-SD slot for RB750, an extra storage for a small useful device.
(Votes: 1) Routerboard specifically for routing (e.g. rb1000) with one or more ports SATA for store proxy-cache
(Votes: 1) Sound interface (AC97 ? on main or daughterboard) (used for telephony, tone for alignment or other
VOIP applications)
(Votes: 1) Users Manual for RB1000
(Votes: 1) Introducing Events as triggers for running the scripts
41

(Votes: 1) Ability to add custom fields in WinBox Loader and an Export/Import addressbook button for easyer
transfer of connections
(Votes: 1) Automatic TX-Power on AP-Side (point2point) set by RX-Singnal on the station side. The AP should
be calculated his TX Power on the RX signal of the station in a p2p link. TX should be calculated on 1 time of a
night, so Users are no long offline...
(Votes: 1) Routerboard as 802.1x authenticator for ethernet-connected clients.
(Votes: 1) Dynamic VLANs / GVRP for WPA2 / 802.1x
(Votes: 1) Zeroconf / mdns / avahi for announcing services in lan / wlan
(Votes: 1) RB1100AHUP (Removes a lot of cables, powersuplies, poe-adapters) from 12-24 volt per port
controlabe.
(Votes: 0) A digital input/output(tamper switch)
(Votes: 0) SNMP direct SMS reporting to admin about problems with network. (SIM Card slot with sms service)
(Votes: 0) Part time working with polling / without polling - to be able to connect mikrotik clients with polling
and Nstream and other devices without this features.
(Votes: 0) New Router request: Device to be used as UserManager / RADIUS Server. I suggest a device, similar
to the RB1100, but with (at least) 2x microSD slots (would be AWESOME with 2x SATA ports (and power)),
fewer ethernet (even 1x or 2x ethernet should be sufficient), ROS L6 licence, 2x USB (for UM DB backup to
USB drive, additional USB for 3G backup/SMS modem, or even for a USB ticket printer...), miniPCIx with SIM
slot (also for 3G/SMS capability), why not also add miniPCI so small Coffee shops could use it as RADIUS and
Hotspot. Option for 1U or 2U enclosures (2U when SATA drives are used). The selling point would be to have
all the mentioned requests and have the device operate on 12VDC (probably 5A) (with power for SATA 2.5"
HDD's). This device would be excellent for UserManager, but would also be a good platform for a FreeRADIUS
server and many other NON-Mikrotik based OS's (eg small Linux based SME office server with perhaps SMB,
Mail. OS's eg ClearOS (formly Clark Connect), eBox etc).
(Votes: 0) Change default backup files naming convention to YYYYMMDD so they can sort properly.
(Votes: 0) Support for OpenVPN server over UDP. Any VPN using TCP transport can result in serious
TCP-meltdown. User-plane TCP and UDP will take care of possible retransmissions anyway. The VPN tunnels
(or any classic Internet transmission) has no need to guarantee packet delivery. Also, loadbalancing and a virtual
interface would be nice. Generally - simply make the most popular VPN services such as perfect-privacy.com
totally usable with RouterOS as a client!
(Votes: 0) An implementation of the Locator/ID Separation Protocol (LISP) would be very useful. It's still draft
http://datatracker.ietf.org/doc/draft-ietf-lisp/but the possibilitys are outstanding and are a big gain for the
already implemented vrf functions. With the help of LISP, IP portability when changing providers, multi-homing
across different providers, simple ingress traffic engineering without BGP and rapid IPv6 transition can be done
in a snap.
Another thing which talks for LISP is the possibility to use VMotion and VRFs without a BGP-Enabled network,
just with a Layer3-Connection with a aprropiate MTU-size.
(Votes: 24) Make all boards 48vdc so we do not need different PSU all the time ie RB532 (48v) vs RB333 (24V)
this request is irrelevant now that all new models are the same voltage
(Votes: 11) Pins with 5v (or other voltage) that can on/off with routeros e.g. on/off a relay of alarm or domo
applications use the Fan headers or user LED connections
(Votes: 8) FCC approval of Routerboard (rb433 appears to be approved, haven't bought much other new model
variety)
(Votes: 6) Routerboard that support 3G, HSDPA, UMTS - with mini-PCI
42

(Votes: 2) 802.11n support Done!
(Votes: 13) USB connector in new RBs for GSM EDGE/UMTS modems done! RouterBOARD 433UAH is
available with 2 USB ports
(Votes: 5) MMCX connector for the R52H Done!
(Votes: 3) non-Pacwireless outdoor cases There are Lots of Companies Making Cases for RouterBoard based
products
(Votes: 1) Gigabit Ethernet for RB411 and Newer Model Boards. Done : RB450G - I disagree. RB411 is not
RB450G. This vote was mainly about RB411 series boards.
(Check out the Made For Mikrotik [1] page on the main site.)
Note: **Only one vote per user** Don't abuse the Wiki !
Please provide links to provide further detail on your request.
References
[1] http:/ / www. mikrotik. com/ mfm. php
Mini-PCI (In)Compatibility
See Supported Hardware
Solar Power HOWTO

INTRODUCTION
THIS IS A WORK IN PROGRESS
THIS IS A LONG ARTICLE WITH LARGE IMAGES, PLEASE LET IT LOAD FULLY
The purpose of this Wiki article is to document the process and materials required to build a Hisite (Base Station)
that will operate autonomously using RouterBoard Hardware, without any connection to the Grid or Municipal
Power Supply.
Some reasons why this may be needed:
There is no mains electricity supply where you are building your Hisite. Maybe this is because you are placing it
on a mountain or hill in a remote area.
The the mains electricity is unreliable where you are putting the hisite and you dont have any automatic generator,
or grid connected inverter or UPS
You have access to mains power, but find that solar power is often more stable for the RouterBoards, and you can
get massive Uptimes and reduce issues.
You dont want to pay money to the landlord that is hosting your Hisite, and besides you are an environmentally
energy efficient organisation.
43
Solar Power HOWTO
DISCLAIMER
First I must point out that I am not an electrician or Solar Power "Expert". The contents of this article is the result of
my experiences and lessons learned. I may not have calculated things fully / correctly, and may not have designed
things exactly how they should be. THEREFORE you are reminded of this and that the use of this information is
made entirely at your own risk. If you damage some equipment or yourself, or you find that this desgin doesnt cover
the loads that you have, I can take no responsibility.
REMEMBER working with power and batteries and heights can be dangerous. Observe all industry standard health
and safety rules.
CALL TO GURU'S
Can I request that others who have had successes with Solar Power Installations please edit / review this wiki? If you
dont have time to make changes you can PM me in the forums and I will make the edits.
AIM
To power the following equipment with the use of Solar Power and NO Mains Power. The system must operate
24x7x365 with no downtime due to power.
Equipment to be powered:
1 x RB433 Routerboard
1 x R52H MiniPCI Radio Card
The system must be installed at the base of the mast and send power (NOT OVER POE) up the mast to the
RouterBoard Mounted in an Outdoor Housing at the top of the Mast.
Mast is 30 Meters High.
DESIGNING THE SYSTEM

PLANNING: INFORMATION GATHERING
There are quite a lot of variables when designing a solar power system. You must consider these things:
Sunlight
How many hours of useable sunlight in a day to you receive in your area. This is called Insolation. Obviously this
varies during the year with the seasons and so you will have fewer useful hours of sunlight in winter months than in
summer months. I recommend that you always use the LOWEST number for your area.
For example in Nairobi, Kenya (where I am) The annual average sunlight is 5.62 Kilowatt Hours per meter squared
per day. During the summer months February has the highest levels of sunlight at 6.24 Kilowatt Hours per meter
squared per day and July has the lowest at 4.88 Kilowatt Hours per meter squared per day.
Therefore when doing my calculations I must use the lowest number of 4.88 kWhours per day. This ensures that in
the winter months my solar system can still charge up the batteries and keep the routerboard running properly during
the dark/gloomy hours.
You can get the sunlight data for your area from many places on the net. I got mine from the NASA website [1]
44
Solar Power HOWTO

Power Consumption
The Power Consumption of your Hisite. This can be tricky to get right in my experience. Start by reading the user
manual for your routerboard, and refer to the power consumption data in the specifications.
The RB433 Manual claims that the RB433 will consume approx. 3 Watts BEFORE you add any radio cards. Radio
Cards power consumption varies according to the power output of the radio and other things.
System Voltage
The voltage that your equipment can use. The Routerboard Manual states the following:
"RouterBOARD 433 series boards are equipped with a reliable 25W onboard power supply with overvoltage
protection. 12..28 V DC input voltages are accepted, but when powered over long cables, it is suggested to use at
least 18V. The system is tested with 24V solar/wind/RV systems with 27.6 charge voltage. Overvoltage protection
starts from about 30V (up to 60V), so the board will not be damaged if connected to a 48 or 60 V power line."
And so because Mikrotik say they tested with 24Volt Systems I based my system on 24 Volts.
There are other opinions on this in the Forums, and I have to admit I don't understand the science enough to really
figure this out. Do your own checking.
Practicalities
The practicality of the system. Do you want many small panels, or one big one? Do you need many physically small
batteries or fewer big ones?
Maybe if you have to carry the batteries up the mountain in your backpack then lots of smaller ones makes more
sense.
You also have to balance your workings with what you can get. I am in Africa, and we cant always get the ideal
items, and so you may have to adjust your design / calculations to suit what you can get.
PLANNING: THE CALCULATIONS

Size the Battery Bank
STEP 1:
Calculate the amp hours per day:
So: 144 Watt Hours per day / 24 Volts System = 6 Amp Hours per day
STEP 2:
Calculate the battery storage required. We want this system to have three days of storage (or autonomy) in case there
is a wicked storm that comes in winter and reduces the charging ability of panel.
So: 6 Amp Hours Per day x 3 Days = 18 Amp Hours of battery storage required.
STEP 3:
Now we need to consider that we cant flatten the battery completely. Its bad for them, so to choose the right battery
size we need to factor this in.
So: 18 Amp hours of storage required / 0.5 (For a 50% maximum discharge of the battery) = 36 Amp Hour Battery
Required
STEP 4:
Round up the result attained in STEP 3 to the next battery size that you can get in your area. I chose a 44Amp Hour
Battery as there was no option between the 20Amp Hour and the 44 AH. They didnt have a 36 AH battery.
45
Solar Power HOWTO

Size the Panel
To calculate the size of the Solar Panel Array we need to work through the calculation in three steps.
STEP 1:
Calculate the watt hours per day.
We know our Routerboard is going to consume ~6 Watts of power, and we know that we are going to run it 24
Hours a day.
We now calculate the watt hours per day by multiplying the wats consumed by the number of hours of operation:
6 Watts x 24 Hours Operation = 144 Watt Hours
Then we must calculate the daily Amp Hours requirement for the system. We know in advance that we are choosing
a 24Volt System.
So: 144 Watt Hours / 24 Volts = 6 Amp Hours Per Day
STEP 2:
Calculate the required current output from the solar panel in bright sunlight conditions in Amps
Things we know:
It is generally accepted that batteries dont store 100% of the energy they are given, so we use a factor of 0.8 to
account for inefficiencies.
We know that we are calculating on the basis of 4.88 Sun hours per day
We know that we need to provide for 6 Amp Hours Per Day
So: 6 Amp hours per day / 0.8 battery efficiency factor / 4.88 Sun hours per day = 1.54 Amps
This means we want a solar panel that gives about 1.54 Amps or more in bright sunny conditions.
STEP 3:
To Size the panel, we can now multiply the Amps needed by the volts of the system:
So: 1.54 Amps needed x 24 volts system = 36.96 Watts
So the Minimum wattage solar panel that you need is say a 40 Watt panel. Or you can take two 20 Watt panels and
connect them in parrallel to increase the wattage to 40 Watts.
Results of the Calculations
So having worked through the calculations we know the following:
We need a 40 Watt or larger Solar Panel
We need a 36 Amp Hour or largery Solar Battery
Spreadsheet to make the calculations
PrvtPilot On the Forums made a Spreadsheet calculator to help with these calculations.
This is a Excel spreadsheet that will make all the calculations mentioned in the article. Just fill in the grey boxes with
your numbers and the results will be displayed in the green boxes. Simple.
I tried to upload the file here, but .xls is banned by mediawiki. So you can find the file here:
Solar Calculator Spreadsheet Post in Forum [2]
46
Solar Power HOWTO
THE FINISHED DESIGN

The following drawing shows how the components are connected:
BUILDING
KIT LIST
The List of equipment that I have used (Please note that costs are in US Dollars and apply to Kenya):
2 x 40 Watt 12 Volt Solar Panel @ 193 USD Each

1 x 24Volt 15Amp Charge / Load Controller @ 60 USD
2 x 12 Volt 44amp hour deep cycle, sealed lowe maintenance lead acid solar batteris @ 95 USD Each
30 Metres of 2.5mm Twin Core Flex Copper Cable @ 0.8 USD per Meter
10 Metres each of Red and Black 4mm Single Core Copper Cable (20m total) @ 1 USD Per MEter
1 x DC Power Plug (to go into the routerboard)
1 x ABB IP 55 Rated Outdoor steel housing to contain the batteries and controller @ 35 USD
A DIY Steel Frame to mount the panel @ 20 USD
Many Cable Ties
Various cable lugs and terminators
47
Solar Power HOWTO
SEQUENCE OF CONNECTION
Please observe these rules when connecting up your solar system to ensure that you dont damage any components.
Always make sure you connect the NEGATIVE cable FIRST when working with DC systems.
Always connect the battery first, then the Solar Panels and FINALLY the Load.
Follow the numbered sequencing as shown in the image below:
48
Solar Power HOWTO
PHOTOS OF MY SYSTEM
THE TEST RIG
The photo below shows the system on test. Making sure that my calculations do actually work. As with all these
things, BEFORE you put anything in to your production network make sure you TEST, TEST, TEST.
Also be sure to buy a good quality DIGITAL multimeter. You will use this tool to measure voltages, make sure you
have things wired properly and to monitor your system as you test.
49
Solar Power HOWTO

THE FINISHED SYSTEM
The Housing
You need a good strong housing that can hold the weight of the batteries safely, and that will provide weather
resistance and yet still provide good ventilation for the batteries.
I had one made by a friend. Its a powder coated steel affair with good side vents.
Housing:
Vents:
The Back Plate
My housing came with a removable back plate that can be drilled and modified to allow you to mount any sort of
equipment in the housing. I used mine to mount the Charge Controller, and the fusing system. You can mount
anyhting else you like here. Maybe even a routerboard.
50
Solar Power HOWTO

Here is my back plate showing the inline fuse on the flex cable to the battery, and the fuse panel for connecting loads
(routerboards) to the system. Using the bus bar for the negative, and the fuse panel for the positive load connections
means that it is easy to connect or disconnect loads. YOu can just remove a fuse to de-power something without
having to get your screwdriver out and remove connections.
All connections are soldered.
51
Solar Power HOWTO

Installed
The finished system ready for commissioning

Here it is in all its glory. Batteries installed in parrallel.
Now all we have to do is install the housing on the mast, connect the panels and loads and go for a beer!
52
Backplate:
Solar Power HOWTO

UPDATE: 400 Days Uptime
Well, the proof is in the pudding as they say! Quite pleased with this project.
The screenshot below shows 400 Days uptime on the RB433 with 1 radio for AP (R52H) and 1 Radio for backhaul
(R52)
Further Reading
There is a massive amount of info on the internet about solar. Google is your friend with this.
However here are some of the resources that I have found especially useful:
Dr. Arne Jacobsen is a Solar Guru. A lot of great stuff at his site here: [3]
One of many online solar calculators: [4]
A Mikrotik forum article that spawned the writing of this article can be hound [5]here, and there are other articles
in the forums. Do a Search
Another Mikrotik forum discussing over and under voltage issues is here: [6]
An article about monitoring the solar system with an Atmega8535 board behind a RB433 wireless router is here :
[7]
53
Solar Power HOWTO
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
http:/ / aom. giss. nasa. gov/ srlocat. html

http:/ / forum. mikrotik. com/ viewtopic. php?f=3& t=27981& start=34
http:/ / www. humboldt. edu/ ~aej1/
http:/ / store. altenergystore. com/ calculators/ off_grid_calculator/ #load-calc
http:/ / forum. mikrotik. com/ viewtopic. php?f=3& t=27981& p=135881#p135881
http:/ / forum. routerboard. com/ viewtopic. php?f=3& t=3894
http:/ / www. lekermeur. net/ lndkavr/ index. html
Manual:User Manager
Introduction
What is User Manager

Requirements
Supported browsers
Demo
Differences between version 3 and version 4-test
Getting started
Download
Install
Create first subscriber
First log on User Manager web
Quick start
User Manager and HotSpot

User Manager and PPP servers
User Manager and DHCP
User Manager and Wireless
User Manager and RouterOS user
Concepts explained
Common
Customers
Users
Routers
Sessions
Payments
Reports
Logs
Customer permission levels
Character constants
Active sessions
Active users
54
Manual:User Manager
Customer public ID
Version 4.x test package specific
Profiles
Limitations
User data templates
MAC binding
Languages
CoA (Radius incoming)
Version 3.x specific
Subscribers
Credits
User prefix
Time, traffic amount and rate limiting
Prepaid and unlimited users
Voucher template
Reference
Web interface
Search patterns
Tables:
Sorting
Filtering
Division in pages
Multiple object selection
Operations with selected objects
Minimization
Links to detail form
Detail forms
Page printing
Customer page
Setup
How to find it?
Sections
Status
Routers
Credits
Users
Sessions
Customers
Reports
Logs
55
Manual:User Manager
User page
Setup
How to find it?
Link to user page
Sections
Status
Payments
Settings
User sign-up
Setup
Sign-up steps
Creating account
Activating account
Login
User payments
Authorize.Net
PayPal
Questions and answers
Quick introduction into User Manager setup

How to separate users among customers?
How to create a link to user page?
How to create a link to user sign-up page?
Visual bugs since upgrade
Cannot log in User Manager
Too many active sessions shown
What does "active sessions" refer to?
How to make Hotspot and User Manager on the same router?
How to make MAC authentication in the User Manager?
How to turn off logging for specific Routers?
How to create timed Voucher?
Cannot access User Manager WEB interface
Incorrect time shown for sessions and credits
User Manager does not allow to login due to expired uptime
How to debug PayPal payments
How to send logs to a remote host, using SysLog
56
What is User Manager
User manager is a management system that can be used for:
HotSpot users;
PPP (PPtP/PPPoE) users;
DHCP users;
Wireless users;
RouterOS users.
It is a separate package for RouterOS.

User Manager is a RADIUS [1] server application.
In RouterOS version 4 User Manager test package was introduced, having major functionality and interface changes.
Requirements
You should have the same version for RouterOS and the User Manager package.
The MikroTik User Manager works on x86, MIPS, PowerPC and TILE processor based routers.
The router should have at least 32MB RAM and 2MB free HDD space.
Supported browsers
All current generation browsers are supported, including:
Opera [2] (>= 9.0). Probably works fine also on Opera 8.x
Mozilla Firefox [3] (>= 1.5). Probably works fine also on Mozilla Firefox 1.0.x
Microsoft Internet Explorer [4] (>= 6.0).
Safari [5] (>= 2.0)
References
[1]
[2]
[3]
[4]
[5]
http:/ / en. wikipedia. org/ wiki/ RADIUS

http:/ / www. opera. com/ download/
http:/ / www. mozilla. com/ firefox/
http:/ / www. microsoft. com/ windows/ ie/
http:/ / www. apple. com/ safari
57

Download
MikroTik User Manager can be downloaded from the MikroTik download page: MikroTik User Manager [1], choose
system and software type and All packages.
Install
Perform the usual router upgrade steps - upload the User Manager package to the router's FTP server and reboot the
router.
Create first Customer

Note: Starting from version 3.0 a default Subscriber/Customer with login admin and empty password is
created when User Manager package is installed for the first time. I.e., the 'admin' subscriber/customer
account is created only if the User Manager package was not installed prior to version 3.0.
If you are using a version prior to 4-test, Customers were called subscribers, so then the first
subscriber must be added using Mikrotik terminal (console). All the configuration is done under
the /tool user-manager menu.
To create a v3 subscriber or v4-test/v5 Customer you should go to /tool user-manager customer menu and execute
add command. It will ask for the username which you will use.
or you can enter this into the command line:
[admin@USER_MAN] /tool user-manager customer> add login="admin"
password="PASSWORD" permissions=owner
You can use the following command to change the password for the 'admin' user:
[admin@USER_MAN] /tool user-manager customer set admin password=PASSWORD
After that you can use print command to see what you have added.
[admin@USER_MAN] /tool user-manager customer> print
Flags: X - disabled
0
login="admin" password="adminpassword" backup-allowed=yes currency="USD"
time-zone=-00:00 permissions=owner signup-allowed=no paypal-allowed=no
paypal-secure-response=no paypal-accept-pending=no
Note: Subscriber shown only in version 3
After that you can use the web interface.
Use web interface

To log on customer web interface type the following address in your web browser: http:/ / Router_IP_address/
userman
where "Router_IP_address" must be replaced with IP address of your router.
Use login and password of the subscriber you have created in console.
58

Note: On RouterOS 4.1, User-manger webinterface is unreachable with an HTTP 404 when attempting to navigate
to http:/ / inside_ip/ userman from behind a Hotspot interface where inside_ip is an non-NAT'd IP address on the
router. Two workarounds: change the 'www' service port from 80 to something other than 80 or 8080, such as port
81. Then use http:/ / inside_ip:81/ userman, or use an IP address hotspot users are NAT'd to (http:/ / outside_ip/
userman) instead.

Bold text== Introduction == To make this setup, you should have running Hotspot server on the router. Let us
consider configuration steps for HotSpot and User Manager routers, in order to use User Manager for HotSpot users.
HotSpot configuration
Set HotSpot to use User Manager for HotSpot server users,
/ ip hotspot profile set hsprof1 use-radius=yes
Add radius client to consult User Manager for HotSpot service.
/ radius add service=hotspot address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address. By default this is
127.0.0.1. If using a remotely located Router (perhaps via a VPN) then the IP address entered is the IP address of
that remote Router. The router could be a Radius Server, or another ROS with User Manager installed.
Note, first local HotSpot Users database is consulted, then User Manager database.
It means that if you have configuration in '/ ip hotspot user print', users will be able to authenticate in HotSpot using
this locally held data.
Delete users configuration from '/ ip hotspot print' to stop using local HotSpot User database for authentication. To
move batch of local HotSpot users to the User Manager database use export and import . Use text editor program to
create appropriate file to import local users to the User Manager database.
If you have multiple Radius entries, then connections are attempted from top to bottom and the first Radius Server
that responds (with ANY response, authenticated or not) aborts any further radius lookups. Therefore this is intended
for the Hotspot to try to obtain a connection to a working Radius Server usually with the same identical database
contents, e.g. a main server and an identical backup. Adding multiple entries is not intended for the scenario of using
different Radius Servers where you wish the Radius Client to attempt to obtain authentication for a user login from
multiple and completely different databases, trying each one in turn, obtaining failures to authenticate on each
(wrong) one until eventually one obtains a valid authenticated response from the one single database that does
contain their Radius record.
59
60
User Manager configuration

First, you need to download and install User Manager package [1];
Create User Manager subscriber (root customer). Note that when using a version 3.0 or newer, a subscriber called
'admin' is created automatically - you can skip the following stage and change 'MikroTik' to 'admin' in subsequent
steps;
/ tool user-manager customer add login="MikroTik" password="qwerty" permissions=owner
Add HotSpot router information to router list,

/ tool user-manager router add subscriber=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the HotSpot router, 'shared-secret' should match on both User Manager and HotSpot
routers. Adding 'x.x.x.x' as a router allows Radius requests from 'x.x.x.x' to be passed to the Radius Server built into
User Manager. Therefore if you have any remote ROS Hotspots that require access to this Radius Server, then all
their IP addresses must be added to this list.
Add HotSpot user information, it is equal to 'ip hotspot user' when local HotSpot is used for clients
In version 3:
/ tool user-manager user add name=demo password=demo subscriber=MikroTik
In version 4:
/ tool user-manager user add name=demo password=demo customer=MikroTik
We discuss only basic configuration example, detailed information about 'user' menu configuration.
You can use User Manager web interface after first subscriber created.
To make sure, that client is using User Manager for AAA,
/ ip hotspot active print
Flags: R - radius, B - blocked
#
USER
ADDRESS
0 R 00:01:29:2... 192.168.100.2
UPTIME
1m29s
'R' means that client uses User Manager server for AAA services.
SESSION-TIME-LEFT IDLE-TIMEOUT

Introduction
User Manager can be used as a remote authentication, authorization and accounting server for PPP clients.
Since 2.9.35 PAP,CHAP, MS-CHAPv1 and MS-CHAPv2 protocols are supported by the User Manager.
Let us consider the following configuration steps for PPP and User Manager routers.
PPP configuration
We consider PPPoE server <-> PPPoE client configuration example, where the PPPoE server uses a remote User
Manager database for PPPoE client authentication, authorization and accounting. Both PPPoE server and PPPoE
client are MikroTik routers, any other PPPoE client might be used instead.
PPP server configuration

First, add the PPPoE server to the local interface, :
/ interface pppoe-server server add interface=ether1 service-name=MikroTik one-session-per-host=yes disabled=no
Specify the use of User Manager for PPPoE clients:

/ ppp aaa set use-radius=yes
Set IP address of the PPPoE server, IP address might not be assigned to the interface of PPPoE server. Moreover
static IP address or DHCP should not be used on the same interfaces as the PPPoE server for security reasons.
/ ppp profile set default local-address=192.168.0.1
Add radius client to consult User Manager for PPP service.
/ radius add service=ppp address=y.y.y.y secret=123456
'secret' is equal to User Manager router secret. 'y.y.y.y' is the User Manager router address.
Note, first the local PPP database is consulted, then the User Manager database.
PPP client configuration

Add PPPoE client to the interface
/ interface pppoe-client add interface=ether1 user=MikroTik password=MikroTik service-name=MikroTik disabled=no

steps;
Add PPP server information to router list,

In version 3:
61
62
In version 4:
/ tool user-manager router add customer=MikroTik ip-address=x.x.x.x shared-secret=123456
'x.x.x.x' is the address of the PPPoE-server router, 'shared-secret' should match on both User Manager and
PPPoE-server routers.
Add PPPoE client information,
In version 3:
/ tool user-manager user add username=demo password=demo subscriber=MikroTik ip-address=192.168.0.2
In version 4:
/ tool user-manager user add username=demo password=demo customer=MikroTik ip-address=192.168.0.2
Let us verify, that PPPoE client is connected and using User Manager for authentication, authorization and
accounting. First we monitor if PPPoE client is connected, then we verify that User Manager was used. The first
command is executed on PPPoE client router, second on PPPoE server:
/ interface pppoe-client monitor pppoe-out1
status: "connected"
uptime: 12h2m29s
idle-time: 12h2m17s
service-name: "MikroTik"
ac-name: "MikroTik"
ac-mac: 00:0C:42:05:54:8F
mtu: 1480
mru: 1480
/ ppp active> print
Flags: R - radius
#
NAME
SERVICE CALLER-ID
0 R MikroTik pppoe 00:0C:42:05:54:6E 192.168.0.2 12h1m48s
ADDRESS
UPTIME
ENCODING

Introduction
To make this setup, you should have running DHCP [1] server on the router. Let's consider configuration steps for
DHCP and User Manager routers, in order to use User Manager for DHCP server users.
DHCP router configuration

Set DHCP to use User Manager for DHCP server leases,
/ ip dhcp-server set dhcp1 use-radius=yes
Add radius client to consult User Manager for DHCP service.
/ radius add service=dhcp address=y.y.y.y secret=123456
Note, first local router database is consulted, then User Manager database. User will be unable to obtain DHCP
lease, if DHCP router and User Manager server will not contain any information about user's data.

steps;
Add DHCP router information to router list,

In version 3:
In version 4:
'x.x.x.x' is the address of the DHCP router, 'shared-secret' should match on both User Manager and DHCP routers.
Add DHCP user information, that client with MAC address 00:01:29:27:81:95 will always receive 192.168.100.2
address. User will receive dynamic address from the DHCP ip pool, if ip-address is not specified.
In version 3:
/ tool user-manager user add add subscriber=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
In version 4:
/ tool user-manager user add add customer=MikroTik username="00:01:29:27:81:95" ip-address=192.168.100.2
We discuss only basic configuration example, detailed information about user menu configuration.
To make sure, that user is receiving lease from User Manager,
63

/ ip dhcp-server lease> print
Flags: X - disabled, R - radius, D - dynamic, B - blocked
#
ADDRESS
MAC-ADDRESS
HOST-NAME
SERVER RATE-LIMIT
0 R 192.168.100.2
00:01:29:27:81:95
dhcp1
64
STATUS
bound
'R' means that lease has been received from User Manager server.
References
[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ ip/ dhcp. php

Introduction
We consider the scenario for wireless network, when only clients from User Manager database are able to establish
communications with 'Access Point' router. To make this setup, you must have running Access Point [1]. Let us
consider configuration steps for Access Point and User Manager routers.
Access Point configuration

Set Access Point to use User Manager for wireless client authentication,
/ interface wireless security-profiles set default radius-mac-authentication=yes
Add radius client to consult User Manager for wireless service.

/ radius add service=wireless address=y.y.y.y secret=123456
Note, first local router database is consulted, then User Manager database. Wireless client will be unable to
connect to Access Point, if Access Points router does not contain any entry in the 'interface wireless access-list'
for the particular configuration and User Manager server will not have any information about user's data.
Make sure you do not have any entry in the 'interface wireless access-list', remove all hosts from 'access-list' to
ensure wireless client MAC authentication only via User Manager,
/ interface wireless access-list remove [find]

steps;
Add Access Point router information to router list,

In version 3:

In version 4:
'x.x.x.x' is the address of the Access Point router, 'shared-secret' must match on both User Manager and Access Point
routers.
Add wireless client information, client MAC-address that is allowed to establish connection to the Access Point,
In version 3:
/ tool user-manager user add subscriber=MikroTik username="00:01:29:27:81:95"
In version 4: / tool user-manager user add customer=MikroTik username="00:01:29:27:81:95"
References
[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ interface/ wireless. php

Introduction
User Manager server might be used as remote storage of RouterOS login and password information. MikroTik router
will consult User Manager for login and password, when you are accessing RouterOS via Winbox or console
session. Let us consider configuration steps.
RouterOS configuration
Set RouterOS to use User Manager server for checking login and password information,
/ user aaa set use-radius=yes
'/user aaa' has 'default-group' option, that define type of the default group. Default is read permissions, if you need
to allow full permissions for users stored in User Manager database
/ user aaa set default-group=full
Add radius client to consult User Manager for login service.
/ radius add service=login address=y.y.y.y secret=123456
Note, first local router database is consulted, then User Manager database.
65

steps;
Add RouterOS router information to router list,

In version 3:
In version 4:
'x.x.x.x' is the address of the RouterOS router, 'shared-secret' must match on both User Manager and RouterOS
routers.
Add login/password information, that account will be able to access RouterOS. login is MikroTik, password is
MikroTik.
In version 3:
/ tool user-manager user add subscriber=MikroTik username=MikroTik password=MikroTik
In version 4: / tool user-manager user add customer=MikroTik username=MikroTik password=MikroTik
Customers are service providers. They use web interface to manage users, credits, routers;
Customers are hierarchically ordered in a tree structure [1] - each can have zero or more sub-customers and
exactly one parent-customer;
Each customer can have same or weaker permission level than it's parent;
Each customer has exactly one owner-subscriber.
Customer with owner permissions is called subscriber. Subscriber's parent is himself;
Customer data contains:
Login and password. Used for web interface;

Parent. Enumerator over customers. Used to keep the hierarchy of customers;
Permissions. Specifies permission level;
Public ID. It's an ID used to identify customer. When a user wants to log on the user page or to sign up he/she
needs to specify, which customer to use (because user login names are allowed to be equal among several
subscribers). To keep customer login names in secret (for security reasons) this field is used to identify
customers ( subscribers);
Public host. Only for subscribers. IP address or DNS name [2] specifying public address of this User Manager
router. Payment gateways use this address to send transaction status response. This field has sense only if users
access User Manager site through local IP address (for, example, http://192.168.0.250/user) and another
address is used for public access (for example, http://userman.mt.lv/user).
Company, city, country. Informational;
Email address. Used to send emails (for ex., sign up information) to users;
66
User prefix. Used to separate users between customers of one subscriber;
Sign-up allowed. When checked, this customer allows users to use sign-up;
Sign-up email subject. When a user completes signs up successfully, he/she receives an email with
authorization information, called sign-up email. Subject of this email is configurable.
Sign-up email body. Text template of sign-up email. Must contain several specific string constants:
%login% - will be replaced with login name of newly created account;
%password% - will be replaced with password of newly created account.
%link% - will be replaced with link to User page. This field can be omitted;
Authorize.Net fields (only for subscribers and only when using https):
Allow payments. When checked, users are allowed to use Authorize.Net as payment method for this
subscriber;
Login ID, Transaction Key, MD5 Value. Authorize.Net merchant attributes. Must match those specified in
Authorize.Net Merchant gateway security settings;
Title. The name of this payment method shown to users. For example, if one changes title to "Credit Card",
users will see "Pay with Credit Card" instead of "Pay with Authorize.Net". This field can be very useful if
users don't know what Authorize.Net means and get confused;
Return URL: address to which user is redirected when pressing "Return to User Manager" button after
successful payment. Can be used to redirect user to HotSpot login page;
Use Test Gateway. When true, payment info will be sent to Authorize.Net test gateway. Can be used for
testing payments without actual money charge;
PayPal fields (only for subscribers):
Allow payments. When checked, users are allowed to use PayPal as payment method for this subscriber;
Business ID (login/email). Business ID of the PayPal account where the money will be sent;
Secure Response: whether to use https (when true) or http (when false) to receive payment feedback from
PayPal. Additional security mechanism is used to check validity of this feedback information so using http
is not mandatory;
Accept pending: when true, payments with status "Pending" are accepted as valid. This may be used for
multi-currency payments where manual approvals must be made;
Return URL: address to which user is redirected when pressing "Return to merchant" button after successful
payment. Can be used to redirect user to HotSpot login page;
Date format. Used on web pages for data representation. Only allowed formats (listed in drop-down) can be
used. When the value doesn't match any of allowed (it's possible to enter any value from console) formats,
default is used. See date character constants:
Currency. Used for payments and money-related data representation on the web page;
Time zone. Specific for each customer. By default equals to 00:00. Session and credit info is stored as GMT
regardless of ROS time zone on the User Manager router. This value specifies the way data is displayed on the
User Manager web pages.
References
[1] http:/ / en. wikipedia. org/ wiki/ Tree_structure
[2] http:/ / en. wikipedia. org/ wiki/ Domain_name
67
User Manager/Users
User Manager/Users
Users are people who use services provided by customers;
Each user can have time, traffic and speed limitations;
Users belong to specific subscriber, not to customer. Customers can create, modify and delete users but the owner
is the subscriber who is also owner of these customers;
To separate users among customers of one subscriber, user prefix is used.
User data contains:
Username and password - used to identify user. Different subscribers can have users with the same username;
First name, last name, phone, location. Informational;
Email. Used to send notifications to user (for ex., sign-up email);
IP address. If not blank, user will get this IP address on successful authorization;
Pool name. If not blank, user will get IP address from this IP pool on successful authorization;
Group. Sent to Radius client as Mikrotik-Group attribute. Indicates group (/user group) for RouterOS users and
profile for HotSpot users. See Radius client documentation [1] for further details, search for "Mikrotik-Group".
Address list. Sent to Radius client as Mikrotik-Address-List attribute. Used only for PPP (not hotspot) indicates to which "ip firewall address-list" should the remote address be added.
Download limit. Limit of download traffic, in bytes;

Upload limit. Limit of upload traffic, in bytes;
Transfer limit. Limit of total traffic (download + upload), in bytes;
Uptime limit. Limit of total time the user can use services. When left blank, user is limited in time only by
credits. Note that this value only takes effect when a user is logged on. When they log off the clock is stopped.
If you want to limit the time whether or not the user is logged in, you have to use credits.
Rate limits. Has several parts. For more detailed description see HotSpot User AAA [2], search for "rate-limit".
User also have read-only counters:
Uptime used;
Download used;
Upload used.
Note: RouterOS users have nothing to do with User Manager user. If you have RouterOS user admin, it doesn't mean
it will also be a customer/subscriber in User Manager.
References
[1] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_radius. php
[2] http:/ / www. mikrotik. com/ testdocs/ ros/ 2. 9/ guide/ aaa_hotspot. php
68
User Manager must know with which routers (IP addresses) to communicate. User Manager is like a judge - it
receives questions and must give answers. For example:
HotSpot: "Is user 'nick' allowed to use hotspot?"
User Manager: "Yes, but only 2 hours. And give him IP 192.168.0.40".
If an unknown router asks something, User Manager ignores it.
Router table contains information about known routers which are allowed to ask User Manager questions.
Router data contains:
Name. Name of the router. Informational, must be unique per subscriber;

IP address. Address of the router;
Shared secret. Password used for authentication;
Log events. Specifies which events must be written to log.
User Manager/Sessions
The term session refers to a period when a user is using customer's services (HotSpot). It has nothing to do with User
Manager web-page sessions.
Fields:
Username. Session owner;

NAS Port. See: RADIUS Client documentation [1] (Supported Radius Attributes);
NAS Port Type. See: RADIUS Client documentation [1] (Supported Radius Attributes);
Calling Station ID. See: RADIUS Client documentation [1] (Supported Radius Attributes);
Status. Session status, composition of several facts;
User IP. User's IP address;
Host IP. Router's IP address;
NAS Port ID. See: RADIUS Client documentation [1] (Supported Radius Attributes);
From Time. Session start time;
Till Time. Session end time;
Terminate Cause. Session termination reason;
Uptime. = EndTime - StartTime;
Download. Downloaded traffic amount;
Upload. Uploaded traffic amount.
69
Users can buy credits using payment methods allowed by the subscriber. Subscribers can define accessible payment
methods on the customer page.
Payments hold history of user's transactions.
Attributes:
Created. Transaction start-time;

Finished. Transaction end-time;
Price. Transaction amount ( credit price);
Credit time. Credit prepaid-time bought;
Status. Current status of transaction. Can be one of the following:
Started - transaction is in progress;

Approved - transaction completed successfully;
Error - transaction failed;
Timeout - transaction failed (not finished in required time);
Status description - message describing transaction status;
User Manager/Reports
TODO
User Manager/Logs
Logs are written when Authorization (auth) or Accounting (acct) requests from routers are received.
It is configurable per router which logs must be written (See: HOWTO).
Log data contains:
Username. Can differ from those registered in user table;

User IP;
Host IP. Router's IP;
Status;
Time;
Description;
NAS Port;
NAS Port type;
NAS Post ID;
ACCT Session ID;
Calling station ID.
70
User Manager/Logs
More information on what these fields mean can be found in Mikrotik RouterOS Radius client documentation
Supported RADIUS Attributes.
71
[1]
Sending logs to Syslog

Starting from version 3.24, support for sending logs to SysLog is added. To enable it:
1) Configure per router, which requests to log: accounting/authorization failure/success (See: HOWTO);
2) On the router configure log writing:
/system logging add topics=manager,account action=remote
/system logging action set remote target=remote remote=1.2.3.4:514
, where 1.2.3.4 and 514 is IP address and UDP port of the remote host, which will receive the logs.
3) Configure your remote host to listen on port 514 (any other port can be used, but it MUSt be UDP port and MUST
match the one entered in router's system logging action);
4) Test, if logs are successfully received at the remote host:
4.1) Generate some logs by logging in and out using HotSpot/PPP users;
4.2) Check the Log page. The logs must appear here. Logs are sent to syslog only if they are logged in the User
Manager database;
4.3) Check, if logs are received remotely. If you are running Linux, nc [2] can be used:
nc -l -u -p 514
, where 514 is the UDP port used. Could be, that root permissions are required to run listening on a UDP port.
Another alternative is Wireshark [3] - a multi platform tool for network packet "sniffing". Start a new session and
enter
udp port 514
in the filter field. You should see incoming logs appearing.
User Manager/Logs
72
Syslog message format

The logs are in the following format:
<user-ip>,<username>,<log-type>,<message>
, where:
user-ip - IP of user (NOT the routers IP!): four number in the range 0-255, separated by commas. 0.0.0.0 means
"empty address";
username - username of the user or MAC address, when MAC-authentication used;
log type: string describing type of the log. Takes one of the following values: "auth ok", "auth fail", "acct ok",
"acct fail". Fail means - the user was not successful to authorize or the accounting log was malicious. To track
user session activity, only logs having "auth ok" and "acct ok" must be taken in account.
message - contains message, describing error, in case of failure. can be empty. SysLog messages are limited in
size, therefore it could happend, that the end of the message has been cut off.
References
[1] http:/ / www. mikrotik. com/ docs/ ros/ 2. 9/ guide/ aaa_radius
[2] http:/ / netcat. sourceforge. net/
[3] http:/ / www. wireshark. org/
This table lists customer permissions:
Read-only Read-write Full Owner
View
Routers
Credits
Users
Sessions
Customers
Reports
Logs
Routers
Credits
Users
Add
Customers
+
Edit
Routers
Credits
Users
Customers
+
+
73
Remove
Routers
Credits
Users
Customers
Sessions
Logs
Specific actions
Reset user counters
Reset router counters
Remove last user credit
Close active sessions

Time constants
Time constants can be divided in parts. Each part consists of integer followed by one of the following characters:
w - week (equals 7 days)

d - day (equals 24 hours)
h - hour (equals 60 minutes)
m - minute (equals 60 seconds)
s - second
Examples:
4w2d - 30 days (4 weeks and 2 days).
30d - 30 days. Equals 4w2d

3h - 3 hours
2d2h - 50 hours (2 days and 2 hours). Equals 50h
2w30m - 2 weeks and 30 minutes. Equals 20190m.
Date constants
In date constant following characters will be replaced with proper values:
%Y - four digit year representation

%b - verbal (short) month representation
%m - two digit month representation
%d - two digit day-of-the-month representation
Examples (representing October 5, 2006):

%d/%m/%Y - 05/10/2006
%Y-%b-%d - 2006-Oct-05
Voucher template constants at v5.x

The following constants of voucher template will be replaced with actual user attribute values:
%u_username% - Username (login);

%u_password% - Password;
%u_owner% - User Manager customer;
%u_firstName% - First name;
%u_lastName% - Last name;
%u_phone% - Phone number;
%u_location% - Location;
%u_email% - Email address;
%u_comment% - Comment;
%u_ipAddr% - IP address;
%u_pool% - Pool name;
%u_group% - Group;
%u_limit_download_f% - Nicely formatted download limit (introduced in v3.1);
%u_limit_upload_f% - Nicely formatted upload limit (introduced in v3.1);
%u_limit_transfer_f% - Nicely formatted transfer limit (introduced in v3.1);
%u_limitDownload% - Download limit (in bytes);

%u_limitUpload% - Upload limit (in bytes);
%u_limitUptime% - Uptime limit (in time);
%u_usedDownload% - Used download;
%u_usedUpload% - Used upload;
%u_usedUptime% - Used uptime;
%u_prep_time% - Prepaid time - time constant or the word unlimited;
%u_tot_price% - Total price, including currency;
%u_callerId% - Caller-id information;
%u_shared_users% - Number of shared users;
%u_wirelessPsk% - Wireless WPA/WPA2 pre-shared key;
%u_wirelessEncKey% - Wireless WEP key;
%u_wirelessEncAlgo% - Wireless Encryption Algorithm;
%u_tillTime% - Time available for users (Profile Validity);
%u_timeLeft% - Time left for user;
%u_actualProfileName% - Profile Name;
%u_actualProfileStart% - Profile start date;
%u_actualProfileEnd% - Profile end date;
%u_actualProfileLeft% - Time left for profile validity;
%u_actualRateLim% - Rate-Limit;
%u_moneyPaid% - Money paid by user;
%u_moneyUsed% - Money used by user;
%u_moneyleft% - Money left for user;
u_tillTime - Timestamp for active profile, when all profiles are exprired
u_timeLeft - sum of left time, when user does not active profile
74

When a session is started it's state is set to active. It can become inactive in one of the following ways:
User Manager receives accounting-stop message;
Customer closes session manually in the web interface. The option "Close" is available for the active-session
table, on the status page;
An active session is closed when the same router asks to start a new session with the same accounting-session-id.
If the router hasn't sent accounting-stop message the session may remain active even if it should have closed much
sooner. Such sessions can be closed manually.
User Manager/Active users

User is considered active if it has at least one active session. One user can have more than one active session at the
time.
User Manager/Public ID
Each subscriber already has an unique field - login. But for security reasons another field - Public ID is used. Note:
In earlier versions (until version 2.9.31) login is used to identify subscriber.
Each customer has a Public ID. It can be configured in the customer section. But there is no need to specify public
ID for each customer. Because the subscriber search procedure occurs as follows:
Search for a customer with specified public ID. If no customer found, the default (first) subscriber is used.
Otherwise proceed to the next step;
Search for a subscriber (owner) of the customer just found. Every customer has its subscriber, so this procedure
always finds the result.
So only one customer per subscriber must have a public ID defined. Usually the subscriber itself has a public ID and
all the other customers can live without it.
Public ID for customers is significant in user sign-up process to use different user prefix and sign-up-credit for
different customers.
Only subscribers have permissions to edit customers. That means, subscriber must configure public IDs for all
sub-customers.
75
Applies to RouterOS: v4.x test and v5.x packages
Profiles are used to control user session time. Each Profile has:
Name. Unique ID for the Profile - also used in signup page for dropdown menu of payments;
Name for Users. Descriptive name for the Profile that is displayed to the end user when they login to their user
page;
Owner. The 'Owner' of the Profile (usually 'admin');
Validity. Defines the period of time the Profile is valid for. (Note: NOT the same as the online time that could be
set in Limitations);
Starts. When the Profile is activated. Chose from 'At first logon', or 'Now';
Price. How much it will cost for the user or if left blank, there is no payment required;
Shared Users. Simultaneous session limits for each user
Profiles
Profiles can be assigned to users manually or allocated by the user when they make a successful payment.
If the Profile property 'Starts' is set to 'At first Logon', the Profile assigned to a user is inactive until that user logs on
to the system (e.g. via a Hotspot). When the user starts a new session, that User's 'start time' is fixed and accordingly
the 'end time' is calculated. The 'end time' cannot then be changed, no matter if the session remains active until the
'end time' or the session closes sooner.
If the user has several profiles, the next inactive profile is then started (it's activated as the 'actual profile') when the
previous actual profile reaches it's 'end time'. If there are no more inactive profiles to start, the user is forced to log
off.
If there is already one active profile when a user logs on, this profile is used instead of starting the next one (if one is
available).
If the user logs off before the profile's 'end time', the next inactive profile is started only when the user logs on again
after the 'end time' of the earlier profile.
Only one profile (for the same user) can be active at a time.
The last profile of a user can be removed by customer only if it is inactive.
Validity
If the 'Starts' value is set to 'At first logon', then the Validity value starts counting. E.g. If Validity is set to 1d, then 1
day after first logon, regardless if the user has used all their online time or not, the profile will become invalid and
they will be unable to log on again unless a new profile is available in their list of valid profiles.
Limitations
Pre-defined Limitations can be attached to any profile. A total allowed user online/uptime limit for example, is set in
the Limitations of a profile, not in the Validity field.
76

Applies to RouterOS: v4.x test package
Description
MAC binding is a feature, when users MAC address is not specified beforehand, but is fixed (bound) when the user
connects for the first time. Further the user is allowed to use only this MAC address.
In User Manager MAC address can be re-bound also for users with previously fixed one. In this case MAC address
is re-fixed at next user logon.
Binding MAC address in the Web interface

To bind MAC address, check the box "Bind on first use" for Caller ID field from the Constraints group in User
Detail form:
To specify a particular MAC address, un-check this box and type in the MAC address manually.
Binding MAC address in console

To bind MAC address in console, just change users caller-id to "bind":
/tool user-manager add customer=admin name=user1 caller-id=bind
77
In RouterOS v4, User Manager supports multiple languages.
Create your own translations

1. Download language file template [1], containing English translations
2. Open it with poEdit. Language files are plain-text and can also be edited with any text editor if poEdit [2] is not
available. Please, use UTF-8 encoding for non-standard characters.
3. Translate the file
4. Set the language: in poEdit [2]: Catalog > Settings > Language, in text editor, change the line containing
"X-Poedit-Language: English\n"
5. Save it as .lng file. File name is not important (.lng extension is required), but it is recommended to contain
translation language information, for example de_DE.lng for German translation)
6. Upload the file to router, using ftp
7. If you are logged in to User Manager web, log out and log in again.
8. In the web page there will be language select box on the menu. Select desired language.
Multiple languages can be stored on router at the same time, desired language is chosen in customer web page.
Every customer can choose its own language to use.
User translations
Currently no ready-to-use translations are available here. But, if you made one, please post it here: choose "Upload
file" from menu on the left side of this wiki, upload the file and then post a direct link to it here.
Spanish translation http:/ / wiki. mikrotik. com/ images/ b/ be/ Sp_SP_def. txt author: Jose Salazar, Spain. Change
txt extension for lng and upload it via FTP to Router.
Portuguese-BR translation http:/ / wiki. mikrotik. com/ images/ 2/ 2c/ Pt_BR. lng. txt author: Antonio Junior, Brazil.
Change extension for lng and upload it via FTP to Router.
Italian translation http:/ / wiki. mikrotik. com/ images/ 2/ 23/ It_IT_def. txt author: Renato Bernardi, Italy. Change
txt extension for lng and upload it via FTP to Router.
Russian translation http:/ / wiki. mikrotik. com/ images/ 1/ 1f/ Ru_RU. txt authors: Alexander Zotov and Eugene
Nurullin, Russia. Change txt extension for lng and upload it via FTP to Router.
Arabic translation http:/ / wiki. mikrotik. com/ images/ 9/ 9c/ AR_AR. lng. txt Change txt extension for lng and
upload it via FTP to Router.
Turkish translation http:/ / wiki. mikrotik. com/ images/ 5/ 5c/ Tr_TR_def. lng. txt Author: Bulent KUSVA and
Umut Can YILDIZ
References
[1] http:/ / wiki. mikrotik. com/ images/ 5/ 59/ En_EN_def. txt
[2] http:/ / www. poedit. net/
78
Applies to RouterOS: v3.x
Subscriber is a customer with owner permissions who's parent is himself;

Subscribers can be thought as domain [1] - each subscriber sees everything that happens with his
sub-customers,
credits, users, routers, sessions, etc., but has no access to other subscriber's data;
All data objects (users, routers, credits, logs) belong to one specific subscriber and can therefore belong to many
sub-customers of the owner subscriber;
To separate users among customers of one subscriber, user prefix is used;
References
[1] http:/ / en. wikipedia. org/ wiki/ Domain
Note: In version 4 test package, profiles are used instead of credits
Credits are used to control user session time. Each credit has:
Name. Unique ID;
Time. How long services can be used;
Full Price. How much it will cost if this is the first credit for the user or user has free credits
(with zero-price) only;
Extended Price. How much it will cost if the user already has (at least) one credit (with price other than zero) and
buys this as additional credit;
Credits belong to subscribers. If a customer creates credit, it belongs to subscriber which is owner of that customer.
User credits
Credits can be assigned to users. First credit (with non-zero price) costs full price. When a user already has a credit
with a non-zero price, another credit can be bought at extend price.
Credits are inactive until user logs on to the system (Hotspot). When the user starts a new session, credit start time is
fixed and according end time is calculated. The end time then cannot be changed, no matter if the session remains
active until the end time or closes sooner.
If the user has several credits, the next inactive credit is started (it's been activated) when the previous active reaches
it's end time. If there are no more inactive credits to start, the user is forced to log off.
If there is already one active credit when a user logs on, this credit is used instead of starting a new one.
If the user logs off before the credit end time, next inactive credit is started only when the user logs on again after the
end time of the first credit.
Only one credit (for the same user) can be active at a time.
79
80
The last credit of a user can be removed by customer only if it is inactive.

Don't mix Credits with User credits!

Note: In version 4, each user belongs to a particular customer, there is no need to use prefixes anymore
Every user belongs to specific subscriber. To separate users among customers of the same
subscriber, a specific customer property called user prefix is used. (See the meaning of word prefix
[1]
in Wikipedia [2]).
It is a customer's string field which specifies initial part of user login (username). Only users with
such initial part of username will be accessible to this customer.
Example (insignificant parts skipped):
[admin@USERMAN] tool user-manager customer> print
0
subscriber=owner login="owner" password="" permissions=owner parent=owner
subscriber=owner login="manager" password="" user-prefix="p" permissions=read-write parent=owner
subscriber=owner login="reader" password="" user-prefix="public" permissions=read-only parent=owner
[admin@USERMAN] tool user-manager user> print

0
subscriber=owner username="differentUser"
subscriber=owner username="publicUser1"
subscriber=owner username="publicUser2"
subscriber=owner username="privateUser1"
subscriber=owner username="privateUser2"
subscriber=owner username="pztuxy"
subscriber=owner username="klztt8xs"
According to the situation described above, customer owner is subscriber with two sub-customers: manager and
reader. User accessibility can be shown in following table:
owner manager reader
differentUser +
publicUser1
publicUser2
privateUser1 +
privateUser2 +
pztuxy
klztt8xs
References
[1] http:/ / en. wikipedia. org/ wiki/ Prefix
[2] http:/ / wikipedia. org/
Note: In version 4, profiles are used for user limiting
Introduction
User actions can be limited in several dimensions:
time
traffic amount (download and upload)
rate limits (speed)
Time
Time can be managed in two ways: user's uptime-limit field and credit's time field.
Uptime limit
Uptime limit is maximum time amount a user is allowed to be active (to have active sessions). If the user's
uptime-limit field is left blank, he/she has no uptime limit. See the example below.
Used-uptime for a user is sum of durations of all sessions this user has. Used-uptime can not exceed uptime-limit.
User's request to start a new session is processed as follows:
uptime-limit for the user is checked. If it is not specified, start a new session, otherwise proceed to next step.
uptime-left is calculated (left = allowed - used). If uptime-left is not positive, raise an error, otherwise proceed to
next step.
session-timeout is set and a new session is started.
Credit time
Subscriber can define available credit vouchers. User can buy those vouchers, customers can assign available credits
to users. User credits are valid specific time. This means, when a credit is started, it must be used within a time
specified. User can have active sessions only while he/she has valid credits. See the example below.
Example
If a user must be allowed to use 2 hours of Internet access and he/she must use these 2 hours within one week, then
the uptime-limit field must be set to 2h and the user must be assigned a credit with time equal to 1w (See character
constants for more information about time limit constants).
81
Traffic amount
User has fields download-limit and upload-limit. To specify unlimited amount, leave blank the proper field. Limits
are specified in bytes. For example, to allow download 1GB, download-limit field must have value of 1073741824
(1073741824 bytes = 1024 x 1024 x 1024 bytes = 1 gigabyte).
Rate limits
User has field rate-limit. This field is available straight in the console, but is divided in several fields in
web-interface, to ease the input process. For more detailed description about the meaning of these fields see Mikrotik
HotSpot User AAA documentation [2], HotSpot User Profiles, Property description, rate-limit.
User Manager/Prepaid and unlimited users

There are two types of users - prepaid and unlimited.
Prepaid users
Prepaid users have at least one credits assigned. They can also have uptime-limit.
Unlimited users
Unlimited users don't have any credits assigned. Word unlimited comes from the fact that they have unlimited credit.
However uptime-limit can be assigned to unlimited users. It means, unlimited users can have limited duration for
active sessions but these sessions can be started in an unlimited period of time.
82

Voucher template can be edited in customer section.
Each customer has it's own voucher template;
Several predefined constants can be included in voucher template. When constructing voucher these constants
will be replaced with actual values of user attributes. See documentation about users to understand meaning of
each user attribute.
Every constant must be included in percent signs. For example: %u_username%, %u_password%.
Available constants can be found in character constant documentation:
Also usage information (for example, used uptime) can be included in vouchers. This means that actually also
reports can be printed using voucher generation.
You have to choose which attributes must be printed on the voucher.
Vouchers can be generated in user section.
Recommendations
If basic knowledge of HTML [1] and CSS [2] is present, the template can be redesigned completely, having
different look and information. Otherwise it is recommended to leave the default structure and only translate or
edit phrases displayed on original voucher;
Don't leave open HTML tags. This means, if you have <div>, then also </div> must be present. Otherwise
vouchers can damage the entire page and browser content refresh will be required;
Be careful with tags. As template editing is only accessible to customers (and router console users) there is no
restriction in tag use. This means more flexibility and responsibility at the same time;
Table is recommended for formatting data;
Table should be centered using the way it is done in default template;
Vertical centering is not a very simple thing. Default template uses workaround - rows (having class "space1" and
"space2") with fixed height for this reason.
Images are not be printed by default. To show images in printable form, width and display attributes must be
explicitly specified for image, i.e., you must write <img src="url_to_image.jpg" style="display: inline; width:
auto" />
Examples
Example posted in forum [3] by airforce1:
<table style="color: black; font-size: 11px;" border="2" height="10">
<tr>
<td colspan="2" bordercolorlight="#000000" bordercolordark="#000000">
<b><font size="2" face="Arial">YOUR COMPANY NAME GOES HERE!</font></b>
</td>
</tr>
<tr>
<td bordercolorlight="#000000" bordercolordark="#000000">
<b><font size="2" face="Arial">Time:</font></b>
</td>
<b><font size="2" face="Arial">%u_limit_uptime%</font></b>
83

</td>
</tr>
<tr>
<font face="Arial" size="2"><b>Validity</b></font>
</td>
<b><font size="2" face="Arial">%u_prep_time%</font></b>
</td>
</tr>
<tr>
<b><font size="2" face="Arial">Price:</font></b>
</td>
<b><font size="2" face="Arial">%u_tot_price%</font></b>
</td>
</tr>
<tr>
<b><font size="2" face="Arial">Username:</font></b>
</td>
</font><b><font size="2" face="Arial">%u_username%</font></b>
</td>
</tr>
<tr>
<b><font size="2" face="Arial">Password:</font></b>
</td>
<font face="Arial"><b><font size="2">%u_password%</font></b></font>
</td>
</tr>
</table>
Example posted in forum [3] by csickles:
Hotspot Tiket [4]
This one is created in a package called "Bartender". The tickets are produced by exporting user CSVs to a local
dirrectory then some VB automates bartender that then prints the ticket out on a thermal POS printer.
84
References
[1]
[2]
[3]
[4]
http:/ / en. wikipedia. org/ wiki/ HTML

http:/ / en. wikipedia. org/ wiki/ Cascading_Style_Sheets
http:/ / forum. mikrotik. com/ viewtopic. php?f=10& t=20397
http:/ / info. microage. com/ Campaigns/ MicroAge/ HotSpot. bmp
User Manager/Search patterns

Tables can be searched (filtered) by one field. This field is specific for each kind of table. For example, users are
filtered by username, routers - by name.
Filter pattern:
is case-insensitive [1].
matches a part of the value. (abc matches abc, abcde, 123abc, 123abcde). Pattern "abc" is actually used as
"%abc%" (See below for explanation of character %);
Special characters can be used:
% - matches any sequence of zero or more characters;
_ - matches any single character;
\ - escape character. Use it before '%', '_' and '\' literals to match them as regular characters.
Examples
"spot" matches hotspot, hotSpot, HotSpot, HotSpots, HOTSPOT, ...
"r%m" matches rm, arm, armor, ram, rome, aroma, Mikrotik manager ...
References
[1] http:/ / en. wikipedia. org/ wiki/ Case_insensitive
85
User Manager/Tables
User Manager/Tables
Tables are used to display a list of objects: users, routers, credits, sessions, customers or logs.
In one table are displayed only objects of one type. Each type of objects has specific fields to display.
If the object contains many parameters, not all of them are displayed in the table. To see all parameters the object
detail form can be used.
Tables have several options:
Sorting;
Filtering (Search);
Division in pages;
Multiple object selection;
Operations with selected objects;
Minimization;
Links to detail form.
Sorting
Sorting can be done by almost all fields. But there are some "non-sortable" fields, mostly because they are calculated
fields.
Sorting can be ascending (1, 2, 3, ...) or descending (5, 4, 3, ...).
There are triangular sort buttons for each column - on sides of column's title (at the top). Ascending sort - on the left,
descending - on the right:
Sorting decreases data reading performance - sorted data reads take more time than non-sorted reads. However
sorting affects only reads in the current table, tables are independent to each other.
86
User Manager/Tables
Filtering
Each table can be filtered only by one field:
Users, sessions, logs: by username;
Routers, credits: by name;
Customers: by login.
Some tables cannot be filtered (for example, specific user's sessions).
Enter pattern in the search form at the bottom of the table and press search. To cancel filtering, clear value of the
search form and press search:
Division in pages
A table can contain plenty of records. It could be a very long operation to display them all. Therefor records are
divided in pages and only one page, called active page, at a time is displayed.
Record count per page is changeable on the top-right corner:
The active page can be changed using the link on the upper-left corner:
87
User Manager/Tables
Links with numbers go to respective page.

Links with arrows go to previous and next page.
There are also links to first and last page, but they are only displayed when needed (when it is possible to go to
the last/first page with number-links, first/last page links will not be displayed).
A total number of records (not pages) is displayed in parenthesis right after page-links:
Multiple object selection

Tables have checkboxes for each object on the right side of row:
Each object can be selected and actions can be performed on selected objects.
On the top of all checkboxes is the select-all checbox which toggles selection of all objects in the current page:
88
User Manager/Tables
A
title
displaying
89
selected
object
count
is
located
at
the
bottom
of
table:
The total count of selected objects and selected objects in the active page is displayed.
There is also a button which unchecks all selected objects in other (inactive) pages (affects only this table). This
button is very useful if you select some objects and then change sorting criteria for the table - selected objects get
scattered between many pages but you can still uncheck them all by one click.
Operations with selected objects

Different operations can be performed on selected objects.
Web-interface users can have different allowed operations depending on their permissions.
Operations are performed only with users in the active page. The reason is security. It is very easy to select some
objects, then change the page and forget the selected objects in other pages. Some operations (like remove) are very
dangerous in such situations. That's why all operations work only with selected objects in the active page.
All allowed operations (except adding, which is available in main menu on the left) can be found at the bottom of a
table in a form of popout toolbar. Each table can have different allowed operations:
User Manager/Tables
90
Minimization
Tables can be minimized with a click on the minimize button on the top-right corner:
Minimized tables are not shown in printable page.
User Manager/Tables
Links to detail form

Almost every table has links to object detail form, because not all the information can be displayed in the table.
Some tables have even links to two different detail forms, for example, session table has links to user and session
detail forms.
Detail form Links are displayed as usual html-links, underlined:
91

Detail form is used to show all the attributes of an object, because it is sometimes impossible to display them all in a
table. It is also used to add new data records.
Detail form is show in a Javascript [1] pop-up window. It is not a real window, it's javascript window, so it won't be
blocked by the browser's pop-up blocker:
Visual appearance:
Popup-window has a title-bar. Click on the titlebar and hold down the mouse to drag the window;
There is a close button on the upper-right corner which closes the popup-window;
Multiple popup-windows can be open at the same time;
If one window is behind another, it can be brought to the top by clicking on it's title-bar;
Some fiels are grouped together and hidden by default. For example, user has field groups named "Private
information" and "Rate limits". There is a show/hide chechbox for each such group.
Options:
Contents of a detail form may differ depending on permissions. One customer may have read-only access to the
object while other customer may be allowed to edit it;
Option buttons are located at the bottom of a form.
Read-only fields are displayed as simple text labels. Read-write fields are displayed as text inputs, select boxes
etc.
Detail forms can also be informational and contain read-only fields. For example, session detail form:
92
References
[1] http:/ / en. wikipedia. org/ wiki/ Javascript
93
User Manager has different style definitions for screen and for printer. You can see the printable form
in Print preview mode (can be found under File > Print Preview in browsers main menu).
By default nothing is to be printed. People mostly print reports. So reports are the only thing that is
visible in printing mode. There are different kinds of reports: user time/traffic reports over a period of time, single
user report and user vouchers (print page). The last one is not really a report but could be treated as such, because it
is meant to be printed.

Setup
There are no special setup actions for web interface. The only requirement - at least one subscriber must be defined.
See first subscriber setup guide.
How to find?
Type the following address in your web browser: http://Router_IP_address/userman
where "Router_IP_address" must be replaced with IP address of your router.
Sections
Here are described customer page sections. Use menu on the left side to navigate:
94
Status
This page has several components:
User search;
Active user listing;
Active session listing;
User batch-add form.
User search
Type in the search pattern and press the button "Search". Results will be displayed in a new table.
Active users
Active user count displayed here. To see a full list of active users, click on "Show":
Active sessions
Active sessions count displayed here. To see a full list of active sessions, click on "Show":
User batch-add form

Batch of users can be added here:
Fields:
Number of users. How many users to add;
Login starts with. Displays user prefix;
Rate limits. hidden by default. Check the box on the right to show rate limit field group;
Uptime limit;
95

Prepaid. Credit that will be assigned to users. Unlimited users can also be created by selecting unlimited as a
value.
Generate CSV [1] file. When checked a CSV-file [1] will be generated containing just created user data;
Generate vouchers. When checked printable vouchers for just created users will be generated.
Routers
View routers
Table displaying routers:
All router's attributes are shown here.

Click on name opens router detail/edit form.
Add router
Opens router add form. The same form is used to edit routers:
Fields:
Name. Router's name. Must be unique per subscriber;

IP Address. Address of the router;
Shared secret. Password used for authentication;
Log events. Specifies which events must be written to log.
96
Credits
View credits
Table displaying credits:
All credit's attributes are shown here.

Click on name opens credit detail/edit form.
Add credit
Opens credit add form. The same form is used to edit credits:
Fields:
Name. Credit's name. Must be unique per subscriber;
Time. How long this credit is valid when started;
Full price. The price of this as the first credit for a user. When the checkbox at the right is empty, full price is
unavailable - this credit can not be used as a base credit;
Extended price. The price of this as extended credit for a user (user already has credits before this on). When the
checkbox at the right is empty, extended price is unavailable - this credit can not be used as an extended credit;
97
Users
View users
Table displaying users:
Only part of user's attributes are shown here. To see all details of specific user, open user detail form by clicking on
username in the table.
98

User detail form
Detail form with user data:
Contains all user fields .

There are groups of fields (for example, private information, rate limits). These fields are hidden by default and are
accessible by checking the box on the right:
If the user has credits assigned the total prepaid time is shown at the bottom. To see credit details click on the plus
sign ("+") under Prepaid time:
New credits can also be assigned (if permitted) to user. At the bottom is a select-box called "Extend" (called "Add
time" when user has no credits yet). The price depends on what kind of credit this is for a user - first or extended.
Price is shown in braces:
99
.
To assign credit to the user, choose the desired credit and click Save.
Options (buttons at the bottom):
Save - saves edited information, assigns credit, if one selected;

View report - opens single user report.
Remove last credit - removes last credit that's not started yet;
Show sessions - opens window with all sessions this user has;
Add user
Detail form for filling in information about the new user. Very similar to user detail form. This form does not have
read-only counters and other user statistics:
100

Add batch of users
The User batch-add form will be opened.
Sessions
View sessions
Table displaying sessions:
Only part of session's attributes are shown here. To see all details of specific session, open session detail form by
clicking on ID in the table.
To see details of session user click on the username in the table.
101

Session detail form
Detail form with session data:
Contains all session fields .
Customers
View customers
Table displaying customers:
Only part of customer's attributes are shown here. To see all details of specific customer, open customer detail form
by clicking on login in the table.
102

Customer detail form
Detail form with customer data:
Contains all customer fields .

There are groups of fields (for example, private information, user options). These fields are hidden by default and are
accessible by checking the box on the right:
There are fields which are accessible only for subscribers: Public Host and Authorize.Net fields. These fields are not
shown for customers who are not subscribers:
103
There are sensitive-data fields (Authorize.Net) which are visible only when using secure connection (https):
There are sensitive-data fields (Authorize.Net) whose values are not shown. Whether the field has value specified or
not is visible by the title standing before it: if the title says "Set ...", this field has no value set; the title saying
"Change ..." means that this field has some value:
104
In the example above Login ID and Transaction Key fields have values (titles are "Change ...") while MD5 Value
field has no value specified (title is "Set ...").
Add customer
Detail form for filling in information about the new customer. Very similar to customer detail form. This form does
not have subscriber fields since subscribers cannot be added here:
Reports
This section refers to user time and traffic reports.
Reports generated here can be printed directly.
Configurable options:
Users - which users to show: prepaid, unlimited or all;
Type - time (contains prepaid time, extend time and price) or amount (contains upload and download amount)
report;
Period - total (whole history) or with specific time boundaries;
See user time and traffic reports for further detail.
Sample report:
105
Logs
View logs
Table displaying logs:
Only part of log's attributes are shown here. To see all details of specific log, open log detail form by clicking on ID
in the table.
106

Log detail form
Detail form with log data:
Contains all log fields .
References
[1] http:/ / en. wikipedia. org/ wiki/ Comma-separated_values
107
108

How to find?
User page can be found at address: http://Router_IP_address/user?subs=publicID , where
"Router_IP_address" must be replaced with IP address of your router where the User Manager is running (don't
mix it with the HotSpot router, if User Manager and HotSpot are running on different routers);
publicID must be replaced with public ID of the subscriber who is the owner of this user;
If there is only one subscriber on this router the part "?subs=..." can be skipped, i.e., then the address http://
Router_IP_address/user can be used.
What is Public ID and how to change it?

See: Subscriber public ID.
Link to user page

Links and buttons to user page can be used in other web pages. There are several things configurable:
router IP address;
subscriber's public ID;
caption on the link/button.
Textual link
To get a textual link to user page, replace this template with your own values:
<a href="http://%hostname%/user?subs=%subid%">%caption%</a>
%hostname% - router's hostname or IP address;
%subid% - subscriber's public ID;
%caption% - caption of the link that will be show to user.
Example: To get a link to userman.mt.lv router's demo subscriber user page, use the following link:
<a href="http://userman.mt.lv/user?subs=demo">This is an example link to Mikrotik User Manager demo User page</a>
And it looks like this: This is an example link to Mikrotik User Manager demo User page [1]
Link button
To get a button, which leads to user page, replace this template with your own values:
<button onclick="document.location='http://%hostname%/user?subs=%subid%'">%caption%</button>
Example: To get a button-link to userman.mt.lv router's demo subscriber user page, use the following link:
<button onclick="document.location='http://userman.mt.lv/user?subs=demo'">Check</button>
The visual representation cannot be shown here because of the wiki security so you have to pretend how it looks like.
The same button-link is used in HotSpot page templates. By default it looks like this:

<button onclick="document.location='http://$(hostname)/user?subs='">status</button>

$(hostname) here is replaced with the hostname of the HotSpot router (so the default link works only if HotSpot and
User Manager are running on the same router). And "subs=" means that first subscriber will be used (works fine
when there's only one subscriber on the router). Hostname and subscriber id can be replaced with desired values.
Sections
This par of a document describes sections available in user page. For navigation use the menu on the left side:
Status
Here the user can see account's status:
Summary;
Credits;
Sessions.
Sample screenshot:
This information is also formatted for printing. See print preview in the browser (Usually under File > Print preview
in the browser's toolbar). Credits and sessions are formed in tables. These tables can be "minimized" - the button on
the upper right corner of the table. A minimized table will not be printed (see print preview).
109

Summary
Here the user can see:
Prepaid time - duration of all the credits bought (See: time constants). Or the word unlimited (See prepaid and
unlimited users);
Total price - how much all the credits cost;
Uptime limit - the maximum allowed duration of user's sessions;
Uptime used - current duration of user's sessions;
Download used
Upload used
Credits
Table with all credits this user has bought. No data for unlimited users.
Sample screenshot:
If there are credits that are not started yet (see: credits), start-time and end-time fields contain values "awaiting
login".
110

Sessions
Table with all user's sessions.
Sample screenshot:
Payments
Here the user can view payment history and buy a new credit . This section is only available if the subscriber has
allowed any payments.
View payments
Table with all user payments.
Sample screenshot:
To see all details of specific payment, open payment detail form by clicking on ID in the table.
111

Payment detail form
Detail form with payment data:
Contains all payment fields.

Buy credit
A new credit can be bought here using payment methods which are allowed by the subscriber.
There are a number of restrictions for this sub-section to be accessible:
Secure connection (https [2]) must be used to access the site. Otherwise a notification with a link to secure page
will be shown;
At least one payment method must be allowed by the subscriber;
Subscriber must have configured all required payment attributes;
Sample screenshot:
Here user can see his/her current balance and choose a credit to buy. After click on the "Buy" button user will be
redirected to payment gateway where he/she will have to enter required data to process payment.
112

Important - payment data (such as credit card number and expiry date) is sent directly from user's computer to
payment gateway and is not captured by User Manager. User Manager processes only response about the payment
result from the payment gateway. This response does not contain any sensitive user's data.
When the payment is successful, the selected credit is added to user's account.
Settings
In this section user can configure his/her parameters:
Private information (informational, not used by User Manager):
First name;
Last name;
Phone;
Location.
Email - used to send emails to user. Must be unique.
If values provided in "New password" and "Retype new password" fields, the password will be changed.
Sample screenshot:
References
[1] http:/ / userman. mt. lv/ user?subs=demo
[2] http:/ / en. wikipedia. org/ wiki/ Https
113

Usually user accounts are created by customers. But users can also sign-up by filling in the sign-up form. This
feature is available since version 2.9.31.
Setup
User sign-up can be enabled per customer. I.e., some customers can allow it while others don't.
Sign-up is disabled by default. To enable it several requirements must be met:
Note: All the attributes mentioned above can be configured in customer section of the customer web-page;
Customer, who wants to allow sign-up, must have public ID. Since Only subscribers have permissions to edit
customers, this public ID must be assigned by the subscriber. In other words - subscriber must configure public
IDs for its customers.
Subscriber must have at least one credit with full price specified;
In the case when users access sign-up page from a local address which is not accessible from outside (global
Internet) subscriber must have public host address configured. This address is needed by PayPal, payment
response will be sent to this it;
The customer has to enable sign-up by checking the "Signup allowed" box in Signup options section;
The subscriber must have at least one payment method enabled and configured;
The customer should have email address specified. Email will be send to users who sign up (if the user specifies
his/her email address) using this as the from-address;
SMTP-server should be specified. It can be done via console, under tool email, command "set
server=xxx.xxx.xxx.xxx". This SMTP server will be used to send email reminding user's account data. Users can
however log on to the HotSpot after a successful payment without receiving this email;
Signup email subject and body can be personalized. There are defaults defined, but one can customize them.
However there are constant strings (will be replaced by actual values) that must be present within the message
body. See sign-up email body field definition.
Sign-up steps
User sign-up can divided in following steps:
Subscriber configures required parameters (described above);
User creates an account:
User opens sign-up page URL in the browser;
User fills in the sign-up form;
User chooses credit;
User chooses payment method;
An inactive account is created for the user;
User activates the account (executes payment):
User is redirected to Payment Gateway;

The payment is being processed;
Payment gateway sends response (was the payment successful or not) to User Manager router;
The account gets activated (if the payment was successful);
User can start using services. Status check and setting change can be done in the user web-page.
May seem a little confusing, but all these steps are simple and can be done in several minutes.
114
Creating account
User opens http:/ / routerIP/ user?signup=publicID, where routerIP must be replaced with the IP address of the User
Manager router and publicID must be replaced with subscribers public id.
Sign-up form will be shown:
Input fields:
email. Email address for user account. must be unique per subscriber. Account data will be sent to this address if
one specified;
login. Desired username. If user prefix is defined, it is shown at the left and cannot be changed. So the prefix is
already predefined (may be empty), the remaining part of username can be chosen. IT must be at least 3
characters long. Example: if the prefix is "cu" (shown on the left) and "test" is entered as the remaining part, the
username will be "cutest";
password. Self explanatory;
confirm password. Password once again to reduce possibility to mistype it;
time. The initial credit for the user account;
pay with. Payment method selector.
After the "sign up" button is pressed, authorization data is show to the user. He/She must remember this data as it
will be required to log in later:
If the "Cancel" button is pressed, user is returned to sign-up form.

If the "Pay with ..." button is pressed, an inactive account is being created and the user is redirected to payment
gateway.
115
116
Activating account
On a successful payment, the account is activated and the user is returned to User Manager/User page where he/she
can check the status of the account.
If the email address was specified in sign-up form, an email with authorization information is sent to it. The text is
customizable in customer web-page. By default it looks like this:
Your authorization data:
login: userLogin
password: userPassword
To check your status and buy extented time go to address
http://userman.mt.lv/user?subs=demo.
here:
userLogin is the username (login);
userPassword is the password.
http://userman.mt.lv/'' is the hostname of the User Manager router;
Login
After successful account activation user is able to start using services (Hotspot). Status and settings are available in
user web-page.

Supported payment methods
Authorize.Net
supported.
[1]
(since version 2.9.40 or 3.0beta5) and PayPal
[2]
(since version 2.9.41 or 3.0beta6) payments are
Authorize.Net
Authorize.Net requirements
To allow Authorize.Net payments for users the following requirements must be met:
User Manager v3.0 (or v2.9.x, >= 2.9.40) package installed on the router. See: Getting started;
User Manager subscriber created (See: Getting started);
Subscriber must have merchant account in Authorize.Net [3] gateway;
Web server on the router must be configured to support secure SSL connections (See HTTPS connection
enabling);
HotSpot router should contain entries in 'walled-garden to User Manager router and Authorize.net webpage,
/ ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept
where x.x.x.x is address of User-Manager server,
/ ip hotspot walled-garden add dst-host=:^secure\\.authorize\\.net dst-port=443 action=allow
These entry is used to allow access to Authorize.net
117
Authorize.Net setup
Authorize.Net merchant account configuration
Relay URL
Relay URL list must either be empty or contain URL to the User Manager router. For example, if you are using
userman.mt.lv as User Manager router, then Relay URL list must contain URL https:/ / userman. mt. lv/ (works with
and without trailing slash). Relay URL list can be configured in Authorize.Net [3] merchant gateway under Account
> Settings > Response/Receipt URLs
API Login ID
API Login ID is shown in Authorize.Net
Transaction Key.
[3]
merchant gateway under Account > Settings > API Login ID and
Transaction Key
Transaction Key can be obtained in Authorize.Net [3] merchant gateway under Account > Settings > API Login ID
and Transaction Key > Create New Transaction Key.
MD5-Hash value
MD5-Hash value can be set in Authorize.Net [3] merchant gateway under Account > Settings > MD5-Hash.
WARNING!: Standard MD5 hash values are 32 characters long, however, the Authorize.net MD5-Hash input fields
only allow 20 characters. Best chance of success if you paste your md5sum into the Authorize.net input field, then
copy it back out to paste into User Manager configuration. By re-copying from the Authorize.net input field, you are
selecting only the 20 characters that the field length allows.
Payment Form
Payment Form configuration can be found in Authorize.Net [3] merchant gateway under Account > Settings >
Payment Form. The look of this form is customizable here. While the only required fields for processing transaction
are credit card number and expiration date, another fields are allowed to be shown in the form. Form customization
is up to merchant.
Authorize.Net subscriber configuration
Subscriber attribute values can be edited using customer detail form in customer page.
Subscriber Authorize.Net attributes
Subscribers have a set of specific Authorize.Net attributes which must be configured properly to allow Authorize.Net
payments:
Only subscribers have Authorize.Net attributes, other customers don't;
Attribute values can be changed only in customer web page, not in console. There is only possibility to change
values, not to see them. As these attributes contain sensitive data, their values are encrypted on the router;
Customer web page must be opened using secure SSL connection (https) to change attribute values;
All the attributes can be found in Authorize.Net attribute group:
1. "Allow Payments" must be checked to allow this payment method;

2. Login ID, Transaction Key and MD5 Value must have same values as set in Authorize.Net merchant gateway.
3. Title is optional. It specifies the text shown to users as the name of this payment method. Default title is
"Authorize.Net", but it can be changed to something more used to users, for example "Credit Card". The value of
this field does not affect the payment process it is only user interface element.
4. Return URL (optional, added in version 3.24): address to which user is redirected when pressing "Return to User
Manager" button after successful payment. Can be used to redirect user to HotSpot login page;
5. Use Test Gateway (optional): when checked, payment information is sent to test gateway of Authorize.Net and
no real money is charged. This mode can be used to test Authorize.Net payments before User Manager
deployment.
Other subscriber requirements
Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount
for the payment;
Correct currency must be specified for subscriber. If USD is accepted by Authorize.Net merchant, currency
attribute can be left unchanged for subscriber:
If users access User Manager page through a local IP address, public host attribute must be specified. It must
contain a public address of User Manager router which is acceptable as Relay URL for Authorize.Net gateway
(See: Authorize.Net Merchant account configuration). Domain name or IP address can be used. Only the address
must be specified, not URL (for example, userman.mt.lv, not https://userman.mt.lv/and not https://userman.
mt.lv/userman):
118
Authorize.Net usage
User can buy credits in User Manager page. First he/she has to log on the page. See: User page.
Secure connection must be used for web page, so user has to use https://router_IP/user instead of http://
router_IP/user (https instead of http).
Payment section is available on main menu only if subscriber has allowed any payment method.
To buy credit user chooses "Buy credit" from "Payments" section:
If https connection is not used for web session, a message with error and link to https site will be opened:
In this form user chooses credit he/she wishes to buy;
Current balance is also shown:
119
User chooses Authorize.Net as payment method:
When the credit is chosen, "Buy" button must be pressed to start payment transaction:
120
User is redirected to Authorize.Net gateway payment form, which should look similar to following:
The actual look of this form can be configured in Authorize.Net merchant gateway
User fills in credit card number and expiry date. Other fields are optional:
121
User submits the form::
The data is transmitted directly to Authorize.Net gateway via secure connection. Neither credit card number nor
expiry date is submitted to User Manager router.
Authorize.Net gateway processes the data and sends response to specified User Manager router. This response
contains only data required to identify payment in User Manager and detect result status of transaction - was it
successful or not. It does not contain any information about the user - credit card number, expiry date or other
sensitive data.
User Manager processes the response and updates payment record status;
If the transaction was successful requested credit is added to user's account;
A message describing payment result is shown to user:
Click on the button redirects the user back to User Manager page:
User is returned to payment section displaying table with payment history:
122
123
PayPal
PayPal requirements
To allow PayPal payments for users the following requirements must be met:
User Manager v3.0 (>= 3.0beta6) or v2.9.x (>= 2.9.41) package installed on the router. See: Getting started;
User Manager subscriber created (See: Getting started);
Subscriber must have merchant PayPal [4] account;
Web server on the router must be configured to support secure SSL connections (See HTTPS connection
enabling);
HotSpot router should contain entries in 'walled-garden to User Manager router and Paypal webpage,
/ ip hotspot walled-garden ip add dst-address=x.x.x.x action=accept
where x.x.x.x is address of User-Manager server;
version v2.9
/ ip hotspot walled-garden add dst-host=:^www\\.paypal\\.com\$ dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=:^content\\.paypalobjects\\.com\$ dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow
/ ip hotspot walled-garden add dst-host=paypal.112.2O7.net action=allow
version v3
/ ip hotspot walled-garden add dst-host=":^www\\.paypal\\.com\$" dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=":^content\\.paypalobjects\\.com\$" dst-port=443 action=allow
/ ip hotspot walled-garden add dst-host=*.akamaiedge.net action=allow
/ ip hotspot walled-garden add dst-host=paypal.112.2O7.net
These four entries are required to allow reliable access to the Paypal system.
PayPal setup
PayPal merchant account configuration
Basically there is no specific PayPal account configuration that must be done. The only requirement is to have
PayPal account which is allowed to receive money.
Warning! User Manager accepts payment as successful only when it receives status "Completed" from PayPal
gateway. If the status is "Pending" and some manual operations must be done by merchant (or the merchant has not
verified the account) to accept payment, the credit will be transfered to User Manager user account only when the
payment will be accepted.
Note: Since version 2.9.45 and 3.0beta11 it is possible to also accept payments with "Pending" status, except for
those with pending reason "unilateral".

PayPal subscriber configuration
Subscriber attribute values can be edited using customer detail form in customer page.
Subscriber PayPal attributes
The only PayPal attribute subscribers have is business login. It is the login (usually an email address) merchants use
to log on their account. Only subscribers have this business login, other customers don't;
Since versions 2.9.45 and 3.0beta11 there are also options that refer to PayPal payment processing: "Secure
Response" and "Accept Pending".
Field "Return URL" added in version 3.11.
All the attributes can be found in PayPal attribute group:
1. "Allow Payments" must be checked to allow this payment method;

2. Login (email) must be the PayPal merchant account login.
3. Secure response. When checked, PayPal will send response via HTTPS. Otherwise response will be send via
HTTP;
4. Accept pending. When checked, User Manager will also add credit to user if the payment status is "Pending",
except for payments with pending reason "unilateral".
Other subscriber requirements
Subscriber must have at least one credit with price other than zero. Credit price will be used as transaction amount
for the payment;
Correct currency must be specified for subscriber. If USD is accepted by PayPal merchant, currency attribute can
be left unchanged for subscriber:
124

If users access User Manager page through a local IP address, public host attribute must be specified. It must
contain a public address of User Manager router which is acceptable as response URL for PayPal gateway
(PayPal will send payment result to this address). Domain name or IP address can be used. Only the address must
be specified, not complete URL (for example, userman.mt.lv, not https://userman.mt.lv/and not https://
userman.mt.lv/userman):
PayPal usage
User can buy credits in User Manager page. First he/she has to log on the page. See: User page.
Secure connection must be used for web page, so user has to use https://router_IP/user instead of http://
router_IP/user (https instead of http).
Payment section is available on main menu only if subscriber has allowed any payment method.
To buy credit user chooses "Buy credit" from "Payments" section:
If https connection is not used for web session, a message with error and link to https site will be opened:
In this form user chooses credit he/she wishes to buy;
125
Current balance is also shown:
User chooses PayPal as payment method:
126
When the credit is chosen, "Buy" button must be pressed to start payment transaction:
User is redirected to PayPal gateway payment form, which should look similar to following (PayPal web site can
change, these screen shots may differ from actual page):
127
User logs on to the account. Payment is now displayed with the Pay button:
When user presses Pay button, PayPal starts to process data. On successful payment result page is displayed:
This page contains button "Return to merchant" pressing which returns user to User Manager payment history
page:
128
User Manager receives data from PayPal indicating Payment status.

On a successful payment the appropriate credit is added to user.
PayPal chargeback
When a payment changes status from "Approved" to "Aborted" (For example, "Reversed") User Manager tries to
remove credit bought for this money. This is however possible only if the two following requirements are met:
The credit is not started yet;
The credit is last for current user, i.e., no other credit is bought after this one.
PayPal payment process description

The payment data is transmitted directly to PayPal gateway. All operation with money and accounts is processed
by PayPal. User Manager knows nothing about it.
PayPal gateway processes the data and after that sends response to specified User Manager router. It may take
time, usually not more than one minute. That means that payment may have status "Started" for a few seconds,
the status is updated only when PayPal sends response to User Manager;
If the option "Secure response" is enabled, secure connection (https) is established between PayPal and User
Manager;
When experiencing problems with HTTPS response from PayPal, "Secure response" may be disabled. Then no
certificate will be needed on User Manager router to receive PayPal response;
Again - PayPal response contains only data required to identify payment in User Manager and detect result status
of transaction - was it successful or not. It does not contain any information about the user - credit card number,
expiry date or other sensitive data;
User Manager sends request to PayPal to verify that this payment response comes from PayPal and not from a
hacker. Because of this verification it is not necessary to receive response from PayPal via https - if a
Man-In-The-Middle [5] catches data and sends wrong response to User Manager, the verification fails;
Response verification requires SSL certificate of root certification authority [6] who has signed PayPal certificate.
This root CA certificate is imported automatically and can bee seen in certificate section on the router (console or
Winbox);
User Manager processes the response and updates payment record status;
If the transaction was successful requested credit is added to user's account;
The payment processing is shown in the following picture:
129
Related activities
HTTPS connection enabling
Creating certificate
Trusted SSL Certificate can be bought from trusted authorities, for example, VeriSign [7]. An unsigned certificate
can be generated by hand, using OpenSSL on a Linux box. To do it issue following commands in the shell:
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Two important things:
1. Enter the same pass phrase always when asked for "Enter pass phrase for server.key" (Should be 4 times);
2. Enter your server's domain name, when asked for "Common Name (eg, YOUR name) []". This is important,
because otherwise some browsers may refuse your certificate. For example, if the User Manager server's address
is http://userman.mt.lv/userman, then "userman.mt.lv" must be specified as Common Name for the certificate.
After doing this three files will be created:
1. server.crt - Certificate, must be uploaded to router;
2. server.key - Private key, must be uploaded to router;
3. server.csr - Signature request, can/should be deleted;
Upload server.crt and server.key to the router and import them, using the same pass phrase again when asked.
server.crt must be imported before server.key.
130
131
Importing certificate
Certificate file can be then uploaded to the router and imported with command
/certificate import file-name=...
The command should return
certificates-imported:
private-keys-imported:
files-imported:
decryption-failures:
keys-with-no-certificate:
1
1
1
0
0
If it doesn't, could happen that the file contains private key and certificate sections in incorrect order. In this situation
the output should be
files-imported:
1
0
1
0
1
Just repeat the same command

/certificate import file-name=...
once again and the output should be this time
files-imported:
0
1
1
0
0
Now certificate is imported correctly and ready for use;

Enabling WWW SSL
SSL connections for WWW server can be enabled with command
/ip service set www-ssl disabled=no certificate=cert1
where cert1 must be replaced by a correct certificate name (from /certificate section)
Troubleshooting
1. Authorize.net requires that time time on the server be within 15 minutes of UTC or you will get a failed
transaction, use NTP client.
2. Your user manager must be accessible from the internet on port 443, make sure you have DNS setup properly or
use the IP address for all of your references. Don't forget to open your firewall for port 443 and use NAT to get to
your user manager if behind a firewall.
3. You must put the URL of your UserManager instance in your Authorize.net control panel. For example: Response
Reason Code: 14
Response Reason Text: The Referrer or Relay Response URL is invalid.

Notes: Applicable only to SIM and WebLink APIs. The Relay Response or Referrer URL does not match the
merchant?s configured value(s) or is absent.
To
1:
2:
3:
4:
5:
6:
add a
Login
Click
Click
Click
Enter
Click
valid Response/Receipt URL, please follow these steps:

to your Merchant Interface at https://account.authorize.net.
Settings in the main left side menu.
Response/Receipt URLs.
Add URL.
your Response URL.
Submit.
4. When inputting the above URL, use only the base URL, not /userman or it won't work.
References
[1]
[2]
[3]
[4]
[5]
http:/ / authorize. net/

https:/ / www. paypal. com/
https:/ / authorize. net
https:/ / www. paypal. com
http:/ / en. wikipedia. org/ wiki/ Man_in_the_middle
[6] http:/ / en. wikipedia. org/ wiki/ Certification_authority

[7] http:/ / www. verisign. com
User Manager/Backup
Use the MikroTik Winbox Terminal or connect over Telnet/Serial Console etc. and enter:
To backup...
/tool user-manager database save
To restore... /tool user-manager database load
132

RouterBOARD hardware Source: http://wiki.mikrotik.com/index.php?oldid=24013 Contributors: Alex rhys-hurn, Brianlewis, Cdiggity, Jp, Lastguru, MarkSorensen, Netrat, Normis
Manual:Grounding Source: http://wiki.mikrotik.com/index.php?oldid=25535 Contributors: Becs, Marisb, Normis
RouterBOOT changelog Source: http://wiki.mikrotik.com/index.php?oldid=24728 Contributors: Normis, Uldis
RouterBOARD Troubleshooting Source: http://wiki.mikrotik.com/index.php?oldid=20907 Contributors: Chupaka, Dragijasikova, Macarev, Maximan, Normis
Manual:Bootloader upgrade Source: http://wiki.mikrotik.com/index.php?oldid=23708 Contributors: Cmit, Eep, Girts, Janisk, Marisb, Normis, SergejsB, XlnEax
Manual:Netinstall Source: http://wiki.mikrotik.com/index.php?oldid=25852 Contributors: Becs, Janisk, Marisb, MarkSorensen, Normis, SergejsB
Manual:System/Serial Console Source: http://wiki.mikrotik.com/index.php?oldid=20488 Contributors: Marisb, MarkSorensen, Normis
Password reset Source: http://wiki.mikrotik.com/index.php?oldid=16409 Contributors: Fbsd, Golden, Janisk, Marisb, Normis, Sizwan
Manual:Switch Chip Features Source: http://wiki.mikrotik.com/index.php?oldid=25724 Contributors: Becs, Janisk, Kirshteins, Marisb, Megis, Normis
Manual:USB Features Source: http://wiki.mikrotik.com/index.php?oldid=25829 Contributors: Becs, Janisk, Marisb, Normis
Manual:Default Configurations Source: http://wiki.mikrotik.com/index.php?oldid=25205 Contributors: Marisb, Normis
RouterBOARD 500 Source: http://wiki.mikrotik.com/index.php?oldid=2657 Contributors: Erwin, Eugene, Normis, Rock on all you f little dudes
RouterBOARD Feature Request Source: http://wiki.mikrotik.com/index.php?oldid=24795 Contributors: A, A2i, Ahthrift, Airnet, Ajm, Albarnaz, Altecom, Amarburg, AnRkey, Anontrol,
Apap100, Areskaro, Axtell, Backsubzero, Bauer, Bbm, Beans, Beko, Bintang, Bluefox8080, Brauser, Calman, Camozzato, Carl, Cata02, Certtik, Chasedat, Chironex, Cholegm, Ciccio, Ckgth,
Cotswold, Ctech4285, DL9SAU, Dada, Daffster, Dalikin, Daniel.szilagyi, DannyPZ, Deggler, Dezsi, Digicomtech, Dingsingo, Discus, Dman1q, Docteh, Dog, Doteasy, Dsobin, Dzove, Eising,
Ejansson, Ekka, Elnagar ali, Elvis1, Enginejibola, Enk, Equis, Eraser, Etocalini, Fnkysknky, Fuzzz, GLR, Gandalf, Geneb, Geneb846, Ghaseri, Giepie, Gkoufoud, Glendale2x, Gpaterno,
Graimondi, Grin, GuJack20, Hawkeyebj, Heathrwil, Hecthork, Hellbound, Hevilath, Highonsnow, Hjoelr, Ibersystems, Ilium007, Inco, Ipinfotelecom, Isi, JShadow, Jacsa, Jandafields, Jase,
Jcuena, Jetsystems, Jgau4879, Jianingy, Jimmy, Jmedinas, Jochristian, Jolival, Jonot, Jorgeamaral, Josemarti, Jp, Jupi2, Jwilson995, Kirshteins, Kolega, Korsakoff, Kvjajoo, Labenza, Lamgata,
Laurinkus, Legikaloz, Leosmendes, Loopback, Lorzelek, Madengineer, Madmouse, Mag, Malpi, Maphost, Mapunda, MarkSorensen, Markom, Mateng, Matt way, Matthew, Maxrate, Mazpiroz,
McAron, Mhugo, Michaelp, Michell, Mike.jenkins, Mike95826, Mmorier, Moly, Motolaoshin, Mr.BS, Mstead, Msundman, Muadib, Muso, Najzlijiji, Nasaneunet, Nbright, Ncmalan, Nest,
Netonline, NetworkPro, Ngds, Ni3ls, Nickblame, NicolasF, Nicopretorius, Normis, Nuclearcat, Nz monkey, Omega-00, Ondrejhome, OpiumDream, P.L., Patt, Paulskit, Pelish, Pilillo, Pingus,
Pluteus, Priidik, Procad, QpoX, RFischer, Raf, Ragomez, Ralloway, Rdo911, Remorse, Rgjacob, Richard s, Richi, Rige, Rjickity, Robertoiee, Rpengineering, Rplecko, Rus123, Russian, Ryan,
SSD, Sdb0311, Sdrenner, Seanos, Shados, Si, Smakodak, Smarag, [email protected], Ss4, Stephenpatrick, Stephouse, Sterb, Steveee, Stormshaker, Strike, Subxtech, Swissiws, Sygoras,
Ta2mzl, Techsimp, Theredia, Tom, TomjNorthIdaho, Tplecko, Ukasz, Ummelmann, Viceft, Vmiro, Walkeer, Wildbill442, Willempretorius, Winet, Wireless user, WirelessRudy, Wlevels,
Wpeople, XPucTu4, Xezen, Yarda, Yoniel, Zicol, Zsirmo
Mini-PCI (In)Compatibility Source: http://wiki.mikrotik.com/index.php?oldid=9317 Contributors: Cdiggity
Solar Power HOWTO Source: http://wiki.mikrotik.com/index.php?oldid=23622 Contributors: Aizukanne, Alex rhys-hurn, Marc Dilasser, Maychill101, Nest, Normis
Manual:User Manager Source: http://wiki.mikrotik.com/index.php?oldid=19155 Contributors: Akangage, Bhhenry, Binhtanngo2003, Cmit, Comnetisp, Eep, Girts, Hellbound, Janisk,
Levipatick, Marisb, Nest, Normis, Polokus, Rtkrh10, SergejsB, Uldis
User Manager/Introduction Source: http://wiki.mikrotik.com/index.php?oldid=25758 Contributors: Asaleh75, EotThj, Girts, Jandrade28, Janisk, Nest, Ni3ls, Normis, SergejsB, WcjZrv
User Manager/Getting started Source: http://wiki.mikrotik.com/index.php?oldid=24810 Contributors: Ctech4285, Fewi, Girts, HarvSki, Janisk, MwdNx0, Nest, Normis, Vitell, Xhimimavraj,
Xm0Vlj
User Manager/Hotspot Example Source: http://wiki.mikrotik.com/index.php?oldid=24809 Contributors: Girts, Mital das, Nest, Normis, SergejsB, Vitell
User Manager/PPP Example Source: http://wiki.mikrotik.com/index.php?oldid=15590 Contributors: Bney, Cmit, Girts, SergejsB
User Manager/DHCP Example Source: http://wiki.mikrotik.com/index.php?oldid=15592 Contributors: Girts, SergejsB
User Manager/Wireless Example Source: http://wiki.mikrotik.com/index.php?oldid=15595 Contributors: Girts, MarkSorensen, SergejsB
User Manager/RouterOS user Example Source: http://wiki.mikrotik.com/index.php?oldid=15596 Contributors: Girts, SergejsB
User Manager/Customers Source: http://wiki.mikrotik.com/index.php?oldid=21565 Contributors: DanielBlake, Girts, LukeKennedy, Marisb, MatildaBolton, Mw0Jme, Normis
User Manager/Users Source: http://wiki.mikrotik.com/index.php?oldid=10912 Contributors: Girts, Vitell
User Manager/Routers Source: http://wiki.mikrotik.com/index.php?oldid=3511 Contributors: Girts, SergejsB
User Manager/Sessions Source: http://wiki.mikrotik.com/index.php?oldid=3875 Contributors: Girts
User Manager/Payments Source: http://wiki.mikrotik.com/index.php?oldid=3857 Contributors: Girts
User Manager/Reports Source: http://wiki.mikrotik.com/index.php?oldid=15630 Contributors: Girts
User Manager/Logs Source: http://wiki.mikrotik.com/index.php?oldid=12383 Contributors: Girts
User Manager/Permissions Source: http://wiki.mikrotik.com/index.php?oldid=3837 Contributors: Girts
User Manager/Character constants Source: http://wiki.mikrotik.com/index.php?oldid=24815 Contributors: Girts, Linkwave, Nest, SergejsB
User Manager/Active sessions Source: http://wiki.mikrotik.com/index.php?oldid=17499 Contributors: Girts, Nest
User Manager/Active users Source: http://wiki.mikrotik.com/index.php?oldid=3247 Contributors: Girts
User Manager/Public ID Source: http://wiki.mikrotik.com/index.php?oldid=5237 Contributors: Girts, Normis, NzvKqo, Vw3Bfw, Yo8Zyo
User Manager/Profiles Source: http://wiki.mikrotik.com/index.php?oldid=24864 Contributors: Nest
User Manager/MAC binding Source: http://wiki.mikrotik.com/index.php?oldid=24812 Contributors: Girts, Myrrhman, Nest
User Manager/Languages Source: http://wiki.mikrotik.com/index.php?oldid=25303 Contributors: Anjunior, Girts, Josemari, Medianet, Normis, SergejsB, Unsigned
User Manager/Subscribers Source: http://wiki.mikrotik.com/index.php?oldid=15623 Contributors: CqjAdi, Girts, Normis, Radiosn00p
User Manager/Credits Source: http://wiki.mikrotik.com/index.php?oldid=15624 Contributors: Girts
User Manager/User prefix Source: http://wiki.mikrotik.com/index.php?oldid=15625 Contributors: AfpD2v, Bc3Xuh, DzeS3b, Girts, Normis, PnyDk9, Radiosn00p
133

User Manager/Limiting Source: http://wiki.mikrotik.com/index.php?oldid=15626 Contributors: DpyX9c, Fajirnet, Girts, Normis
User Manager/Prepaid and unlimited users Source: http://wiki.mikrotik.com/index.php?oldid=5239 Contributors: CdaYxz, Girts, Normis
User Manager/Voucher template Source: http://wiki.mikrotik.com/index.php?oldid=7103 Contributors: Atis, Csickles, Girts, Normis, Pl3Tk8
User Manager/Search patterns Source: http://wiki.mikrotik.com/index.php?oldid=15556 Contributors: Girts
User Manager/Tables Source: http://wiki.mikrotik.com/index.php?oldid=5254 Contributors: Girts, Lv0Egm, Normis
User Manager/Detail forms Source: http://wiki.mikrotik.com/index.php?oldid=3881 Contributors: Girts
User Manager/Printing Source: http://wiki.mikrotik.com/index.php?oldid=15631 Contributors: Girts
User Manager/Customer page Source: http://wiki.mikrotik.com/index.php?oldid=12984 Contributors: Girts, Infoservi, Normis, WpyOj4, Xhimimavraj
User Manager/User page Source: http://wiki.mikrotik.com/index.php?oldid=23325 Contributors: Addam, Ahmed allam, Brianpalmer2010, Girts, Henryford, Ipph, Jasonbourne, Jasonwebb,
Jasonwhite, Liudngquan, Mala, Marisb, MollyRodriguez, Prence iraq, Randybosh, SergejsB
User Manager/User sign up Source: http://wiki.mikrotik.com/index.php?oldid=4567 Contributors: Girts, SergejsB
User Manager/User payments Source: http://wiki.mikrotik.com/index.php?oldid=14296 Contributors: Girts, Nest, Normis, Sdischer, SergejsB, Stutteringp0et, WruAqo
User Manager/Backup Source: http://wiki.mikrotik.com/index.php?oldid=6217 Contributors: Atheros, Girts
134

File:WiringT568B.png Source: http://wiki.mikrotik.com/index.php?title=File:WiringT568B.png License: unknown Contributors: Normis
Image:Screw.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Screw.jpg License: unknown Contributors: Normis
File:DSC1557.jpg Source: http://wiki.mikrotik.com/index.php?title=File:DSC1557.jpg License: unknown Contributors: Normis
File:Poe shielded.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Poe_shielded.jpg License: unknown Contributors: Normis
File:Option-1.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Option-1.jpg License: unknown Contributors: Normis
File:Option-2.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Option-2.jpg License: unknown Contributors: Normis
Image:Version.png Source: http://wiki.mikrotik.com/index.php?title=File:Version.png License: unknown Contributors: Normis
File:2009-01-27 1224.jpg Source: http://wiki.mikrotik.com/index.php?title=File:2009-01-27_1224.jpg License: unknown Contributors: Normis
Image:NetinstallStart.png Source: http://wiki.mikrotik.com/index.php?title=File:NetinstallStart.png License: unknown Contributors: SergejsB
Image:Nconfig.PNG Source: http://wiki.mikrotik.com/index.php?title=File:Nconfig.PNG License: unknown Contributors: SergejsB
Image:NConfig3.png Source: http://wiki.mikrotik.com/index.php?title=File:NConfig3.png License: unknown Contributors: SergejsB
Image:NetinstallC4.png Source: http://wiki.mikrotik.com/index.php?title=File:NetinstallC4.png License: unknown Contributors: SergejsB
Image:PasswordReset.png Source: http://wiki.mikrotik.com/index.php?title=File:PasswordReset.png License: unknown Contributors: SergejsB
Image:Icon-note.png Source: http://wiki.mikrotik.com/index.php?title=File:Icon-note.png License: unknown Contributors: Marisb, Route
File:262 hi res.png Source: http://wiki.mikrotik.com/index.php?title=File:262_hi_res.png License: unknown Contributors: Normis
Image:Resethole.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Resethole.jpg License: unknown Contributors: Normis
File:Passw.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Passw.jpg License: unknown Contributors: Normis
Image:CRW 5184.jpg Source: http://wiki.mikrotik.com/index.php?title=File:CRW_5184.jpg License: unknown Contributors: Normis
Image:switch1.png Source: http://wiki.mikrotik.com/index.php?title=File:Switch1.png License: unknown Contributors: Kirshteins
File:ar8316_trunk.png Source: http://wiki.mikrotik.com/index.php?title=File:Ar8316_trunk.png License: unknown Contributors: Kirshteins
Image:Icon-warn.png Source: http://wiki.mikrotik.com/index.php?title=File:Icon-warn.png License: unknown Contributors: Marisb, Route
Image:Base Station Solar Power.png Source: http://wiki.mikrotik.com/index.php?title=File:Base_Station_Solar_Power.png License: unknown Contributors: Alex rhys-hurn
Image:Connection-seq.png Source: http://wiki.mikrotik.com/index.php?title=File:Connection-seq.png License: unknown Contributors: Alex rhys-hurn
Image:Solar-Power-Test-Rig.png Source: http://wiki.mikrotik.com/index.php?title=File:Solar-Power-Test-Rig.png License: unknown Contributors: Alex rhys-hurn
Image:Housing.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Housing.jpg License: unknown Contributors: Alex rhys-hurn
Image:Vent.png Source: http://wiki.mikrotik.com/index.php?title=File:Vent.png License: unknown Contributors: Alex rhys-hurn
Image:Backplate.png Source: http://wiki.mikrotik.com/index.php?title=File:Backplate.png License: unknown Contributors: Alex rhys-hurn
Image:Backplate1.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Backplate1.jpg License: unknown Contributors: Alex rhys-hurn
Image:Finished-System.jpg Source: http://wiki.mikrotik.com/index.php?title=File:Finished-System.jpg License: unknown Contributors: Alex rhys-hurn
Image:uptime.png Source: http://wiki.mikrotik.com/index.php?title=File:Uptime.png License: unknown Contributors: Alex rhys-hurn
Image: UserManLogDetails.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogDetails.png License: unknown Contributors: Girts
Image:UserMan4MACBind.png Source: http://wiki.mikrotik.com/index.php?title=File:UserMan4MACBind.png License: unknown Contributors: Girts
Image:UserManSorting.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSorting.png License: unknown Contributors: Girts
Image:UserManSearch.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearch.png License: unknown Contributors: Girts
Image:UserManPerPage.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPerPage.png License: unknown Contributors: Girts
Image:UserManPageSel.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPageSel.png License: unknown Contributors: Girts
Image:UserManTotal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTotal.png License: unknown Contributors: Girts
Image:UserManCheckboxes.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCheckboxes.png License: unknown Contributors: Girts
Image:UserManSelectAll.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelectAll.png License: unknown Contributors: Girts
Image:UserManSelCount.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSelCount.png License: unknown Contributors: Girts
Image:UserManOptions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManOptions.png License: unknown Contributors: Girts
Image:UserManTableMinimize.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMinimize.png License: unknown Contributors: Girts
Image:UserManTableLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableLinks.png License: unknown Contributors: Girts
Image:UserManTableMultiLinks.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManTableMultiLinks.png License: unknown Contributors: Girts
Image: UserManDetailForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManDetailForm.png License: unknown Contributors: Girts
Image: UserManSessionDetail.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSessionDetail.png License: unknown Contributors: Girts
Image:UserManCustMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustMenu.png License: unknown Contributors: Binhtanngo2003, Girts
Image:UserManSearchUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSearchUsers.png License: unknown Contributors: Girts
Image: UserManActiveUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveUsers.png License: unknown Contributors: Girts
Image: UserManActiveSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManActiveSessions.png License: unknown Contributors: Girts
Image: UserManBatchAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBatchAdd.png License: unknown Contributors: Girts
Image: UserManRouters.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouters.png License: unknown Contributors: Girts
Image: UserManRouterAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManRouterAdd.png License: unknown Contributors: Girts
Image: UserManCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCredits.png License: unknown Contributors: Girts
Image: UserManCreditAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCreditAdd.png License: unknown Contributors: Girts
Image: UserManUsers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUsers.png License: unknown Contributors: Girts
Image: UserManEditUser.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditUser.png License: unknown Contributors: Girts
Image: UserManUserPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPrivInfo.png License: unknown Contributors: Girts
Image: UserManUserCredDet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredDet.png License: unknown Contributors: Girts
Image: UserManUserExtend.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserExtend.png License: unknown Contributors: Girts
Image: UserManUserAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserAdd.png License: unknown Contributors: Girts
Image: UserManSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSessions.png License: unknown Contributors: Girts
Image: UserManEditSession.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditSession.png License: unknown Contributors: Girts
135

Image: UserManCustomers.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomers.png License: unknown Contributors: Girts
Image: UserManEditCustomer.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManEditCustomer.png License: unknown Contributors: Girts
Image: UserManCustPrivInfo.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPrivInfo.png License: unknown Contributors: Girts
Image: UserManCustSubsFields.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSubsFields.png License: unknown Contributors: Girts
Image: UserManCustUseHttps.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustUseHttps.png License: unknown Contributors: Girts
Image: UserManCustSensitiveFieldTitles.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustSensitiveFieldTitles.png License: unknown Contributors: Girts
Image: UserManCustomerAdd.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustomerAdd.png License: unknown Contributors: Girts
Image: UserManReport.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManReport.png License: unknown Contributors: Girts
Image: UserManLogs.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManLogs.png License: unknown Contributors: Girts
Image:UserManUserMenu.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserMenu.png License: unknown Contributors: Girts
Image:UserManUserStatus.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserStatus.png License: unknown Contributors: Girts
Image:UserManUserCredits.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserCredits.png License: unknown Contributors: Girts
Image:UserManUserSessions.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSessions.png License: unknown Contributors: Girts
Image:UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: Girts
Image:UserManPaymentDetail.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentDetail.png License: unknown Contributors: Girts
Image:UserManBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManBuyCredit.png License: unknown Contributors: Girts
Image:UserManUserSettings.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserSettings.png License: unknown Contributors: Girts
Image:UserManSignupForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupForm.png License: unknown Contributors: Girts
Image: UserManSignupConfirm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManSignupConfirm.png License: unknown Contributors: Girts
Image: UserManCustAuthNet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustAuthNet.png License: unknown Contributors: Girts
Image: UserManCustCurrency.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustCurrency.png License: unknown Contributors: Girts
Image: UserManCustPublicHost.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPublicHost.png License: unknown Contributors: Girts
Image: UserManUserBuyCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCredit.png License: unknown Contributors: Girts
Image: UserManHttpsWarning.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManHttpsWarning.png License: unknown Contributors: Girts
Image: UserManUserBuyCreditCredit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditCredit.png License: unknown Contributors: Girts
Image: UserManUserBuyCreditBalance.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditBalance.png License: unknown Contributors: Girts
Image: UserManUserBuyCreditMethodAuthnet.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodAuthnet.png License: unknown Contributors:
Girts
Image: UserManUserBuyCreditButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButton.png License: unknown Contributors: Girts
Image: UserManAuthNetPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetPaymentForm.png License: unknown Contributors: Girts
Image: UserManAuthNetFormFilled.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormFilled.png License: unknown Contributors: Girts
Image: UserManAuthNetFormSubmit.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManAuthNetFormSubmit.png License: unknown Contributors: Girts
Image: UserManPaymentSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentSuccess.png License: unknown Contributors: Girts
Image: UserManPaymentReturnButton.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPaymentReturnButton.png License: unknown Contributors: Girts
Image: UserManUserPayments.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserPayments.png License: unknown Contributors: Girts
Image: UserManCustPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManCustPayPal.png License: unknown Contributors: Girts
Image: UserManUserBuyCreditMethodPayPal.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditMethodPayPal.png License: unknown Contributors: Girts
Image: UserManUserBuyCreditButtonPP.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManUserBuyCreditButtonPP.png License: unknown Contributors: Girts
Image: UserManPayPalPaymentForm.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentForm.png License: unknown Contributors: Girts
Image: UserManPayPalFormLogged.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalFormLogged.png License: unknown Contributors: Girts
Image: UserManPayPalSuccess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalSuccess.png License: unknown Contributors: Girts
Image: UserManPayPalPaymentProcess.png Source: http://wiki.mikrotik.com/index.php?title=File:UserManPayPalPaymentProcess.png License: unknown Contributors: Girts
136

Mikrotik Part6

Uploaded by

Copyright:

Available Formats

Mikrotik Part6

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mikrotik Part6

Uploaded by

Copyright:

Available Formats

Mikrotik -Part6

Manual:Switch Chip Features

RouterBOARD Feature Request

Solar Power HOWTO

User Manager/Getting started

User Manager/Hotspot Example

User Manager/PPP Example

User Manager/DHCP Example

User Manager/Wireless Example

User Manager/RouterOS user Example

User Manager/Character constants

User Manager/Active sessions

User Manager/Active users

User Manager/MAC binding

User Manager/User prefix

User Manager/Prepaid and unlimited users

User Manager/Voucher template

User Manager/Search patterns

User Manager/Detail forms

User Manager/Customer page

User Manager/User page

User Manager/User sign up

User Manager/User payments

Image Sources, Licenses and Contributors

Grounding and ESD protection

ESD Protection on RouterBOARD devices

Grounding RouterBOARD installations

PoE with shielded connectors

Illustrations of the above methods

Method #2 (only shielded cable):

) ar9344: fix etherboot with ar8327 switch chip;

What's new in 2.40.5 (ar9330 2.41 release):

) added RB816 support on RB600;

What's new in 2.25:

new feature - Flashfig;

What's new in 2.24:

fixed bios entering on <delete> key for hyperterminal;

Can't connect over IP or MAC

Boots, but stops loading after BIOS info

Starts, but an ERROR interrupts loading of RouterOS

No information on the console output

Wireless card problems

c - bios license information

2. Reboot the RouterBoard.

[ Top | Back to Content ]

Serial Console Configuration

Router Side (DB9f) Signal

Direction Side (DB9f)

Direction Side (DB9f)

CD, DTR, DSR LOOP

Which port should the serial terminal listen to

free (yes | no)

Console is ready for use.

used (yes | no)

number of virtual console - [Alt]+[F1] represents '1', [Alt]+[F2] - '2', etc..

wedged (yes | no) Console is currently not available

Using Serial Terminal

port (string; Default: ) Port name to use