Firmware
It is highly recommended to update the firmware on the device. This is mainly for security reasons. You can do this right in the web UI by navigating to WebFig > System > Auto Upgrade.
Initial setup
Below is a diagram outlining the final desired and recommended setup with the MikroTik device. Please note that the final setup may look different depending on what equipment is currently in place and how many devices will be used on the network.
WiFi
Important: out of the box, the device has no WiFi password set. This should be set immediately after logging into the web UI of the device. his can be set on the Quick Set page under WiFi password. Simply select the arrow drop-down, set the password you would like, and then click on Apply Configuration. Additional documentation on the device's WiFi can be found here: https://wiki.mikrotik.com/wiki/Manual:Initial_Configuration#Setting_up_Wireless
Setting up the device
-
Out of the box DHCP is enabled and the device runs off a 192.168.88.0/24 subnet.
-
Port 1 (ether1) is used as the WAN port, while the rest of the ports can be used as LAN/switch ports.
-
Web UI is accessible at 192.168.88.1. Upon initially logging into the web UI of the device, you will not be prompted for a password. Be sure to set a new password. Click on password in the bottom right-hand corner.
- If there is an ISP-provided modem/gateway in the network and it was put to Bridge mode after the router is connected, navigate to Quick set (top right-hand corner), make sure Automatic is selected in the Internet block and hit Renew to obtain new IP-address from the ISP.
-
SIP ALG can be disabled by navigating to WebFig (top right-hand corner) > IP (left-hand side) > Firewall > Service ports > click on the D icon next to SIP to disable it.
-
By default, the router will use dynamically assigned DNS servers (DNS servers handed by the ISP), and we want to disable this. The easiest way to do it is at the command line in the terminal. In the top right-hand corner of the web UI select Terminal and then issue the commands below.
- /ip dhcp-client set use-peer-dns=no 0
- /ip dns set servers=8.8.8.8,8.8.4.4
- /ip dhcp-server network set dns-server=8.8.8.8,8.8.4.4 0
- Navigate back to Terminal and issue the following command: /ip firewall connection tracking set udp-timeout=300s
Implementing QoS
It's a good idea to implement QoS on the router, especially if bandwidth is limited. We want to ensure VoIP traffic has the highest priority. This can be accomplished by first marking traffic appropriately, and then setting up queues. There will be a queue for the VoIP traffic which will be given highest priority, and a queue for general traffic which will be given lower priority. To mark the traffic we will create mangle rules in the firewall. Mangle is a firewall feature that is used to mark packets.
-
Navigate to WebFig > IP > Firewall > Mangle. Click on Add New to create a new rule. For the first rule, put in the following:
- Chain: prerouting
- Src. Address: 192.151.131.40
- Action: mark packet
- New Packet Mark: VoIP
- Ensure passthrough option is checked
- Comment: From VoIP Addr
- Apply > OK
-
For the second mangle rule put in the following:
- Chain: prerouting
- Dst. Address: 192.151.131.40
- Action: mark packet
- New Packet Mark: VoIP
- Ensure passthrough option is checked
- Comment: To VoIP Addr
- Apply > OK
-
Lastly, we just need to setup the queues; however, before doing so you will need to know the Internet speed/bandwidth of your connection. You can obtain this here.
You will take this into consideration, along with how many VoIP devices (computers and desk phones) are in place. Being a bit on the conservative side, each VoIP call can consume roughly 100Kbps of bandwidth. Take the number of the devices you have and multiply it by 100. For example, if you have 10 devices (phones and computers) that will be used for VoIP, take 10 x 100Kbps. This is then equal to 1000Kbps or 1Mbps. An even more conservative approach to take would be to double this value. So the max limit in our queue could be set to 2Mbps. -
Click on the Queues tab on the left-hand side, and then add new. For the first queue, input the following parameters:
- Name: VoIP traffic
- Target: 192.168.88.0/24
- Target upload max limit: <Value you calculated goes here>
- Target download max limit: <Value you calculated goes here>
- Packet marks: VoIP
- Priority: 1 (on download and upload)
- Leave everything else on the defaults. Apply > OK
-
We have created the queue for the VoIP traffic, now we just need to create a queue for the rest of the traffic on the network. Click on the Queues tab on the left-hand side, and then add new. For this queue, input the following parameters:
- Name: All Other Traffic
- Target: 192.168.88.0/24
- Target upload max limit: <Take total bandwidth and subtract max limit set in VoIP queue>
- Target download max limit: <Take total bandwidth and subtract max limit set in VoIP queue>
- Packet marks: no-mark
- Priority: 8 (on download and upload)
- Leave everything else on the defaults. Apply > OK
Setting max limits in the queues
When setting the max limits in each of the queues, this is usually done via a drop-down option or you may be able to just manually type in the value you want after double-clicking in the drop-down text box; however, if for some reason the drop-down option that you need isn't available and you aren't able to manually type it in, this custom value can be set at the command line by following the instructions below.
-
In the top right-hand corner of the web UI select Terminal and then issue the commands below:
-
queue
-
simple
-
print
-
-
In the screenshot below we can see that our VoIP queue has a flag of zero, and the other traffic queue has a flag of 1.
-
As an example, if we wanted to set the VoIP queue upload max limit at 7M and the download max limit at 10M, we would issue the following commands:
-
set max-limit=7M/10M 0
-
-
Notice that the upload max limit comes before the download, and they are separated by a slash (/). The zero in this case is the flag associated with the VoIP queue.
-
We can then do the same for the other traffic queue.
-
set max-limit=22M/100M 1
-