Configuring MikroTik RB912UAG-2HPnD (BaseBox 2) + Ubiquiti Sector

Recently tuned MikroTik RB912UAG-2HPnD (BaseBox 2).
The sticker says that without the antenna connected it can not be turned on :), it will be used with Ubiquiti Sector AM-2G15, I connected this sector to two contacts.

The standard IP device is, the login admin is without a password, DHCP is disabled as standard, so you need to manually register IP on the computer, for example with a subnet mask of

First of all we will change the password in “System” – “Users”.

Set up Wi-Fi settings in “Wireless” – “Interfaces”:
Wireless Protocol: 802.11 so that you can connect to any device

In “Wireless” – “Security Profiles”, configure:
SSID (the name of the wireless network)
Mode: dynamic keys
type of encryption WPA2 PSK AES
WPA2 Pre-Shared Key (wireless password)

Now change the device IP address, in IP – Addresses, the network where it will stand. For example, instead of on, after that on the computer, we will manually change the IP registered on the IP from this network, for example so that you can continue to configure.
“IP” – “Routes” add a gateway, for example Dst. Address:, Gateway:

On this basic setup is completed, the device will work as an access point to the bridge, that is, it will not be issued by the IP, but by the device before it or by billing.

Restoring MikroTik (RouterOS) using NetInstall

NetInstall is used to reinstall RouterOS when it is damaged, the access password is incorrectly set or the access password is not known.

I will describe the basic steps:

1) Download NetInstall from the official site

2) Register a static IP address to the computer, for example

3) Connect the Ethernet cable to the router through the ETH1 port with the computer using the switch or directly.

4) Run the NetInstall application. Click the “Net booting” button, check “Boot Server” enabled and enter the IP address from the same subnet where the computer is located, for example, its NetInstall will temporarily assign it to the router. Any firewall on the computer must be disabled.

5) When the router is disconnected from the mains, press the “reset” button and continue to turn it on, wait for about half a minute until the NetInstall program displays a new device in the device list.

6) In “Packages”, click the “Browse” button and specify the directory with the firmware. In the list of devices (Routers/Drives) select a router, in the bottom of the list, tick the firmware to be downloaded to the router and click “Install”. The firmware is downloaded to the router and the status will be written “Waiting for reboot”, after which, instead of the install button, there will be a reboot button, and you will need to click it.

The router will boot with the new firmware. If there are any problems with the loading of the router, you can try to reset it to the standard settings by holding the reset button, or if there is a display, select “Restore settings” and enter the standard pin code 1234. Alternatively, restore via Netinstall with the tick “Keep Old Configuration” and indicating below your “Configure script”.

Firmware update of MikroTik devices

Updating the MikroTik firmware is easy enough, just open the web-interface of the device or WinBox, select “System” – “Packages” from the menu and click “Check For Updates”, if a new firmware is found, then click “Download & Upgrade”. The device will download the firmware from the official website and starts from it.

To flash MikroTik devices not to the newest version, or when the device does not have access to the Internet, I propose the following:

1) Download the firmware from the official website

2) Connect via WinBox (not through the web interface!), Select “Files” in the menu, a window will appear, just drag the firmware file with the *.npk extension and wait for the file to upload.

3) Reload the router. It will have to start with a new firmware.


To downgrade the firmware version, you need to perform steps 1 and 2, then connect to the device via telnet and run the command:

/system package downgrade

In case of problems, you can restore the router by following the instructions
Restoring MikroTik (RouterOS) using NetInstall

Setting up and using Traffic Flow in Mikrotik

Enable Traffic Flow on the Mikrotik router:

ip traffic-flow set enabled=yes cache-entries=4k set active-flow-timeout=30m inactive-flow-timeout=15s interfaces=all

View settings:

ip traffic-flow print

Specify the IP address and port of the computer that will receive the Traffic-Flow packets:

ip traffic-flow target add address= disabled=no version=9 v9-template-refresh=20 v9-template-timeout=30m


ip traffic-flow target add address= disabled=no version=5

View settings:

ip traffic-flow target print

To configure through the GUI, the settings can be found in the menu IP -> Traffic Flow.

For monitoring under Windows, you can install the program ManageEngine NetFlow Analyzer, which will work as a server, receive packets from the specified port and generate graphs and statistics via a web server that can be opened by the browser.

For monitoring under Linux, you can install and configure for example flow-tools.

Configuring an FTP server on MikroTik Router OS

Usually an FTP server on MikroTik Router OS is enabled and uses ports 20 and 21 for communication.
Connection type without encryption, login and password are same as for access to mikrotik.

You can connect by typing the ip address of the router in the browser’s address bar:

Via the graphical interface, the FTP service is turned off and turned on in the “IP” – “Service”

Through the command line:

ip service disable service_number
ip service enable service_number

View a list of services:

ip service print

To view the information about the files, you can run the following command:

file print detail
disk print detail

Configuring graphs in Mikrotik

The graphs are an excellent tool for monitoring the device’s processor load, disk and RAM, voltage and temperature, and the amount of traffic transmitted through network interfaces.
Via Winbox or the web-based interface, the settings can be found in the “Tools” -> “Graphing” menu.

I will describe the following commands in order:

Frequency of recording of collected data (standard 5 minutes):

tool graphing set store-every 24hours|5min|hour

The refresh rate of the chart page (standard 300):

tool graphing set page-refresh integer|never

Graphing interface
The IP range from which graphs are allowed to be viewed (standard

tool graphing interface allow-address ADDRESS

Description of the current record:

tool graphing interface comment TEXT

Determines whether the element is used:

tool graphing interface disabled yes|no

Determines which interface will be monitored (standard all):

tool graphing interface interface all|interface

Specifies whether to store collected information on the system disk (standard yes):

tool graphing interface store-on-disk yes|no

Graphing queue
The IP range from which graphs are allowed to be viewed (standard

tool graphing queue allow-address ADDRESS

Whether to allow access to schedules from queue’s target-address (standard yes):

tool graphing queue allow-target yes|no

Description of the current record:

tool graphing queue comment TEXT

Determines whether the element is used:

tool graphing queue disabled yes|no

Which queues will be monitored (everything is standard):

tool graphing queue simple-queue all|NAME

Specifies whether to store collected information on the system disk (standard yes):

tool graphing queue store-on-disk yes|no

Graphing resource
The IP range from which graphs are allowed to be viewed (standard

tool graphing resource allow-address ADDRESS

Description of the current record:

tool graphing resource comment TEXT

Determines whether the element is used:

tool graphing resource disabled yes|no

Specifies whether to store collected information on the system disk (standard yes):

tool graphing resource store-on-disk yes|no

You can see the graphs in the address bar of the browser http://ADDRESS/graphs/
If you reboot the router, the graphics will remain, if you update firmware, they will be deleted.

The solution of the error “Kernel failure” and “Out of memory” in Mikrotik

There was a problem, often began to reboot itself MikroTik CAS125-24G-1S-RM.
The firmware at that time was the last one – WebFig v6.9
The following information was displayed in the logs:

System rebooted because of kernel failure
Out of memory condition was detected
router was rebooted without proper shutdown

Having looked in “system” -> “resources” it was evident that the free memory of the device is constantly decreasing.
Then I began to recall what was involved and configured on the device.
Bumping into and looking “Cache Used” in “IP” -> “Web Proxy” it was evident that the size of the cache is constantly growing.
From here it was clear that when the device’s memory was running out and the kernel crashed.
Therefore, the solution to this problem was to restrict the proxy cache by specifying the maximum size in the “Max. Cache Size“.

Configuring Cloud in Mikrotik

Starting from the version of RouterOS v6.14, the Cloud function is added which allows using the Dynamic DNS name for a device that is automatically assigned and can be accessed by it even if the IP address is changed.

Example of switching through the console:

ip cloud set enabled=yes

Example of viewing parameters:

ip cloud print

Enable device time update with DDNS server time (if SNTP or NTP service is not configured):

ip cloud update-time yes/no

Immediate update of DDNS:

ip cloud force-update

View the DDNS name:

ip cloud dns-name

View the public IP address to which DDNS is bound:

ip cloud public-address

Binding DDNS to a local IP address instead of a public one, for example to, etc.)

ip cloud advanced use-local-address yes/no

View the current status of the Cloud (updated, updated, error, etc.):

ip cloud status

Through the graphical interface of the Cloud settings can be found in the menu “IP” – “Cloud”.

How to configure PPPoE in Mikrotik

To configure the PPPoE connection, open the web interface of the device by opening the link (its standard ip address) in any browser.
Then in the menu, open the tab “PPP“, push the button “Add” (red plus if via Winbox), choose “PPPoE Client“.
In the window that opens, specify the connection parameters, in the first tab “General” we indicate:

Name: (any word in English, this will be your PPP connection name)
Interfaces: ether1 (specify the WAN interface that looks towards the provider or PPPoE server)

Next, open the tab “Dial Out” and specify:
User: (PPP user name)
Password: (password)
Put a tick “Add Default Route” (if the routes are to be set automatically)
Put a tick “Use Peer DNS

Click “OK“, after which the connection will be configured and the letter “R” which means that the connection was successful.
If the letter does not appear, you can see the logs by clicking on the menu on the left “Log“, by which you can determine the connection error.

Mikrotik SMB – file server configuration

I will use the Mikrotik RB951G-2HnD router as an example.

Connect the media to the USB router.
Let’s look at the status:

store disk print

Format it:

store disk format-drive 1

Reboot the router:


Add storage:

store add name=share disk=usb1 type=user-manager activate=yes comment="test"

Add share:

ip smb share add name=test max-sessions=15 directory=/test disabled=no comment="test share"

Example of disabling share:

ip smb share disable

Enabling smb:

enable smb

I will give examples of some commands:
ip smb print (view parameters)
ip smb set allow-guests yes/no (allows connection to guest users without entering a password, standard yes)
ip smb set comment TEXT (comment, standard MikrotikSMB)
ip smb set domain NAME (setting the name of the workgroup, standard MSHOME)
ip smb set enabled yes/no (SMB on/off, standard no)
ip smb set interfaces all/wlan1/bridge-local/… (installation of interfaces on which SMB will be started, standard all)

ip smb users add read-only=no name=LOGIN password=PASSWORD disabled=no (user creation)
ip smb users disable (disabling the user)
ip smb users enable (user activation)
ip smb users print (view the list of users)
ip smb users remove (deletion of the user)
ip smb users set read-only=no name=LOGIN password=PASSWORD (user change)

ip smb share enable
ip smb share print (view share list)
ip smb share remove
ip smb share set (changing the parameters of the share)

To get help, use the “?” character on the command line.
To go to the level above – “..”.

Example of configuring the firewall for smb:

add action=accept chain=input disabled=no dst-port=137-138 protocol=udp src-address-list=smb-allow
add action=accept chain=input disabled=no dst-port=137,139 protocol=tcp src-address-list=smb-allow
ip firewall address-list add address= disabled=no list=smb-allow

Official documentation:

You can also connect a hard drive to the router via the USB-SATA adapter.