For example, I will set up MikroTIk CRS106-1C-5S. This device is a great budget switch that can also work as a router. In my case, it was perfect for an educational institution, there is a combo port on the back wall, which I configured as a WAN and the Internet was connected to it (from GPON ONU with a twisted pair cable), and managed switches were connected to the front 5 SFP ports.
Connect to the device by entering the IP address 192.168.88.2 on the computer and opening 192.168.88.1 in the browser.
In the System – Packages menu, you can immediately disable what is not useful, for example, wireless, hotspot, mpls, ppp.
Then I did the setup via Quick Set.
After that, I checked the configuration through the console port, connecting with a standard console cable (pinout like D-Link, Huawei S2326 and others). Or you can connect to any of the front SFP ports and open 192.168.88.1 in a browser.
I will give an example of a configuration that was created through Quick Set:
export terse
/interface bridge add admin-mac=DC:2C:6E:00:00:00 auto-mac=no comment=defconf name=bridge
/interface list add name=WAN
/interface list add name=LAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=ixnfo.com
/ip hotspot profile set [ find default=yes ] html-directory=flash/hotspot
/ip pool add name=dhcp ranges=192.168.88.5-192.168.88.254
/ip dhcp-server add address-pool=dhcp disabled=no interface=bridge name=dhcp1
/interface bridge port add bridge=bridge comment=defconf disabled=yes interface=combo1
/interface bridge port add bridge=bridge comment=defconf interface=sfp1
/interface bridge port add bridge=bridge comment=defconf interface=sfp2
/interface bridge port add bridge=bridge comment=defconf interface=sfp3
/interface bridge port add bridge=bridge comment=defconf interface=sfp4
/interface bridge port add bridge=bridge comment=defconf interface=sfp5
/ip neighbor discovery-settings set discover-interface-list=none
/interface list member add interface=combo1 list=WAN
/interface list member add interface=bridge list=LAN
/ip address add address=192.168.88.1/24 interface=sfp1 network=192.168.88.0
/ip dhcp-client add disabled=no interface=combo1
/ip dhcp-server network add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip firewall nat add action=masquerade chain=srcnat out-interface-list=WAN
For some reason, Quick Set did not specify DNS in the DHCP settings, at least itself, without which the Internet will not work for clients, so you need to specify DNS (I did not specify the local caching IP 192.168.88.1 in order not to make an extra load, since the processor of the switch is rather weak ):
/ip dhcp-server network add address=192.168.88.0/24 dns-server=1.1.1.1,8.8.4.4 gateway=192.168.88.1 netmask=24
I also allowed remote access and ping from a specific IP (Quick Set did not create rules in Filter, so my rules did not have to be raised):
/ip firewall filter add action=accept chain=input dst-port=80 protocol=tcp src-address=10.20.0.200
/ip firewall filter add action=accept chain=input in-interface=combo1 protocol=icmp src-address=10.20.0.200
Specified the time zone to see the correct time in the logs:
/system clock set time-zone-name=Europe/Kiev
Command to view logs:
log print
Also disabled unnecessary services: telnet, ftp, api:
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set api disabled=yes
/ip service set api-ssl disabled=yes
See also my other articles about MikroTik
How to set up MikroTik CRS212-1G-10S-1S+ IN
Solution for heavy CPU load MikroTik CRS106-1C-5S