Mikrotik quick set lte ap
Support for Direct-IP mode type cards only. MBIM support is available in RouterOS v7 releases and MBIM driver is loaded automatically. If modem is not recognized in RouterOS v6 — Please test it in v7 releases before asking for support in RouterOS v6.
To enable access via a PPP interface instead of a LTE Interface, change direct IP mode with /port firmware set ignore-directip-modem=yes command and a reboot. Note that using PPP emulation mode you may not get the same throughput speeds as using the LTE interface emulation type.
In RouterOS v7 ignore-direct-modem parameter is moved under /interface lte settings menu
|allow-roaming (yes | no; Default: no)||Enable data roaming for connecting to other countries data-providers. Not all LTE modems support this feature. Some modems, that do not fully support this feature, will connect to the network but will not establish an IP data connection with allow-roaming set to no.|
|apn-profiles (string; Default: default)||Which APN profile to use for this interface|
|band (integer list; Default: «»)||LTE Frequency band used in communication LTE Bands and bandwidths|
|nr-band (integer list; Default: «»)||5G NR Frequency band used in communication 5G NR Bands and bandwidths|
|comment (string; Default: «»)||Descriptive name of an item|
|disabled (yes | no; Default: yes)||Whether interface is disabled or not. By default it is disabled.|
|modem-init (string; Default: «»)||Modem init string (AT command that will be executed at modem startup)|
|mtu (integer; Default: 1500)||Maximum Transmission Unit. Max packet size that LTE interface will be able to send without packet fragmentation.|
|name (string; Default: «»)||Descriptive name of the interface.|
|network-mode (3g | gsm | lte | 5g)||Select/force mode for LTE interface to operate with|
|operator (integer; Default: «»)||used to lock device to specific operator full PLMN number is used for lock consisting from MCC+MNC. PLMN codes|
|pin (integer; Default: «»)||SIM Card’s PIN code.|
All network related settings are moved under profiles, starting from RouterOS 6.41
|add-default-route (yes | no)||Whether to add default route to forward all traffic over the LTE interface.|
|apn (string)||Service Provider’s Access Point Name|
|authentication (pap | chap | none; Default: none)||Allowed protocol to use for authentication|
|default-route-distance (integer; Default: 2)||Sets distance value applied to auto created default route, if add-default-route is also selected. LTE route by default is with distance 2 to prefer wired routes over LTE|
|ip-type (ipv4 | ipv4-ipv6 | ipv6; Default: )||Requested PDN type|
|ipv6-interface (; Default: )||Interface on which to advertise IPv6 prefix|
|name (string; Default: )||APN profile name|
|number (integer; Default: )||APN profile number|
|passthrough-interface (; Default: )||Interface to passthrough IP configuration (activates passthrough)|
|passthrough-mac (MAC; Default: auto)||If set to auto, then will learn MAC from first packet|
|password (string; Default: )||Password used if any of the authentication protocols are active|
|use-network-apn (yes | no; Default: yes)||Parameter is available starting from RouterOS v7 and used only for MBIM modems. If set to yes, uses network provided APN.|
|use-peer-dns (yes | no; Default: yes)||If set to yes, uses DNS recieved from LTE interface|
|user (integer)||Username used if any of the authentication protocols are active|
It is possible to scan LTE interfaces with /interface lte scan command
Available read only properties:
|duration (integer)||Duration of scan in seconds|
|freeze-frame-interval (integer)||time between data printout|
|number (integer)||Interface number or name|
User Info command
It is possible to send special «info» command to LTE interface with /interface lte info command. In RouterOS v7 this command is moved to /interface lte monitor menu.
Properties (Up to 6.40)
|user-command (string; Default: «»)||send a command to LTE card to extract useful information, e.g. with AT commands|
|user-command-only (yes | no; Default: )|
User at-chat command
It is possible to send user defined «at-chat» command to LTE interface with /interface lte at-chat command.
You can also use «at-chat» function in scripts and assign command output to variable.
Quick setup example
Start with network settings —
Start with network settings — Add new connection parameters under LTE apn profile (provided by network provider):
Select newly created profile for LTE connection:
LTE interface should appear with running (R) flag:
From RouterOS=>6.41 DHCP client is added automatically. If it’s not added — add a DHCP Client to LTE Interface manually:
If required, add NAT Masquerade for LTE Interface to get internet to the local network:
After interface is added, you can use «info» command to see what parameters client acquired (parameters returned depends on LTE hardware device):
Starting from RouterOS v6.41 some LTE interfaces support LTE Passthrough feature where the IP configuration is applied directly to the client device. In this case modem firmware is responsible for the IP configuration and router is used only to configure modem settings — APN, Network Technologies and IP-Type. In this configuration the router will not get IP configuration from the modem. The LTE Passthrough modem can pass both IPv4 and IPv6 addresses if that is supported by modem. Some modems support multiple APN where you can pass the traffic from each APN to a specific router interface.
Passthrough will only work for one host. Router will automatically detect MAC address of the first received packet and use it for the Passthrough. If there are multiple hosts on the network it is possible to lock the Passthrough to a specific MAC. On the host on the network where the Passthrough is providing the IP a DHCP-Client should be enabled on that interface to. Note, that it will not be possible to connect to the LTE router via public lte ip address or from the host which is used by the passthrough. It is suggested to create additional connection from the LTE router to the host for configuration purposes. For example vlan interface between the LTE router and host.
To enable the Passthrough a new entry is required or the default entry should be changed in the ‘/interface lte apn’ menu
Quickset is a simple configuration wizard page that prepares your router in a few clicks. It is the first screen a user sees, when opening the default IP address 192.168.88.1 in a web browser.
Quickset is available for all devices that have some sort of default configuration from factory. Devices that do not have configuration must be configured by hand. The most popular and recommended mode is the HomeAP (or HomeAP dual, depending on the device). This Quickset mode provides the simplest of terminology and the most common options for the home user.
Depending on the router model, different Quickset modes might be available from the Quickset dropdown menu:
- CAP: Controlled Access Point, an AP device, that will be managed by a centralised CAPsMAN server. Only use if you have already set up a CAPsMAN server.
- CPE: Client device, which will connect to an Access Point (AP) device. Provides option to scan for AP devices in your area.
- HomeAP: The default Access Point config page for most home users. Provides less options and simplified terminology.
- HomeAP dual: Dual band devices (2GHz/5GHz). The default Access Point config page for most home users. Provides less options and simplified terminology.
- Home Mesh: Made for making bigger WiFi networks. Enables the CAPsMAN server in the router, and places the local WiFi interfaces under CAPsMAN control. Just boot other MikroTik WiFi APs with the reset button pressed, and they will join this HomeMesh network (see their Quick guide for details)
- PTP Bridge AP: When you need to transparently interconnect two remote locations together in the same network, set one device to this mode, and the other device to the next (PTP Bridge CPE) mode.
- PTP Bridge CPE: When you need to transparently interconnect two remote locations together in the same network, set one device to this mode, and the other device to the previous (PTP Bridge AP) mode.
- WISP AP: Similar to the HomeAP mode, but provides more advanced options and uses industry standard terminology, like SSID and WPA.
This is the mode you should use if you would like to quickly configure a home access point.
Set up your wireless network in this section:
- Network Name: How will your smartphone see your network? Set any name you like here. In HomeAP dual, you can set the 2GHz (legacy) and 5GHz (modern) networks to the same, or different names (see FAQ). Use any name you like, in any format.
- Frequency: Normally you can leave «Auto», in this way, the router will scan the environment, and select the least occupied frequency channel (it will do this once). Use a custom selection if you need to experiment.
- Band: Normally leave this to defaults (2GHz b/g/n and 5GHz A/N/AC).
- Use Access List (ACL): Enable this if you would like to restrict who can connect to your AP, based on the users MAC (hardware) address. To use this option, first you need to allow these clients to connect, and then use the below button «Copy to ACL». This will copy the selected client to the access list. After you have build an Access list (ACL), you can enable this option to forbid anyone else to attempt connections to your device. Normally you can leave this alone, as the Wireless password already provides the needed restrictions.
- WiFi Password: The most important option here. Sets a secure password that also encrypts your wireless communications.
- WPS accept: Use this button to grant access to a specific device that supports the WPS connection mode. Useful for printers and other peripherals where typing a password is difficult. First start WPS mode in your client device, then once click the WPS button here to allow said device. Button works for a few seconds and operates on a per-client basis.
- Guest network: Useful for house guests who don’t need to know your main WiFi password. Set a separate password for them in this option. Important! Guest users will not be able to access other devices in your LAN and other guest devices. This mode enabled Bridge filters to prevent this.
- Wireless clients: This table shows the currently connected client devices (their MAC address, if they are in your Access List, their last used IP address, how long are they connected, their signal level in dBm and in a bar graph).
- Port: Select which port is connected to the ISP (internet) modem. Usually Eth1.
- Address Acquisition: Select how the ISP is giving you the IP address. Ask your service provider about this and the other options (IP address, Netmask, Gateway).
- MAC address: Normally should not be changed, unless your ISP has locked you to a specific MAC address and you have changed the router to a new one.
- Firewall router: This enables secure firewall for your router and your network. Always make sure this box is selected, so that no access is possible to your devices from the internet port.
- MAC server / MAC Winbox: Allows connection with the [Winbox utility https://mt.lv/winbox] from the LAN port side in MAC address mode. Useful for debugging and recovery, when IP mode is not available. Advanced use only.
- Discovery: Allows the device to be identified by model name from other RouterOS devices.
- IP address: Mostly can stay at the default 192.168.88.1 unless your router is behind another router. To avoid IP conflict, change to 192.168.89.1 or similar
- Netmask: In most situations can leave 255.255.255.0
- Bridge all LAN ports: Allows your devices to communicate to each other, even if, say, your TV is connected via ethernet LAN cable, but your PC is connected via WiFi.
- DHCP server: Normally, you would want automatic IP address configuration in your home network, so leave the DHCP settings ON and on their defaults.
- NAT: Turn this off ONLY if your ISP has provided a public IP address for both the router and also the local network. If not, leave NAT on.
- UPnP: This option enables automatic port forwarding («opening ports to the local network» as some call it) for supported programs and devices, like your NAS disks and peer-to-peer utilities. Use with care, as this option can sometimes expose internal devices to the internet without your knowledge. Enable only if specifically needed.
If you want to access your local network (and your router) from the internet, use a secure VPN tunnel. This option gives you a domain name where to connect to, and enables PPTP and L2TP/IPsec (the second one is recommended). The username is ‘vpn’ and you can specify your own password. All you need to do is enable it here, and then provide the address, username and password in your laptop or phone, and when connected to the VPN, you will have a securely encrypted connection to your home network. Also useful when travelling — you will be able to browse the internet through a secure line, as if connecting from your home. This also helps to avoid geographical restrictions that are set up in some countries.
- Check for updates: Always make sure your device is up to date with this button. Checks if an updated RouterOS release is available, and installs it.
- Password: Sets the password for the device config page itself. Make sure nobody can access your router config page and change the settings.
Q: How is Quickset different from the Webfig tab, where a whole bunch of new menus appear?
A: QuickSet is for new users who only need their device up and running in no time. It provides the most commonly used options in one place. If you need more options, do not use any Quickset settings at all, click on «Webfig» to open the advanced configuration interface. The full functionality is unlocked.
Q: Can I use Quickset and Webfig together? While settings that are not conflicting can be configured this way, it is not recommended to mix up these menus.
A: If you are going to use Quickset, use only Quickset and vice versa. What’s is difference between Router and Bridge mode? Bridge mode adds all interfaces to the bridge allowing to forward Layer2 packets (acts as a hub/switch). In Router mode packets are forwarded in Layer3 by using IP addresses and IP routes (acts as a router).
Q: In HomeAP mode, should the 2GHz and 5GHz network names be the same, or different?
A: If you prefer that all your client devices, like TV, phones, game consoles, would automatically select the best preferred network, set the names identically. If you would like to force a client device to use the faster 5GHz 802.11ac connection, set the names unique.
Q: Can I create an AP without security settings — no password or connect to such AP while using QuickSet?
A: QuickSet uses WPA2 pre-shared key by default. It means that the minimal password length is 8 symbols and the device can only connect to WPA2 secured AP or serve as AP itself. For configurations with no security settings, you need to configure them manually using WinBox, Webfig, or console.