Users and Services

Yaser Rahmati | یاسر رحمتی

MikroTik RouterOS provides a robust system for managing users and services on your router. This includes user management for accessing and configuring the router, as well as managing various services that the router offers. Here's a detailed overview of these aspects:

1. User Management in RouterOS

Creating and Managing Users

User Accounts:

  • View Users:

user print

Lists all user accounts on the router.

  • Add User:

user add name=username password=password group=group

Replace username, password, and group with the desired values.

  • Remove User:

user remove [find name=username]

Replace username with the actual username of the account to be removed.

  • Change User Password:

user set [find name=username] password=newpassword

Replace username and newpassword with the appropriate values.

User Groups:

  • View User Groups:

user group print

  • Add User Group:

user group add name=groupname

  • Remove User Group:

user group remove [find name=groupname]

  • Assign User Group: When adding a user, specify the group:

user add name=username password=password group=groupname

User Privileges:

  • Admin Group: Provides full access to all router functions.

  • Read Group: Allows users to view configurations but not make changes.

  • Write Group: Allows users to make changes but not access sensitive settings.

Access Control

  • User Roles: Different roles (groups) have varying levels of access. For instance, the full group has complete access, while read allows only viewing configurations.

  • Login Security: Ensure strong passwords and consider limiting access by IP address for added security.

2. Services in RouterOS

RouterOS offers a range of services that can be managed via the CLI or graphical interfaces. These services include:

Network Services:

  • DHCP Server:

    • View Configuration:

    ip dhcp-server print

    • Add DHCP Server:

    ip dhcp-server add name=dhcp1 interface=ether1 address-pool=dhcp_pool

    • Configure Address Pool:

    ip pool add name=dhcp_pool ranges=192.168.1.10-192.168.1.100

  • DNS Server:

    • View DNS Configuration:

    ip dns print

    • Configure DNS Server:

    ip dns set servers=8.8.8.8,8.8.4.4

  • NAT (Network Address Translation):

    • View NAT Rules:

    ip firewall nat print

    • Add NAT Rule:

    ip firewall nat add chain=srcnat action=masquerade out-interface=ether1

Management Services:

  • SSH:

    • Enable SSH Service:

    ip service enable ssh

    • Change SSH Port:

    ip service set ssh port=2222

  • HTTP/HTTPS (Web Interface):

    • Enable Web Access:

    ip service enable www
ip service enable www-ssl

    • Change HTTP/HTTPS Port:

    ip service set www port=8080
ip service set www-ssl port=8443

  • Winbox:

    • Enable Winbox Access:

    ip service enable winbox

    • Change Winbox Port:

    ip service set winbox port=8291

  • Telnet:

    • Enable Telnet Service:

    ip service enable telnet

    • Change Telnet Port:

    ip service set telnet port=2323

Security Considerations:

  • Disable Unused Services: To reduce security risks, disable services that are not in use.

  • Change Default Ports: Alter default ports for services to avoid common attacks.

  • Use Strong Passwords: Ensure that all accounts use strong, unique passwords.

3. Service Management Commands

  • List Services:

ip service print

  • Disable a Service:

ip service disable service_name

Replace service_name with the actual service you wish to disable (e.g., telnet, www, etc.).

  • Enable a Service:

ip service enable service_name

By effectively managing users and services, you can ensure your MikroTik router operates securely and efficiently, tailored to your specific network needs.

Keywords

MikroTik, RouterOS, RouterBOARD, wireless networking, ISP, WISP, networking equipment, routers, switches, Cloud Core Router, CCR, SXT, LTE integration, 5G, cybersecurity, network security, networking software, networking hardware, Latvia, John Trully, Arnis Riekstiņš, MikroTik Academy, MUM events, network management, hotspot, VLAN, firewall, VPN, QoS, bandwidth management, traffic shaping, wireless access point, CAPsMAN, WinBox, PoE, mesh networking, routing protocols, MPLS, OSPF, BGP, MikroTik training

میکروتیک, روتر او اس, روتر برد, شبکه بی‌سیم, آی اس پی, وایرلس آی اس پی, تجهیزات شبکه, روترها, سوییچ‌ها, کلود کور روتر, سی سی آر, اس ایکس تی, ادغام ال تی ای, 5G, امنیت سایبری, امنیت شبکه, نرم‌افزار شبکه, سخت‌افزار شبکه, لتونی, جان ترولی, آرنیس ریکسینش, آکادمی میکروتیک, رویدادهای مام, مدیریت شبکه, هات اسپات, وی‌لَن, فایروال, وی‌پی‌ان, کیو‌اُ‌اس, مدیریت پهنای باند, شکل‌دهی ترافیک, نقطه دسترسی بی‌سیم, کپزمن, وین‌باکس, پی او ای, شبکه مش, پروتکل‌های مسیریابی, ام پی ال اس, اُ اس پی اف, بی جی پی, آموزش میکروتیک

External Links

🌐 Personal Website 📄 Resume 🎥 Video Archive 💼 Finance Blog 🔐 Network & Security Notebook 🎬 Aparat Channel

PreviousPackage ManagementNextReset Configuration

Last updated