Basics - Winbox, DHCP

Basics - Winbox, DHCP

To begin with, we will proceed to the installation of the program Winbox - a "must have" if you use MikroTik. Although RouterOS has its web access, the disadvantage of MikroTik is its prevalence and web access is the first target. The advantage of Winbox is that it can scan connected devices without knowing the IP or MAC address and uses its own customizable port 8291 for connection. Otherwise, the functions and appearance of the web interface and Winbox are almost identical.

This guide is identical for any MikroTik device with RouterOS, from a cheap hap mini for 20 € to big rack routers.

Downloading and Installing Winbox

On the MikroTik website in the Software section, download the installer for Windows and install it.

Mikrotik Winbox

For Linux users, Winbox is available, for example, in snapstore:

$ sudo snap install winbox

After installation, start Winbox, connect your MikroTik router with a cable to any port labeled "2" and above and connect it to your computer.

Port 1 is usually WAN and may have a firewall.

In the Neighbors tab you should find your device. The default login is username admin and the account has no password.

Mikrotik Winbox Connect

We are currently using RouterOS version 7.x. For standard home use, we use the default configuration. If you have version 6.x, I recommend upgrading MikroTik to RouterOS 7. Simply download the latest RouterOS for your router from the website and upload the downloaded .npk file in the Files tab. When you reboot, the .npk file will be used to upgrade your router.

Getting started with configuration

The first step will be to turn off all services that we will not be using. In the IP-> Services tab, we only leave Winbox and possibly SSH. You can customize Winbox port if you want. (Choose above 25000 as the major scans are scanned from etc. 1 - 10000 range because Higher range = Slower performance)

MikroTik - Services

Then in the System->Users tab, we deactivate the default admin, create our own, and also save one backup account with admin rights (full). The rule of administrators applies - always have two admin accounts.

MikroTik - Users

Basic settings for the primary network and guest network

In our model example, we want to have one primary home network and one guest network. Guests cannot see the primary network or each other and only have access to the internet. We do not address Ethernet ports, where the home network is everywhere, and we assume that when we have someone at home, they are a trustworthy persons. It is also popular to have a third network for various IoT devices such as smart vacuum cleaners, refrigerators, Alexas, etc. You can create this third network the same way as the guest network in the examples below, but it's not "must have" as guest network is isolated as well.

In the Bridge tab, we add another bridge for guests called bridge_guest in addition to the default bridge.

MIkroTik - Bridge Guest

In the IP->Addresses tab, add two new ranges for the home and guest networks. In our example, we chose for the home network and for the guests.

Mikrotik - Addresses

Then, in the IP->Pool tab, add ranges of addresses that you want to assign to each network.

Mikrotik - Pool

Next step, in the IP->DHCP Server tab, modify the existing default record for the home network:

Mikrotik - DHCP Home network

Then, add a new record with the "+" icon for the guest network:

Mikrotik - DHCP Guest network

and in the Networks tab, add both networks:

Mikrotik DHCP Networks

Here it is. Now delete the default address 192.168.88.x from the records in the tabs IP->DHCP Server -> Networks, IP->Pool, IP-> Addresses. Disconnect and you should see that your MikroTik now has an address such as as in our model case.

Why do we choose the 10.x.x.x range?

In a corporate environment, we often encounter the range of,, etc. If you have a VPN there and hit the same range, you get into conflict. That's why in home conditions, we rely on the range of 10.x.x.x

Changing the default SSID (WiFi network name), password and adding an SSID for guests

In the Wireless -> Security Profiles tab, modify the default settings according to the first screen. Enter your own password, at least 8 characters long, and also add a security profile for the guest network:

MikroTik - Security Profile Home network

For guests:

MikroTik - Security Profile Guest network

Now we switch to Wireless -> WiFi Interfaces and modify the network name (SSID) and optionally change the security profile (password) in the first record. In our case, we changed the default profile:

Mikrotik Home WiFi

Click the "plus" icon and add a "Virtual" interface. Enter the network SSID for guests and the security profile:

Mikrotik Guest WiFi

To enable the guest network, we also add "wlan2" to the bridge_guest we created at the beginning. After connecting to the guest network, you will not be able to see the primary network, which is the purpose.

Mikrotik Guest Bridge

Similarly, you can also add a third network, for example for IoT devices that you do not trust.

Rate the article:

Average: 3.4 (30 votes)

Support Us:

Add comment:

Add comment

Newest articles in blog

Shelly OpenHAB MQTT
Shelly vs OpenHABRating: 

The Shelly brand is known for its products that primarily communicate over WiFi, including smart plugs, relay switches, blinds control relays, and many other devices. One of the advantages for deployment is the ability to both read and control these devices using the universal MQTT protocol. Across existing add-ons for both OpenHAB and Home Assistant, we will demonstrate how to use Shelly devices without installing any additional extensions.

Victron & OpenHAB
Victron vs Smart HomeRating: 

In this post, we will show you how to retrieve information from a photovoltaic power plant by Victron. We will connect to the Cerbo unit via MQTT. Based on these values, we can control various appliances (heating, boiler, etc.) and prevent the battery from being drained when they don't need to be.

Smart Home GoodWe inverter
Smart Home vs GoodWeRating: 

In the post, we will demonstrate step by step how to communicate directly with the GoodWe inverter in a smart home setup and obtain real-time information (unlike the SEMS portal). This information is essential if we want to react to current parameters in a smart home, such as activating additional cooling or controlling a socket with a various load.

Voice control smart home
Voice control of the houseRating: 

In this article, we will connect the Amazon Echo Dot voice assistant with open source home automation. We won't be using OpenHAB Cloud, so everything runs locally. In this case, a few additional settings are necessary, but the result is worth it!

MikroTik - Winbox, DHCP, Ranges
Basics - Winbox, DHCPRating: 

In this series, we will look at the step-by-step setup of MikroTik devices for home users or a small business (up to 25 people). In the first article, we will focus on the initial setup - we will download Winbox and set up DHCP for the primary network and guest network. Similarly, we will also adjust the WiFi settings.

Alarm Smart Home PIR
Alarm from existing PIR sensors in a smart home.Rating: 

In a your smart home, PIR sensors may not only be used to switch lights on and off based on motion, it is possible to utilize these sensors to detect the presence of motion in a particular room. This information can be used to create a relatively reliable uncertified home security system. In this guide, you will find the logic for how this can work in the OpenHAB software in our model smart home.

NFC Tag Example in Smart Home
NFC tags in smart homeRating: 

NFC (Near Field Communication) tags are small plastic or paper stickers that can be used to automate various functions in the smart home. In this article, we will show you examples of use and a guide on how to write an action on an NFC tag using a mobile phone.

WireGuard iOS
WireGuard on iOS devicesRating: 

In this article, you will find a detailed guide on how to connect to WireGuard VPN from iOS.

WireGuard on Android device
WireGuard on Android devicesRating: 

In this article, you will find a detailed guide on how to connect to WireGuard VPN from Android.

WireGuard on MikroTikRating: 

This article describes the self setup of the WireGuard VPN protocol on MikroTik devices with RouterOS version 7 and higher. This phenomenal VPN is very fast, secure, and easily configurable in a home environment. It can be said that it is currently the best VPN for home use available.