I started off with a configuration guide for the Mikrotik RB750Gr3 however as others rightfully pointed out the configuration I posted had hardcoded MAC addresses (fail) and thus I pulled it to write a better guide. I thought instead of focusing on one Mikrotik router I'd focus on a general configuration for most Mikrotik routers out there.

Configuration:
Whilst I do know it is tempting to create a configuration with all the things this guide is more focusing on getting an internet connection via a secured router. This guide will touch on the basics of:

- Basic Configuration (PPPoE + IPoE) connections for use with UFB or FibreX.
- Basic network configuration.
- Firewall Configuration as per recommended standards.

Before you start:

You'll need a PC / Laptop with Ethernet ideally Windows based (not required - but the screenshots below will be via Winbox). Speaking of which, you'll also need Winbox and Mikrotik have removed this off their latest routers in favor for a download off their website so grab it here and put it somewhere safe.

Unpackage your shiny (or beige) router and set it up - you're ready to start. The router I am using for this guide is the Mikrotik RB3011UiAS.

Now, getting started:

Quite literally I am resetting the router I've been using for the last week and setting things up from scratch. I anticipate my phone to go crazy from the notifications I'm about to get from external monitoring.

When you first boot up a Mikrotik router their default IP range sits on 192.168.88.0/24 with the routers IP address sitting on 192.168.88.1. On the 2 routers I've got here they come default with their DHCP server responding on Port 2. Confirm your computer has an IP on that range or if not, set your PC with an IP of 192.168.88.2/24.

Open up Winbox and connect to your router with the IP of 192.168.88.1, username admin with no password:

Next, you'll likely have Winbox inform you about the parameters of the default configuration - we'll be keeping this as a starting point in our guide so just press OK:

Now, with that out of the way we're going to first use the Quick Set guide to initially set up the router. This gives you a good starting point to setting things up:

You can essentially follow through this guide to create a starting configuration. If you are not on a VLAN'd connection then once you hit apply you'll have internet with default firewall rules but as we know most of NZ is on a VLAN'd connection (via UFB or FibreX).

- For FibreX, IPoE (Orcon and maybe some others) your configuration will look like this:

- For PPPoE (most providers) your configuration will look something like this:

Please pay special attention to the Password field at the very bottom of the wizard as this is where you secure your router with a password. Also you're able to configure your IP address + range here too (in this example I'll be using 192.168.2.0/24).

If you're not on a VLAN'd connection then this is honestly all you're needing to do - congrats. You've now configured your router with the basics however if you are on a VLAN'd connection (like myself) then you'll need to go through some additional steps to get internet connectivity.

VLAN'd Connections (PPPoE):
Skip this for IPoE connections...

So at this point you've got the basic configuration on your router but you're still needing additional configuration in order to make it work. Fear not, it is pretty simple once you know where to look.

Click on Interfaces. You'll be presented with a screen like so:

Up in the top left corner of the Interface List window you'll notice a blue + - you'll want to click on this and add a new VLAN.

Name it something meaningful, set its MTU to 1500 and set the VLAN ID to 10. The interface is the port your ONT is connected to (in my case ether1).

Next, double-click on pppoe-out1 in the interfaces list and assign it to your VLAN:

Straight after hitting Apply I had an internet connection via PPPoE on VLAN 10 with the default firewall rules applied (passing the GRC ShieldsUP! test). This gave me a pretty solid speed on my BigPipe Gigabit UFB connection with around 35% CPU load:

VLAN'd Connections (IPoE):

If you've got an IPoE connection (Vodafone FibreX, Orcon, BigPipe IPoE) there is additional configuration and also some additional security considerations so we'll be doing things a little different.

Click on Interfaces. You'll be presented with a screen like so:

Up in the top left corner of the Interface List window you'll notice a blue + - you'll want to click on this and add a new VLAN.

Name it something meaningful, set its MTU to 1500 and set the VLAN ID to 10. The interface is the port your ONT is connected to (in my case ether1).

Then once you hit OK you'll see your VLAN in the list:

Now, click on IP then Firewall (on the left menu bar) - there are 2 rules we'd like to edit here (highlighted):

Change the In. Interface of both rules to your newly connected VLAN:

Next, go to IP then DHCP Client (on the left menu) and double-click on the only rule there - change the interface to your VLAN interface:

You should note it'll get an IP however you'll still not have any internet. Lets fix that, go back to the Firewall config and click "NAT" at the very top of the window - double-click on the only rule there and change the Out. Interface to your VLAN:

And done! You'll now have internet and also pass the GRC ShieldsUP! test. A test on this connection type (same connection) makes my Mikrotik sit at around 30% CPU load:

Conclusion:

On the Mikrotik RB3011 I've found no difference between PPPoE and IPoE however on the Mikrotik RB750Gr3 I've found that IPoE performs much better (it peaks out at around 650Mbit on PPPoE in my tests). If you've got a PPPoE connection I'd strongly recommend going towards one of the newer ARM based Mikrotiks. The RB750Gr3 is a great router but what makes it fail is the older MIPS processor it is running. I have no idea if this can be improved by firmware in the future.

The routers used were kindly provided by Go Wireless for my testing. The router used for the above tutorial was the Mikrotik RB3011UiAS-RM which is a larger router great for office use however I've tested the same guide on the Mikrotik RB750Gr3 which is a great router if you're just wanting to get started with Mikrotik.

There are many things you can do with the Mikrotik series of routers (even running an ISP) but if I was going to touch on every point I'll be here all night. The Mikrotik Wiki is a great place to get started along with the general Geekzone community who have several members with expert Mikrotik experience potentially willing to lend a hand for home baking or beer.