~/tags

Routeros

2026-04-03
Final security checklist: verifying the network before calling it ready
Final security checklist for a MikroTik network: baseline, VLANs, firewall, Wi-Fi, IPv6, VPN, DNS, monitoring, backups, and DR.
mikrotikrouterossecuritychecklist
2026-04-02
Disaster recovery: restoring the network after router failure or configuration mistakes
Disaster recovery for a MikroTik network: lockout recovery, hardware replacement, runbook, documentation, and restore checks.
mikrotikrouterosdisaster-recoverybackup
2026-04-01
Automated backups: binary backup, export, scheduler, and off-router storage
Automated backups for MikroTik: binary backup, export, scheduler, external storage, retention, and restore testing.
mikrotikrouterosbackupautomation
2026-03-31
Monitoring and alerts: WAN, VPN, CPU/RAM, DHCP pools, logs, and notifications
Monitoring and alerts for MikroTik: WAN, VPN, CPU/RAM, DHCP pools, DNS, backups, logs, SNMP, and actionable alerts.
mikrotikrouterosmonitoringalertssnmp
2026-03-30
Logging strategy: which events to write, where to send them, and how not to drown the router in logs
Logging strategy for MikroTik: security events, firewall prefixes, remote syslog, script logs, and noise control.
mikrotikrouterosloggingsyslog
2026-03-29
Dual WAN and failover: backup ISP, routes, checks, and notifications
Dual WAN on MikroTik: route distance, recursive checks, NAT, DNS, WireGuard, failover/failback, and notifications.
mikrotikrouterosdual-wanfailover
2026-03-28
QoS and traffic shaping: queues, CAKE/FQ-CoDel, and congestion control
QoS and traffic shaping on MikroTik: bottleneck shaping, queues, CAKE/FQ-CoDel, FastTrack, and latency testing.
mikrotikrouterosqostraffic-shaping
2026-03-27
FastTrack on MikroTik: acceleration, exceptions, and side effects
How to use FastTrack on MikroTik without breaking QoS, mangle, policy routing, and observability.
mikrotikrouterosfasttrackperformance
2026-03-25
DoH DNS and DNS policy: MikroTik DNS cache, enforcement, and limitations
DNS policy on MikroTik: DNS cache, DoH upstream, enforcement by VLAN, and the limits of blocking client DoH.
mikrotikrouterosdnsdohsecurity
2026-03-24
WireGuard on MikroTik: road-warrior, site-to-site, and limited access to VLANs
Configuring WireGuard on MikroTik for road-warrior and site-to-site scenarios with limited VLAN access.
mikrotikrouteroswireguardvpn
2026-03-23
IPv6 on MikroTik: prefix delegation, RA/SLAAC, and a separate firewall
Enabling IPv6 on MikroTik deliberately: prefix delegation, RA/SLAAC, DNS, and a separate firewall for VLANs.
mikrotikrouterosipv6firewall
2026-03-22
CAPsMAN in RouterOS 7: centralized Wi-Fi, SSID, and VLAN per SSID
Centralized Wi-Fi through CAPsMAN in RouterOS 7: SSID, security profiles, VLAN per SSID, and management VLAN for APs.
mikrotikrouteroscapsmanwifivlan
2026-03-21
mDNS and service discovery between VLANs: Chromecast, AirPlay, printers, and smart home
How to design mDNS and service discovery between VLANs without undoing IoT, Guest, and LAN isolation.
mikrotikrouterosmdnsservice-discoveryvlan
2026-03-20
IoT isolation: a separate segment for smart devices without breaking smart home
Isolating IoT in a separate VLAN with DHCP/DNS, firewall policy, address-lists, and controlled access from trusted segments.
mikrotikrouterosiotvlansecurity
2026-03-19
Guest Wi-Fi through a separate VLAN: internet access without LAN access
Guest Wi-Fi as a separate VLAN: SSID, DHCP/DNS, firewall internet-only policy, and blocking LAN access.
mikrotikrouteroswifiguest-vlan
2026-03-18
NAT, port forwarding, and hairpin NAT: exposing services with minimal risk
A look at srcnat, dstnat, port forwarding, hairpin NAT, and split DNS on MikroTik with a focus on minimal attack surface.
mikrotikrouterosnatport-forwarding
2026-03-17
Firewall hardening on MikroTik: input, forward, WAN, and management access
A baseline firewall hardening model for MikroTik: input, forward, WAN drop, management access, and rules between VLANs.
mikrotikrouterosfirewallsecurity
2026-03-16
DHCP, DNS, and basic routing for multiple VLANs
The L3 foundation for VLANs in RouterOS 7: gateway addresses, DHCP pools, DNS cache, routes, and interface lists.
mikrotikrouterosdhcpdnsrouting
2026-03-15
Bridge VLAN filtering on MikroTik: trunk, access, PVID, and lockout protection
Configuring bridge VLAN filtering in RouterOS 7: trunk, access, PVID, bridge VLAN table, and lockout protection.
mikrotikrouterosvlanbridge
2026-03-14
Addressing plan and VLAN design: segments, subnets, and access rules
Planning VLAN IDs, subnets, gateways, DHCP, trunk/access ports, and an access matrix before configuring MikroTik.
mikrotikrouterosvlanaddressing
2026-03-13
MikroTik as the core router: roles, responsibility boundaries, and basic network logic
How to use MikroTik as the core router and security boundary between WAN, VLANs, VPN, and internal segments.
mikrotikrouterosroutingfirewall
2026-03-12
Initial RouterOS 7 setup: a safe start without magic
RouterOS 7 baseline setup: access, users, services, updates, time, backup/export, and minimal management protection.
mikrotikrouterossecuritybaseline
2026-03-11
How to choose MikroTik hardware for a proper network: router, switch, Wi-Fi, and room to grow
Practical MikroTik router, switch, and Wi-Fi device selection for VLANs, firewall, WireGuard, and network growth.
mikrotikrouteroshardwarenetwork-design
2026-03-10
What we are building: the target network architecture on MikroTik RouterOS 7
Target architecture for a managed MikroTik RouterOS 7 network with VLANs, a Wi-Fi access layer, firewall, and VPN.
mikrotikrouterosvlannetwork-architecture