Web интерфейс роутера микротик

Webfig

WebFig is a web-based RouterOS utility that allows you to monitor, configure and troubleshoot the router. It is designed as an alternative of WinBox, both have similar layouts and both have access to almost any feature of RouterOS.

As Webfig is platform-independent, it can be used to configure a router directly from various devices without the need for software developed for specific platforms. In other words, there is no need to install additional software.

WebFig allows performing three basic actions:

  • Configuration — view and edit current configuration;
  • Monitoring — display the current status of the router, routing information, interface stats, logs, etc;
  • Troubleshooting — RouterOS has built-in many troubleshooting tools (like ping, traceroute, packet sniffers, traffic generators, etc) and all of them can be used with WebFig

Connecting to a Router

As we already know from the First Time Configuration section, the device by default has username admin and no password configured. Simply open a Web browser and in the search bar type device IP address which by default is 192.168.88.1. Be sure your device has IP address from the same network, for example, 192.168.88.2 otherwise Layer3 communication will not work.

In our example, we will use IP address 10.155.126.250 to connect to the device via WebFig.

Enable HTTPS

For HTTPS to work properly, you need to specify a valid certificate that Webfig can use. You can use a certificate that is issued by a trusted Certificate Authority (CA) or you can create your own root CA and generate self-signed certificates.

Webfig supports wildcard certificates. You can generate such a certificate by specifying a wildcard in the common-name property, for example, common-name=*.mikrotik.com.

To generate your own certificates and enable HTTPS access, you must configure the following:

Create your own root CA on your router and sign it

In case you already have set up your own CA or you are using a service that signs certificates for you, then you create and sign the certificate remotely and import the certificate on the router later. In case you are importing a certificate, then make sure you mark the certificate as trusted.

Create a new certificate for Webfig (non-root certificate)

Enable www-ssl and specify to use the newly created certificate for Webfig

You can now visit https://192.168.88.1 and securely configure your router.

By default browsers will not trust self-signed certificates, you will need to add the certificate as trusted on the first time you visit the page in your browser. Another approach is to export the root CA certificate and import it as a trusted root certificate on your computer, this way all certificates signed by this router will be considered as valid and will make it easier to manage certificates in your network.

Most Internet browsers have their own certificate trust chain and work independently from the operating system’s certificate trust chain, this means that you may have to add your own root CA’s certificate as a trusted certificate in your browser settings since trusting the certificate in your operating system’s settings might not have any effect when using your Internet browser.

Skins

WebFig Design Skin is a handy tool to make the interface more user friendly. It is not a security tool. If the user has sufficient rights it is possible to access hidden features by other means.

Designing skins

If the user has sufficient permissions (the group has the policy to edit permissions) Design Skin button becomes available. Pressing that toggle button will open interface editing options. Possible operations are:

  • Hide menu — this will hide all items from the menu and its submenus;
  • Hide submenu — only certain submenu will be hidden;
  • Hide tabs — if submenu details have several tabs, it is possible to hide them this way;
  • Rename menus and items — make certain features more obvious or translate them into your language;
  • Add a note to the item (in detail view) — to add comments on the field;
  • Make item read-only (in detail view) — for user safety very sensitive fields can be made read only;
  • Hide flags (in detail view) — while it is only possible to hide a flag in detail view, this flag will not be visible in list view and in detailed view;
  • Add limits for the field — (in detail view) where it is the list of times that are comma or newline separated list of allowed values:
    • number interval ‘..’ example: 1..10 will allow values from 1 to 10 for fields with numbers, for example, MTU size.
    • field prefix (Text fields, MAC address, set fields, combo-boxes). If it is required to limit prefix length $ should be added to the end. For example, limiting the wireless interface to «station» only, «Add limit» will contain «station$»
READ  Write own exception java

  • Add Tab — will add a grey ribbon with an editable label that will separate the fields. Ribbon will be added before the field it is added to;
  • Add Separator — will add a low height horizontal separator before the field it is added to.

Note: Number interval cannot be set to extend limitations set by RouterOS for that field

Note: Set fields are arguments that consist of a set of check-boxes, for example, setting up policies for user groups, RADIUS «Service»

Note: Limitations set for combo-boxes will values selectable from the dropdown

Skin design examples

If you need to limit the user for some services

Add a limit to the RADIUS Service.

The result will be only those services, that are pointed in the «Limit» field.

Using skins

To use skins you have to assign skin to the group. When that is done users of that group will automatically use the selected skin as their default when logging into WebFig or Winbox.

If it is required to use created skin on another router you can copy files to the skins folder on the other router. On the new router, it is required to add copied skin to the user group to use it.

Источник

First Time Configuration

There are two types of routers:

  • With default configuration
  • Without default configuration. When no specific configuration is found, IP address 192.168.88.1/24 is set on ether1 or combo1, or sfp1.

More information about the current default configuration can be found in the Quick Guide document that came with your device. The quick guide document will include information about which ports should be used to connect for the first time and how to plug in your devices.

This document describes how to set up the device from the ground up, so we will ask you to clear away all defaults.

When connecting the first time to the router with the default username admin and no password ( for some models, check user password on the sticker) , you will be asked to reset or keep the default configuration (even if the default config has only an IP address). Since this article assumes that there is no configuration on the router you should remove it by pressing «r» on the keyboard when prompted or click on the «Remove configuration» button in WinBox.

Router without Default Configuration

If there is no default configuration on the router you have several options, but here we will use one method that suits our needs.

Connect Routers ether1 port to the WAN cable and connect your PC to ether2. Now open WinBox and look for your router in neighbor discovery. See detailed example in Winbox article.

If you see the router in the list, click on MAC address and click Connect.

The simplest way to make sure you have absolutely clean router is to run

Источник

Manual:Webfig

Contents

Summary

WebFig is a web based RouterOS utility which allows you to monitor, configure and troubleshoot the router. It is designed as an alternative of WinBox, both have similar layouts and both have access to almost any feature of RouterOS.

WebFig is accessible directly from the router which means that there is no need to install additional software (except web browser with JavaScript support, of course).

As Webfig is platform independent, it can be used to configure router directly from various mobile devices without need of a software developed for specific platform.

Some of the tasks that you can perform with WebFig:

  • Configuration — view and edit current configuration;
  • Monitoring — display the current status of the router, routing information, interface stats, logs and many more;
  • Troubleshooting — RouterOS has built in many troubleshooting tools (like ping, traceroute, packet sniffers, traffic generators and many other) and all of them can be used with WebFig.

Connecting to Router

WebFig can be launched from the routers home page which is accessible by entering routers IP address in the browser. When home page is successfully loaded, choose webfig from the list of available icons as illustrated in screenshot.

After clicking on webfig icon, login prompt will ask you to enter username and password. Enter login information and click connect.

Now you should be able to see webfig in action.

IPv6 Connectivity

RouterOS http service now listens on ipv6 address, too. To connect to IPv6, in your browser enter ipv6 address in square brackets, for example [2001:db8:1::4]. If it is required to connect to link local address, don’t forget to specify interface name or interface id on windows, for example [fe80::9f94:9396%ether1].

Enabling HTTPS

For HTTPS to work properly, you need to specify a valid certificate that Webfig can use. You can use a certificate that is issued by a trusted Certificate Authority (CA) or you can create your own root CA and generate self-signed certificates.

READ  Pkg check modules syntax error near unexpected

Note: Webfig supports wildcard certificates. You can generate such a certificate by specifying a wildcard in the common-name property, for example common-name=*.mikrotik.com

To generate your own certificates and enable HTTPS access, you must first login to the router by using Webfig (HTTP version or you can use Winbox, SSH or Telnet), open a new terminal and input the following commands:

  • Create your own root CA on your router
  • Sign the newly created CA certificate

Note: In case you already have set up your own CA or you are using a service that signs certificates for you, then you create and sign the certificate remotely and import the certificate on the router later. In case you are importing a certificate, then make sure you mark the certificate as trusted.

  • Create a new certificate for Webfig (non-root certificate)

Note: Most browsers will throw out an invalid certificate error if the common name for the certificate does not match the address you are visiting, for this reason you can specify the router’s IP address as the common name since you will be using the IP address to open up Webfig. If you have a valid DNS name for your device’s IP address, then you can use it as the common name.

  • Sign the newly created certificate for Webfig

Note: It is not required to set the certificate as trusted if you created your own root CA on the same router since by default RouterOS will trust its own generated root CA and therefore will trust all certificates signed by it, including the newly created certificate for Webfig.

  • Enable www-ssl and specify to use the newly created certificate for Webfig

You can now visit https://192.168.88.1 and securely configure your router.

Note: By default browsers will not trust self-signed certificates, you will need to add the certificate as trusted on the first time you visit the page in your browser. Another approach is to export the root CA certificate and import it as a trusted root certificate on your computer, this way all certificates signed by this router will be considered as valid and will make it easier to manage certificates in your network.

Note: Most Internet browsers have their own certificate trust chain and works independently from the operating system’s certificate trust chain, this means that you may have to add your own root CA’s certificate as a trusted certificate in your browser settings since trusting the certificate in your operating system’s settings might not have any effect when using your Internet browser.

Interface Overview

WebFig interface is designed to be very intuitive especially for WinBox users. It has very similar layout: menu bar on the left side, undo/redo at the top and work are at the rest of available space.

When connected to router, browsers title bar (tab name on Chrome) displays currently opened menu, user name used to authenticate, ip address, system identity, ROS version and RouterBOARD model in following format:

Menu bar has almost the same design as WinBox menu bar. Little arrow on the right side of the menu item indicates that this menu has several sub-menus.

When clicking on such menu item, sub-menus will be listed and the arrow will be pointing down, indicating that sub-menus are listed.

At the top you can see three common buttons Undo/Redo buttons similar to winbox and one additional button Log Out. In the top right corner, you can see WebFig logo and RouterBOARDS model name.

Work area has tab design, where you can switch between several configuration tabs, for example in screenshot there are listed all tabs available in Bridge menu (Bridge, Ports, Filters, NAT, Rules).

Below the tabs are listed buttons for all menu specific commands, for example Add New and Settings.

The last part is table of all menu items. First column of an item has item specific command buttons:

  • — enable current item
  • — disable current item
  • — remove current item

Item configuration

When clicking on one of the listed items, webfig will open new page showing all configurable parameters, item specific commands and status.

At the top you can see item type and item name. In example screenshot you can see that item is an interface with name bypass

There are also item specific command buttons (Ok, Cancel, Apply, Remove and Torch). These can vary between different items. For example Torch is available only for interfaces.

Common Item buttons:

  • Ok — apply changes to parameters and exit;
  • Cancel — exit and do not apply changes;
  • Apply — apply changes and stay on current page;
  • Remove — remove current item.

Status bar similar to winbox shows current status of item specific flags (e.g running flag). Grey-ed out flag means that it is not active. In example screenshot you can see that running is in solid black and slave is grey-ed, which means that interface is running and is not a slave interface.

READ  The following fatal error was generated 40

List of properties is divided in several sections, for example «General», «STP», «Status», «Traffic». In winbox these sections are located in separate tabs, but webfig lists them all in one page specifying section name. In screenshotyou can see «General» section. Grey-edout properties mean that they are read-only and configuration is not possible.

Work with Files

Webfig allows to upload files directly to the router, without using FTP services. To upload files, open Files menu, click on Choose File button, pick file and wait until file is uploaded.

Files also can be easily downloaded from the router, by clicking Download button at the right side of the file entry.

Traffic Monitoring

Skins

Webfig skins is handy tool to make interface more user friendly. It is not a security tool. If user has sufficient rights it is possible to access hidden features by other means.

Designing skins

If user has sufficient permissions (group has policy edit permissions) Design Skin button becomes available. Pressing that toggle button will open interface editing options. Possible operations are:

  • Hide menu — this will hide all items from menu and its submenus;
  • Hide submenu — only certain submenu will be hidden
  • Hide tabs — if submenu details have several tabs, it is possible to hide them this way;
  • Rename menus, items — make some certain features more obvious or translate them into your launguage;
  • Add note to to item (in detail view) — to add comments on filed;
  • Make item read-only (in detail view) — for user safety very sensitive fields can be made read only
  • Hide flags (in detail view) — while it is only possible to hide flag in detail view, this flag will not be visible in list view and in detailed view;
  • Add limits for field — (in detail view) where it is list of times that are comma or newline separated list of allowed values:
    • number interval ‘..’ example: 1..10 will allow values from 1 to 10 for fiels with numbers, example, MTU size.
    • field prefix (Text fields, MAC address, set fields, combo-boxes). If it is required to limit prefix length $ should be added to the end, for example, limiting wireless interface to «station» only will contain
  • Add Tab — will add grey ribbon with editable label that will separate the fields. Ribbon will be added before field it is added to;
  • Add Separator — will add low height horizontal separator before the field it is added to.

Note: Number interval cannot be set to extend limitations set by RouterOS for that field

Note: Set fields are argument that consist of set of check-boxes, for example, setting up policies for user groups, RADIUS «Service»

Note: Limitations set for combo-boxes will values selectable from dropdown

Configure wireless interface

Status page

Note: Starting RouterOS 5.7 webfig interface adds capability for users to create status page where fields from anywhere can be added and arranged.

Satus page can be created by users (with sufficient permissions) and fields on the page can be reordered.

When status page is created it is default page that opens when logging in the router through webfig interface.

Addition of fields

To add field to status page user has to enter «Design skin» mode and from drop-down menu at the field choose option — «Add to status page»

As the result of this action desired field in read-only mode will be added to status page. If at the time Status page is not present at the time, it will be created for the user automatically.

Two columns

Fields in Status page can be arranged in two columns. Columns are filled from top to bottom.

When you have only one column then first item intended for second should be dragged to the top of the first item when black line appear on top of the first item, then drag mouse to the left until shorter black line is displayed as showed in screenshot. Releasing mouse button will create second column. Rest of the fields afterwards can be dragged and dropped same way as with one column design.

Skin design examples

Set field

Setting limits for set field And the result:

Using skins

To use skins you have to assign skin to group, when that is done users of that group will automatically use selected skin as their default when logging into Webfig.

Note: Webfig is only configuration interface that can use skins

If it is required to use created skin on other router you can copy files to skins folder on the other router. On new router it is required to add copied skin to user group to use it.

Источник

Smartadm.ru