I have one of the smallest WiFi routers I’ve seen before. Routers or AP points (Access Point)
Let’s see what Mikrotik mAP Lite looks like and what the producer gives you. UnBoxing, connection and configuration. Realization time is fun:
Unboxing and connection:
Box with MikroTik mAP Lite. Simple and small, cardboard, brown packaging – just like the device itself. In my opinion, modest but above all ecological, for me personally an advantage.
After removing the gift from the package. We will find next to the mAP itself, which, interestingly, has a magnet that will allow you to attach the baby to something metallic:
- micro USB power supply,
- micro and very basic instruction manual. Also, it’s best to start the Internet for help immediately…
- a metal plate and a piece of rubber with glue – which will help stick the device to a magnet in a place where we do not have a metal base for mounting on a magnet (wall, door, table top, etc.) – how simple and practical 🙂
That’s what it looks in a hand, not a big device, with two ports. One is Ethernet, i.e. it is larger, where we plug in a network cable, eg Internet, computer, router, etc. The second is a microUSB power supply (5V voltage), this port is used only to connect power. Cool because you can power it in a very universal way. For example, from a computer to USB or from Powerbank.
Description of connectors and LEDs:
View from the bottom of mini router Mikrotik-a mAP Lite, where you can see the described ports and button.
At the top you can see the LEDs (glued with a protective foil), which represent the working state:
- PWR LED – power (microUSB port, 5V power supply)
- AP / CAP – designating the device’s operating mode
- ETH it’s a RJ45 Ethernet port. When we connect an active device, for example, we connect a router from our operator, modem, or computer via UTP cable.
- Last from the right, is WiFi activity LED – after connecting and using a wireless connection, eg with a laptop or a smart phone
Micro Router or MikroTik mAP Lite – Configuration:
OK, we’re starting to connect the device to the power supply. MikroTik mAP Lite immediately after unbox, it starts a few seconds, after launch it introduces itself after WiFi. In the vicinity of wireless networks, it is visible as MikroTikXXXXX and here instead of X, there are the last 6 characters that are on the nameplate. w0 position which also means the MAC address of the wireless network card. So we connect to an unsecured WiFi network to configure the router.
On the device, you can log in several ways, the manufacturer offers connection through a special program which is called Winbox. Through a web browser and through a console ssh or telnet command mode. I will use the before downloaded Winbox version 3.12.
After being launched in the Neighbors tab, the program searches for all Mikrotik-s within our network. In this case, this one piece. We can log in to the device by clicking the cursor either in the MAC address or in the IP address of the device. I will immediately say that if we log in via MAC address, then we can change the IP address of the network and / or device without losing the connection. However, if you log in via IP, then the connection is more reliable, but changing the IP settings involves disconnection.
Sign in to mini router:
By default, the device has the default IP address 192.168.88.1 and we connect by entering as the login: admin and as the password: leave blank, and click Connect.
After connecting, the Mikrotik interface is shown to us and a window appears with information on the default configuration of the device. As you can see, the device is configured so that we connect the Internet signal to the Ethernet port. This is our WAN port. It also has a firewall or security from the side of the Internet and pushes it towards the world.
The device’s WiFi card is configured by default as an isolated LAN internal network, it is set in the 2.4Ghz bgn standard and with a channel width of 20/40 mHz depending on the device connected to mAP.
On the internal LAN network side, IP addressing is set to 192.168.88.1 and the DHCP server is enabled so that our computer immediately received an IP address and we could connect to the network without logging in and log in to our micro router (mAP).
From the cable connection on RJ45 Ethernet port or router automatically waits for get an IP address. It has NAT running, and security, and Firewall.
After entering the left side we have a main menu to configure the device, after clicking on Interfaces, we open a window and in it both our main interfaces, ether1 (simply means a cable) and wlan1 (that is our WiFi settings).
Secure WiFi
The first thing I threw in the eye is the lack of security for your wireless network. I am perverted at this point and I want to change it now. I will not do this in this window, but here I can change the network name in the SSID field. I close and click the Wireless option on the left side of the Main Menu:
In the Wireless window, click on the Security Profile tab. There, after clicking the default (in the list), the window for configuring security opens. To secure in the most common way, that is through the password and encryption method of WPA / WPA2. We choose Mode: dynamic keys, then select the encryption method WPA PSK (older standard) and WPA2 PSK. In addition, tick both options aes ccm and both options tkip. Now we are crowned with our super secret password for WiFi networks. That is, we complete the WPA Pre-Shared Key and WPA2 Pre-Shared Key fields.
Remember that a minimum of 8 characters are best mixed up with signs and numbers. Now we click on OK and it should disconnect us from the WiFi network (the changes take effect immediately). Now we connect to the WiFi network after the new one, with our new password.
Mikrotik mAP Lite – Firewall
Let’s also analyze roughly the Firewall settings on mini router mAP Lite. To enter the settings, click on the left in the main Menu on the IP, and then on the Firewall:
In the first Filter Rules tab we have the rules of our firewall:
The rule marked as 1. accepts and maintains already established connections to our Miktorik. It is important because during firewall changes you can sometimes get confused and “cut” yourself. Therefore, there may be no possibility of correcting the error, without restarting the device to the factory settings. We’d better leave it alone.
Rule 2. Prohibits entering the device with incorrect means to connect to the router.
Rule 3. Allows incoming ICMP control packets from the LAN.
Rule 4. It prohibits any connections to our router from the WAN port, that is from the cable side we do not log on to our router. If we change it, that is, we will set exceptions or completely disable this rule.
Rule 5 and 6 allow special types of packets to enter our network and our internal network. The so-called. ipsec packets.
Rule 7 Indicates quick connections of a certain type, such as TCP and UDP.
Rule 8 Thanks to it, data is sent from our internal network to the outside and vice versa. And the Internet works
Rule 9. Cut off all suspicious and incorrect connections that want to get to our network and our network.
Rule 10 last. Thanks to it, all of the above security features of our internal LAN make sense. She says that anything that is not allowed above, it is forbidden.
Summary
Mikrotik Routerboard mAP Lite with code and exact name RBmAPL-2nD. It’s really very miniature equipment, with a lot of possibilities. Mainly because it is a miniature device, equipped with only one port for connecting with an Ethernet cable and WiFi. He can do wonders with his software on board. The system loaded in it is RouterOS configurable in any way possible. Configuration may not be as simple and intuitive as the case of traditional and more popular routers from other manufacturers. However, if we only need basic settings. It’s basically to provide a WiFi connection, just plug in mAP Lite for power and the Internet through a network cable. Then connect to this toddler after WiFi and that’s it – it works right away. The only thing that suggests this is to log in anyway, and to configure especially the WiFi network security.
The rest of the capabilities of this equipment are limited by software that is really not so limited! Quite very configurable and gives us a lot of possibilities for a small price. Especially professionals from the IT industry will find everything that can be dreamed in such equipment.
I personally recommend this price to both, not professionals and professionals. They say what is to everything, is not good for anything, but this is an exception 🙂 The company provides very good documentation and support for the products Mikrotik. Worse, if someone does not speak English very well because the configuration is in English only. For this is also a technical language …
