TCP/IP protocol suite: Firewall and NAT - stateful packet filtering; Peer-to-Peer protocol filtering; source and destination NAT; classification by source MAC, IP addresses (networks or a list of networks) and address types, port range, IP protocols, protocol options (ICMP type, TCP flags and MSS), interfaces, internal packet and connection marks, ToS (DSCP) byte, content, matching sequence/frequency, packet size, time and more...
Routing - Static routing; Equal cost multi-path routing; Policy based routing (classification done in firewall); RIP v1 / v2, OSPF v2
Data Rate Management - Hierarchical HTB QoS system with bursts; per IP / protocol / subnet / port / firewall mark; PCQ, RED, SFQ, FIFO queue; CIR, MIR, contention ratios, dynamic client rate equalizing (PCQ), bursts, Peer-to-Peer protocol limitation
Point-to-Point tunneling protocols - PPTP, PPPoE and L2TP Access Concentrators and clients; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; MPPE encryption; compression for PPPoE; data rate limitation; differentiated firewall; PPPoE dial on demand
Simple tunnels - IPIP tunnels, EoIP (Ethernet over IP) IPsec - IP security AH and ESP protocols; MODP Diffie-Hellman groups 1,2,5; MD5 and SHA1 hashing algorithms; DES, 3DES, AES-128, AES-192, AES-256 encryption algorithms; Perfect Forwarding Secrecy (PFS) MODP groups 1,2,5
Proxy - FTP and HTTP caching proxy server; HTTPS proxy; transparent DNS and HTTP proxying; SOCKS protocol support; DNS static entries; support for caching on a separate drive; access control lists; caching lists; parent proxy support
DHCP - DHCP server per interface; DHCP relay; DHCP client; multiple DHCP networks; static and dynamic DHCP leases; RADIUS support
VRRP - VRRP protocol for high availability
UPnP - Universal Plug-and-Play support
NTP - Network Time Protocol server and client; synchronization with GPS system Monitoring/Accounting - IP traffic accounting, firewall actions logging, statistics graphs accessible via HTTP
SNMP - read-only access
M3P - MikroTik Packet Packer Protocol for Wireless links and Ethernet
MNDP - MikroTik Neighbor Discovery Protocol; also supports Cisco Discovery Protocol (CDP)
Tools - ping; traceroute; bandwidth test; ping flood; telnet; SSH; packet sniffer; Dynamic DNS update tool
Layer 2 connectivity:
Wireless - IEEE802.11a wireless client ; Wireless Distribution System (WDS) support; 40 and 104 bit WEP; WPA pre-shared key authentication; access control list; authentication with RADIUS server; roaming (for wireless client); AP bridging
Bridge - spanning tree protocol; multiple bridge interfaces; bridge firewalling, MAC NATting
VLAN - IEEE802.1q Virtual LAN support on Ethernet and wireless links; multiple VLANs; VLAN bridging
Synchronous - V.35, V.24, E1/T1, X.21, DS3 (T3) media types; sync-PPP, Cisco HDLC, Frame Relay line protocols; ANSI-617d (ANDI or annex D) and Q933a (CCITT or annex A) Frame Relay LMI types
Asynchronous - serial PPP dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; onboard serial ports; modem pool with up to 128 ports; dial on demand
ISDN - ISDN dial-in / dial-out; PAP, CHAP, MSCHAPv1 and MSCHAPv2 authentication protocols; RADIUS authentication and accounting; 128K bundle support; Cisco HDLC, x75i, x75ui, x75bui line protocols; dial on demand SDSL - Single-line DSL support; line termination and network termination modes
Configuration possibilities RouterOS provides powerful command-line configuration interface. You can also manage the router through WinBox - the easy-to-use remote configuration GUI for Windows -, which provides all the benefits of the command-line interface, without the actual "command-line", which may scare novice users. Web-based configuration is provided for some most popular functionality.
Major features: Clean and consistent user interface Runtime configuration and monitoring Multiple connections User policies Action history, undo/redo actions safe mode operation Scripts can be scheduled for executing at certain times, periodically, or on events. All command-line commands are supported in scripts
Router may be managed through the following interfaces (note that until a valid IP configuration is enteres, telnet and SSH connections are not possible):
Local teminal console - AT, PS/2 or USB keyboard and VGA-compatible video controller card with monitor
Serial console - any (you may choose any one; the first, also known as COM1, is used by default) RS232 asynchronous serial port, which is by default set to 9600bit/s, 8 data bits, 1 stop bit, no parity, hardware (RTS/CTS) flow control
Telnet - telnet server is running on 23 TCP port by default
SSH - SSH (secure shell) server is running on 22 TCP port by default (available only if security package is installed
MAC Telnet - MikroTik MAC Telnet potocol server is by default enabled on all Ethernet-like interfaces
Winbox - Winbox is a RouterOS remote administration GUI for Windows, that uses 8291 TCP port. It may also connect routers by their MAC addresses
