Category: Networking

The Perfect MikroTik Config Restore Script

The Perfect MikroTik Config Restore Script

Restoring config files on MikroTik routers have always been a pain. I set out to make the perfect config restore script for MikroTik routers.

Have your every tried to paste configuration commands into a MikroTik router? Yeah, it doesn’t work. As soon as the script adds an interface to a bridge or changes an IP you get disconnected and the rest of the script lines fail to restore.

Using the ‘run after reset‘ method is really the best way to restore a MikroTik router’s configuration but it has it’s own little caveats like editing the script first and adding a :delay 15s; line at the top.

After reboot, there is no clear indication if the import was successful or failed. While troubleshooting an error riddled backup I had the idea of introducing an audible beep before and after the import process. This lead me to develop this script.

Read More Read More

MikroTik Script: Router Rebooted Script

MikroTik Script: Router Rebooted Script

This is a useful little RouterOS script that will email you a nice report when your router reboots. The emailed report contains recent critical log events that may point you to the cause for the reboot. ie “router was rebooted without proper shutdown” or “out of memory condition was detected”.

Read More Read More

How to convert 48V PoE to 24V PoE

How to convert 48V PoE to 24V PoE

48V PoE (Power over Ethernet) is also know as 802.3af and 802.3at (PoE+) is the most common voltage. Some devices from manufacturers like Ubiquiti require 24V PoE.  In this article I will highlight some of the inexpensive devices that you can use to convert 48V PoE to 24V PoE as well as

Read More Read More

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

MikroTik Tutorial: Firewall ruleset for IPsec whitelisting

This article will show you how to setup a firewall whitelist for IPsec peer associations on a MikorTik router. The firewall ruleset will make use of address-lists to allow UDP 500 traffic only from trusted networks.

The address list for trusted networks will be called ipsec-trusted-nets and all other hosts that attempt IPsec traffic will be added to the list ipsec-uninvited.

Read More Read More

Custom Device Labels in “The Dude” nms

Custom Device Labels in “The Dude” nms

The Dude is a powerful network monitoring server from MikroTik. The majority of people I see only use it to monitor their MikroTik routers and wireless devices. In this article I will introduce you to a variety of ways I use The Dude to query SNMP values from many different types of devices.

Out of the box, The Dude will sometimes (if SNMP credentials are correct) display CPU load, memory and disk usage for monitored devices. This data is presented in the device’s label. The following screenshot illustrates how to edit the label.

Read More Read More

MikroTik Script: Authentication Logging w/ Email Reports

MikroTik Script: Authentication Logging w/ Email Reports

In this article I will show you how to configure a separate log file on a MikroTik router that will only contain authentication log entries.  The log file will contain log entries for winbox, webfig, ssh, telnet, ftp as well as VPN user authentications.  Additionally,  we will configure a scheduled script to email this log file to ourselves daily.

Read More Read More

MikroTik Router as a SCADA Serial Server

MikroTik Router as a SCADA Serial Server

A large number of MikroTik Router models have a serial port that can be used to configure the device. The serial port can also be configured as an IP-based serial server. This is article I will show you how to configure a MikroTik Router to all TCP connects that get mapped to a serial connected SCADA device.

Historically, a dedicated hardware serial server such as the Lantronix EDS2100 would be deployed to connect a SCADA control to the network. At most of these sites, we already have a MikroTik router in the enclosure that provides backhaul IP networking and traffic encryption. By utilizing the existing MikroTik Router as a serial server we can eliminate the dedicated serial server. One caveat to the approach is that the Router only has one serial port so if the SCADA control device requires multiple serial ports we still install a dedicated serial server.

Read More Read More

MikroTik RouterOS Automation with NAPALM

MikroTik RouterOS Automation with NAPALM

In this tutorial, we will explore using the NAPALM python module to query data from a MikroTik Router.

Before we begin, you are expected to have python3 and pip installed as well as access to a MikroTik router running RouterOS. NAPALM will attempt to connect to the router on the default API port of 8728. You will need to enable the API service which is found in IP | Services using winbox

Read More Read More