Reboot a MikroTik router with SNMP set (Python Script)
MikroTik Tutorial: How to enable DNS over HTTPS (DoH)
In this MikroTik Tutorial I will show you how to configure DNS over HTTPS on your MikroTik router using either Cloudflare DNS servers or Google DNS servers.
The latest stable version of RouterOS 6.47 adds support for DNS over HTTPS or DoH. DoH is a protocol for performing remote DNS over HTTPS protocol. It is similar to DoT (DNS over TLS) but not exactly the same.
DNS Queries over HTTPS (DoH) is an accept IETF standard RFC8484.
MikroTik Tutorial: How to recover RouterOS passwords from a backup file
MikroTik Tutorial: show mac address table
Here are the commands to show the mac address table on a MikroTik Router. In addition to using the command line to show the mac address table, this tutorial I will also show you how to search for a specific MAC address and filter the table to show mac addresses learned through a specific port. There are actually several commands that you should know, depending on how your router is configured.
The Perfect MikroTik Config Restore Script
Restoring config files on MikroTik routers have always been a pain. I set out to make the perfect config restore script for MikroTik routers.
Have your every tried to paste configuration commands into a MikroTik router? Yeah, it doesn’t work. As soon as the script adds an interface to a bridge or changes an IP you get disconnected and the rest of the script lines fail to restore.
Using the ‘run after reset‘ method is really the best way to restore a MikroTik router’s configuration but it has its own little caveats like editing the script first and adding a :delay 15s;
line at the top.
After reboot, there is no clear indication if the import was successful or failed. While troubleshooting an error riddled backup I had the idea of introducing an audible beep before and after the import process. This lead me to develop this script.
Mikrotik Tutorial: How to configure persistent logging
MikroTik Script: Router Rebooted Script
How to convert 48V PoE to 24V PoE
MikroTik Tutorial: Firewall ruleset for IPsec whitelisting
This article will show you how to setup a firewall whitelist for IPsec peer associations on a MikorTik router. The firewall ruleset will make use of address-lists to allow UDP 500 traffic only from trusted networks.
The address list for trusted networks will be called ipsec-trusted-nets
and all other hosts that attempt IPsec traffic will be added to the list ipsec-uninvited
.
Custom Device Labels in “The Dude” nms
The Dude is a powerful network monitoring server from MikroTik. The majority of people I see only use it to monitor their MikroTik routers and wireless devices. In this article I will introduce you to a variety of ways I use The Dude to query SNMP values from many different types of devices.
Out of the box, The Dude will sometimes (if SNMP credentials are correct) display CPU load, memory and disk usage for monitored devices. This data is presented in the device’s label. The following screenshot illustrates how to edit the label.
MikroTik Script: Authentication Logging w/ Email Reports
In this article I will show you how to configure a separate log file on a MikroTik router that will only contain authentication log entries. The log file will contain log entries for winbox, webfig, ssh, telnet, ftp as well as VPN user authentications. Additionally, we will configure a scheduled script to email this log file to ourselves daily.
How to configure a MikroTik IKEv2 VPN (RouterOS v6) & connect iOS devices (iPhone/iPad)
MikroTik Router as a SCADA Serial Server
A large number of MikroTik Router models have a serial port that can be used to configure the device. The serial port can also be configured as an IP-based serial server. This is article I will show you how to configure a MikroTik Router to all TCP connects that get mapped to a serial connected SCADA device.
Historically, a dedicated hardware serial server such as the Lantronix EDS2100 would be deployed to connect a SCADA control to the network. At most of these sites, we already have a MikroTik router in the enclosure that provides backhaul IP networking and traffic encryption. By utilizing the existing MikroTik Router as a serial server we can eliminate the dedicated serial server. One caveat to the approach is that the Router only has one serial port so if the SCADA control device requires multiple serial ports we still install a dedicated serial server.
MikroTik RouterOS Automation with NAPALM
In this tutorial, we will explore using the NAPALM python module to query data from a MikroTik Router.
Before we begin, you are expected to have python3 and pip installed as well as access to a MikroTik router running RouterOS. NAPALM will attempt to connect to the router on the default API port of 8728. You will need to enable the API service which is found in IP | Services
using winbox