Move multiple VLANs between two interfaces – Mikrotik

Move VLANs with foreach

Move all the VLANs under ether7 to ether6. Instead of an “=” sign, you can use a “~” to do a partial match.

foreach i in=[/interface vlan find where interface="ether7"] do={interface vlan set interface=ether6-master-local  $i } 

Move IP address to new port programmatically

Move ip address from ether6 to ether7. Change 192.168.88.1/24 to the address and the find command will find it regardless of the port and assign it to ether6 or whichever port is specified.

ip address set interface=ether6-master-local [find address="192.168.88.1/24"]

Using Delay

You can add a delay before a command runs by specifying delay and then the time to wait.

delay 60 

Use the ; to separate commands. Example below, wait 5 seconds then print the ip addresses.

delay 5 ; ip address print

Putting it all together

The following command/s will wait 60 seconds then move all the VLANs on ether7 to ether6 and then move the 192.168.88.1/24 address to ether6.

delay 60 ; foreach i in=[/interface vlan find where interface="ether7"] do={interface vlan set interface=ether6-master-local  $i } ; ip address set interface=ether6-master-local [find address="192.168.88.1/24"]

Mikrotik – bridge port received packet with own address as source address (), probably loop

Sometime the following warning can show up in the log.

10:48:45 interface,warning ether2: bridge port received packet with own address as source address (74:4d:28:69:89:9d), probably loop

Check and verify that your interface MAC addresses are unique. VLANs look to be the exception as they should share the MAC address of the interface the VLAN is on.

More information in this thread.
https://forum.mikrotik.com/viewtopic.php?p=583064#p703228

LibreNMS – Setting up Alerts to monitor Voltage on Mikrotik Routers

Create Alert Rule

Go to “Alerts -> Alert Rules” Then “Create rule from Collection”

Search for “Sensor under limit” and Select

Setup Sensor under limit

Configure Alert Rule

Add another rule to limit to just the Voltage Sensors by using the “sensors.sensor_class = Voltage”

Select your Groups and Transports and Save.

Modify Alert Rule

Disable Alerts for Unused Ports

You may get some alerts because there are some ports that do not have any any voltage on them. You can disable them on a per device basis by going to the “device -> Edit -> Health” and turning alerts off

Turn off voltage alerts on port that has no PoE

Mikrotik RouterOS – VLAN notes

https://wiki.mikrotik.com/wiki/Manual:Interface/VLAN

VLAN successfully passes through regular Ethernet bridges

https://wiki.mikrotik.com/wiki/Manual:Basic_VLAN_switching

https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration

DHCP offering lease without success issue with Mikrotik on the far side of Ubiquiti device.

DHCP error offering lease

Make sure that radio does not have the VLAN configured on just the WAN interface. Easiest way would be to put it in bridge mode and use the management VLAN.

Mikrotik RouterOS – “drop all from WAN not DSTNATed”

The default DSTNATed firewall rule keeps traffic from the WAN accessing LAN side IP addresses.

More info here

Printing the rules on a router with the default config should show the following.

;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-nat-state=!dstnat in-interface=ether1

If you are wanting to add the rule to a router, you can copy and past the following command. Replace in-interface=ether with your in interface.

/ip firewall add action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat in-interface=ether1

Mikrotik hAP – Change SSID via command line

Problem – Need 2.4 Ghz network enabled and SSID set to WiFi. Wireless router is behind a NAT, using UNMS to ssh into the radio, and from the radio ssh into hAP. Enter/Return key not working to run commands, so running the commands over ssh from the radio.

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless print'
admin@192.168.88.2's password: 
Flags: X - disabled, R - running 
 0    name="wlan1" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B3 
      arp=enabled interface-type=Atheros AR9300 mode=station ssid="MikroTik" 
      frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

 1  R name="wlan2" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B2 
      arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="WiFi" 
      frequency=5180 band=5ghz-n/ac channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless set disabled=no ssid=WiFi wlan1'
admin@192.168.88.2's password: 
WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless print'
admin@192.168.88.2's password: 
Flags: X - disabled, R - running 
 0    name="wlan1" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B3 
      arp=enabled interface-type=Atheros AR9300 mode=station ssid="WiFi" 
      frequency=2412 band=2ghz-b/g channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

 1  R name="wlan2" mtu=1500 l2mtu=1600 mac-address=74:4D:28:0F:69:B2 
      arp=enabled interface-type=Atheros AR9888 mode=ap-bridge ssid="WiFi" 
      frequency=5180 band=5ghz-n/ac channel-width=20mhz secondary-channel="" 
      scan-list=default wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no 
      bridge-mode=enabled default-authentication=yes default-forwarding=yes 
      default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no 
      security-profile=default compression=no 

WA.v8.4.2# ssh admin@192.168.88.2  'interface wireless registration-table print'
admin@192.168.88.2's password: 
 # INTERFACE           RADIO-NAME       MAC-ADDRESS       AP  SIGNAL... TX-RATE
 0 wlan2                                A7:32:54:EE:E4:35 no  -77dBm... 18Mbps 
 1 wlan2                                34:7A:F4:43:AD:81 no  -69dBm... 6Mbps  

WA.v8.4.2# exit

Mikrotik Safe Mode

Safe Mode is a configuration fail safe for Mikrotik routers. If enabled and you make a change that disconnects your session to the router, whatever changes were made will be rolled back, which should let you get back in the router.

If your in WinBox you can hit the Safe Mode button at the top left

If your in a telnet or ssh session just hit

ctrl + x

You should see the following to let you know that safe mode is active

[Safe Mode taken]

Hit ctrl + x again to release Safe Mode

Mikrotik RouterOS view and set Simple Queue speeds

list all simple queues

queue simple print 

Print queue that matches part of name

queue simple print where name~"John"

Example results

Flags: X - disabled, I - invalid, D - dynamic 
0 name="John Smith" target=192.168.1.3/32 parent=none packet-marks="" priority=8/8 queue=sfq-up/sfq-down limit-at=0/0
max-limit=1M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 total-queue=default

Change max speed on queue for client name. The Upload is specified first.

queue simple set max-limit=10M/100M "John Smith"