SNMPv3 snmpwalk Mikrotik

Posted on July 16, 2019 by admin

Change AuthPass and CryptoPass to their respective passwords.
If needed, change MD5 to SHA1 and DES to AES.

 snmpwalk -v3 -a MD5 -A AuthPass -x DES -X CryptoPass -l authPriv -u privUser localhost

RouterOS upgrade firmware and version over SSH

Posted on June 27, 2019 by admin

Connect to Router over SSH

ssh admin@192.168.88.1

Check and install latest version of RouterOS. Will reboot the router. Need to hit Y to confirm upgrade.

system package update install

Upgrade routerboard firmware. Need to hit Y to confirm.

system routerboard upgrade
system reboot

Mikrotik Safe Mode

Posted on May 4, 2019 by admin

Safe Mode is a configuration fail safe for Mikrotik routers. If enabled and you make a change that disconnects your session to the router, whatever changes were made will be rolled back, which should let you get back in the router.

If your in WinBox you can hit the Safe Mode button at the top left

If your in a telnet or ssh session just hit

ctrl + x

You should see the following to let you know that safe mode is active

[Safe Mode taken]

Hit ctrl + x again to release Safe Mode

Mikrotik RouterOS view and set Simple Queue speeds

Posted on April 23, 2019 by admin

list all simple queues

queue simple print

Print queue that matches part of name

queue simple print where name~"John"

Example results

Flags: X - disabled, I - invalid, D - dynamic 
  0    name="John Smith" target=192.168.1.3/32 parent=none packet-marks="" priority=8/8 queue=sfq-up/sfq-down limit-at=0/0 
       max-limit=1M/10M burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s bucket-size=0.1/0.1 total-queue=default

Change max speed on queue for client name. The Upload is specified first.

queue simple set max-limit=10M/100M "John Smith"

Define ssh port for Oxidized group

Posted on February 22, 2019 by admin

Open your Oxidized config

vi .config/oxidized/config

Now edit your groups to include the following, part in bold is what specifies the SSH port. Note it needs to have the vars: line above it.

groups:
   routeros:
     username: admin
     password: password
     vars:
       ssh_port: 2222

Save and quit with esc+:wq and run Oxidized

Setup SNMP v3 on Mikrotik Router

Posted on December 21, 2018 by admin

Setting up SNMP via WinBox is straight forward, the following commands are how to set it up from the command line with some troubleshooting info at the end.

Setup SNMPv3

Setup Community (Change v3Private,encpass, and authpass to their respective names or passwords)

snmp community add name=v3Private encryption-protocol=DES encryption-password=encpass authentication-password=authpass security=private

Enable and set SNMP community (Trap Community needs to match the above command. Change contact and the location as needed.)

snmp set contact=admin@incredigeek.com location=DeviceLocation trap-community=V3Private

Troubleshooting

Sometimes, for no apparent reason it seems, routerOS will have issues using the default community. Work around is to create and use a new community.

Cannot connect with AES encryption

AES doesn’t always seem to work reliably. Seems to work on some and not other. Work around is to use DES.

Log shows Permission Denied

Double check the allowed from addresses, user, and passwords

Mikrotik RouterOS – set multiple allowed addresses for ip services

Posted on August 8, 2018 by admin

The following command allows Winbox from the 192.168.0.0/16, and 10.0.10.0/24 network ranges. You can change winbox to ssh or any of the other services in ip services.

ip service set address="192.168.0.0/16, 10.0.10.0/24" winbox

Add multiple IP bindings to Mikrotik Hotspot – Bash Script

Posted on June 12, 2018 by admin

Copy and paste the following into a file named mtbypass.sh and then “chmod +x mtbypass.sh” Or download from this direct link. Be sure to change the username and password

#!bin/bash
filelist="bypasslist.txt"
username="admin"
password="password!"
ip="$1"

for i in `cat ${filelist}`
do
address=`echo $i | cut -d= -f1`
mac=`echo $i | cut -d= -f2`
sshpass -p ${password} ssh ${username}@${ip} "ip hotspot ip-binding add address=${address} mac-address=${mac} type=bypassed"
done

Now create a file named bypasslist.txt and put all the addresses you want bypassed. You’ll need the Mac Address and the IP Address.

Example file

192.168.88.2=4C:5E:0C:B8:4E:01
192.168.88.3=3E:AA:A1:2D:8B:2C
192.168.88.5=DE:D1:39:65:91:4E

Usage of script is

./mtbypass.sh MikrotikIP

Example:

./mtbypass.sh 192.168.88.1

SSH Errors

Posted on February 2, 2018 by admin

ssh: connect to host 192.168.1.158 port 22: Connection refused

Wrong SSH port. Check /etc/ssh/sshd_config on linux, or in RouterOS IP->services->SSH

ssh_exchange_identification: Connection closed by remote host

Check the hosts.allow and hosts.deny files. If your getting this error connecting to a Mikrotik check the IP services and the “Available From” addresses.

Mikrotik Backup Script

Posted on September 5, 2016 by admin

This is a Linux script for creating and backing up backups on Mikroitk routers.

Features

Creates the backups automatically, no need to manually create a backup on the Mikrotik
Uses SSH and SCP for encrypted communication between the router and the server
Runs on linux
Easy to use command line interface
Can back up single or multiple routers

Future Features

These are features I am planning on adding to the script in the future

Ability to compare backups and remove duplicates
Make the script smarter so it can detect a backup on a router and leave it instead of deleting it
Add better logging
Add the functionality to upload the backups to an online service like DropBox, or OneDrive automatically
Add alert mechanism to alert you if a backup failed or router is unreachable

Current Bugs or limitations

Deletes all backups off of the router, so if you manually created a backup it will delete it without asking
To stop backing up a router, you’ll need to manually delete the IP address out of the IP database i.e(ip.lst file.)
It does not currently have the ability to delete backups

Requirements

Linux box to run the script from and to store the backups. You can run it from a laptop or VirtualBox.
You’ll need the following programs for this script to work(fping, sshpass)
The Linux box need to be able to ping the routers, if it can’t the script will fail

Installing

Download program

wget www.incredigeek.com/home/downloads/mtbackup/mtbackup.sh
chmod +x mtbackup.sh

Now open up the script and edit the variables at the top for your username, password, and where you want the backups.

 nano mtbackup.sh

When you have finished editing the variables, hit CTRL+x, and then “y” and then “enter” to save the file.

If you want to setup the script to backup on a regular basis then setup the script to run in cron.

Run “crontab -e” and add the following line

10 1 * * 1 cd /root/mtbackup-1.0/ & sh mtbackup -b

Hit CTRL+x, and then “y” and then “enter” to save the file.

Adding routers to backup

Adding routers is really easy. All you have to do is run the script with the -a option and then the ip address and the script will check if it can reach the IP and then add it to the IP Database i.e.(ip.lst file that contains all the routers ip addresses)
./mtbackup.sh -a 192.168.88.1

Example:

[root@localhost mtbackup-1.0]# ./mtbackup.sh -a 192.168.88.1
#################################################################

This is a Mikrotik Backup Utility.  Still being updated and worked on!!!

#################################################################

Adding 192.168.88.1 to the ip DB
Added 192.168.88.1 to ipDB
[root@localhost mtbackup-1.0]#

Backing up all routers

You can manually backup all the routers by running the script with just the “-b” option. It’ll read every IP in the IP database and create a backup for each one and put it in the backup folder with is normally “./backups”, you can change it in the variables portion of the script.

./mtbackup.sh -b

Other examples

List routers in the IP Database

 [root@localhost mtbackup-1.0]# ./mtbackup.sh -L
#################################################################
This is a Mikrotik Backup Utility. Still being updated and worked on!!!
#################################################################
Listing Hosts...
192.168.88.1
10.200.1.1
172.20.1.1
33.11.2.22
[root@localhost mtbackup-1.0]#

Backup Single router

[root@localhost mtbackup-1.0]# ./mtbackup.sh -B 192.168.88.1
#################################################################

This is the Mikrotik Backup Utility. Currently under construction!!!

#################################################################

Starting to do backup on 10.9.0.1

Configuration backup saved
[root@localhost mtbackup-1.0]#

Other commands

[root@localhost mtbackup-1.0]# ./mtbackup.sh -h
#################################################################

This is the Mikrotik Backup Utility.  Still being updated and worked on!!!

#################################################################

Usage
./mtbackup.sh [OPTIONS]
./mtbackup.sh -b 192.168.88.1

-l      List backups
-L      List Hosts
-b      Backup all hosts in the IP database
-B {ip} Backup Single Host, Specife IP
-a {ip} Add ip to IP database
-v      Version

[root@localhost mtbackup-1.0]#

Incredigeek

Tag Archives: mikrotik