The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,314 other followers

Archive for the ‘MikroTik’ Category

Some links on isolating parts of networks with Mikrotik

Posted by jpluimers on 2017/11/10

On my research list so I can do proper LoT.

–jeroen

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, Routers, Scripting, Software Development | Leave a Comment »

How to connect S+DA0003 using SFP between MikroTikCRS226 and MikroTikCCR1009

Posted by jpluimers on 2017/10/30

Mikrotik and SFP versus SFTP+ is always confusing especially as the text on their equipment and their documentation doesn’t show well which situations work.

Equipment text is further on, this is their text searchable documentation:

As usually, a long search in the forums reveals the background information:

[WayBackSFP in SFP+ slot – MikroTik RouterOS: 10Gb SFP+ sockets are usually backward compatible with SFP, but this is not guaranteed.

There are two tricks involved to get an SFP connection between these devices working:

Read the rest of this entry »

Posted in Internet, MikroTik, Power User, Routers | Leave a Comment »

Need to give this some thought: multi-LAN on Mikrotik

Posted by jpluimers on 2017/10/27

Maybe for my LoT (LAN of Things): having multiple (even many) local LANs some each with their section of LoT equipment nicely separated and partially being able to talk to some of the other LANs or part of the outside world.

Some links that might help me getting this set up:

The basic plan:

  1. Configure each port or grouped (with ethernet master-port or maybe bridged) of ports having their own address pool and DHCP server so each of them are in a separate private network
  2. Routes between the networks so they can be accessed
  3. NAT mangling so the networks can reach the other networks or outside world without exposing their private network addresses
  4. Firewall rules to permit/limit which networks can see each other or the outside world

WinBox displays routes in various colors [WayBack]:

  • Black – active
  • Blue – inactive
    • interface not up or disconnected
    • other route with higher precedence already covers this route
  • Red – invalid
    • interface does not exist
    • interface is disabled
    • IP address not on that interface any more

Sometimes they show as blue while still being legitimate. Not sure why yet.

–jeroen

Posted in Development, MikroTik, RouterOS, Routers, Scripting, Software Development | Leave a Comment »

Delay running a script after restart – MikroTik RouterOS

Posted by jpluimers on 2017/10/24

Start Time special value `startup`

Start Time special value `startup`

There is a special startup value for “Start Time” you can enter which makes it runs once 3 seconds after reboot.

If by then your router isn’t fully “up” yet (i.e. waiting for PPPoE or DHCP network settings), then inside the script you can perform a delay global command as shown in the code fragment from the below forum post.

Don’t you love how people still tend to both repeat themselves and abbreviate stuff even though they have code completion at their disposal?:

{:delay 10};
/log print file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6]); \
/tool e-mail send to="xxx@xxx.com" subject=([/system identity get name] . " Log " . \
[/system clock get date]) file=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt"); :delay 10; \
/file rem [/file find name=([/system identity get name] . "Log-" . [:pick [/system clock get date] 7 11] . \
[:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . ".txt")]; \
:log info ("System Log emailed at " . [/sys cl get time] . " " . [/sys cl get date])

Read the rest of this entry »

Posted in Development, Internet, MikroTik, Power User, RouterOS, Routers, Scripting, Software Development | Leave a Comment »

Mikrotik Router OS 6.37.1 – scripts and schedules – what policies they need to run

Posted by jpluimers on 2017/10/19

minimum schedule and script policies: read/write/policy/test

minimum schedule and script policies: read/write/policy/test

A year later, Mikrotik still needs to update their documentation, so from my question at [WayBack[Mikrotik follow-up needed] Router OS 6.37.1 – scheduled script cannot execute script – MikroTik RouterOS.

TL;DR:

  • use the same policies for scripts and schedules
  • use these policies as a minimum for scripts and schedules:
    • read
    • write
    • policy
    • test

Forum post:

I found out two things:

  1. the testFunctionScript needs at least these policies to call a function: read, write, policy, test
  2. a schedule needs at least the same permissions as a script in order to run the script at all

This is how the various permissions affect the testFunctionScript script:

  • no policies only allow :log info "testFunctionScript"; .
  • read allows the above and :local testFunctionJobs [/system script job print as-value detail]; which then is be logged with :log info "testFunctionJobs=$testFunctionJobs";
  • only write seems equivalent to no policies as it will only allow :log info "testFunctionScript";
  • read and write is equivalent to read
  • a lone policy or test policy (talk about confusion!) do not add functionality, so any combinations of just policy or testwith read and/or write get the same functionality as above
  • policy and test without any other seem equivalent to no policies as they result in only :log info "testFunctionScript"; to execute
  • the combined policies read, write, policy, test allow full script functionality including the function call and using the function call result

The above findings show that more logging is needed: the scheduler should log when (and why!) it does not have enough permissions to run a script. Right now you’re in the dark on when (and why!) a script isn’t ran by the scheduler.

The above findings show that these parts of the documentation need updating:

http://wiki.mikrotik.com/wiki/Manual:Sc … repository (update with info about the above policy combinations)
http://wiki.mikrotik.com/wiki/Manual:Ro … Properties (update with info about the above policy combinations)
http://wiki.mikrotik.com/wiki/Manual:System/Scheduler (does not document anything about policies at all)

The various scripts (apply your mix of policies that you need)

## logon as user jeroenp

/system script environment remove [ /system script environment find where name="testFunction" ];
:global testFunction do={
  :local result [/system resource get uptime];
  :return $result;
}

/system script environment print detail where name=testFunction
# 0 name="testFunction" value=";(eval /system scheduler  (eval /localname=$result;value=(eval (eval /system resource getvalue-name=uptime))) (eval /returnvalue=$result))" 

:log info "direct execution of testFunction"

{
:global testFunction;
:local testFunctionType [:typeof testFunction];
:local testFunctionResult [$testFunction];
:log info "testFunctionScript";
:log info "testFunctionType=$testFunctionType";
:log info "testFunctionResult=$testFunctionResult";
:log info "testFunction=$testFunction";
}

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system script remove [ /system script find where name="testFunctionScript" ];
/system script add name=testFunctionScript owner=jeroenp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global testFunction;\r\
    \n:log info \"testFunctionScript\";\r\
    \n:local testFunctionType [:typeof testFunction];\r\
    \n:local testFunctionResult [\$testFunction];\r\
    \n:log info \"testFunctionType=\$testFunctionType\";\r\
    \n:log info \"testFunctionResult=\$testFunctionResult\";\r\
    \n:log info \"testFunction=\$testFunction\";\r\
    \n"

:log info "execution of testFunction via testFunctionScript"

/system script run testFunctionScript

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler remove [ /system scheduler find where name="testFunctionScriptSchedule" ];
/system scheduler add interval=10s name=testFunctionScriptSchedule on-event=testFunctionScript policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=sep/22/2015 start-time=12:02:37

:log info "execution of testFunction via testFunctionScriptSchedule calling testFunctionScript"
:delay 20s
/system scheduler disable testFunctionScriptSchedule

/log print where buffer=memory && (message~"testFunction" || topics~"info")

/system scheduler print detail where name="testFunctionScriptSchedule"

–jeroen

Posted in Development, Internet, MikroTik, Power User, RouterOS, Routers, Scripting, Software Development | Leave a Comment »

 
%d bloggers like this: