Last week I was on Madrid-MUM and one of the conferences was the auto configure with DHCP66 using mikrotik server and other device client.
That make me think that I would like something similar and more easy that I wish to build.
I usually have a auto configuration script let’s say load.rsc that has lots of configurations for my routers.
Wen i get a new router i connect it, open with winbox, copy load.rsc, copy RouerOS_version.npk and then system->reset configurations → No default configuration, run after: “load.rsc”.
What is the new challenge.
Plug a Brand new mikrotik on port 2 to a router with a bridge let’s say bridgeAutoLoad.
And with api connect to the device and download the load.rsc and RouterOs_version.npk and reboot same way.
I will need a server with the files on the same Lan.
The idea is a script that check neighbors and when connected a router on that bridge with Mikrotik name and 192.168.88.1 then execute api PHP that will connect to it and update everything.
The first problem:
How can I connect form API-PHP to 192.168.88.1 that is a different network segment.
I mean I can’t connect to the router from telnet or winbox with the IP I only can connect by mac.
Is there anyone that have made the same ?
Better way to do it ?
The 192.168.88.1/24 subnet is on the new RB’s LAN, not WAN.
By default, the WAN has a DHCP client, and blocks any connections to the router (including API ones) making DHCP options the only “truly” automated way to configure a new device… Except that RouterOS doesn’t natively support any options, proprietary or otherwise.
Actually… wait… it kind’a does… CAPsMAN… Except that this doesn’t let you upload a complete initial configuration script, but just configure certain options. A feature request for MikroTik?
And if your intent is to automatically configure a RB from its LAN side, then… Put the server in the same LAN. In the main router, add a route for 192.168.88.1/32 pointing back to the LAN.
That way, via its “normal” IP, the server will connect to the main router to monitor for neighbor routers, and upon detecting a new one in the LAN, it would connect to 192.168.88.1. The connection to 192.168.88.1 will go to the main router, which would now have the knowledge to route it back to the LAN to the new router.
If you want to be IP agnostic (i.e. what if new MikroTik models suddenly start using f.e. 192.168.1.1/24?), you can go a step further, and not add the route BUT upon detecting the neighbor router, add a route to its IP pointing to the interface it’s appearing on, and upon configuring the router, remove the route.
I would like the be able to configure 5 routers at the same time.
I mena plug 5 routers, script that runs every 5 min and then check neighbors and fire phpapi to connect 192.168.88.1 but all of them will be 192.168.88.1…
It’s not possible. Not via the API certainly, as the API needs layer3 to be available, and with an IP conflict in place, a router can’t be connected to on that layer.
On layer2, you can only connect with CAPsMAN or MAC telnet. I already talked about CAPsMAN, and as for MAC telnet… You definitely can’t use it by connecting via API to the main router (as interactive commands are not supported), and I don’t know about other telnet clients. If they can connect to a MAC address, then I guess you can API connect to the main router to watch for neighbors, and when you find one, connect via MAC telnet to do the rest.
seems difficult to do it.
Terminal from mikrotik doesn’t allow automations.
Last thought could be a Little difficult but I don’t know if it will Works.
Because i want to update 5 mikrotiks at the same time could be possible to add a bridge to each Ethernet so,
eth1-bridge1 (192.168.1.10), eth2-bridge2 (192.168.1.11)…
Add masquerade to every bridge to have separated LAN. So every bridge will be separately. ¿?
Then a NAT rule when comes packet to 192.168.1.10 redirect to eth1-bridge 192.168.88.1 …
Then after search on neighbors I can try to api connect to 192.168.1.10 that will open 192.168.88.1 from eth1-bridge1 …
If all routers are on different interfaces, then yes, you can masquerade and dst-nat all of them, so that they’re each accessible with a different IP from the main router. The server, now in a different LAN, will just connect “normally” to one of those IPs.
If two are in the same LAN though… after some more searching, I found this MAC telnet client. If your web server is a Linux one, you can compile it, and upon detecting the router from PHP, use proc_open() to trigger that client, and do the rest.
I’m still trying to auto configure routers but I can’t get it…
Last try is:
RouterBoard 2011
ETh1 connect to ISP
Eth2 DHCP-Server connect to PC
Eth2 192.168.90.1/24 Pool 192.168.90.30-256
PC Gets 192.168.90.254
Eth5 bridgeAutoLan5
bridgeAutoLan5 ip Address 192.168.88.2/24
RouterBoard 951 connected on ETH2 with default DHCP-Server 192.168.88.1
From RB2011
I can ping ok 192.168.88.2, 192.168.88.1
I can see on neighbors on bridgeAutoLan5 192.168.88.1
But from the computer with winbox can’t reach RB951 192.168.88.1 …
The idea is to do the same on RB 2011 ETh4 (bridgeAutoLan4 with ip 192.168.88.3/24) and connected on it RB951 that on ETH2 that will give 192.168.88.1.
So i would like to be able to connect from computer to RB951 on bridgeAutoLan4 or bridgeAutoLan5
I tried it with different NAT rules but can’t get work ok.
What I pretend is from computer winbox on 192.168.90.20 and opens 192.168.88.1 from bridgeAutoLan4
and winbox 192.168.90.21 and opens 192.168.88.1 from bridgeAutoLan5…
