I pasted this previously on reddit but in case somebody else runs into this and are new to Mikrotik devices (and RouterOS).
With Arista/Cisco/HPE/Juniper/VyOS and others you can move the config of one device to another by:
- On the box itself:
copy running-config startup-config
-
Then copy startup.conf to a host and modify it regarding hostname, IP-adress, default gateway and what else.
-
Upload the modified startup.conf to the 2nd device.
-
Reboot that device.
-
Tada!
However there are a few more details to do the same between two Mikrotik devices of the same model and firmware-version:
\ -
To export:
/export terse show-sensitive file=custom.rsc
Then you can download the file either through webfig or scp (or ftp but the ftp service currently isnt VRF-aware).
- To import:
2.1) Modify the custom.src and insert this as the first line (to give time for interfaces to properly initialize during boot):
:delay 30;
2.2) Also if you have commands that references certificates those should be modified otherwise the import will fail midway.
For example if you got this:
/ip service set api-ssl certificate=WEBFIG disabled=no tls-version=only-1.2 vrf=VRF-MGMT
/ip service set www-ssl certificate=WEBFIG disabled=no tls-version=only-1.2 vrf=VRF-MGMT
Then change that into this:
/ip service set api-ssl disabled=no tls-version=only-1.2 vrf=VRF-MGMT
/ip service set www-ssl disabled=no tls-version=only-1.2 vrf=VRF-MGMT
That is remove the “certificate=WEBFIG” part in custom.rsc. You can add this later through CLI/SSH/webfig.
NOTE! Make sure that you in your template have /ip/services running other than api-ssl or www-ssl such as SSH (it can be disabled after the import in case you dont want to have SSH running later on).
Also note that the fingerprint for SSH will be different after the reset has completed.
2.3) Also if you change settings for individual /interface/ethernet/switch/port it can be good to change the “set 0” into “set [ find name=sfp-sfpplus1 ]” or whatever interface you want to modify.
Simply because the index number of a particular interface might be different between revisions but the name remains.
For example if you got this:
/interface ethernet switch port set 0 l3-hw-offloading=no limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=1
/interface ethernet switch port set 1 l3-hw-offloading=no limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=1
Then change that into this:
/interface ethernet switch port set [ find name=sfp-sfpplus1 ] l3-hw-offloading=no limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=1
/interface ethernet switch port set [ find name=sfp-sfpplus2 ] l3-hw-offloading=no limit-unknown-multicasts=yes limit-unknown-unicasts=yes storm-rate=1
2.4) Since webfig currently lacks ability to place files in the flash-directory you must use scp (or ftp) to upload the file to the flash-directory:
scp ./custom.rsc admin@192.0.2.1:/flash
In webfig you will now see a file named:
flash/custom.rsc
2.5) Load the new config on the new device.
NOTE! in my case its the same hardware model and firmware-version on both source and destination device:
/system reset-configuration keep-users=yes no-defaults=yes skip-backup=yes run-after-reset=flash/custom.rsc
2.6) Login to the device to acknowledge the license and give it another reboot so IPv6 settings can be set properly (you will see which settings wants another reboot if you do /export right after login):
/system/reboot
Do any of you have other tips regarding having a troublefree template to be used on new devices?