Manual Improvements

marria · July 13, 2015, 12:48pm

Maybe before blindly copying scripts make sure that you have interface named “ether1” and that this “ether1” actually has an address to get.

This is not the issue.

ether1 exists on test unit with an address. your assumption is erroneous’’

[Michael@Goat-on-a-Rope] > ip address p
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                           
 0   192.168.5.1/24     192.168.5.0     ether2                                                                                                                              
 1 X 192.168.0.1/24     192.168.0.0     ether7                                                                                                                              
 2   10.234.123.2/30    10.234.123.0    ether1                                                                                                                              
 3   10.234.123.6/30    10.234.123.4    ether9-WAN MESA1                                                                                                                    
 4 D 10.0.0.100/20      10.0.0.0        ether9-WAN MESA1                                                                                                                    
 5 D 192.168.77.253/24  192.168.77.0    ether1                                                                                                                              
[Michael@Goat-on-a-Rope] > interface p
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ;;; ether1-WAN_WT
       ether1                              ether            1500  1520       1520 D4:CA:6D:59:FD:97
 1  RS ether2                              ether            1500  1520       1520 D4:CA:6D:59:FD:98
 2   S ether3                              ether            1500  1520       1520 D4:CA:6D:59:FD:99
 3  RS ether4                              ether            1500  1520       1520 D4:CA:6D:59:FD:9A
 4  RS ether5                              ether            1500  1520       1520 D4:CA:6D:59:FD:9B
 5     ether6                              ether            1500  1520       1520 D4:CA:6D:59:FD:9C
 6     ether7                              ether            1500  1520       1520 D4:CA:6D:59:FD:9D
 7  X  ether8-WAN3 GBAP                    ether            1500  1520       1520 D4:CA:6D:59:FD:9E
 8  R  ether9-WAN MESA1                    ether            1500  1520       1520 D4:CA:6D:59:FD:9F
 9  RS wlan1                               wlan             1500  1600            00:0C:42:51:B2:34
10  X  ********************************* 
11  R  bridge1                             bridge           1500  1520            D4:CA:6D:59:FD:98
[Michael@Goat-on-a-Rope] > {
{... :local address1 [/ip address get [find interface="ether1"] address]
{... :put $address1                                                     
{... }             
invalid internal item number
[Michael@Goat-on-a-Rope] >

Chupaka · July 13, 2015, 12:53pm

so what is the issue?
looks like you have many addresses on ether1, not a single one. check with

:put [/ip address find interface="ether1"]

marria · July 13, 2015, 1:16pm

marria wrote:
This is not the issue.

so what is the issue?
looks like you have many addresses on ether1, not a single one. check with

Code: Select all
:put [/ip address find interface=“ether1”]

Now THAT was helpful, thanks! It seems that on a interface with more than one address it tanks:

Note for manual - “this example cannot report multiple addresses on on interface, it will report none and give error”
furthermore the variation:

{
:local address1 [/ip address get [/interface ethernet find name=ether1] address]
:put $address1
}

is likely as not to give an address from a completely different interface under that situation.

[Michael@Goat-on-a-Rope] > {
{... :local address1 [/ip address get [find interface="ether1"] address]
{... :put $address1                                                     
{... }             
invalid internal item number
[Michael@Goat-on-a-Rope] > :put [/ip address find interface="ether1"]
*18;*1b
[Michael@Goat-on-a-Rope] >

But on a unit with only a single address it works:

[Michael@RCWT1] > interface p
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                TYPE       ACTUAL-MTU L2MTU  MAX-L2MTU MAC-ADDRESS      
 0  R  ;;; 10.4.0.0
       ether1                              ether            1500  1520       1520 00:0C:42:6D:E0:00
 1  R  ether2-OUT                          ether            1500  1520       1520 00:0C:42:6D:E0:01
 2  R  ether3-NBM5_25-IN North             ether            1500  1520       1520 00:0C:42:6D:E0:02
 3  R  wlan1                               wlan             1500  1600            00:0C:42:2B:A1:A6
[Michael@RCWT1] > ip address p
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE                                                                                                                           
 0   10.4.0.1/20        10.4.0.0        ether1                                                                                                                              
 1   ;;; North Clients
     192.168.102.1/24   192.168.102.0   ether3-NBM5_25-IN North                                                                                                             
 2   10.2.2.1/24        10.2.2.0        wlan1                                                                                                                               
 3 D 10.249.249.2/30    10.249.249.0    ether2-OUT                                                                                                                          
[Michael@RCWT1] > {
{... :local address1 [/ip address get [find interface="ether1"] address]
{... :put $address1                                                     
{... }             
10.4.0.1/20
[Michael@RCWT1] > :put [/ip address find interface="ether1"]
*15
[Michael@RCWT1] >

So…what are the *values and how can I use them??

mrz · July 13, 2015, 1:56pm

If there are multiple matches then list/array is returned.
Quote from the manual:

find - Returns list of internal numbers for items that are matched by given expression.

See here what to do with arrays:
http://wiki.mikrotik.com/wiki/Manual:Scripting#Operations_with_Arrays

Chupaka · July 13, 2015, 4:01pm

marria:

furthermore the variation:
{
:local address1 [/ip address get [/interface ethernet find name=ether1] address]
:put $address1
}
is likely as not to give an address from a completely different interface under that situation.

that’s completely incorrect command. first, you get ID of ‘ether1’ interface and then you try to get an address having the same ID as that interface. it’s called ‘unpredictable behaviour’

marria · July 13, 2015, 4:54pm

Chupaka:

marria:
furthermore the variation:
{
:local address1 [/ip address get [/interface ethernet find name=ether1] address]
:put $address1
}
is likely as not to give an address from a completely different interface under that situation.
that’s completely incorrect command. first, you get ID of ‘ether1’ interface and then you try to get an address having the same ID as that interface. it’s called ‘unpredictable behaviour’

All right. Point well made, as I wouldn’t know - having pulled these from the wiki.

This reinforces the need for a good manual, for those of us trying to learn - very confusing!

I suppose this is wandering off topic, but if you can point me to some reliable scripting reference, I’d appreciate it!

Chupaka · July 13, 2015, 4:56pm

is this incorrect command from the manual?.. a link?

marria · July 13, 2015, 8:51pm

Probably from the wiki. I’ll try to find it in my history - likely less than a week back.

Update: and crow for dinner… no link, bad interpretations

To clarify, the original Line I questioned was from - Check if IP on interface have changed
http://wiki.mikrotik.com/wiki/Manual:Scripting-examples
it appeared just the example I needed but failed because of not knowing about the single address issue.

My mistake compounded after digging around for what would work - I found a link from MRZ :
http://forum.mikrotik.com/t/routeros-v5-4-released/47406/50

with

You can’t use numbers of the items to get data. Find should be used instead.
For example
[/interface wireless registration-table get [find name=wlan1] rx-ccq]

also this thread:
http://forum.mikrotik.com/t/script/31584/1
which had a similar appearing example:

:put [/interface ethernet get [/interface ethernet find name="ether1"] mtu]

(reconstructing my memory) I am guessing I tried rewrite the original line based on those threads as:

{
:local address1 [/ip address get [/interface ethernet find name=ether1] address]
:put $address1
}

and it worked! for this routeros code newbie, that time, anyway, when the other did not. Hard to know, if I reconstructed this right. My bad.
It was a long road to finding out about the affect of mutiple addresses on the interface tripping me up all along.
As the original code DOES work on interfaces with single IP addresses that the manual has the right to assume, I’ll eat crow. I would, however, point that out in the manual.

favincen · August 28, 2015, 2:59pm

There are quite a lot of things that could be clarified or updated in the wiki/manual. It’s hard to list just from the top of my head. I would be much easier to insert comments or review request right on the spot, on the very page we feel something is missing, unclear, or obsolete.
That’s my first suggestion: allow commenting on each page of the wiki. That would be much more efficient than trying to remember what point was unclear or missing some few weeks or months ago…

Without doubts some would try to ask for support in the wiki comments instead of the forums, so it would be wise to state and underline that no anwsers will be provided in the comments, just inputs for improving the documentation will be taken into account…

Also, as it is a wiki, it could be very efficient to allow some kind of editing, probably with some moderator to review and commit proposed changes (create/update/delete).
In other words, make it a real wiki, where all can interact !

my 2 cents.
Fabrice

BMan · September 22, 2015, 4:01am

There is almost nothing about Policy Routing and nothing about Route Rules in manual. Please add some information and examples about it.

lectrapon · October 6, 2015, 2:33pm

We need a French version of Manual because there are some technical section that can’t be easy for us to understand.

jarda · October 6, 2015, 4:42pm

Sure. Someone should be so kind and translate the manual into all languages of the world (ironic) . Just French is not enough and there are much more needed languages than French (not ironic) .

wil · October 7, 2015, 7:36pm

The manual made it quite difficult to figure some details out for me. These are some things that I want to point out particularily:

IPv6:
The basic setup was actually reasonable well described in examples, but if you get dynamic prefixes from your ISP then there are parts that are not covered by the examples and you have do dig quite deep into the manual and find things out by yourself. It took me quite a while how I get the dynamic ipv6 pool from my ISP and setup prefix delegation for it. Also the router must pick its own address from the ipv6 pool and it takes too long to find the information on how this is supposed to work.
Firewall in combination with ppp incoming/outgoing-filter option
I think there was just a sketchy example describing the feature that was not very helpful. But there was also some bad luck involved with some firmware bugs and the old firewall print command not showing dynamic rules by default.
IPSec
There can never be enough documentation on this one, right? Basic setup is fine but once you dig into policy groups / templates topics it gets hard to find good information.

Examples are nice when you have to get something fairly standard quickly done. There command reference is alright, although there could be some better descriptions for the parameters here and there. What I was often missing is documentation that describes the some mechanics that are implemented in the OS, like the dynamic ipv6 pools or firewall rules for the dynamic ppp interfaces. It just takes too long to find the little pieces of information from the command reference to understand how a particular feature works.

MartijnVdS · October 30, 2015, 8:05am

I would like to see some improvement in the documentation for /certificate scep-server

A bit of explanation of what SCEP is, what the different roles are (CA, RA) or at least something about what all the configuration options mean would be great.

kurtkraut · November 1, 2015, 4:05pm

MUM Videos are a valuable resource and many talks cover in a very instructive way. I suggest the effort of searching for MUM Videos and adding them to the bottom of each manual page as ‘related videos’. So eventual gaps the text may leave might be covered in the video. Also most of the wiki pages lack of real world scenarios and example, which the MUM Videos are rich in that matter.