Schedule disable ethernet interface?

gabrielU · May 23, 2018, 2:44am

Hello! I am trying to make a script that disable the eth5 interface from 19:00 to 07:00, any ideas?

jarda · May 23, 2018, 4:54am

Easy. Use two scripts at that times, one for enabling and second for disabling. Make sure your time is accurate and don’t use the time from mikrotik ip cloud.

routik · May 23, 2018, 7:58am

You can use the below command to do that.

1. Add a comment to the ether5 (e.g WAN2, ISP2, Finance_Department, Guest, Junior_staff, etc)

/interface ethernet set [ find default-name=ether5 ] comment=Guest

2. The needed script

/system script
add name=Disable_ether5 owner=admin policy=read,write,policy,test source=\
    "/interface disable [find comment=\"Guest\"];"
add name=Enable_ether5 owner=admin policy=read,write,policy,test source=\
    "/interface enable [find comment=\"Guest\"];"

3. The timing scheduler

/system scheduler
add interval=1d name=Disable_ether5 on-event=Disable_ether5 policy=\
    read,write,policy,test start-date=may/23/2018 start-time=19:00:00
add interval=1d name=Enable_ether5 on-event=Enable_ether5 policy=\
    read,write,policy,test start-date=may/23/2018 start-time=07:00:00

That should do the magic for you

This is very important. your can use pool.ntp.org as your NTP server

/system ntp client set enabled=yes primary-ntp=168.167.71.137 secondary-ntp=41.204.120.137

sid5632 · May 24, 2018, 1:14pm

Seeing as you went to the trouble to abstract Guest from ether5, you should call the scripts/scheduler items Disable_Guest and Enable_Guest.
Calling them Disable_ether5 etc. is just stupid and potentially confusing if/when you change the port allocated to “Guest”.

Hard coding IP addresses for NTP is stupid as well, when you’ve just said use pool.ntp.org

routik · May 24, 2018, 2:22pm

@sid5632
You’re entitled to your opinion. But I didn’t change the allocated port. I only added “Guest” as a comment to it, which is what the script works with.
Had it been I changed the port name to “Guest”, it would have made sense for me to name the scheduler “Disable_Guest”. So long as the author of the post understands the script, he can change the comment/name to something else.

Regarding the NTP, I only assumed the poster may need much of those details. I may be wrong on that.

But hey, this is a public forum and we are all here to learn and give back as well. Name calling is really not necessary.

CZFan · May 24, 2018, 3:02pm

Oh Master of Mikrotik, please teach us how to retain the FQDN in NTP Client on Mikrotik?

If not, don’t you think your post was of no value and a bit stupid?

sid5632 · May 24, 2018, 3:28pm

/system ntp client set enabled=yes server-dns-names=uk.pool.ntp.org

Now who looks stupid?

If not, don’t you think your post was of no value and a bit stupid?

Clearly not.

sid5632 · May 24, 2018, 3:43pm

I know you didn’t. I did say if/when it gets changed…

I only added "Guest as comment to it, which is what the script works with.

I know, but it’s vital to the operation, not just some side-issue.
If somebody removed the comment from ether5 and added it to ether4 (say), then everything would still work, but the scheduler/script items would still have a reference in their names to ether5 which is now wrong. You have inadvertently created an unwanted dependency which could be confusing at some point down the line.

Had it been I changed the port name to “Guest”, it would have made sense for me to name the scheduler “Disable_Guest”.

I disagree. The script locates the port by the Comment, not by the port name, so it makes sense to name it as such.

So long as the author of the post understands what the script, he can change the comment/name to something else.

That’s the trouble. Sometimes it is not clear why something has been done the way it has and where/how to change it. Properly naming things can go a long way to reducing confusion and mis-understanding.
As you have it at the moment, if you did change the target ethernet port, then you have several things to change to keep everything consistent. Doing it as I suggested localises the change to just the one place - the place where you are changing the port. You don’t have any other side-effects. This has to be a good thing!

But hey, this is a public forum and we are all here to learn and give back as well. Name calling is really not necessary.

Indeed and I have learnt lots. It was not my intention to name call, and I don’t really believe I did, but rather to try and impart some idea of doing things better, so that others don’t fall in to bad habits when they don’t need to.

anav · May 24, 2018, 3:55pm

Routik, great helpful post! I enjoyed reading it and was not at all disturbed by the HORRIBLE conflict between a comment and code entry item. Overlooking this terrible crime, I give you a big thumbs up!!

CZFan · May 24, 2018, 4:39pm

Ok, now do a print / export of that here?

sid5632 · May 24, 2018, 5:05pm

If you think the comment is not important, then try changing it to something else and see if the scripts still work.
Then you might understand WHY.
You asked to be educated, but now you only seem to want to be half-educated.

Sometimes I wonder about people. Actually, make that most of the time.

sid5632 · May 24, 2018, 5:11pm

That WAS from an export. OK, you’re obviously a sucker for punishment. Here’s an export from my real router:

> system ntp client print 
             enabled: yes
         primary-ntp: 0.0.0.0
       secondary-ntp: 0.0.0.0
    server-dns-names: ntp1.npl.co.uk,uk.pool.ntp.org
                mode: unicast
       poll-interval: 15m
       active-server: 139.143.5.30
    last-update-from: 139.143.5.30
  last-update-before: 7m23s730ms
     last-adjustment: -1ms719us

Can you not just admit defeat? You’re wrong or out-of-date. Presumably you are still running some old, bug-ridden, insecure version where this wasn’t implemented (I forget which version introduced it) which is why you’re unaware.

anav · May 24, 2018, 5:25pm

Routik, your example was clear, unambiguous and to the point and without any rotting whiff of arrogance. Well done mate!

sid5632 · May 24, 2018, 5:36pm

The whole point, as if I need to say it YET again, is that it was NOT unambiguous IF/WHEN things change.

I really fail to see why so many people can’t see this. It’s not arrogance - it’s just being right.
The arrogant ones are those who continually stick their collective heads in the sand and bleat on about how the original was best. It wasn’t.

Sob · May 24, 2018, 5:40pm

For the record, server-dns-names option is feature of built-in SNTP client from “system” package. NTP client from “ntp” package doesn’t have it. So you can be both right and save faces if you want. Or unite and hate me for breaking the fight.

CZFan · May 24, 2018, 7:46pm

Ok, now do a print / export of that here?

That WAS from an export. OK, you're obviously a sucker for punishment. Here's an export from my real router:
> system ntp client print 
             enabled: yes
         primary-ntp: 0.0.0.0
       secondary-ntp: 0.0.0.0
    server-dns-names: ntp1.npl.co.uk,uk.pool.ntp.org
                mode: unicast
       poll-interval: 15m
       active-server: 139.143.5.30
    last-update-from: 139.143.5.30
  last-update-before: 7m23s730ms
     last-adjustment: -1ms719us
Can you not just admit defeat? You're wrong or out-of-date. Presumably you are still running some old, bug-ridden, insecure version where this wasn't implemented (I forget which version introduced it) which is why you're unaware.

Below is my export and you can see I am on the latest version, as per Sob, there seems to be 2 different versions of this NTP, so before you call someone stupid, please confirm which version he was using.

/system ntp client> export

may/24/2018 21:44:19 by RouterOS 6.42.2

software id = XXXXXX

model = 2011UiAS-2HnD

serial number = XXXXXX

/system ntp client
set enabled=yes primary-ntp=196.10.55.57 secondary-ntp=45.222.43.250