Community discussions

 
olivier2831
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Fri Sep 08, 2017 6:53 pm

How to effectively configure 6 hEX units ?

Mon Aug 19, 2019 7:24 pm

Hello,
I need to configure 6 hEX PoE UNITS as basic "VLAN enabled switches".

Configuration details i need to set, are:
- custom settings:
- fixed private address (eg 192.168.1.221/24) replacing factory-set 192.168.88.1/24
- common settings:
- do not act as DHCP or DNS server
- no DNS cache
- ether1 belongs to LAN interface list
- no IP forwarding
- no firewall rule of any kind (NAT, filtering)
- all ethernet being untagged member of VLAN1 and tagged member of VLAN2
- uploading two SSH key files to admin user
- setting admin's password

I've read about /import and /export commands but those seem not so easy to use.

How would you proceed ?

best regards
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1092
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: How to effectively configure 6 hEX units ?

Thu Aug 22, 2019 6:24 pm

Configure 1 how you want it.
Do an /export and then do a full reset on the others and import the .rsc file you made from the first one.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
mkx
Forum Guru
Forum Guru
Posts: 2828
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to effectively configure 6 hEX units ?

Fri Aug 23, 2019 8:16 am

Configure 1 how you want it.
Do an /export and then do a full reset on the others and import the .rsc file you made from the first one.
Which would cover all but last two OP's points (SSH keys and password) ... those two are only possible to automate by using (binary) backups which should not be used to transfer config between different units (even if they are same model). Or is password setting actually possible from scripts (only /export doesn't export that detail) so the script could be hand-modified to deal with this OP's point as well?
BR,
Metod
 
olivier2831
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 79
Joined: Fri Sep 08, 2017 6:53 pm

Re: How to effectively configure 6 hEX units ?

Mon Aug 26, 2019 6:05 pm

Configure 1 how you want it.
Do an /export and then do a full reset on the others and import the .rsc file you made from the first one.
Which would cover all but last two OP's points (SSH keys and password) ... those two are only possible to automate by using (binary) backups which should not be used to transfer config between different units (even if they are same model). Or is password setting actually possible from scripts (only /export doesn't export that detail) so the script could be hand-modified to deal with this OP's point as well?
What about a dedicated Python script that connects to Mikrotik box through SSH and even reads config though NAPALM or alternatives :
you can copy SSH key files,
you can use different SSH logins as appropriate.

Has someone followed this route ? If positive, is it something that you recommend ?
 
Amm0
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: How to effectively configure 6 hEX units ?

Mon Aug 26, 2019 8:19 pm

If you have a configuration you like and /export out, I'd look at learning NetInstall. It would let you upload your .rsc and the same version packages on all units. Then if you need more in the future, you can use NetInstall to make sure you have the same version. See "Configure script" comment in https://wiki.mikrotik.com/wiki/Manual:Netinstall – also, NetInstall will cause the "reset" button on each unit to go YOUR customized bridged configuration.
 
Amm0
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Sun May 01, 2016 7:12 pm
Location: California
Contact:

Re: How to effectively configure 6 hEX units ?

Mon Aug 26, 2019 9:11 pm

Also, you mention "uploading two SSH key files to admin user"...that part is the more tricky I think. Since the export wouldn't include those.

So for the certificates, Other might have a better idea for that...but one way is to just put the desired public key on a local web server, then include the following EXAMPLE commands at/near the bottom the export'ed script:
0. :delay 10s
1. /tool fetch url="https://LOCAL_WEBSERVER/my_public_ssh_key" file=my_public_ssh_key to download the desired cert from a local web server that has the public key file available via HTTP.
2. /user ssh-keys import public-key-file=my_public_ssh_key user=admin

Finally, if you really want it to act like a switch, at a high level, you want avoid the traffic going through the CPU. There are two ways to do this: I think for the HeX PoE, you'd want to he use the "Switch" method to set the VLAN tagging/untagging. If you use "VLAN Filtering" in the "Bridge" settings, it would likely disable hardware offload which work but performance be less than line speed on the HeX PoE. The Switch Chip setting would keep the VLAN stuff going a line speed...but yeah you read https://wiki.mikrotik.com/wiki/Manual:S ... p_Features a couple times.

The Switch configuration would be export in a /export file=filename.rsc, and still be imported via NetInstall.

Who is online

Users browsing this forum: No registered users and 17 guests