Community discussions

MikroTik App
 
akliouev
just joined
Topic Author
Posts: 12
Joined: Wed Dec 25, 2013 9:24 am

Moving configuration from 751G to 951G

Mon Jun 23, 2014 12:32 pm

Hi!

I have an operational 751G 2HnD unit with some setting and I've purchased a new 951G 2HnD unit to replace the old one as I need more processing power. Both units are running the latest 6.15 SW

I'm trying to achieve a very simple thing -- move the existing configuration from the 751 to the 951 but I encountered a very odd problem:

I've exported the exisintg configuration out of the 751 by doing "/ export file=running-751"
I've exported the default configuration out of the 951 by doing "/ export file=running-951"
I went through the 751's script and modified all the config entries that were referring to the 751's MAC addresses to mach the same entries from the 951's script (/interface bridge)
I uploaded the modified 751's script to the 951 and issued a /system reset-configuration run-after-reset=running-751.rsc

The 951 seemingly executed the script but became an unmanageable brick -- no DHCP, no IP addesses, WiFi operational with proper password but no IP/DHCP over wifi either.

Can anyone point me out to what's the error or how to debug the config scpript?

Here's the config I'm trying to apply:
# jan/02/1970 00:02:06 by RouterOS 6.15
# software id = KKUH-JK3W
#
/interface bridge
add admin-mac=D4:CA:6D:F2:D8:9F auto-mac=no l2mtu=1598 name=bridge-local

/interface wireless
set [ find default-name=wlan1 ] antenna-mode=rxa-txb band=2ghz-b/g/n channel-width=\
20/40mhz-ht-above country=russia disabled=no distance=indoors frequency=2422 \
l2mtu=2290 mode=ap-bridge ssid=8-2-2

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Beeline
set [ find default-name=ether2 ] name=ether2-local
set [ find default-name=ether3 ] master-port=ether2-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-local name=\
ether5-slave-local

/ip neighbor discovery
set ether1-Beeline discover=no

/interface vlan
add interface=ether1-Beeline l2mtu=1594 name=external-vlan200 vlan-id=200

/interface ethernet switch port
set 0 default-vlan-id=200 vlan-header=always-strip vlan-mode=secure
set 1 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=100 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=100 vlan-mode=secure
set 5 default-vlan-id=100 vlan-mode=secure

/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
wpa-pre-shared-key=password wpa2-pre-shared-key=password


/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d

/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=black-LAN ranges=10.100.50.10-10.100.50.250
add name="L2TP clients" ranges=10.255.255.100-10.255.255.254

/ip dhcp-server
add address-pool=black-LAN disabled=no interface=bridge-local name=default

/interface l2tp-client
add add-default-route=yes allow=chap,mschap1,mschap2 connect-to=\
tp.internet.beeline.ru default-route-distance=2 dial-on-demand=no \
disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=disabled \
name=l2tp-Beeline password=password profile=default user=beeline_user

/system logging action
set 3 remote=10.100.50.186 syslog-facility=local7

/interface bridge port
add bridge=bridge-local interface=wlan1
add bridge=bridge-local interface=ether2-local
add interface=ether1-Beeline
add interface=ether5-slave-local

/interface ethernet switch vlan
add independent-learning=no ports="ether2-local,ether3-slave-local,ether4-slav\
e-local,ether5-slave-local,switch1-cpu" switch=switch1 vlan-id=100
add independent-learning=no ports=\
ether1-Beeline,ether5-slave-local,switch1-cpu switch=switch1 vlan-id=200

/ip address
add address=10.100.50.1/24 comment="default configuration" interface=\
bridge-local network=10.100.50.0

/ip dhcp-client
add comment="default configuration" default-route-distance=3 dhcp-options=\
hostname,clientid disabled=no interface=external-vlan200

/ip dhcp-server lease
add address=10.100.50.186 mac-address=00:08:9B:CA:32:E6
add address=10.100.50.86 client-id=1:0:6:78:d:3f:6b mac-address=\
00:06:78:0D:3F:6B server=default
add address=10.100.50.34 client-id=1:68:b5:99:53:cd:44 mac-address=\
68:B5:99:53:CD:44 server=default

/ip dhcp-server network
add address=10.100.50.0/24 dns-server=10.100.50.1 gateway=10.100.50.1 \
netmask=24
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1 gateway=192.168.88.1

/ip dns
set allow-remote-requests=yes

/ip dns static
add address=10.100.50.1 name=router

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input disabled=yes dst-port=500 in-interface=l2tp-Beeline protocol=\
udp
add chain=input comment="L2TP control connection" disabled=yes dst-port=1723 \
in-interface=l2tp-Beeline protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
ether1-Beeline
add action=drop chain=input in-interface=l2tp-Beeline
add chain=forward comment="default configuration" connection-state=\
established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat out-interface=l2tp-Beeline
add action=masquerade chain=srcnat comment="default configuration" \
out-interface=external-vlan200

/ip route
add disabled=yes distance=1 gateway=l2tp-Beeline
add comment="Static to Beeline internal network" distance=1 dst-address=\
10.0.0.0/8 gateway=10.73.80.1
add comment="Static to L2TP routers 78.107.1.0/24" distance=1 dst-address=\
78.107.1.0/24 gateway=10.73.80.1
add comment="Static to L2TP routers 85.21.0.0/24" distance=1 dst-address=\
85.21.0.0/24 gateway=10.73.80.1
add comment="Static to Beeline DNS #2" distance=1 dst-address=85.21.192.3/32 \
gateway=10.73.80.1
add comment="Static to Beeline DNS#1" distance=1 dst-address=213.234.192.8/32 \
gateway=10.73.80.1

/ip upnp
set allow-disable-external-interface=no

/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=10.100.50.0/24
set ssh address=10.100.50.0/24
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes

/system clock
set time-zone-name=Europe/Moscow

/system leds
set 0 interface=wlan1

/system logging
set 3 action=remote
add action=echo topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
add action=remote topics=ipsec,l2tp,ovpn,dhcp,wireless,firewall,account
add action=remote topics=wireless,debug

/system leds
set 0 interface=wlan1

/system ntp client
set enabled=yes

/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local

/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master-local
add interface=ether3-slave-local
add interface=ether4-slave-local
add interface=ether5-slave-local
add interface=wlan1
add interface=bridge-local
Regards,
Alex
 
Tet
just joined
Posts: 18
Joined: Fri Jun 20, 2014 7:41 pm

Re: Moving configuration from 751G to 951G

Mon Jun 23, 2014 12:42 pm

Try access to brick through mac-address
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Moving configuration from 751G to 951G

Mon Jun 23, 2014 12:47 pm

The statement [ find default-name=ether1 ] and similar doesnt work reliably for me.
Most probably you don't have any ip addresses.
You can connect directly to the 951 with a cable on some port and connect by mac address to it. Use the button with the three dots in winbox to see the board. Then select the mac address and connect.
 
akliouev
just joined
Topic Author
Posts: 12
Joined: Wed Dec 25, 2013 9:24 am

Re: Moving configuration from 751G to 951G

Mon Jun 23, 2014 3:05 pm

Thanks for the tip but it didn't work -- Win Box does see the 951 before the config load and stops to see the 951 after the load. I've noticed that the config I'm loading contains "/ip service set winbox disabled=yes", and that should disable WinBox on the router. WinBox is able to sense the 751 and report it's MAC. IP address and SW revision, but won't connect. Is this normal? I mean if I disable WinBox I expect even the discovery to be off

I've modified the config to enable winbox on the 951-- no go

Help
 
User avatar
CyberTod
Long time Member
Long time Member
Posts: 511
Joined: Wed Jan 25, 2012 10:23 am

Re: Moving configuration from 751G to 951G

Mon Jun 23, 2014 4:32 pm

The default configuration is to disable connection to mac-address only on ether1. It should be visible on the other lans.
But I suggest to make a reset configuration and then import the configuration manually through the terminal. Just copy the commands from your export and paste them. You can even do that 1 by 1. You will be able to see where it reports an error and correct it.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1875
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Moving configuration from 751G to 951G

Mon Jun 23, 2014 5:23 pm

/interface ethernet
set [ find default-name=ether1 ] name=ether1-Beeline
set [ find default-name=ether2 ] name=ether2-local
set [ find default-name=ether3 ] master-port=ether2-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-local name=\
ether5-slave-local
Hi, it's my first post :-)

My experience is that MT does not like changing default port names "in the middle" of configuration which mostly could
be observed as disconecting the unit.
Plain default names are better recognized and the rename process should be in the end of process.
Try to reset 951, then rename ports manualy and then import configuration via terminal but without quoted lines.

Bartosz.
Real admins use real keyboards.
To quote or not to quote, there is the topic: viewtopic.php?f=2&t=168474
 
akliouev
just joined
Topic Author
Posts: 12
Joined: Wed Dec 25, 2013 9:24 am

Re: Moving configuration from 751G to 951G

Tue Jul 08, 2014 12:35 pm

For those wondering -- the order of the commands in the script was totally wrong.
The script was chocking on the /interface ethernet switch port commands that created the HW VLANs and assigned those to physical ports prior to higher-level definitions
I hope that in the future a config migration will take less than an hour of heavy debugging and constant resting

Happy networking,
Alex

Who is online

Users browsing this forum: Google [Bot] and 150 guests