Community discussions

MikroTik App
 
O3illc
just joined
Topic Author
Posts: 1
Joined: Tue Feb 23, 2021 1:20 am

Troubleshoot Script

Tue Feb 23, 2021 1:22 am

Hi Mikrotik Guru's,

I have a script I use to run on my routerboard 951ui-2hnd ver 6.40.2 which works great.

But since we got newer ver. routerboards we have been unable to load the script.

Can anyone assist with this script on why it does not work with the newer version?

See code below:
:delay 15s
/interface bridge
add name=bridge-local protocol-mode=rstp
/interface ethernet
set 0 name=ether1-master-local
set 1 name=ether2-slave-local
set 2 name=ether3-slave-local
set 3 name=ether4-slave-local
set 4 name=ether5-gateway
/ip pool
add name=pool-2-89 ranges=10.2.89.220-10.2.89.250
/ip dhcp-server
add address-pool=pool-2-89 authoritative=yes disabled=no interface=bridge-local lease-time=1h name=dhcp-2-89
/ppp profile
add change-tcp-mss=yes name=remote-router use-encryption=required
/interface pptp-client
add allow=mschap2 connect-to="xxx" disabled=no name=pptp-fiber password=xxx profile=remote-router user=o3-2-89
/interface sstp-client
add authentication=mschap2 connect-to="xxx" disabled=no name=sstp-fiber password=xxx profile=remote-router user=o3-2-89 verify-server-address-from-certificate=no
/interface bridge port
add bridge=bridge-local interface=ether1-master-local
add bridge=bridge-local interface=ether2-slave-local
add bridge=bridge-local interface=ether3-slave-local
add bridge=bridge-local interface=ether4-slave-local
add bridge=bridge-local interface=wlan1
/ip address
add address=10.216.49.5/255.255.255.0 interface=ether5-gateway
add address=10.2.89.1/24 interface=bridge-local network=10.2.89.0
/ip dhcp-client
add disabled=yes interface=ether5-gateway
/ip dhcp-server network
add address=10.2.89.0/24 dns-server=10.2.89.1 gateway=10.2.89.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall filter
add action=drop chain=input comment="Drop all invalid packets." \
    connection-state=invalid
add chain=input comment="Accept established." connection-state=established
add chain=input comment="Accept related." connection-state=related
add action=jump chain=input comment="Jump to Public Internet chain." \
    in-interface=ether5-gateway jump-target=public
add chain=input comment="Accept everything else."
add chain=public comment="Allow incoming ICMP packets." protocol=icmp
add chain=public comment="Allow Broadcast Traffic" dst-address-type=broadcast
add chain=public comment="Allow NTP Unicast Traffic" dst-port=123 protocol=\
    udp
add action=accept chain=public comment="modbusTCP port forward 502" disabled=yes port=502 protocol=tcp
add action=log chain=public comment="Log packet from public internet." \
    log-prefix=PUBLIC
add action=drop chain=public comment="Default Public Internet action."
/ip firewall nat
add chain=srcnat dst-address=10.0.0.0/24 src-address=10.2.89.0/24
add action=src-nat chain=srcnat to-addresses=10.216.49.1 disabled=yes \
    src-address=10.2.89.0/24 dst-address=0.0.0.0/0
add chain=srcnat action=masquerade
add action=dst-nat chain=dstnat comment="modbusTCP port forward 502 (10.x.x.20)" disabled=yes dst-port=502 protocol=tcp to-addresses=10.2.89.20
add action=dst-nat chain=dstnat comment="modbusTCP port forward 502 (10.x.x.10)" disabled=yes dst-port=502 protocol=tcp to-addresses=10.2.89.10
/ip route
add dst-address=0.0.0.0/0 gateway=10.216.49.1
add dst-address=10.0.0.0/24 gateway=10.0.0.1
/ip service
set [find] disabled=yes
set ssh,www address=10.0.0.0/24,10.2.89.0/24 disabled=no
/system clock
set time-zone-name=PST8PDT
/system ntp client
set enabled=yes primary-ntp=10.0.0.1
/user set admin password="ozone"
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge ssid=o3service wireless-protocol=802.11 hide-ssid=yes
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key="i owe engineering a beer" wpa2-pre-shared-key="i owe engineering a beer"
/ip ssh
set always-allow-password-login=yes forwarding-enabled=yes strong-crypto=yes
/system identity
set name=router-o3-2-89
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1915
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Troubleshoot Script

Tue Feb 23, 2021 11:13 am

Master/slave interface are no longer used in newer software.

So downgrade your device to 6.40.2. Install working config (config in this post).
Upgrade to lastes RouterOS (6.47.9 or 6.48.1)
Then export your config with the new interface setting configured correctly.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 

Who is online

Users browsing this forum: No registered users and 27 guests