The (unofficial) Mikrotik site

Script Fu – Changing RADIUS server source address

Just a quick post to show an example of day to day usage of RouterOS scripting.

Goal: We had to change the src-address for a bunch of radius-server listings across 40 MikroTik devices, to match a new pptp-tunnel address. What would’ve been a pain was that the address is different on each device.

Solution: Create a scriptlet to pull the IP into the update (set) routine, ensuring it is formatted correctly for use.

Heres the full solution in all its ugly glory:

/radius set 0 src-address=[:pick [/ip address get [/ip address find where interface=[/interface pptp-client get [/interface pptp-client find where connect-to=192.168.1.1] name]] address] 0 [:find [/ip address get [/ip address find where interface=[/interface pptp-client get [/interface pptp-client find where connect-to=192.168.1.1] name]] address] "/"]]

And here’s it broken down with explanations (follow the numbers for easiest reading):

#1 start the command to change the ip address
/radius set 0 src-address=[
#2 we don't know the src-address yet so we need to work it out
#6 We need to only select a portion of the address (up until the /)
:pick [
/ip address get [
#5 Find an IP address listing where the interface matches the name of our pptp interface
/ip address find where interface=[
#4 Get the name of this pptp-client interface
/interface pptp-client get [
#3 The src-address is attached to a pptp-client interface that we know connects to 192.168.1.1
# So we're going to find it
/interface pptp-client find where connect-to=192.168.1.1
]name
]
] address
] 0 [
#8 To use that address in the find command
:find [
#7 We run the same routine to get the IP address in its entirety
/ip address get [
/ip address find where interface=[
/interface pptp-client get [
/interface pptp-client find where connect-to=192.168.1.1
] name
]
] address
#9 Searching for "/" and using the result as the number for the :pick selection (0 -> "/")
] "/"
]
#10 The pick command completes, selecting only the IP address portion
# and this is returned to our original set request, changing the radius clients src-address listing.
]

And there we have it!

Advertisement
Exit mobile version