All posts by Omega-00

RouterOS Bridge and Vlan Configuration for CRS devices on v6.43.X

I’ve seen a few posts recently in the MikroTik forums and MikroTik Subreddit about the confusing nature of creating native (wirespeed) vlans on the CRS range of hardware and wanted to put together a template that gives you a good idea of how these work, and what the configuration of a few different port types looks like.

While I will go into more detail on this soon – the following (designed for a CRS328-24P-4S+RM) has:

  • PC Connected ports
  • PC Connected ports with support for an inline VoIP Phone
  • Tagged/Untagged ports for Access Point administration and wireless network passthrough
  • Untagged port for a server
  • Tagged Trunk ports for passing vlans between switches
  • Adding an IP address to an Admin vlan for access to the configured switch
Continue reading RouterOS Bridge and Vlan Configuration for CRS devices on v6.43.X

Automatic bypass of hotspot devices based on MAC Address

Recently I was doing some work for a hotel that supplies a ‘Smart TV’ device with Netflix and other functions in every room. These rooms are in turn all connected to a hotspot network and the TV’s all needed to be given internet access.

As this was (as sometimes occurs) an unexpected addition to the known requirements of the installation, it fell to me to come up with a way to add these – preferably without having to have someone walk around manually collect details for 300+ TV’s.

Continue reading Automatic bypass of hotspot devices based on MAC Address

Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting

During my day job we use some MikroTik CHR deployments for (among other things) VPN session termination. The CHR’s are easy to spin up, offer a wide variety of VPN types, and for low traffic sessions can support upwards of 10,000 sessions on a single device.

It’s over 9000!

In the event of an outage though, you would run into a problem – those 10,000 sessions all want to re-establish at once.. and the CPU on the MikroTik quickly bottlenecks until it becomes unable to cope and begins to drop connections quickly becoming a vicious cycle.

We initially dealt with this by defining a hard limit on the number of new sessions per second, using 2 simple firewall rules and the connection limit classifier to keep these under 10 per second – however this meant that after an outage it would take at absolute minimum, over 15 minutes for all the sessions to come back online! So we came up with a better solution. Continue reading Scriptlet: Bulk VPN connections on MikroTik with connection rate limiting

The basics of reading and writing files in RouterOS

My good friend Greg was asking about how to store data to files onboard a MikroTik device so I thought I’d elaborate here with some information and examples.

Before we get started, some things to note:

  1. While you can fetch and read the contents of any file, you are limited to working with 4096 character files as this is a limitation on the amount of information that can be contained in a string variable in RouterOS at this time.
  2. When creating new files in RouterOS via terminal the extension .txt will be appended to anything that doesn’t already have .txt at the end.
  3. You can work with newlines \n\r as delimeters (which is super helpful when downloading something list of IP addresses from somewhere)

The basic commands for working with a file, using variables in place of static content or file names:
1. To create a new file

/file print file=$filename

2. To read an existing file

:set $filedata [/file get $filename contents]

3. To write to an existing file

/file set $filename contents=$newdata

4. To append to an existing file

/file set $filename contents=([get $filename contents] . $newdata)

Scriptlet: Halt MikroTik scheduled scripts if multiple instances are detected.

The following script can be run in terminal (or via any automation tool that can login to your MikroTik devices via SSH) and checks for any duplicate script ‘jobs’ and kills them.

I wrote this after noticing a few of my scripts that use fetch would hang periodically and leave multiple jobs open.

#kill duplicate script jobs
:global counter
:global counter2
:foreach counter in=[/system script job find] do={
:global job [/system script job get $counter script]
:if ([:len [/system script job find where script=$"job"]] > 0 && [:len $job] > 0) do={
:put "Duplicate script running: $job - terminating all"
:foreach counter2 in=[/system script job find where script=$"job"] do={
/system script job remove $counter2
}
}
}

Continue reading Scriptlet: Halt MikroTik scheduled scripts if multiple instances are detected.