Hi all:

I have searched through this forum and the documentation and I haven't found what I am after.

Here is my situation: I currently have about 18 Mikrotik RouterOS machines that I need to administer. They each run a location/facility, and they have almost identical setups, except they may display a different HTML page, or use different IP ranges for its networks. But all the hotspot and firewall setup is pretty much identical, and they call talk to the same RADIUS server.

It has become increasingly difficult and time consuming for me to manually update these machines, say, when I need to add a new hotspot to each of these 18 machines. My company has plan to deploy more and more of these similar machines, so we are talking about perhaps a few dozens of these machines.

I know there are the import/export functions provided by RouterOS, but is there an easy way for me to say, export the settings from one machine (the development machine), and have it automatically updated on all other machines?

Currently, I have a perl script that uses Perl::Expect to connect to each of the machine via SSH, log in, and run some commands, but this is not 100% reliable. Sometimes the results returned from the Mikrotik RouterOS box are too long (long string) and some portions of it gets dropped (in the middle of the string), and I still cannot get it to change directory and run commands in a sub-directory successfully (i.e. /ip hotspot ; print ; set 1 name="new-hotspot")

I am current still running on RouterOS 2.8.28, and looking at upgrading to 2.9.x soon. Are there any new features in RouterOS 2.9 that may help me with this situation? Because I could not find it in the documentation.

Here are some features that may help me with this problem:
1) Provide SNMP-SET in RouterOS
2) Allow SSH host key on RouterOS, so I can login via SSH without getting prompted for password, then I can script my updates much easier

Can anyone help me out?

P.S. I am willing to share the scripts/codes that I am using to do the mass update, but I didn't want to create a giant post.

in `/system upgrade` you can set the `upgrade source` which can be another mikrotik router. by doing this, you will only have to upload new packages to one router. the others will get them from the first one. this is one part of the solution, as for the perl scripts - i will allow some specialists to answer

Thanks, I will try the /system upgrade tip. If I read you correctly, this will only update the software packages though, correct? So if say, I made changes to my firewall rules, or changed some configurations on my dhcp server, these will NOT be replicated on other machines via /system upgrade, am I correct?

I am going to try and export some of these configs to file on one box, and set up another box to point to this machine to get updates, and hope that the second machine will also download these exported configuration files. If that is the case, then it might make my mass update a lot easier to do.

As far as I know, and I hope someone will correct me if I'm wrong, there is no way to copy the configuration of one router to another.

This is a major short coming of RouterOS, in my opinion, not only for large deployments but because it makes it difficult to keep a spare router in case of hardware failure.

/export
/system backup

Eugene,

As you know, this produces a binary backup that can only be used to restore the configuration on the same hardware, in the event of software corruption, for example. It cannot be used to set up a new router.

/export produces clear text.

From: http://www.mikrotik.com/docs/ros/2.9/system/management

Note that it is impossible to import the whole router configuration using this feature. It can only be used to import a part of configuration (for example, firewall rules) in order to spare you some typing.

I am in the process of setting up a primitive framework, to deal with this problem. It will likely use a mix of Expect (Perl::Expect) and other free tools, to make deploying large numbers of RouterOS machines easier.

I welcome any suggestions, and I have no problem sharing my results with anyone who wants to take a peek. In fact, if there are enough interests, I might post it on sourceforge. I just wanted to ask here first, in case Mikrotik is already planning some new features that will make this mass deployment easy.

I wrote a batch file to do this (for 2. that you could modify to do multiple IP addresses from a text file:

UpdateMT28.cmd:

@ECHO OFF
if "%VER%"=="" set /p VER=Enter version to update to:
if "%1"=="" set /p IP=Enter IP of Mikrotik Router:
if "%1" NEQ "" set IP=%1
echo user admin >script.tmp
echo YOURPASSWORD >>script.tmp
echo binary >>script.tmp
echo lcd g:\mikro\%VER% >>script.tmp
echo put advanced-tools-%VER%.npk >>script.tmp
echo put dhcp-%VER%.npk >>script.tmp
echo put hotspot-%VER%.npk >>script.tmp
echo put ntp-%VER%.npk >>script.tmp
echo put ppp-%VER%.npk >>script.tmp
echo put routerboard-%VER%.npk >>script.tmp
echo put routing-%VER%.npk >>script.tmp
echo put security-%VER%.npk >>script.tmp
echo put system-%VER%.npk >>script.tmp
echo put ups-%VER%.npk >>script.tmp
echo put wireless-%VER%.npk >>script.tmp
echo quit >>script.tmp
ftp -n -s:script.tmp %IP%
winbox %IP% admin YOURPASSWORD
ping -t %IP%

UpdateMT29.cmd:

@ECHO OFF
if "%VER29%"=="" set /p VER=Enter version to update to:
if "%1"=="" set /p IP=Enter IP of Mikrotik Router:
if "%1" NEQ "" set IP=%1
echo user admin >script.tmp
echo YOURPASSWORD >>script.tmp
echo binary >>script.tmp
echo lcd g:\mikro\%VER% >>script.tmp
echo put routeros-x86-%VER29%.npk >>script.tmp
echo quit >>script.tmp
ftp -n -s:script.tmp %IP%
winbox %IP% admin YOURPASSWORD
ping -t %IP%



Both of these accept a command line parameter, the IP address, which using this batch file:

MT28IP.LST:
10.1.1.1
10.1.1.2
10.1.1.3

MT29IP.LST:
10.1.1.5
10.1.1.6
10.1.1.7

UpdateAllMT.cmd:

set /p VER=Enter version 2.8 to update to:
set /p VER29=Enter version 2.9 to update to:
for /F "tokens=1" %x IN (MT28IP.LST) DO UpdateMT28.cmd %x
for /F "tokens=1" %x IN (MT29IP.LST) DO UpdateMT29.cmd %x

I made the last batch file on the fly, so I don't know if the syntax is 100%, but it should work for a start. You do have to manually issue a system|reboot|yes from Winbox, however. This is not relying on any third party utils, and usually I do them one at a time using the first 2 scripts.

SNMP-SET would be very handy, particularly if folks are using HP OpenView and other NMS. Also, TFTP support would be nice. Having the ability to export and import a text file via FTP/TFTP and have the router apply the new configuration from it would be handy, that way the configuration can be created programmatically as a file and uploaded - instead of having to use expect scripts and trying to accomodate SSH.