Hi,

I want to deploy a configuration to a bunch of Mikrotik routers (> 30). The routers are used as follows: In a laboratory environment each router is used for a small, separated network. Inside of the separated networks there usually is a PC and some measurement equipment (connected via IP to the PC). The router "WAN" port is connected to the labratory LAN. The PC in the separated network should reach a file server via the Mikrotik router, other connections are blocked via firewall.

Therefore the routers should all share the same config, except for:

• MAC adresses
• IP address of the WAN interface
• system name

Now I'm thinking of a method, how I could deploy configuration to all routers. My idea is:

• export config on a device (https://wiki.mikrotik.com/wiki/Manual:C ... figuration)
• use a shell script to create a copy of the exported config for every router, change WAN IP address and system name in the copies
• upload the config copies to destination routers via sftp
• run /system reset-configuration keep-user no-defaults run-after-reset=new-config.rsc on the destination routers

Any better ideas?
Thanks

you can look at ansible. same thing as you stated but they dumb the scripting down.

Why would you want to use > 30 routers for that?
"Normal" way to do that is to have a single router where you configure a number of different internal networks on a VLAN, then use one or more VLAN-capable switches to put the VLANs on the required number of ports.
That way you have all the config in a single place which will make it much easier to manage.
And it will probably be cheaper as well.

Actually I don't think that messing with 30+ VLANs makes it much easier to manage. I think I've got 6 or 7 VLANs at the moment and the firewall rules on the inter VLAN router are already much longer than what I call easy manageable.

Also instead of 30+ routers (with bridge) I'd need 30+ switches then. Ok, these could be dumb switches and my be a bit cheaper, but still I need them.

Last but not least the setup should be moveable (the isolated networks are installed in moveable racks and it should work everywhere it is plugged in).

Acutually in configs like "I have 30 VLANs that all have to be isolated from eachother" you can easily make firewall rules that have no need to enumerate all of the interfaces (VLANs).
E.g. you can use interface lists, and/or you can "default block everything in forward" and only allow traffic forwarded to the internet interface.

When you really want to use > 30 routers, I would probably deploy it in the way you describe, and then hope there is no complicated config change required.
When there is, I would apply it using an "expect" script on a management system or using API.

But that is because I have longtime experience with that, and no experience with ansible.
For others the decision may be different and it entirely depends on your personal skills (and/or desire to learn something new).