Hello,
How would you configure 50 hAP units spread over a building ? Which tools would you select ?

Each unit should simply offer Internet access to WiFi users.
Each unit a PoE uplink to a PoE switch.
Each unit serves a personal SSID (users from room A connect to Room A's SSID , ...) without any roaming between SSIDs.

Best regards

Good luck

Broad lines how I would tackle this (others might have better ideas):
-Prepare the config on one device as it should be.
-Export config.
-Clean config so it does not conflict with existing default config.
-Use variables in the beginning for the changing parts.
-Adjust config where needed to take into account those variables instead of fixed config
-Import on each device using terminal, adjust first 2 or 3 variables as needed before going for next device.

Something like that ...

OR

Set all devices to CAPs mode and use capsman.

Flashfig is still listed as an option on the support website

https://help.mikrotik.com/docs/display/ROS/Flashfig

check this topics:

NETINSTALL
https://help.mikrotik.com/docs/display/ROS/Netinstall

FLASHFIG
https://help.mikrotik.com/docs/display/ROS/Flashfig

From what I could quickly see, it all the same config then ?

After reading Flashfig feature, maybe I should spit the config process in two steps:
1. apply common configuration "on bare metal" with Flashfig/Netinstall (updating firmware, creating system users, changing IP services ports, defining some firewall address list, uploading SSH keys)
2. apply personal config (creating SSID, configuring device hostname, creating certs, setting custom password, ...) with something appropriate.

I'm not very familiar with using Ansible to configure RouterOS yet but it seems to fit for the second phase.

Thoughts ?

if a device is identical to the others:

Netisntall the first with latest long-term version supported WITHOUT KEEP PREVIOUS CONFIG (-r option on linux) and appling the default configuration.

Configure the device as needed.

Export the configuration .rsc

Netinstall all the following devices, WITHOUT APPLING DEFAULT CONFIG and WITHOUT KEEP PREVIOUS CONFIG (-r option on linux)

Open one-by-one, after pasting the exported .rsc on terminal, personalize that unit.
Keep writed somewhere how that unit is configured differenty from the master,

Do that for remaining 48.

This is one of the cases where capsman is going to make things a lot easier (since centrally managed).

+1 )

+1 )

From 2008 just a +1 ) ?
Hacked account....

+1 )

From 2008 just a +1 ) ?
Hacked account....

Nope, but it‘s rather an intresting topic..

Nope, but it‘s rather an intresting topic..

Ok, because happen often... ¯\(°_o)/¯

Yes, we know..
We are provisioning about 200 devices a month. And yeah, it would be very nice to have some sort oft automatisation.
All device run their own config - so every device is NOT a copy of another.

How would you configure 50 hAP units spread over a building ? Which tools would you select ?

IF... that is IF any mikrotik devices support these following subjects, i think it would be great:
1. pxe boot capable config management interface, and it's runtime environment.
2. set the dhcp and tftp server for management vlan 1 untagged.
3. set 1 mikrotik as baseline config. create and modify those 50 devices rsc files as needed. put those rsc on that tftp. do dhcp server mac bootp options.
4. routers boot up finding dhcp, get the bootp and rsc config file. executes and reboot.
5. done. admin could take a lot of coffee break . vendor neutral

that is IF ... mikrotik developer team would take some ideas

just a thought

We are provisioning about 200 devices a month. And yeah, it would be very nice to have some sort oft automatisation.
All device run their own config - so every device is NOT a copy of another.

Using openwrt-based, customized firmware image, my client(s) also provision lot of devices every month, for IoT.
Every router has same firmware image, but reconfigures itself upon first boot after flash, based on individual info from central DB.
Reconf can also be done online, of course.
Possible for certain mikrotiks, too

How would you configure 50 hAP units spread over a building ? Which tools would you select ?

IF... that is IF any mikrotik devices support these following subjects, i think it would be great:
1. pxe boot capable config management interface, and it's runtime environment.
2. set the dhcp and tftp server for management vlan 1 untagged.
3. set 1 mikrotik as baseline config. create and modify those 50 devices rsc files as needed. put those rsc on that tftp. do dhcp server mac bootp options.
4. routers boot up finding dhcp, get the bootp and rsc config file. executes and reboot.
5. done. admin could take a lot of coffee break . vendor neutral

that is IF ... mikrotik developer team would take some ideas

just a thought

I do not read nothing (probably) that is not already doable, but this is not one help, is a work...
Hire one consultant than can do that for you... (not me)

I do not read nothing (probably) that is not already doable, but this is not one help, is a work...

well, i thought maybe mikrotik product manager will be interested in those features.

plug and play over the network.

Hire one consultant than can do that for you... (not me)

well, thank you for the offer. but done those.

i think any communication rack need that. dhcp. dns. tftp. http. syslog. analog modem. terminal console. crossover serial. something like that.

as the op asked,
at least to provide basic ip connectivity to orchestrator service, plenty of them.

Here is my take on this...

0. I don't think it's a good idea to just start with an :export script and deploy it. Scripts deployed by netinstall are passed a variable (like $action) that allows a safe rollback. So start with the device's defaults, then MERGE any customization INTO their defaults...

1. QuickSet/default configuration already does a lot of the default configuration for you & you can provided a customized one to netinstall for deployment. To see the default configuration, use: That should be the base, for that particular model of Mikrotik. Each device has a different one, and it can change between versions. So make sure pull the default script from the same version you plan to deploy.

2. Modify that script with your own users, change names, etc. Mikrotik uses part of the MAC address of the first ethernet interface as it's unique id (e.g. AACCFF), so if you want more "per device" customization, you can use the MAC too, or similar to generate specifics.. Since one script error it will cause a fail – KISS a good idea. I try to ONLY ADD things to the default, not re-write it... And avoid doing complex scripting "tricks", since some future version upgrades may breaking novel script things. I add a one thing to the default at top:
3. Test it on single device without netinstal, the "reset-configuration" does similar as netinstall, so no need to wait for netinstall to test debug (let's say your customized file is mydefconfig.rsc) : Logging can be added to the script, so "trace" the configuration if more complex:




4. One "newer" approach than flashfig (which I've never used and sees complex unless your really had hundreds)... But with containers, you could now run a few "netinstall containers" - one for each port if you want to flash multiple ones units. Just need a spare ARM box with V7. If haven't tried that, but that seems WAY easier – netinstall on linux is pretty fool-proof. (Unlike the firewall fiasco created by trying to use netinstall on Windows)

5. Optional... If you really happy with the configuration, you can REPLACE the default-configuration entirely (e.g. so it NEVER could go to Mikrotik's defaults), using the "Branding Kit" and adding the same script as the "Default Configuration" in the branding NPK maker in your Mikroitk account at mikrotik.com. BUT again, one mistake in this approach, the device will need to be netinstall'ed to remove the branding package – e.g. the pin-hole reset is YOUR configuration, so nothing else to fall back too. Thus Step 5 here .

Really, capsman is way easier then all this script-juggling for what was specified in the first post as requirement ... and centrally managed too.

Really, capsman is way easier then all this script-juggling for what was specified in the first post as requirement ... and centrally managed too.

Fair enough, that's right: OP does describe simple needs. Just CAPsMAN only works on devices with Wi-Fi... more documenting an approach that works on ANY device.