Manage RouterOS logging,Upgrade,services,Backup,license, and NTP client

university of babylon, it college
information network dep., third class, second semester
mtcna course
mikrotik certified network associate
2014-2015
by m.sc. i.t alaa a. mahdi
2
objectives
• upgrade routeros
• get packages
• upgrade ways
• type of packages
• manage routeros logging
• manage routeros services
• backup and export/import configuration
• save and reload backup
• edit export file
• routeros license
• levels
• updating license
• ntp client configuration
• netinstall
• reinstall routeros
• reset routeros
3
routeros upgrade methods
you can upgrade routeros in the following ways:
1- winbox – drag and droping files to the files menu
2- ftp - upload files to root directory
3- the dude – see manual here
note: routeros cannot be upgraded
through serial cable. using this method
only routerboot can be upgraded.
4
upgrade process
• first step - visit www.mikrotik.com and
head to the download page, there choose
the type of system you have the routeros
installed on.
• download the combined package, it will
include all the functionality of routeros:
5
6
using winbox
• connect to your router with winbox, select the
downloaded file with your mouse, and drag it to
the files menu. if there are some files already
present, make sure to put the package in the
root menu, not inside the hotspot folder!:
• the upload will start:
• after it finishes - reboot and that s all! the
new version number will be seen in the winbox
title and in the packages menu
7
8
using ftp
• open your favourite ftp program (in this
case it is filezilla), select the package and
upload it to your router (demo2.mt.lv is the
address of my router in this example).
9
10
if you wish, you can check if the file is successfully
transferred onto the router (optional):
and reboot your router for the upgrade process to begin :
system reboot
after the reboot, your router will be up to date, you can check it in this menu:
/system package print
if your router did not upgrade correctly, make sure you check the log
more info. on package see system-packages pdf file
11
log
• routeros is capable of logging (track)
various system events and status
information. logs can be saved in routers
memory (ram), disk, file, sent by email or
even sent to remote syslog server.
12
13
logging configuration
14
rule
• topics
– log all messages that falls into specified topic
or list of topics.
for example, we want to log ntp debug info
without too much details:
/system logging add topics=ntp,debug,!packet
15
rule
• prefix
prefix added at the beginning of log
messages.
• action
specifies one of the system default actions
or user specified action listed in actions
menu
default: memory: logs are stored in local
memory buffer.
16
logging example logging to file
• to log everything to file, add new log
action:
/system logging action add name=file
target=disk disk-file-name=log
17
• and then make everything log using this
new action:
/system logging action=file
18
• you can log only errors there by issuing
command:
• /system logging topics=error
action=file
19
• this will log into files log.0.txt and
log.1.txt.
• you can specify maximum size of file in
lines by specifying disk-lines-per-file.
.0.txt is active file were new logs are
going to be appended and once it size will
reach maximum it will become .1.txt,
and new empty .0.txt will be created.
20
• you can log into usb flashes or into
microsd/cf (on routerboards) by
specifying it s directory name before file
name. for example, if you have accessible
usb flash as usb1 directory under /files,
you should issue following command:
• /system logging action add name=usb
target=disk disk-file-name=usb1/log
• for more information see manual:system/log
pdf file
21
manage routeros services
• this section lists protocols and ports used
by various mikrotik routeros services.
• it helps you to determine why your
mikrotik router listens to certain ports, and
what you need to block/allow if you want to
prevent or grant access to the certain
services.
22
/ip service
• some service settings can be changed
under /ip service menu.
• you can specify ip addresses from which
the service is accessible, for example:
– ip service> set www port=8081
address=10.5.0.0/16
23
24
(system reset ) configuration reset
• system reset command is used to erase all
configuration on the router. before doing that, it
might be useful to backup the router s
configuration.
• /system reset-configuration
• the command clears all configuration of the
router and sets it to the default including the
login name and password, ip addresses and
other configuration is erased, interfaces will
become disabled. after the reset command
router will reboot.
25
backup
and
export/import
configuration
26
backup configuration
• the backup save command is used to store the
entire router configuration in a backup file. the
file is shown in the /file submenu. it can be
downloaded via ftp to keep it as a backup for
your configuration.
• important! the backup file contains sensitive
information, do not store your backup files inside
the router s files directory, instead, download
them, and keep them in a secure location.
27
• the configuration backup can be used for
backing up mikrotik routeros configuration to a
binary file, which can be stored on the router or
downloaded from it using ftp for future use.
• the configuration restore can be used for
restoring the router s configuration from a
backup file. the restoration procedure assumes
the configuration is stored on the same router,
where the backup file was originally created.
28
restore
• to restore the system configuration, it is
possible to upload that file via ftp and load
that backup file using load command in
/system backup submenu.
29
example- backup
to save backup file helloitstudent, do
>system backup save name=helloitstudent
configuration backup saved
30
example- restore
• to load the saved backup file
helloitstudent:
> system backup load name=helloitstudent
restore and reboot? [y/n]: y
restoring system configuration system
configuration restored, rebooting now
31
winbox – backup & restore
• all operations of backup and restore are
exist in file menu:
32
export/ import
• the configuration export can be used for
dumping out complete or partial mikrotik
routeros configuration to the console screen or
to a text (script) file, which can be downloaded
from the router using ftp protocol. the
configuration dumped is actually a batch of
commands that add (without removing the
existing configuration) the selected configuration
to a router.
• the configuration import facility executes a
batch of console commands from a script file.
33
exporting configuration
• the export command prints a script that
can be used to restore configuration. the
command can be invoked at any menu
level, and it acts for that menu level and all
menu levels below it. the output can be
saved into a file, available for download
using ftp.
/export
34
example
• ip address export file= it-address
35
importing configuration
• the root level command /import [file_name]
executes a script, stored in the specified file
adds the configuration from the specified file to
the existing setup. this file may contain any
console commands, including scripts.
• import command used to restore configuration
or part of it after a /system reset event or
anything that causes configuration data loss.
• note that it is impossible to import the whole
router configuration using this feature. it can only
be used to import a part of configuration (for
example, firewall rules).
36
example - import
• to load the saved export file, use
the following command:
• import it_address.rsc
37
routeros license
• routerboard devices come preinstalled
with a routeros license, if you have
purchased a routerboard device,
nothing must be done regarding the
license.
• for x86 systems (ie. pc devices), you
need to obtain a license key.
38
• the license key is a block of symbols that
needs to be copied from your mikrotik.com
account, or from the email you received in,
and then it can be pasted into the router.
you can paste the key anywhere in the
terminal, or by clicking "paste key" in
winbox license menu. a reboot is
required for the key to take effect.
39
licensing information can be read:
40
license levels
• you can purchase a level 3, 4, 5 and 6.
level 1 is the demo license. the
difference between license levels is shown
in the table.
• level 3 is a wireless station (client) only
license..
41
licenses and routeros upgrades
• routeros can be upgraded only to certain
versions. for example if you are running
routeros v5, your license could restrict
the upgrade only to v6, and not to v7.
42
ntp client configuration
• having the system time set accurately is important for
many purpose, especially logging.
• routerboards do not have an onboard battery to keep
the clock running, setup the ntp client should be a part
of your configuration.
• the function of the ntp client is to query an ntp server
and get the current time and then set the local clock.
• sntp client is included in the system package.
routeros implements sntp protocol. ntp server and a
ntp client is included in the separate ntp package, that
is not installed by default.
43
client configuration is located in the /system ntp
client console path. this configuration is shared
by the sntp client implementation in the system
package and the ntp client implementation in
the ntp package. when ntp package is installed
and enabled, the sntp client is disabled
automatically.
192.43.244.18
time.windows.com
us.pool.ntp.org
44
45
• mode (one of broadcast or unicast
default value: broadcast) :
• in broadcast mode, client does not send
any requests, and listens for the broadcast
messages sent by the ntp server.
• in unicast mode client periodically sends
requests to the currently selected active
server, and waits for a reply message from
that server.
• more information see system/time pdf file
46
system clock
• setting up the ntp client will not ensure
the local clock is accurate for local time so
you must set your zone on the clock
setting to ensure your clock information is
meaningful.