- Manual:Configuration Management
- Description
- System Backup
- Exporting Configuration
- Command Description
- Example
- Compact Export
- Importing Configuration
- Command Description
- Automatic Import
- Example
- Configuration Reset
- Description
- Command Description
- Example
- Import troubleshooting
- Configuration parts to watch out for in exported .rsc files
- Startup delay
- Overview
- Configuration Undo and Redo
- Safe Mode
Manual:Configuration Management
This manual introduces you with commands which are used to perform the following functions:
- system backup;
- system restore from a backup;
- configuration export;
- configuration import;
- system configuration reset.
Description
The configuration backup can be used for backing up MikroTik RouterOS configuration to a binary file, which can be stored on the router or downloaded from it using FTP for future use. The configuration restore can be used for restoring the router’s configuration, exactly as it was at the backup creation moment, from a backup file. The restoration procedure assumes the configuration is restored on the same router, where the backup file was originally created, so it will create partially broken configuration if the hardware has been changed.
The configuration export can be used for dumping out complete or partial MikroTik RouterOS configuration to the console screen or to a text (script) file, which can be downloaded from the router using FTP protocol. The configuration dumped is actually a batch of commands that add (without removing the existing configuration) the selected configuration to a router. The configuration import facility executes a batch of console commands from a script file.
System reset command is used to erase all configuration on the router. Before doing that, it might be useful to backup the router’s configuration.
System Backup
The system backup feature allows you to effortlessly save and load device’s configuration. Read more about the backup feature in the System/Backup section.
Exporting Configuration
Command name: /export
The export command prints a script that can be used to restore configuration. The command can be invoked at any menu level, and it acts for that menu level and all menu levels below it. The output can be saved into a file, available for download using FTP.
Command Description
Example
[admin@MikroTik] > ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.1.0.172/24 10.1.0.0 10.1.0.255 bridge1 1 10.5.1.1/24 10.5.1.0 10.5.1.255 ether1 [admin@MikroTik] >
[admin@MikroTik] ip address> export file=address [admin@MikroTik] ip address>
To see the files stored on the router:
[admin@MikroTik] > file print # NAME TYPE SIZE CREATION-TIME 0 address.rsc script 315 dec/23/2003 13:21:48 [admin@MikroTik] >
Compact Export
Starting from v5.12 compact export was added. It allows to export only part of configuration that is not default RouterOS config.
Note: Starting from v6rc1 «export compact» is default behavior. To do old style export use export verbose
For example compact OSPF export:
[admin@SXT-ST] /routing ospf> export compact # jan/02/1970 20:16:32 by RouterOS 5.12 # software ospf instance set [ find default=yes ] redistribute-connected=as-type-1 /routing ospf interface add disabled=yes interface=wlan1 network-type=point-to-point /routing ospf network add area=backbone network=10.255.255.36/32 add area=backbone disabled=yes network=10.5.101.0/24 add area=backbone network=10.10.10.0/24 [admin@SXT-ST] /routing ospf>
Compact export introduces another feature that indicates which part of config is default on RouterOS and cannot be deleted. As in example below ‘*’ indicates that this OSPF instance is part of default configuration.
[admin@SXT-ST] /routing ospf instance> print Flags: X - disabled, * - default 0 * name="default" router-id=0.0.0.0 distribute-default=never redistribute-connected=as-type-1 redistribute-static=no redistribute-rip=no redistribute-bgp=no redistribute-other-ospf=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=auto metric-other-ospf=auto in-filter=ospf-in out-filter=ospf-out
List of default config by menus that cannot be removed:
Menu | Entries |
---|---|
/interface wireless security-profiles | default |
/ppp profile | «default», «default-encryption» |
/ip hotspot profile | «default» |
/ip hotspot user profile | «default» |
/ip ipsec proposal | «default» |
/ip smb shares | «pub» |
/ip smb users | «guest» |
/ipv6 nd | «all» |
/mpls interface | «all» |
/routing bfd interface | «all» |
/routing bgp instance | «default» |
/routing ospf instance | «default» |
/routing ospf area | «backbone» |
/routing ospf-v3 instance | «default» |
/routing ospf-v3 area | «backbone» |
/snmp community | «public» |
/tool mac-server mac-winbox | «all» |
/tool mac-server | «all» |
/system logging | «info», «error», «warning», «critical» |
/system logging action | «memory», «disk», «echo», «remote» |
/queue type | «default», «ethernet-default», «wireless-default», «synchronous-default», «hotspot-default», «only-hardware-queue», «multi-queue-ethernet-default», «default-small» |
Importing Configuration
Command name: /import
The root level command /import [file_name] executes a script stored in the specified file. It will add the configuration from the specified file to an existing configuration. This file may contain any console commands, including scripts. Can be used to restore configuration or parts of it after configuration loss.
Command Description
Automatic Import
In RouterOS it is possible to automatically execute scripts — your script file has to be named anything.auto.rsc — once this file is uploaded using FTP to the router, it will automatically be executed, just like with the ‘/import’ command. This method only works with FTP.
Once the file is uploaded, it is automatically executed. Information about the success of the commands that were executed is written to anything.auto.log
Example
To load the saved export file use the following command:
[admin@MikroTik] > import address.rsc Opening script file address.rsc Script file loaded and executed successfully [admin@MikroTik] >
Configuration Reset
Command name: /system reset-configuration
Description
The command clears all configuration of the router and sets it to the default including the login name and password (‘admin’ and no password), IP addresses and other configuration is erased, interfaces will become disabled. After the reset command router will reboot. The default is either the factory default, that you can see in the article Default configurations, or it can be a custom default, that can be loaded by including an RSC file when doing Netinstall or if specified with a branding package.
Command Description
- keep-users: keeps router users, passwords and ssh host keys(since v6.45.1)
- no-defaults: doesn’t load any default cofigurations, just clears everything
- skip-backup: automatic backup is not created before reset, when yes is specified
- run-after-reset: specify export file name to run after reset
Note: If run-after-reset is set then no-defaults parameter will be ignored and only the specified script will be loaded!
Warning: Warning: If the device has a folder named «flash», then the confscript.rsc file must be stored in that folder to work with «run-after-reset» command. Everything outside this folder is stored on the RAM drive which contents are deleted on reboot or power cycle.
Warning: If the router has been installed using netinstall and had a script specified as the initial configuration, the reset command executes this script after purging the configuration. To stop it doing so, you will have to reinstall the router.
Example
[admin@MikroTik] > system reset-configuration Dangerous! Reset anyway? [y/N]: n action cancelled [admin@MikroTik] >
Import troubleshooting
Configuration parts to watch out for in exported .rsc files
Things that should be removed from export files that were created with: «/export», before attempting import on new device.
/interface ethernet set [ find default-name=ether5 ] auto-negotiation=no name=ether1-gateway set [ find default-name=ether6 ] name=ether2 set [ find default-name=ether7 ] name=ether3 set [ find default-name=ether8 ] name=ether4 set [ find default-name=ether1 ] name=ether5 set [ find default-name=ether2 ] name=ether6 set [ find default-name=ether3 ] name=ether7 set [ find default-name=ether4 ] name=ether8
- In older version exports default entries might show with «add» instead of «set» command. That should be edited before import to avoid errors.
- Check if interface/module: ether/wlan/modem/com/etc count match on new and old device. If there will some missing that will end up in error during .rsc import.
In case of problematic import, attempt the following:
- Reset the configuration on that device.
- Run import command again with «verbose=yes» argument. It will stop also stop import process on problem which you already encountered, but will also show place where export failed. That way showing you place where things need to be edited in .rsc import file
Startup delay
If your configuration relies on interfaces that might not yet have started up upon command execution, it is suggested to introduce delays, or to monitor until all needed interfaces are available. This example script allows you to set how many interfaces you are expecting, and how long to wait until they become available:
The above script will wait until there are 10 interfaces visible, or 30 seconds. If there are no 10 interfaces in this time, it will put a message in the log. Modify the variables according to your needs.
Overview
This article describes a set of commands used for configuration management.
Configuration Undo and Redo
Any action done in GUI or any command executed from the CLI is recorded in /system history . You can undo or redo any action by running undo or redo commands from the CLI or by clicking on Undo, and Redo buttons from the GUI.
A simple example to demonstrate the addition of the firewall rule and how to undo and redo the action:
[admin@v7_ccr_bgp] /ip/firewall/filter> add chain=forward action=drop [admin@v7_ccr_bgp] /ip/firewall/filter> print Flags: X - disabled, I - invalid; D - dynamic 0 X chain=input action=drop protocol=icmp src-address=10.155.101.1 log=no log-prefix="" 1 chain=forward action=drop [admin@v7_ccr_bgp] /ip/firewall/filter> /system/history/print Flags: U - undoable, R - redoable, F - floating-undo Columns: ACTION, BY, POLICy ACTION BY POLIC F filter rule added admin write U --- write [admin@v7_ccr_bgp] /ip/firewall/filter>
We have added a firewall rule and in /system history we can see all that is being done.
[admin@v7_ccr_bgp] /ip/firewall/filter> /undo [admin@v7_ccr_bgp] /ip/firewall/filter> print Flags: X - disabled, I - invalid; D - dynamic 0 X chain=input action=drop protocol=icmp src-address=10.155.101.1 log=no log-prefix="" [admin@v7_ccr_bgp] /ip/firewall/filter>
As you can see firewall rule disappeared.
Now redo the last change:
[admin@v7_ccr_bgp] /ip/firewall/filter> /redo [admin@v7_ccr_bgp] /ip/firewall/filter> print Flags: X - disabled, I - invalid; D - dynamic 0 X chain=input action=drop protocol=icmp src-address=10.155.101.1 log=no log-prefix="" 1 chain=forward action=drop [admin@v7_ccr_bgp] /ip/firewall/filter>
System history is capable of showing exact CLI commands that will be executed during Undo or Redo actions even if we perform the action from GUI, for example, detailed history output after adding TCP accept rule from WinBox:
[admin@v7_ccr_bgp] /system/history> print detail Flags: U - undoable, R - redoable, F - floating-undo F redo= /ip firewall filter add action=accept chain=forward disabled=no log=no \ log-prefix="" protocol=tcp undo=/ip firewall filter remove *4 action="filter rule added" by="admin" policy=write time=oct/10/2019 18:51:05 F redo=/ip firewall filter add action=accept chain=forward undo=/ip firewall filter remove *3 action="filter rule added" by="admin" policy=write time=oct/10/2019 18:49:03 U redo="" undo="" action="---" by="" policy=write time=sep/27/2019 13:07:35 [admin@v7_ccr_bgp] /system/history>
Safe Mode
It is sometimes possible to change router configuration in a way that will make the router inaccessible (except from local console). Usually, this is done by accident, but there is no way to undo the last change when the connection to the router is already cut. Safe mode can be used to minimize such risk.
The «Safe Mode» button in the Winbox GUI allows you to enter Safe Mode, while in the CLI, you can access it by either using the keyboard shortcut F4 or pressing [CTRL]+[X]. To exit without saving the made changes in CLI, hit [CTRL]+[D].