Manual:IP/Cloud: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
 
(56 intermediate revisions by 5 users not shown)
Line 3: Line 3:
__TOC__
__TOC__


{{Note | Currently running as public beta. Server availability could vary, and syntax could change}}
= Summary =


= Summary =
Since RouterOS v6.14 MikroTik offers multiple services for your RouterBOARD devices that are connected to the Internet. These services are meant to ease the inconveniences when configuring, setting up, controlling, maintaining or monitoring your device. More detailed list of available services that IP/Cloud can provide can be found below.


Since RouterOS v6.14 MikroTik offers a Dynamic DNS name service for RouterBOARD devices. This means that your device can automatically get a working domain name, this is useful if your IP address changes often, and you want to always know how to connect to your router.
{{Note|Since RouterOS v6.27 "ip cloud enabled" is renamed to "ip cloud ddns-enabled" this may require some changes in your scripts if you are using this feature in a script.}}


{{Note|Since RouterOS v6.27 "ip cloud enabled" is renamed to "ip cloud ddns-enabled" this may require some changes in scripts if you are using this feature in a script.}}
= Services =


'''The cloud service provides these services: '''
{{ Note | Since RouterOS v6.43 your device will use '''cloud2.mikrotik.com''' to communicate with the MikroTik's Cloud server. Older versions will use '''cloud.mikrotik.com''' to communicate with the MikroTik's Cloud server. }}


* ddns (provide dns name for router's WAN IPv4 and/or IPv6 address)
{{ Warning | Be aware that if router has multiple public IP addresses and/or multiple internet gateways, the exact IP used for the communicating with the MikroTik's Cloud server may not be as expected! }}
* approximate time (accuracy of several seconds, depends on UDP packet latency, useful when NTP is not available)
* time zone detection (if enabled, clock time zone will be updated even when DDNS and update time are disabled)


{{Note | To actually connect to the router using the DNS name provided by cloud server, user must configure router's firewall to permit such access from the WAN port. (Default MikroTik configuration does not permit access to services such as WebFig, WinBox etc. from WAN port)}}
{{ Note | IP/Cloud requires a working paid license on Cloud Hosted Router (CHR). }}


{{Warning | Be aware that if router has multiple public IP addresses and/or multiple internet gateways, the exact IP used for the update may not be as expected!}}
== DDNS ==


= Operation details =
DDNS or Dynamic DNS is a service that updates the IPv4 address for A records and the IPv6 address for AAAA records periodically. Such a service is very useful when your ISP has provided a dynamic IP address that changes periodically, but you always need an address that you can use to connect to your device remotely. Below you can find operation details that are relevant to the IP/Cloud's DDNS service:


* Checks for outgoing IP address change: every 60 seconds  
* Checks for outgoing IP address change: every 60 seconds  
* Waits for the MikroTiks cloud server's response: 15 seconds  
* Waits for the MikroTik's Cloud server's response: 15 seconds  
* DDNS record TTL: 60 seconds  
* DDNS record TTL: 60 seconds
* Cloud time update: after reboott and during every DDNS update (when routers WAN IP address changes or after the <code>force-update</code> command is used)
* Sends encrypted packets to '''cloud.mikrotik.com''' or '''cloud2.mikrotik.com''' using UDP/15252 port
* Time-zone-autodetect: The time zone is detected depending on the router's public IP address and our commercial database
 
After the device has sent its IP address to the MikroTiks cloud server, it will stay on the server permanently. DNS name (/ip cloud ddns-name) will resolve to last sent IP address. When user sets <code>/ip cloud set ddns-enabled=no</code>, then the device will send a message to MikroTik's cloud server to disable the DNS name for this device.


When <code>/ip cloud set ddns-enabled=yes</code> is set, then the device will send encrypted packets to MikroTiks cloud server using port '''UDP/15252'''. For devices using RouterOS v6.43 and newer the encrypted [[Manual:IP/Cloud | IP/Cloud]] packets are going to be sent to '''cloud2.mikrotik.com'''. For devices using older RouterOS versions (prior to v6.43), encrypted [[Manual:IP/Cloud | IP/Cloud]] are going to be sent to '''cloud.mikrotik.com'''.
Since RouterOS v6.43 if your device is able to reach '''cloud2.mikrotik.com''' using IPv6, then a DNS '''AAAA''' record is going to be created for your public IPv6 address. If your device is only able to reach cloud2.mikrotik.com using IPv4, then only a DNS '''A''' record is going to be created for your public IPv4 address.
 
Since RouterOS v6.43 if your device is able to reach '''cloud2.mikrotik.com''' using IPv6, then '''AAAA''' record is going to be created for your public IPv6 address. If your device is only able to reach '''cloud2.mikrotik.com''' using IPv4, then only '''A''' record is going to be created for your public IPv4 address.
 
{{ Note | IP Cloud requires a working license on Cloud Hosted Router (CHR). }}
 
== Example ==
 
<p>To enable and activate this service:</p>


To enable the DDNS service:
<pre>
<pre>
[admin@MikroTik] /ip cloud set ddns-enabled=yes
[admin@MikroTik] /ip cloud set ddns-enabled=yes
[admin@MikroTik] /ip cloud print
[admin@MikroTik] /ip cloud print
         ddns-enabled: yes
         ddns-enabled: yes
ddns-update-interval: none
           update-time: yes
           update-time: yes
       public-address: 1159.148.147.196
       public-address: 159.148.147.196
   public-address-ipv6: 2a02:610:7501:1000::2
   public-address-ipv6: 2a02:610:7501:1000::2
             dns-name: 529c0491d41c.sn.mynetname.net
             dns-name: 529c0491d41c.sn.mynetname.net
Line 52: Line 41:
</pre>
</pre>


<p>To enable time update from cloud service:</p>
{{ Note | When the service is enable, a DNS name will be stored on the MikroTik's Cloud server permanently and this DNS name will resolve to the last IP that your IP has sent to the MikroTik's Cloud server. }}
 
To disable the DDNS service:
<pre>
/ip cloud set ddns-enabled=no
</pre>
 
{{ Note | As soon as you disable the service, your device sends a command to the MikroTik's Cloud server to remove the stored DNS name. }}
 
To manually trigger a DNS update:
<pre>
[admin@MikroTik] > /ip cloud force-update
</pre>
 
{{Note | To actually connect to the device using the DNS name provided by cloud server, user must configure router's firewall to permit such access from the WAN port. (Default MikroTik configuration does not permit access to services such as WebFig, WinBox etc. from WAN port)}}
 
== Update time ==


Correct time on a device is important, it cause issues with the system's logs, break HTTPS connectivity to the device, tunnel connectivity and other issues. To have your system's clock updated, you can use [[ Manual:System/Time#NTP_client_and_server | NTP]] or [[ Manual:System/Time#SNTP_client | SNTP]], though it requires you to specify an IP address for the NTP Server. In most cases NTP/SNTP is not required in order to simply have a correct time set on the device, for simplicity you can use the IP Cloud's update time service. Below you can find operation details that are relevant to the IP/Cloud's update time service:
* Approximate time (accuracy of several seconds, depends on UDP packet latency)
* Updates time after a reboot and during every DDNS update (when router's WAN IP address changes or after the force-update command is used)
* Sends encrypted packets to '''cloud.mikrotik.com''' or '''cloud2.mikrotik.com''' using UDP/15252 port
* Detects time-zone depending on the router's public IP address and our commercial database
To enable the time update service:
<pre>
<pre>
[admin@MikroTik] > ip cloud set update-time=yes  
[admin@MikroTik] > /ip cloud set update-time=yes  
</pre>
</pre>


<p>To enable automatic time zone detection:</p>
To enable automatic time zone detection:
<pre>
[admin@MikroTik] > /system clock set time-zone-autodetect=yes
</pre>


{{ Note | If <code>/ip cloud update-time</code> is set to <code>auto</code>, then device's clock will be updated with MikroTik's Cloud server time (if no [[ Manual:System/Time#NTP_client_and_server | NTP]] or [[ Manual:System/Time#SNTP_client | SNTP]] client is enabled). }}
== Backup ==
Since RouterOS v6.44 it is possible to store your device's [[ Manual:Configuration_Management#System_Backup | backup]] on MikroTik's Cloud server. The backup service allows you to upload an encrypted backup file, download it and apply the backup file to your device as long as your device is able to reach MikroTik's Cloud server. Below you can find operation details that are relevant to the IP/Cloud's backup service:
* 1 free backup slot for each device
* Allowed backup size: 15MB
* Sends encrypted packets to '''cloud2.mikrotik.com''' using UDP/15252 and TCP/15252 port
To create a new backup and upload it the MikroTik's Cloud server:
<pre>
<pre>
[admin@MikroTik] > system clock set time-zone-autodetect=yes
/system backup cloud upload-file action=create-and-upload password=test123!!!
[admin@MikroTik] > /system backup cloud print
0 name="cloud-20180921-162649" size=13.2KiB ros-version="6.44beta9" date=sep/21/2018 16:26:49 status="ok" secret-download-key="AbCdEfGhIjKlM1234567890"
</pre>
</pre>
{{ Note | The <code>create-and-upload</code> action command will create a new system's backup file,encrypt the backup file with AES using the provided password and upload it. For <code>upload</code> action command the <var>password</var> property has no effect since the <code>upload</code> action command uploads only already created system's backup files. }}
To download the uploaded backup file and save it to device's memory:
<pre>
[admin@MikroTik] > /system backup cloud download-file action=download number=0
### OR
[admin@MikroTik] > /system backup cloud download-file action=download secret-download-key=AbCdEfGhIjKlM1234567890
</pre>
{{ Warning | The <var>secret-download-key</var> is a unique identifier that can be used to download your encrypted backup to your other devices. Since you can download your encrypted backup from any location and any device by using the <var>secret-download-key</var>, then you should try to keep this identifier a secret. The downloaded backup is still encrypted using AES, nevertheless make sure you are using a strong password! }}
To remove the uploaded backup:
<pre>
/system backup cloud remove-file number=0
</pre>
To upload an existing backup file (created previously):
<pre>
[admin@MikroTik] > /system backup save encryption=aes-sha256 name=old_backup password=test123!!!
[admin@MikroTik] > /system backup cloud upload-file action=upload src-file=old_backup.backup
[admin@MikroTik] > /system backup cloud print
0 name="cloud-20180921-164044" size=13.2KiB ros-version="6.44beta9" date=sep/21/2018 16:40:44 status="ok" secret-download-key="AbCdEfGhIjKlM1234567890"
</pre>
{{ Note | Make sure that the backup was encrypted using AES, otherwise the IP/Cloud will reject the backup upload. Since there is only 1 free backup slot per device, then you need to remove the existing backup before uploading a new one. }}
{{ Warning | When importing a backup all MAC addresses are set to the MAC addresses that the device was using. This is useful when you are replacing a device that has failed, but this might not be desired when applying the same backup on multiple devices since it will set the same MAC addresses on multiple devices, which can cause connectivity issues. You can always use the <code>reset-mac-address</code> command on each interface to set the original MAC address back. }}


= Properties =
= Properties =
Line 73: Line 130:
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-table
|arg=ddns-enabled
|arg=ddns-enabled
|type=yes {{!}} no
|type=yes {{!}} no
|default=no
|default=no
|desc=If set to "yes" then router will send an encrypted message to the MikroTik cloud server. Server will then decrypt the message and verify that sender is an authentic Mikrotik router. If all is OK then server will create a DDNS record for this router and send response to the router. Every minute the cloud service on the router will check if WAN IP address  
|desc=If set to <code>yes</code>, then the device will send an encrypted message to the MikroTik's Cloud server. The server will then decrypt the message and verify that the sender is an authentic MikroTik device. If all is OK, then the MikroTik's Cloud server will create a DDNS record for this device and send a response to the device. Every minute the IP/Cloud service on the router will check if WAN IP address  
matches the one sent to server and will send encrypted update to cloud server if IP address changes.  
matches the one sent to MikroTik's Cloud server and will send encrypted update to cloud server if IP address changes.  
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-table
|arg=force-update
|arg=ddns-update-interval
|type=command
|type=time, minimum 60 seconds
|desc=When executed, ddns update to cloud server will be sent immediately, even if router's IP address is not changed.  
|default=none
 
|desc=If set DDNS will attempt to connect IP Cloud servers at the set interval. If set to '''none''' it will continue to internally check IP address update and connect to IP Cloud servers as needed. Useful if IP address used is not on the router itself and thus, cannot be checked as a value internal to the router.
Note: if ''/ip cloud update-time'' is set to "auto" then router clock will be updated to cloud server time (if no ntp or sntp client is enabled).  
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-table
|arg=update-time
|arg=update-time
|type=yes {{!}} no
|type=yes {{!}} no
|default=no
|default=yes
|desc=If set to "yes" then router clock will be set to time, provided by cloud server IF there is no SNTP or NTP service enabled. If set to "no" then cloud service will never update router clock. If update-time = yes, Clock will be updated even when /ip cloud ddns-enabled = no  
|desc=If set to <code>yes</code> then router clock will be set to time, provided by cloud server '''IF''' there is no [[ Manual:System/Time#NTP_client_and_server | NTP]] or [[ Manual:System/Time#SNTP_client | SNTP]] client enabled. If set to <code>no</code>, then IP/Cloud service will never update the device's clock. If <var>update-time</var> is set to <code>yes</code>, Clock will be updated even when <var>ddns-enabled</var> is set to <code>no</code>.
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-ro-table
|arg=public-address
|arg=public-address
|type=string
|type=read-only: address
|desc=Read only, shows router IPv4 address that was sent to cloud server and assigned to DNS name (see "/ip cloud dns-name"). This field is visible only after at least one ddns-request was successfully completed.  
|desc=Shows device's IPv4 address that was sent to cloud server. This field is visible only after at least one IP Cloud request was successfully completed.
}}
 
{{Mr-arg-ro-table
|arg=public-address-ivp6
|type=read-only: address
|desc=Shows device's IPv6 address that was sent to cloud server. This field is visible only after at least one IP Cloud request was successfully completed.  
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-ro-table
|arg=warning  
|arg=warning  
|type=string
|type=read-only: string
|desc=Read only, shows a warning message if IP address sent by router differs from IP address in UDP packet header as visible by cloud server. Typically this happens if router is behind NAT. Example: "DDNS server received request from IP 123.123.123.123 but your local IP was 192.168.88.23; DDNS service might not work"  
|desc=Shows a warning message if IP address sent by the device differs from the IP address in UDP packet header as visible by the MikroTik's Cloud server. Typically this happens if the device is behind NAT. Example: "DDNS server received request from IP 123.123.123.123 but your local IP was 192.168.88.23; DDNS service might not work"  
}}
}}


{{Mr-arg-ro-table
{{Mr-arg-ro-table
|arg=dns-name
|arg=dns-name
|type=string
|type=read-only: name
|desc=Read only, shows DNS name assigned to the router. Name consists of 12 character serial number appended by ''.sn.mynetname.net''. This field is visible only after at least one ddns-request is successfully completed.  
|desc=Shows DNS name assigned to the rdevice. Name consists of 12 character serial number appended by ''.sn.mynetname.net''. This field is visible only after at least one ddns-request is successfully completed.  
}}
}}


{{Mr-arg-ro-table-end
{{Mr-arg-ro-table-end
|arg=status
|arg=status
|type=status
|type=read-only: string
|desc=Read only, contains text string that describes current dns-service state. The messages are self explanatory
|desc=Contains text string that describes current dns-service state. The messages are self explanatory


*'''updating...'''
* '''updating...'''
*'''updated'''
* '''updated'''
*'''Error: no Internet connection'''
* '''Error: no Internet connection'''
*'''Error: request timed out'''
* '''Error: request timed out'''
*'''Error: REJECTED. Contact MikroTik support'''
* '''Error: REJECTED. Contact MikroTik support'''
*'''Error: internal error''' - should not happen. One possible cause is if router runs out of memory
* '''Error: internal error''' - should not happen. One possible cause is if router runs out of memory
}}


}}


== Advanced ==
== Advanced ==
Line 137: Line 199:
}}
}}


{{Mr-arg-ro-table-end
{{Mr-arg-table-end
|arg=use-local-address
|arg=use-local-address
|type=yes {{!}} no
|type=yes {{!}} no
|default=no
|default=no
|desc=By default, the DNS name will be assigned to the detected public address (from the UDP packet header). If you wish to send your "local" or "internal" IP address, set this to "yes"
|desc=By default, the DNS name will be assigned to the detected public address (from the UDP packet header). If you wish to send your "local" or "internal" IP address, then set this to <code>yes</code>
}}
 
== Cloud backup ==
 
<p id="shbox"><b>Sub-menu:</b> <code>/system backup cloud</code></p><br/>
 
Below you can find commands and properties that are relevant to the specific command, other properties will not have any effect.
 
* download-file
 
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
 
{{Mr-arg-ro-table
|arg=action
|type=download
|desc=Downloads an uploaded backup file from MikroTik's Cloud server.
}}
 
{{Mr-arg-ro-table
|arg=number
|type=integer
|desc=Specifies the backup slot on the MikroTik's Cloud server, the free backup slot is always going to be in the <code>0th</code> slot.
}}
 
{{Mr-arg-ro-table-end
|arg=secret-download-key
|type=string
|desc=Unique identifier that can be used to download your uploaded backup file. When downloading the uploaded backup file you do not have to be using the same device, from which the backup was uploaded from. Useful when deploying a backup on a new device.
}}
 
 
* remove-file
 
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
 
{{Mr-arg-ro-table-end
|arg=number
|type=integer
|desc=Deletes the backup file in the specified backup slot, the free backup slot is always going to be in the <code>0th</code> slot.
}}
 
 
* upload-file
 
{{Mr-arg-table-h
|prop=Property
|desc=Description
}}
 
{{Mr-arg-ro-table
|arg=action
|type=create-and-upload | upload
|desc=Uploads a backup file to the MikroTik's Cloud server.
* <code>create-and-upload</code> - creates a new backup file with the specified password and uploads it
* <code>upload</code> - uploads a created system's backup file.
}}
 
{{Mr-arg-ro-table
|arg=name
|type=string
|desc=Specifies the backup's name that will show up in the uploaded backups list. This is '''NOT''' the source backup's name, this name is only used for visual representation.
}}
 
{{Mr-arg-ro-table
|arg=src-file
|type=file
|desc=Backup's file name to upload that was created using <code>/system backup</code>. This property only has effect when <var>action</var> is set to <code>upload</code>.
}}
 
{{Mr-arg-ro-table-end
|arg=password
|type=string
|desc=Create, encrypt and upload a backup file with the specified password. This property only has effect when <var>action</var> is set to <code>create-and-upload</code>.
}}
}}



Latest revision as of 09:02, 2 June 2022

Applies to RouterOS: v6.14 +

Summary

Since RouterOS v6.14 MikroTik offers multiple services for your RouterBOARD devices that are connected to the Internet. These services are meant to ease the inconveniences when configuring, setting up, controlling, maintaining or monitoring your device. More detailed list of available services that IP/Cloud can provide can be found below.

Note: Since RouterOS v6.27 "ip cloud enabled" is renamed to "ip cloud ddns-enabled" this may require some changes in your scripts if you are using this feature in a script.


Services

Note: Since RouterOS v6.43 your device will use cloud2.mikrotik.com to communicate with the MikroTik's Cloud server. Older versions will use cloud.mikrotik.com to communicate with the MikroTik's Cloud server.


Warning: Be aware that if router has multiple public IP addresses and/or multiple internet gateways, the exact IP used for the communicating with the MikroTik's Cloud server may not be as expected!


Note: IP/Cloud requires a working paid license on Cloud Hosted Router (CHR).


DDNS

DDNS or Dynamic DNS is a service that updates the IPv4 address for A records and the IPv6 address for AAAA records periodically. Such a service is very useful when your ISP has provided a dynamic IP address that changes periodically, but you always need an address that you can use to connect to your device remotely. Below you can find operation details that are relevant to the IP/Cloud's DDNS service:

  • Checks for outgoing IP address change: every 60 seconds
  • Waits for the MikroTik's Cloud server's response: 15 seconds
  • DDNS record TTL: 60 seconds
  • Sends encrypted packets to cloud.mikrotik.com or cloud2.mikrotik.com using UDP/15252 port

Since RouterOS v6.43 if your device is able to reach cloud2.mikrotik.com using IPv6, then a DNS AAAA record is going to be created for your public IPv6 address. If your device is only able to reach cloud2.mikrotik.com using IPv4, then only a DNS A record is going to be created for your public IPv4 address.

To enable the DDNS service:

[admin@MikroTik] /ip cloud set ddns-enabled=yes
[admin@MikroTik] /ip cloud print
         ddns-enabled: yes
 ddns-update-interval: none
          update-time: yes
       public-address: 159.148.147.196
  public-address-ipv6: 2a02:610:7501:1000::2
             dns-name: 529c0491d41c.sn.mynetname.net
               status: updated

Note: When the service is enable, a DNS name will be stored on the MikroTik's Cloud server permanently and this DNS name will resolve to the last IP that your IP has sent to the MikroTik's Cloud server.


To disable the DDNS service:

/ip cloud set ddns-enabled=no

Note: As soon as you disable the service, your device sends a command to the MikroTik's Cloud server to remove the stored DNS name.


To manually trigger a DNS update:

[admin@MikroTik] > /ip cloud force-update

Note: To actually connect to the device using the DNS name provided by cloud server, user must configure router's firewall to permit such access from the WAN port. (Default MikroTik configuration does not permit access to services such as WebFig, WinBox etc. from WAN port)


Update time

Correct time on a device is important, it cause issues with the system's logs, break HTTPS connectivity to the device, tunnel connectivity and other issues. To have your system's clock updated, you can use NTP or SNTP, though it requires you to specify an IP address for the NTP Server. In most cases NTP/SNTP is not required in order to simply have a correct time set on the device, for simplicity you can use the IP Cloud's update time service. Below you can find operation details that are relevant to the IP/Cloud's update time service:

  • Approximate time (accuracy of several seconds, depends on UDP packet latency)
  • Updates time after a reboot and during every DDNS update (when router's WAN IP address changes or after the force-update command is used)
  • Sends encrypted packets to cloud.mikrotik.com or cloud2.mikrotik.com using UDP/15252 port
  • Detects time-zone depending on the router's public IP address and our commercial database

To enable the time update service:

[admin@MikroTik] > /ip cloud set update-time=yes 

To enable automatic time zone detection:

[admin@MikroTik] > /system clock set time-zone-autodetect=yes 

Note: If /ip cloud update-time is set to auto, then device's clock will be updated with MikroTik's Cloud server time (if no NTP or SNTP client is enabled).


Backup

Since RouterOS v6.44 it is possible to store your device's backup on MikroTik's Cloud server. The backup service allows you to upload an encrypted backup file, download it and apply the backup file to your device as long as your device is able to reach MikroTik's Cloud server. Below you can find operation details that are relevant to the IP/Cloud's backup service:

  • 1 free backup slot for each device
  • Allowed backup size: 15MB
  • Sends encrypted packets to cloud2.mikrotik.com using UDP/15252 and TCP/15252 port

To create a new backup and upload it the MikroTik's Cloud server:

/system backup cloud upload-file action=create-and-upload password=test123!!!
[admin@MikroTik] > /system backup cloud print 
 0 name="cloud-20180921-162649" size=13.2KiB ros-version="6.44beta9" date=sep/21/2018 16:26:49 status="ok" secret-download-key="AbCdEfGhIjKlM1234567890" 

Note: The create-and-upload action command will create a new system's backup file,encrypt the backup file with AES using the provided password and upload it. For upload action command the password property has no effect since the upload action command uploads only already created system's backup files.


To download the uploaded backup file and save it to device's memory:

[admin@MikroTik] > /system backup cloud download-file action=download number=0
### OR
[admin@MikroTik] > /system backup cloud download-file action=download secret-download-key=AbCdEfGhIjKlM1234567890

Warning: The secret-download-key is a unique identifier that can be used to download your encrypted backup to your other devices. Since you can download your encrypted backup from any location and any device by using the secret-download-key, then you should try to keep this identifier a secret. The downloaded backup is still encrypted using AES, nevertheless make sure you are using a strong password!


To remove the uploaded backup:

/system backup cloud remove-file number=0

To upload an existing backup file (created previously):

[admin@MikroTik] > /system backup save encryption=aes-sha256 name=old_backup password=test123!!!
[admin@MikroTik] > /system backup cloud upload-file action=upload src-file=old_backup.backup
[admin@MikroTik] > /system backup cloud print 
 0 name="cloud-20180921-164044" size=13.2KiB ros-version="6.44beta9" date=sep/21/2018 16:40:44 status="ok" secret-download-key="AbCdEfGhIjKlM1234567890"

Note: Make sure that the backup was encrypted using AES, otherwise the IP/Cloud will reject the backup upload. Since there is only 1 free backup slot per device, then you need to remove the existing backup before uploading a new one.


Warning: When importing a backup all MAC addresses are set to the MAC addresses that the device was using. This is useful when you are replacing a device that has failed, but this might not be desired when applying the same backup on multiple devices since it will set the same MAC addresses on multiple devices, which can cause connectivity issues. You can always use the reset-mac-address command on each interface to set the original MAC address back.


Properties

Sub-menu: /ip cloud


Property Description
ddns-enabled (yes | no; Default: no) If set to yes, then the device will send an encrypted message to the MikroTik's Cloud server. The server will then decrypt the message and verify that the sender is an authentic MikroTik device. If all is OK, then the MikroTik's Cloud server will create a DDNS record for this device and send a response to the device. Every minute the IP/Cloud service on the router will check if WAN IP address matches the one sent to MikroTik's Cloud server and will send encrypted update to cloud server if IP address changes.
ddns-update-interval (time, minimum 60 seconds; Default: none) If set DDNS will attempt to connect IP Cloud servers at the set interval. If set to none it will continue to internally check IP address update and connect to IP Cloud servers as needed. Useful if IP address used is not on the router itself and thus, cannot be checked as a value internal to the router.
update-time (yes | no; Default: yes) If set to yes then router clock will be set to time, provided by cloud server IF there is no NTP or SNTP client enabled. If set to no, then IP/Cloud service will never update the device's clock. If update-time is set to yes, Clock will be updated even when ddns-enabled is set to no.
public-address (read-only: address) Shows device's IPv4 address that was sent to cloud server. This field is visible only after at least one IP Cloud request was successfully completed.
public-address-ivp6 (read-only: address) Shows device's IPv6 address that was sent to cloud server. This field is visible only after at least one IP Cloud request was successfully completed.
warning (read-only: string) Shows a warning message if IP address sent by the device differs from the IP address in UDP packet header as visible by the MikroTik's Cloud server. Typically this happens if the device is behind NAT. Example: "DDNS server received request from IP 123.123.123.123 but your local IP was 192.168.88.23; DDNS service might not work"
dns-name (read-only: name) Shows DNS name assigned to the rdevice. Name consists of 12 character serial number appended by .sn.mynetname.net. This field is visible only after at least one ddns-request is successfully completed.
status (read-only: string) Contains text string that describes current dns-service state. The messages are self explanatory
  • updating...
  • updated
  • Error: no Internet connection
  • Error: request timed out
  • Error: REJECTED. Contact MikroTik support
  • Error: internal error - should not happen. One possible cause is if router runs out of memory


Advanced

Sub-menu: /ip cloud advanced


Property Description
use-local-address (yes | no; Default: no) By default, the DNS name will be assigned to the detected public address (from the UDP packet header). If you wish to send your "local" or "internal" IP address, then set this to yes

Cloud backup

Sub-menu: /system backup cloud


Below you can find commands and properties that are relevant to the specific command, other properties will not have any effect.

  • download-file
Property Description
action (download) Downloads an uploaded backup file from MikroTik's Cloud server.
number (integer) Specifies the backup slot on the MikroTik's Cloud server, the free backup slot is always going to be in the 0th slot.
secret-download-key (string) Unique identifier that can be used to download your uploaded backup file. When downloading the uploaded backup file you do not have to be using the same device, from which the backup was uploaded from. Useful when deploying a backup on a new device.


  • remove-file
Property Description
number (integer) Deletes the backup file in the specified backup slot, the free backup slot is always going to be in the 0th slot.


  • upload-file
Property Description
action (create-and-upload) Uploads a backup file to the MikroTik's Cloud server.
  • create-and-upload - creates a new backup file with the specified password and uploads it
  • upload - uploads a created system's backup file.
name (string) Specifies the backup's name that will show up in the uploaded backups list. This is NOT the source backup's name, this name is only used for visual representation.
src-file (file) Backup's file name to upload that was created using /system backup. This property only has effect when action is set to upload.
password (string) Create, encrypt and upload a backup file with the specified password. This property only has effect when action is set to create-and-upload.

[ Top | Back to Content ]