Difference between revisions of "Manual:Configuration Management"
|Line 267:||Line 267:|
|Line 298:||Line 325:|
Revision as of 15:13, 18 February 2016
This manual introduces you with commands which are used to perform the following functions:
- system backup;
- system restore from a backup;
- configuration export;
- configuration import;
- system configuration reset.
The configuration backup can be used for backing up MikroTik RouterOS configuration to a binary file, which can be stored on the router or downloaded from it using FTP for future use. The configuration restore can be used for restoring the router's configuration, exactly as it was at the backup creation moment, from a backup file. The restoration procedure assumes the cofiguration is restored on the same router, where the backup file was originally created, so it will create partially broken configuration if the hardware has been changed.
The configuration export can be used for dumping out complete or partial MikroTik RouterOS configuration to the console screen or to a text (script) file, which can be downloaded from the router using FTP protocol. The configuration dumped is actually a batch of commands that add (without removing the existing configuration) the selected configuration to a router. The configuration import facility executes a batch of console commands from a script file.
System reset command is used to erase all configuration on the router. Before doing that, it might be useful to backup the router's configuration.
Submenu level: /system backup
The backup save command is used to store the entire router configuration in a backup file. The file is shown in the /file submenu. It can be downloaded via ftp to keep it as a backup for your configuration.
Important! The backup file contains sensitive information, do not store your backup files inside the router's Files directory, instead, download them, and keep them in a secure location.
To restore the system configuration, for example, after a /system reset-configuration, it is possible to upload that file via ftp and load that backup file using load command in /system backup submenu.
Since RouterOS v6.13 it is possible to encrypt the backup files with RC4.
- load name=[filename] - Load configuration backup from a file
- save name=[filename] - Save configuration backup to a file (when no name is provided, default name will be used, and previous file will be overwritten)
- dont-encrypt - tells the system to not use any encryption and make the file readable in text editors (DANGEROUS)
- password - when not specified, current user password will be asked when restoring the file. when specified - this password will be asked instead.
Since RouterOS v6.13 the backup file is encrypted by default, if the current RouterOS user has a password configured, or if the "password" parameter is used. If your RouterOS user doesn't have a password set (for example admin and no password) then backup file is not encrypted, to enable encryption in this case, use the "password" parameter.
Notice that it is useless to set password, if you will use the "dont-encrypt=yes" parameter, the password can only be used with encrypted files.
To save the router configuration to file test:
[admin@MikroTik] system backup> save name=test Configuration backup saved [admin@MikroTik] system backup>
To see the files stored on the router:
[admin@MikroTik] > file print # NAME TYPE SIZE CREATION-TIME 0 test.backup backup 12567 sep/08/2004 21:07:50 [admin@MikroTik] >
To load the saved backup file test:
[admin@MikroTik] > system backup load name=test Restore and reboot? [y/N]: y Restoring system configuration System configuration restored, rebooting now
Command name: /export
The export command prints a script that can be used to restore configuration. The command can be invoked at any menu level, and it acts for that menu level and all menu levels below it. The output can be saved into a file, available for download using FTP.
- file=[filename] - saves the export to a file
[admin@MikroTik] > ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.1.0.172/24 10.1.0.0 10.1.0.255 bridge1 1 10.5.1.1/24 10.5.1.0 10.5.1.255 ether1 [admin@MikroTik] >
To make an export file:
[admin@MikroTik] ip address> export file=address [admin@MikroTik] ip address>
To see the files stored on the router:
[admin@MikroTik] > file print # NAME TYPE SIZE CREATION-TIME 0 address.rsc script 315 dec/23/2003 13:21:48 [admin@MikroTik] >
Starting from v5.12 compact export was added. It allows to export only part of configuration that is not default RouterOS config.
For example compact OSPF export:
[admin@SXT-ST] /routing ospf> export compact # jan/02/1970 20:16:32 by RouterOS 5.12 # software id = JRB7-9UGC # /routing ospf instance set [ find default=yes ] redistribute-connected=as-type-1 /routing ospf interface add disabled=yes interface=wlan1 network-type=point-to-point /routing ospf network add area=backbone network=10.255.255.36/32 add area=backbone disabled=yes network=10.5.101.0/24 add area=backbone network=10.10.10.0/24 [admin@SXT-ST] /routing ospf>
Compact export introduces another feature that indicates which part of config is default on RouterOS and cannot be deleted. As in example below '*' indicates that this OSPF instance is part of default configuration.
[admin@SXT-ST] /routing ospf instance> print Flags: X - disabled, * - default 0 * name="default" router-id=0.0.0.0 distribute-default=never redistribute-connected=as-type-1 redistribute-static=no redistribute-rip=no redistribute-bgp=no redistribute-other-ospf=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=auto metric-other-ospf=auto in-filter=ospf-in out-filter=ospf-out
List of default config by menus that cannot be removed:
|/interface wireless security-profiles||default|
|/ppp profile||"default", "default-encryption"|
|/ip hotspot profile||"default"|
|/ip hotspot user profile||"default"|
|/ip ipsec proposal||"default"|
|/ip smb shares||"pub"|
|/ip smb users||"guest"|
|/routing bfd interface||"all"|
|/routing bgp instance||"default"|
|/routing ospf instance||"default"|
|/routing ospf area||"backbone"|
|/routing ospf-v3 instance||"default"|
|/routing ospf-v3 area||"backbone"|
|/tool mac-server mac-winbox||"all"|
|/system logging||"info", "error", "warning", "critical"|
|/system logging action||"memory", "disk", "echo", "remote"|
|/queue type||"default", "ethernet-default", "wireless-default", "synchronous-default", "hotspot-default", "only-hardware-queue", "multi-queue-ethernet-default", "default-small"|
Command name: /import
The root level command /import [file_name] executes a script, stored in the specified file adds the configuration from the specified file to the existing setup. This file may contain any console comands, including scripts. is used to restore configuration or part of it after a /system reset event or anything that causes configuration data loss.
- file=[filename] - loads the exported configuration from a file to router
In RouterOS it is possible to automatically execute scripts - your script file has to be named anything.auto.rsc - once this file is uploaded using FTP to the router, it will automatically be executed, just like with the '/import' command. This method only works with FTP.
Once the file is uploaded, it is automatically executed. Information about the success of the commands that were executed is written to anything.auto.log
To load the saved export file use the following command:
[admin@MikroTik] > import address.rsc Opening script file address.rsc Script file loaded and executed successfully [admin@MikroTik] >
Import .rsc file troubleshooting
Configuration parts to watch out for in exported .rsc files
Things that should be removed from export files that were created with: "/export", before attempting import on new device.
- Interface renaming that is in conflict with default ethernet naming scheme.
/interface ethernet set [ find default-name=ether5 ] auto-negotiation=no name=ether1-gateway set [ find default-name=ether6 ] name=ether2 set [ find default-name=ether7 ] name=ether3 set [ find default-name=ether8 ] name=ether4 set [ find default-name=ether1 ] name=ether5 set [ find default-name=ether2 ] name=ether6 set [ find default-name=ether3 ] name=ether7 set [ find default-name=ether4 ] name=ether8
- In older version exports default entries might show with "add" instead of "set" command. That should be edited before import to avoid errors.
In case of problematic import attempt.
- Reset the configuration on that device.
- Run import command again with "verbose=yes" argument. It will stop also stop import process on problem which you already encountered, but will also show place where export failed. That way showing you place where things need to be edited in .rsc import file
Command name: /system reset-configuration
The command clears all configuration of the router and sets it to the default including the login name and password ('admin' and no password), IP addresses and other configuration is erased, interfaces will become disabled. After the reset command router will reboot.
- keep-users: keeps router users and passwords
- no-defaults: doesn't load any default cofigurations, just clears everything
- skip-backup: automatic backup is not created before reset, when yes is specified
- run-after-reset: specify export file name to run after reset
[admin@MikroTik] > system reset-configuration Dangerous! Reset anyway? [y/N]: n action cancelled [admin@MikroTik] >