RouterBoard MikroTik

De Linuxmemo.

Sommaire 1 Manuel 2 root menu 3 Commands and Scripting 4 System 5 IP 6 Tools 7 how to generate SSL certificate and enable HTTPS 8 Astuces

Manuel

http://wiki.mikrotik.com/wiki/Manual:TOC

root menu

certificate -- Certificate management
disk -- list all attached storage devices (non disponible pour RS450 car aucun usb/sd slot)
driver -- Driver management (non disponible pour RS450 car tous les drivers sont déjà chargés)
file -- Local router file storage.
interface -- Interface configuration
ip -- IP options
ipv6 --
log -- System logs
metarouter -- virtualisation de routeurs (non disponible pour RS450)
mpls -- 
partitions -- (non pertinent pour RS450 car 1 seule partition est disponible)
port -- Serial ports
queue -- Bandwidth management
radius -- Radius client settings
routing -- 
snmp -- SNMP settings
system -- 
tool -- Diagnostics tools
user --

Commands and Scripting

http://wiki.mikrotik.com/wiki/Manual:Scripting

System

backup -- Makes a full system backup
check-installation -- Check installed packages
clock -- Print/change system date and time
console -- Connection over serial port
default-configuration -- 
health -- Router health
history -- Command history
identity -- System identity
leds -- 
license -- Licensing information
logging -- Global logging configuration
note -- Login note
ntp -- 
package -- Software packages
reboot -- Restart the router
reset-configuration -- 
resource -- System resources
routerboard -- Routerboard options
scheduler -- Schedule scripts to be run at times
script -- Scripting management
serial-terminal -- Serial Terminal
shutdown -- Shut the router down
ssh -- SSH client
sup-output -- Create support output file
telnet -- Run Telnet 
upgrade -- Router upgrading
watchdog -- Watchdog
export -- Print or save an export script that can be used to restore configuration

IP

accounting -- Traffic accounting
address -- Address management
arp -- ARP entries management
cloud -- 
dhcp-client -- DHCP client settings
dhcp-relay -- DHCP relay settings
dhcp-server -- DHCP server settings
dns -- DNS settings - This is a simple DNS cache with local items (provide fake DNS information to your network clients).
firewall -- Firewall management
hotspot -- HotSpot servers management
ipsec -- IP security
neighbor -- Neighbors
packing -- Packet packing settings
pool -- IP address pool
proxy -- performs proxying of HTTP and HTTP-proxy (for FTP and HTTP protocols) requests.
route -- Route management
service -- IP services
settings -- IP Settings allows to configure several IP related kernel parameters. 
smb -- 
socks -- SOCKS version 4 proxy
ssh -- SSH settings
tftp -- TFTP
traffic-flow -- Traffic-Flow is a system that provides statistic information about packets which pass through the router to externe NTop program (by exemple).
upnp -- Universal Plug and Play

Tools

how to generate SSL certificate and enable HTTPS

https://blog.a2o.si/2015/08/11/mikrotik-how-to-generate-ssl-certificate-and-enable-https/

1. Create CA certificate first:
/certificate add name=my-rtr-ca common-name=my-rtr-ca key-usage=key-cert-sign,crl-sign
2. Sign the CA certificate:
/certificate sign my-rtr-ca
3. Now create a regular certificate for HTTPS access:
/certificate add name=my-rtr common-name=my-rtr
4. Sign it with CA from steps 1&2:
/certificate sign ca=my-rtr-ca my-rtr
OPTIONAL: Mark it as trusted (I did not need to do this, but internets beg to differ:):
/certificate set trusted=yes my-rtr-ca
/certificate set trusted=yes my-rtr
5. And finally, assign the new certificate to HTTPS service:
/ip service set www-ssl certificate=my-rtr

Astuces

• lister les utilisateurs actuellement logger sur le RouterBoard

/user active print

• Afficher la valeur d'un item (exemple "enabled")

:put [/ip accounting get enabled];
ou dans le contexte /ip accounting
:put [get enabled];
false

• Avoir une idée de quels "hosts" sont les plus consommateurs de bande passante (via accounting)

1) activation de l'accounting 
/ip accounting set account-local-traffic=yes enabled=yes
/ip accounting web-access set accessible-via-web=yes address=192.168.0.0/24
2) réaliser un "snapshot"
/ip accounting snapshot take
3) visualiser le "snapshot" réalisé
/ip accounting snapshot print
4) désactivation
/ip accounting set account-local-traffic=no enabled=no

la page "web-access" est disponible a cette url (attention uniquement en http et pas https)
http://IPduRouteur/accounting/ip.cgi