====== Mikrotik ======
Mikrotik script example

<WRAP tip 60%>
<code>

[admin@MikroTik] > :global a {x=1; y=2}
[admin@MikroTik] > :set ($a->"x") 5 
[admin@MikroTik] > :environment print 
a={x=5; y=2}


/interface bridge port {:put [get [find interface=ether2] ]}
.id=*7;.nextid=*8;auto-isolate=false;bpdu-guard=false;bridge=bridge-agp;broadcast-flood=true;debug-info= prio 0x8000 num  
...

# by id
/interface bridge port {:put [get *7 ]}
[admin@MikroTik] /interface bridge port> /interface bridge port {:put [get *7 ]}
.id=*7;.nextid=*8;auto-isolate=false;bpdu-guard=false;bridge=bridge-agp;broadcast-flood=true;debug-info= prio 0x8000 num 2
....

print all key values of config
[admin@MikroTik] /interface bridge port> /interface bridge port {:foreach k,v in=[get *7 ] do={:put ("$k=$v")}}
.id=*7
.nextid=*8
auto-isolate=false
bpdu-guard=false
bridge=bridge-agp
broadcast-flood=true
debug-info= prio 0x8000 num 2
                              role:Dis (0) learn 0 forward 0 infoIs Dis edge 0 sendRSTP 1
                                                                                          proposing 0 agreed 0 agree 0 synced 1 isolate 0 newInfo 0
                                                                                                                                                    migration:CHK_RSTP tc:INACTIVE
                                                                                                                                                                                   ptimes: Msg:1668247142 Max: 0 FD: 80 HT: 2004064648
                                                                                                                                                                                                                                       pprio: RBI: 8000:0000
00000000 RPC: 0 BI: 8000:000000000000 tP: 0x0 rP: 0x0
                                                      dtimes: Msg:0 Max: 5120 FD: 3840 HT: 512
                                                                                               dprio: RBI: 8000:000000000000 RPC: 0 BI: 8000:000000000000 tP: 0x0 rP: 0x0

disabled=false

</code>
</WRAP>


  * https://www.youtube.com/watch?v=hFwqnH8c7A0 - http://mkrtk.ru/wbpfd - routing decision - diagram
  * https://pnetlab.com/pages/main - laboratory
  * [[https://serveradmin.ru/category/mikrotik/| статьи для начала]]
  * [[https://gregory-gost.ru/routers/mikrotik/| настройка с 0]]

  * https://mikrotik.com/product/rb5009ug_s_in rb5009ug


  * [[https://mum.mikrotik.com/presentations/RU18M/presentation_6157_1554717194.pdf||как правильно делать multi wan]]
  *  [[http://mikrotik.vetriks.ru/wiki/%D0%93%D0%BE%D1%82%D0%BE%D0%B2%D1%8B%D0%B5_%D1%80%D0%B5%D1%88%D0%B5%D0%BD%D0%B8%D1%8F:%D0%9D%D0%B0%D1%81%D1%82%D1%80%D0%BE%D0%B9%D0%BA%D0%B0_%D0%B4%D0%B2%D1%83%D1%85_%D0%98%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82-%D0%BA%D0%B0%D0%BD%D0%B0%D0%BB%D0%BE%D0%B2_(%D1%80%D0%B5%D0%B7%D0%B5%D1%80%D0%B2%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5) | Mikrotik Настройка двух Интернет-каналов (резервирование)]]
  * [[https://mum.mikrotik.com/presentations/RU15/presentation_2571_1443620732.PDF | ДЛЯ ЧЕГО НЕОБХОДИМ MPLS]]
  * IPSEC https://asp24.ru/mikrotik/vpn/obzor-ipsec-v-mikrotik/
  * -- mikrotik [[https://spw.ru/educate/articles/queues-v-routeros-simple-queues-mikrotik/|queues]]
  * -- mikrotik sip shaping [[https://mum.mikrotik.com/presentations/US16/presentation_3004_1462512668.pdf]]
  * -- [[https://interface31.ru/tech_it/2019/05/rasshirennaya-nastroyka-dns-i-dhcp-v-routerah-mikrotik.html|split dns]]

===== mikrotik simulating симуляция обучение =====
  * https://www.eve-ng.net/ eve

===== mikrotik.configure.vip sip =====
  * https://www.youtube.com/watch?v=_q1-_dNzlig&list=PLvQ2ZHtskbolPgUdIGHSk_Zk5D_OVDRoF&index=2

===== mikrotik.packet sniffer tcpdump =====
  * для работы torch + sniffer нужно отключить ''hardware offload в bridge -> ports -> eth0 -> hardware offload ''
  * https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration - если нужно перехватывать на уровне layer 2 - раздел "Packet flow with hardware offloading and MAC learning"
  * https://wiki.merionet.ru/seti/6/perexvat-paketov-na-mikrotik/
==== Mikrotik security ====
  * https://www.youtube.com/watch?v=FsCN6a65otM

==== Mikrotik logstash ====
  * https://github.com/frap/logstash
  * https://archyslife.blogspot.com/2019/08/push-logs-and-data-into-elasticsearch_16.html

==== Microtik Примеры конфигурации ====

  * ++ interface wireless - отключать пользователей при падении уровня сигнала|
<code BASH>
# Создать access-list подключающийся только с определенным уровнем сигнала
/interface wireless access-list

 add allow-signal-out-of-range=30s\
 comment="connect only with good level" \
 signal-range=-75..0 \
 forwarding=no \
 interface=wlan3-agp-zal4-captive

 add authentication=no \
 comment="default disconnect" \
 vlan-mode=no-tag \
 forwarding=no \
 interface=wlan3-agp-zal4-captive


# Включить логирование событий вайфай
/system logging
add topics=wireless,debug

/
</code>
++
  * BGP for РКН[[https://habr.com/ru/post/413049/]]
  * mikrotik redudant VRRP - [[https://mum.mikrotik.com/presentations/HR13/ramires.pdf]]


==== Microtik VLAN ====
<code BASH>
# Пример настройки VLAN  с SWITCH  chip, native vlan - :!: в mikrotik NATIVE VLAN = VID:0
[admin@MikroTik-304] > /interface/ethernet/switch/vlan/
[admin@MikroTik-304] /interface/ethernet/switch/vlan> export
# feb/25/2024 19:05:42 by RouterOS 7.8beta2
# software id = W523-SWBT
#
# model = RBD52G-5HacD2HnD
# serial number = BEEB0A75E122
/interface ethernet switch vlan
add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=112
add independent-learning=yes ports=ether1,ether5,switch1-cpu switch=switch1 vlan-id=111
add independent-learning=yes ports=ether1,switch1-cpu,ether2,ether3,ether4,ether5 switch=switch1
[admin@MikroTik-304] /interface/ethernet/switch/vlan> /interface/ethernet/switch/port
[admin@MikroTik-304] /interface/ethernet/switch/port> export
# feb/25/2024 19:05:54 by RouterOS 7.8beta2
# software id = W523-SWBT
#
# model = RBD52G-5HacD2HnD
# serial number = BEEB0A75E122
/interface ethernet switch port
set 0 default-vlan-id=0 vlan-header=add-if-missing
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=111 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=0
[admin@MikroTik-304] /interface/ethernet/switch/port> 
#  WIFI configure 
# Under /interface ethernet switch vlan switch1-cpu passes traffic from the switch chip to the CPU, only required for VLANs connected to services provided by the CPU such as IP address, routing, DHCP server and software-based # interfaces (tunnels, wireless).
# Under /interface ethernet switch port use vlan-header=leave-as-is for the switch chip in the hAP ac as mentioned in the wiki and help pages.
# Under interface wireless use both vlan-mode=use-tag AND vlan-id= to specify which VLAN the interface should be connected to.
# Under /interface bridge port setting hw=yes for the wireless interfaces is pointless, the drivers are implemented in software.
</code>

  - https://danservices.com.au/support/mikrotik-vlan-configuration-2020/
  - https://www.youtube.com/watch?v=pdpFAxwocTo
  - https://mum.mikrotik.com/presentations/HU19/presentation_6775_1559545769.pdf