The document consists of 16 main parts. Parts can be divided further into sections. Each section (or a part if it doesn't consist of sections) of this document is divided into three subsections. In the first subsection, management from the Java Console is described. Management from the Console is described in the second subsection. The third subsection is devoted to description of the parameters. However some sections are not divided if it is not necessary.
The current manual version is being updated to a new format. Some sections of this manual are in our old format and some in the newer format. It is expected that all sections will be updated by June.
In this publication, the following conventions are used:
| to the contents |
Working with Interfaces
Adding Addresses
Configuring the Default Route
Testing the Network Connectivity
Application Example with Masquerading
Application Example with Bandwidth Management
Accessing the Router Remotely using Web Browser and Java Console
The download and installation process of the MikroTik RouterOS is described in the following diagram:
1. Download the basic installation archive file.
Depending on the desired media to be used for installing the MikroTik RouterOS please chose one of the following archive types for downloading:2. Create the installation media
Use the appropriate installation archive to create the Installation CD or floppies.3. Install the MikroTik RouterOS software.
Your dedicated PC router hardware should have:After successful installation please remove the installation media from your CD or floppy disk drive and hit 'Enter' to reboot the router. While the router will be starting up for the first time you will be given a Software ID for your installation and asked to supply a valid software license key (Software Key) for it. Write down the Software ID. You will need it to obtain the Software License after logging on to the MikroTik Account Server.
If you need extra time to obtain the Software License Key, you may want to power off the router. Press Ctrl-Alt-Del keys to properly shut down and reboot the router. Power the router off while the BIOS is doing memory check.
The MikroTik RouterOS Softare licensing process is described in the following diagram:
After installing the router and starting it up for the first time you will be given a Softwarte ID.
If you do not have an account at www.mikrotik.com, just press the 'New' button to create your account. You will be presented with the Account Sign-Up Form where you chose your account name and fill in the required information.
Software ID: 5T4V-IUT Software key: 4N7X-UZ8-6SP
After entering the correct Software License Key you will be presented with the MikroTik Router's login prompt. Use 'admin' and no password (hit 'Enter') for logging on to the router, for example:
MikroTik v2.3.8 (build 9) mikrotik login: admin Password:
The password can be changed with the '/password' command.
After logging on to the router you will be presented with the MikroTik RouterOS Welcome Screen and command prompt, for example:
MMM MMM KKK TTTTTTTTTTT KKK
MMMM MMMM KKK TTTTTTTTTTT KKK
MMM MMMM MMM III KKK KKK RRRRRR OOOOOO TTT III KKK KKK
MMM MM MMM III KKKKK RRR RRR OOO OOO TTT III KKKKK
MMM MMM III KKK KKK RRRRRR OOO OOO TTT III KKK KKK
MMM MMM III KKK KKK RRR RRR OOOOOO TTT III KKK KKK
MikroTik RouterOS V2.3 (c) 1999-2001 http://mikrotik.com/
command [Enter] Executes the command
[?] Gives the list of available commands
command [?] Gives help on the command and list of arguments
command arg [?] Gives help on the command's argument
[Tab] Completes the command/word. If the input is ambiguous,
a second [Tab] gives possible options
/ Move up to base level
.. Move up one level
/command Use command at the base level
Tip: Read the manual.
[mikrotik]>
The command prompt shows the identity name of the router and the current menu level, for example:
[mikrotik]> Base level menu [mikrotik]> driver Enter 'driver' to move to the driver level menu [mikrotik] driver> / Enter '/' to move to the base level menu from any level [mikrotik]> interface Enter 'interface' to move to the interface level menu [mikrotik] interface> /ip Enter '/ip' to move to the IP level menu from any level [mikrotik] ip>
A command or an argument does not need to be completed, if it is not ambiguous. For example, instead of typing 'interface' you can type just 'in' or 'int'. To complete a command use 'Tab' key. Use '?' to see the list of possible commands at a given menu level.
Before configuring the IP addresses and routes please check the '/interface' menu to see the list of available interfaces. If you have PCI Ethernet cards installed in the router, it is most likely that the device drivers have been loaded for them automatically, and the relevant interfaces appear on the '/interface print' list, for example:
[mikrotik] interface> print # NAME TYPE MTU ( 0)ether0 ether 1500 ( 1)ether1 ether 1500 [mikrotik] interface>
The device drivers for NE2000 compatible ISA cards need to be loaded using the 'load' command under the /drivers menu. For example, to load the driver for a card with IO address 0x300 and IRQ 5, it is enough to issue the command:
[mikrotik] driver> load ne2k-isa io 0x300 [mikrotik] driver>
The interfaces need to be enabled if you want to use them for communications. Use the '/interface enable name' command to enable the interface with a given name. Enabled interfaces do not have the numbers enclosed in braces. For example:
[mikrotik] interface> enable 0 [mikrotik] interface> enable ether1 [mikrotik] interface> print # NAME TYPE MTU 0 ether0 ether 1500 1 ether1 ether 1500 [mikrotik] interface>
You can use the number or the name of the interface in the 'enable' command.
Assume you need to configure the MikroTik router for the following network setup:
Please note that the addresses assigned to different interfaces of the router should belong to different networks. In the current example we use two networks:
[mikrotik] ip address> add address 192.168.0.254/24 interface ether1 [mikrotik] ip address> add address 10.1.1.12/24 interface ether0 [mikrotik] ip address> print # ADDRESS NETMASK NETWORK BROADCAST INTERFACE 0 192.168.0.254 255.255.255.0 192.168.0.254 192.168.0.255 ether1 1 10.1.1.12 255.255.255.0 10.1.1.12 10.1.1.255 ether0 [mikrotik] ip address>
Here, the network mask has been specified in the value of the address argument. Alternatively, the argument 'netmask' could have been used with the value '255.255.255.0'. The network and broadcast addresses were not specified in the input since they could been calculated automatically.
You can see two dynamic (D) kernel (K) routes, which have been added automatically when the addresses were added:
[mikrotik] ip address> /ip route print # DST-ADDRESS NETMASK GATEWAY PREF-ADDRESS INTERFACE 0 192.168.0.0 255.255.255.0 0.0.0.0 192.168.0.254 ether1 D K 1 10.1.1.0 255.255.255.0 0.0.0.0 10.1.1.12 ether0 D K [mikrotik] ip address>
These routes show, that IP packets with destination to 10.1.1.0/24 would be sent through the interface ether0, whereas IP packets with destination to 192.168.0.0/24 would be sent through the interface ether1. However, you need to specify where the router should forward packets, which have destination other than networks connected directly to the router. This is done by adding the default route (destination 0.0.0.0, netmask 0.0.0.0). In this case it is the ISP's gateway 10.1.1.254, which can be reached through the interface ether0:
[mikrotik] ip address> /ip route add gateway 10.1.1.254 interface test [mikrotik] ip address> /ip route print # DST-ADDRESS NETMASK GATEWAY PREF-ADDRESS INTERFACE 0 10.0.0.0 255.255.255.0 0.0.0.0 10.0.0.222 developers D K [mikrotik] ip address> /ip route print # DST-ADDRESS NETMASK GATEWAY PREF-ADDRESS INTERFACE 0 192.168.0.0 255.255.255.0 0.0.0.0 192.168.0.254 ether1 D K 1 10.1.1.0 255.255.255.0 0.0.0.0 10.1.1.12 ether0 D K 2 0.0.0.0 0.0.0.0 10.0.0.1 0.0.0.0 ether0 [mikrotik] ip address>
Here, the default route is listed under #2. Note, that you should not have two routes to the same destination, i.e., destination-address/netmask! It applies to the default routes as well. Situation with two routes to the same destination is confusing.
If you have added an unwanted static route accidentally, use the 'remove' command to delete the unneeded one. Do not remove the kernel (K) or dynamic (D) routes! They are added automatically and should not be deleted 'by hand'. If you happen to, then reboot the router, the route will show up again.
From now on, the '/ping' command can be used to test the network connectivity on both interfaces. You can reach any host on both connected networks from the router:
[mikrotik] ip address> /ping 10.1.1.17 10.1.1.17 pong: ttl=255 time<1 ms 10.1.1.17 pong: ttl=255 time<1 ms 10.1.1.17 pong: ttl=255 time<1 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0/0.0/0 ms interrupted [mikrotik] ip address> /ping 192.168.0.1 192.168.0.1 pong: ttl=255 time<1 ms 192.168.0.1 pong: ttl=255 time<1 ms 192.168.0.1 pong: ttl=255 time<1 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0/0.0/0 ms interrupted [mikrotik] ip address>
The workstation and the laptop can reach (ping) the router at its local address 192.168.0.254, whereas the server can reach the router at its local address 10.1.1.12 The router's address 192.168.0.254 should be specified as the default gateway in the TCP/IP configuration of both the workstation and the laptop. Then you should be able to ping the router's address 10.1.1.12 which is on the ISP's network:
C:\>ping 10.1.1.12 Pinging 10.1.1.12 with 32 bytes of data: Reply from 10.1.1.12: bytes=32 time<10ms TTL=255 Reply from 10.1.1.12: bytes=32 time<10ms TTL=255 Reply from 10.1.1.12: bytes=32 time<10ms TTL=255 C:\>
You cannot ping the workstation and laptop from the server, unless you do the following:
Next will be discussed situation with 'hiding' the private LAN 192.168.0.0/24 'behind' one address 10.1.1.12 given to you by the ISP.
If you want to 'hide' the private private LAN 192.168.0.0/24 'behind' one address 10.1.1.12 given to you by the ISP, you should use the masquerading function of the MikroTik router. Masquerading is useful, if you want to access the ISP's network and the Internet appearing as all requests coming from the host 10.1.1.12 of the ISP's network. The masquerading will change the source IP address and port of the packets originated from the network 192.168.0.0/24 to the address 10.1.1.12 of the router, when the packet is routed through it.
A firewall rule with action 'masq' should be added to the forward chain of the router's firewall configuration:
[mikrotik] ip firewall rule> add forward action masq interface ether0
[mikrotik] ip firewall rule> print forward
0 action: masq protocol: all src-address: 0.0.0.0 src-netmask: 0.0.0.0
src-ports: 0-65535 dst-address: 0.0.0.0 dst-netmask: 0.0.0.0
dst-ports: 0-65535 interface: ether0 log: no
[mikrotik] ip firewall rule>
More detailed information about using the masquerading can be found in the IP Firewalling section of the MikroTik RouterOS Manual.
Assume you want to limit the bandwidth to 128kbps on downloads and 64kbps on uploads for all hosts on the LAN. Bandwidth limitation is done by applying queues for outgoing interfaces regarding the traffic flow. It is enough to add two queues at the MikroTik router:
[mikrotik] ip queue>add interface ether1 queue red limit-at 128000 max-burst 0 bounded yes
[mikrotik] ip queue>add interface ether0 queue red limit-at 64000 max-burst 0 bounded yes
[mikrotik] ip queue> print
0 src-address: 0.0.0.0/0:0-65535 dst-address: 0.0.0.0/0:0-65535 interface: ether1
protocol: 0 queue: red limit-at: 128000 max-burst: 0 bounded: yes priority: 8
weight: 1 allot: 1538 red-limit: 60 red-min-threshold: 10
red-max-threshold: 50 red-burst: 20
1 src-address: 0.0.0.0/0:0-65535 dst-address: 0.0.0.0/0:0-65535 interface: ether0
protocol: 0 queue: red limit-at: 64000 max-burst: 0 bounded: yes priority: 8
weight: 1 allot: 1538 red-limit: 60 red-min-threshold: 10
red-max-threshold: 50 red-burst: 20
[mikrotik] ip queue>
Leave all other parameters as set by default. The limit is approximately 128kbps going to the LAN and 64kbps leaving the client's LAN. No burst of the packets is allowed. Please note, that each queue has been added for the outgoing interface regarding the traffic flow.
More detailed information about using the bandwidth management can be found in the Bandwidth Management and Queuing section of the MikroTik RouterOS Manual.
By clicking on the Java Console icon you can open the Java console with the login window. Use the username and password to log on to the router, for example:
After logging on to the router you can work with the MikroTik router's configuration through the Java console and perform the same tasks as using the regular console:
You can use the menu bar to navigate through the router's configuration menus, open configuration windows. By double clicking on some list items in the windows you can open configuration windows for the specific items, and so on. Please consult the MikroTik RouterOS Manual for more detailed description of using the Java console.
The basic installation comes with only the "system" package and few other packages. This includes basic IP routing and router administration. To have additional features such as IP Telephony, OSPF, wireless, and so on, you will need to download additional software packages. Please consult the MikroTik RouterOS Software Package Installation and Upgrading Manual for more detailed information about installing additional software packages.
| to the contents |
MikroTik Java Console requires Java 2 browser plug-in. This may be downloaded from the "Download" page at www.mikrotik.com or www.sun.com.
In the Web Browser open the page with the address http://<IPAddressOfTheRouter>. Then start the applet.
When you type your login name and password you are logged in the router via Java Console.
All operations are performed via the main menu that is situated on the left of the main window. It consists of twelve items. If a menu item has an arrow sign then it contains submenu. Each of menu item is described in the User Manual in the corresponding chapters, excluding menu item "Help". The table below describes the correlation.
| Menu Item | Chapter Name |
|---|---|
| Interfaces | Network Interface Management |
| IP | Internet Protocol Management |
| Router | Advanced Routing Management |
| Bridge | Bridge Configuration |
| Drivers | Device Drivers Management |
| SNMP Server | SNMP Service Configuration |
| System | System Configuration |
| Logs | System Configuration |
| Users | System Configuration |
| Tools | Tools |
| Password | System Configuration |
Here are the most common actions that you perform on the entries:
| Action | Description |
|---|---|
| Open | To open the required window simply click on the corresponding menu item. |
| Add | To add a new entry you should click on the 
icon in the corresponding window. |
| Remove | To remove an existing entry click on the 
icon. |
| Edit | Click twice on the icon on the left of each line. |
| Enable | To enable interface, address etc. click the 
icon. |
| Disable | To disable interface, address etc. click the 
icon. |
| Comment | To save a comment an entry click the 
icon. |
| Refresh | Click on the 
icon in the corresponding window. |
| Undo | Click on the 
icon above the main menu. |
| Redo | Click on the 
icon above the main menu. |
| Logout | Click on the 
icon above the main menu. |
Main Menu
When you log into the router via console or telnet you get a base level prompt. As it is in Java almost every command has the corresponding chapter in the Manual. In the table below base level commands are described:
| Command Name | Description | Chapter in the Manual |
|---|---|---|
| ping | Send ICMP Echo packets | Tools |
| tool | System tools | Tools |
| user | User management | System Configuration/ User Management |
| log | View system logs | System Configuration/ System Logs Management |
| quit | Quit console | |
| setup | Do basic setup of the system | Basic System Setup |
| password | Change user password | System Configuration/ Change Password |
| undo | Undo previous action | |
| redo | Redo previous action | |
| export | Export router settings | User Interconnection Description |
| interface | Interface configuration | Network Interface Management |
| driver | Driver management | Device Driver Management |
| system | System configuration | System Configuration |
| bridge | Bridge configuration | Bridge Configuration |
| snmp-server | SNMP server configuration | SMNP Service Configuration |
| terminal | Set terminal type | Terminal Setup and Basic System Setup |
| ip | IPv4 specific settings | Internet Protocol Management |
| router | Routing settings | Advanced Routing Management |
The table below describes how you can execute commands, move through the levels in the console, etc.
| Command | Action |
|---|---|
| command [Enter] | Execute the command |
| [?] | Show the list of all available commands |
| command [?] | Display help on the command and the list of arguments |
| command argument [?] | Display help on the command's argument |
| [Tab] | Complete the command/word. If the input is ambiguous, a second [Tab] gives possible options |
| / | Move up to the base level |
| /command | Execute the base level command |
| .. | Move up one level |
| "" | Enter an empty string |
| "word1 word2" | Enter 2 words that contain a space |
You can abbreviate names of levels, commands and arguments.
The console allows configuration of the router settings using text commands. The command structure is similar to the Unix shell. Since there's a whole lot of available commands, they're split into hierarchy. For example, all commands that work with routes start with "ip route":
[drax]> ip route print
|
#
|
DST-ADDRESS | NETMASK | GATEWAY | PREF-ADDRESS | INTE... |
|
0
|
0.0.0.0
|
0.0.0.0
|
10.0.0.1
|
0.0.0.0
|
ether1 D
|
|
1
|
10.0.0.0
|
255.255.255.0
|
0.0.0.0
|
10.0.0.65
|
ether1 D K
|
[drax]> ip route set 1 netmask 255.255.0.0
[drax]> ip route print
|
#
|
DST-ADDRESS | NETMASK | GATEWAY | PREF-ADDRESS | INTE... |
|
0
|
0.0.0.0
|
0.0.0.0
|
10.0.0.1
|
0.0.0.0
|
ether1 D
|
|
1
|
10.0.0.0
|
255.255.0.0
|
0.0.0.0
|
10.0.0.65
|
ether1 D K
|
Instead of typing "ip route" before each command, "ip route" can be typed once to "change into" that particular branch of command hierarchy. Thus, the example above could also be executed like this:
[drax]> ip route
[drax] ip route> print
|
#
|
DST-ADDRESS | NETMASK | GATEWAY | PREF-ADDRESS | INTE... |
|
0
|
0.0.0.0
|
0.0.0.0
|
10.0.0.1
|
0.0.0.0
|
ether1 D
|
|
1
|
10.0.0.0
|
255.255.255.0
|
0.0.0.0
|
10.0.0.65
|
ether1 D K
|
[drax] ip route> set 1 netmask 255.255.0.0
[drax]> ip route print
|
#
|
DST-ADDRESS | NETMASK | GATEWAY | PREF-ADDRESS | INTE... |
|
0
|
0.0.0.0
|
0.0.0.0
|
10.0.0.1
|
0.0.0.0
|
ether1 D
|
|
1
|
10.0.0.0
|
255.255.0.0
|
0.0.0.0
|
10.0.0.65
|
ether1 D K
|
Notice that prompt changes to show where in the command hierarchy you are located at the moment. To change to top level, type "/"
[drax] ip route> /
[drax]>
To move up one command level, type ".."
[drax] ip route> ..
[drax] ip>
You can also use "/" and ".." to execute commands from other levels without changing the current level:
[drax] ip route> /ping 10.0.0.10
timeout: ping reply not recieved after 1000 mss
timeout: ping reply not recieved after 1000 mss
ping interrupted 2 packets transmitted, 0 packets received, 100% packet loss
interrupted
Or alternatively, to go back to the base level you could use the ".." twice:
[drax] ip route> .. .. ping 10.0.0.10
10.0.0.10 pong: ttl=128 time=2 ms
10.0.0.10 pong: ttl=128 time=1 ms
ping interrupted 2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1/1.5/2 ms
interrupted
[drax] ip route>
- Lists -
Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similar looking lists. All items in the list have an item number followed by it's parameter values. For example:
[drax]> interface print
# NAME STATE TYPE MTU
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1500
|
| 1 |
ether1
|
up
|
ethernet
|
1500
|
To change parameters of an item (interface in this particular case), you have to specify it's number:
[drax]> interface set 1 mtu 1234
[drax]> interface print
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1500
|
| 1 |
ether1
|
up
|
ethernet
|
1234
|
Numbers are assigned by "print" command and are not constant - it is possible that two successive "print" commands will order items differently. Thus, you must use the print command before any other command that works with list items, to assign numbers.
Note Although numbers can change each time you use the "print" command, they don't change between these uses. Once assigned, they will remain the same until you quit the console or until the next "print" command. Also, numbers are assigned separately for every item list, so "ip address print" won't change numbers for interface list.
Let's assume "ip address print" hasn't been executed already. In this case:
[drax]> ip address set 123 netmask
255.255.0.0
Error: number : (no numbers assigned)
To understand better how do item numbers work, you can play with "from" argument of "print" commands:
[drax]> interface print from 1
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 1 |
ether1
|
up
|
ethernet
|
1500
|
The "from" argument specifies what items to show. Numbers are assigned by every "print" command, thus, after executing command above there will be only one item accessible by number - interface "ether1" by number 0.
- Item names -
Some lists have items that have specific names assigned to each. Examples are "interface" or "user" levels. There you can use item names instead of numbers:
[drax]> interface set ether1 mtu 1234
You don't have to use the "print" command before accessing items by name - as opposed to numbers, names are not assigned by the console internally, but are one of the items' parameters. Thus, they won't change on their own (But there are all kinds of obscure situations possible when several users are changing router configuration at the same time). Generally, item names are more "stable" than numbers, and also more informative, so you should prefer them ver numbers when writing console scritps. Also, <tab> completions work on item names, making them easy to type.
- Quick typing -
There are two features in router console that help entering commands a lot quicker and easier - tab key completions and abbreviations of command names. Completions work similarly to the bash shell in UNIX. If you press the tab key after part of word, console tries to find command in current context that begins with this word. If there's only one match, it is automatically appended, followed by space character:
/inte<tab>_ becomes /interface _
(where "_" is cursor position)
If there's more than one match, but they all have a common beginning which is longer that what you've typed, then the word is completed to this common part, and no space is appended:
/interface set e<tab>_ becomes
/interface set ether_
(because "e" matches both "ether5" and "ether1" in this example)
If you've typed just the common part, pressing the tab key once has no effect. However, pressing it second time shows all possible completions in compact form:
[drax]> /interface set e<tab>_
[drax]> /interface set ether<tab>_
[drax]> /interface set ether<tab> ether1 ether5
[drax]> /interface set ether_
The tab key can be used almost in any context where the console might have a clue about possible values - command names, argument names, arguments that have only several possible values (like names of items in some lists or name of protocol in firewall and NAT rules). You can't complete numbers, IP addresses and similar values.
Another way to press less keys while typing is to abbreviate command and argument names. You can type only beginning of command name, and if it is not ambiguous console will accept it as a full name:
[drax]> ip f s r 1 equals to [drax]> ip firewall static-nat remove 1
[drax]> pi 10.1 c 3 s 100 equals to [drax]> ping 10.0.0.1 count 3 size 100
Note ".." can be shortened to ".", because no other words in command levels begin with dot.
- Help -
The console has a built-in help, which can be accessed by typing '?'. General rule is that help shows what you can type in position where the '?' was pressed (similarly to pressing tab key twice, but in verbose form and with explanations).
- Internal item numbers -
Items can also be addressed by their internal numbers. These numbers are generated by console for scripting purposes and, as the name implies, are used internally. Although you can see them if you print return values of some commands (internal numbers look like hex number preceded by '*' - for example "*100A"), there's no reason for you to type them in manually. Use of invalid internal numbers can result in severe injury of your router configuration.
- Multiple items -
You can specify multiple items as targets of some commands. Almost everywhere, where you can write the number of items, you can also write a list of numbers:
[drax]> interface print
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1500
|
| 1 |
ether1
|
up
|
ethernet
|
1234
|
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1600
|
| 1 |
ether1
|
up
|
ethernet
|
1600
|
This is handy when you want to perform same action on several items, or do a selective export. However, this feature becomes really useful when combined with scripting.
- Return values -
The router console has limited scripting capability. Syntax is simple and similar to TCL. There's a new command "find" added to many of the command levels for scripting use. This command doesn't print anything on screen. Instead, it creates a return value that contains internal numbers of items that match parameters of the "find" command. This return value can be used in another command, by placing "find" in square brackets:
[drax]> interface
[drax] interface> print from [find name ether5]
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1600
|
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1001
|
If you don't give "find" any arguments, it returns internal numbers of all items:
[drax] interface> set [find] mtu 1500
[drax] interface> print
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1500
|
| 1 |
ether1
|
up
|
ethernet
|
1500
|
You can see the return value of "find" command (and other router commands) using ":put" command:
[drax] interface> :put [find]
*10002 *10001
These are internal numbers of all router interfaces. Also, there's a trailing space after last number, so you can concatenate results of several "find" commands:
[drax] interface> print from [find][find]
| # |
NAME
|
STATE
|
TYPE
|
MTU
|
| 0 |
ether5
|
up
|
ethernet
|
1500
|
| 1 |
ether1
|
up
|
ethernet
|
1500
|
| 3 |
ether5
|
up
|
ethernet
|
1500
|
| 4 |
ether1
|
up
|
ethernet
|
1500
|
- Time Setting -
In the console time can be set in various ways. If it is just a number, then it is in seconds. You can also enter the following values:
| "d", "da", "day", "days" - 86400 seconds (1 day) |
| "h", "ho" ... "hours" - 3600 seconds (1 hour) |
| "m", "mi", "min" - 60 seconds (1 minute) |
| "s" - 1 seconds (1 second) |
| "ms" - 1 millisecond |
If the is no number before the letters, it will be one unit. You also can use decimal numbers. Multiple time intervals can be written consequently - they will be summarized.
- Variables -
The console has variables that can store string values. Assigning such a variable is done by ":set" command:
[drax]> :set var1 J.Random.String
If the value is assigned to a non-existing variable, it's created, otherwise current value is replaced. To access the value of variable, you have to type "$" followed by the name of the variable, and it will be replaced by the value of the variable:
[drax]> :put $var1
J.Random.String
[drax]> :put $var1-$var1-yo-ho-ho-$var1
J.Random.String-J.Random.String-yo-ho-ho-
J.Random.String
- Magic Variables -
There are two magic variables in the console. "_" (underscore) has the last valid command entered.
[drax]> /system clock print
jun/16/2000 17:06:57
[drax]> :put $_
/system clock print
[drax]> :put $_
:put $_
The second magic variable is the "^" (caret). It contains the return value of the last executed command. Note that all commands return values (even if they're empty strings), so if you want to use the return value of some command (say, "find") several times, you have to assign it to normal variable. In the console, "^" is used to export some items:
[drax]> ip firewall static-nat
[drax] ip firewall static-nat> print
|
(0)
|
;;; blah-blah |
| ;;; yadda-yadda | |
| src-address: 0.0.0.0 src-netmask: 0.0.0.0 src-port: 0-65535 | |
| dst-address: 0.0.0.0 dst-netmask: 0.0.0.0 dst-port: 0-65535 interface: all | |
| translate: no direction: in protocol: all to-src-address: 0.0.0.0 | |
| to-dst-address: 0.0.0.0 to-src-netmask: 0.0.0.0 to-dst-netmask: 0.0.0.0 | |
| to-src-port: 0 to-dst-port: 0 |
[drax] ip firewall static-nat> export
/ip firewall static-nat
add interface all src-address 0.0.0.0 src-netmask
0.0.0.0 \
dst-address 0.0.0.0 dst-netmask 0.0.0.0 protocol
all \
src-port 0-65535 dst-port 0-65535 to-src-address
0.0.0.0 \
to-dst-address 0.0.0.0 to-src-netmask 0.0.0.0 \
to-dst-netmask 0.0.0.0 to-src-port 0 to-dst-port 0
translate no \ direction in
comment $^ blah-blah\nyadda-yadda
disable $^
[drax] ip firewall static-nat>
Here, "add" returns internal number of item the it has added, and "comment" command returns list of internal numbers of items it received as the first argument. Thus "comment $^" will add comment to the item created by "add", and "disable $^" will disable this item.
- General layout of command levels -
There are two different kinds of command levels. First, there are levels that allow you to work with lists of similar items - routes, interfaces, users and the like. Second, there are levels that allow you to change some general parameters - time, bridge settings etc.
Most command groups have some or all of these commands:
print
set
remove
add
find
export
enable
disable
comment
These commands have similar behaviour in all hierarchy.
- print -
The "print" command shows all information that's accessible from particular command level. Thus, "/system time print" shows system time, "/ip route print" shows all routes etc. If there's a list of items in this level and they are not read-only, i.e. you can change/remove them (example of read-only item list is "/system history", which shows history of executed actions), then "print" command also assigns numbers that are used by all commands that operate on items in this list. Thus, "print" usually must be executed before any other commands in the same command level.
If there's list of items then "print" usually can have a "from" argument. The "from" argument accepts space separated list of item numbers, names (if items have them). and internal numbers. The action (printing) is performed on all items in this list in the same order in which they're given.
- set -
The "set" command allows you to change values of general parameters or item parameters. The "set" command has arguments with names corresponding to values you can change. Use "?" or double tab to see list of all arguments. If there is list of items in this command level, then set has one unnamed argument that accepts the number of item (or list of numbers) you wish to set up. Values for unnamed arguments must follow right after the name of the command, and their order can't be changed. Example: in firewall rules, the "set" command has two unnamed arguments - first is the name of chain and second is the number of rule in this chain. "set" returns internal numbers of items it has set up.
- remove -
"remove" has one unnamed argument which contains number(s) of item(s) to remove.
- add -
"add" usually has the same arguments as "set", minus the unnamed number argument. It adds new item with values you've specified, usually to the end of list (in places where order is relevant). There are some values that you have to supply (like interface for new route), and other values that are set to defaults if you don't supply them. The "add" command returns internal number of item it has added.
- find -
The "find" command has the same arguments as "set", and an additional "from" argument which works like the "from" argument with the "print" command. The "find" command returns internal numbers of all items that have the same values of arguments as specified.
- export -
The "export" command prints a script that can be used to restore configuration. If it has the argument "from", then it is possible to export only specified items. Also, if the "from" argument is given, "export" does not descend recursively through the command hierarchy. "export" also has the argument "file", which allows you to save the script in file on router to retrieve it later via ftp. Argument "noresolve" is used to disable reverse resolving of IP addresses if it proves to be problem.
- enable/disable -
You can enable/disable some items (like ip address or default route). Is an item is disabled, it number is shown in parenthesis. If an item is inactive, but not disabled, it number is shown in brackets.
- comment -
You can add comments to any item. If item is commented, comments are shown after item number before all parameters and prefixed with ";;;".
| to the contents |
This document applies to the MikroTik RouterOS V2.3
The device drivers for PCI and PC cards are loaded automatically. Other network interface cards (ISA) require the device drivers loaded manually by using the '/driver add' command.
Users cannot add their own device drivers. Only drivers included in the Mikrotik RouterOS software packages can be used. If you need a device driver for a device, which is not supported by the MikroTik RouterOS, please suggest it at our suggestion page on our web site.
[mikrotik] driver> load ? Load driver name [irq IRQ] [io IO range start] [mem shared memory]. _name_ Driver name irq IRQ number mem Shared Memory base address io IO port base address isdn-protocol ISDN line protocol [mikrotik] driver>
If hexadecimal values are used, put 0x before the number. To see the list of available drivers, enter the 'load' command continued with double [Tab] keys:
[mikrotik] driver> load [Tab] [Tab] 3c509 ne2k-isa [mikrotik] driver> load ne2k-isa io 0x280 [mikrotik] driver> print # DRIVER IRQ IO MEMORY ISD... 0 RealTek RTL8129/8139 D 1 ISA NE2000 0x280 [mikrotik] driver>
As we see, the driver for the Realtek PCI card has been loaded automatically. To see the system resources occupied by the devices, use the '/system resource io print' and '/system resource irq print' commands:
[mikrotik]> system resource io print IO OWNER 0020-003f APIC 0040-005f timer 0060-006f keyboard 0080-008f DMA 00a0-00bf APIC 00c0-00df DMA 00f0-00ff FPU 01f0-01f7 IDE 1 0280-029f ether1 03c0-03df VGA 03f6-03f6 IDE 1 03f8-03ff serial port 6100-61ff ether0 f000-f007 IDE 1 f008-f00f IDE 2 [mikrotik]> system resource irq print IRQ OWNER 1 keyboard 2 APIC 3 ether1 4 serial port 5 6 7 8 9 10 11 ether0 12 13 FPU 14 IDE 1 [mikrotik]>
Note, that the resource list shows only the interfaces, if they are enabled!
Unloading Device Drivers
Use the '/driver unload' command to unload device drivers.
Unloading of device driver is useful when changing network devices -
this can be useful to save system resources in avoiding loading drivers
for devices, which have been removed from the system.
Device driver needs to be unloaded and loaded again, if some parameter
(memory range, i/o base address) has been changed for the adapter card.
The device drivers can be unloaded only if the appropriate interface has been disabled.
List of Drivers
The list of device drivers included in the system software package is given below:
For the list of drivers included in additional feature software packages, please see the manual of the relevant software package.
An Interface is physical or virtual device which provides a connection to an external network. Network interfaces are created automatically when the Network Interface Card driver is loaded. Virtual (software) interfaces can be created manually.
Managing Network Interfaces from Java
Select the "Interfaces" menu to open the interface list window. The interfaces list displays basic interface parameters. Interface type specific parameters can be changed from interface details windows (opened by double clicking on icon to the left from interface name). The Interface details window has a standard "Traffic" tab which displays traffic that enters and leaves router through the interface. It can also contain other tabs with interface type specific parameters.
The Interfaces list window also contains a "blink" button. Selecting this button causes traffic to be generated on the highlighted interface and therefore blink the LEDs (light emitting diodes) on the card so that an administrator can determine which Interface name corresponds to the actual interface (when there are multiple interfaces of the same type). Some interfaces must have an Ethernet cable connected before the lights will blink. Note that not all interfaces support this function.
Managing Network Interfaces from Console
Network interface commands and submenus are located in the "interface" menu. It contains several commands that are common to all interfaces:
| Command syntax | Description |
|---|---|
| Show interface summary | |
| set [enable] [disable]
<interface number> [name <new name>] [mtu <MTU>] |
Change basic interface properties and/ or enable or disable it |
| find [from] [name] [mtu] [up][down] | |
| export [file <name>] [noresolve] | |
| blink <interface number> | Generate traffic to blink LEDs |
| monitor-traffic <interface number> | Monitor traffic on interface |
Whre <interface> is interface name or number obtained from "print" command.
The "interface" menu also contains device type specific submenus with device type specific commands. The following device type submenus can be available, depending on what features are licensed for a particular installation:
| Submenu | Description |
|---|---|
| ethernet | Ethernet interfaces |
| ppp | Async PPP interfaces |
| synchronous | Moxa Sync interfaces |
| pptp-client | PPTP dial-out interfaces |
| pptp-server | PPTP server connections |
| bridge | Bridge interface |
| arlan | Arlan IC2200 interfaces |
| radiolan | RadioLAN interfaces |
| wavelan | WaveLAN IEEE 802.11 interfaces |
| pc | Aironet 35/45/4800 interfaces |
| samsung | Samsung IEEE 802.11 interfaces |
Basic Interface Parameter Description
| Name in Console | Name in Java | Description |
|---|---|---|
| name | Name | Human friendly name for the interface. Maximum 31 character. |
| enable | Enbled (yes) | Enable interface |
| disable | Enabled (no) | Disable interface |
| mtu | MTU | Maximum Transfer Unit (in bytes) |
| arp | ARP | Address Resolution Protocol Settings |
|
disabled
|
Disable ARP protocol, use only static ARP entries | |
|
enabled
|
Enable ARP protocol for an interface (send ARP requests and replies) | |
|
proxy-arp
|
Enable ARP protocol for an interface and also reply on ARP requests about IP addresses for which the router is a gateway |
Ethernet interfaces include standard 10/100 Mbit Ethernet network interface. Ethernet interfaces do not have any device type dependent parameters. Each Ethernet interface has its MAC-address (Medium Access Control).
Managing Ethernet Interfaces from Java
Ethernet interface parameters can be changed from interface list window or from interface details window "General" tab.
Managing Ethernet Interfaces from Console
Ethernet interface management is done in submenu "interface ether".
| Command syntax | Description |
|---|---|
| print [<interface>] | Show interface(s) information |
| set <interface>
[enable] [disable] [name <new name>] [mtu <MTU>] [arp disabled|enabled|proxy-arp] |
Change interface properties |
| find | |
| export |
Where <interface> is interface name or number obtained from "print" command.
| Name in Console | Name in Java | Description |
|---|---|---|
| enable/ disable | Enabled (yes/ no) | Set Ethernet interface up or down |
| mtu | MTU | Maximum Transfer Unit. Maximum packet size to be transmitted |
| arp | ARP | Address Resolution Protocol Settings |
|
mac-address
|
MAC Address | Medium Access Control Address |
PPP (or Point-to-Point Protocol) provides a method for transmitting datagrams over serial point-to-point links. The 'com1' and 'com2' ports from standard PC hardware configurations will appear as 'serial0' and 'serial1' automatically. It is possible to add thirty-two additional serial ports with the Moxa C168 PCI multiport asynchronous card (eight ports each) to use the router for a modem pool.
To add PPP server interface, you have to choose "Interfaces" and click "Add
New" 
. Then choose PPP
Server and set all PPP server settings. When next time you want to change PPP
server settings or check out status or traffic of the PPP server you have to
double click on PPP server interface you added in the Interfaces list.
Managing PPP Server from Console
PPP server management is done in the submenu "interface ppp-server".
| Command syntax | Description |
|---|---|
| Show interface(s) information | |
| set <interface>
[enable] [disable] [name<new name>] [mtu <MTU>] [mru <MRU>] [port-id <id>] [pap no|yes] [chap no|yes] [ms-chap no|yes] [ms-chapv2 no|yes] [encryption none|optional|required| stateless] [ring-count <rings>] [idle-timeout <time>] [null-modem <on|off>] [modem-init <string>] [local-address <address>] [remote-address <address>] |
Change interface properties |
| find | |
| export | |
| monitor <interface> | Monitor interface status in real time |
Where <interface> is interface name or number obtained from "print" command.
Managing PPP Client from JAVA
To add PPP client interface, you have to choose "Interfaces" and click "Add
New" . Then choose PPP
Client and set all PPP client settings. When next time you want to change PPP
client settings or check out status or traffic of the PPP client you have to
double click on PPP client interface you added in the Interfaces list.
Managing PPP Client from console
PPP server management is done in the submenu "interface ppp-server".
| Command syntax | Description |
|---|---|
| Show interface(s) information | |
| set <interface> [enable] [disable] [name<new name>] [mtu <MTU>] [mru <MRU>] [port-id <id>] [pap no|yes] [chap no|yes] [ms-chap no|yes] [ms-chapv2 no|yes] [user <name>] [encryption none|optional|required| stateless] [tone-dial <enable|disable>] [dial-on-demand <enable|disable>] [add-default-route <address>] [phone <number>] [idle-timeout <time>] [null-modem <on|off>] [modem-init <string>] [local-address <address>] [remote-address <address>] [use-peer-dns <enable|disable>] |
Change interface properties |
| find | |
| export | |
| monitor <interface> | Monitor interface status in real time |
| Name in Console | Name in Java | Description |
|---|---|---|
| mtu | MTU | Maximum Transfer Unit. Maximum packet size to be transmitted |
| mru | MRU | Maximum Size of received packets |
| pap/ms-chap/ chap/ms-chapv2 | Authentication Allow | Authentication protocol type |
| encryption | Encryption | Which encryption to use. |
|
none
|
none | No encryption is used. If the other end supports compression, it will be used |
|
optional
|
optional | If the other end supports encryption, it will be used |
|
required
|
required | Encryption is required, without it connection won't be established |
|
stateless
|
stateless | Stateless-MPPE is required. Router will use MPPE-128bit or MPPE-40bit depending on the other end of connection. In stateless mode password will be changed before every packet is transmitted |
| user | User | User name to use to log into server when dialing out. Can contain letters, digits, "@", "-",".", or be "*" |
| phone | Phone Number | Phone number to call when dialing out |
| tone-dial | Tone Dial | Enable/Disable tone dial |
| ring-count | Rings | Number of rings to wait before answering phone |
| null-modem | Null Modem | Enable/Disable null-modem mode (when enabled, no modem initialization strings are sent). Default value is "on" (for COM1 and COM2 only). So by default null-modem is turned on. |
| dial-on-demand | Dial On Demand | Enable/Disable dial on demand |
| idle-timeout | Idle Time | Idle time after which close connection |
| modem-init | Modem Init | Modem Initialization String |
| add-default-route | Add Default Route | Add PPP remote address as a default route. Other settings are: destination=0.0.0.0 netmask=0.0.0.0 interface=ppp, preferred source=0.0.0.0 |
| local-address | Local Address | Local IP Address |
| remote-address | Remote Address | Remote IP Address |
Overview
PPP (point to point protocol) authentication on the MikroTik RouterOS is supported by a local authentication database or a RADIUS client. Authentication is supported for PPP asynchronous connections, PPPoE, PPTP, and ISDN PPP (local only). Authentication protocols supported are PAP, CHAP, and MS-CHAPv2. The authentication process is as follows: PPP sends a user authentication request, the user ID is first checked against the local user database for any users which have the PPP attribute, if no matching user is found then the RADIUS client (if enabled) will request authentication from the RADIUS server. Note that the users will first be checked against the local database and then only against the RADIUS server. Be careful not to have the same user with PPP on the local database and the RADIUS server – the authentication will finish at the local database in this case.
Topics covered in this section:
PPP authentication and accounting installation on the MikroTik RouterOS v2.3
The local authentication and local accounting features are included in the “system” package. The RADIUS client and RADIUS accounting features are included in the “PPP” package. Note, PPP features require that the PPP package be installed.
Hardware resource usage
No significant hardware resource usage.
Local authentication overview
Local PPP authentication is part of the general user database stored on the router – this database is also responsible for administration authentication for the router. Certain PPP specific attributes are supported for PPP user entries.
·
PPP remote address set from RADIUS server
·
Time limit of connections set from RADIUS server
·
MAC address (PPPoE) or remote client address (PPTP) reported
to RADIUS server
·
System identity
·
Traffic accounting (PPP style – no IP pairs)
Local authentication management of PPP users
Only users which are in a group with the PPP attribute can be authenticated for PPP access. To add a user:
[mikrotik] user> add name client2 password ctest group ppp
[mikrotik] user> print
0 ;;; system default user
name: admin group: full address: 0.0.0.0 netmask: 0.0.0.0 caller-id: ""
only-one: no max-session-time: 0
1 name: client2 group: ppp address: 0.0.0.0 netmask: 0.0.0.0 caller-id: ""
only-one: no max-session-time: 0
Descriptions of settings:
full address: 0.0.0.0 netmask: 0.0.0.0
This is used to determine the address to be given to the remote site, if full address is set to a specific IP (for example: full address: 10.25.0.3 netmask: 255.255.255.255), then only 10.25.0.3 will be given to the remote site. If the remote site will not accept this, then the connection will fail. If a subnet were set (for example: full address: 10.25.0.3 netmask: 255.255.255.240), then an address in the subnet 10.25.0.0/28 would be allowed if the server gives an address in that range – or the server has no addresses set to give, and the client request an address in that range. If no specific address or subnet is given (for example: full address: 0.0.0.0 netmask: 0.0.0.0.), then an address from the PPP server setup of “remote-address-from” and “remote-address-to” will be given.
caller-id: ""For PPTP, this may be set the IP address which a client must connect from in the form of “a.b.c.d”. For PPPoE, the MAC address which the client must connect from can be set in the form or “xx:xx:xx:xx:xx:xx”. When this is not set, there are no restrictions on from where clients may connect.
only-one: no
If this is set to “yes”, then there may be only one connection at a time.
max-session-time: 0
If set to >0, then this is the max number of seconds this session can stay up. “0” indicates no session limit.
Local accounting of PPP users
To enable local authentication and accounting, set “[mikrotik] ip ppp> set accounting yes authentication local.” If the “authentication” is set to “radius,” then no local accounting logs will be made. The following is an example of the local accounting when a PPPoE connection is made to the PPPoE server (access concentrator).
[mikrotik]> log print
apr/04/2001 17:19:14 pppoe-in7:
waiting for authentication
apr/04/2001 17:19:14 pppoe-in7: test logged in
apr/04/2001 17:19:14 pppoe-in7: connection established
apr/04/2001 17:19:20 pppoe-in7: using encoding - none
apr/04/2001 17:25:08 pppoe-in7: connection terminated by peer
apr/04/2001 17:25:08 pppoe-in7: modem hanged up
apr/04/2001 17:25:08 pppoe-in7: connection terminated
apr/04/2001 17:25:08 pppoe-in7: test logged out, 354 4574 1279 101 83
The last line is the accounting which is printed when the connection is terminated. This line indicates that the user “test” connection has terminated at “apr/04/2001 17:25:08.” The numbers following the “test logged out” entry represent the following:
354 session connection
time in seconds
4574 bytes-in (from client)
1279 bytes-out (to client)
101 packets-in (from client)
83 packets-out (to client)
RADIUS Overview
RADIUS authentication gives the ISP or network administrator the ability to manage PPP user access and accounting from one server throughout a large network. The MikroTik RouterOS has a RADIUS client which can authenticate for PPP, PPPoE, and PPTP connections – no ISDN remote access support currently. Features supported:
·
PPP remote address set from RADIUS server
·
Time limit of connections set from RADIUS server
·
MAC address (PPPoE) or remote client IP address (PPTP) reported
to RADIUS server
·
System identity
·
Traffic accounting (PPP style – no IP pairs)
RADIUS client setup
Set [mikrotik] ip ppp> set authentication radius auth-server 10.10.1.1 shared-secret users
Example output of the print command:
[mikrotik] ip ppp> pr
primary-dns: 159.148.60.3
secondary-dns: 0.0.0.0
authentication: radius
auth-server: 10.10.1.1
shared-secret: users
accounting: no
accounting-port: 1646
authentication-port: 1645
Description of the output:
Pimary-dns – ppp setting for remote site
Secondary-dns – ppp setting for remote site
authentication – Can be set to “radius” or “local”
auth-server – IP address of the server in a.b.c.d
shared-secret – corresponding text string from RADIUS server
accounting – enable by setting “yes” or “no”
accounting-port – default port 1646 according to RFC
authentication-port – default port 1645 according to RFC
RADIUS parameters
Authentication data sent to server Data received from server Accounting information sent to server:
PW_SERVICE_TYPE = PW_FRAMED
PW_FRAMED_PROTOCOL = PW_FRAME_PPP
PW_NAS_IDENTIFIER = system identity
PW_NAS_IP_ADDRESS = local PPP interface address
PW_NAS_PORT = unique PPP port identifier number
PW_NAS_PORT_TYPE = async or virtual in number form
PW_CALLING_STATION_ID = for PPTP, remote IP reported
for PPPoE, remote MAC reported
in form of xx:xx:xx:xx:xx:xx
Data received from server:
PW_ACCT_INTERIM_INTERVAL = if non-zero then interval to update accouting data in seconds
PW_FRAMED_IP_ADDRESS = PPP remote address
PW_IDLE_TIMEOUT = if no traffic in that time, connection is closed
PW_SESSION_TIMEOUT = connection time allowed
Accounting information sent to server:
PW_USER_NAME
PW_ACCT_INPUT_OCTETS = octets signifies bytes
PW_ACCT_INPUT_PACKETS
PW_ACCT_OUTPUT_OCTETS
PW_ACCT_OUTPUT_PACKETS
ACCT_SESSION_TIME = in the form of seconds
RADIUS servers suggested
Our RADIUS CLIENT should work well with all RFC complient servers. Our software has been tested with:
PPPoE bandwidth setting
This feature is currently available only version 2.4RC (release candidate). For local authentication,
this can be set in the [MikroTik] user> menu with the baud-rate value (identical to bits/s).
For Radius authentication, the account of each user in the radius server should be set with:
Paramater: Ascend-Data-Rate (with parameter ID 197 -- in bits/s)
Additional Resource
Links for SNMP documentation:
http://www.ietf.org/rfc/rfc2138.txt?number=2138
http://www.ietf.org/rfc/rfc2138.txt?number=2139
http://www.livingston.com/tech/docs/radius/introducing.html
- 3707
|
MOXA C101 Synchronous 5Mb/s AdapterDocument revision 27-July-2001This document applies to the V2.3 of the MikroTik RouterOS OverviewThe MikroTik RouterOS supports the MOXA C101 Synchronous 5Mb/s Adapter hardware.
For more information about the MOXA C101 Synchronous 5Mb/s Adapter hardware please see the relevant documentation:
Contents of the ManualThe following topics are covered in this manual:
Synchronous Adapter Hardware and Software InstallationSoftware PackagesThe MikroTik Router should have the moxa c101 synchronous software package installed. The software package file moxa-c101-2.x.y.npk can be downloaded from MikroTik’s web page www.mikrotik.com. To install the package, please upload the correct version file to the router and reboot. Use BINARY mode ftp transfer. After successful installation the package should be listed under the installed software packages list, for example:
[MikroTik] system package> print # NAME VERSION BUILD UNINSTALL 0 lcd 2.3.14 16 no 1 system 2.3.14 30 no 2 routing 2.3.14 19 no 3 snmp 2 |