MikroTik as a network tester
Acquired the MikroTik RouterBoard mAP 2n . Great model. Having played enough with him, we decided to use a small provider network as a tester. Very often, to check the status of the network, it is necessary to uncover a laptop, which is sometimes extremely inconvenient because of the location of the equipment in the basements, attics. Of course, it is impossible to replace the laptop completely, but the standard tests can be passed onto our “little friend” shoulders. This will be discussed in my post.
One of the features of the mAP 2n is the presence of a microUSB in it, by which the router can be powered. This feature makes it possible to use a mobile device together with a portable charger. HIPER WP-222 was chosen as a portable charger. Basically, his choice was due to the price, but his waterproof case and the presence of a flashlight finally convinced us of the correctness of the decision.
')
For the tester requires a communication channel with the person. The first thought was to use the speaker, where you can work wonders with RouterOS, but unfortunately mAP 2n cheated them. All that is left is to use the LED display. The mAP 2n on the front panel has 7 LEDs: Power - it cannot be controlled, one red - power to someone via the second port and 5 green ones (WI-Fi, Eth1.2 USR, AP / CAP). You can control the LED by assigning a bridge interface. Turn on, the interface LED lights up, turn off - goes out.
/system leds set 1 interface=br1 type=interface-status /interface bridge set br1 disabled=yes; # set br1 disabled=no; # In addition, to notify a person, we must figure out how to get some command from him. I dug in the direction of the Reset / Mode button for a long time, but I didn’t really know anything except the ability to reset the settings, but I would like to know what this Mode is. I had to think of something else. The mAP 2n has two 10/100 Ethernet ports onboard. By the first, the router can be powered, and by the second, it will itself be the power source, moreover, the router is able to determine that a device that can be powered is connected to it. This is due to the presence of resistance at 4.5 - 7.8 pins of the Ethernet port from 3kΩ to 26.5kΩ . Without hesitation, we built the following piece on the basis of the Ethernet connector, buttons from the PC case and a 4kΩ resistor:
We programmatically check the button like this:
/interface ethernet poe set eth2 poe-out=auto-on; :local status; /interface ethernet poe monitor eth2 once do={ :set status $"poe-out-status"; }; :if ($status = "powered-on") do={ # }; There is a communication channel with a person. It is necessary to decide what we are going to check and in what sequence.
Let's start:
1. The presence of a link on the port without it further and unnecessary to check anything. We will check the link with a cable-test tool that will check the cable physically.
:local link; /interface ethernet cable-test eth1 once do={ :set link $"status"; }; :if ($link = "link-ok") do={ # }; 2. The port should be 100Mbps. Many switches, because of their iron problems, start to fail and give out 10Mbps per port, which is what we need to eliminate. We do it like this:
:if ([/interface ethernet get eth1 speed] = "100Mbps") do={ # }; 3. Pings where without them? We ping the gateway. Here you need to ping the gateway with ordinary and large packets. This will reveal possible problems in the chain to the gateway. We do it like this:
:if ([/ping address=[/ip dhcp-client get 0 gateway] interface=ethernet count=1 interval=200ms] = 1) do={ :if ([/ping address=[/ip dhcp-client get 0 gateway] interface=ethernet count=1 interval=200ms size=1500] = 1) do={ # }; }; 4. Additionally, by pressing our button, we test the VPN (it is possible and anything else in our case is pptp) and Internet access.
:local gateway "8.8.8.8"; # :if ([/interface pptp-client get vpn disabled] != false) do={ /interface pptp-client set vpn disabled=no; }; :if ([/interface pptp-client get vpn running] = true) do={ :if ([/ping address=$gateway interface=vpn count=1 interval=200ms size=1500] = 1) do={ # }; }; It was decided to inform the person like this:
The first test is to check the link if everything is good, then nothing is lit, if everything is bad then a red LED is lit.
The second test is a test on the 100Mbps port, if everything is good, then the first green LED is on, if everything is bad then nothing is lit.
The third test is a ping. If the short and long pings have passed, the second green LED is on, if short ones have passed, but there are no long pings, the second LED blinks, if the second LED does not work, the LED is off.
The fourth test at the touch of a button, only if all the previous ones have successfully completed - a VPN test and the Internet if the VPN is working and the ping to the external gateway has passed, the third green LED is on, if the VPN is working and the pings have not passed, the third green LED is blinking does not burn.
At any of the stages when any test fails, all testing should return to the beginning. After all, we can sort out the cable and test several in turn. Just repeat the button to check the VPN and the Internet can be used only with successful passing of the previous tests.
For the first port, they made a small extension cord, which became more comfortable and, most importantly, excluded the possibility of powering it on this port.
Eth2 LED - indicates Wi-Fi activity, but Eth1 on Eth1 link. Wi-Fi on the device is configured and there is access to its management from a smartphone. Here you can also write an application for additional tests via a smartphone, but this is another story.
The minus of implementation after three months of its use in combat conditions is a relatively long load, but having become accustomed to this, they began to turn it on beforehand by doing parallel tasks. Now the laptop lives in the car and rarely gets. At the end I will give the whole script.
Here is a script that turned out:
In the script:
test1, test2, test3 - bridge interfaces with the association of three extreme-left LEDs (except for the first one - Power)
link - the second Ethernet port
ethernet - the first Ethernet port
off - bridge interface for programmatically stopping the script. Needed to debug for convenience.
8.8.8.8 - replaced the address of our gateway with Google DNS
vpn - pptp connection
test1, test2, test3 - bridge interfaces with the association of three extreme-left LEDs (except for the first one - Power)
link - the second Ethernet port
ethernet - the first Ethernet port
off - bridge interface for programmatically stopping the script. Needed to debug for convenience.
8.8.8.8 - replaced the address of our gateway with Google DNS
vpn - pptp connection
{ :log info [ :time { :local gateway "8.8.8.8"; /interface bridge set test1 disabled=yes; /interface bridge set test2 disabled=yes; /interface bridge set test3 disabled=yes; /interface ethernet poe set link poe-out=forced-on; /interface pptp-client set vpn disabled=yes; :delay 3; :local link; :local status; :local flag false; :while ([/interface bridge get off disabled] = true) do={ /interface ethernet cable-test ethernet once do={ :set link $"status"; }; :if ($link = "link-ok") do={ :if ([/interface ethernet poe get link poe-out] = "forced-on") do={ /interface ethernet poe set link poe-out=off; }; :if ([/interface ethernet get ethernet speed] = "100Mbps") do={ :if ([/interface bridge get test1 disabled] != false) do={ /interface bridge set test1 disabled=no; }; :if ([/ping address=[/ip dhcp-client get 0 gateway] interface=ethernet count=1 interval=200ms] = 1) do={ :if ([/ping address=[/ip dhcp-client get 0 gateway] interface=ethernet count=1 interval=200ms size=1500] = 1) do={ :if ([/interface bridge get test2 disabled] != false) do={ /interface bridge set test2 disabled=no; }; :if ($flag != true) do={ :if ([/interface ethernet poe get link poe-out] != "auto-on") do={ /interface ethernet poe set link poe-out=auto-on; }; }; /interface ethernet poe monitor link once do={ :set status $"poe-out-status"; }; :if (([/interface ethernet poe get link poe-out] = "auto-on" and $status = "powered-on") or $flag = true) do={ :if ($flag != true) do={ :set flag true; :if ([/interface pptp-client get vpn disabled] != false) do={ /interface pptp-client set vpn disabled=no; }; :if ([/interface ethernet poe get link poe-out] != "off") do={ /interface ethernet poe set link poe-out=off; } }; :if ([/interface pptp-client get vpn running] = true) do={ :if ([/ping address=$gateway interface=vpn count=1 interval=200ms size=1500] = 1) do={ :if ([/interface bridge get test3 disabled] != false) do={ /interface bridge set test3 disabled=no; } } else={ :if ([/interface bridge get test3 disabled] != false) do={ /interface bridge set test3 disabled=no; }; :delay 0.5; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; }; :delay 0.5; } } else={ :if ([/interface bridge get test3 disabled] != false) do={ /interface bridge set test3 disabled=no; }; :delay 0.5; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; }; :delay 0.5; } } } else={ :if ([/interface ethernet poe get link poe-out] = "auto-on") do={ /interface ethernet poe set link poe-out=off; }; :if ([/interface pptp-client get vpn disabled] != true) do={ /interface pptp-client set vpn disabled=yes; }; :set flag false; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; }; :if ([/interface bridge get test2 disabled] != false) do={ /interface bridge set test2 disabled=no; }; :delay 0.5; :if ([/interface bridge get test2 disabled] != true) do={ /interface bridge set test2 disabled=yes; }; :delay 0.5; } } else={ :if ([/interface ethernet poe get link poe-out] = "auto-on") do={ /interface ethernet poe set link poe-out=off; }; :if ([/interface pptp-client get vpn disabled] != true) do={ /interface pptp-client set vpn disabled=yes; }; :set flag false; :if ([/interface bridge get test2 disabled] != true) do={ /interface bridge set test2 disabled=yes; }; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; } } } else={ :if ([/interface ethernet poe get link poe-out] = "auto-on") do={ /interface ethernet poe set link poe-out=off; }; :if ([/interface pptp-client get vpn disabled] != true) do={ /interface pptp-client set vpn disabled=yes; }; :set flag false; :if ([/interface bridge get test1 disabled] != true) do={ /interface bridge set test1 disabled=yes; }; :if ([/interface bridge get test2 disabled] != true) do={ /interface bridge set test2 disabled=yes; }; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; } } } else={ :if ([/interface ethernet poe get link poe-out] != "forced-on") do={ /interface ethernet poe set link poe-out=forced-on; }; :if ([/interface pptp-client get vpn disabled] != true) do={ /interface pptp-client set vpn disabled=yes; }; :set flag false; :if ([/interface bridge get test1 disabled] != true) do={ /interface bridge set test1 disabled=yes; }; :if ([/interface bridge get test2 disabled] != true) do={ /interface bridge set test2 disabled=yes; }; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; }; :delay 3; } }; :if ([/interface ethernet poe get link poe-out] != "off") do={ /interface ethernet poe set link poe-out=off; }; :if ([/interface pptp-client get vpn disabled] != true) do={ /interface pptp-client set vpn disabled=yes; }; :if ([/interface bridge get test1 disabled] != true) do={ /interface bridge set test1 disabled=yes; }; :if ([/interface bridge get test2 disabled] != true) do={ /interface bridge set test2 disabled=yes; }; :if ([/interface bridge get test3 disabled] != true) do={ /interface bridge set test3 disabled=yes; }; :if ([/interface bridge get off disabled] != true) do={ /interface bridge set off disabled=yes; } } ] } The script itself should start immediately after starting the router. To do this, use the scheduler :
/system scheduler add name=tester on-event=":delay 3;/system script run tester;" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=startup Config router.
# RouterOS 6.21.1 # /interface bridge add disabled=yes mtu=1500 name=off add mtu=1500 name=test1 add mtu=1500 name=test2 add mtu=1500 name=test3 /interface ethernet set [ find default-name=ether1 ] name=ethernet set [ find default-name=ether2 ] name=link poe-out=off /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce \ country=russia disabled=no distance=indoors frequency=2437 \ frequency-mode=superchannel l2mtu=1600 mode=ap-bridge radio-name="" ssid=\ wifi wireless-protocol=802.11 /interface wireless nstreme set wlan1 enable-polling=no /ip neighbor discovery set ethernet discover=no /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \ group-ciphers=tkip,aes-ccm mode=dynamic-keys unicast-ciphers=tkip,aes-ccm \ wpa-pre-shared-key= wpa2-pre-shared-key= /ip pool add name=default-dhcp ranges=192.168.88.10-192.168.88.254 /ip dhcp-server add address-pool=default-dhcp disabled=no interface=wlan1 name=default /interface pptp-client add add-default-route=no allow=mschap1,mschap2 connect-to=vpn..ru \ dial-on-demand=no disabled=no keepalive-timeout=60 max-mru=1400 max-mtu=\ 1400 mrru=disabled name=vpn password= profile=default-encryption \ user= /system logging action set 1 disk-file-name="" set 2 remember=yes /interface bridge port add interface=link add interface=wlan1 /ip address add address=192.168.88.1/24 interface=wlan1 \ network=192.168.88.0 /ip dhcp-client add dhcp-options=hostname,clientid disabled=\ no interface=ethernet use-peer-ntp=no /ip dhcp-server network add address=192.168.88.0/24 dns-server=\ 192.168.88.1 gateway=192.168.88.1 /ip dns set allow-remote-requests=yes /ip dns static add address=192.168.88.1 name=router /ip firewall filter add chain=input protocol=icmp add chain=input connection-state=established add chain=input connection-state=related add action=drop chain=input in-interface=\ all-ppp add chain=forward connection-state=\ established add chain=forward connection-state=related add action=drop chain=forward \ connection-state=invalid /ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=vpn src-address=\ 192.168.88.10-192.168.88.254 /ip firewall nat add action=masquerade chain=srcnat \ out-interface=all-ppp /ip route add distance=1 gateway=vpn routing-mark=vpn /ip upnp set allow-disable-external-interface=no /snmp set trap-community=public /system clock manual set time-zone=+05:00 /system leds set 1 interface=wlan1 type=wireless-status set 3 interface=test2 type=interface-status set 4 interface=test1 type=interface-status add interface=test3 leds=user-led type=interface-status /system routerboard settings set cpu-frequency=400MHz /system scheduler add name=tester on-event=":delay 3;\r\ \n/system script run tester;" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive start-time=\ startup /system script add name=tester policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive source="{:log i\ nfo [:time {:local gateway \"8.8.8.8\";/interface bridge set test1 di\ sabled=yes;/interface bridge set test2 disabled=yes;/interface bridge set \ test3 disabled=yes;/interface ethernet poe set link poe-out=forced-on;/int\ erface pptp-client set vpn disabled=yes;:delay 3;:local link;:local status\ ;:local flag false;:while ([/interface bridge get off disabled] = true) do\ ={/interface ethernet cable-test ethernet once do={:set link \$\"status\";\ };:if (\$link = \"link-ok\") do={:if ([/interface ethernet poe get link po\ e-out] = \"forced-on\") do={/interface ethernet poe set link poe-out=off;}\ ;:if ([/interface ethernet get ethernet speed] = \"100Mbps\") do={:if ([/i\ nterface bridge get test1 disabled] != false) do={/interface bridge set te\ st1 disabled=no;};:if ([/ping address=[/ip dhcp-client get 0 gateway] inte\ rface=ethernet count=1 interval=200ms] = 1) do={:if ([/ping address=[/ip d\ hcp-client get 0 gateway] interface=ethernet count=1 interval=200ms size=1\ 500] = 1) do={:if ([/interface bridge get test2 disabled] != false) do={/i\ nterface bridge set test2 disabled=no;};:if (\$flag != true) do={:if ([/in\ terface ethernet poe get link poe-out] != \"auto-on\") do={/interface ethe\ rnet poe set link poe-out=auto-on;}};/interface ethernet poe monitor link \ once do={:set status \$\"poe-out-status\";};:if (([/interface ethernet poe\ \_get link poe-out] = \"auto-on\" and \$status = \"powered-on\") or \$flag\ \_= true) do={:if (\$flag != true) do={:set flag true;:if ([/interface ppt\ p-client get vpn disabled] != false) do={/interface pptp-client set vpn di\ sabled=no;};:if ([/interface ethernet poe get link poe-out] != \"off\") do\ ={/interface ethernet poe set link poe-out=off;}};:if ([/interface pptp-cl\ ient get vpn running] = true) do={:if ([/ping address=\$gateway interface=\ vpn count=1 interval=200ms size=1500] = 1) do={:if ([/interface bridge get\ \_test3 disabled] != false) do={/interface bridge set test3 disabled=no;}}\ \_else={:if ([/interface bridge get test3 disabled] != false) do={/interfa\ ce bridge set test3 disabled=no;};:delay 0.5;:if ([/interface bridge get t\ est3 disabled] != true) do={/interface bridge set test3 disabled=yes;};:de\ lay 0.5;}} else={:if ([/interface bridge get test3 disabled] != false) do=\ {/interface bridge set test3 disabled=no;};:delay 0.5;:if ([/interface bri\ dge get test3 disabled] != true) do={/interface bridge set test3 disabled=\ yes;};:delay 0.5;}}} else={:if ([/interface ethernet poe get link poe-out]\ \_= \"auto-on\") do={/interface ethernet poe set link poe-out=off;};:if ([\ /interface pptp-client get vpn disabled] != true) do={/interface pptp-clie\ nt set vpn disabled=yes;};:set flag false;:if ([/interface bridge get test\ 3 disabled] != true) do={/interface bridge set test3 disabled=yes;};:if ([\ /interface bridge get test2 disabled] != false) do={/interface bridge set \ test2 disabled=no;};:delay 0.5;:if ([/interface bridge get test2 disabled]\ \_!= true) do={/interface bridge set test2 disabled=yes;};:delay 0.5;}} el\ se={:if ([/interface ethernet poe get link poe-out] = \"auto-on\") do={/in\ terface ethernet poe set link poe-out=off;};:if ([/interface pptp-client g\ et vpn disabled] != true) do={/interface pptp-client set vpn disabled=yes;\ };:set flag false;:if ([/interface bridge get test2 disabled] != true) do=\ {/interface bridge set test2 disabled=yes;};:if ([/interface bridge get te\ st3 disabled] != true) do={/interface bridge set test3 disabled=yes;}}} el\ se={:if ([/interface ethernet poe get link poe-out] = \"auto-on\") do={/in\ terface ethernet poe set link poe-out=off;};:if ([/interface pptp-client g\ et vpn disabled] != true) do={/interface pptp-client set vpn disabled=yes;\ };:set flag false;:if ([/interface bridge get test1 disabled] != true) do=\ {/interface bridge set test1 disabled=yes;};:if ([/interface bridge get te\ st2 disabled] != true) do={/interface bridge set test2 disabled=yes;};:if \ ([/interface bridge get test3 disabled] != true) do={/interface bridge set\ \_test3 disabled=yes;}}} else={:if ([/interface ethernet poe get link poe-\ out] != \"forced-on\") do={/interface ethernet poe set link poe-out=forced\ -on;};:if ([/interface pptp-client get vpn disabled] != true) do={/interfa\ ce pptp-client set vpn disabled=yes;};:set flag false;:if ([/interface bri\ dge get test1 disabled] != true) do={/interface bridge set test1 disabled=\ yes;};:if ([/interface bridge get test2 disabled] != true) do={/interface \ bridge set test2 disabled=yes;};:if ([/interface bridge get test3 disabled\ ] != true) do={/interface bridge set test3 disabled=yes;};:delay 3;}};:if \ ([/interface ethernet poe get link poe-out] != \"off\") do={/interface eth\ ernet poe set link poe-out=off;};:if ([/interface pptp-client get vpn disa\ bled] != true) do={/interface pptp-client set vpn disabled=yes;};:if ([/in\ terface bridge get test1 disabled] != true) do={/interface bridge set test\ 1 disabled=yes;};:if ([/interface bridge get test2 disabled] != true) do={\ /interface bridge set test2 disabled=yes;};:if ([/interface bridge get tes\ t3 disabled] != true) do={/interface bridge set test3 disabled=yes;};:if (\ [/interface bridge get off disabled] != true) do={/interface bridge set of\ f disabled=yes;}}]}" /tool mac-server set [ find default=yes ] disabled=yes add interface=link add interface=wlan1 add interface=ethernet /tool mac-server mac-winbox set [ find default=yes ] disabled=yes add interface=link add interface=wlan1 add interface=ethernet I hope this material will be useful to someone.
At the end I will attach some photos of crafts.
PS Now, at the press of a button, the statistics are also reset to the email of the sysadmin. Also the result of the channel width test and some more information that may be useful.
Source: https://habr.com/ru/post/364593/
All Articles