Tagged Under:
Document revision 29-Nov-2002
This document applies to the MikroTik RouterOS v2.6
Overview
The Terminal Console is used for accessing the MikroTik Router configuration and management features using text terminals, i.e., remote terminal clients, as well as local monitor and keyboard. The Terminal Console is used for writing scripts. This manual describes the general console operation principles. Please consult the Scripting Manual on some advanced console commands and on how to write scripts.
Contents of the Manual
The following topics are covered in this manual:
Overview of Common Functions
Lists
Item Names
Quick Typing
Help
Multiple Items
General Commands
Overview of Common Functions
The console allows configuration of the router settings using text commands. The command structure is similar to the Unix shell. Since there's a lot of available commands, they're split into hierarchy. For example, all (well, almost all) commands that work with routes start with ip route:
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
r 192.168.1.254 ether4
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] > ip route set 0 gateway=10.0.0.1
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] >
Instead of typing ip route before each command, ip route can be typed once to "change into" that particular branch of command hierarchy. Thus, the example above could also be executed like this:
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] ip route>
Notice that prompt changes to show where in the command hierarchy you are located at the moment. To change to top level, type /
[admin@MikroTik] ip route> /
[admin@MikroTik] >
To move up one command level, type ..
[admin@MikroTik] ip route> ..
[admin@MikroTik] ip>
You can also use / and .. to execute commands from other levels without changing the current level:
[admin@MikroTik] ip route> /ping 10.0.0.10
10.0.0.10 64 byte pong: ttl=128 time=5 ms
10.0.0.10 64 byte pong: ttl=128 time=6 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 5/5.5/6 ms
[admin@MikroTik] ip route>
Or alternatively, to go back to the base level you could use the .. twice:
[admin@MikroTik] ip route> .. .. ping 10.0.0.10
10.0.0.10 64 byte pong: ttl=128 time=8 ms
10.0.0.10 64 byte pong: ttl=128 time=6 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6/7.0/8 ms
[admin@MikroTik] ip route>
Lists
Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similarly looking lists. All items in the list have an item number followed by its parameter values. For example:
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
4 R prism1 prism 1500
[admin@MikroTik] >
To change parameters of an item (interface settings in this particular case), you have to specify it's number to the set command:
[admin@MikroTik] interface> set 0 mtu=1460
[admin@MikroTik] interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1460
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
4 R prism1 prism 1500
[admin@MikroTik] interface>
Numbers are assigned by print command and are not constant - it is possible that two successive print commands will order items differently. But the results of last print commands are memorized and, thus, once assigned item numbers can be used even after add, remove and move operations (after move operations, item numbers are moved with the items). Item numbers are assigned for sessions, they will remain the same until you quit the console or until the next print command is executed. Also, numbers are assigned separately for every item list, so ip address print won't change numbers for interface list.
Let's assume interface prism print hasn't been executed in this session. In this case:
[admin@MikroTik] interface> prism set 0 ssid=mt
ERROR: item numbers not assigned
Console is telling that there has been no interface prism print command, and thus, it cannot (and also you) know which PRISM interface number 0 corresponds to.
To understand better how do item numbers work, you can play with from argument of print commands:
[admin@MikroTik] interface> print from=1
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether2 ether 1500
[admin@MikroTik] interface>
The from argument specifies what items to show. Numbers are assigned by every print command, thus, after executing command above there will be only one item accessible by number - interface ether2 with number 0.
Item Names
Some lists have items that have specific names assigned to each. Examples are interface or user levels. There you can use item names instead of numbers:
[admin@MikroTik] interface> set prism1 mtu=1460
You don't have to use the print command before accessing items by name. As opposed to numbers, names are not assigned by the console internally, but are one of the items' parameters. Thus, they won't change on their own. However, there are all kinds of obscure situations possible when several users are changing router configuration at the same time. Generally, item names are more "stable" than numbers, and also more informative, so you should prefer them to numbers when writing console scripts.
Quick Typing
There are two features in router console that help entering commands much quicker and easier - the [TAB] key completions, and abbreviations of command names. Completions work similarly to the bash shell in UNIX. If you press the [Tab] key after part of a word, console tries to find the command in current context that begins with this word. If there's only one match, it is automatically appended, followed by space character:
/inte[TAB]_ becomes /interface _
Here, "_" is the cursor position. And [TAB] is pressed TAB key, not '[TAB]' character sequence.
If there's more than one match, but they all have a common beginning, which is longer than that what you have typed, then the word is completed to this common part, and no space is appended:
/interface set e[TAB]_
becomes
/interface set ether_
because "e" matches both "ether5" and "ether1" in this example
If you've typed just the common part, pressing the tab key once has no effect. However, pressing it for the second time shows all possible completions in compact form:
[admin@MikroTik] > interface set e[TAB]_
[admin@MikroTik] > interface set ether[TAB]_
[admin@MikroTik] > interface set ether[TAB]_
ether1 ether5
[admin@MikroTik] > interface set ether_
The tab key can be used almost in any context where the console might have a clue about possible values - command names, argument names, arguments that have only several possible values (like names of items in some lists or name of protocol in firewall and NAT rules).You can't complete numbers, IP addresses and similar values.
Note that pressing [TAB] key while entering IP address will do a DNS lookup, instead of completion. If what is typed before cursor is a valid IP address, it will be resolved to a DNS name (reverse resolve), otherwise it will be resolved directly (i.e. to an IP address). To use this feature, DNS server must be configured and working. To avoid input lockups any such lookup will timeout after half a second, so you might have to press [TAB] several times, before name is actually resolved
It is possible to complete not only beginning, but also any distinctive substring of name: if there is no exact match, console starts looking for words that have string being completed as first letters of a multiple word name, or that simply contain letters of this string in the same order. If single such word is found, it is completed at cursor position. For example:
[admin@MikroTik] > interface x[TAB]_
[admin@MikroTik] > interface export _
x is completed to export, because no other word in this context contains 'x'.
[admin@MikroTik] > interface mt[TAB]_
[admin@MikroTik] > interface monitor-traffic _
No word begins with letters 'mt', but it is an abbreviation of monitor-traffic.
Another way to press fewer keys while typing is to abbreviate command and argument names. You can type only beginning of command name, and, if it is not ambiguous, console will accept it as a full name. So typing:
[admin@MikroTik] > pi 10.1 c 3 s 100
equals to:
[admin@MikroTik] > ping 10.0.0.1 count 3 size 100
Help
The console has a built-in help, which can be accessed by typing '?'. General rule is that help shows what you can type in position where the '?' was pressed (similarly to pressing tab key twice, but in verbose form and with explanations).
Internal Item numbers
Items can also be addressed by their internal numbers. These numbers are generated by console for scripting purposes and, as the name implies, are used internally. Although you can see them if you print return values of some commands (internal numbers look like hex number preceeded by '*' - for example "*100A"), there's no reason for you to type them in manually.
Note: As an implication of internal number format, you should not use item names that begin with asterisk (*).
Multiple Items
You can specify multiple items as targets of some commands. Almost everywhere, where you can write the number of items, you can also write a list of numbers:
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
[admin@MikroTik] > interface set 0,1,2 mtu=1460
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1460
1 R ether2 ether 1460
2 R ether3 ether 1460
3 R ether4 ether 1500
[admin@MikroTik] >
This is handy when you want to perform same action on several items, or do a selective export. However, this feature becomes really useful when combined with scripting.
General Commands
Most command groups have some or all of these commands: print, set, remove, add, find, get, export, enable, disable, comment, move. These commands have similar behavior in all hierarchy.
print
The print command shows all information that's accessible from particular command level. Thus, /system clock print shows system date and time, /ip route print shows all routes etc. If there's a list of items in this level and they are not read-only, i.e. you can change/remove them (example of read-only item list is /system history, which shows history of executed actions), then print command also assigns numbers that are used by all commands that operate on items in this list.
If there's list of items then print usually can have a from argument. The from argument accepts space separated list of item numbers, names (if items have them), and internal numbers. The action (printing) is performed on all items in this list in the same order in which they're given.
Output can be formatted either as a table, with one item per line or as a list with property=value pairs for each item. By default print uses one of these forms, but it can be set explicitly with brief and detail arguments. In brief (table) form, column argument can be set to a list of property names that should be shown in the table:
[admin@MikroTik] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R ether1 1460 00:50:08:00:00:F5 enabled
1 R ether2 1460 00:50:08:00:00:F6 enabled
[admin@MikroTik] interface ethernet> print detail
Flags: X - disabled, R - running
0 R name="ether1" mtu=1460 mac-address=00:50:08:00:00:F5 arp=enabled
disable-running-check=yes
1 R name="ether2" mtu=1460 mac-address=00:50:08:00:00:F6 arp=enabled
disable-running-check=yes
[admin@MikroTik] interface ethernet> print brief column=mtu,arp
Flags: X - disabled, R - running
# MTU ARP
0 R 1460 enabled
1 R 1460 enabled
[admin@MikroTik] interface ethernet> print
Rules that do some accounting (for example, ip firewall or queue rules) may have two additional views of packets and of bytes matched these rules:
[admin@MikroTik] ip firewall rule forward> print packets
Flags: X - disabled, I - invalid
# SRC-ADDRESS DST-ADDRESS PACKETS
0 0.0.0.0/0:0-65535 0.0.0.0/0:0-65535 0
[admin@MikroTik] ip firewall rule forward> print bytes
Flags: X - disabled, I - invalid
# SRC-ADDRESS DST-ADDRESS BYTES
0 0.0.0.0/0:0-65535 0.0.0.0/0:0-65535 0
[admin@MikroTik] ip firewall rule forward>
To reset these counters reset-counters command is used.
Some items might have statistics other than matched bytes and packets. You can see it by using print stats command:
[admin@MikroTik] ip ipsec> policy print stats
Flags: X - disabled, I - invalid
0 src-address=10.0.0.205/32:any dst-address=10.0.0.201/32:any
protocol=icmp ph2-state=no-phase2 in-accepted=0 in-dropped=0
out-accepted=0 out-dropped=0 encrypted=0 not-encrypted=0 decrypted=0
not-decrypted=0
[admin@MikroTik] ip ipsec>
There is also migtht be print status command:
[admin@MikroTik] routing bgp peer> print status
# REMOTE-ADDRESS REMOTE-AS STATE ROUTES-RECEIVED
0 159.148.42.158 2588 connected 1
[admin@MikroTik] routing bgp>
Normally, the print command pauses after the screen is full and asks whether to continue or not. Press any key other from Q or q to continue printing.
The without-paging argument suppresses prompting after each screen of output.
You can specify interval for repeating the command until Ctrl-C is pressed. Thus, you do not need to repeatedly press the 'Up-Arrow' and 'Enter' buttons to see repeated printouts of a changing list you want to monitor. Instead, you use the argument interval=2s for print.
set
The set command allows you to change values of general parameters or item parameters. The set command has arguments with names corresponding to values you can change. Use ? or double [TAB] to see list of all arguments. If there is list of items in this command level, then set has one unnamed argument that accepts the number of item (or list of numbers) you wish to set up. set does not return anything.
remove
The remove command has one unnamed argument, which contains number(s) of item(s) to remove.
add
The add command usually has the same arguments as set, minus the unnamed number argument. It adds new item with values you've specified, usually to the end of list (in places where order is relevant). There are some values that you have to supply (like interface for new route), and other values that are set to defaults if you don't supply them. The add command returns internal number of item it has added.
You can create a copy of an existing item by using copy-from argument. It takes default values of new item's properties from another item. If you don't want exact copy, you can specify new values for some properties. When copying items that have names, you will usually have to give new name to a copy.
You can place a new item before an existing item by using place-before argument. Thus, you do not need to use the move command after adding an item to the list. You can control disabled/enabled state of new items by using disabled argument, if present. You can supply description for new item using comment argument, if present:
[admin@MikroTik] ip route> set 0 comment="our default gateway"
[admin@MikroTik] ip route> set 1 comment="wireless network gateway"
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S ;;; our default gateway
0.0.0.0/0 r 10.0.0.1 1 ether6
1 S ;;; wireless network gateway
10.100.0.0/16 r 10.0.0.254 1 ether6
2 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
3 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
[admin@MikroTik] ip route>
move
If the order of items is relevant, command level will also contain move command. First argument is a list of items, whose order will be changed, second argument specifies item before which to place all items being moved (they are placed at the end of the list if second argument is not given). Item numbers after move command are left in a consistent, but hardly intuitive order, so it's better to resync by using print after each move command.
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 0.0.0.0/0:80 0.0.0.0/0:0-65535
1 1.1.1.1/32:80 0.0.0.0/0:0-65535
2 2.2.2.2/32:80 0.0.0.0/0:0-65535
3 3.3.3.3/32:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 0
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 1.1.1.1/32:80 0.0.0.0/0:0-65535
1 2.2.2.2/32:80 0.0.0.0/0:0-65535
2 3.3.3.3/32:80 0.0.0.0/0:0-65535
3 0.0.0.0/0:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 0 2
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 2.2.2.2/32:80 0.0.0.0/0:0-65535
1 3.3.3.3/32:80 0.0.0.0/0:0-65535
2 1.1.1.1/32:80 0.0.0.0/0:0-65535
3 0.0.0.0/0:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 3,2,0 0
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 0.0.0.0/0:80 0.0.0.0/0:0-65535
1 1.1.1.1/32:80 0.0.0.0/0:0-65535
2 2.2.2.2/32:80 0.0.0.0/0:0-65535
3 3.3.3.3/32:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle>
find
The find command has the same arguments as set, and an additional from argument which works like the from argument with the print command. Plus, find command has flag arguments like disabled, invalid that take values yes or no depending on the value of respective flag. To see all flags and their names, look at the top of print command's output. The find command returns internal numbers of all items that have the same values of arguments as specified.
export
The export command prints a script that can be used to restore configuration. If it has the argument from, then it is possible to export only specified items. Also, if the from argument is given, export does not descend recursively through the command hierarchy. The export command also has the argument file, which allows you to save the script in file on router to retrieve it later via ftp. Note that it is not possible to bring back router configuration after reset just from the export scripts. Some important things like interface name assignment, or user passwords just cannot be saved in export script. To back up all configuration, use /system backup save command.
enable/disable
You can enable/disable some items (like ip address or default route). If an item is disabled, it is marked with the "X" flag. If an item is invalid, but not disabled, it is marked with the "I" flag. All such flags, if any, are described at the top of the print command's output.
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] >
© Copyright 1999-2001, MikroTik
Terminal Console Manual
Share
Document revision 29-Nov-2002
This document applies to the MikroTik RouterOS v2.6
Overview
The Terminal Console is used for accessing the MikroTik Router configuration and management features using text terminals, i.e., remote terminal clients, as well as local monitor and keyboard. The Terminal Console is used for writing scripts. This manual describes the general console operation principles. Please consult the Scripting Manual on some advanced console commands and on how to write scripts.
Contents of the Manual
The following topics are covered in this manual:
Overview of Common Functions
Lists
Item Names
Quick Typing
Help
Multiple Items
General Commands
Overview of Common Functions
The console allows configuration of the router settings using text commands. The command structure is similar to the Unix shell. Since there's a lot of available commands, they're split into hierarchy. For example, all (well, almost all) commands that work with routes start with ip route:
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
r 192.168.1.254 ether4
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] > ip route set 0 gateway=10.0.0.1
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] >
Instead of typing ip route before each command, ip route can be typed once to "change into" that particular branch of command hierarchy. Thus, the example above could also be executed like this:
[admin@MikroTik] > ip route
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] ip route>
Notice that prompt changes to show where in the command hierarchy you are located at the moment. To change to top level, type /
[admin@MikroTik] ip route> /
[admin@MikroTik] >
To move up one command level, type ..
[admin@MikroTik] ip route> ..
[admin@MikroTik] ip>
You can also use / and .. to execute commands from other levels without changing the current level:
[admin@MikroTik] ip route> /ping 10.0.0.10
10.0.0.10 64 byte pong: ttl=128 time=5 ms
10.0.0.10 64 byte pong: ttl=128 time=6 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 5/5.5/6 ms
[admin@MikroTik] ip route>
Or alternatively, to go back to the base level you could use the .. twice:
[admin@MikroTik] ip route> .. .. ping 10.0.0.10
10.0.0.10 64 byte pong: ttl=128 time=8 ms
10.0.0.10 64 byte pong: ttl=128 time=6 ms
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6/7.0/8 ms
[admin@MikroTik] ip route>
Lists
Many of the command levels operate with arrays of items: interfaces, routes, users etc. Such arrays are displayed in similarly looking lists. All items in the list have an item number followed by its parameter values. For example:
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
4 R prism1 prism 1500
[admin@MikroTik] >
To change parameters of an item (interface settings in this particular case), you have to specify it's number to the set command:
[admin@MikroTik] interface> set 0 mtu=1460
[admin@MikroTik] interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1460
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
4 R prism1 prism 1500
[admin@MikroTik] interface>
Numbers are assigned by print command and are not constant - it is possible that two successive print commands will order items differently. But the results of last print commands are memorized and, thus, once assigned item numbers can be used even after add, remove and move operations (after move operations, item numbers are moved with the items). Item numbers are assigned for sessions, they will remain the same until you quit the console or until the next print command is executed. Also, numbers are assigned separately for every item list, so ip address print won't change numbers for interface list.
Let's assume interface prism print hasn't been executed in this session. In this case:
[admin@MikroTik] interface> prism set 0 ssid=mt
ERROR: item numbers not assigned
Console is telling that there has been no interface prism print command, and thus, it cannot (and also you) know which PRISM interface number 0 corresponds to.
To understand better how do item numbers work, you can play with from argument of print commands:
[admin@MikroTik] interface> print from=1
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether2 ether 1500
[admin@MikroTik] interface>
The from argument specifies what items to show. Numbers are assigned by every print command, thus, after executing command above there will be only one item accessible by number - interface ether2 with number 0.
Item Names
Some lists have items that have specific names assigned to each. Examples are interface or user levels. There you can use item names instead of numbers:
[admin@MikroTik] interface> set prism1 mtu=1460
You don't have to use the print command before accessing items by name. As opposed to numbers, names are not assigned by the console internally, but are one of the items' parameters. Thus, they won't change on their own. However, there are all kinds of obscure situations possible when several users are changing router configuration at the same time. Generally, item names are more "stable" than numbers, and also more informative, so you should prefer them to numbers when writing console scripts.
Quick Typing
There are two features in router console that help entering commands much quicker and easier - the [TAB] key completions, and abbreviations of command names. Completions work similarly to the bash shell in UNIX. If you press the [Tab] key after part of a word, console tries to find the command in current context that begins with this word. If there's only one match, it is automatically appended, followed by space character:
/inte[TAB]_ becomes /interface _
Here, "_" is the cursor position. And [TAB] is pressed TAB key, not '[TAB]' character sequence.
If there's more than one match, but they all have a common beginning, which is longer than that what you have typed, then the word is completed to this common part, and no space is appended:
/interface set e[TAB]_
becomes
/interface set ether_
because "e" matches both "ether5" and "ether1" in this example
If you've typed just the common part, pressing the tab key once has no effect. However, pressing it for the second time shows all possible completions in compact form:
[admin@MikroTik] > interface set e[TAB]_
[admin@MikroTik] > interface set ether[TAB]_
[admin@MikroTik] > interface set ether[TAB]_
ether1 ether5
[admin@MikroTik] > interface set ether_
The tab key can be used almost in any context where the console might have a clue about possible values - command names, argument names, arguments that have only several possible values (like names of items in some lists or name of protocol in firewall and NAT rules).You can't complete numbers, IP addresses and similar values.
Note that pressing [TAB] key while entering IP address will do a DNS lookup, instead of completion. If what is typed before cursor is a valid IP address, it will be resolved to a DNS name (reverse resolve), otherwise it will be resolved directly (i.e. to an IP address). To use this feature, DNS server must be configured and working. To avoid input lockups any such lookup will timeout after half a second, so you might have to press [TAB] several times, before name is actually resolved
It is possible to complete not only beginning, but also any distinctive substring of name: if there is no exact match, console starts looking for words that have string being completed as first letters of a multiple word name, or that simply contain letters of this string in the same order. If single such word is found, it is completed at cursor position. For example:
[admin@MikroTik] > interface x[TAB]_
[admin@MikroTik] > interface export _
x is completed to export, because no other word in this context contains 'x'.
[admin@MikroTik] > interface mt[TAB]_
[admin@MikroTik] > interface monitor-traffic _
No word begins with letters 'mt', but it is an abbreviation of monitor-traffic.
Another way to press fewer keys while typing is to abbreviate command and argument names. You can type only beginning of command name, and, if it is not ambiguous, console will accept it as a full name. So typing:
[admin@MikroTik] > pi 10.1 c 3 s 100
equals to:
[admin@MikroTik] > ping 10.0.0.1 count 3 size 100
Help
The console has a built-in help, which can be accessed by typing '?'. General rule is that help shows what you can type in position where the '?' was pressed (similarly to pressing tab key twice, but in verbose form and with explanations).
Internal Item numbers
Items can also be addressed by their internal numbers. These numbers are generated by console for scripting purposes and, as the name implies, are used internally. Although you can see them if you print return values of some commands (internal numbers look like hex number preceeded by '*' - for example "*100A"), there's no reason for you to type them in manually.
Note: As an implication of internal number format, you should not use item names that begin with asterisk (*).
Multiple Items
You can specify multiple items as targets of some commands. Almost everywhere, where you can write the number of items, you can also write a list of numbers:
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1500
1 R ether2 ether 1500
2 R ether3 ether 1500
3 R ether4 ether 1500
[admin@MikroTik] > interface set 0,1,2 mtu=1460
[admin@MikroTik] > interface print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE MTU
0 R ether1 ether 1460
1 R ether2 ether 1460
2 R ether3 ether 1460
3 R ether4 ether 1500
[admin@MikroTik] >
This is handy when you want to perform same action on several items, or do a selective export. However, this feature becomes really useful when combined with scripting.
General Commands
Most command groups have some or all of these commands: print, set, remove, add, find, get, export, enable, disable, comment, move. These commands have similar behavior in all hierarchy.
The print command shows all information that's accessible from particular command level. Thus, /system clock print shows system date and time, /ip route print shows all routes etc. If there's a list of items in this level and they are not read-only, i.e. you can change/remove them (example of read-only item list is /system history, which shows history of executed actions), then print command also assigns numbers that are used by all commands that operate on items in this list.
If there's list of items then print usually can have a from argument. The from argument accepts space separated list of item numbers, names (if items have them), and internal numbers. The action (printing) is performed on all items in this list in the same order in which they're given.
Output can be formatted either as a table, with one item per line or as a list with property=value pairs for each item. By default print uses one of these forms, but it can be set explicitly with brief and detail arguments. In brief (table) form, column argument can be set to a list of property names that should be shown in the table:
[admin@MikroTik] interface ethernet> print
Flags: X - disabled, R - running
# NAME MTU MAC-ADDRESS ARP
0 R ether1 1460 00:50:08:00:00:F5 enabled
1 R ether2 1460 00:50:08:00:00:F6 enabled
[admin@MikroTik] interface ethernet> print detail
Flags: X - disabled, R - running
0 R name="ether1" mtu=1460 mac-address=00:50:08:00:00:F5 arp=enabled
disable-running-check=yes
1 R name="ether2" mtu=1460 mac-address=00:50:08:00:00:F6 arp=enabled
disable-running-check=yes
[admin@MikroTik] interface ethernet> print brief column=mtu,arp
Flags: X - disabled, R - running
# MTU ARP
0 R 1460 enabled
1 R 1460 enabled
[admin@MikroTik] interface ethernet> print
Rules that do some accounting (for example, ip firewall or queue rules) may have two additional views of packets and of bytes matched these rules:
[admin@MikroTik] ip firewall rule forward> print packets
Flags: X - disabled, I - invalid
# SRC-ADDRESS DST-ADDRESS PACKETS
0 0.0.0.0/0:0-65535 0.0.0.0/0:0-65535 0
[admin@MikroTik] ip firewall rule forward> print bytes
Flags: X - disabled, I - invalid
# SRC-ADDRESS DST-ADDRESS BYTES
0 0.0.0.0/0:0-65535 0.0.0.0/0:0-65535 0
[admin@MikroTik] ip firewall rule forward>
To reset these counters reset-counters command is used.
Some items might have statistics other than matched bytes and packets. You can see it by using print stats command:
[admin@MikroTik] ip ipsec> policy print stats
Flags: X - disabled, I - invalid
0 src-address=10.0.0.205/32:any dst-address=10.0.0.201/32:any
protocol=icmp ph2-state=no-phase2 in-accepted=0 in-dropped=0
out-accepted=0 out-dropped=0 encrypted=0 not-encrypted=0 decrypted=0
not-decrypted=0
[admin@MikroTik] ip ipsec>
There is also migtht be print status command:
[admin@MikroTik] routing bgp peer> print status
# REMOTE-ADDRESS REMOTE-AS STATE ROUTES-RECEIVED
0 159.148.42.158 2588 connected 1
[admin@MikroTik] routing bgp>
Normally, the print command pauses after the screen is full and asks whether to continue or not. Press any key other from Q or q to continue printing.
The without-paging argument suppresses prompting after each screen of output.
You can specify interval for repeating the command until Ctrl-C is pressed. Thus, you do not need to repeatedly press the 'Up-Arrow' and 'Enter' buttons to see repeated printouts of a changing list you want to monitor. Instead, you use the argument interval=2s for print.
set
The set command allows you to change values of general parameters or item parameters. The set command has arguments with names corresponding to values you can change. Use ? or double [TAB] to see list of all arguments. If there is list of items in this command level, then set has one unnamed argument that accepts the number of item (or list of numbers) you wish to set up. set does not return anything.
remove
The remove command has one unnamed argument, which contains number(s) of item(s) to remove.
add
The add command usually has the same arguments as set, minus the unnamed number argument. It adds new item with values you've specified, usually to the end of list (in places where order is relevant). There are some values that you have to supply (like interface for new route), and other values that are set to defaults if you don't supply them. The add command returns internal number of item it has added.
You can create a copy of an existing item by using copy-from argument. It takes default values of new item's properties from another item. If you don't want exact copy, you can specify new values for some properties. When copying items that have names, you will usually have to give new name to a copy.
You can place a new item before an existing item by using place-before argument. Thus, you do not need to use the move command after adding an item to the list. You can control disabled/enabled state of new items by using disabled argument, if present. You can supply description for new item using comment argument, if present:
[admin@MikroTik] ip route> set 0 comment="our default gateway"
[admin@MikroTik] ip route> set 1 comment="wireless network gateway"
[admin@MikroTik] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S ;;; our default gateway
0.0.0.0/0 r 10.0.0.1 1 ether6
1 S ;;; wireless network gateway
10.100.0.0/16 r 10.0.0.254 1 ether6
2 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
3 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
[admin@MikroTik] ip route>
move
If the order of items is relevant, command level will also contain move command. First argument is a list of items, whose order will be changed, second argument specifies item before which to place all items being moved (they are placed at the end of the list if second argument is not given). Item numbers after move command are left in a consistent, but hardly intuitive order, so it's better to resync by using print after each move command.
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 0.0.0.0/0:80 0.0.0.0/0:0-65535
1 1.1.1.1/32:80 0.0.0.0/0:0-65535
2 2.2.2.2/32:80 0.0.0.0/0:0-65535
3 3.3.3.3/32:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 0
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 1.1.1.1/32:80 0.0.0.0/0:0-65535
1 2.2.2.2/32:80 0.0.0.0/0:0-65535
2 3.3.3.3/32:80 0.0.0.0/0:0-65535
3 0.0.0.0/0:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 0 2
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 2.2.2.2/32:80 0.0.0.0/0:0-65535
1 3.3.3.3/32:80 0.0.0.0/0:0-65535
2 1.1.1.1/32:80 0.0.0.0/0:0-65535
3 0.0.0.0/0:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle> move 3,2,0 0
[admin@MikroTik] ip firewall mangle> print brief
Flags: X - disabled, I - invalid, D - dynamic
# SRC-ADDRESS DST-ADDRESS
0 0.0.0.0/0:80 0.0.0.0/0:0-65535
1 1.1.1.1/32:80 0.0.0.0/0:0-65535
2 2.2.2.2/32:80 0.0.0.0/0:0-65535
3 3.3.3.3/32:80 0.0.0.0/0:0-65535
[admin@MikroTik] ip firewall mangle>
find
The find command has the same arguments as set, and an additional from argument which works like the from argument with the print command. Plus, find command has flag arguments like disabled, invalid that take values yes or no depending on the value of respective flag. To see all flags and their names, look at the top of print command's output. The find command returns internal numbers of all items that have the same values of arguments as specified.
export
The export command prints a script that can be used to restore configuration. If it has the argument from, then it is possible to export only specified items. Also, if the from argument is given, export does not descend recursively through the command hierarchy. The export command also has the argument file, which allows you to save the script in file on router to retrieve it later via ftp. Note that it is not possible to bring back router configuration after reset just from the export scripts. Some important things like interface name assignment, or user passwords just cannot be saved in export script. To back up all configuration, use /system backup save command.
enable/disable
You can enable/disable some items (like ip address or default route). If an item is disabled, it is marked with the "X" flag. If an item is invalid, but not disabled, it is marked with the "I" flag. All such flags, if any, are described at the top of the print command's output.
[admin@MikroTik] > ip route print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, R - rip, O - ospf, B - bgp
# DST-ADDRESS G GATEWAY DISTANCE INTERFACE
0 S 0.0.0.0/0 r 10.0.0.1 1 ether6
1 DC 192.168.1.0/24 r 0.0.0.0 0 ether4
2 DC 10.10.10.0/24 r 0.0.0.0 0 prism1
3 DC 10.0.0.0/24 r 0.0.0.0 0 ether6
[admin@MikroTik] >
© Copyright 1999-2001, MikroTik
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment