Here's how I deployed a new IP scheme to a site.

Share your Config Push presets or discuss automation in general
Post Reply
Posts: 60
Joined: Thu Nov 02, 2017 7:29 pm
Location: Orlando, FL

Thu Mar 28, 2019 7:35 pm

Our company used a lot of 192.168.X.Y networks... it was ugly.
Our new network essentially changed to 10.SiteID.VLANID.Host for consistency. This allowed us to programmatically deploy the networks without having to manually type in anything or very little after the OSPF IP and new SiteID.

To simplify the change over, I needed a way to do this systematically to reduce manual time during change over and to prevent mistakes when time counts.

First, I identified each sites OSPF IP and put this in the first array and gave each site an ID.
Second, programmatically grabbed the OSPF RouterID for the router this script is/was running against. This ensures that when the scripts runs and

Adds new VLAN IPs and nat entries for WOL (because Mikrotik by default blocks sending packets to the broadcast IP cross network)

Adds new DHCP relays for those networks that require dhcp.
Add new private WAN IP for each connection as well.

As you can imagine, it took me a while to learn the RouterOS methodology for coding and I hope this might help someone save some time.

Code: Select all

/system backup save dont-encrypt=yes name=BeforeNewIPScheme

:global "oldOSPFip" {""="40";""="25";""="55";""="30";""="50";""="60";""="65";""="35";""="70";""="45";""="75"};
:global "oldOSPFid" [/routing ospf instance get value-name=router-id number=[find]];
:global "newVlanArray" {"104"="104-MGMT";"116"="116-security";"152"="152-pcdata";"160"="160-printers";"168"="168-voice";"176"="176-wireless"};
:global "newWANIPArray" {"WAN1"="10.1.251.";"WAN2"="10.1.252."}
:global "wan1eth" "ether12"
:global "wan2eth" "ether11"

##Find the oldOSPID to set the RouterID.  Use Router ID to create IPscheme2 array
:foreach k,v in=$oldOSPFip do={
    :if ($oldOSPFid=$k) do={
        :global "routerID" $v;
        :global "ipscheme2" {"104-MGMT"="10.$routerID.104.1";"116-security"="10.$routerID.116.1";"152-pcdata"="10.$routerID.152.1";"160-printers"="10.$routerID.160.1";"168-voice"="10.$routerID.168.1";"176-wireless"="10.$routerID.176.1"}}};

##Add New VLAN Ips to VLAN Interfaces and add ARP entries for WOL as well as NAT entries for WOL
/ip firewall nat remove numbers=[find comment~"WOL"]
:foreach k,v in=$ipscheme2 do={
    :global "vlanIP" ("$v"."/24")
    :global "vlanInterface" $k
    :if ($k="152-pcdata" or $k="176-wireless") do={
        :global "wolIPaddress" ([:pick $v 0 ([:len $v] -1)] . "254")
        :global "vlanIPnetwork" ([:pick $v 0 ([:len $v] -1)] . "0/24")
        :do {/ip arp add address=$wolIPaddress mac-address=FF:FF:FF:FF:FF:FF interface=$k comment="WOL Broadcast - $k";} on-error={:put "ARP entry already exists"}
        /ip firewall nat add action=dst-nat chain=dstnat comment="WOL NAT Rule - $k" dst-address=$vlanIPnetwork dst-port=9 protocol=udp to-addresses=$wolIPaddress
    :do {/ip address add address=$vlanIP interface=$vlanInterface comment="$vlanInterface Network";} on-error={:put "$v Network exists"}

##Add NAT rules for WOL

/ip firewall nat add action=dst-nat chain=dstnat comment="WOL NAT Rule2" dst-address= dst-port=9 protocol=udp to-addresses=

##Add new WAN IPs
:global "WANIP1" (($newWANIPArray-> "WAN1")."$routerID"."/24")
:global "WANIP2" (($newWANIPArray-> "WAN2")."$routerID"."/24")
:do {/ip address add address=$WANIP1 interface=$wan1eth comment="WAN1";} on-error={:put "$WANIP1 Network Exists"}
:do {/ip address add address=$WANIP2 interface=$wan2eth comment="WAN2";} on-error={:put "$WANIP2 Network Exists"}

##Add new DHCP Relays and then remove MGMT VLan from dhcp relay

:foreach k,v in=$newVlanArray do={
    :do {/ip dhcp-relay add dhcp-server= disabled=no interface=$v name="$v relay";} on-error={:put "$v relay already exists"}
/ip dhcp-relay 
remove [find interface=[:pick $newVlanArray 0]]

##Finished adding new IPS to site router - EOF
Post Reply