CRS3xx, CRS5xx

Reset RouterOS to defaults

Reset the system and have no default config

/system reset-configuration no-defaults=yes skip-backup=yes
hit 'y' to reboot

It is strongly recommended to upgrade the bootloader after RouterOS update. To upgrade the bootloader, execute command /system routerboard upgrade in CLI, followed by a reboot. Alternatively, navigate to the GUI System → RouterBOARD menu and click the “Upgrade” button, then reboot the device.

default login creds are admin/no pw

NOT ALL MODELS! ‘r’ to prevent the firmware from loading a bunch of preconfigured options

For the CRS309, turn off Power LED after 1 min

/system leds setting set all-leds-off=after-1min

Email setup

/tool e-mail
set server=igly.one
set port=587
set tls=starttls
set from=crs309-1@fail.pm
set user="some@vaild.user"
set password="some password"

/tool e-mail send to="some@vaild.email" subject="TEST" body="TEST"

acme dns deploy

while this works for internal ACME server, i haven’t figured out automatic renewal yet. Should work with internet addressable official acme server. For those crazy enough to put their switches on the internet.

/certificate enable-ssl-certificate duration=8h directory-url=https://acme.lair.lan/acme/failpm/directory dns-name=crs309-1.mgt.lair.lan,crs309-1.lair.lan
/certificate enable-ssl-certificate duration=8h directory-url=https://acme.lair.lan/acme/failpm/directory dns-name=crs309-2.mgt.lair.lan,crs309-2.lair.lan
/certificate enable-ssl-certificate duration=8h directory-url=https://acme.lair.lan/acme/failpm/directory dns-name=crs326.mgt.lair.lan,crs326.lair.lan

Initial mgt setup

/interface bridge add admin-mac=<INSERT MAC> auto-mac=no mtu=9000 name=bridge1 vlan-filtering=yes
/interface ethernet set sfp-sfpplus1 l2mtu=10218 mtu=9000
/interface vlan add comment="MGT Address" interface=bridge1 mtu=9000 name=INT_VLAN3254 vlan-id=3254
/interface bridge port add bridge=bridge1 frame-types=admit-only-vlan-tagged interface=sfp-sfpplus1
/interface bridge vlan add bridge=bridge1 tagged=sfp-sfpplus1 vlan-ids=3254
/ip address add address=10.254.0.5/27 interface=INT_VLAN3254 network=10.254.0.0
/ip route add gateway=10.254.0.1
/ip dns set servers=10.0.20.3

Port Mirroring

https://help.mikrotik.com/docs/spaces/ROS/pages/30474317/CRS3xx+CRS5xx+CCR2116+CCR2216+switch+chip+features#CRS3xx,CRS5xx,CCR2116,CCR2216switchchipfeatures-Mirroring

# Since RouterOS v7.15
/interface ethernet switch port set sfp2-opn-pve03 mirror-egress=yes mirror-ingress=yes
/interface ethernet switch set switch1 mirror-target=sfp5-mirror

CAPSMAN

CAPsMAN

Links:

• https://help.mikrotik.com/docs/display/ROS/CHR+ProxMox+installation
• MikroTik scripting cheatsheet.pdf