PSRouterOS
This PowerShell module streamlines the administration of RouterOS devices, enabling automated configuration for efficient setup. Ideal for release pipelines, it simplifies device management and ensures consistent deployment. This project is a work in progress, and more functionality will be added in the future.
SHORT DESCRIPTION
Administration of RouterOS (MikroTik) devices.
Command Naming Convention
The cmdlets follow the naming convention of the RouterOS commands path.
For instance, the command /ip/route/print
becomes Get-RouterOsIpRoute
All cmdlets support a Session
or Credential
+ ComputerName
Command Comparison
EXAMPLES
An example of how to setup a simple Lan network.
Reset your device
Make sure to Reset your system before starting the configuration
# Empty string as the default password
$Default = $([pscredential]::New('admin',(ConvertTo-SecureString -String [string]::Empty -AsPlainText -Force)))
$Params = @{
ComputerName = '192.168.88.10'
Port = 22
Credential = $Default
Confirm = $false
SkipBackup = $true
NoDefaults = $true
}
Reset-RouterOsSystemConfig @Params
Example
Begin {
$Username = "Administrator"
$Password = "Ge9HD^zccG6SyZ4XtZLj"
$SecurePassword = $(ConvertTo-SecureString -String $Password -AsPlainText -Force)
$Credential = $([pscredential]::New($Username,$SecurePassword))
# Empty string as password
$Default = $([pscredential]::New('admin',(ConvertTo-SecureString -String [string]::Empty -AsPlainText -Force)))
$Computer = '192.168.88.10'
$BridgeName = "local"
$DhcpPool = "dhcp_pool"
$DhcpName = "dhcp"
}
Process {
# Add a new user to replace the default user and give it full access
Add-RouterOsUser -ComputerName $Computer -Port 22 -Credential $Default -Name $Username -Password $SecurePassword -Group full
# Disable insecure services
Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "telnet","ftp","www","api" -Disabled yes
# Change default ssh port
Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "ssh" -ServicePort 2200
# Disable Bandwidth tools
Set-RouterOsToolBandwidthServer -ComputerName $Computer -Port 22 -Credential $Default -Enabled "no"
# Allow access from the management network
Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "ssh" -Address "192.168.88.0/24"
# Create a new session using the new user's credential
$session = New-RouterOsSession -ComputerName $Computer -Port 2200 -Credential $Credential
# Remove the default user
Remove-RouterOsUser -Session $session -Name "admin" -Confirm:$false
# Create a bridge
Add-RouterOsInterfaceBridge -Session $session -Name $BridgeName
# Add Bridge Port
Add-RouterOsInterfaceBridgePort -Session $session -Interface "ether2" -Bridge $BridgeName
# Add IP Address
Add-RouterOsIpAddress -Session $session -Address "192.168.1.1/24" -Interface $BridgeName -Network "191.168.1.0"
# Createa an IP Pool
Add-RouterOsIpPool -Session $session -Name $DhcpPool -StartRange "192.168.1.50" -EndRange "192.168.1.253"
# Configure the network
Add-RouterOsIpDhcpServerNetwork -Session $session -Address "192.168.1.0/24" -DnsServer "192.168.1.1" -Gateway "192.168.1.1" -Domain "lab.local"
# Enable the dhcp server
Add-RouterOsIpDhcpServer -Session $session -AddressPool $DhcpPool -Disabled no -Interface $BridgeName -Name $DhcpName
# Configure NAT, In this case we'll use `masquerade` because we're connected via dhcp.
Add-RouterOsIpFirewallNat -Session $session -Chain "srcnat" -OutInterface $BridgeName -Action "masquerade"
}
End {
Remove-RouterOsSession -Session $session
}
/user add name=Administrator password="Ge9HD^zccG6SyZ4XtZLj" group=full
/ip service disable telnet,ftp,www,api
/ip service set ssh port=2200
/tool bandwidth-server set enabled=no
/ip service set ssh address=192.168.88.0/24
/user remove admin
/interface bridge add name=local
/interface bridge port add interface=ether2 bridge=local
/ip address add address=192.168.1.1/24 interface=local network=192.168.1.0
/ip pool add name=dhcp_pool ranges=192.168.1.50-192.168.1.253
/ip dhcp-server network add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 domain=lab.local
/ip dhcp-server add address-pool=dhcp_pool disabled=no interface=local name=dhcp
/ip firewall nat add chain=srcnat out-interface=local action=masquerade
NOTE
This PowerShell module is provided "as-is" without any guarantees or warranty. Use it at your own risk. The authors and contributors are not responsible for any damage or issues that may arise from using this module.
TROUBLESHOOTING NOTE
If a command is not behaving as expected, use the flag RawOutput
or ShowCommand
to see the RouterOS command being executed.
LICENSE
- This project is uder the MIT license.
KEYWORDS
- Mikrotik