Skip to content

PSRouterOS

pwsh This PowerShell module streamlines the administration of RouterOS devices, enabling automated configuration for efficient setup. Ideal for release pipelines, it simplifies device management and ensures consistent deployment. This project is a work in progress, and more functionality will be added in the future.

SHORT DESCRIPTION

Administration of RouterOS (MikroTik) devices.

Command Naming Convention

The cmdlets follow the naming convention of the RouterOS commands path. For instance, the command /ip/route/print becomes Get-RouterOsIpRoute All cmdlets support a Session or Credential + ComputerName

Command Comparison

RouterOS CLI

Print
/ip/route/print
Add
/ip/route/add
Set
/ip/route/set
Remove
/ip/route/remove

Powershell

Get
Get-RouterOsIpRoute
Add
Add-RouterOsIpRoute
Set
Set-RouterOsIpRoute
Remove
Remove-RouterOsIpRoute

EXAMPLES

An example of how to setup a simple Lan network.

Reset your device

Make sure to Reset your system before starting the configuration

# Empty string as the default password
$Default = $([pscredential]::New('admin',(ConvertTo-SecureString -String [string]::Empty -AsPlainText -Force)))
$Params = @{
    ComputerName = '192.168.88.10'
    Port         = 22
    Credential   = $Default
    Confirm      = $false
    SkipBackup   = $true
    NoDefaults   = $true
}
Reset-RouterOsSystemConfig @Params
/system reset-configuration no-defaults=yes skip-backup=yes

Example

Invoke-RouterOsConfig.ps1
Begin {
    $Username = "Administrator"
    $Password = "Ge9HD^zccG6SyZ4XtZLj"
    $SecurePassword = $(ConvertTo-SecureString -String $Password -AsPlainText -Force)
    $Credential = $([pscredential]::New($Username,$SecurePassword))
    # Empty string as password
    $Default = $([pscredential]::New('admin',(ConvertTo-SecureString -String [string]::Empty -AsPlainText -Force)))
    $Computer = '192.168.88.10'
    $BridgeName = "local"
    $DhcpPool = "dhcp_pool"
    $DhcpName = "dhcp"
}
Process {
    # Add a new user to replace the default user and give it full access
    Add-RouterOsUser -ComputerName $Computer -Port 22 -Credential $Default -Name $Username -Password $SecurePassword -Group full

    # Disable insecure services
    Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "telnet","ftp","www","api" -Disabled yes

    # Change default ssh port
    Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "ssh" -ServicePort 2200

    # Disable Bandwidth tools
    Set-RouterOsToolBandwidthServer -ComputerName $Computer -Port 22 -Credential $Default -Enabled "no"

    # Allow access from the management network
    Set-RouterOsIpService -ComputerName $Computer -Port 22 -Credential $Default -Name "ssh" -Address "192.168.88.0/24"

    # Create a new session using the new user's credential
    $session = New-RouterOsSession -ComputerName $Computer -Port 2200 -Credential $Credential

    # Remove the default user
    Remove-RouterOsUser -Session $session -Name "admin" -Confirm:$false

    # Create a bridge
    Add-RouterOsInterfaceBridge -Session $session -Name $BridgeName

    # Add Bridge Port
    Add-RouterOsInterfaceBridgePort -Session $session -Interface "ether2" -Bridge $BridgeName

    # Add IP Address
    Add-RouterOsIpAddress -Session $session -Address "192.168.1.1/24" -Interface $BridgeName -Network "191.168.1.0"

    # Createa an IP Pool
    Add-RouterOsIpPool -Session $session -Name $DhcpPool -StartRange "192.168.1.50" -EndRange "192.168.1.253"

    # Configure the network
    Add-RouterOsIpDhcpServerNetwork -Session $session -Address "192.168.1.0/24" -DnsServer "192.168.1.1" -Gateway "192.168.1.1" -Domain "lab.local"

    # Enable the dhcp server
    Add-RouterOsIpDhcpServer -Session $session -AddressPool $DhcpPool -Disabled no -Interface $BridgeName -Name $DhcpName

    # Configure NAT, In this case we'll use `masquerade` because we're connected via dhcp.
    Add-RouterOsIpFirewallNat -Session $session -Chain "srcnat" -OutInterface $BridgeName -Action "masquerade"
}
End {
    Remove-RouterOsSession -Session $session
}
/user add name=Administrator password="Ge9HD^zccG6SyZ4XtZLj" group=full
/ip service disable telnet,ftp,www,api
/ip service set ssh port=2200
/tool bandwidth-server set enabled=no
/ip service set ssh address=192.168.88.0/24
/user remove admin
/interface bridge add name=local
/interface bridge port add interface=ether2 bridge=local
/ip address add address=192.168.1.1/24 interface=local network=192.168.1.0
/ip pool add name=dhcp_pool ranges=192.168.1.50-192.168.1.253
/ip dhcp-server network add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 domain=lab.local
/ip dhcp-server add address-pool=dhcp_pool disabled=no interface=local name=dhcp
/ip firewall nat add chain=srcnat out-interface=local action=masquerade

NOTE

This PowerShell module is provided "as-is" without any guarantees or warranty. Use it at your own risk. The authors and contributors are not responsible for any damage or issues that may arise from using this module.

TROUBLESHOOTING NOTE

If a command is not behaving as expected, use the flag RawOutput or ShowCommand to see the RouterOS command being executed.

LICENSE

  • This project is uder the MIT license.

KEYWORDS

  • Mikrotik