...
Configuration Undo and Redo
Any action done in the GUI or any command executed from the CLI is recorded in in /system history
. You can undo or redo any action by running undo or redo commands from the CLI or by clicking on Undo, and Redo buttons from the GUI.
...
We have added a firewall rule and in /system history
we can see all that is being was done.
Let's undo everything:
...
System history is capable of showing exact CLI commands that will be executed during "Undo" or "Redo" actions even if we perform the action from GUI, for example, detailed history output after adding TCP accept rule from WinBox:
...
It is sometimes possible to change router configuration in a way that will make the router inaccessible (except from the local console). Usually, this is done by accident, but there is no way to undo the last change when the connection to the router is already cut. Safe mode can be used to minimize such risk.
...
Now, if the telnet connection (or winbox WinBox terminal) is cut, then after a while (TCP timeout is 9 minutes) all changes that were made while in safe mode will be undone. Exiting session by [Ctrl]+[D] also undoes all safe mode changes, while /quit does not.
...
If too many changes are made while in safe mode, and there's no room in history to hold them all (currently history keeps up to 100 most recent actions), then the session is automatically put out of the safe mode, and no changes are automatically undone. Thus, it is best to change the configuration in small steps, while in safe mode. Pressing [Ctrl]+[X] twice is an easy way to empty the safe mode action list.
System Backup and Restore
...
An export command can be executed from each individual menu (resulting in configuration export only from this specific menu and all its sub-menus) or from the root menu for complete config export and is available for CLI only.
...
The following command parameters are accepted:
Property | Description |
---|---|
compact | Output only modified configuration, the default behavior |
file | Export configuration to a specified file. When the file is not specified export output will be printed to the terminal |
show-sensitive (yes|no; Default: no). RouterOS version 7 only hide-sensitive (yes|no; Default: no). RouterOS version 6 only | Show sensitive information, like passwords, keys, etc. Hide sensitive information, like passwords, keys, etc. |
terse | With this parameter, the export command will output only configuration parameters, without defaults. |
verbose | With this parameter, the export command will output whole configuration parameters and items including defaults. |
For example, export configuration from /ip address
the menu and save it to a file:
Code Block | ||
---|---|---|
| ||
[admin@MikroTik] > /ip address print Flags: X - disabled, I - invalid, D - dynamic # ADDRESS NETWORK BROADCAST INTERFACE 0 10.1.0.172/24 10.1.0.0 10.1.0.255 bridge1 1 10.5.1.1/24 10.5.1.0 10.5.1.255 ether1 [admin@MikroTik] > /ip address export file=address [admin@MikroTik] > /file print # NAME TYPE SIZE CREATION-TIME 0 address.rsc script 315 dec/23/2003 13:21:48 [admin@MikroTik] > |
By default, the export command writes only user-edited configuration, RouterOS defaults are omitted.
...
Code Block | ||
---|---|---|
| ||
[admin@rack1_b4] /ip ipsec policy> print Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default 0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes [admin@rack1_b4] /ip ipsec policy> export # apr/02/1970 17:59:14 by RouterOS 6.22 # software id = DB0D-LK67 # [admin@rack1_b4] /ip ipsec policy> set 0 protocol=gre [admin@rack1_b4] /ip ipsec policy> export # apr/02/1970 17:59:30 by RouterOS 6.22 # software id = DB0D-LK67 # /ip ipsec policy set 0 protocol=gre |
Info | ||
---|---|---|
| ||
The * flag, it indicates that the entry is system default and cannot be removed manually. |
...
Warning |
---|
If some specific menu will not be able to respond to the export command, starting from the RouterOS v7.11, an error message will be printed out in the export command output after a timeout ("#error exporting "/xxx" (timeout)") and the process will move on to the next menu. |
Starting from the RouterOS 7.13, where command is allowed to export you can export parts of a specific menu. For instance, it is possible to export a specific address-list among multiple address-lists on your router.
...
Import command allows to specify the following parameters:
Property | Description |
---|---|
from-line | Start executing the script from the specified line number |
file-name | Name of the script (.rsc) file to be executed. |
verbose | Reads each line from the file and executes individually, allowing to debug syntax or other errors more easily. |
Tip |
---|
In the event that If the device has a default or existing configuration that requires replacement, it is necessary to initiate a configuration reset. This involves applying a clean, empty configuration using the command /system/reset-configuration no-defaults=yes, followed by a device reboot. |
...
Things that should be removed from export files that were created with "/export", before attempting import on a new device.
- Interface renaming is in conflict conflicts with the default ethernet naming scheme.
Code Block | ||
---|---|---|
| ||
/interface ethernet set [ find default-name=ether5 ] auto-negotiation=no name=ether1-gateway set [ find default-name=ether6 ] name=ether2 set [ find default-name=ether7 ] name=ether3 set [ find default-name=ether8 ] name=ether4 set [ find default-name=ether1 ] name=ether5 set [ find default-name=ether2 ] name=ether6 set [ find default-name=ether3 ] name=ether7 set [ find default-name=ether4 ] name=ether8 |
- In older version exports versions "export" default entries might show with "add" instead of the "set" command. That should be edited before import to avoid errors.
- Check if the total number of physical interfaces count matches the new and old devices. If there will are some missing that will end up in error during .rsc import.
...
- Reset the configuration on that device.
- Run the import command again with the "verbose=yes" argument. It will stop also stop the import process on a problem that you already encountered, but will also show the place where the export failed. This way shows you the place where things need to be edited in the .rsc import file.
...
Tip |
---|
The backup file of the existing configuration is stored before reset. That way you can easily restore any previous configuration if the reset is done by mistake. |
Warning |
---|
If the router has been was installed using Netinstall and had a script specified as the initial configuration, the reset command executes this script after purging the configuration. To stop it from doing so, you will have to reinstall the router. |
...
Property | Description | ||
---|---|---|---|
keep-users | Do not remove existing users from the configuration | ||
no-defaults | Do not load the default configuration, just clear the configuration | ||
skip-backup | Skip automatic backup file generation before reset | ||
run-after-reset | Run specified .rsc file after reset. That way you can load your custom configuration.
|
...
|
For example hard reset configuration without loading default config and skipping backup file:
...