Monday, 15 February 2016

MikroTik Backup and Configuration Export

In this tutorial you will learn how can you make backup and exportation for the configuration of a MikroTik router.
Note: This tutorial assumes that the previous tutorials have been completed.

1. Accessing the MikroTik router (WebFig)

  • Login to browser at the address http://192.168.88.1/ with the admin user and the proper password.

2. MikroTik backup (encrypted)

  • To create a backup of MikroTik owner type go to the menu Files -> Backup.
  • MikroTik Backup
  • This type of backup is encrypted, and contains supplementary informations about the equipment (in addition to the configuration created by the administrator).
  • Once you named the backup, set a password for the decryption.
  • RouterOS backup settings
  • The advantage of this type of backup is represented by the backup security offered through encryption and by the fact that by restoring it will lead to the exact restoration of all the settings.
  • Note: the access passwords to router are saved in this type of backup, it is recommended the encryption of this backup.
  • The disadvantage of this type of backup is that it will work only on the same equipment where it was created, restoring it on other MikroTik equipments won’t work.
  • Once created, the backup is available in the menu Files as a file with the extension.backup that can be downloaded on the local computer.
  • MikroTik backup download
  • If you will open this file, you’ll see that it looks like a binary file from which you can not understand anything.

3. Backup of configuration export type

  • To create a backup of export type it is necessary the access to the MikroTik console.
  • To access the MikroTik console press the button New Terminal from the left side menu and a new window will open in your browser giving you access to the console.
  • Run the next command in console:
  • export file=my-backup
    MikroTik configuration export
  • This type of backup saves in a compact file and with passwords in clear, only the device configuration data (those set by the administrator).
  • The file will be in the menu Files, as a script with the extension .rsc that can be downloaded on the local computer.
  • Download MikroTik script
  • If you will open this file, you’ll notice an entire row of commands that can restore the MikroTik configuration and also all configuration passwords in clear (example: pppoe password for access to RDS).
  • Note: the equipment’s access passwords are not saved in this type of backup.
  • The advantage of this type of backup (exportation of configuration) is that it can be restored on almost any MikroTik equipment , not just the one where it was done.
  • The disadvantage is the security and also the fact that sometimes the restoration can be more difficult (example: if the interfaces have been renamed, on the equipment where the restoration is done, you have to rename the interfaces before the restoration, otherwise the restoration will fail).
  • At the same time it is noticeable that this backup is much smaller than the MikroTik owner backup.
  • If we want a complete backup, in clear and without saving the passwords , this can be done through an exportation of configuration verbose specifying do not save passwords.
  • To create a backup like this, of complete export type, run the next command in console:
  • export file=my-backup-verbose-no-passwords verbose hide-sensitive
    MikroTik verbose export
  • The created file will be much larger than the compact export, won’t contain any password, and will have all the equipment’s detailed configuration, in clear.
  • The backup file can be downloaded, same as the compact backup, as a file of script type with the extension .rsc
  • MikroTik download file