NZ Tik

When you have 100+ routers or servers you manage, it is a bit tedious to make a configuration change to all of them manually, especially when that change is exactly the same for all of them. There is tons of software for this scenario. I have used a few different ones in the past, but parallel-ssh (formerly pssh) is what I use for Mikrotik. Example: Need to enable and set primary and secondary ntp servers on 100 devices. First you need to create a text file with all your devices IP addresses, and optionally port and username. 10.10.10.1:22 10.10.10.2:22 10.10.10.3:22 save it as ips.txt for instance, and use the command bellow to blast commands to all listed devices. parallel-ssh -l admin -x "-o  StrictHostKeyChecking=no"  -A -h /home/sam/ips.txt -v -t 10 -o /home/sam "/system ntp client set mode=unicast enabled=yes primary-ntp=1.2.3.4 secondary-ntp=1.2.3.5" Explanation: -l      Specify the user here instead of txt file -A    Prompt for password

Although IPSec is an industry standard, there are a few gotchas that crop up when dealing with inter-vendor set ups. Especially involving Cisco. A couple of well known snags include the use of DPD -Cisco does not support this so turn it off. Dynamic policies - I personally like to specify my ipsec policies, but if you want to be able to initiate the tunnel, then this must be done. All you need to specify is the source and destination pairs, and 'untick' or disable Generate Policy. /ip ipsec peer  add address=172.16.2.2/32:500 secret=shhhh send-initial-contact=yes nat-traversal=no hash-algorithm=md5 enc-algorithm=3des auth-method=pre-shared-key dh-group=modp1024 generate-policy=no exchange-mode=main /ip ipsec policy add src-address=10.10.10.0/24:any dst-address=10.20.20.0/24:any sa-src-address=172.16.1.1 sa-dst-address=172.16.2.1 proposal=default disabled=no tunnel=yes src-address=10.10.10.0/24:any dst-address=10.30.30.0/24:any sa-src-address=172.16.1.1 sa-dst-addr