The VAR Enforcer management Portal generates one of two types of Install scripts to create either a “Standard Enforcer” or a “Bolt-On Enforcer” This documents explains the difference, and how to download each of them.
A standard LucidView Enforcer is created from blank state using a Standard Enforcer script from the LucidView VAR Portal. All configuration settings are made according to the Portal, including IP addresses. (i.e. a Standard Enforcer should not be configured directly via Mikrotik Router Configuration Interface once birthed. )
- A “Standard Enforcer Script” must never be installed onto a Mikrotik router that is already installed into a network, as all existing configurations are wiped and the IP addresses will be changed on the said Mikrotik router.
The LucidView Enforcer Bolt-On solution caters for existing Mikrotik routers installations that will benefit from the Content Filter and Reporting provided by LucidView. The Bolt-On script does not change the Mikrotik routers network configuration, however it does redirect DNS traffic (See below for more details) The Bolt-On solution only adds the Content filter and Reporting features to the Mikrotik router.
- The Mikrotik Router must be first be installed into the network, have Internet access, and carry Internet traffic. This install script does not change the IP address configurations.
To make a “Standard Enforcer” select the Enforcer Type as one of the “e” models in the Portal:
- e20 is for Mikrotik router model RB941-2nD
- e50 is for Mikrotik router model RB951Ui-2HnD
- e100 is for Mikrotik router model RB750r2
A Standard Enforcer does have very basic IP configuration options, configured via the Enforcer Portal GUI, however these basic IP configuration options are limited in that the Standard Enforcer can only be installed in a network described in the Install Guide.
This Standard Enforcer install script requires that the Mikrotik router to be wiped. This can be accomplished by following these steps.
- Generate a Bolt-On install script for the new LucidView Enforcer on the Portal. You will need to supply the Mikrotik router Serial number. Download the install script from the Portal and store locally on your machine.
- Connect to the Mikrotik router on its MAC address on port 2. (Note that it is important to use the MAC address, regardless of whether it currently has an IP address, as it will change during the install.)
- Once connected using Winbox, click on ‘System’ -> ‘Reset Configuration.’
- In the Reset Configuration dialog, select ‘No default configuration’ and ‘Do not backup’ and click on ‘Reset Configuration. This will clear the Mikrotik router of all configuration entries. From this point on it is only possible to connect to the Mikrotik router via its MAC address.
- The reset process reboots the Mikrotik router. Once it has rebooted completely, connect again on its MAC address on port 2.
- There are two options to apply the LucidView Standard Enforcer install script.
- Open a Terminal on the Mikrotik router in Winbox. Copy and paste the content of the LucidView Standard Enforcer script into the Terminal. This will apply the changes and allow you to follow the process as it runs through the Standard Enforcer script.
- Upload the LucidView Enforcer script by clicking on ‘Files’ and ‘Upload…’ Once the Standard Enforcer script has been uploaded to the Mikrotik router, execute in a terminal on Winbox the following command ‘/import <enforcer script>’ Replace <enforcer script> with the name of the downloaded script, e.g., ‘/import 4rg9d74.rsc’
Monitor for any error messages while applying the script. If an error has occurred, reset the device and try again.
Please note that this script will completely re-configure the Mikrotik router. Do not use this script on installed, configured or productions Mikrotik routers.
The serial Number of the Mikrotik Router needs to be provided to Generate this Script.
- Bolt-On Enforcer (bolt-on or bolt-on with wifi)
This is the option for a Mikrotik router that has already been installed, with Internet traffic flowing through it.
The Bolt-On Enforcer does not have any IP configuration options via the Portal GUI, as the Mikrotik router has already been installed and configured.
However, when generating the Bolt-On script you are prompted to provide the Internal IP address of the Mikrotik router. This is because the Bolt-On script sets up your Miktrotik as a DNS server, AND firewall rules are added to intercept DNS requests, and route to the said Mikrotik router. – This is clearly commented in the Install script.
The Bolt-On Enforcer does not have any “Fair Share” shaping options via the Portal GUI, as the Mikrotik router has already been installed. However, this can be enabled, if the said Mikrotik Router has the connect Queues configured on it. Contact LucidView for assistance in this regard.
The serial Number AND Internal IP address of the configured Mikrotik router needs to be provided to generate the Bolt-On Install Script.
- To install the Bolt-On functionality on your Mikrotik router. generate a configuration script but specify “Bolt-On” or “Bolt-On with WiFi” for the Enforcer device type. Note this script should run on all Mikrotik hardware. Selecting this Enforcer type will also disable the IP configuration option in the Portal GUI for the particular Enforcer.
- Download the Bolt-On configuration script from the Portal and store on your local machine.
- There are two options for running the script.
- Connect to your Mikrotik router with your preferred method, such as Winbox or ssh. Copy and paste the script into the terminal and watch for errors.
- Alternatively, copy the script to the Mikrotik router and instruct the Mikrotik router to run the Bolt-On script with ‘/import <script name>’