API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 19th, 2015
235
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.60 KB | None | 0 0
raw download clone embed print report
  1. [admin@MikroTik] > export
  2. # apr/19/2015 12:33:15 by RouterOS 6.27
  3. # software id = BLXX-VW13
  4. #
  5. /interface bridge
  6. add admin-mac=4C:5E:0C:7A:98:30 auto-mac=no name=bridge-internetonly
  7. add admin-mac=4C:5E:0C:7A:98:41 auto-mac=no mtu=1500 name=bridge-local
  8. /interface ethernet
  9. set [ find default-name=ether1 ] name=ether1-gateway
  10. set [ find default-name=ether2 ] name=ether2-master-local
  11. set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
  12. set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
  13. set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
  14. /ip neighbor discovery
  15. set ether1-gateway discover=no
  16. /interface wireless security-profiles
  17. add authentication-types=wpa2-eap eap-methods=eap-tls management-protection=allowed mode=dynamic-keys name=eap-tls supplicant-identity="" tls-certificate=dnet-ca tls-mode=verify-certificate
  18. add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=dnet wpa2-pre-shared-key=ihaterouters
  19. /interface wireless
  20. set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge security-profile=eap-tls ssid=dnet-eap
  21. add disabled=no l2mtu=1600 mac-address=4E:5E:0C:7A:98:45 master-interface=wlan1 name=wlan2 security-profile=dnet ssid=dnet
  22. /ip pool
  23. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
  24. add name=internetonly-dhcp ranges=192.168.50.10-192.168.50.254
  25. /ip dhcp-server
  26. add address-pool=default-dhcp disabled=no interface=bridge-local name=default
  27. add address-pool=internetonly-dhcp disabled=no interface=bridge-internetonly name=dhcp-internetonly
  28. /interface bridge port
  29. add bridge=bridge-local interface=ether2-master-local
  30. add bridge=bridge-local interface=wlan1
  31. add bridge=bridge-internetonly interface=wlan2
  32. /ip address
  33. add address=192.168.88.1/24 comment="default configuration" interface=bridge-local network=192.168.88.0
  34. add address=192.168.50.1/24 interface=bridge-internetonly network=192.168.50.0
  35. /ip dhcp-client
  36. add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
  37. /ip dhcp-server network
  38. add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
  39. add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
  40. /ip dns
  41. set allow-remote-requests=yes servers=2001:4860:4860::8888
  42. /ip dns static
  43. add address=192.168.88.1 name=router
  44. /ip firewall filter
  45. add chain=input comment="default configuration" protocol=icmp
  46. add chain=input comment="default configuration" connection-state=established
  47. add chain=input comment="default configuration" connection-state=related
  48. add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
  49. add chain=forward comment="default configuration" connection-state=established
  50. add chain=forward comment="default configuration" connection-state=related
  51. add action=drop chain=forward comment="default configuration" connection-state=invalid
  52. /ip firewall nat
  53. add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
  54. /ip ipsec policy
  55. set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
  56. /ip proxy
  57. set cache-path=web-proxy1
  58. /ipv6 address
  59. add address=2604:6000:100a:8e::2 disabled=yes interface=bridge-internetonly
  60. add address=2604:6000:100a:8e::1 interface=bridge-local
  61. /ipv6 dhcp-client
  62. add add-default-route=yes interface=ether1-gateway pool-name=ipv6dhcp prefix-hint=::/64
  63. /ipv6 firewall filter
  64. add chain=forward
  65. add chain=output
  66. add chain=input
  67. add action=reject chain=forward connection-state=new in-interface=ether1-gateway out-interface=bridge-local reject-with=icmp-port-unreachable
  68. add action=reject chain=input in-interface=ether1-gateway reject-with=icmp-port-unreachable
  69. add action=drop chain=forward connection-state=invalid in-interface=ether1-gateway
  70. add action=drop chain=input connection-state=invalid in-interface=ether1-gateway
  71. /system clock
  72. set time-zone-autodetect=no time-zone-name=America/New_York
  73. /system leds
  74. set 5 interface=wlan1
  75. /tool mac-server
  76. set [ find default=yes ] disabled=yes
  77. add interface=ether2-master-local
  78. add interface=ether3-slave-local
  79. add interface=ether4-slave-local
  80. add interface=ether5-slave-local
  81. add interface=wlan1
  82. add interface=bridge-local
  83. /tool mac-server mac-winbox
  84. set [ find default=yes ] disabled=yes
  85. add interface=ether2-master-local
  86. add interface=ether3-slave-local
  87. add interface=ether4-slave-local
  88. add interface=ether5-slave-local
  89. add interface=wlan1
  90. add interface=bridge-local
  91. [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!