Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [admin@MikroTik] > export
- # apr/19/2015 12:33:15 by RouterOS 6.27
- # software id = BLXX-VW13
- #
- /interface bridge
- add admin-mac=4C:5E:0C:7A:98:30 auto-mac=no name=bridge-internetonly
- add admin-mac=4C:5E:0C:7A:98:41 auto-mac=no mtu=1500 name=bridge-local
- /interface ethernet
- set [ find default-name=ether1 ] name=ether1-gateway
- set [ find default-name=ether2 ] name=ether2-master-local
- set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
- set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
- set [ find default-name=ether5 ] master-port=ether2-master-local name=ether5-slave-local
- /ip neighbor discovery
- set ether1-gateway discover=no
- /interface wireless security-profiles
- add authentication-types=wpa2-eap eap-methods=eap-tls management-protection=allowed mode=dynamic-keys name=eap-tls supplicant-identity="" tls-certificate=dnet-ca tls-mode=verify-certificate
- add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=dnet wpa2-pre-shared-key=ihaterouters
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-onlyn channel-width=20/40mhz-Ce disabled=no distance=indoors frequency=auto l2mtu=1600 mode=ap-bridge security-profile=eap-tls ssid=dnet-eap
- add disabled=no l2mtu=1600 mac-address=4E:5E:0C:7A:98:45 master-interface=wlan1 name=wlan2 security-profile=dnet ssid=dnet
- /ip pool
- add name=default-dhcp ranges=192.168.88.10-192.168.88.254
- add name=internetonly-dhcp ranges=192.168.50.10-192.168.50.254
- /ip dhcp-server
- add address-pool=default-dhcp disabled=no interface=bridge-local name=default
- add address-pool=internetonly-dhcp disabled=no interface=bridge-internetonly name=dhcp-internetonly
- /interface bridge port
- add bridge=bridge-local interface=ether2-master-local
- add bridge=bridge-local interface=wlan1
- add bridge=bridge-internetonly interface=wlan2
- /ip address
- add address=192.168.88.1/24 comment="default configuration" interface=bridge-local network=192.168.88.0
- add address=192.168.50.1/24 interface=bridge-internetonly network=192.168.50.0
- /ip dhcp-client
- add comment="default configuration" dhcp-options=hostname,clientid disabled=no interface=ether1-gateway
- /ip dhcp-server network
- add address=192.168.50.0/24 dns-server=192.168.50.1 gateway=192.168.50.1
- add address=192.168.88.0/24 comment="default configuration" dns-server=192.168.88.1 gateway=192.168.88.1
- /ip dns
- set allow-remote-requests=yes servers=2001:4860:4860::8888
- /ip dns static
- add address=192.168.88.1 name=router
- /ip firewall filter
- add chain=input comment="default configuration" protocol=icmp
- add chain=input comment="default configuration" connection-state=established
- add chain=input comment="default configuration" connection-state=related
- add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
- add chain=forward comment="default configuration" connection-state=established
- add chain=forward comment="default configuration" connection-state=related
- add action=drop chain=forward comment="default configuration" connection-state=invalid
- /ip firewall nat
- add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
- /ip ipsec policy
- set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
- /ip proxy
- set cache-path=web-proxy1
- /ipv6 address
- add address=2604:6000:100a:8e::2 disabled=yes interface=bridge-internetonly
- add address=2604:6000:100a:8e::1 interface=bridge-local
- /ipv6 dhcp-client
- add add-default-route=yes interface=ether1-gateway pool-name=ipv6dhcp prefix-hint=::/64
- /ipv6 firewall filter
- add chain=forward
- add chain=output
- add chain=input
- add action=reject chain=forward connection-state=new in-interface=ether1-gateway out-interface=bridge-local reject-with=icmp-port-unreachable
- add action=reject chain=input in-interface=ether1-gateway reject-with=icmp-port-unreachable
- add action=drop chain=forward connection-state=invalid in-interface=ether1-gateway
- add action=drop chain=input connection-state=invalid in-interface=ether1-gateway
- /system clock
- set time-zone-autodetect=no time-zone-name=America/New_York
- /system leds
- set 5 interface=wlan1
- /tool mac-server
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface=ether3-slave-local
- add interface=ether4-slave-local
- add interface=ether5-slave-local
- add interface=wlan1
- add interface=bridge-local
- /tool mac-server mac-winbox
- set [ find default=yes ] disabled=yes
- add interface=ether2-master-local
- add interface=ether3-slave-local
- add interface=ether4-slave-local
- add interface=ether5-slave-local
- add interface=wlan1
- add interface=bridge-local
- [admin@MikroTik] >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement