API tools faq
paste
Advertisement
VincentBr

Router 2

VincentBr
May 31st, 2023
191
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.59 KB | None | 0 0
raw download clone embed print report
  1. # jun/01/2023 01:03:48 by RouterOS 7.7
  2. # software id =
  3. #
  4. /interface bridge
  5. add ingress-filtering=no name=bridge1 priority=0x1000 vlan-filtering=yes
  6. /interface ethernet
  7. set [ find default-name=ether1 ] name=ether1-LACP-RT1
  8. set [ find default-name=ether2 ] name=ether2-LACP-RT1
  9. set [ find default-name=ether3 ] name=ether3-LACP-SW1
  10. set [ find default-name=ether4 ] name=ether4-LACP-SW1
  11. set [ find default-name=ether5 ] name=ether5-LACP-SW2
  12. set [ find default-name=ether6 ] name=ether6-LACP-SW2
  13. set [ find default-name=ether7 ] name=ether7-VLAN10-Servers
  14. set [ find default-name=ether8 ] name=ether8-VLAN10-Servers
  15. set [ find default-name=ether9 ] name=ether9-VLAN10-Servers
  16. set [ find default-name=ether10 ] name=ether10-Management
  17. set [ find default-name=ether11 ] name=sfp-sfpplus1-WAN
  18. /interface vlan
  19. add interface=bridge1 mtu=1496 name=Cameras vlan-id=30
  20. add interface=bridge1 mtu=1496 name=Guest vlan-id=50
  21. add interface=bridge1 mtu=1496 name=Hosts vlan-id=20
  22. add interface=bridge1 mtu=1496 name=Management vlan-id=99
  23. add interface=bridge1 mtu=1496 name=Servers vlan-id=10
  24. add interface=bridge1 mtu=1496 name=WiFi vlan-id=40
  25. /interface bonding
  26. add mode=802.3ad name=LACP-RT1 slaves=ether1-LACP-RT1,ether2-LACP-RT1 \
  27. transmit-hash-policy=layer-2-and-3
  28. add mode=802.3ad name=LACP-SW1 slaves=ether3-LACP-SW1,ether4-LACP-SW1 \
  29. transmit-hash-policy=layer-2-and-3
  30. add mode=802.3ad name=LACP-SW2 slaves=ether5-LACP-SW2,ether6-LACP-SW2 \
  31. transmit-hash-policy=layer-2-and-3
  32. /interface vrrp
  33. add interface=Cameras mtu=1496 name="VRRP Cameras" priority=101 vrid=30
  34. add interface=Guest mtu=1496 name="VRRP Guest" priority=101 vrid=50
  35. add interface=Hosts mtu=1496 name="VRRP Hosts" priority=99 vrid=20
  36. add interface=Management mtu=1496 name="VRRP Management" priority=99 vrid=99
  37. add interface=Servers mtu=1496 name="VRRP Servers" priority=99 vrid=10
  38. add interface=WiFi mtu=1496 name="VRRP WiFi" priority=101 vrid=40
  39. /interface list
  40. add name=LAN
  41. add name=WAN
  42. /interface wireless security-profiles
  43. set [ find default=yes ] supplicant-identity=MikroTik
  44. /port
  45. set 0 name=serial0
  46. /interface bridge port
  47. add bridge=bridge1 interface=LACP-RT1
  48. add bridge=bridge1 interface=LACP-SW1
  49. add bridge=bridge1 interface=LACP-SW2
  50. add bridge=bridge1 interface=ether7-VLAN10-Servers pvid=10
  51. add bridge=bridge1 interface=ether8-VLAN10-Servers pvid=10
  52. add bridge=bridge1 interface=ether9-VLAN10-Servers pvid=10
  53. add bridge=bridge1 interface=ether10-Management pvid=99
  54. /interface bridge vlan
  55. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 vlan-ids=20
  56. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 vlan-ids=30
  57. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 vlan-ids=40
  58. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 vlan-ids=50
  59. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 untagged=\
  60. ether10-Management vlan-ids=99
  61. add bridge=bridge1 tagged=LACP-RT1,LACP-SW1,LACP-SW2,bridge1 untagged=\
  62. ether7-VLAN10-Servers,ether8-VLAN10-Servers,ether9-VLAN10-Servers \
  63. vlan-ids=10
  64. /interface list member
  65. add interface=sfp-sfpplus1-WAN list=WAN
  66. add interface=bridge1 list=LAN
  67. add interface="VRRP Hosts" list=LAN
  68. add interface="VRRP Servers" list=LAN
  69. add interface="VRRP Cameras" list=LAN
  70. add interface="VRRP Guest" list=LAN
  71. add interface="VRRP WiFi" list=LAN
  72. add interface=Hosts list=LAN
  73. add interface=Servers list=LAN
  74. add interface=Cameras list=LAN
  75. add interface=Guest list=LAN
  76. add interface=WiFi list=LAN
  77. add interface="VRRP Management" list=LAN
  78. add interface=Management list=LAN
  79. /ip address
  80. add address=192.168.10.20/24 interface=sfp-sfpplus1-WAN network=192.168.10.0
  81. add address=172.16.10.253/24 interface=Servers network=172.16.10.0
  82. add address=172.16.20.253/24 interface=Hosts network=172.16.20.0
  83. add address=172.16.30.253/24 interface=Cameras network=172.16.30.0
  84. add address=172.16.40.253/24 interface=WiFi network=172.16.40.0
  85. add address=172.16.50.253/24 interface=Guest network=172.16.50.0
  86. add address=172.16.99.253/24 interface=Management network=172.16.99.0
  87. add address=172.16.10.1 interface="VRRP Servers" network=172.16.10.1
  88. add address=172.16.20.1 interface="VRRP Hosts" network=172.16.20.1
  89. add address=172.16.30.1 interface="VRRP Cameras" network=172.16.30.1
  90. add address=172.16.40.1 interface="VRRP WiFi" network=172.16.40.1
  91. add address=172.16.50.1 interface="VRRP Guest" network=172.16.50.1
  92. add address=172.16.99.1 interface="VRRP Management" network=172.16.99.1
  93. /ip dhcp-relay
  94. add dhcp-server=172.16.10.12 disabled=no interface=Hosts name=Hosts
  95. add dhcp-server=172.16.10.12 disabled=no interface=WiFi name=Wifi
  96. add dhcp-server=172.16.10.12 disabled=no interface=Guest name=Guest
  97. /ip firewall address-list
  98. add address=192.168.10.150 list=Allowed
  99. add address=192.168.10.1 list=Allowed
  100. add address=172.16.50.0/24 list=Guest
  101. add address=172.16.20.0/24 list=Hosts
  102. add address=172.16.10.0/24 list=Servers
  103. add address=172.16.30.0/24 list=Cameras
  104. add address=172.16.40.0/24 list=Wifi
  105. add address=172.16.99.0/24 list=Management
  106. /ip firewall filter
  107. add action=accept chain=input comment=\
  108. "defconf: accept established,related,untracked" connection-state=\
  109. established,related,untracked
  110. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  111. invalid
  112. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  113. add action=accept chain=input comment=\
  114. "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  115. add action=accept chain=input comment=\
  116. "Winbox toelaten van WAN via specifiek IP adress" dst-port=8291 protocol=\
  117. tcp src-address-list=Allowed
  118. add action=accept chain=input comment=\
  119. "SNMP toelaten van WAN via specifiek IP adress" dst-port=161 protocol=udp \
  120. src-address-list=Allowed
  121. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
  122. in-interface-list=!LAN
  123. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  124. ipsec-policy=in,ipsec
  125. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  126. ipsec-policy=out,ipsec
  127. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  128. connection-state=established,related hw-offload=yes
  129. add action=accept chain=forward comment=\
  130. "defconf: accept established,related, untracked" connection-state=\
  131. established,related,untracked
  132. add action=drop chain=forward comment="defconf: drop invalid" \
  133. connection-state=invalid
  134. add action=accept chain=forward comment="accept hosts to servers" \
  135. dst-address-list=Servers src-address-list=Hosts
  136. add action=accept chain=forward comment="accept servers to hosts" \
  137. dst-address-list=Hosts src-address-list=Servers
  138. add action=accept chain=forward comment="accept wifi to servers" \
  139. dst-address-list=Servers src-address-list=Wifi
  140. add action=accept chain=forward comment="accept servers to wifi" \
  141. dst-address-list=Wifi src-address-list=Servers
  142. add action=accept chain=forward comment="accept wifi to hosts" \
  143. dst-address-list=Hosts src-address-list=Wifi
  144. add action=accept chain=forward comment="accept host to wifi" \
  145. dst-address-list=Wifi src-address-list=Hosts
  146. add action=accept chain=forward comment="accept management to LAN" \
  147. out-interface-list=LAN src-address-list=Management
  148. add action=reject chain=forward comment="drop cameras to WAN" \
  149. out-interface-list=WAN reject-with=icmp-admin-prohibited \
  150. src-address-list=Cameras
  151. add action=accept chain=forward comment="Accept LAN to WAN" \
  152. in-interface-list=LAN out-interface-list=WAN
  153. add action=accept chain=forward comment=\
  154. "defconf: accept all from WAN that is DSTNATed" connection-nat-state=\
  155. dstnat connection-state=new in-interface-list=WAN
  156. add action=reject chain=forward comment="drop all" reject-with=\
  157. icmp-admin-prohibited
  158. /ip firewall nat
  159. add action=masquerade chain=srcnat out-interface=sfp-sfpplus1-WAN
  160. add action=dst-nat chain=dstnat dst-port=5030 in-interface=sfp-sfpplus1-WAN \
  161. protocol=tcp to-addresses=172.16.99.30 to-ports=8291
  162. add action=dst-nat chain=dstnat dst-port=5040 in-interface=sfp-sfpplus1-WAN \
  163. protocol=tcp to-addresses=172.16.99.40 to-ports=8291
  164. add action=dst-nat chain=dstnat dst-port=30161 in-interface=sfp-sfpplus1-WAN \
  165. protocol=udp to-addresses=172.16.99.30 to-ports=161
  166. add action=dst-nat chain=dstnat dst-port=40161 in-interface=sfp-sfpplus1-WAN \
  167. protocol=udp to-addresses=172.16.99.40 to-ports=161
  168. /ip route
  169. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.10.2 \
  170. pref-src="" routing-table=main scope=30 suppress-hw-offload=no \
  171. target-scope=10
  172. /snmp
  173. set enabled=yes
  174. /system identity
  175. set name=MKT-RT2
  176.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!