API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 13th, 2019
252
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.86 KB | None | 0 0
raw download clone embed print report
  1. /ip address
  2. add address=10.100.0.1/24 interface=bridge network=10.100.0.0
  3.  
  4. /ip pool
  5. add name=dhcppool ranges=10.100.0.2-10.100.0.254
  6.  
  7. /ip dhcp-server network
  8. add address=10.100.0.0/24 dns-server=10.100.0.1 gateway=10.100.0.1 ntp-server=216.239.35.0,216.239.35.4,216.239.35.8,216.239.35.12
  9.  
  10. /ip dhcp-server
  11. add address-pool=dhcppool disabled=no interface=bridge lease-time=23h59m59s name=dhcpserver
  12.  
  13. /interface ethernet switch port
  14. set 0 default-vlan-id=100 vlan-mode=secure
  15. set 1 default-vlan-id=100 vlan-mode=secure
  16. set 2 default-vlan-id=100 vlan-mode=secure
  17. set 3 default-vlan-id=100 vlan-mode=secure
  18. set 4 default-vlan-id=100 vlan-mode=secure
  19. set 5 vlan-mode=secure
  20.  
  21. /interface ethernet switch vlan
  22. add independent-learning=no ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=100
  23. add independent-learning=no ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=101
  24. add independent-learning=no ports=ether1,ether2,ether3,ether4,ether5,switch1-cpu switch=switch1 vlan-id=102
  25.  
  26. /interface bridge port
  27. add bridge=bridge interface=VLAN100-TRUSTED
  28. add bridge=bridge interface=VLAN101-IOTINT
  29. add bridge=bridge interface=VLAN102-IOTEXT
  30.  
  31. /interface bridge settings
  32. set use-ip-firewall=yes
  33.  
  34. /interface vlan
  35. add interface=ether1 name=VLAN100-ether1 vlan-id=100
  36. add interface=ether2 name=VLAN100-ether2 vlan-id=100
  37. add interface=ether3 name=VLAN100-ether3 vlan-id=100
  38. add interface=ether4 name=VLAN100-ether4 vlan-id=100
  39. add interface=ether5 name=VLAN100-ether5 vlan-id=100
  40. add interface=ether1 name=VLAN101-ether1 vlan-id=101
  41. add interface=ether2 name=VLAN101-ether2 vlan-id=101
  42. add interface=ether3 name=VLAN101-ether3 vlan-id=101
  43. add interface=ether4 name=VLAN101-ether4 vlan-id=101
  44. add interface=ether5 name=VLAN101-ether5 vlan-id=101
  45. add interface=ether1 name=VLAN102-ether1 vlan-id=102
  46. add interface=ether2 name=VLAN102-ether2 vlan-id=102
  47. add interface=ether3 name=VLAN102-ether3 vlan-id=102
  48. add interface=ether4 name=VLAN102-ether4 vlan-id=102
  49. add interface=ether5 name=VLAN102-ether5 vlan-id=102
  50.  
  51. /interface list
  52. add name=VLAN100-TRUSTED
  53. add name=VLAN101-IOTINT
  54. add name=VLAN102-IOTEXT
  55.  
  56. /ip firewall filter
  57. add action=accept chain=input dst-address=10.100.0.1 dst-port=53 in-bridge-port-list=VLAN101-IOTINT protocol=udp
  58. add action=accept chain=input dst-address=10.100.0.1 in-bridge-port-list=VLAN101-IOTINT protocol=icmp
  59. add action=drop chain=input in-bridge-port-list=VLAN101-IOTINT
  60. add action=accept chain=forward dst-port=123 in-bridge-port-list=VLAN101-IOTINT out-interface=sfp1 protocol=udp
  61. add action=accept chain=forward connection-state=established,related in-bridge-port-list=VLAN101-IOTINT out-bridge-port-list=VLAN100-TRUSTED
  62. add action=drop chain=forward in-bridge-port-list=VLAN101-IOTINT
  63. add action=accept chain=input dst-address=10.100.0.1 dst-port=53 in-bridge-port-list=VLAN102-IOTEXT protocol=udp
  64. add action=accept chain=input dst-address=10.100.0.1 dst-port=53 in-bridge-port-list=VLAN102-IOTEXT protocol=tcp
  65. add action=accept chain=input dst-address=10.100.0.1 in-bridge-port-list=VLAN102-IOTEXT protocol=icmp
  66. add action=drop chain=input in-bridge-port-list=VLAN102-IOTEXT
  67. add action=accept chain=forward in-bridge-port-list=VLAN102-IOTEXT out-interface=sfp1
  68. add action=accept chain=forward connection-state=established,related in-bridge-port-list=VLAN102-IOTEXT out-bridge-port-list=VLAN100-TRUSTED
  69. add action=accept chain=forward dst-port=5353 in-bridge-port-list=VLAN102-IOTEXT out-bridge-port-list=VLAN100-TRUSTED protocol=udp
  70. add action=accept chain=forward in-bridge-port-list=VLAN102-IOTEXT out-bridge-port-list=VLAN100-TRUSTED protocol=tcp src-port=8008-8009
  71. add action=accept chain=forward dst-port=32400 in-bridge-port-list=VLAN102-IOTEXT out-bridge-port-list=VLAN100-TRUSTED protocol=tcp src-address-list=PlexApprovedDevices src-port=""
  72. add action=drop chain=forward in-bridge-port-list=VLAN102-IOTEXT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!