Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # mar/11/2021 02:10:48 by RouterOS 6.48.1
- # software id = R3KG-R4TR
- #
- # model = CRS328-24P-4S+
- # serial number = D7610CBB0426
- /interface ethernet
- set [ find default-name=ether8 ] comment=ap3
- set [ find default-name=ether10 ] comment=3.2
- set [ find default-name=ether12 ] comment=4.1
- set [ find default-name=ether21 ] comment=ap4
- set [ find default-name=ether22 ] comment=ap1
- set [ find default-name=ether23 ] comment=sw2
- set [ find default-name=ether24 ] comment=router
- /interface bridge
- add admin-mac=48:8F:5A:6D:D0:AA auto-mac=no name=bridge pvid=70 vlan-filtering=yes
- /interface vlan
- add comment=voip interface=bridge loop-protect=on name=vlan50.bridge vlan-id=50
- add comment="mgmt vlan" interface=bridge loop-protect=on name=vlan70.bridge vlan-id=70
- /interface list add name=discovery
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /system logging action set 0 memory-lines=10001
- /user group
- set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
- sword,web,sniff,sensitive,api,romon,dude,tikapp"
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether1
- add bridge=bridge comment=defconf interface=ether2
- add bridge=bridge comment=defconf interface=ether3
- add bridge=bridge comment=defconf interface=ether4
- add bridge=bridge comment=defconf interface=ether5
- add bridge=bridge comment=defconf interface=ether6
- add bridge=bridge comment=defconf interface=ether7
- add bridge=bridge comment=defconf interface=ether8
- add bridge=bridge comment=defconf interface=ether9
- add bridge=bridge comment=defconf hw=no interface=ether10 #disabled to view traffic
- add bridge=bridge comment=defconf interface=ether11
- add bridge=bridge comment=defconf interface=ether12
- add bridge=bridge comment=defconf interface=ether13
- add bridge=bridge comment=defconf interface=ether14
- add bridge=bridge comment=defconf interface=ether15
- add bridge=bridge comment=defconf interface=ether16
- add bridge=bridge comment=defconf interface=ether17
- add bridge=bridge comment=defconf interface=ether18
- add bridge=bridge comment=defconf interface=ether19
- add bridge=bridge comment=defconf interface=ether20
- add bridge=bridge comment=defconf interface=ether21
- add bridge=bridge comment=defconf interface=ether22
- add bridge=bridge comment=defconf interface=ether23
- add bridge=bridge comment=defconf interface=ether24
- add bridge=bridge comment=defconf interface=sfp-sfpplus1
- add bridge=bridge comment=defconf interface=sfp-sfpplus2
- add bridge=bridge comment=defconf interface=sfp-sfpplus3
- add bridge=bridge comment=defconf interface=sfp-sfpplus4
- /ip neighbor discovery-settings set discover-interface-list=discovery
- /interface bridge vlan
- add bridge=bridge tagged=bridge,ether24,ether23,ether22,ether21,ether8 \
- vlan-ids=70
- add bridge=bridge tagged="ether1,ether2,ether3,ether4,ether5,ether6,ether7,eth\
- er8,ether9,ether10,ether11,ether12,ether13,ether14,ether15,ether16,ether17\
- ,ether18,ether19,ether20,ether21,ether22,ether23,ether24,bridge" \
- vlan-ids=50
- /interface list member
- add interface=vlan70.bridge list=discovery
- add disabled=yes interface=bridge list=discovery
- /ip address
- add address=192.168.70.2/27 interface=vlan70.bridge network=192.168.70.0
- add address=192.168.50.11/26 interface=vlan50.bridge network=192.168.50.0
- /ip dhcp-client
- add interface=bridge
- add interface=vlan50.bridge
- /ip dns set servers=192.168.10.1
- /ip firewall address-list
- add address=192.168.90.1 list=trusted
- add address=192.168.80.1 list=trusted
- add address=192.168.70.0/27 list=trusted
- add address=192.168.10.0/25 list=trusted
- add address=192.168.30.128/25 list=trusted
- /ip firewall filter
- add action=passthrough chain=input
- add action=accept chain=input disabled=yes src-address-list=trusted
- add action=accept chain=input connection-state=established,related disabled=yes
- add action=accept chain=input disabled=yes dst-port=5678 in-interface=vlan70.bridge protocol=udp src-port=5678
- add action=passthrough chain=forward disabled=yes
- add action=accept chain=output disabled=yes dst-port=5678 out-interface=vlan70.bridge protocol=udp src-port=5678
- add action=drop chain=output disabled=yes dst-port=5678 protocol=udp src-port=5678
- add action=drop chain=input disabled=yes
- /ip route add distance=1 gateway=192.168.70.1
- /ip service
- set telnet disabled=yes
- set ftp disabled=yes
- set www disabled=yes
- set ssh disabled=yes
- set api disabled=yes
- set winbox port=7680
- set api-ssl disabled=yes
- /snmp set enabled=yes trap-generators="" trap-target=192.168.90.1 trap-version=2
- /system clock set time-zone-name=Europe/Moscow
- /system identity set name=switch_upper
- /system ntp client set enabled=yes primary-ntp=5.39.184.12 secondary-ntp=64.99.80.121 server-dns-names=pool.ntp.org
- /system routerboard settings set boot-os=router-os
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement