Advertisement
mtu1513

MikroTik default configuration script

Mar 21st, 2018
1,475
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.93 KB | None | 0 0
  1. :global ssid;
  2. #| RouterMode:
  3. #| * WAN port is protected by firewall and enabled DHCP client
  4. #| * Wireless and Ethernet interfaces (except WAN port ether1)
  5. #| are part of LAN bridge
  6. #| wlan1 Configuration:
  7. #| mode: ap-bridge;
  8. #| band: 2ghz-b/g/n;
  9. #| ht-chains: 0,1;
  10. #| ht-extension: 20/40mhz-Ce;
  11. #| LAN Configuration:
  12. #| IP address 192.168.88.1/24 is set on bridge (LAN port)
  13. #| DHCP Server: enabled;
  14. #| WAN (gateway) Configuration:
  15. #| gateway: ether1 ;
  16. #| ip4 firewall: enabled;
  17. #| NAT: enabled;
  18. #| DHCP Client: enabled;
  19. #| DNS: enabled;
  20.  
  21. :log info Starting_defconf_script_;
  22. #-------------------------------------------------------------------------------
  23. # Apply configuration.
  24. # these commands are executed after installation or configuration reset
  25. #-------------------------------------------------------------------------------
  26. :if ($action = "apply") do={
  27. # wait for interfaces
  28. :local count 0;
  29. :while ([/interface ethernet find] = "") do={
  30. :if ($count = 30) do={
  31. :log warning "DefConf: Unable to find ethernet interfaces";
  32. /quit;
  33. }
  34. :delay 1s; :set count ($count +1);
  35. };
  36.  
  37. :local count 0;
  38. :while ([/interface wireless print count-only] < 1) do={
  39. :set count ($count +1);
  40. :if ($count = 40) do={
  41. :log warning "DefConf: Unable to find wireless interface(s)";
  42. /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
  43. /quit
  44. }
  45. :delay 1s;
  46. };
  47. /interface wireless {
  48. set wlan1 mode=ap-bridge band=2ghz-b/g/n tx-chains=0,1 rx-chains=0,1 \
  49. disabled=no wireless-protocol=802.11 distance=indoors
  50. :local wlanMac [/interface wireless get wlan1 mac-address];
  51. :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
  52. set wlan1 ssid=$ssid
  53. set wlan1 frequency=auto
  54. set wlan1 channel-width=20/40mhz-Ce ;
  55. }
  56. /interface list add name=WAN comment="defconf"
  57. /interface list add name=LAN comment="defconf"
  58. /interface bridge
  59. add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
  60. :local bMACIsSet 0;
  61. :foreach k in=[/interface find where !(slave=yes || name~"ether1" || name~"bridge")] do={
  62. :local tmpPortName [/interface get $k name];
  63. :log info "port: $tmpPortName"
  64. :if ($bMACIsSet = 0) do={
  65. :if ([/interface get $k type] = "ether") do={
  66. /interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
  67. :set bMACIsSet 1;
  68. }
  69. }
  70. /interface bridge port
  71. add bridge=bridge interface=$tmpPortName comment=defconf;
  72. }
  73. /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
  74. /ip dhcp-server
  75. add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
  76. /ip dhcp-server network
  77. add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
  78. /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
  79. /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
  80. /interface list member add list=LAN interface=bridge comment="defconf"
  81. /interface list member add list=WAN interface=ether1 comment="defconf"
  82. /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
  83. /ip firewall {
  84. filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
  85. filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
  86. filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
  87. filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
  88. filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
  89. filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
  90. filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
  91. filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
  92. filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
  93. filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
  94. }
  95. /ip neighbor discovery-settings set discover-interface-list=LAN
  96. /tool mac-server set allowed-interface-list=LAN
  97. /tool mac-server mac-winbox set allowed-interface-list=LAN
  98. /ip dns {
  99. set allow-remote-requests=yes
  100. static add name=router.lan address=192.168.88.1
  101. }
  102.  
  103. }
  104. #-------------------------------------------------------------------------------
  105. # Revert configuration.
  106. # these commands are executed if user requests to remove default configuration
  107. #-------------------------------------------------------------------------------
  108. :if ($action = "revert") do={
  109. /user set admin password=""
  110. /system routerboard mode-button set enabled=no
  111. /system routerboard mode-button set on-event=""
  112. /system script remove [find comment~"defconf"]
  113. /ip firewall filter remove [find comment~"defconf"]
  114. /ip firewall nat remove [find comment~"defconf"]
  115. /interface list member remove [find comment~"defconf"]
  116. /interface detect-internet set detect-interface-list=none
  117. /interface detect-internet set lan-interface-list=none
  118. /interface detect-internet set wan-interface-list=none
  119. /interface detect-internet set internet-interface-list=none
  120. /interface list remove [find comment~"defconf"]
  121. /tool mac-server set allowed-interface-list=all
  122. /tool mac-server mac-winbox set allowed-interface-list=all
  123. /ip neighbor discovery-settings set discover-interface-list=!dynamic
  124. :local o [/ip dhcp-server network find comment="defconf"]
  125. :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
  126. :local o [/ip dhcp-server find name="defconf" !disabled]
  127. :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
  128. /ip pool {
  129. :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
  130. :if ([:len $o] != 0) do={ remove $o }
  131. }
  132. :local o [/ip dhcp-client find comment="defconf"]
  133. :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
  134. /ip dns {
  135. set allow-remote-requests=no
  136. :local o [static find name=router.lan address=192.168.88.1]
  137. :if ([:len $o] != 0) do={ static remove $o }
  138. }
  139. /ip address {
  140. :local o [find comment="defconf"]
  141. :if ([:len $o] != 0) do={ remove $o }
  142. }
  143. :foreach iface in=[/interface ethernet find] do={
  144. /interface ethernet set $iface name=[get $iface default-name]
  145. }
  146. /interface bridge port remove [find comment="defconf"]
  147. /interface bridge remove [find comment="defconf"]
  148. /interface wireless reset-configuration wlan1
  149. }
  150. :log info Defconf_script_finished;
  151. :set ssid;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement