API tools faq
paste
Advertisement
mtu1513

MikroTik default configuration script

mtu1513
Mar 21st, 2018
1,667
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.93 KB | None | 0 0
raw download clone embed print report
  1. :global ssid;
  2. #| RouterMode:
  3. #| * WAN port is protected by firewall and enabled DHCP client
  4. #| * Wireless and Ethernet interfaces (except WAN port ether1)
  5. #| are part of LAN bridge
  6. #| wlan1 Configuration:
  7. #| mode: ap-bridge;
  8. #| band: 2ghz-b/g/n;
  9. #| ht-chains: 0,1;
  10. #| ht-extension: 20/40mhz-Ce;
  11. #| LAN Configuration:
  12. #| IP address 192.168.88.1/24 is set on bridge (LAN port)
  13. #| DHCP Server: enabled;
  14. #| WAN (gateway) Configuration:
  15. #| gateway: ether1 ;
  16. #| ip4 firewall: enabled;
  17. #| NAT: enabled;
  18. #| DHCP Client: enabled;
  19. #| DNS: enabled;
  20.  
  21. :log info Starting_defconf_script_;
  22. #-------------------------------------------------------------------------------
  23. # Apply configuration.
  24. # these commands are executed after installation or configuration reset
  25. #-------------------------------------------------------------------------------
  26. :if ($action = "apply") do={
  27. # wait for interfaces
  28. :local count 0;
  29. :while ([/interface ethernet find] = "") do={
  30. :if ($count = 30) do={
  31. :log warning "DefConf: Unable to find ethernet interfaces";
  32. /quit;
  33. }
  34. :delay 1s; :set count ($count +1);
  35. };
  36.  
  37. :local count 0;
  38. :while ([/interface wireless print count-only] < 1) do={
  39. :set count ($count +1);
  40. :if ($count = 40) do={
  41. :log warning "DefConf: Unable to find wireless interface(s)";
  42. /ip address add address=192.168.88.1/24 interface=ether1 comment="defconf";
  43. /quit
  44. }
  45. :delay 1s;
  46. };
  47. /interface wireless {
  48. set wlan1 mode=ap-bridge band=2ghz-b/g/n tx-chains=0,1 rx-chains=0,1 \
  49. disabled=no wireless-protocol=802.11 distance=indoors
  50. :local wlanMac [/interface wireless get wlan1 mac-address];
  51. :set ssid "MikroTik-$[:pick $wlanMac 9 11]$[:pick $wlanMac 12 14]$[:pick $wlanMac 15 17]"
  52. set wlan1 ssid=$ssid
  53. set wlan1 frequency=auto
  54. set wlan1 channel-width=20/40mhz-Ce ;
  55. }
  56. /interface list add name=WAN comment="defconf"
  57. /interface list add name=LAN comment="defconf"
  58. /interface bridge
  59. add name=bridge disabled=no auto-mac=yes protocol-mode=rstp comment=defconf;
  60. :local bMACIsSet 0;
  61. :foreach k in=[/interface find where !(slave=yes || name~"ether1" || name~"bridge")] do={
  62. :local tmpPortName [/interface get $k name];
  63. :log info "port: $tmpPortName"
  64. :if ($bMACIsSet = 0) do={
  65. :if ([/interface get $k type] = "ether") do={
  66. /interface bridge set "bridge" auto-mac=no admin-mac=[/interface ethernet get $tmpPortName mac-address];
  67. :set bMACIsSet 1;
  68. }
  69. }
  70. /interface bridge port
  71. add bridge=bridge interface=$tmpPortName comment=defconf;
  72. }
  73. /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
  74. /ip dhcp-server
  75. add name=defconf address-pool="default-dhcp" interface=bridge lease-time=10m disabled=no;
  76. /ip dhcp-server network
  77. add address=192.168.88.0/24 gateway=192.168.88.1 comment="defconf";
  78. /ip address add address=192.168.88.1/24 interface=bridge comment="defconf";
  79. /ip dhcp-client add interface=ether1 disabled=no comment="defconf";
  80. /interface list member add list=LAN interface=bridge comment="defconf"
  81. /interface list member add list=WAN interface=ether1 comment="defconf"
  82. /ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"
  83. /ip firewall {
  84. filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
  85. filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
  86. filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
  87. filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
  88. filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
  89. filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
  90. filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
  91. filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
  92. filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
  93. filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
  94. }
  95. /ip neighbor discovery-settings set discover-interface-list=LAN
  96. /tool mac-server set allowed-interface-list=LAN
  97. /tool mac-server mac-winbox set allowed-interface-list=LAN
  98. /ip dns {
  99. set allow-remote-requests=yes
  100. static add name=router.lan address=192.168.88.1
  101. }
  102.  
  103. }
  104. #-------------------------------------------------------------------------------
  105. # Revert configuration.
  106. # these commands are executed if user requests to remove default configuration
  107. #-------------------------------------------------------------------------------
  108. :if ($action = "revert") do={
  109. /user set admin password=""
  110. /system routerboard mode-button set enabled=no
  111. /system routerboard mode-button set on-event=""
  112. /system script remove [find comment~"defconf"]
  113. /ip firewall filter remove [find comment~"defconf"]
  114. /ip firewall nat remove [find comment~"defconf"]
  115. /interface list member remove [find comment~"defconf"]
  116. /interface detect-internet set detect-interface-list=none
  117. /interface detect-internet set lan-interface-list=none
  118. /interface detect-internet set wan-interface-list=none
  119. /interface detect-internet set internet-interface-list=none
  120. /interface list remove [find comment~"defconf"]
  121. /tool mac-server set allowed-interface-list=all
  122. /tool mac-server mac-winbox set allowed-interface-list=all
  123. /ip neighbor discovery-settings set discover-interface-list=!dynamic
  124. :local o [/ip dhcp-server network find comment="defconf"]
  125. :if ([:len $o] != 0) do={ /ip dhcp-server network remove $o }
  126. :local o [/ip dhcp-server find name="defconf" !disabled]
  127. :if ([:len $o] != 0) do={ /ip dhcp-server remove $o }
  128. /ip pool {
  129. :local o [find name="default-dhcp" ranges=192.168.88.10-192.168.88.254]
  130. :if ([:len $o] != 0) do={ remove $o }
  131. }
  132. :local o [/ip dhcp-client find comment="defconf"]
  133. :if ([:len $o] != 0) do={ /ip dhcp-client remove $o }
  134. /ip dns {
  135. set allow-remote-requests=no
  136. :local o [static find name=router.lan address=192.168.88.1]
  137. :if ([:len $o] != 0) do={ static remove $o }
  138. }
  139. /ip address {
  140. :local o [find comment="defconf"]
  141. :if ([:len $o] != 0) do={ remove $o }
  142. }
  143. :foreach iface in=[/interface ethernet find] do={
  144. /interface ethernet set $iface name=[get $iface default-name]
  145. }
  146. /interface bridge port remove [find comment="defconf"]
  147. /interface bridge remove [find comment="defconf"]
  148. /interface wireless reset-configuration wlan1
  149. }
  150. :log info Defconf_script_finished;
  151. :set ssid;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!