API tools faq
paste
Guest User

Untitled

a guest
Jul 7th, 2020
65
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 7.63 KB | None | 0 0
raw download clone embed print report
  1. # software id =
  2. #
  3. # model = CRS125-24G-1S-2HnD
  4. # serial number =
  5. /interface bridge add arp=proxy-arp name=bridge-cam2
  6. /interface bridge add admin-mac=МАК arp=proxy-arp auto-mac=no name=bridge-lan
  7. /interface l2tp-client add allow=mschap2 connect-to=АЙ ПИ АДРЕС disabled=no name=l2tp-tk2 password=ПАРОЛЬ user=ЛОГИН
  8. /interface list add comment=defconf name=WAN
  9. /interface list add comment=defconf name=LAN
  10. /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
  11. /ip pool add name=dhcp-lan ranges=192.168.2.20-192.168.2.254
  12. /ip pool add name=dhcp-cam ranges=192.168.10.2-192.168.10.254
  13. /ip dhcp-server add add-arp=yes address-pool=dhcp-lan disabled=no interface=bridge-lan lease-time=14w1d name=dhcp-lan
  14. /ip dhcp-server add add-arp=yes address-pool=dhcp-cam disabled=no interface=bridge-cam2 lease-time=1w name=dhcp1
  15. /metarouter add disabled=yes disk-size=48kiB name=mr1
  16. /queue type add kind=pcq name="pcq-download 8M" pcq-classifier=dst-address pcq-rate=8M pcq-total-limit=5000KiB
  17. /queue type add kind=pcq name=pcq-upload-8M pcq-classifier=src-address pcq-rate=8M pcq-total-limit=5000KiB
  18. /queue simple add disabled=yes max-limit=45M/45M name="Internet download/upload limit" queue="pcq-upload-8M/pcq-download 8M" target=192.168.2.0/24
  19. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether2
  20. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether3
  21. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether4
  22. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether5
  23. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether6
  24. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether7
  25. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether8
  26. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether9
  27. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether10
  28. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether11
  29. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether12
  30. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether13
  31. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether14
  32. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether15
  33. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether16
  34. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether17
  35. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether18
  36. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether19
  37. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether20
  38. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether21
  39. /interface bridge port add bridge=bridge-cam2 comment=defconf interface=ether22
  40. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether23
  41. /interface bridge port add bridge=bridge-lan comment=defconf interface=ether24
  42. /interface bridge port add bridge=bridge-lan comment=defconf interface=sfp1
  43. /interface bridge port add bridge=bridge-lan comment=defconf interface=wlan1
  44. /ip neighbor discovery-settings set discover-interface-list=LAN
  45. /interface l2tp-server server set ipsec-secret=СЕКРЕТ use-ipsec=yes
  46. /interface list member add interface=bridge-lan list=LAN
  47. /interface list member add interface=ether1 list=WAN
  48. /interface sstp-server server set default-profile=default-encryption
  49. /ip address add address=192.168.2.1/24 comment=lan interface=ether2 network=192.168.2.0
  50. /ip address add address=192.168.10.1/24 interface=bridge-cam2 network=192.168.10.0
  51. /ip cloud set ddns-update-interval=10m update-time=no
  52. /ip dhcp-client add comment=defconf disabled=no interface=ether1
  53. /ip dhcp-server lease add address=192.168.2.58 client-id=1:МАК mac-address=МАК server=dhcp-lan
  54. /ip dhcp-server network add address=10.0.0.0/24 gateway=10.0.0.1
  55. /ip dhcp-server network add address=192.168.2.0/24 comment=LAN gateway=192.168.2.1
  56. /ip dhcp-server network add address=192.168.10.0/24 comment=CAM gateway=192.168.10.1
  57. /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
  58. /ip dns static add address=192.168.88.1 comment=defconf name=router.lan
  59. /ip firewall address-list add address=192.168.10.0/24 list=nat-cam
  60. /ip firewall address-list add address=192.168.2.0/24 list=nat-lan
  61. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
  62. /ip firewall filter add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
  63. /ip firewall filter add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
  64. /ip firewall filter add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
  65. /ip firewall filter add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
  66. /ip firewall filter add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
  67. /ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  68. /ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  69. /ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  70. /ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" disabled=yes in-interface-list=!LAN
  71. /ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  72. /ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  73. /ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes
  74. /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
  75. /ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  76. /ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
  77. /ip firewall filter add chain=forward comment="Permit all PPP" in-interface=ether1
  78. /ip firewall filter add chain=input comment="Permit L2TP" dst-port=1701 protocol=udp
  79. /ip firewall filter add chain=input comment="Permit IPSec ports 500 and 4500" port=500,4500 protocol=udp
  80. /ip firewall filter add chain=input comment="Permit IPSec protocol ipsec-esp" protocol=ipsec-esp
  81. /ip firewall filter add action=accept chain=input comment="Permit GRE" protocol=gre
  82. /ip firewall filter add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
  83. /ip firewall nat add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
  84. /ip route add comment="" distance=1 dst-address=192.168.0.0/24 gateway=172.16.30.1
  85. /ip route add distance=1 dst-address=192.168.3.0/24 gateway=172.16.30.1
  86. /ip service set telnet disabled=yes
  87. /ip service set ftp disabled=yes
  88. /ip service set ssh disabled=yes
  89. /ip service set api disabled=yes
  90. /ip service set api-ssl disabled=yes
  91. /metarouter interface add static-interface=bridge-lan virtual-machine=mr1 vm-mac-address=МАК
  92. /system clock set time-zone-name=Europe/Moscow
  93. /system identity set name=GW2-TK2
  94. /tool graphing interface add interface=bridge-lan
  95. /tool mac-server set allowed-interface-list=LAN
  96. /tool mac-server mac-winbox set allowed-interface-list=LAN
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!