API tools faq
paste
Guest User

Untitled

a guest
Jun 3rd, 2018
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.06 KB | None | 0 0
raw download clone embed print report
  1. ```bash
  2. # may/31/2018 20:31:36 by RouterOS 6.42.3
  3. # software id = Y8Y9-D171
  4. #
  5. # model = RouterBOARD 952Ui-5ac2nD
  6. # serial number =
  7.  
  8.  
  9. /interface lte
  10. set [ find ] mac-address=AA:BB:CC:DD:EE:FF name=lte1
  11.  
  12.  
  13. /interface bridge
  14. add admin-mac=CC:DD:EE:00:11:22 auto-mac=no comment=default name=bridge_default
  15. add comment=security name=bridge_security
  16.  
  17.  
  18. /interface ethernet
  19. set [ find default-name=ether1 ] name=ether1-WAN
  20. set [ find default-name=ether2 ] name=ether2-master
  21.  
  22.  
  23. /interface wireless
  24. set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-Ceee country=spain disabled=no \
  25. distance=indoors frequency=auto keepalive-frames=disabled mode=ap-bridge multicast-buffering=disabled \
  26. name=wlan2-5GHz-LAN ssid=HET-5GHz wds-cost-range=0 wds-default-cost=0 wireless-protocol=802.11 \
  27. wps-mode=disabled
  28. add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:0E:93:B8 master-interface=wlan2-5GHz-LAN \
  29. multicast-buffering=disabled name=wlan5-5GHz-LAN-SEG ssid=HET-5GHz-SEG wds-cost-range=0 \
  30. wds-default-cost=0 wps-mode=disabled
  31.  
  32.  
  33. /interface list
  34. add exclude=dynamic name=discover
  35. add name=mactel
  36. add name=mac-winbox
  37.  
  38.  
  39. /interface wireless security-profiles
  40. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys \
  41. supplicant-identity=Mikrotik wpa2-pre-shared-key=YourPasswordComesHere!
  42. add authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys name=WAN \
  43. supplicant-identity="" wpa-pre-shared-key=YourPasswordComesHere! \
  44. wpa2-pre-shared-key=YourPasswordComesHere!
  45. add name=none supplicant-identity=Mikrotik
  46.  
  47.  
  48. /interface wireless
  49. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=spain disabled=no \
  50. distance=indoors frequency=auto keepalive-frames=disabled mode=station-pseudobridge \
  51. multicast-buffering=disabled name=wlan1-2GHz-WAN security-profile=WAN ssid=HotelSSID wds-cost-range=0 \
  52. wds-default-cost=0 wireless-protocol=802.11 wps-mode=disabled
  53. add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:0E:93:B9 master-interface=wlan1-2GHz-WAN \
  54. multicast-buffering=disabled name=wlan3-2GHz-LAN ssid=HET-2GHz wds-cost-range=0 wds-default-cost=0 \
  55. wps-mode=disabled
  56. add disabled=no keepalive-frames=disabled mac-address=CE:2D:E0:0E:93:BA master-interface=wlan1-2GHz-WAN \
  57. multicast-buffering=disabled name=wlan4-2GHz-LAN-SEG ssid=HET-2GHz-SEG wds-cost-range=0 \
  58. wds-default-cost=0 wps-mode=disabled
  59.  
  60.  
  61. /ip ipsec proposal
  62. add name=L2TP pfs-group=none
  63.  
  64.  
  65. /ip pool
  66. add name=pool_default ranges=192.168.88.10-192.168.88.254
  67. add name=pool_security ranges=192.168.99.10-192.168.99.254
  68.  
  69.  
  70. /ip dhcp-server
  71. add address-pool=pool_default disabled=no interface=bridge_default name=dhcp_default
  72. add address-pool=pool_security disabled=no interface=bridge_security name=dhcp_security
  73.  
  74.  
  75. /ppp profile
  76. add change-tcp-mss=yes name=L2TP-MC only-one=no use-compression=no use-encryption=required use-mpls=no
  77.  
  78.  
  79. /interface l2tp-client
  80. add allow=mschap2 allow-fast-path=yes connect-to=vpn-VPN_Endpoint_here disabled=no name=L2TP-MC \
  81. password=FuckingReallyDifficultPasswordComesHere! profile=L2TP-MC user=Username_here
  82.  
  83.  
  84. /interface bridge port
  85. add bridge=bridge_default interface=ether2-master
  86. add bridge=bridge_default interface=wlan2-5GHz-LAN
  87. add bridge=bridge_default interface=ether3
  88. add bridge=bridge_default interface=ether4
  89. add bridge=bridge_default interface=ether5
  90. add bridge=bridge_default interface=wlan3-2GHz-LAN
  91. add bridge=bridge_security interface=wlan4-2GHz-LAN-SEG
  92. add bridge=bridge_security interface=wlan5-5GHz-LAN-SEG
  93.  
  94.  
  95. /ip neighbor discovery-settings
  96. set discover-interface-list=discover
  97.  
  98.  
  99. /interface l2tp-server server
  100. set allow-fast-path=yes ipsec-secret=EA1HET
  101.  
  102.  
  103. /interface list member
  104. add interface=bridge_default list=discover
  105. add interface=bridge_default list=mactel
  106. add interface=bridge_default list=mac-winbox
  107. add interface=ether2-master list=discover
  108. add interface=ether2-master list=mac-winbox
  109. add interface=ether2-master list=mactel
  110. add interface=ether3 list=discover
  111. add interface=ether3 list=mac-winbox
  112. add interface=ether3 list=mactel
  113. add interface=ether4 list=discover
  114. add interface=ether4 list=mac-winbox
  115. add interface=ether4 list=mactel
  116. add interface=ether5 list=discover
  117. add interface=ether5 list=mac-winbox
  118. add interface=ether5 list=mactel
  119. add interface=wlan3-2GHz-LAN list=discover
  120. add interface=wlan3-2GHz-LAN list=mac-winbox
  121. add interface=wlan3-2GHz-LAN list=mactel
  122. add interface=wlan4-2GHz-LAN-SEG list=discover
  123. add interface=wlan4-2GHz-LAN-SEG list=mac-winbox
  124. add interface=wlan4-2GHz-LAN-SEG list=mactel
  125. add interface=wlan2-5GHz-LAN list=discover
  126. add interface=wlan2-5GHz-LAN list=mac-winbox
  127. add interface=wlan2-5GHz-LAN list=mactel
  128. add interface=wlan5-5GHz-LAN-SEG list=discover
  129. add interface=wlan5-5GHz-LAN-SEG list=mactel
  130. add interface=wlan5-5GHz-LAN-SEG list=mac-winbox
  131.  
  132.  
  133. /ip address
  134. add address=192.168.88.1/24 comment=default interface=bridge_default network=192.168.88.0
  135. add address=192.168.99.1/24 comment=security interface=bridge_security network=192.168.99.0
  136.  
  137.  
  138. /ip dhcp-client
  139. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=ether1-WAN
  140. add dhcp-options=hostname,clientid disabled=no interface=wlan1-2GHz-WAN
  141.  
  142.  
  143. /ip dhcp-server network
  144. add address=192.168.88.0/24 comment=default dns-server=192.168.88.1 gateway=192.168.88.1 \
  145. ntp-server=147.156.7.18,213.251.52.234,5.56.160.3,185.242.56.3
  146. add address=192.168.99.0/24 comment=security dns-server=192.168.99.1 gateway=192.168.99.1 \
  147. ntp-server=147.156.7.18,213.251.52.234,5.56.160.3,185.242.56.3
  148.  
  149.  
  150. /ip dns
  151. set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4
  152.  
  153.  
  154. /ip dns static
  155. add address=192.168.88.1 name=router
  156.  
  157.  
  158. /ip firewall address-list
  159. add address=192.168.88.0/24 list=net-local
  160. add address=192.168.99.0/24 list=net-vpn
  161.  
  162.  
  163. /ip firewall filter
  164. add action=accept chain=forward comment="debug rules: permit any any" disabled=yes
  165. add action=accept chain=input disabled=yes
  166. add action=accept chain=output disabled=yes
  167. add action=accept chain=input comment="defconf: accept ICMP" in-interface=!wlan1-2GHz-WAN \
  168. protocol=icmp
  169. add action=accept chain=input in-interface=!ether1-WAN protocol=icmp
  170. add action=accept chain=input comment="defconf: accept established,related" \
  171. connection-state=established,related
  172. add action=accept chain=input comment="defconf: accept DHCP/BootP on external interfaces" \
  173. dst-port=68 in-interface=wlan1-2GHz-WAN protocol=udp
  174. add action=accept chain=input dst-port=68 in-interface=ether1-WAN protocol=udp
  175. add action=drop chain=input comment="defconf: drop all from WAN" in-interface=wlan1-2GHz-WAN
  176. add action=drop chain=input in-interface=ether1-WAN
  177. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  178. connection-state=established,related
  179. add action=accept chain=forward comment="defconf: accept established,related" \
  180. connection-state=established,related
  181. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  182. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
  183. connection-nat-state=!dstnat connection-state=new in-interface=wlan1-2GHz-WAN
  184. add action=drop chain=forward connection-nat-state=!dstnat connection-state=new \
  185. in-interface=ether1-WAN
  186.  
  187.  
  188. /ip firewall mangle
  189. add action=mark-routing chain=prerouting comment="defconf: when on a security Wi-Fi mark traffic \
  190. to send it through L2TP VPN" new-routing-mark=L2TP-MC passthrough=yes src-address-list=net-vpn
  191.  
  192.  
  193. /ip firewall nat
  194. add action=masquerade chain=srcnat comment="defconf: masquerade for outgoing traffic" \
  195. out-interface=wlan1-2GHz-WAN
  196. add action=masquerade chain=srcnat out-interface=ether1-WAN
  197. add action=masquerade chain=srcnat out-interface=lte1
  198. add action=masquerade chain=srcnat out-interface=L2TP-MC
  199.  
  200.  
  201. /ip firewall service-port
  202. set dccp disabled=yes
  203. set ftp disabled=yes
  204. set h323 disabled=yes
  205. set irc disabled=yes
  206. set pptp disabled=yes
  207. set sctp disabled=yes
  208. set sip disabled=yes
  209. set tftp disabled=yes
  210. set udplite disabled=yes
  211.  
  212.  
  213. /ip ipsec peer
  214. add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
  215. secret=AnotherFuckingReallyDifficultPasswordComesHere!
  216.  
  217.  
  218. /ip route
  219. add distance=1 gateway=L2TP-MC routing-mark=L2TP-MC
  220.  
  221.  
  222. /ip service
  223. set api address=192.168.88.0/24,192.168.99.0/24 disabled=yes
  224. set api-ssl certificate=Mikrotik disabled=yes
  225. set ftp address=192.168.88.0/24,192.168.99.0/24 disabled=yes
  226. set telnet address=192.168.88.0/24,192.168.99.0/24 disabled=yes
  227. set winbox address=192.168.88.0/24,192.168.99.0/24
  228. set www address=192.168.88.0/24,192.168.99.0/24 disabled=yes
  229. set www-ssl certificate=Mikrotik disabled=no
  230.  
  231.  
  232. /ip upnp
  233. set enabled=yes
  234.  
  235.  
  236. /ip upnp interfaces
  237. add interface=bridge_default type=internal
  238. add interface=ether2-master type=internal
  239. add interface=ether3 type=internal
  240. add interface=ether4 type=internal
  241. add interface=ether5 type=internal
  242. add interface=wlan3-2GHz-LAN type=internal
  243. add interface=wlan2-5GHz-LAN type=internal
  244.  
  245.  
  246. /system clock
  247. set time-zone-name=Europe/Madrid
  248.  
  249.  
  250. /system note
  251. set note="You are attempting to connect to a private network - Authorized administrators only. \
  252. Access to this device is monitored."
  253.  
  254.  
  255. /system routerboard settings
  256. set silent-boot=no
  257.  
  258.  
  259. /tool mac-server
  260. set allowed-interface-list=mactel
  261.  
  262.  
  263. /tool mac-server mac-winbox
  264. set allowed-interface-list=mac-winbox
  265.  
  266. ```
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!