Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # 2024-04-13 22:21:00 by RouterOS 7.14.2
- # software id = 27QZ-AK9G
- #
- # model = CCR2004-16G-2S+
- # serial number = HD0081Y44MZ
- /caps-man channel
- add band=2ghz-b frequency=2412 name=2GHz_ch1
- add band=5ghz-a/n/ac extension-channel=Ceee frequency=5260 name=5GHz_ch52
- add band=2ghz-b frequency=2437 name=2GHz_ch6
- add band=2ghz-b frequency=2462 name=2GHz_ch11
- add band=5ghz-a/n/ac extension-channel=Ceee frequency=5180 name=5GHz_ch36
- add band=5ghz-a/n/ac extension-channel=Ceee frequency=5500 name=5GHz_ch100
- /interface bridge
- add ingress-filtering=no name=vlan_bridge port-cost-mode=short pvid=100 \
- vlan-filtering=yes
- /interface ethernet
- set [ find default-name=ether15 ] name=ether15-boot
- set [ find default-name=ether16 ] name=ether16-trunk-crs326 rx-flow-control=\
- auto tx-flow-control=auto
- set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-half,10M-baseT-ful\
- l,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5\
- G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR" \
- rx-flow-control=auto tx-flow-control=auto
- set [ find default-name=sfp-sfpplus2 ] advertise="10M-baseT-half,10M-baseT-ful\
- l,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5\
- G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR" disabled=\
- yes
- /interface wireguard
- add listen-port=51280 mtu=1420 name=stanczyka_client
- /interface vlan
- add interface=vlan_bridge name=vlan10-main vlan-id=10
- add interface=vlan_bridge name=vlan20-iot vlan-id=20
- add interface=vlan_bridge name=vlan30-guest vlan-id=30
- add interface=vlan_bridge name=vlan100-mgmt vlan-id=100
- /caps-man datapath
- add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
- local-forwarding=yes mtu=1500 name=vlan_10 vlan-id=10 vlan-mode=use-tag
- add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
- local-forwarding=yes mtu=1500 name=vlan_100 vlan-id=100 vlan-mode=use-tag
- add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
- local-forwarding=yes mtu=1500 name=vlan_20 vlan-id=20 vlan-mode=use-tag
- add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
- local-forwarding=yes mtu=1500 name=vlan_30 vlan-id=30 vlan-mode=use-tag
- /caps-man rates
- add basic=1Mbps,2Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,36Mbps,48Mbps,54Mbps \
- ht-basic-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,\
- mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-\
- 20,mcs-21,mcs-22,mcs-23" ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,m\
- cs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs\
- -16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=rates_all \
- supported=\
- 1Mbps,2Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,36Mbps,48Mbps,54Mbps \
- vht-basic-mcs=mcs0-9 vht-supported-mcs=mcs0-9
- /caps-man security
- add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
- name=wifi_sec
- /caps-man configuration
- add channel=2GHz_ch1 datapath=vlan_10 hide-ssid=yes name=2GHz_ch1 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=5GHz_ch36 datapath=vlan_10 hide-ssid=yes name=5GHz_ch36 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=2GHz_ch1 country=poland datapath=vlan_20 name=2GHz_iot_ch1 rates=\
- rates_all security=wifi_sec ssid=G62D_iot_nomap
- add channel=2GHz_ch1 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch1 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=2GHz_ch1 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch1 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- add channel=5GHz_ch36 datapath=vlan_20 name=5GHz_iot_ch36 rates=rates_all \
- security=wifi_sec ssid=G62D_iot_nomap
- add channel=5GHz_ch36 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch36 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=5GHz_ch36 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch36 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- add channel=2GHz_ch6 datapath=vlan_10 hide-ssid=yes name=2GHz_ch6 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=2GHz_ch6 country=poland datapath=vlan_20 name=2GHz_iot_ch6 rates=\
- rates_all security=wifi_sec ssid=G62D_iot_nomap
- add channel=2GHz_ch6 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch6 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=2GHz_ch6 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch6 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- add channel=2GHz_ch11 datapath=vlan_10 hide-ssid=yes name=2GHz_ch11 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=2GHz_ch11 country=poland datapath=vlan_20 name=2GHz_iot_ch11 \
- rates=rates_all security=wifi_sec ssid=G62D_iot_nomap
- add channel=2GHz_ch11 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch11 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=2GHz_ch11 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch11 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- add channel=5GHz_ch52 datapath=vlan_10 hide-ssid=yes name=5GHz_ch52 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=5GHz_ch52 datapath=vlan_20 name=5GHz_iot_ch52 rates=rates_all \
- security=wifi_sec ssid=G62D_iot_nomap
- add channel=5GHz_ch52 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch52 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=5GHz_ch52 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch52 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- add channel=5GHz_ch100 datapath=vlan_10 hide-ssid=yes name=5GHz_ch100 rates=\
- rates_all security=wifi_sec ssid=G62D_nomap
- add channel=5GHz_ch100 datapath=vlan_20 name=5GHz_iot_ch100 rates=rates_all \
- security=wifi_sec ssid=G62D_iot_nomap
- add channel=5GHz_ch100 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch100 \
- rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
- add channel=5GHz_ch100 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch100 \
- rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
- /caps-man interface
- add configuration=2GHz_ch1 datapath=vlan_10 disabled=no l2mtu=1600 \
- mac-address=DC:2C:6E:FA:68:2E master-interface=none mtu=1500 name=\
- Jagoda_2GHz radio-mac=DC:2C:6E:FA:68:2E radio-name=Jagoda_2GHz
- add channel.frequency=2412 configuration=2GHz_guest_ch1 datapath=vlan_30 \
- disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2E master-interface=\
- Jagoda_2GHz mtu=1500 name=Jagoda_2GHz_guest radio-mac=DE:2C:6E:FA:68:2E \
- radio-name=Jagoda_2GHz_guest
- add channel.frequency=2412 configuration=2GHz_iot_ch1 datapath=vlan_20 \
- disabled=no mac-address=DE:2C:6E:FA:68:2E master-interface=Jagoda_2GHz \
- mtu=1500 name=Jagoda_2GHz_iot radio-mac=DE:2C:6E:FA:68:2E radio-name=\
- Jagoda_2GHz_iot
- add channel.frequency=2412 configuration=2GHz_mgmt_ch1 datapath=vlan_100 \
- disabled=no l2mtu=1600 mac-address=DC:2C:6E:FA:68:2E master-interface=\
- Jagoda_2GHz mtu=1500 name=Jagoda_2GHz_mgmt radio-mac=DC:2C:6E:FA:68:2E \
- radio-name=Jagoda_2GHz_mgmt
- add channel.frequency=5180 configuration=5GHz_ch36 datapath=vlan_10 disabled=\
- no l2mtu=1600 mac-address=DC:2C:6E:FA:68:2D master-interface=none mtu=\
- 1500 name=Jagoda_5GHz radio-mac=DC:2C:6E:FA:68:2D radio-name=Jagoda_5GHz
- add channel.frequency=5180 configuration=5GHz_guest_ch36 datapath=vlan_30 \
- disabled=no mac-address=DC:2C:6E:FA:68:2D master-interface=Jagoda_5GHz \
- mtu=1500 name=Jagoda_5GHz_guest radio-mac=DC:2C:6E:FA:68:2D radio-name=\
- Jagoda_5GHz_guest
- add channel.frequency=5180 configuration=5GHz_iot_ch36 datapath=vlan_20 \
- disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2D master-interface=\
- Jagoda_5GHz mtu=1500 name=Jagoda_5GHz_iot radio-mac=DC:2C:6E:FA:68:2D \
- radio-name=Jagoda_5GHz_iot
- add channel.frequency=5180 configuration=5GHz_mgmt_ch36 datapath=vlan_100 \
- disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2F master-interface=\
- Jagoda_5GHz mtu=1500 name=Jagoda_5GHz_mgmt radio-mac=DC:2C:6E:FA:68:2D \
- radio-name=Jagoda_5GHz_mgmt
- add configuration=2GHz_ch6 datapath=vlan_10 disabled=no l2mtu=1600 \
- mac-address=18:FD:74:49:9D:CB master-interface=none name=garaz_2GHz \
- radio-mac=18:FD:74:49:9D:CB radio-name=garaz_2GHz rates.basic="" \
- .ht-basic-mcs="" .ht-supported-mcs="" .supported="" .vht-basic-mcs="" \
- .vht-supported-mcs=""
- add channel.frequency=2437 configuration=2GHz_guest_ch6 datapath=vlan_30 \
- disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CB master-interface=\
- garaz_2GHz mtu=1500 name=garaz_2GHz_guest radio-mac=18:FD:74:49:9D:CB \
- radio-name=garaz_2GHz_guest
- add configuration=2GHz_iot_ch6 datapath=vlan_20 disabled=no l2mtu=1600 \
- mac-address=1A:FD:74:49:9D:CC master-interface=garaz_2GHz name=\
- garaz_2GHz_iot radio-mac=18:FD:74:49:9D:CB radio-name=garaz_2GHz_iot \
- rates.basic="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,3\
- 6Mbps,48Mbps,54Mbps" .supported="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12\
- Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps"
- add configuration=2GHz_ch6 datapath=vlan_10 disabled=no l2mtu=1600 \
- mac-address=1A:FD:74:49:9D:D1 master-interface=garaz_2GHz name=\
- garaz_2GHz_main radio-mac=00:00:00:00:00:00 radio-name=""
- add channel.frequency=2437 configuration=2GHz_mgmt_ch6 datapath=vlan_100 \
- disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CD master-interface=\
- garaz_2GHz mtu=1500 name=garaz_2GHz_mgmt radio-mac=18:FD:74:49:9D:CB \
- radio-name=garaz_2GHz_mgmt
- add channel.frequency=5260 configuration=5GHz_ch52 datapath=vlan_10 disabled=\
- no l2mtu=1600 mac-address=18:FD:74:49:9D:CC master-interface=none mtu=\
- 1500 name=garaz_5GHz radio-mac=18:FD:74:49:9D:CC radio-name=garaz_5GHz \
- rates.basic="" .supported=""
- add channel.frequency=5260 configuration=5GHz_guest_ch52 datapath=vlan_30 \
- disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CF master-interface=\
- garaz_5GHz mtu=1500 name=garaz_5GHz_guest radio-mac=18:FD:74:49:9D:CC \
- radio-name=garaz_5GHz_guest
- add channel.frequency=5260 configuration=5GHz_iot_ch52 datapath=vlan_20 \
- disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CE master-interface=\
- garaz_5GHz mtu=1500 name=garaz_5GHz_iot radio-mac=18:FD:74:49:9D:CC \
- radio-name=gartaz_5GHz_iot
- add channel.frequency=5260 configuration=5GHz_mgmt_ch52 datapath=vlan_100 \
- disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:D0 master-interface=\
- garaz_5GHz mtu=1500 name=garaz_5GHz_mgmt radio-mac=18:FD:74:49:9D:CC \
- radio-name=garaz_5GHz_mgmt
- /interface list
- add name=WAN
- add name=mgmt
- add name=hAPs
- add name=trunks
- add name=iot
- add name=main
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /iot lora servers
- add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
- add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
- add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=\
- UDP
- add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=\
- UDP
- add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=\
- UDP
- add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
- add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
- add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
- /iot mqtt brokers
- add address=a3jhn5e1ay0acg-ats.iot.eu-west-1.amazonaws.com certificate=\
- aws_iot client-id=mikrotik name=AWS port=8883 ssl=yes
- /ip pool
- add name=pool-main ranges=192.168.10.2-192.168.10.254
- add name=pool-iot ranges=192.168.20.2-192.168.20.254
- add name=pool-mgmt ranges=192.168.100.2-192.168.100.254
- add name=pool-guest ranges=192.168.30.2-192.168.30.254
- /ip dhcp-server
- add address-pool=pool-main interface=vlan10-main lease-script="if (\$leaseBoun\
- d = 1) do= {\r\
- \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
- \n}\r\
- \n\r\
- \nif (\$leaseBound = 0) do= {\r\
- \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
- \n}" lease-time=10m name=dhcp1
- add address-pool=pool-iot interface=vlan20-iot lease-script="if (\$leaseBound \
- = 1) do= {\r\
- \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
- \n}\r\
- \n\r\
- \nif (\$leaseBound = 0) do= {\r\
- \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
- \n}" lease-time=10m name=dhcp2
- add address-pool=pool-mgmt interface=vlan100-mgmt lease-script="if (\$leaseBou\
- nd = 1) do= {\r\
- \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
- \n}\r\
- \n\r\
- \nif (\$leaseBound = 0) do= {\r\
- \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
- \n}" lease-time=10m name=dhcp3
- add address-pool=pool-guest interface=vlan30-guest lease-script="if (\$leaseBo\
- und = 1) do= {\r\
- \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
- \n}\r\
- \n\r\
- \nif (\$leaseBound = 0) do= {\r\
- \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
- \n}" lease-time=10m name=dhcp4
- /port
- set 0 name=serial0
- set 1 name=serial1
- /user group
- add name=homeassistant policy="reboot,read,write,policy,test,api,!local,!telne\
- t,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"
- add name=dude policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
- x,password,web,sniff,sensitive,api,romon,rest-api"
- /zerotier
- set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
- name=zt1 port=9993
- /zerotier interface
- add allow-default=yes allow-global=yes allow-managed=yes disabled=no \
- instance=zt1 name=zerotier1 network=0cccb752f7c0a710
- /caps-man access-list
- add action=reject allow-signal-out-of-range=10s disabled=yes \
- mac-address-mask=00:00:00:00:00:00 ssid-regexp=""
- /caps-man manager
- set enabled=yes
- /caps-man provisioning
- add action=create-dynamic-enabled master-configuration=5GHz_ch52 name-format=\
- identity radio-mac=18:FD:74:49:9D:CC
- add action=create-dynamic-enabled master-configuration=5GHz_guest_ch52 \
- radio-mac=18:FD:74:49:9D:CC
- add action=create-dynamic-enabled master-configuration=5GHz_iot_ch52 \
- radio-mac=18:FD:74:49:9D:CC
- add action=create-dynamic-enabled master-configuration=5GHz_mgmt_ch52 \
- radio-mac=18:FD:74:49:9D:CC
- add action=create-dynamic-enabled master-configuration=5GHz_ch36 radio-mac=\
- DC:2C:6E:FA:68:2D
- add action=create-dynamic-enabled master-configuration=5GHz_guest_ch36 \
- radio-mac=DC:2C:6E:FA:68:2D
- add action=create-dynamic-enabled master-configuration=5GHz_iot_ch36 \
- radio-mac=DC:2C:6E:FA:68:2D
- add action=create-dynamic-enabled master-configuration=5GHz_mgmt_ch36 \
- radio-mac=DC:2C:6E:FA:68:2D
- add action=create-dynamic-enabled master-configuration=2GHz_ch1 radio-mac=\
- DC:2C:6E:FA:68:2E
- add action=create-dynamic-enabled master-configuration=2GHz_iot_ch1 \
- radio-mac=DC:2C:6E:FA:68:2E
- add action=create-dynamic-enabled master-configuration=2GHz_mgmt_ch1 \
- radio-mac=DC:2C:6E:FA:68:2E
- add action=create-dynamic-enabled master-configuration=2GHz_guest_ch1 \
- radio-mac=DC:2C:6E:FA:68:2E
- add action=create-dynamic-enabled master-configuration=2GHz_ch6 radio-mac=\
- 18:FD:74:49:9D:CB
- add action=create-dynamic-enabled master-configuration=2GHz_mgmt_ch6 \
- radio-mac=18:FD:74:49:9D:CB
- add action=create-dynamic-enabled master-configuration=2GHz_iot_ch6 \
- radio-mac=18:FD:74:49:9D:CB
- add action=create-dynamic-enabled master-configuration=2GHz_guest_ch6 \
- radio-mac=18:FD:74:49:9D:CB
- /container config
- set ram-high=1024 registry-url=https://registry-1.docker.io tmpdir=\
- disk1/nuts/tmp
- /ip smb
- set domain=WORKSPACE
- /dude
- set enabled=yes
- /interface bridge port
- add bridge=vlan_bridge interface=hAPs internal-path-cost=10 path-cost=10 \
- pvid=100
- add bridge=vlan_bridge frame-types=admit-only-vlan-tagged interface=trunks \
- internal-path-cost=10 path-cost=10 pvid=100
- add bridge=vlan_bridge interface=iot internal-path-cost=10 path-cost=10 pvid=\
- 20
- add bridge=vlan_bridge interface=mgmt pvid=100
- add bridge=vlan_bridge interface=main pvid=10
- /ip firewall connection tracking
- set udp-timeout=10s
- /ip neighbor discovery-settings
- set discover-interface-list=all lldp-med-net-policy-vlan=100
- /interface bridge vlan
- add bridge=vlan_bridge tagged=\
- vlan_bridge,ether14-trunk-jagoda,ether13,sfp-sfpplus2,ether2,ether4 \
- untagged=ether8,sfp-sfpplus1 vlan-ids=10
- add bridge=vlan_bridge tagged=\
- vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether4,ether2 \
- untagged=ether9,ether10 vlan-ids=20
- add bridge=vlan_bridge tagged=\
- vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether2,ether4 \
- vlan-ids=30
- add bridge=vlan_bridge tagged=\
- vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether2 untagged=\
- ether3,ether5,ether6 vlan-ids=100
- /interface list member
- add interface=ether1 list=WAN
- add interface=ether3 list=mgmt
- add interface=ether4 list=mgmt
- add interface=ether5 list=mgmt
- add interface=ether7 list=mgmt
- add interface=ether8 list=main
- add interface=ether13 list=trunks
- add interface=ether14-trunk-jagoda list=trunks
- add interface=ether16-trunk-crs326 list=trunks
- add interface=*3B list=trunks
- add interface=sfp-sfpplus2 list=trunks
- add interface=ether10 list=iot
- add interface=ether9 list=iot
- add interface=ether11 list=iot
- add interface=ether12 list=iot
- add interface=ether6 list=mgmt
- add interface=ether15-boot list=trunks
- add interface=ether2 list=mgmt
- add interface=sfp-sfpplus1 list=main
- /ip address
- add address=192.168.100.1/24 interface=vlan100-mgmt network=192.168.100.0
- add address=192.168.10.1/24 interface=vlan10-main network=192.168.10.0
- add address=192.168.20.1/24 interface=vlan20-iot network=192.168.20.0
- add address=192.168.30.1/24 interface=vlan30-guest network=192.168.30.0
- /ip cloud
- set update-time=no
- /ip dhcp-client
- add interface=ether1
- /ip dhcp-server network
- add address=192.168.10.0/24 dns-server=192.168.20.1 gateway=192.168.10.1
- add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
- add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1
- add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
- add address=192.168.169.0/24 dns-server=192.168.169.1 gateway=192.168.169.1 \
- netmask=24
- /ip dns
- set allow-remote-requests=yes servers=\
- 192.168.100.1,192.168.10.1,192.168.20.1,192.168.30.1
- /ip firewall address-list
- add address=192.168.69.111 list=dns_servers
- add address=192.168.69.201 disabled=yes list=dns_servers
- add address=192.168.69.0/24 list=MyLAN
- add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
- add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
- d this subnet before enable it" disabled=yes list=bogons
- add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
- add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
- add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
- need this subnet before enable it" disabled=yes list=bogons
- add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
- \_need this subnet before enable it" disabled=yes list=bogons
- add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
- add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
- bogons
- add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
- add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
- add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
- add address=224.0.0.0/4 comment=\
- "MC, Class D, IANA # Check if you need this subnet before enable it" \
- list=bogons
- add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
- add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
- add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
- add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
- add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
- add address=224.0.0.0/4 comment=Multicast list=not_in_internet
- add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
- add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
- add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
- add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
- add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
- add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
- add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
- add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
- not_in_internet
- add address=172.16.0.0/16 comment="Docker ace" list=MyLAN
- add address=172.17.0.0/16 comment="Docker sfejer" list=MyLAN
- /ip firewall filter
- add action=accept chain=forward
- add action=accept chain=input
- add action=accept chain=output
- /ip firewall mangle
- add action=passthrough chain=forward comment=accounting-wan-tx out-interface=\
- ether1
- add action=passthrough chain=forward comment=accounting-wan-rx in-interface=\
- ether1
- add action=mark-packet chain=forward connection-mark=Torrent new-packet-mark=\
- Infinite passthrough=yes
- add action=mark-packet chain=forward comment=icmp new-packet-mark=icmp \
- passthrough=no protocol=icmp
- add action=mark-packet chain=forward comment=ssl dst-port=443 \
- new-packet-mark=ssl passthrough=no protocol=tcp
- add action=mark-packet chain=forward comment="DNS Request" dst-port=53 \
- new-packet-mark=dns passthrough=no protocol=udp
- add action=mark-packet chain=forward comment=udp-100 new-packet-mark=udp-100 \
- packet-size=0-100 passthrough=no protocol=udp
- add action=mark-packet chain=forward comment=udp-500 new-packet-mark=udp-500 \
- packet-size=100-500 passthrough=no protocol=udp
- add action=mark-packet chain=forward comment=udp-other new-packet-mark=\
- udp-other passthrough=no protocol=udp
- add action=mark-packet chain=forward comment=pop3 dst-port=110,995 \
- new-packet-mark=pop3 passthrough=no protocol=tcp
- add action=mark-packet chain=forward comment=smtp dst-port=25,587,465 \
- new-packet-mark=smtp passthrough=no protocol=tcp
- add action=mark-packet chain=forward comment=imap dst-port=143,993 \
- new-packet-mark=imap passthrough=no protocol=tcp
- add action=mark-packet chain=forward comment=http dst-port=80 \
- new-packet-mark=http passthrough=no protocol=tcp
- add action=mark-packet chain=forward comment=60MB-Infinite connection-bytes=\
- 62914560-0 new-packet-mark=Infinite passthrough=yes
- add action=mark-packet chain=forward comment=1MB-60MB connection-bytes=\
- 1048576-62914560 new-packet-mark=60Mbytes passthrough=yes
- add action=mark-packet chain=forward comment=0-1MB connection-bytes=1-1048576 \
- new-packet-mark=1Mbyte passthrough=yes
- /ip firewall nat
- add action=masquerade chain=srcnat
- add action=masquerade chain=srcnat src-address=172.17.0.0/24
- /ip firewall raw
- add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
- src-address=192.168.30.0/24
- add action=drop chain=prerouting disabled=yes dst-address=192.168.10.0/24 \
- src-address=192.168.30.0/24
- add action=drop chain=prerouting disabled=yes dst-address=192.168.20.0/24 \
- src-address=192.168.30.0/24
- add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
- src-address=192.168.20.0/24
- add action=drop chain=prerouting disabled=yes dst-address=192.168.10.0/24 \
- src-address=192.168.20.0/24
- add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
- src-address=192.168.10.0/24
- /ip smb shares
- set [ find default=yes ] directory=/pub
- /snmp
- set enabled=yes trap-version=2
- /system clock
- set time-zone-name=Europe/Warsaw
- /system identity
- set name=CCR2004
- /system note
- set show-at-login=no
- /system ntp client
- set enabled=yes
- /system ntp server
- set broadcast=yes enabled=yes manycast=yes multicast=yes
- /system ntp client servers
- add address=pl.pool.ntp.org
- /tool bandwidth-server
- set authenticate=no enabled=no
- /tool romon
- set enabled=yes
Add Comment
Please, Sign In to add comment