API tools faq
paste
amccloud

CCR2004

amccloud
Apr 13th, 2024 (edited)
7
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.00 KB | None | 0 0
raw download clone embed print report
  1. # 2024-04-13 22:21:00 by RouterOS 7.14.2
  2. # software id = 27QZ-AK9G
  3. #
  4. # model = CCR2004-16G-2S+
  5. # serial number = HD0081Y44MZ
  6. /caps-man channel
  7. add band=2ghz-b frequency=2412 name=2GHz_ch1
  8. add band=5ghz-a/n/ac extension-channel=Ceee frequency=5260 name=5GHz_ch52
  9. add band=2ghz-b frequency=2437 name=2GHz_ch6
  10. add band=2ghz-b frequency=2462 name=2GHz_ch11
  11. add band=5ghz-a/n/ac extension-channel=Ceee frequency=5180 name=5GHz_ch36
  12. add band=5ghz-a/n/ac extension-channel=Ceee frequency=5500 name=5GHz_ch100
  13. /interface bridge
  14. add ingress-filtering=no name=vlan_bridge port-cost-mode=short pvid=100 \
  15. vlan-filtering=yes
  16. /interface ethernet
  17. set [ find default-name=ether15 ] name=ether15-boot
  18. set [ find default-name=ether16 ] name=ether16-trunk-crs326 rx-flow-control=\
  19. auto tx-flow-control=auto
  20. set [ find default-name=sfp-sfpplus1 ] advertise="10M-baseT-half,10M-baseT-ful\
  21. l,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5\
  22. G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR" \
  23. rx-flow-control=auto tx-flow-control=auto
  24. set [ find default-name=sfp-sfpplus2 ] advertise="10M-baseT-half,10M-baseT-ful\
  25. l,100M-baseT-half,100M-baseT-full,1G-baseT-half,1G-baseT-full,1G-baseX,2.5\
  26. G-baseT,2.5G-baseX,5G-baseT,10G-baseT,10G-baseSR-LR,10G-baseCR" disabled=\
  27. yes
  28. /interface wireguard
  29. add listen-port=51280 mtu=1420 name=stanczyka_client
  30. /interface vlan
  31. add interface=vlan_bridge name=vlan10-main vlan-id=10
  32. add interface=vlan_bridge name=vlan20-iot vlan-id=20
  33. add interface=vlan_bridge name=vlan30-guest vlan-id=30
  34. add interface=vlan_bridge name=vlan100-mgmt vlan-id=100
  35. /caps-man datapath
  36. add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
  37. local-forwarding=yes mtu=1500 name=vlan_10 vlan-id=10 vlan-mode=use-tag
  38. add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
  39. local-forwarding=yes mtu=1500 name=vlan_100 vlan-id=100 vlan-mode=use-tag
  40. add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
  41. local-forwarding=yes mtu=1500 name=vlan_20 vlan-id=20 vlan-mode=use-tag
  42. add bridge=vlan_bridge client-to-client-forwarding=yes l2mtu=1600 \
  43. local-forwarding=yes mtu=1500 name=vlan_30 vlan-id=30 vlan-mode=use-tag
  44. /caps-man rates
  45. add basic=1Mbps,2Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,36Mbps,48Mbps,54Mbps \
  46. ht-basic-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,\
  47. mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-\
  48. 20,mcs-21,mcs-22,mcs-23" ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,m\
  49. cs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs\
  50. -16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=rates_all \
  51. supported=\
  52. 1Mbps,2Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,36Mbps,48Mbps,54Mbps \
  53. vht-basic-mcs=mcs0-9 vht-supported-mcs=mcs0-9
  54. /caps-man security
  55. add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm \
  56. name=wifi_sec
  57. /caps-man configuration
  58. add channel=2GHz_ch1 datapath=vlan_10 hide-ssid=yes name=2GHz_ch1 rates=\
  59. rates_all security=wifi_sec ssid=G62D_nomap
  60. add channel=5GHz_ch36 datapath=vlan_10 hide-ssid=yes name=5GHz_ch36 rates=\
  61. rates_all security=wifi_sec ssid=G62D_nomap
  62. add channel=2GHz_ch1 country=poland datapath=vlan_20 name=2GHz_iot_ch1 rates=\
  63. rates_all security=wifi_sec ssid=G62D_iot_nomap
  64. add channel=2GHz_ch1 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch1 \
  65. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  66. add channel=2GHz_ch1 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch1 \
  67. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  68. add channel=5GHz_ch36 datapath=vlan_20 name=5GHz_iot_ch36 rates=rates_all \
  69. security=wifi_sec ssid=G62D_iot_nomap
  70. add channel=5GHz_ch36 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch36 \
  71. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  72. add channel=5GHz_ch36 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch36 \
  73. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  74. add channel=2GHz_ch6 datapath=vlan_10 hide-ssid=yes name=2GHz_ch6 rates=\
  75. rates_all security=wifi_sec ssid=G62D_nomap
  76. add channel=2GHz_ch6 country=poland datapath=vlan_20 name=2GHz_iot_ch6 rates=\
  77. rates_all security=wifi_sec ssid=G62D_iot_nomap
  78. add channel=2GHz_ch6 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch6 \
  79. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  80. add channel=2GHz_ch6 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch6 \
  81. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  82. add channel=2GHz_ch11 datapath=vlan_10 hide-ssid=yes name=2GHz_ch11 rates=\
  83. rates_all security=wifi_sec ssid=G62D_nomap
  84. add channel=2GHz_ch11 country=poland datapath=vlan_20 name=2GHz_iot_ch11 \
  85. rates=rates_all security=wifi_sec ssid=G62D_iot_nomap
  86. add channel=2GHz_ch11 datapath=vlan_30 hide-ssid=yes name=2GHz_guest_ch11 \
  87. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  88. add channel=2GHz_ch11 datapath=vlan_100 hide-ssid=yes name=2GHz_mgmt_ch11 \
  89. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  90. add channel=5GHz_ch52 datapath=vlan_10 hide-ssid=yes name=5GHz_ch52 rates=\
  91. rates_all security=wifi_sec ssid=G62D_nomap
  92. add channel=5GHz_ch52 datapath=vlan_20 name=5GHz_iot_ch52 rates=rates_all \
  93. security=wifi_sec ssid=G62D_iot_nomap
  94. add channel=5GHz_ch52 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch52 \
  95. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  96. add channel=5GHz_ch52 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch52 \
  97. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  98. add channel=5GHz_ch100 datapath=vlan_10 hide-ssid=yes name=5GHz_ch100 rates=\
  99. rates_all security=wifi_sec ssid=G62D_nomap
  100. add channel=5GHz_ch100 datapath=vlan_20 name=5GHz_iot_ch100 rates=rates_all \
  101. security=wifi_sec ssid=G62D_iot_nomap
  102. add channel=5GHz_ch100 datapath=vlan_30 hide-ssid=yes name=5GHz_guest_ch100 \
  103. rates=rates_all security=wifi_sec ssid=G62D_guest_nomap
  104. add channel=5GHz_ch100 datapath=vlan_100 hide-ssid=yes name=5GHz_mgmt_ch100 \
  105. rates=rates_all security=wifi_sec ssid=G62D_mgmt_nomap
  106. /caps-man interface
  107. add configuration=2GHz_ch1 datapath=vlan_10 disabled=no l2mtu=1600 \
  108. mac-address=DC:2C:6E:FA:68:2E master-interface=none mtu=1500 name=\
  109. Jagoda_2GHz radio-mac=DC:2C:6E:FA:68:2E radio-name=Jagoda_2GHz
  110. add channel.frequency=2412 configuration=2GHz_guest_ch1 datapath=vlan_30 \
  111. disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2E master-interface=\
  112. Jagoda_2GHz mtu=1500 name=Jagoda_2GHz_guest radio-mac=DE:2C:6E:FA:68:2E \
  113. radio-name=Jagoda_2GHz_guest
  114. add channel.frequency=2412 configuration=2GHz_iot_ch1 datapath=vlan_20 \
  115. disabled=no mac-address=DE:2C:6E:FA:68:2E master-interface=Jagoda_2GHz \
  116. mtu=1500 name=Jagoda_2GHz_iot radio-mac=DE:2C:6E:FA:68:2E radio-name=\
  117. Jagoda_2GHz_iot
  118. add channel.frequency=2412 configuration=2GHz_mgmt_ch1 datapath=vlan_100 \
  119. disabled=no l2mtu=1600 mac-address=DC:2C:6E:FA:68:2E master-interface=\
  120. Jagoda_2GHz mtu=1500 name=Jagoda_2GHz_mgmt radio-mac=DC:2C:6E:FA:68:2E \
  121. radio-name=Jagoda_2GHz_mgmt
  122. add channel.frequency=5180 configuration=5GHz_ch36 datapath=vlan_10 disabled=\
  123. no l2mtu=1600 mac-address=DC:2C:6E:FA:68:2D master-interface=none mtu=\
  124. 1500 name=Jagoda_5GHz radio-mac=DC:2C:6E:FA:68:2D radio-name=Jagoda_5GHz
  125. add channel.frequency=5180 configuration=5GHz_guest_ch36 datapath=vlan_30 \
  126. disabled=no mac-address=DC:2C:6E:FA:68:2D master-interface=Jagoda_5GHz \
  127. mtu=1500 name=Jagoda_5GHz_guest radio-mac=DC:2C:6E:FA:68:2D radio-name=\
  128. Jagoda_5GHz_guest
  129. add channel.frequency=5180 configuration=5GHz_iot_ch36 datapath=vlan_20 \
  130. disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2D master-interface=\
  131. Jagoda_5GHz mtu=1500 name=Jagoda_5GHz_iot radio-mac=DC:2C:6E:FA:68:2D \
  132. radio-name=Jagoda_5GHz_iot
  133. add channel.frequency=5180 configuration=5GHz_mgmt_ch36 datapath=vlan_100 \
  134. disabled=no l2mtu=1600 mac-address=DE:2C:6E:FA:68:2F master-interface=\
  135. Jagoda_5GHz mtu=1500 name=Jagoda_5GHz_mgmt radio-mac=DC:2C:6E:FA:68:2D \
  136. radio-name=Jagoda_5GHz_mgmt
  137. add configuration=2GHz_ch6 datapath=vlan_10 disabled=no l2mtu=1600 \
  138. mac-address=18:FD:74:49:9D:CB master-interface=none name=garaz_2GHz \
  139. radio-mac=18:FD:74:49:9D:CB radio-name=garaz_2GHz rates.basic="" \
  140. .ht-basic-mcs="" .ht-supported-mcs="" .supported="" .vht-basic-mcs="" \
  141. .vht-supported-mcs=""
  142. add channel.frequency=2437 configuration=2GHz_guest_ch6 datapath=vlan_30 \
  143. disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CB master-interface=\
  144. garaz_2GHz mtu=1500 name=garaz_2GHz_guest radio-mac=18:FD:74:49:9D:CB \
  145. radio-name=garaz_2GHz_guest
  146. add configuration=2GHz_iot_ch6 datapath=vlan_20 disabled=no l2mtu=1600 \
  147. mac-address=1A:FD:74:49:9D:CC master-interface=garaz_2GHz name=\
  148. garaz_2GHz_iot radio-mac=18:FD:74:49:9D:CB radio-name=garaz_2GHz_iot \
  149. rates.basic="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,3\
  150. 6Mbps,48Mbps,54Mbps" .supported="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12\
  151. Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps"
  152. add configuration=2GHz_ch6 datapath=vlan_10 disabled=no l2mtu=1600 \
  153. mac-address=1A:FD:74:49:9D:D1 master-interface=garaz_2GHz name=\
  154. garaz_2GHz_main radio-mac=00:00:00:00:00:00 radio-name=""
  155. add channel.frequency=2437 configuration=2GHz_mgmt_ch6 datapath=vlan_100 \
  156. disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CD master-interface=\
  157. garaz_2GHz mtu=1500 name=garaz_2GHz_mgmt radio-mac=18:FD:74:49:9D:CB \
  158. radio-name=garaz_2GHz_mgmt
  159. add channel.frequency=5260 configuration=5GHz_ch52 datapath=vlan_10 disabled=\
  160. no l2mtu=1600 mac-address=18:FD:74:49:9D:CC master-interface=none mtu=\
  161. 1500 name=garaz_5GHz radio-mac=18:FD:74:49:9D:CC radio-name=garaz_5GHz \
  162. rates.basic="" .supported=""
  163. add channel.frequency=5260 configuration=5GHz_guest_ch52 datapath=vlan_30 \
  164. disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CF master-interface=\
  165. garaz_5GHz mtu=1500 name=garaz_5GHz_guest radio-mac=18:FD:74:49:9D:CC \
  166. radio-name=garaz_5GHz_guest
  167. add channel.frequency=5260 configuration=5GHz_iot_ch52 datapath=vlan_20 \
  168. disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:CE master-interface=\
  169. garaz_5GHz mtu=1500 name=garaz_5GHz_iot radio-mac=18:FD:74:49:9D:CC \
  170. radio-name=gartaz_5GHz_iot
  171. add channel.frequency=5260 configuration=5GHz_mgmt_ch52 datapath=vlan_100 \
  172. disabled=no l2mtu=1600 mac-address=1A:FD:74:49:9D:D0 master-interface=\
  173. garaz_5GHz mtu=1500 name=garaz_5GHz_mgmt radio-mac=18:FD:74:49:9D:CC \
  174. radio-name=garaz_5GHz_mgmt
  175. /interface list
  176. add name=WAN
  177. add name=mgmt
  178. add name=hAPs
  179. add name=trunks
  180. add name=iot
  181. add name=main
  182. /interface wireless security-profiles
  183. set [ find default=yes ] supplicant-identity=MikroTik
  184. /iot lora servers
  185. add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
  186. add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
  187. add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=\
  188. UDP
  189. add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=\
  190. UDP
  191. add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=\
  192. UDP
  193. add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
  194. add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
  195. add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
  196. /iot mqtt brokers
  197. add address=a3jhn5e1ay0acg-ats.iot.eu-west-1.amazonaws.com certificate=\
  198. aws_iot client-id=mikrotik name=AWS port=8883 ssl=yes
  199. /ip pool
  200. add name=pool-main ranges=192.168.10.2-192.168.10.254
  201. add name=pool-iot ranges=192.168.20.2-192.168.20.254
  202. add name=pool-mgmt ranges=192.168.100.2-192.168.100.254
  203. add name=pool-guest ranges=192.168.30.2-192.168.30.254
  204. /ip dhcp-server
  205. add address-pool=pool-main interface=vlan10-main lease-script="if (\$leaseBoun\
  206. d = 1) do= {\r\
  207. \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
  208. \n}\r\
  209. \n\r\
  210. \nif (\$leaseBound = 0) do= {\r\
  211. \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
  212. \n}" lease-time=10m name=dhcp1
  213. add address-pool=pool-iot interface=vlan20-iot lease-script="if (\$leaseBound \
  214. = 1) do= {\r\
  215. \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
  216. \n}\r\
  217. \n\r\
  218. \nif (\$leaseBound = 0) do= {\r\
  219. \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
  220. \n}" lease-time=10m name=dhcp2
  221. add address-pool=pool-mgmt interface=vlan100-mgmt lease-script="if (\$leaseBou\
  222. nd = 1) do= {\r\
  223. \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
  224. \n}\r\
  225. \n\r\
  226. \nif (\$leaseBound = 0) do= {\r\
  227. \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
  228. \n}" lease-time=10m name=dhcp3
  229. add address-pool=pool-guest interface=vlan30-guest lease-script="if (\$leaseBo\
  230. und = 1) do= {\r\
  231. \n/ip/dns/static add address=\$leaseActIP name=\$\"lease-hostname\"\r\
  232. \n}\r\
  233. \n\r\
  234. \nif (\$leaseBound = 0) do= {\r\
  235. \n/ip/dns/static remove [/ip/dns/static/ find name=\$\"lease-hostname\"]\r\
  236. \n}" lease-time=10m name=dhcp4
  237. /port
  238. set 0 name=serial0
  239. set 1 name=serial1
  240. /user group
  241. add name=homeassistant policy="reboot,read,write,policy,test,api,!local,!telne\
  242. t,!ssh,!ftp,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"
  243. add name=dude policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbo\
  244. x,password,web,sniff,sensitive,api,romon,rest-api"
  245. /zerotier
  246. set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
  247. name=zt1 port=9993
  248. /zerotier interface
  249. add allow-default=yes allow-global=yes allow-managed=yes disabled=no \
  250. instance=zt1 name=zerotier1 network=0cccb752f7c0a710
  251. /caps-man access-list
  252. add action=reject allow-signal-out-of-range=10s disabled=yes \
  253. mac-address-mask=00:00:00:00:00:00 ssid-regexp=""
  254. /caps-man manager
  255. set enabled=yes
  256. /caps-man provisioning
  257. add action=create-dynamic-enabled master-configuration=5GHz_ch52 name-format=\
  258. identity radio-mac=18:FD:74:49:9D:CC
  259. add action=create-dynamic-enabled master-configuration=5GHz_guest_ch52 \
  260. radio-mac=18:FD:74:49:9D:CC
  261. add action=create-dynamic-enabled master-configuration=5GHz_iot_ch52 \
  262. radio-mac=18:FD:74:49:9D:CC
  263. add action=create-dynamic-enabled master-configuration=5GHz_mgmt_ch52 \
  264. radio-mac=18:FD:74:49:9D:CC
  265. add action=create-dynamic-enabled master-configuration=5GHz_ch36 radio-mac=\
  266. DC:2C:6E:FA:68:2D
  267. add action=create-dynamic-enabled master-configuration=5GHz_guest_ch36 \
  268. radio-mac=DC:2C:6E:FA:68:2D
  269. add action=create-dynamic-enabled master-configuration=5GHz_iot_ch36 \
  270. radio-mac=DC:2C:6E:FA:68:2D
  271. add action=create-dynamic-enabled master-configuration=5GHz_mgmt_ch36 \
  272. radio-mac=DC:2C:6E:FA:68:2D
  273. add action=create-dynamic-enabled master-configuration=2GHz_ch1 radio-mac=\
  274. DC:2C:6E:FA:68:2E
  275. add action=create-dynamic-enabled master-configuration=2GHz_iot_ch1 \
  276. radio-mac=DC:2C:6E:FA:68:2E
  277. add action=create-dynamic-enabled master-configuration=2GHz_mgmt_ch1 \
  278. radio-mac=DC:2C:6E:FA:68:2E
  279. add action=create-dynamic-enabled master-configuration=2GHz_guest_ch1 \
  280. radio-mac=DC:2C:6E:FA:68:2E
  281. add action=create-dynamic-enabled master-configuration=2GHz_ch6 radio-mac=\
  282. 18:FD:74:49:9D:CB
  283. add action=create-dynamic-enabled master-configuration=2GHz_mgmt_ch6 \
  284. radio-mac=18:FD:74:49:9D:CB
  285. add action=create-dynamic-enabled master-configuration=2GHz_iot_ch6 \
  286. radio-mac=18:FD:74:49:9D:CB
  287. add action=create-dynamic-enabled master-configuration=2GHz_guest_ch6 \
  288. radio-mac=18:FD:74:49:9D:CB
  289. /container config
  290. set ram-high=1024 registry-url=https://registry-1.docker.io tmpdir=\
  291. disk1/nuts/tmp
  292. /ip smb
  293. set domain=WORKSPACE
  294. /dude
  295. set enabled=yes
  296. /interface bridge port
  297. add bridge=vlan_bridge interface=hAPs internal-path-cost=10 path-cost=10 \
  298. pvid=100
  299. add bridge=vlan_bridge frame-types=admit-only-vlan-tagged interface=trunks \
  300. internal-path-cost=10 path-cost=10 pvid=100
  301. add bridge=vlan_bridge interface=iot internal-path-cost=10 path-cost=10 pvid=\
  302. 20
  303. add bridge=vlan_bridge interface=mgmt pvid=100
  304. add bridge=vlan_bridge interface=main pvid=10
  305. /ip firewall connection tracking
  306. set udp-timeout=10s
  307. /ip neighbor discovery-settings
  308. set discover-interface-list=all lldp-med-net-policy-vlan=100
  309. /interface bridge vlan
  310. add bridge=vlan_bridge tagged=\
  311. vlan_bridge,ether14-trunk-jagoda,ether13,sfp-sfpplus2,ether2,ether4 \
  312. untagged=ether8,sfp-sfpplus1 vlan-ids=10
  313. add bridge=vlan_bridge tagged=\
  314. vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether4,ether2 \
  315. untagged=ether9,ether10 vlan-ids=20
  316. add bridge=vlan_bridge tagged=\
  317. vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether2,ether4 \
  318. vlan-ids=30
  319. add bridge=vlan_bridge tagged=\
  320. vlan_bridge,ether13,ether14-trunk-jagoda,sfp-sfpplus2,ether2 untagged=\
  321. ether3,ether5,ether6 vlan-ids=100
  322. /interface list member
  323. add interface=ether1 list=WAN
  324. add interface=ether3 list=mgmt
  325. add interface=ether4 list=mgmt
  326. add interface=ether5 list=mgmt
  327. add interface=ether7 list=mgmt
  328. add interface=ether8 list=main
  329. add interface=ether13 list=trunks
  330. add interface=ether14-trunk-jagoda list=trunks
  331. add interface=ether16-trunk-crs326 list=trunks
  332. add interface=*3B list=trunks
  333. add interface=sfp-sfpplus2 list=trunks
  334. add interface=ether10 list=iot
  335. add interface=ether9 list=iot
  336. add interface=ether11 list=iot
  337. add interface=ether12 list=iot
  338. add interface=ether6 list=mgmt
  339. add interface=ether15-boot list=trunks
  340. add interface=ether2 list=mgmt
  341. add interface=sfp-sfpplus1 list=main
  342. /ip address
  343. add address=192.168.100.1/24 interface=vlan100-mgmt network=192.168.100.0
  344. add address=192.168.10.1/24 interface=vlan10-main network=192.168.10.0
  345. add address=192.168.20.1/24 interface=vlan20-iot network=192.168.20.0
  346. add address=192.168.30.1/24 interface=vlan30-guest network=192.168.30.0
  347. /ip cloud
  348. set update-time=no
  349. /ip dhcp-client
  350. add interface=ether1
  351. /ip dhcp-server network
  352. add address=192.168.10.0/24 dns-server=192.168.20.1 gateway=192.168.10.1
  353. add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1
  354. add address=192.168.30.0/24 dns-server=192.168.30.1 gateway=192.168.30.1
  355. add address=192.168.100.0/24 dns-server=192.168.100.1 gateway=192.168.100.1
  356. add address=192.168.169.0/24 dns-server=192.168.169.1 gateway=192.168.169.1 \
  357. netmask=24
  358. /ip dns
  359. set allow-remote-requests=yes servers=\
  360. 192.168.100.1,192.168.10.1,192.168.20.1,192.168.30.1
  361. /ip firewall address-list
  362. add address=192.168.69.111 list=dns_servers
  363. add address=192.168.69.201 disabled=yes list=dns_servers
  364. add address=192.168.69.0/24 list=MyLAN
  365. add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
  366. add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
  367. d this subnet before enable it" disabled=yes list=bogons
  368. add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
  369. add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
  370. add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
  371. need this subnet before enable it" disabled=yes list=bogons
  372. add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
  373. \_need this subnet before enable it" disabled=yes list=bogons
  374. add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
  375. add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
  376. bogons
  377. add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
  378. add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
  379. add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
  380. add address=224.0.0.0/4 comment=\
  381. "MC, Class D, IANA # Check if you need this subnet before enable it" \
  382. list=bogons
  383. add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
  384. add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
  385. add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
  386. add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
  387. add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
  388. add address=224.0.0.0/4 comment=Multicast list=not_in_internet
  389. add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
  390. add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
  391. add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
  392. add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
  393. add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
  394. add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
  395. add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
  396. add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
  397. not_in_internet
  398. add address=172.16.0.0/16 comment="Docker ace" list=MyLAN
  399. add address=172.17.0.0/16 comment="Docker sfejer" list=MyLAN
  400. /ip firewall filter
  401. add action=accept chain=forward
  402. add action=accept chain=input
  403. add action=accept chain=output
  404. /ip firewall mangle
  405. add action=passthrough chain=forward comment=accounting-wan-tx out-interface=\
  406. ether1
  407. add action=passthrough chain=forward comment=accounting-wan-rx in-interface=\
  408. ether1
  409. add action=mark-packet chain=forward connection-mark=Torrent new-packet-mark=\
  410. Infinite passthrough=yes
  411. add action=mark-packet chain=forward comment=icmp new-packet-mark=icmp \
  412. passthrough=no protocol=icmp
  413. add action=mark-packet chain=forward comment=ssl dst-port=443 \
  414. new-packet-mark=ssl passthrough=no protocol=tcp
  415. add action=mark-packet chain=forward comment="DNS Request" dst-port=53 \
  416. new-packet-mark=dns passthrough=no protocol=udp
  417. add action=mark-packet chain=forward comment=udp-100 new-packet-mark=udp-100 \
  418. packet-size=0-100 passthrough=no protocol=udp
  419. add action=mark-packet chain=forward comment=udp-500 new-packet-mark=udp-500 \
  420. packet-size=100-500 passthrough=no protocol=udp
  421. add action=mark-packet chain=forward comment=udp-other new-packet-mark=\
  422. udp-other passthrough=no protocol=udp
  423. add action=mark-packet chain=forward comment=pop3 dst-port=110,995 \
  424. new-packet-mark=pop3 passthrough=no protocol=tcp
  425. add action=mark-packet chain=forward comment=smtp dst-port=25,587,465 \
  426. new-packet-mark=smtp passthrough=no protocol=tcp
  427. add action=mark-packet chain=forward comment=imap dst-port=143,993 \
  428. new-packet-mark=imap passthrough=no protocol=tcp
  429. add action=mark-packet chain=forward comment=http dst-port=80 \
  430. new-packet-mark=http passthrough=no protocol=tcp
  431. add action=mark-packet chain=forward comment=60MB-Infinite connection-bytes=\
  432. 62914560-0 new-packet-mark=Infinite passthrough=yes
  433. add action=mark-packet chain=forward comment=1MB-60MB connection-bytes=\
  434. 1048576-62914560 new-packet-mark=60Mbytes passthrough=yes
  435. add action=mark-packet chain=forward comment=0-1MB connection-bytes=1-1048576 \
  436. new-packet-mark=1Mbyte passthrough=yes
  437. /ip firewall nat
  438. add action=masquerade chain=srcnat
  439. add action=masquerade chain=srcnat src-address=172.17.0.0/24
  440. /ip firewall raw
  441. add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
  442. src-address=192.168.30.0/24
  443. add action=drop chain=prerouting disabled=yes dst-address=192.168.10.0/24 \
  444. src-address=192.168.30.0/24
  445. add action=drop chain=prerouting disabled=yes dst-address=192.168.20.0/24 \
  446. src-address=192.168.30.0/24
  447. add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
  448. src-address=192.168.20.0/24
  449. add action=drop chain=prerouting disabled=yes dst-address=192.168.10.0/24 \
  450. src-address=192.168.20.0/24
  451. add action=drop chain=prerouting disabled=yes dst-address=192.168.100.0/24 \
  452. src-address=192.168.10.0/24
  453. /ip smb shares
  454. set [ find default=yes ] directory=/pub
  455. /snmp
  456. set enabled=yes trap-version=2
  457. /system clock
  458. set time-zone-name=Europe/Warsaw
  459. /system identity
  460. set name=CCR2004
  461. /system note
  462. set show-at-login=no
  463. /system ntp client
  464. set enabled=yes
  465. /system ntp server
  466. set broadcast=yes enabled=yes manycast=yes multicast=yes
  467. /system ntp client servers
  468. add address=pl.pool.ntp.org
  469. /tool bandwidth-server
  470. set authenticate=no enabled=no
  471. /tool romon
  472. set enabled=yes
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!