API tools faq
paste
Advertisement
Guest User

RouterOS

a guest
Apr 29th, 2016
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.49 KB | None | 0 0
raw download clone embed print report
  1. # Admin password
  2. # Koristiti standardni password za routere kojima samo mi imamo pristup
  3. # Za ostale koristiti druge passworde. Trenutno: Pondi=60606, GradDubrovnik=56789
  4. /user
  5. set admin password=*****
  6.  
  7. # Ime sustava
  8. # Za routere u Lumiss Net backbone-u koristiti format <lokacija>-Lumiss, npr, "Adria-Lumiss"
  9. # Za ostale routere koristiti lokaciju i/ili namjenu, npr. "Adria" ili "GradPentagonBridge"
  10. /system identity
  11. set name=Lumiss
  12.  
  13.  
  14.  
  15. # Vremenska zona i NTP server
  16. /system clock
  17. set time-zone-name=Europe/Zagreb
  18. /system ntp client
  19. set enabled=yes mode=unicast primary-ntp=192.168.42.1 secondary-ntp=0.0.0.0
  20.  
  21. # DNS server(i)
  22. /ip dns
  23. set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
  24.  
  25. # Skripta za backup na Lumiss FTP server
  26. # POKRENUTI OVU SKRIPTU NAKON SVAKE PROMJENE KONFIGURACIJE
  27. /system script
  28. add name=BackupFTP policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":local fileName ([/system identity get name] . \".backup\")\r\
  29. \n:local ftpServer 192.168.42.1\r\
  30. \n:local user \"mikrotik\"\r\
  31. \n:local password \"backup\"\r\
  32. \n\r\
  33. \n/system backup save name=\$fileName\r\
  34. \n:delay 5\r\
  35. \n/tool fetch address=\$ftpServer src-path=\$fileName dst-path=\$fileName user=\$user password=\$password mode=ftp upload=yes\r\
  36. \n"
  37.  
  38. # Ako želimo automatski periodično pokretati backup skriptu
  39. # U ovom primjeru je interval 7 dana
  40. /system scheduler
  41. add name="Backup" on-event=BackupFTP start-date=jan/01/2012 start-time=23:00:00 interval=7d
  42.  
  43. # Isključiti neighbor discovery na svim sučeljima
  44. # Ovo nije nužno ali smanjuje promet na linkovima
  45. foreach int in=[ip neighbor discovery find disabled=no] do={/ip neighbor discovery disable $int}
  46.  
  47. # Wireless security profile
  48. # Promijeniti "wpa2-pre-shared-key" prema potrebi
  49. /interface wireless security-profiles
  50. add authentication-types=wpa2-psk group-ciphers=aes-ccm mode=dynamic-keys name=WPA unicast-ciphers=aes-ccm wpa2-pre-shared-key=lum60606
  51.  
  52. od Gregus 2, 29.05.2014. wpa password: lum60606rdziph
  53. # Wireless sučelja
  54. # U ovom primjeru sučelje 0 je ap-bridge, a sučelje 1 station
  55. # Ako je više sučelja na jednom routeru ili više routera u blizini jedan drugog, STAVITI IH NA RAZLIČITE FREKVENCIJE
  56. # PARAMETAR name: Stavljati deskriptivna imena, prema destinaciji na koju se spaja, npr. "wlan-adria"
  57. # PARAMETAR ssid: U backbone-u koristiti "Lumiss Net", za ostalo prema namjeni
  58. # PARAMETAR radio-name: U pravilu postaviti isto kao i "system identity", osim u iznimnim slučajevima
  59. /interface wireless
  60. set 0 name=wlan-bridge mode=ap-bridge band=5ghz-a/n frequency=5805 channel-width=20/40mhz-ht-above \
  61. ht-ampdu-priorities="" ht-rxchains=0 ht-txchains=0 hw-retries=15 periodic-calibration=disabled \
  62. radio-name=Lumiss ssid=Lumiss security-profile=WPA default-authentication=no default-forwarding=no disabled=no
  63. set 1 name=wlan-station mode=station band=5ghz-a/n frequency=5200 channel-width=20/40mhz-ht-above \
  64. ht-ampdu-priorities="" ht-rxchains=0 ht-txchains=0 hw-retries=15 periodic-calibration=disabled \
  65. radio-name=Lumiss ssid=Lumiss security-profile=WPA default-authentication=no default-forwarding=no disabled=no
  66.  
  67. # Ako se više od jednog routera spaja na isto sučelje i koristi se RIP,
  68. # treba dodati virtualni AP s DRUKČIJIM ssid-om i dodijeliti mu zasebnu IP adresu
  69. /interface wireless
  70. add name=wlan-bridge1 master-interface=wlan-bridge ssid=Lumiss1 default-authentication=no default-forwarding=no security-profile=WPA disabled=no
  71.  
  72. # Za sučelja koja su u station modu, dodati u connect-list MAC adresu routera na koji se spaja
  73. /interface wireless connect-list
  74. add connect=yes disabled=no interface=wlan-station mac-address=00:0C:42:65:29:6B security-profile=WPA
  75.  
  76. # Za sučelja koja su u bridge ili ap-bridge modu, dodati u access-list MAC adrese svih routera koji se na njega spajaju
  77. /interface wireless access-list
  78. add authentication=yes disabled=no forwarding=yes interface=wlan-HrvojeAP mac-address=E4:8D:8C:8F:29:BB
  79.  
  80. # Kreirati bridge ako je potrebno (npr. ako router radi kao switch)
  81. # WIRELESS SUČELJA U STATION MODU NE MOGU RADITI ISPRAVNO U BRIDGE-U
  82. # U TOM SLUČAJU JE NUŽNO KORISITITI WDS (mode=station-wds)
  83. /interface bridge
  84. add disabled=no name=bridge1
  85. /interface bridge port
  86. add bridge=bridge1 disabled=no interface=ether2
  87. add bridge=bridge1 disabled=no interface=ether3
  88. add bridge=bridge1 disabled=no interface=ether4
  89.  
  90. # Postaviti IP adrese prema potrebi
  91. /ip address
  92. add address=192.168.42.49/24 disabled=no interface=ether1 network=192.168.42.0
  93. add address=10.0.1.1/30 disabled=no interface=wlan-station network=10.0.1.0
  94.  
  95. # Kreirati statičke rute ako je potrebno (default ruta je u pravilu potrebna)
  96. /ip route
  97. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.42.1 scope=30 target-scope=10
  98.  
  99.  
  100.  
  101.  
  102. + nat
  103. IP Firewall srcnat, network range(address) to add to NAT ili out interface gdje je default gateway
  104.  
  105. + queue
  106. # Konfigurirati RIP po želji
  107. # U POPIS MREŽA JE NUŽNO DODATI I SUBNET KOJI SE NALAZI NA AKTIVNOM SUČELJU, BEZ OBZIRA ŠTO SE NE DISTRIBUIRA
  108. /routing rip
  109. set distribute-default=never redistribute-connected=no redistribute-static=yes routing-table=main
  110. /routing rip interface
  111. add disabled=no interface=wlan-bridge receive=v2 send=v2
  112. /routing rip network
  113. add disabled=no network=192.168.42.0/24
  114. add disabled=no network=10.0.1.0/30
  115.  
  116.  
  117.  
  118.  
  119.  
  120. ------------------------
  121.  
  122. 10.0.2.150
  123.  
  124. 10.0.2.149/30 acess point na srdju
  125.  
  126.  
  127. 02:0c:42:6b:ab:26
  128. ssid:buggy-srdj
  129. WPA: lum60606
  130. frekvencija: 5240
  131.  
  132.  
  133.  
  134. add connect=yes disabled=no interface=wlan-Hrvoje mac-address=02:0c:42:6b:ab:26 security-profile=WPA
  135.  
  136.  
  137.  
  138. add address=192.168.42.49/24 disabled=no interface=ether1 network=192.168.42.0
  139.  
  140. add address=10.0.2.150/30 disabled=no interface=wlan-Hrvoje network=10.0.2.149
  141.  
  142. chain: scnat
  143. src address: lokalni subnet korisnika
  144. pod acton: masquarade
  145.  
  146.  
  147. ## defult route treba biti adresa access pointa
  148. # Kreirati statičke rute ako je potrebno (default ruta je u pravilu potrebna)
  149. /ip route
  150. add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.2.149 scope=30 target-scope=10
  151.  
  152.  
  153. ##/interface wireless
  154. ssid wlana treba biti isti kao od access pointa
  155.  
  156. # Za sučelja koja su u station modu, dodati u connect-list MAC adresu routera na koji se spaja
  157. /interface wireless connect-list
  158. add connect=yes disabled=no interface=wlan1-HrvojeST mac-address=D4:CA:6D:13:2E:CB security-profile=WPA
  159.  
  160.  
  161. D4:CA:6D:13:2E:CB mac adresa access pointa
  162. E4:8D:8C:8F:29:BB mac adresa stationa
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!