Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Admin password
- # Koristiti standardni password za routere kojima samo mi imamo pristup
- # Za ostale koristiti druge passworde. Trenutno: Pondi=60606, GradDubrovnik=56789
- /user
- set admin password=*****
- # Ime sustava
- # Za routere u Lumiss Net backbone-u koristiti format <lokacija>-Lumiss, npr, "Adria-Lumiss"
- # Za ostale routere koristiti lokaciju i/ili namjenu, npr. "Adria" ili "GradPentagonBridge"
- /system identity
- set name=Lumiss
- # Vremenska zona i NTP server
- /system clock
- set time-zone-name=Europe/Zagreb
- /system ntp client
- set enabled=yes mode=unicast primary-ntp=192.168.42.1 secondary-ntp=0.0.0.0
- # DNS server(i)
- /ip dns
- set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
- # Skripta za backup na Lumiss FTP server
- # POKRENUTI OVU SKRIPTU NAKON SVAKE PROMJENE KONFIGURACIJE
- /system script
- add name=BackupFTP policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":local fileName ([/system identity get name] . \".backup\")\r\
- \n:local ftpServer 192.168.42.1\r\
- \n:local user \"mikrotik\"\r\
- \n:local password \"backup\"\r\
- \n\r\
- \n/system backup save name=\$fileName\r\
- \n:delay 5\r\
- \n/tool fetch address=\$ftpServer src-path=\$fileName dst-path=\$fileName user=\$user password=\$password mode=ftp upload=yes\r\
- \n"
- # Ako želimo automatski periodično pokretati backup skriptu
- # U ovom primjeru je interval 7 dana
- /system scheduler
- add name="Backup" on-event=BackupFTP start-date=jan/01/2012 start-time=23:00:00 interval=7d
- # Isključiti neighbor discovery na svim sučeljima
- # Ovo nije nužno ali smanjuje promet na linkovima
- foreach int in=[ip neighbor discovery find disabled=no] do={/ip neighbor discovery disable $int}
- # Wireless security profile
- # Promijeniti "wpa2-pre-shared-key" prema potrebi
- /interface wireless security-profiles
- add authentication-types=wpa2-psk group-ciphers=aes-ccm mode=dynamic-keys name=WPA unicast-ciphers=aes-ccm wpa2-pre-shared-key=lum60606
- od Gregus 2, 29.05.2014. wpa password: lum60606rdziph
- # Wireless sučelja
- # U ovom primjeru sučelje 0 je ap-bridge, a sučelje 1 station
- # Ako je više sučelja na jednom routeru ili više routera u blizini jedan drugog, STAVITI IH NA RAZLIČITE FREKVENCIJE
- # PARAMETAR name: Stavljati deskriptivna imena, prema destinaciji na koju se spaja, npr. "wlan-adria"
- # PARAMETAR ssid: U backbone-u koristiti "Lumiss Net", za ostalo prema namjeni
- # PARAMETAR radio-name: U pravilu postaviti isto kao i "system identity", osim u iznimnim slučajevima
- /interface wireless
- set 0 name=wlan-bridge mode=ap-bridge band=5ghz-a/n frequency=5805 channel-width=20/40mhz-ht-above \
- ht-ampdu-priorities="" ht-rxchains=0 ht-txchains=0 hw-retries=15 periodic-calibration=disabled \
- radio-name=Lumiss ssid=Lumiss security-profile=WPA default-authentication=no default-forwarding=no disabled=no
- set 1 name=wlan-station mode=station band=5ghz-a/n frequency=5200 channel-width=20/40mhz-ht-above \
- ht-ampdu-priorities="" ht-rxchains=0 ht-txchains=0 hw-retries=15 periodic-calibration=disabled \
- radio-name=Lumiss ssid=Lumiss security-profile=WPA default-authentication=no default-forwarding=no disabled=no
- # Ako se više od jednog routera spaja na isto sučelje i koristi se RIP,
- # treba dodati virtualni AP s DRUKČIJIM ssid-om i dodijeliti mu zasebnu IP adresu
- /interface wireless
- add name=wlan-bridge1 master-interface=wlan-bridge ssid=Lumiss1 default-authentication=no default-forwarding=no security-profile=WPA disabled=no
- # Za sučelja koja su u station modu, dodati u connect-list MAC adresu routera na koji se spaja
- /interface wireless connect-list
- add connect=yes disabled=no interface=wlan-station mac-address=00:0C:42:65:29:6B security-profile=WPA
- # Za sučelja koja su u bridge ili ap-bridge modu, dodati u access-list MAC adrese svih routera koji se na njega spajaju
- /interface wireless access-list
- add authentication=yes disabled=no forwarding=yes interface=wlan-HrvojeAP mac-address=E4:8D:8C:8F:29:BB
- # Kreirati bridge ako je potrebno (npr. ako router radi kao switch)
- # WIRELESS SUČELJA U STATION MODU NE MOGU RADITI ISPRAVNO U BRIDGE-U
- # U TOM SLUČAJU JE NUŽNO KORISITITI WDS (mode=station-wds)
- /interface bridge
- add disabled=no name=bridge1
- /interface bridge port
- add bridge=bridge1 disabled=no interface=ether2
- add bridge=bridge1 disabled=no interface=ether3
- add bridge=bridge1 disabled=no interface=ether4
- # Postaviti IP adrese prema potrebi
- /ip address
- add address=192.168.42.49/24 disabled=no interface=ether1 network=192.168.42.0
- add address=10.0.1.1/30 disabled=no interface=wlan-station network=10.0.1.0
- # Kreirati statičke rute ako je potrebno (default ruta je u pravilu potrebna)
- /ip route
- add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.42.1 scope=30 target-scope=10
- + nat
- IP Firewall srcnat, network range(address) to add to NAT ili out interface gdje je default gateway
- + queue
- # Konfigurirati RIP po želji
- # U POPIS MREŽA JE NUŽNO DODATI I SUBNET KOJI SE NALAZI NA AKTIVNOM SUČELJU, BEZ OBZIRA ŠTO SE NE DISTRIBUIRA
- /routing rip
- set distribute-default=never redistribute-connected=no redistribute-static=yes routing-table=main
- /routing rip interface
- add disabled=no interface=wlan-bridge receive=v2 send=v2
- /routing rip network
- add disabled=no network=192.168.42.0/24
- add disabled=no network=10.0.1.0/30
- ------------------------
- 10.0.2.150
- 10.0.2.149/30 acess point na srdju
- 02:0c:42:6b:ab:26
- ssid:buggy-srdj
- WPA: lum60606
- frekvencija: 5240
- add connect=yes disabled=no interface=wlan-Hrvoje mac-address=02:0c:42:6b:ab:26 security-profile=WPA
- add address=192.168.42.49/24 disabled=no interface=ether1 network=192.168.42.0
- add address=10.0.2.150/30 disabled=no interface=wlan-Hrvoje network=10.0.2.149
- chain: scnat
- src address: lokalni subnet korisnika
- pod acton: masquarade
- ## defult route treba biti adresa access pointa
- # Kreirati statičke rute ako je potrebno (default ruta je u pravilu potrebna)
- /ip route
- add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.2.149 scope=30 target-scope=10
- ##/interface wireless
- ssid wlana treba biti isti kao od access pointa
- # Za sučelja koja su u station modu, dodati u connect-list MAC adresu routera na koji se spaja
- /interface wireless connect-list
- add connect=yes disabled=no interface=wlan1-HrvojeST mac-address=D4:CA:6D:13:2E:CB security-profile=WPA
- D4:CA:6D:13:2E:CB mac adresa access pointa
- E4:8D:8C:8F:29:BB mac adresa stationa
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement