Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # jun/05/2020 12:41:44 by RouterOS 6.45.8
- # software id = L17N-5CXZ
- #
- # model = RBcAPGi-5acD2nD
- # serial number =
- /interface bridge
- add admin-mac=11:22:33:44:55:66 auto-mac=no comment=defconf name=bridge
- /interface wireless
- set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
- disabled=no distance=indoors frequency=auto installation=indoor mode=\
- ap-bridge ssid=MikroTik-445566 wireless-protocol=802.11
- set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
- 20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
- installation=indoor mode=ap-bridge ssid=MikroTik-445566 \
- wireless-protocol=802.11
- /interface list
- add comment=defconf name=WAN
- add comment=defconf name=LAN
- /interface wireless security-profiles
- set [ find default=yes ] supplicant-identity=MikroTik
- /ip pool
- add name=default-dhcp ranges=192.168.88.10-192.168.88.254
- /ip dhcp-server
- add address-pool=default-dhcp disabled=no interface=bridge name=defconf
- /interface bridge port
- add bridge=bridge comment=defconf interface=ether2
- add bridge=bridge comment=defconf interface=wlan1
- add bridge=bridge comment=defconf interface=wlan2
- /ip neighbor discovery-settings
- set discover-interface-list=LAN
- /interface list member
- add comment=defconf interface=bridge list=LAN
- add comment=defconf interface=ether1 list=WAN
- /ip address
- add address=192.168.88.1/24 comment=defconf interface=bridge network=\
- 192.168.88.0
- /ip dhcp-client
- add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
- ether1
- /ip dhcp-server network
- add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
- /ip dns
- set allow-remote-requests=yes
- /ip dns static
- add address=192.168.88.1 comment=defconf name=router.lan
- /ip firewall filter
- add action=accept chain=input comment=\
- "defconf: accept established,related,untracked" connection-state=\
- established,related,untracked
- add action=drop chain=input comment="defconf: drop invalid" connection-state=\
- invalid
- add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
- add action=accept chain=input comment=\
- "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
- add action=drop chain=input comment="defconf: drop all not coming from LAN" \
- in-interface-list=!LAN
- add action=accept chain=forward comment="defconf: accept in ipsec policy" \
- ipsec-policy=in,ipsec
- add action=accept chain=forward comment="defconf: accept out ipsec policy" \
- ipsec-policy=out,ipsec
- add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
- connection-state=established,related
- add action=accept chain=forward comment=\
- "defconf: accept established,related, untracked" connection-state=\
- established,related,untracked
- add action=drop chain=forward comment="defconf: drop invalid" \
- connection-state=invalid
- add action=drop chain=forward comment=\
- "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
- connection-state=new in-interface-list=WAN
- /ip firewall nat
- add action=masquerade chain=srcnat comment="defconf: masquerade" \
- ipsec-policy=out,none out-interface-list=WAN
- /system clock
- set time-zone-name=Europe/Kiev
- /system routerboard mode-button
- set enabled=yes on-event=dark-mode
- /system script
- add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
- policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
- source="\r\
- \n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
- \n /system leds settings set all-leds-off=immediate \r\
- \n } else={\r\
- \n /system leds settings set all-leds-off=never \r\
- \n }\r\
- \n "
- /tool mac-server
- set allowed-interface-list=LAN
- /tool mac-server mac-winbox
- set allowed-interface-list=LAN
Add Comment
Please, Sign In to add comment