cAP ac from shop (with not def conf)

1. # jun/05/2020 12:41:44 by RouterOS 6.45.8
2. # software id = L17N-5CXZ
3. #
4. # model = RBcAPGi-5acD2nD
5. # serial number =
6. /interface bridge
7. add admin-mac=11:22:33:44:55:66 auto-mac=no comment=defconf name=bridge
8. /interface wireless
9. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
10. disabled=no distance=indoors frequency=auto installation=indoor mode=\
11. ap-bridge ssid=MikroTik-445566 wireless-protocol=802.11
12. set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
13. 20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto \
14. installation=indoor mode=ap-bridge ssid=MikroTik-445566 \
15. wireless-protocol=802.11
16. /interface list
17. add comment=defconf name=WAN
18. add comment=defconf name=LAN
19. /interface wireless security-profiles
20. set [ find default=yes ] supplicant-identity=MikroTik
21. /ip pool
22. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
23. /ip dhcp-server
24. add address-pool=default-dhcp disabled=no interface=bridge name=defconf
25. /interface bridge port
26. add bridge=bridge comment=defconf interface=ether2
27. add bridge=bridge comment=defconf interface=wlan1
28. add bridge=bridge comment=defconf interface=wlan2
29. /ip neighbor discovery-settings
30. set discover-interface-list=LAN
31. /interface list member
32. add comment=defconf interface=bridge list=LAN
33. add comment=defconf interface=ether1 list=WAN
34. /ip address
35. add address=192.168.88.1/24 comment=defconf interface=bridge network=\
36. 192.168.88.0
37. /ip dhcp-client
38. add comment=defconf dhcp-options=hostname,clientid disabled=no interface=\
39. ether1
40. /ip dhcp-server network
41. add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
42. /ip dns
43. set allow-remote-requests=yes
44. /ip dns static
45. add address=192.168.88.1 comment=defconf name=router.lan
46. /ip firewall filter
47. add action=accept chain=input comment=\
48. "defconf: accept established,related,untracked" connection-state=\
49. established,related,untracked
50. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
51. invalid
52. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
53. add action=accept chain=input comment=\
54. "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
55. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
56. in-interface-list=!LAN
57. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
58. ipsec-policy=in,ipsec
59. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
60. ipsec-policy=out,ipsec
61. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
62. connection-state=established,related
63. add action=accept chain=forward comment=\
64. "defconf: accept established,related, untracked" connection-state=\
65. established,related,untracked
66. add action=drop chain=forward comment="defconf: drop invalid" \
67. connection-state=invalid
68. add action=drop chain=forward comment=\
69. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
70. connection-state=new in-interface-list=WAN
71. /ip firewall nat
72. add action=masquerade chain=srcnat comment="defconf: masquerade" \
73. ipsec-policy=out,none out-interface-list=WAN
74. /system clock
75. set time-zone-name=Europe/Kiev
76. /system routerboard mode-button
77. set enabled=yes on-event=dark-mode
78. /system script
79. add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \
80. policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
81. source="\r\
82. \n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
83. \n /system leds settings set all-leds-off=immediate \r\
84. \n } else={\r\
85. \n /system leds settings set all-leds-off=never \r\
86. \n }\r\
87. \n "
88. /tool mac-server
89. set allowed-interface-list=LAN
90. /tool mac-server mac-winbox
91. set allowed-interface-list=LAN