API tools faq
paste
forsquirel

export

forsquirel
Aug 31st, 2021 (edited)
172
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.33 KB | None | 0 0
raw download clone embed print report
  1. # aug/31/2021 09:43:59 by RouterOS 6.48.3
  2. # software id = D34D-B33F
  3. #
  4. # model = RB760iGS
  5. # serial number = 8675309JiNY
  6. /interface bridge
  7. add admin-mac= auto-mac=no name=bridge vlan-filtering=yes
  8. /interface ethernet
  9. set [ find default-name=ether3 ] disabled=yes
  10. set [ find default-name=ether4 ] disabled=yes
  11. set [ find default-name=ether5 ] loop-protect=on poe-out=off
  12. set [ find default-name=sfp1 ] disabled=yes
  13. /interface vlan
  14. add interface=ether5 name=guest vlan-id=10
  15. /interface list
  16. add comment=defconf name=WAN
  17. add comment=defconf name=LAN
  18. add name=VLAN
  19. /ip dhcp-server option
  20. add code=6 name=dns1 value="'192.168.1.13''192.168.1.14''192.168.1.1'"
  21. add code=6 name=dns3 value="'192.168.1.14''192.168.1.13''192.168.1.1'"
  22. add code=6 name=dns2 value="'192.168.1.1'"
  23. add code=42 name="NTP Server" value="'192.168.1.16'"
  24. /ip kid-control
  25. add fri=6h-23h59m mon=6h-21h name=Kids sat=6h-23h thu=6h-21h tue=6h-21h \
  26. wed=6h-21h
  27. /ip pool
  28. add name=dhcp ranges=192.168.1.100-192.168.1.125
  29. add name=pool_guest ranges=192.168.10.2-192.168.10.14
  30. /ip dhcp-server
  31. add address-pool=dhcp disabled=no interface=bridge name=dhcp_lan
  32. add address-pool=pool_guest disabled=no interface=guest name=dhcp_guest
  33. /interface bridge port
  34. add bridge=bridge comment=defconf interface=ether2
  35. add bridge=bridge comment=defconf interface=ether3
  36. add bridge=bridge comment=defconf interface=ether4
  37. add bridge=bridge comment=defconf frame-types=admit-only-vlan-tagged \
  38. interface=ether5
  39. add bridge=bridge comment=defconf interface=sfp1
  40. /ip neighbor discovery-settings
  41. set discover-interface-list=LAN
  42. /interface bridge vlan
  43. add bridge=bridge comment=guest tagged=ether5 untagged=ether2,bridge \
  44. vlan-ids=10
  45. add bridge=bridge tagged=ether5 untagged=bridge,ether2 vlan-ids=1
  46. /interface list member
  47. add comment=defconf interface=bridge list=LAN
  48. add comment=defconf interface=ether1 list=WAN
  49. add interface=guest list=VLAN
  50. /ip address
  51. add address=192.168.1.1/25 interface=bridge network=192.168.1.0
  52. add address=192.186.10.1/28 interface=guest network=192.186.10.0
  53. /ip dhcp-client
  54. add comment=defconf disabled=no interface=ether1
  55. /ip dhcp-server lease
  56. /ip dhcp-server network
  57. add address=192.168.1.0/25 dhcp-option=dns dns-server=\
  58. 192.168.1.13,192.168.1.14,192.168.1.15 gateway=192.168.1.1 netmask=25
  59. add address=192.168.10.0/28 dns-server=192.168.1.13,192.168.1.14 gateway=\
  60. 192.168.10.1 netmask=28
  61. /ip dns
  62. set allow-remote-requests=yes
  63. /ip dns static
  64. add address=192.168.1.1 name=router.lan
  65. /ip firewall filter
  66. add action=accept chain=input comment=\
  67. "defconf: accept established,related,untracked" connection-state=\
  68. established,related,untracked
  69. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
  70. invalid
  71. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  72. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
  73. in-interface-list=!LAN
  74. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
  75. disabled=yes ipsec-policy=in,ipsec
  76. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
  77. disabled=yes ipsec-policy=out,ipsec
  78. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
  79. connection-state=established,related
  80. add action=accept chain=forward comment=\
  81. "defconf: accept established,related, untracked" connection-state=\
  82. established,related,untracked
  83. add action=drop chain=forward comment="defconf: drop invalid" \
  84. connection-state=invalid
  85. add action=drop chain=forward comment=\
  86. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  87. connection-state=new in-interface-list=WAN
  88. /ip firewall nat
  89. add action=masquerade chain=srcnat comment=defcon ipsec-policy=out,none \
  90. out-interface-list=WAN
  91.  
  92. /ip kid-control device
  93. add mac-address=C0:8C:71:A7:70:D1 name=Jubilee user=Kids
  94. add mac-address=24:4B:FE:8E:6A:2C name="Desktop" user=Kids
  95. add mac-address=58:B1:0F:BE:CD:24 name="Tablet" user=Kids
  96. add mac-address=B8:A1:75:DF:34:A9 name="Roku" user=Kids
  97. add mac-address=DC:FB:48:ED:7C:81 name="Chromebook" user=Kids
  98. /system clock
  99. set time-zone-name=
  100. /system identity
  101. set name=
  102. /system ntp client
  103. set enabled=yes primary-ntp=192.168.1.16
  104. /tool mac-server
  105. set allowed-interface-list=LAN
  106. /tool mac-server mac-winbox
  107. set allowed-interface-list=LAN
  108.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!