# jan/02/1970 00:52:33 by RouterOS 6.46.2# software id = XXXXXXXXX## model

1. # jan/02/1970 00:52:33 by RouterOS 6.46.2
2. # software id = XXXXXXXXX
3. #
4. # model = RBD52G-5HacD2HnD
5. # serial number = XXXXXXXXX
6. /interface bridge
7. add admin-mac=74:4D:28:BF:5A:C2 auto-mac=no comment=defconf name=bridge
8. add name=bridge-vlan
9. /interface wireless
10. set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-XX \
11. country=netherlands disabled=no distance=indoors frequency=auto \
12. installation=indoor mode=ap-bridge ssid=MikroTik-BF5AC6 \
13. wireless-protocol=802.11
14. set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40mhz-XX \
15. country=netherlands disabled=no distance=indoors frequency=auto \
16. installation=indoor mode=ap-bridge ssid=MikroTik-BF5AC7 \
17. wireless-protocol=802.11
18. /interface vlan
19. add interface=bridge-vlan name=vlan-data vlan-id=10
20. add interface=bridge-vlan name=vlan-dmz vlan-id=20
21. add interface=bridge-vlan name=vlan-guest vlan-id=30
22. /interface list
23. add comment=defconf name=WAN
24. add comment=defconf name=LAN
25. /interface wireless security-profiles
26. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=\
27. dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=mikrotik \
28. wpa2-pre-shared-key=mikrotik
29. /ip hotspot profile
30. set [ find default=yes ] html-directory=flash/hotspot
31. /ip pool
32. add name=dhcp ranges=192.168.88.10-192.168.88.254
33. add name=dhcp-data ranges=10.0.0.5-10.0.0.90
34. /ip dhcp-server
35. add address-pool=dhcp disabled=no interface=bridge name=defconf
36. add address-pool=dhcp-data disabled=no interface=vlan-data name=dhcp-data
37. /interface bridge port
38. add bridge=bridge comment=defconf interface=ether2
39. add bridge=bridge-vlan interface=ether3
40. add bridge=bridge-vlan interface=ether4
41. add bridge=bridge-vlan interface=ether5 pvid=10
42. add bridge=bridge-vlan interface=wlan1 pvid=10
43. add bridge=bridge-vlan interface=wlan2 pvid=10
44. /ip neighbor discovery-settings
45. set discover-interface-list=LAN
46. /interface bridge vlan
47. add bridge=bridge-vlan tagged=ether3,ether4 untagged=ether5,wlan1,wlan2 \
48. vlan-ids=10,20,30
49. /interface list member
50. add comment=defconf interface=bridge list=LAN
51. add comment=defconf interface=ether1 list=WAN
52. add interface=bridge-vlan list=LAN
53. /ip address
54. add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
55. 192.168.88.0
56. add address=10.0.0.1/24 interface=vlan-data network=10.0.0.0
57. /ip dhcp-client
58. add comment=defconf disabled=no interface=ether1
59. /ip dhcp-server network
60. add address=10.0.0.0/24 dns-server=10.0.0.1 gateway=10.0.0.1
61. add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
62. /ip dns
63. set allow-remote-requests=yes
64. /ip dns static
65. add address=192.168.88.1 comment=defconf name=router.lan
66. /ip firewall filter
67. add action=accept chain=input comment=\
68. "defconf: accept established,related,untracked" connection-state=\
69. established,related,untracked
70. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
71. invalid
72. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
73. add action=accept chain=input comment=\
74. "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
75. add action=drop chain=input comment="defconf: drop all not coming from LAN" \
76. in-interface-list=!LAN
77. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
78. ipsec-policy=in,ipsec
79. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
80. ipsec-policy=out,ipsec
81. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
82. connection-state=established,related
83. add action=accept chain=forward comment=\
84. "defconf: accept established,related, untracked" connection-state=\
85. established,related,untracked
86. add action=drop chain=forward comment="defconf: drop invalid" \
87. connection-state=invalid
88. add action=drop chain=forward comment=\
89. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
90. connection-state=new in-interface-list=WAN
91. /ip firewall nat
92. add action=masquerade chain=srcnat comment="defconf: masquerade" \
93. ipsec-policy=out,none out-interface-list=WAN
94. /tool mac-server
95. set allowed-interface-list=LAN
96. /tool mac-server mac-winbox
97. set allowed-interface-list=LAN