/caps-man channeladd band=2ghz-onlyn control-channel-width=20mhz frequency=241

1. /caps-man channel
2. add band=2ghz-onlyn control-channel-width=20mhz frequency=2412,2422,2437,2452,2462 name=channel24
3. add band=5ghz-onlyac control-channel-width=20mhz frequency=5180,5200,5240 name=channel5
4. /interface wireless
5. # managed by CAPsMAN
6. # channel: 2412/20-Ce/gn(17dBm), SSID: home_wifi, CAPsMAN forwarding
7. set [ find default-name=wlan1 ] ssid=MikroTik station-roaming=enabled
8. # managed by CAPsMAN
9. # channel: 5180/20-Ceee/ac/P(17dBm), SSID: home_wifi, CAPsMAN forwarding
10. set [ find default-name=wlan2 ] ssid=MikroTik station-roaming=enabled
11. /interface bridge
12. add igmp-snooping=yes name=bridge1 protocol-mode=none
13. /interface ethernet
14. set [ find default-name=ether1 ] comment=WAN
15. set [ find default-name=ether2 ] comment=Ajax
16. set [ find default-name=ether3 ] comment=TV
17. /caps-man datapath
18. add bridge=bridge1 name=datapath1
19. /caps-man security
20. add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm group-key-update=1h name=security1
21. /caps-man configuration
22. add channel=channel24 country=ukraine datapath=datapath1 distance=indoors hw-protection-mode=rts-cts hw-retries=7 installation=indoor \
23. keepalive-frames=enabled mode=ap multicast-helper=full name=cfg24 rx-chains=0,1,2,3 security=security1 ssid=home_wifi tx-chains=0,1,2,3
24. add channel=channel5 country=ukraine datapath=datapath1 distance=indoors hw-protection-mode=rts-cts hw-retries=7 installation=indoor \
25. keepalive-frames=enabled mode=ap multicast-helper=full name=cfg5 rx-chains=0,1,2,3 security=security1 ssid=home_wifi tx-chains=0,1,2,3
26. /caps-man interface
27. add configuration=cfg5 disabled=no l2mtu=1600 mac-address=48:8F:5A:E7:BA:49 master-interface=none name=cap3 radio-mac=48:8F:5A:E7:BA:49 \
28. radio-name=488F5AE7BA49
29. add configuration=cfg24 disabled=no l2mtu=1600 mac-address=48:8F:5A:E7:BA:48 master-interface=none name=cap4 radio-mac=48:8F:5A:E7:BA:48 \
30. radio-name=488F5AE7BA48
31. add configuration=cfg5 disabled=no l2mtu=1600 mac-address=48:8F:5A:6F:D7:1D master-interface=none name=cap5 radio-mac=48:8F:5A:6F:D7:1D \
32. radio-name=488F5A6FD71D
33. add configuration=cfg24 disabled=no l2mtu=1600 mac-address=48:8F:5A:6F:D7:1C master-interface=none name=cap6 radio-mac=48:8F:5A:6F:D7:1C \
34. radio-name=488F5A6FD71C
35. add configuration=cfg24 disabled=no l2mtu=1600 mac-address=48:8F:5A:78:37:E2 master-interface=none name=cap7 radio-mac=48:8F:5A:78:37:E2 \
36. radio-name=488F5A7837E2
37. add configuration=cfg5 disabled=no l2mtu=1600 mac-address=48:8F:5A:78:37:E3 master-interface=none name=cap8 radio-mac=48:8F:5A:78:37:E3 \
38. radio-name=488F5A7837E3
39. /interface list
40. add name=WAN_Interface
41. /interface wireless security-profiles
42. set [ find default=yes ] supplicant-identity=MikroTik
43. /ip hotspot profile
44. set [ find default=yes ] html-directory=flash/hotspot
45. /ip pool
46. add name=dhcp_pool0 ranges=192.168.9.21-192.168.9.254
47. /ip dhcp-server
48. add address-pool=dhcp_pool0 disabled=no interface=bridge1 lease-time=1d name=dhcp1
49. /ppp profile
50. set *FFFFFFFE bridge=bridge1 local-address=dhcp_pool0 remote-address=dhcp_pool0
51. /tool user-manager customer
52. set admin access=own-routers,own-users,own-profiles,own-limits,config-payment-gw
53. /user group
54. set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
55. /caps-man manager
56. set enabled=yes
57. /caps-man provisioning
58. add action=create-enabled hw-supported-modes=gn master-configuration=cfg24
59. add action=create-enabled hw-supported-modes=ac master-configuration=cfg5
60. /interface bridge port
61. add bridge=bridge1 interface=ether2
62. add bridge=bridge1 interface=ether3
63. add bridge=bridge1 interface=ether4
64. add bridge=bridge1 interface=ether5
65. add bridge=bridge1 disabled=yes interface=wlan1
66. add bridge=bridge1 disabled=yes interface=wlan2
67. add bridge=bridge1 interface=eoip-tunnel1_office
68. /ip neighbor discovery-settings
69. set discover-interface-list=!dynamic
70. /interface l2tp-server server
71. set allow-fast-path=yes authentication=mschap2 enabled=yes one-session-per-host=yes use-ipsec=yes
72. /interface list member
73. add interface=ether1 list=WAN_Interface
74. /interface wireless cap
75. #
76. set bridge=bridge1 caps-man-addresses=192.168.9.1 enabled=yes interfaces=wlan1,wlan2
77. /ip address
78. add address=192.168.9.1/24 interface=bridge1 network=192.168.9.0
79. /ip cloud
80. set ddns-enabled=yes
81. /ip dhcp-client
82. add disabled=no interface=ether1
83. /ip dhcp-server lease
84. add address=192.168.9.2 client-id=1:48:8f:5a:6f:d7:1a mac-address=48:8F:5A:6F:D7:1A server=dhcp1
85. /ip dhcp-server network
86. add address=192.168.9.0/24 dns-server=1.0.0.1,8.8.8.8 gateway=192.168.9.1
87. /ip dns
88. set allow-remote-requests=yes
89. /ip firewall address-list
90. add address=xxxxxxxxxx list=My_DNS
91. add address= xxxxxxxxxx list=My_DNS
92. add address= xxxxxxxxxx list=Input_Access
93. add address= xxxxxxxxxx list=Input_Access
94. add address= xxxxxxxxxx list=Input_Access
95. add address= xxxxxxxxxx list=Input_Access
96. /ip firewall filter
97. add action=accept chain=forward comment="Accept Established+Related WAN-LAN" connection-state=established,related disabled=yes \
98. in-interface-list=WAN_Interface
99. add action=drop chain=input comment=Drop_DNS_WAN disabled=yes dst-port=53 in-interface-list=WAN_Interface protocol=tcp src-address-list=\
100. !My_DNS
101. add action=drop chain=input comment=Drop_DNS_WAN disabled=yes dst-port=53 in-interface-list=WAN_Interface protocol=udp src-address-list=\
102. !My_DNS
103. add action=drop chain=forward comment="DROP Invalid" connection-state=invalid disabled=yes
104. add action=add-src-to-address-list address-list=portscan address-list-timeout=1d chain=input comment=\
105. "\C4\EE\E1\E0\E2\EB\FF\E5\EC \F1\EA\E0\ED\E5\F0 \EF\EE\F0\F2\EE\E2 \E2 \F1\EF\E8\F1\EE\EA" disabled=yes in-interface-list=WAN_Interface \
106. protocol=tcp psd=21,3s,3,1
107. add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment=\
108. "\C4\EE\E1\E0\E2\EB\E5\ED\E8\E5\E2 \F1\EF\E8\F1\EE\EA \B3\F0-\E0\E4\F0\E5\F1\EE\E2 email-\F1\EF\E0\EC\EC\E5\F0\EE\E2" connection-limit=\
109. 50,32 disabled=yes dst-port=25,587,465 limit=10,30:packet protocol=tcp
110. add action=drop chain=input comment="\C1\EB\EE\EA\E8\F0\EE\E2\E0\ED\E8\E5 \F1\EA\E0\ED\E5\F0\EE\E2 \EF\EE\F0\F2\EE\E2" disabled=yes \
111. in-interface-list=WAN_Interface src-address-list=portscan
112. add action=drop chain=forward comment="\C1\EB\EE\EA\E8\F0\EE\E2\E0\ED\E8\E5 email-\F1\EF\E0\EC\E5\F0\EE\E2" disabled=yes dst-port=\
113. 25,587,465 protocol=tcp src-address-list=spammer
114. add action=accept chain=input comment="NTP port" disabled=yes dst-port=123 protocol=udp
115. add action=accept chain=input comment="Accept Ping_WAN" connection-limit=5,32 disabled=yes in-interface-list=WAN_Interface limit=1,5:packet \
116. protocol=icmp
117. add action=accept chain=input comment=Access_Router disabled=yes dst-port=8291,81 protocol=tcp src-address-list=Input_Access
118. add action=drop chain=input comment=DROP_ALL disabled=yes log-prefix=no_access/drop protocol=tcp src-address-list=!Input_Access
119. /ip firewall nat
120. add action=masquerade chain=srcnat out-interface=ether1
121. /ip service
122. set telnet disabled=yes
123. set ftp disabled=yes
124. set www address=192.168.9.0/24 port=81
125. set ssh disabled=yes
126. set api disabled=yes
127. set api-ssl disabled=yes
128. /ppp secret
129. add name=uzhnet profile=default-encryption service=l2tp
130. /system clock
131. set time-zone-name=Europe/Kiev
132. /system identity
133. set name=ac2_Uzhnet_user
134. /system ntp client
135. set enabled=yes primary-ntp=10.0.0.1
136. /system ntp server
137. set broadcast=yes enabled=yes multicast=yes
138. /tool graphing interface
139. add
140. /tool graphing queue
141. add
142. /tool graphing resource
143. add
144. /tool user-manager database
145. set db-path=flash/user-manager
146.