API tools faq
paste
Advertisement
Tonny_Cassidy

new export ccr2004

Tonny_Cassidy
Jul 9th, 2022
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.35 KB | None | 0 0
raw download clone embed print report
  1. [ubnt@CWN CORE (CCR2004 12S)] > /export
  2. # jul/09/2022 23:14:52 by RouterOS 7.3.1
  3. # software id = 06NJ-PKRI
  4. #
  5. # model = CCR2004-1G-12S+2XS
  6. # serial number = F0710FB52A35
  7. /interface bridge
  8. add name=MAIN
  9. /interface ethernet
  10. set [ find default-name=sfp-sfpplus1 ] auto-negotiation=no name="WAN 1 (SFP+)"
  11. set [ find default-name=sfp-sfpplus2 ] auto-negotiation=no
  12. set [ find default-name=sfp-sfpplus3 ] auto-negotiation=no
  13. /interface pppoe-client
  14. add disabled=no interface=sfp-sfpplus2 name="WAN BTS (SFP+ 2)" user=BTS625064
  15. /interface vlan
  16. add interface=MAIN name="VLAN - DEVICE CNFIG 0.1" vlan-id=8
  17. add interface=MAIN name="VLAN - DEVICE CNFIG 1.1" vlan-id=7
  18. add interface=MAIN name="VLAN - GUEST" vlan-id=2
  19. add interface=MAIN name="VLAN - IP CAMERA" vlan-id=4
  20. add interface=MAIN name="VLAN - IoT" vlan-id=3
  21. add interface=MAIN name="VLAN - VOICE" vlan-id=5
  22. /interface list
  23. add name=LOCAL
  24. /interface wireless security-profiles
  25. set [ find default=yes ] supplicant-identity=MikroTik
  26. /ip pool
  27. add name=VOICE ranges=10.4.0.2-10.4.63.254
  28. add name="IoT " ranges=10.2.0.2-10.2.63.254
  29. add name=GUEST ranges=10.1.0.10-10.1.63.254
  30. add name="IP CAMERAS" ranges=10.3.0.2-10.3.63.254
  31. add name="CONFIG 0.1" ranges=192.168.0.2-192.168.0.254
  32. add name="CONFIG 1.1" ranges=192.168.1.2-192.168.1.254
  33. add name=MAIN ranges=10.0.0.101-10.0.63.254
  34. /ip dhcp-server
  35. add address-pool=VOICE interface="VLAN - VOICE" name=dhcp2
  36. add address-pool="IoT " interface="VLAN - IoT" name=dhcp3
  37. add address-pool=GUEST interface="VLAN - GUEST" name=dhcp4
  38. add address-pool="IP CAMERAS" interface="VLAN - IP CAMERA" name=dhcp5
  39. add address-pool="CONFIG 0.1" interface="VLAN - DEVICE CNFIG 0.1" name=dhcp6
  40. add address-pool="CONFIG 1.1" interface="VLAN - DEVICE CNFIG 1.1" name=dhcp7
  41. add address-pool=MAIN interface=MAIN name=dhcp1
  42. /port
  43. set 0 name=serial0
  44. set 1 name=serial1
  45. /queue simple
  46. add disabled=yes max-limit=10M/10M name="queue GUEST " target="VLAN - GUEST"
  47. add max-limit=15M/15M name="queue WAN 1" queue=\
  48. pcq-upload-default/pcq-download-default target="WAN 1 (SFP+)"
  49. add max-limit=115M/115M name="queue WAN 2" queue=\
  50. pcq-upload-default/pcq-download-default target="WAN BTS (SFP+ 2)"
  51. /routing table
  52. add disabled=no fib name=LOCAL
  53. add disabled=no fib name="TO WAN 1"
  54. add disabled=no fib name="TO WAN 2"
  55. /zerotier
  56. set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" \
  57. identity="(i dont know if this is sensitive or not but justr remove it because why not)" name=zt1 port=9993
  58. /zerotier interface
  59. add allow-default=yes allow-global=no allow-managed=yes disabled=no instance=\
  60. zt1 name=zerotier1 network=(zt numbers and letters)
  61. /interface bridge port
  62. add bridge=MAIN interface=ether1
  63. add bridge=MAIN interface=sfp-sfpplus11
  64. /ip neighbor discovery-settings
  65. set discover-interface-list=!LOCAL
  66. /interface list member
  67. add interface=MAIN list=LOCAL
  68. add interface="VLAN - DEVICE CNFIG 0.1" list=LOCAL
  69. add interface="VLAN - DEVICE CNFIG 1.1" list=LOCAL
  70. add interface="VLAN - GUEST" list=LOCAL
  71. add interface="VLAN - IP CAMERA" list=LOCAL
  72. add interface="VLAN - IoT" list=LOCAL
  73. add interface="VLAN - VOICE" list=LOCAL
  74. /interface ovpn-server server
  75. set auth=sha1,md5
  76. /ip address
  77. add address=10.0.0.1/18 interface=MAIN network=10.0.0.0
  78. add address=10.1.0.1/18 interface="VLAN - GUEST" network=10.1.0.0
  79. add address=10.2.0.1/18 interface="VLAN - IoT" network=10.2.0.0
  80. add address=10.3.0.1/18 interface="VLAN - IP CAMERA" network=10.3.0.0
  81. add address=10.4.0.1/18 interface="VLAN - VOICE" network=10.4.0.0
  82. add address=192.168.0.1/24 interface="VLAN - DEVICE CNFIG 0.1" network=\
  83. 192.168.0.0
  84. add address=192.168.1.1/24 interface="VLAN - DEVICE CNFIG 1.1" network=\
  85. 192.168.1.0
  86. add address=100.90.0.8/28 interface="WAN 1 (SFP+)" network=100.90.0.0
  87. add address=10.0.0.1/13 interface=MAIN network=10.0.0.0
  88. /ip arp
  89. add address=10.0.0.10 interface=MAIN mac-address=84:16:F9:8C:30:0C
  90. /ip dhcp-client
  91. add interface=sfp-sfpplus3
  92. /ip dhcp-server network
  93. add address=10.0.0.0/18 dns-server=10.0.0.11,1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 \
  94. gateway=10.0.0.1
  95. add address=10.1.0.0/18 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  96. gateway=10.1.0.1
  97. add address=10.2.0.0/18 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  98. gateway=10.2.0.1
  99. add address=10.3.0.0/18 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  100. gateway=10.3.0.1
  101. add address=10.4.0.0/18 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  102. gateway=10.4.0.1
  103. add address=192.168.0.0/24 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  104. gateway=192.168.0.1
  105. add address=192.168.1.0/24 dns-server=10.0.0.11,1.1.1.1,8.8.8.8,8.8.4.4,1.0.0.1 \
  106. gateway=192.168.1.1
  107. /ip dns
  108. set allow-remote-requests=yes servers=1.0.0.1,1.1.1.1,8.8.8.8,8.8.4.4
  109. /ip firewall address-list
  110. add address=10.0.0.0/18 list=LAN
  111. add address=10.1.0.0/18 list="LAN + GUEST"
  112. add address=10.2.0.0/18 list=LAN
  113. add address=10.3.0.0/18 list=LAN
  114. add address=10.4.0.0/18 list=LAN
  115. add address=10.0.0.0/18 list="LAN + GUEST"
  116. add address=10.2.0.0/18 list="LAN + GUEST"
  117. add address=10.3.0.0/18 list="LAN + GUEST"
  118. add address=10.4.0.0/18 list="LAN + GUEST"
  119. add address=10.1.0.2-10.1.63.254 list="GUEST CLIENT"
  120. add address=100.90.0.0/28 list=WAN
  121. add address=10.9.0.1 list=WAN
  122. /ip firewall filter
  123. add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
  124. disabled=yes
  125. add action=drop chain=input comment="GUEST BLOCK 1" dst-address=10.1.0.1 \
  126. dst-port=22,2000,8450 protocol=tcp src-address-list="GUEST USERS"
  127. add action=drop chain=input comment="GUEST BLOCK 1" dst-address-list=LAN \
  128. src-address-list="GUEST USERS"
  129. add action=accept chain=forward in-interface="WAN 1 (SFP+)" protocol=icmp
  130. add action=accept chain=input disabled=yes dst-port=8450 protocol=tcp
  131. /ip firewall mangle
  132. add action=accept chain=prerouting dst-address=10.8.0.0/13 src-address-list=LAN
  133. add action=accept chain=prerouting dst-address=10.9.0.1
  134. add action=accept chain=prerouting dst-address=100.90.0.1
  135. add action=accept chain=prerouting dst-address-list="LAN + GUEST"
  136. add action=mark-connection chain=prerouting in-interface="WAN 1 (SFP+)" \
  137. new-connection-mark="WAN 1" passthrough=yes
  138. add action=mark-connection chain=prerouting in-interface="WAN BTS (SFP+ 2)" \
  139. new-connection-mark="WAN 2" passthrough=yes
  140. add action=mark-connection chain=prerouting in-interface-list=LOCAL \
  141. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  142. both-addresses-and-ports:3/0
  143. add action=mark-connection chain=prerouting in-interface-list=LOCAL \
  144. new-connection-mark="WAN 2" passthrough=yes per-connection-classifier=\
  145. both-addresses-and-ports:3/2
  146. add action=mark-connection chain=prerouting in-interface-list=LOCAL \
  147. new-connection-mark="WAN 1" passthrough=yes per-connection-classifier=\
  148. both-addresses-and-ports:3/1
  149. add action=mark-routing chain=prerouting connection-mark="WAN 1" \
  150. in-interface-list=LOCAL new-routing-mark="TO WAN 1" passthrough=yes
  151. add action=mark-routing chain=prerouting connection-mark="WAN 2" \
  152. in-interface-list=LOCAL new-routing-mark="TO WAN 2" passthrough=yes
  153. add action=mark-routing chain=output connection-mark="WAN 1" new-routing-mark=\
  154. "TO WAN 1" passthrough=yes
  155. add action=mark-routing chain=output connection-mark="WAN 2" new-routing-mark=\
  156. "TO WAN 2" passthrough=yes
  157. /ip firewall nat
  158. add action=masquerade chain=srcnat out-interface="WAN 1 (SFP+)"
  159. add action=masquerade chain=srcnat out-interface=zerotier1
  160. add action=masquerade chain=srcnat out-interface="WAN BTS (SFP+ 2)"
  161. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=5050 protocol=\
  162. tcp to-addresses=10.3.0.10 to-ports=5050
  163. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=5051 protocol=\
  164. tcp to-addresses=10.13.0.10 to-ports=5051
  165. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=25570,25580 \
  166. protocol=tcp to-addresses=10.0.0.16
  167. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=5051 protocol=\
  168. udp to-addresses=10.13.0.10 to-ports=5051
  169. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=5050 protocol=\
  170. udp to-addresses=10.3.0.10 to-ports=5050
  171. add action=dst-nat chain=dstnat dst-address=100.90.0.8 dst-port=25570,25580 \
  172. protocol=udp to-addresses=10.0.0.16
  173. add action=src-nat chain=srcnat out-interface="WAN 1 (SFP+)" src-address=\
  174. 10.13.0.10 to-addresses=100.90.0.8
  175. add action=masquerade chain=srcnat dst-address=10.13.0.10 out-interface=MAIN \
  176. src-address-list=LAN
  177. add action=masquerade chain=srcnat dst-address=10.0.0.16 out-interface=MAIN \
  178. src-address-list=LAN
  179. add action=masquerade chain=srcnat dst-address=10.3.0.10 out-interface=MAIN \
  180. src-address-list=LAN
  181. /ip route
  182. add check-gateway=ping comment="PCC WAN 2 MAIN" disabled=no distance=1 \
  183. dst-address=0.0.0.0/0 gateway=10.9.0.1 pref-src="" routing-table="TO WAN 2" \
  184. scope=30 suppress-hw-offload=no target-scope=10
  185. add comment="PCC WAN 1 MAIN" disabled=no distance=1 dst-address=0.0.0.0/0 \
  186. gateway=100.90.0.1 pref-src=0.0.0.0 routing-table="TO WAN 1" scope=30 \
  187. suppress-hw-offload=no target-scope=10
  188. add check-gateway=ping comment="PCC WAN 2 SEC" disabled=no distance=2 \
  189. dst-address=0.0.0.0/0 gateway=100.90.0.1 pref-src=0.0.0.0 routing-table=\
  190. "TO WAN 2" scope=30 suppress-hw-offload=no target-scope=10
  191. add check-gateway=ping comment="PCC WAN 1 SEC" disabled=no distance=2 \
  192. dst-address=0.0.0.0/0 gateway=10.9.0.1 pref-src=0.0.0.0 routing-table=\
  193. "TO WAN 1" scope=30 suppress-hw-offload=no target-scope=10
  194. add check-gateway=ping comment="ZEROTIER WAN 2" disabled=no distance=1 \
  195. dst-address=0.0.0.0/0 gateway=10.9.0.1 pref-src=0.0.0.0 routing-table=main \
  196. scope=30 suppress-hw-offload=no target-scope=10
  197. add check-gateway=ping comment="ZEROTIER WAN 1" disabled=no distance=2 \
  198. dst-address=0.0.0.0/0 gateway=100.90.0.1 pref-src=0.0.0.0 routing-table=\
  199. main scope=30 suppress-hw-offload=no target-scope=10
  200. add disabled=no distance=1 dst-address=192.168.169.40/29 gateway=100.90.0.1 \
  201. pref-src=100.90.0.8 routing-table=main scope=30 suppress-hw-offload=no \
  202. target-scope=10
  203. /ip service
  204. set telnet disabled=yes
  205. set ftp disabled=yes
  206. set www disabled=yes
  207. set api disabled=yes
  208. set winbox port=8450
  209. set api-ssl disabled=yes
  210. /system clock
  211. set time-zone-name=Asia
  212. /system identity
  213. set name="CWN CORE (CCR2004 12S)"
  214. /tool graphing resource
  215. add
  216. [ubnt@CWN CORE (CCR2004 12S)]
  217.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!