API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 14th, 2018
631
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.81 KB | None | 0 0
raw download clone embed print report
  1. [akoznov@wAP LTE] > export
  2. # sep/15/2018 00:16:09 by RouterOS 6.43
  3. # software id = XXX-XXX
  4. #
  5. # model = RouterBOARD wAP R-2nD
  6. # serial number = XXXXXX
  7. /caps-man channel
  8. add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce frequency=2412 name=wAP-LTE tx-power=20
  9. add band=2ghz-b/g/n control-channel-width=20mhz extension-channel=Ce frequency=2437 name=hAP tx-power=20
  10. /interface lte
  11. set [ find ] band=3,7,20,38 mac-address=AC:FF:XX:00:00:00 name=lte1 network-mode=lte
  12. /interface bridge
  13. add fast-forward=no name=bridge1
  14. /interface wireless
  15. # managed by CAPsMAN
  16. # channel: 2412/20-Ce/gn(20dBm), SSID: ShepShep, local forwarding
  17. set [ find default-name=wlan1 ] band=2ghz-g/n country=russia disabled=no mode=ap-bridge ssid=ShepShep wireless-protocol=802.11
  18. /interface ethernet
  19. set [ find default-name=ether1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
  20. /interface l2tp-client
  21. add connect-to=185.44.XX.XX disabled=no keepalive-timeout=disabled name=l2tp-out1 password=XXXXXXXXX user=shep
  22. /caps-man datapath
  23. add bridge=bridge1 client-to-client-forwarding=yes local-forwarding=yes name="CAPsMAN Datapath config"
  24. /caps-man security
  25. add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name="CAPsMAN Security config" passphrase=XXXXXXXXX
  26. /caps-man configuration
  27. add channel=wAP-LTE country=russia datapath="CAPsMAN Datapath config" mode=ap name=CAPs-Config rx-chains=0,1,2 security="CAPsMAN Security config" ssid=ShepShep tx-chains=0,1,2
  28. /caps-man interface
  29. add channel=hAP configuration=CAPs-Config datapath="CAPsMAN Datapath config" disabled=no l2mtu=1600 mac-address=XX:2D:XX:XX:D3:XX master-interface=none name="hAP lite" radio-mac=XX:2D:XX:XX:D3:XX security="CAPsMAN Security config"
  30. add channel=wAP-LTE configuration=CAPs-Config disabled=no l2mtu=1600 mac-address=XX:2D:XX:XX:80:XX master-interface=none name=wAP-LTE radio-mac=XX:2D:XX:XX:80:XX
  31. /interface list
  32. add name=WAN
  33. add name=LAN
  34. /interface wireless security-profiles
  35. set [ find default=yes ] authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=XXXXXXXXX wpa2-pre-shared-key=XXXXXXXXXXX
  36. /ip hotspot profile
  37. set [ find default=yes ] html-directory=flash/hotspot
  38. /ip ipsec proposal
  39. set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
  40. /ip pool
  41. add name=dhcp ranges=10.255.252.2-10.255.252.254
  42. /ip dhcp-server
  43. add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
  44. /caps-man manager
  45. set enabled=yes
  46. /caps-man provisioning
  47. add action=create-dynamic-enabled hw-supported-modes=b,gn master-configuration=CAPs-Config
  48. /interface bridge port
  49. add bridge=bridge1 interface=ether1
  50. /ip neighbor discovery-settings
  51. set discover-interface-list=LAN
  52. /interface l2tp-server server
  53. set enabled=np ipsec-secret= use-ipsec=yes
  54. /interface list member
  55. add interface=lte1 list=WAN
  56. add list=LAN
  57. add interface=bridge1 list=LAN
  58. /interface pptp-server server
  59. set enabled=no
  60. /interface sstp-server server
  61. set default-profile=default-encryption enabled=no
  62. /interface wireless cap
  63. #
  64. set bridge=bridge1 caps-man-addresses=127.0.0.1 enabled=yes interfaces=wlan1
  65. /ip address
  66. add address=10.255.252.1/24 interface=ether1 network=10.255.252.0
  67. /ip cloud
  68. set ddns-enabled=yes
  69. /ip dhcp-server lease
  70. add address=10.255.252.254 client-id=1:xx:69:xx:xx:0:xx comment="Xiaomi Mi-AIR 13.3" mac-address=xx:69:xx:xx:00:xx server=dhcp1
  71. add address=10.255.252.2 always-broadcast=yes client-id=1:xx:2d:xx:35:xx:xx comment="MikroTik hAP lite" mac-address=xx:2D:xx:35:xx:xx server=dhcp1
  72. /ip dhcp-server network
  73. add address=10.255.252.0/24 dns-server=10.255.252.1 gateway=10.255.252.1
  74. /ip dns
  75. set allow-remote-requests=yes
  76. /ip firewall address-list
  77. add address=0.0.0.0/8 list=BOGON
  78. add address=10.0.0.0/8 list=BOGON
  79. add address=100.64.0.0/10 list=BOGON
  80. add address=127.0.0.0/8 list=BOGON
  81. add address=169.254.0.0/16 list=BOGON
  82. add address=172.16.0.0/12 list=BOGON
  83. add address=192.0.0.0/24 list=BOGON
  84. add address=192.0.2.0/24 list=BOGON
  85. add address=192.168.0.0/16 list=BOGON
  86. add address=198.18.0.0/15 list=BOGON
  87. add address=198.51.100.0/24 list=BOGON
  88. add address=203.0.113.0/24 list=BOGON
  89. add address=224.0.0.0/4 list=BOGON
  90. add address=240.0.0.0/4 list=BOGON
  91. /ip firewall filter
  92. add action=accept chain=input protocol=icmp
  93. add action=accept chain=input src-address=10.255.254.0/24
  94. add action=accept chain=Input src-address=172.16.40.0/30
  95. add action=accept chain=output comment="CAPsMAN exceptions" dst-address=127.0.0.1 port=5246,5247 protocol=udp src-address=127.0.0.1
  96. add action=accept chain=input dst-address=127.0.0.1 port=5246,5247 protocol=udp src-address=127.0.0.1
  97. add action=accept chain=Input src-address=185.44.8.188
  98. add action=accept chain=input dst-address=10.255.252.1 dst-port=80 protocol=tcp
  99. add action=accept chain=output dst-address=10.255.252.0/24 port=5246,5247 protocol=udp src-address=10.255.252.0/24
  100. add action=accept chain=Input dst-address=10.255.252.0/24 port=5246,5247 protocol=udp src-address=10.255.252.0/24
  101. add action=drop chain=input comment="Drop BOGON network connections" disabled=yes in-interface=lte1 src-address-list=BOGON
  102. add action=drop chain=input comment="Drop all INVALID" connection-state=invalid disabled=yes
  103. add action=drop chain=forward connection-state=invalid
  104. add action=accept chain=input comment="Allow all ESTABLISHED" connection-state=established
  105. add action=accept chain=forward connection-state=established
  106. add action=accept chain=input comment="Allow all RELATED" connection-state=related
  107. add action=accept chain=forward connection-state=related
  108. add action=accept chain=input comment="Allow ICMP from all" protocol=icmp
  109. add action=accept chain=forward protocol=icmp
  110. add action=accept chain=input comment="Allow DNS from LAN" dst-port=53 in-interface=bridge1 protocol=udp src-address=10.255.252.0/24
  111. add action=drop chain=input comment="SSH anti-bruteforce" disabled=yes dst-port=22 protocol=tcp src-address-list=ssh_blacklist
  112. add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
  113. add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
  114. add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
  115. add action=accept chain=input connection-state=new dst-port=22 protocol=tcp
  116. add action=accept chain=input comment="Allow SSH from all" dst-port=28282 protocol=tcp
  117. add action=accept chain=input comment="Allow WINBOX from all" dst-port=8291 protocol=tcp
  118. add action=accept chain=input comment="Allow NTP from LAN" dst-port=123 in-interface=bridge1 protocol=udp
  119. add action=accept chain=forward comment="Access from LAN to Internet" in-interface=bridge1 src-address=10.255.252.0/24
  120. add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
  121. add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
  122. add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
  123. add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
  124. add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
  125. add action=drop chain=input comment="DROP ALL REQUEST" disabled=yes
  126. add action=drop chain=forward disabled=yes
  127. /ip firewall nat
  128. add action=accept chain=srcnat comment="masq. vpn traffic" disabled=yes dst-address=10.255.254.0/24 src-address=10.255.252.0/24
  129. add action=masquerade chain=srcnat out-interface=lte1
  130. add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=172.16.28.0/24
  131. /ip ipsec peer
  132. add address=185.44.8.188/32 exchange-mode=ike2 port=500 secret=p!Bd^7G3YXQ1Z5pf
  133. /ip ipsec policy
  134. add dst-address=10.255.254.0/24 sa-dst-address=185.44.8.188 sa-src-address=85.140.2.26 src-address=10.255.252.0/24 tunnel=yes
  135. /ip route
  136. add distance=1 dst-address=10.255.254.0/24 gateway=172.16.40.1 pref-src=172.16.40.2
  137. /ip service
  138. set telnet disabled=yes
  139. set ftp disabled=yes
  140. set ssh port=xxxxx
  141. set api disabled=yes
  142. set api-ssl disabled=yes
  143. /ip upnp
  144. set enabled=yes
  145. /ip upnp interfaces
  146. add interface=bridge1 type=internal
  147. add interface=lte1 type=external
  148. /system clock
  149. set time-zone-name=Europe/Saratov
  150. /system identity
  151. set name="wAP LTE"
  152. /system leds
  153. # using RSRP, modem-signal-treshold ignored
  154. add interface=lte1 leds=led1 type=modem-signal
  155. # using RSRP, modem-signal-treshold ignored
  156. add interface=lte1 leds=led2 modem-signal-treshold=-75 type=modem-signal
  157. # using RSRP, modem-signal-treshold ignored
  158. add interface=lte1 leds=led3 modem-signal-treshold=-59 type=modem-signal
  159. /system routerboard settings
  160. set silent-boot=no
  161. /tool mac-server
  162. set allowed-interface-list=LAN
  163. /tool mac-server mac-winbox
  164. set allowed-interface-list=LAN
  165. /tool sms
  166. set port=lte1 receive-enabled=yes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!