API tools faq
paste
Advertisement
buraglio

Mikrotik CRS226-24G-2S+ Config

buraglio
Dec 19th, 2015
393
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.93 KB | None | 0 0
raw download clone embed print report
  1. #RANCID-CONTENT-TYPE: mikrotik
  2. #
  3. # name="advanced-tools" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  4. # name="dhcp" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  5. # name="hotspot" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  6. # name="ipv6" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  7. # name="mpls" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  8. # name="ppp" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  9. # name="routeros-mipsbe" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled=""
  10. # name="routing" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  11. # name="security" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  12. # name="system" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  13. # X name="wireless-cm2" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  14. # name="wireless-fp" version="6.33.3" build-time=dec/03/2015 16:08:10 scheduled="" bundle=routeros-mipsbe
  15. #
  16. # routerboard: yes
  17. # model: CRS226-24G-2S+
  18. # serial-number: 50D305FB4CE6
  19. # firmware-type: qca8513
  20. # current-firmware: 3.22
  21. # upgrade-firmware: 3.22
  22. #
  23. # software-id: AC4L-GZK8
  24. # nlevel: 5
  25. # features:
  26. #
  27. #
  28. /interface bridge
  29. add comment="CTC WAN VLAN" name=bridge_204
  30. add comment="Internal Wired LAN VLAN" name=bridge_909
  31. add comment="Internal Wireless VLAN" disabled=yes name=bridge_910
  32. /interface ethernet
  33. set [ find default-name=ether1 ] comment="CTC WAN" name=ether1-master-204
  34. set [ find default-name=ether2 ] master-port=ether1-master-204 name=ether2-slave-204
  35. set [ find default-name=ether3 ] master-port=ether1-master-204 name=ether3-slave-204
  36. set [ find default-name=ether4 ] master-port=ether1-master-204 name=ether4-slave-204
  37. set [ find default-name=ether5 ] name=ether5-master-909
  38. set [ find default-name=ether6 ] master-port=ether5-master-909 name=ether6-slave-909
  39. set [ find default-name=ether7 ] master-port=ether5-master-909 name=ether7-slave-909
  40. set [ find default-name=ether8 ] master-port=ether5-master-909 name=ether8-slave-909
  41. set [ find default-name=ether9 ] master-port=ether5-master-909 name=ether9-slave-909
  42. set [ find default-name=ether10 ] master-port=ether5-master-909 name=ether10-slave-909
  43. set [ find default-name=ether11 ] master-port=ether5-master-909 name=ether11-slave-909
  44. set [ find default-name=ether12 ] master-port=ether5-master-909 name=ether12-slave-909
  45. set [ find default-name=ether13 ] master-port=ether5-master-909 name=ether13-slave-909
  46. set [ find default-name=ether14 ] master-port=ether5-master-909 name=ether14-slave-909
  47. set [ find default-name=ether15 ] master-port=ether5-master-909 name=ether15-slave-909
  48. set [ find default-name=ether16 ] master-port=ether5-master-909 name=ether16-slave-909
  49. set [ find default-name=ether17 ] master-port=ether5-master-909 name=ether17-slave-909
  50. set [ find default-name=ether18 ] master-port=ether5-master-909 name=ether18-slave-909
  51. set [ find default-name=ether19 ] master-port=ether5-master-909 name=ether19-slave-909
  52. set [ find default-name=ether20 ] master-port=ether5-master-909 name=ether20-slave-909
  53. set [ find default-name=ether21 ] master-port=ether5-master-909 name=ether21-slave-909
  54. set [ find default-name=ether22 ] master-port=ether5-master-909 name=ether22-slave-909
  55. set [ find default-name=ether23 ] comment="Wireless AP Interface" name=ether23-master-909
  56. set [ find default-name=ether24 ] comment="SPAN Port" name=ether24-master-span
  57. set [ find default-name=sfp-sfpplus1 ] master-port=ether1-master-204 name=sfp-sfpplus1-slave-local
  58. set [ find default-name=sfpplus2 ] master-port=ether1-master-204 name=sfpplus2-slave-local
  59. /interface 6to4
  60. add comment="Hurricane Electric IPv6 Tunnel Broker" !keepalive local-address=172.11.76.115 mtu=1280 name=sit1 remote-address=209.51.181.2
  61. /ip neighbor discovery
  62. set ether1-master-204 comment="CTC WAN"
  63. set ether23-master-909 comment="Wireless AP Interface"
  64. set ether24-master-span comment="SPAN Port"
  65. set bridge_204 comment="CTC WAN VLAN"
  66. set bridge_909 comment="Internal Wired LAN VLAN"
  67. set bridge_910 comment="Internal Wireless VLAN"
  68. set sit1 comment="Hurricane Electric IPv6 Tunnel Broker"
  69. /interface vlan
  70. add interface=ether1-master-204 l2mtu=1584 name=vlan_204 vlan-id=1
  71. add interface=ether5-master-909 l2mtu=1584 name=vlan_909 vlan-id=1
  72. add interface=ether23-master-909 l2mtu=1584 name=vlan_910 vlan-id=1
  73. /interface wireless security-profiles
  74. set [ find default=yes ] supplicant-identity=MikroTik
  75. /ip pool
  76. add name=vlan_909_pool ranges=10.10.9.10-10.10.9.55
  77. add name=vlan_910_pool ranges=10.11.0.5-10.11.0.30
  78. /ip dhcp-server
  79. add address-pool=vlan_909_pool authoritative=yes disabled=no interface=bridge_909 lease-time=24m name=vlan_909_dhcp
  80. add address-pool=vlan_910_pool authoritative=yes disabled=no interface=bridge_910 lease-time=24m name=vlan_910_dhcp
  81. /snmp community
  82. set [ find default=yes ] addresses=10.5.123.16/29,10.10.9.0/26 name=community-string-redacted
  83. /system logging action
  84. set 3 remote=10.10.9.3 src-address=10.10.9.1
  85. /interface bridge port
  86. add bridge=bridge_204 interface=ether1-master-204
  87. add bridge=bridge_909 interface=vlan_909
  88. add bridge=bridge_910 disabled=yes interface=vlan_910
  89. add bridge=bridge_909 interface=ether5-master-909
  90. add bridge=bridge_909 interface=ether23-master-909
  91. add bridge=bridge_909 interface=ether24-master-span
  92. add bridge=bridge_204 interface=vlan_204
  93. /interface ethernet switch
  94. set ingress-mirror0=ether24-master-span
  95. /interface ethernet switch vlan
  96. add disabled=yes ports=ether23-master-909 vlan-id=910
  97. add ingress-mirror=yes ports="ether5-master-909,ether6-slave-909,ether7-slave-909,ether8-slave-909,ether9-slave-909,ether10-slave-909,ether11-slave-909, ether12-slave-909,ether13-slave-909,ether14-slave-909,ether15-slave-909,et her16-slave-909,ether17-slave-909,ether18-slave-909,ether19-slave-909,ethe r20-slave-909,ether21-slave-909,ether22-slave-909,ether23-master-909" vlan-id=909
  98. add ports=ether1-master-204,ether2-slave-204,ether3-slave-204,ether4-slave-204 vlan-id=204
  99. /ip accounting
  100. set account-local-traffic=yes enabled=yes
  101. /ip accounting web-access
  102. set accessible-via-web=yes address=10.10.9.0/26
  103. /ip address
  104. add address=172.11.76.115/29 comment="VLAN 204 Gateway" interface=bridge_204 network=172.11.76.112
  105. add address=10.10.9.1/26 comment="VLAN 909 Gateway" interface=bridge_909 network=10.10.9.0
  106. add address=10.11.0.1/27 comment="VLAN 910 Gateway" interface=bridge_910 network=10.11.0.0
  107. /ip dhcp-client
  108. add dhcp-options=hostname,clientid interface=bridge_204
  109. /ip dhcp-server lease
  110. add address=10.10.9.5 always-broadcast=yes client-id=1:c0:ff:b3:d1:19:54 comment="Probe" mac-address=c0:ff:B3:D1:19:54 server=vlan_909_dhcp
  111. add address=10.10.9.7 always-broadcast=yes client-id=1:c0:ff:38:83:31:75 comment="Laster Printer" mac-address=c0:ff:38:83:31:75 server=vlan_909_dhcp
  112. add address=10.10.9.9 always-broadcast=yes client-id=1:c0:ff:b1:de:c2:24 comment="tb1" mac-address=c0:ff:B1:DE:C2:24 server=vlan_909_dhcp
  113. add address=10.10.9.3 always-broadcast=yes client-id=1:c0:ff:32:43:1b:19 comment="NAS" mac-address=c0:ff:32:43:1B:19 server=vlan_909_dhcp
  114. add address=10.10.9.10 always-broadcast=yes client-id=1:0:21:29:79:e7:78 comment="Network Camera" mac-address=00:21:29:79:E7:78 server=vlan_909_dhcp
  115. /ip dhcp-server network
  116. add address=10.10.9.0/26 comment="LAN DHCP Network" dns-server=172.11.72.12 gateway=10.10.9.1 netmask=26
  117. add address=10.11.0.0/27 comment="Wireless LAN Network" dns-server=172.11.72.12 gateway=10.11.0.1 netmask=27
  118. /ip dns
  119. set servers=172.11.72.12
  120. /ip firewall address-list
  121. add address=10.15.123.216/29 comment="mgt prefix" list="mgt net"
  122. /ip firewall filter
  123. add chain=forward comment="default allow out"
  124. add action=drop chain=forward comment="drop invalid" connection-state=invalid
  125. add chain=forward comment="Allow all established and related outbound back in" connection-state=established,related
  126. add chain=input comment="Permit SSH in" dst-port=22 log-prefix=SSH protocol=tcp
  127. add chain=input comment="permit wireless to wired" dst-address=10.10.9.0/26 src-address=10.11.0.0/27
  128. add chain=input comment="permit wired to wireless" dst-address=10.11.0.0/27 src-address=10.10.9.0/26
  129. add chain=input comment="allow HE tunnel broker" src-address=209.51.181.2
  130. add chain=input comment="allow all from mgt Net" src-address-list="mgt Net"
  131. add action=drop chain=input comment="Default Drop" dst-address=172.11.76.115 log=yes
  132. /ip firewall nat
  133. add action=masquerade chain=srcnat out-interface=bridge_204
  134. /ip route
  135. add distance=1 gateway=172.11.76.113
  136. /ip service
  137. set telnet disabled=yes
  138. set ftp disabled=yes
  139. set www disabled=yes
  140. set api disabled=yes
  141. set winbox disabled=yes
  142. set api-ssl disabled=yes
  143. /ip ssh
  144. set strong-crypto=yes
  145. /ip upnp
  146. set enabled=no
  147. /ipv6 address
  148. add address=2001:db8:1f10:fd4::2 advertise=no interface=sit1
  149. add address=2001:db8:c0d7:909::1 comment="VLAN 909 IPv6" interface=bridge_909
  150. add address=2001:db8:c0d7:910:e68d:8cff:fe80:e00 comment="VLAN 910 IPv6" interface=bridge_910
  151. /ipv6 firewall filter
  152. add chain=input comment="Allow all IPv6"
  153. add chain=forward comment="Allow all IPv6"
  154. /ipv6 route
  155. add distance=1 dst-address=2000::/3 gateway=2001:db8:1f10:fd4::1
  156. /lcd interface pages
  157. set 1 interfaces="ether13-slave-909,ether14-slave-909,ether15-slave-909,ether16-slave-909,ether17-slave-909,ether18-slave-909,ether19-slave-909,ether20- slave-909,ether21-slave-909"
  158. /snmp
  159. set [email protected] enabled=yes location=“Office 909“
  160. /system clock
  161. set time-zone-name=America/Chicago
  162. /system identity
  163. set name=gw909
  164. /system logging
  165. set 0 action=disk
  166. set 1 action=disk
  167. set 2 action=disk
  168. set 3 action=disk
  169. add action=remote topics=critical,info,error,warning
  170. /system ntp client
  171. set enabled=yes primary-ntp=130.126.24.44 secondary-ntp=130.126.24.53
  172. /system routerboard settings
  173. set protected-routerboot=disabled
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!