SHARE
TWEET

Untitled

a guest Feb 23rd, 2020 89 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # feb/23/2020 20:14:34 by RouterOS 6.46.3
  2. # software id = xxx
  3. #
  4. # model = RB962UiGS-5HacT2HnT
  5. # serial number = xxx
  6. /interface bridge
  7. add admin-mac=xxx:BB:0F:6F auto-mac=no name=br0 protocol-mode=none
  8. /interface vlan
  9. add interface=br0 name=vlan2 vlan-id=2
  10. add interface=br0 name=vlan100 vlan-id=100
  11. /interface ethernet switch port
  12. set 0 vlan-mode=secure
  13. set 1 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
  14. set 2 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
  15. set 3 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
  16. set 4 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
  17. set 5 vlan-mode=secure
  18. /interface list
  19. add comment=defconf name=WAN
  20. add comment=defconf name=LAN
  21. /interface wireless security-profiles
  22. set [ find default=yes ] supplicant-identity=MikroTik
  23. add authentication-types=wpa2-psk name=wpa2 supplicant-identity=MikroTik wpa2-pre-shared-key=xxx
  24. add authentication-types=wpa2-psk name=wifi-iot supplicant-identity=MikroTik wpa2-pre-shared-key=\
  25.     xxx
  26. /interface wireless
  27. set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors \
  28.     frequency=auto installation=indoor mode=ap-bridge name=wlan0 security-profile=wpa2 ssid=photon-2.4 vlan-id=2 \
  29.     vlan-mode=use-tag wireless-protocol=802.11
  30. set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=\
  31.     auto installation=indoor mode=ap-bridge security-profile=wpa2 ssid=photon vlan-id=2 vlan-mode=use-tag \
  32.     wireless-protocol=802.11
  33. add mac-address=76:4D:28:BB:0F:75 master-interface=wlan0 name=wlan2 security-profile=wifi-iot ssid=photon-service \
  34.     vlan-id=10 vlan-mode=use-tag wps-mode=disabled
  35. /ip pool
  36. add name=pool-vlan2 ranges=192.168.2.31-192.168.2.254
  37. /ip dhcp-server
  38. add address-pool=pool-vlan2 disabled=no interface=vlan2 lease-time=1h name=dhcp1
  39. /interface bridge port
  40. add bridge=br0 interface=ether1
  41. add bridge=br0 interface=ether2
  42. add bridge=br0 interface=ether3
  43. add bridge=br0 interface=ether4
  44. add bridge=br0 interface=wlan0
  45. add bridge=br0 interface=wlan1
  46. /ip neighbor discovery-settings
  47. set discover-interface-list=LAN
  48. /interface bridge vlan
  49. add bridge=br0 tagged=ether1 untagged=wlan0,wlan1,ether2,ether3,ether4,ether5 vlan-ids=2
  50. add bridge=br0 tagged=ether1 vlan-ids=100
  51. /interface ethernet switch vlan
  52. add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=100
  53. add independent-learning=yes ports=ether1,ether2,ether3,ether4,switch1-cpu switch=switch1 vlan-id=2
  54. add independent-learning=yes ports=ether1,switch1-cpu switch=switch1 vlan-id=10
  55. /interface list member
  56. add comment=defconf interface=ether1 list=WAN
  57. add interface=vlan2 list=LAN
  58. add interface=vlan100 list=WAN
  59. /ip address
  60. add address=192.168.2.1/24 interface=vlan2 network=192.168.2.0
  61. /ip dhcp-client
  62. add disabled=no interface=vlan100
  63. /ip dhcp-server network
  64. add address=192.168.2.0/24 gateway=192.168.2.1
  65. /ip dns
  66. set allow-remote-requests=yes
  67. /ip dns static
  68. add address=192.168.88.1 comment=defconf name=router.lan
  69. /ip firewall filter
  70. add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=\
  71.     established,related,untracked
  72. add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
  73. add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
  74. add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
  75. add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
  76. add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
  77. add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
  78. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
  79. add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=\
  80.     established,related,untracked
  81. add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
  82. add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
  83.     connection-state=new in-interface-list=WAN
  84. /ip firewall nat
  85. add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
  86. /ip ssh
  87. set strong-crypto=yes
  88. /system clock
  89. set time-zone-name=Europe/Moscow
  90. /system identity
  91. set name=photon
  92. /tool mac-server
  93. set allowed-interface-list=LAN
  94. /tool mac-server mac-winbox
  95. set allowed-interface-list=LAN
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top